pulumi-azure-native 2.87.0a1739193742__py3-none-any.whl → 2.87.0a1739200739__py3-none-any.whl

pulumi_azure_native/authorization/get_role_management_policy.py

@@ -0,0 +1,247 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'GetRoleManagementPolicyResult',
+    'AwaitableGetRoleManagementPolicyResult',
+    'get_role_management_policy',
+    'get_role_management_policy_output',
+]
+
+@pulumi.output_type
+class GetRoleManagementPolicyResult:
+    """
+    Role management policy
+    """
+    def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None):
+        if description and not isinstance(description, str):
+            raise TypeError("Expected argument 'description' to be a str")
+        pulumi.set(__self__, "description", description)
+        if display_name and not isinstance(display_name, str):
+            raise TypeError("Expected argument 'display_name' to be a str")
+        pulumi.set(__self__, "display_name", display_name)
+        if effective_rules and not isinstance(effective_rules, list):
+            raise TypeError("Expected argument 'effective_rules' to be a list")
+        pulumi.set(__self__, "effective_rules", effective_rules)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if is_organization_default and not isinstance(is_organization_default, bool):
+            raise TypeError("Expected argument 'is_organization_default' to be a bool")
+        pulumi.set(__self__, "is_organization_default", is_organization_default)
+        if last_modified_by and not isinstance(last_modified_by, dict):
+            raise TypeError("Expected argument 'last_modified_by' to be a dict")
+        pulumi.set(__self__, "last_modified_by", last_modified_by)
+        if last_modified_date_time and not isinstance(last_modified_date_time, str):
+            raise TypeError("Expected argument 'last_modified_date_time' to be a str")
+        pulumi.set(__self__, "last_modified_date_time", last_modified_date_time)
+        if name and not isinstance(name, str):
+            raise TypeError("Expected argument 'name' to be a str")
+        pulumi.set(__self__, "name", name)
+        if policy_properties and not isinstance(policy_properties, dict):
+            raise TypeError("Expected argument 'policy_properties' to be a dict")
+        pulumi.set(__self__, "policy_properties", policy_properties)
+        if rules and not isinstance(rules, list):
+            raise TypeError("Expected argument 'rules' to be a list")
+        pulumi.set(__self__, "rules", rules)
+        if scope and not isinstance(scope, str):
+            raise TypeError("Expected argument 'scope' to be a str")
+        pulumi.set(__self__, "scope", scope)
+        if type and not isinstance(type, str):
+            raise TypeError("Expected argument 'type' to be a str")
+        pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        The role management policy description.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[str]:
+        """
+        The role management policy display name.
+        """
+        return pulumi.get(self, "display_name")
+
+    @property
+    @pulumi.getter(name="effectiveRules")
+    def effective_rules(self) -> Sequence[Any]:
+        """
+        The readonly computed rule applied to the policy.
+        """
+        return pulumi.get(self, "effective_rules")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The role management policy Id.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="isOrganizationDefault")
+    def is_organization_default(self) -> Optional[bool]:
+        """
+        The role management policy is default policy.
+        """
+        return pulumi.get(self, "is_organization_default")
+
+    @property
+    @pulumi.getter(name="lastModifiedBy")
+    def last_modified_by(self) -> 'outputs.PrincipalResponse':
+        """
+        The name of the entity last modified it
+        """
+        return pulumi.get(self, "last_modified_by")
+
+    @property
+    @pulumi.getter(name="lastModifiedDateTime")
+    def last_modified_date_time(self) -> str:
+        """
+        The last modified date time.
+        """
+        return pulumi.get(self, "last_modified_date_time")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        The role management policy name.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="policyProperties")
+    def policy_properties(self) -> 'outputs.PolicyPropertiesResponse':
+        """
+        Additional properties of scope
+        """
+        return pulumi.get(self, "policy_properties")
+
+    @property
+    @pulumi.getter
+    def rules(self) -> Optional[Sequence[Any]]:
+        """
+        The rule applied to the policy.
+        """
+        return pulumi.get(self, "rules")
+
+    @property
+    @pulumi.getter
+    def scope(self) -> Optional[str]:
+        """
+        The role management policy scope.
+        """
+        return pulumi.get(self, "scope")
+
+    @property
+    @pulumi.getter
+    def type(self) -> str:
+        """
+        The role management policy type.
+        """
+        return pulumi.get(self, "type")
+
+
+class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetRoleManagementPolicyResult(
+            description=self.description,
+            display_name=self.display_name,
+            effective_rules=self.effective_rules,
+            id=self.id,
+            is_organization_default=self.is_organization_default,
+            last_modified_by=self.last_modified_by,
+            last_modified_date_time=self.last_modified_date_time,
+            name=self.name,
+            policy_properties=self.policy_properties,
+            rules=self.rules,
+            scope=self.scope,
+            type=self.type)
+
+
+def get_role_management_policy(role_management_policy_name: Optional[str] = None,
+                               scope: Optional[str] = None,
+                               opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult:
+    """
+    Get the specified role management policy for a resource scope
+    Azure REST API version: 2024-09-01-preview.
+
+    Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview.
+
+
+    :param str role_management_policy_name: The name (guid) of the role management policy to get.
+    :param str scope: The scope of the role management policy.
+    """
+    __args__ = dict()
+    __args__['roleManagementPolicyName'] = role_management_policy_name
+    __args__['scope'] = scope
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('azure-native:authorization:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value
+
+    return AwaitableGetRoleManagementPolicyResult(
+        description=pulumi.get(__ret__, 'description'),
+        display_name=pulumi.get(__ret__, 'display_name'),
+        effective_rules=pulumi.get(__ret__, 'effective_rules'),
+        id=pulumi.get(__ret__, 'id'),
+        is_organization_default=pulumi.get(__ret__, 'is_organization_default'),
+        last_modified_by=pulumi.get(__ret__, 'last_modified_by'),
+        last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'),
+        name=pulumi.get(__ret__, 'name'),
+        policy_properties=pulumi.get(__ret__, 'policy_properties'),
+        rules=pulumi.get(__ret__, 'rules'),
+        scope=pulumi.get(__ret__, 'scope'),
+        type=pulumi.get(__ret__, 'type'))
+def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None,
+                                      scope: Optional[pulumi.Input[str]] = None,
+                                      opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetRoleManagementPolicyResult]:
+    """
+    Get the specified role management policy for a resource scope
+    Azure REST API version: 2024-09-01-preview.
+
+    Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview.
+
+
+    :param str role_management_policy_name: The name (guid) of the role management policy to get.
+    :param str scope: The scope of the role management policy.
+    """
+    __args__ = dict()
+    __args__['roleManagementPolicyName'] = role_management_policy_name
+    __args__['scope'] = scope
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('azure-native:authorization:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult)
+    return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult(
+        description=pulumi.get(__response__, 'description'),
+        display_name=pulumi.get(__response__, 'display_name'),
+        effective_rules=pulumi.get(__response__, 'effective_rules'),
+        id=pulumi.get(__response__, 'id'),
+        is_organization_default=pulumi.get(__response__, 'is_organization_default'),
+        last_modified_by=pulumi.get(__response__, 'last_modified_by'),
+        last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'),
+        name=pulumi.get(__response__, 'name'),
+        policy_properties=pulumi.get(__response__, 'policy_properties'),
+        rules=pulumi.get(__response__, 'rules'),
+        scope=pulumi.get(__response__, 'scope'),
+        type=pulumi.get(__response__, 'type')))

pulumi_azure_native/authorization/outputs.py

@@ -28,6 +28,7 @@ __all__ = [
     'ManagementLockOwnerResponse',
     'NonComplianceMessageResponse',
     'OverrideResponse',
+    'PIMOnlyModeSettingsResponse',
     'ParameterDefinitionsValueResponse',
     'ParameterDefinitionsValueResponseMetadata',
     'ParameterValuesValueResponse',
@@ -39,6 +40,8 @@ __all__ = [
     'PolicyDefinitionGroupResponse',
     'PolicyDefinitionReferenceResponse',
     'PolicyDefinitionVersionResponse',
+    'PolicyPropertiesResponse',
+    'PolicyPropertiesResponseScope',
     'PolicySetDefinitionVersionResponse',
     'PolicyVariableColumnResponse',
     'PolicyVariableValueColumnValueResponse',
@@ -51,10 +54,12 @@ __all__ = [
     'RoleManagementPolicyEnablementRuleResponse',
     'RoleManagementPolicyExpirationRuleResponse',
     'RoleManagementPolicyNotificationRuleResponse',
+    'RoleManagementPolicyPimOnlyModeRuleResponse',
     'RoleManagementPolicyRuleTargetResponse',
     'SelectorResponse',
     'SystemDataResponse',
     'UserSetResponse',
+    'UsersOrServicePrincipalSetResponse',
 ]
 
 @pulumi.output_type
@@ -1044,6 +1049,70 @@ class OverrideResponse(dict):
         return pulumi.get(self, "value")
 
 
+@pulumi.output_type
+class PIMOnlyModeSettingsResponse(dict):
+    """
+    The PIM Only Mode settings.
+    """
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "excludedAssignmentTypes":
+            suggest = "excluded_assignment_types"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PIMOnlyModeSettingsResponse. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PIMOnlyModeSettingsResponse.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PIMOnlyModeSettingsResponse.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 excluded_assignment_types: Optional[Sequence[str]] = None,
+                 excludes: Optional[Sequence['outputs.UsersOrServicePrincipalSetResponse']] = None,
+                 mode: Optional[str] = None):
+        """
+        The PIM Only Mode settings.
+        :param Sequence[str] excluded_assignment_types: The list of excluded assignment types allowed.
+        :param Sequence['UsersOrServicePrincipalSetResponse'] excludes: The list of excluded entities that the rule does not apply to.
+        :param str mode: Determines whether the setting is enabled, disabled or report only.
+        """
+        if excluded_assignment_types is not None:
+            pulumi.set(__self__, "excluded_assignment_types", excluded_assignment_types)
+        if excludes is not None:
+            pulumi.set(__self__, "excludes", excludes)
+        if mode is not None:
+            pulumi.set(__self__, "mode", mode)
+
+    @property
+    @pulumi.getter(name="excludedAssignmentTypes")
+    def excluded_assignment_types(self) -> Optional[Sequence[str]]:
+        """
+        The list of excluded assignment types allowed.
+        """
+        return pulumi.get(self, "excluded_assignment_types")
+
+    @property
+    @pulumi.getter
+    def excludes(self) -> Optional[Sequence['outputs.UsersOrServicePrincipalSetResponse']]:
+        """
+        The list of excluded entities that the rule does not apply to.
+        """
+        return pulumi.get(self, "excludes")
+
+    @property
+    @pulumi.getter
+    def mode(self) -> Optional[str]:
+        """
+        Determines whether the setting is enabled, disabled or report only.
+        """
+        return pulumi.get(self, "mode")
+
+
 @pulumi.output_type
 class ParameterDefinitionsValueResponse(dict):
     """
@@ -1959,6 +2028,92 @@ class PolicyDefinitionVersionResponse(dict):
         return pulumi.get(self, "version")
 
 
+@pulumi.output_type
+class PolicyPropertiesResponse(dict):
+    """
+    Expanded info of resource scope
+    """
+    def __init__(__self__, *,
+                 scope: 'outputs.PolicyPropertiesResponseScope'):
+        """
+        Expanded info of resource scope
+        :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope
+        """
+        pulumi.set(__self__, "scope", scope)
+
+    @property
+    @pulumi.getter
+    def scope(self) -> 'outputs.PolicyPropertiesResponseScope':
+        """
+        Details of the resource scope
+        """
+        return pulumi.get(self, "scope")
+
+
+@pulumi.output_type
+class PolicyPropertiesResponseScope(dict):
+    """
+    Details of the resource scope
+    """
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "displayName":
+            suggest = "display_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PolicyPropertiesResponseScope.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PolicyPropertiesResponseScope.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 display_name: Optional[str] = None,
+                 id: Optional[str] = None,
+                 type: Optional[str] = None):
+        """
+        Details of the resource scope
+        :param str display_name: Display name of the resource
+        :param str id: Scope id of the resource
+        :param str type: Type of the resource
+        """
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[str]:
+        """
+        Display name of the resource
+        """
+        return pulumi.get(self, "display_name")
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[str]:
+        """
+        Scope id of the resource
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[str]:
+        """
+        Type of the resource
+        """
+        return pulumi.get(self, "type")
+
+
 @pulumi.output_type
 class PolicySetDefinitionVersionResponse(dict):
     """
@@ -2682,6 +2837,8 @@ class RoleManagementPolicyExpirationRuleResponse(dict):
         suggest = None
         if key == "ruleType":
             suggest = "rule_type"
+        elif key == "exceptionMembers":
+            suggest = "exception_members"
         elif key == "isExpirationRequired":
             suggest = "is_expiration_required"
         elif key == "maximumDuration":
@@ -2700,6 +2857,7 @@ class RoleManagementPolicyExpirationRuleResponse(dict):
 
     def __init__(__self__, *,
                  rule_type: str,
+                 exception_members: Optional[Sequence['outputs.UserSetResponse']] = None,
                  id: Optional[str] = None,
                  is_expiration_required: Optional[bool] = None,
                  maximum_duration: Optional[str] = None,
@@ -2708,12 +2866,15 @@ class RoleManagementPolicyExpirationRuleResponse(dict):
         The role management policy expiration rule.
         :param str rule_type: The type of rule
                Expected value is 'RoleManagementPolicyExpirationRule'.
+        :param Sequence['UserSetResponse'] exception_members: The members not restricted by expiration rule.
         :param str id: The id of the rule.
         :param bool is_expiration_required: The value indicating whether expiration is required.
         :param str maximum_duration: The maximum duration of expiration in timespan.
         :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule.
         """
         pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule')
+        if exception_members is not None:
+            pulumi.set(__self__, "exception_members", exception_members)
         if id is not None:
             pulumi.set(__self__, "id", id)
         if is_expiration_required is not None:
@@ -2732,6 +2893,14 @@ class RoleManagementPolicyExpirationRuleResponse(dict):
         """
         return pulumi.get(self, "rule_type")
 
+    @property
+    @pulumi.getter(name="exceptionMembers")
+    def exception_members(self) -> Optional[Sequence['outputs.UserSetResponse']]:
+        """
+        The members not restricted by expiration rule.
+        """
+        return pulumi.get(self, "exception_members")
+
     @property
     @pulumi.getter
     def id(self) -> Optional[str]:
@@ -2900,6 +3069,85 @@ class RoleManagementPolicyNotificationRuleResponse(dict):
         return pulumi.get(self, "target")
 
 
+@pulumi.output_type
+class RoleManagementPolicyPimOnlyModeRuleResponse(dict):
+    """
+    The role management policy PIM only mode rule.
+    """
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "ruleType":
+            suggest = "rule_type"
+        elif key == "pimOnlyModeSettings":
+            suggest = "pim_only_mode_settings"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyPimOnlyModeRuleResponse. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RoleManagementPolicyPimOnlyModeRuleResponse.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RoleManagementPolicyPimOnlyModeRuleResponse.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 rule_type: str,
+                 id: Optional[str] = None,
+                 pim_only_mode_settings: Optional['outputs.PIMOnlyModeSettingsResponse'] = None,
+                 target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None):
+        """
+        The role management policy PIM only mode rule.
+        :param str rule_type: The type of rule
+               Expected value is 'RoleManagementPolicyPimOnlyModeRule'.
+        :param str id: The id of the rule.
+        :param 'PIMOnlyModeSettingsResponse' pim_only_mode_settings: The PIM Only Mode settings
+        :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule.
+        """
+        pulumi.set(__self__, "rule_type", 'RoleManagementPolicyPimOnlyModeRule')
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if pim_only_mode_settings is not None:
+            pulumi.set(__self__, "pim_only_mode_settings", pim_only_mode_settings)
+        if target is not None:
+            pulumi.set(__self__, "target", target)
+
+    @property
+    @pulumi.getter(name="ruleType")
+    def rule_type(self) -> str:
+        """
+        The type of rule
+        Expected value is 'RoleManagementPolicyPimOnlyModeRule'.
+        """
+        return pulumi.get(self, "rule_type")
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[str]:
+        """
+        The id of the rule.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="pimOnlyModeSettings")
+    def pim_only_mode_settings(self) -> Optional['outputs.PIMOnlyModeSettingsResponse']:
+        """
+        The PIM Only Mode settings
+        """
+        return pulumi.get(self, "pim_only_mode_settings")
+
+    @property
+    @pulumi.getter
+    def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']:
+        """
+        The target of the current rule.
+        """
+        return pulumi.get(self, "target")
+
+
 @pulumi.output_type
 class RoleManagementPolicyRuleTargetResponse(dict):
     """
@@ -3258,3 +3506,67 @@ class UserSetResponse(dict):
         return pulumi.get(self, "user_type")
 
 
+@pulumi.output_type
+class UsersOrServicePrincipalSetResponse(dict):
+    """
+    The detail of a subject.
+    """
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "displayName":
+            suggest = "display_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in UsersOrServicePrincipalSetResponse. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        UsersOrServicePrincipalSetResponse.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        UsersOrServicePrincipalSetResponse.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 display_name: Optional[str] = None,
+                 id: Optional[str] = None,
+                 type: Optional[str] = None):
+        """
+        The detail of a subject.
+        :param str display_name: The display Name of the entity.
+        :param str id: The object id of the entity.
+        :param str type: The type of user.
+        """
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[str]:
+        """
+        The display Name of the entity.
+        """
+        return pulumi.get(self, "display_name")
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[str]:
+        """
+        The object id of the entity.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[str]:
+        """
+        The type of user.
+        """
+        return pulumi.get(self, "type")
+
+