How to use @pulumi/azuread - 10 common examples
To help you get started, we’ve selected a few @pulumi/azuread examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
pulumi / kubernetes-guides / azure / 01-identity / index.ts View on Github 
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";
const name = pulumi.getProject();
// Create the server application in Azure AD.
const applicationServer = new azuread.Application(`${name}-app-server`, {
replyUrls: ["http://k8s_server"],
type: "webapp/api",
groupMembershipClaims: "All",
requiredResourceAccesses: [
// Windows Azure Active Directory API
{
resourceAppId: "00000002-0000-0000-c000-000000000000",
resourceAccesses: [{
// DELEGATED PERMISSIONS: "Sign in and read user profile"
id: "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
type: "Scope",
}],
},
// MicrosoftGraph API
{
resourceAppId: "00000003-0000-0000-c000-000000000000",// Generate a strong password for the Service Principal.
const password = new random.RandomPassword("password", {
length: 20,
special: true,
}, {parent: this}).result;
// Create an SSH public key that will be used by the Kubernetes cluster.
// Note: We create one here to simplify the demo, but a production deployment would probably pass
// an existing key in as a variable.
const sshPublicKey = new tls.PrivateKey("sshKey", {
algorithm: "RSA",
rsaBits: 4096,
}, {parent: this}).publicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks", undefined, {parent: this});
const adSp = new azuread.ServicePrincipal("aksSp", {
applicationId: adApp.applicationId,
}, {parent: this});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: password,
endDate: "2099-01-01T00:00:00Z",
}, {parent: this});
const resourceGroup = new azure.core.ResourceGroup("multicloud");
// Grant the resource group the "Network Contributor" role so that it can link the static IP to a
// Service LoadBalancer.
const rgNetworkRole = new azure.role.Assignment("spRole", {
principalId: adSp.id,
scope: resourceGroup.id,{
name: "east",
location: azure.Locations.EastUS,
nodeCount: 2,
nodeSize: "Standard_D2_v2",
},
{
name: "west",
location: azure.Locations.WestUS,
nodeCount: 5,
nodeSize: "Standard_D2_v2",
},
];
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: config.password,
endDate: "2099-01-01T00:00:00Z",
});
// Create the individual clusters
const k8sClusters = aksClusterConfig.map((perClusterConfig, index) => {
const cluster = new azure.containerservice.KubernetesCluster(`aksCluster-${perClusterConfig.name}`, {
// Global config arguments
resourceGroupName: config.resourceGroup.name,
linuxProfile: {
adminUsername: "aksuser",
sshKey: {
keyData: config.sshPublicKey,constructor(name: string,
args: AksClusterArgs,
opts: pulumi.ComponentResourceOptions = {}) {
super("examples:keda:AksCluster", name, args, opts);
const password = new random.RandomPassword("password", {
length: 20,
special: true,
}).result;
const sshPublicKey = new tls.PrivateKey("keda", {
algorithm: "RSA",
rsaBits: 4096,
}).publicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks", undefined, { parent: this });
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId }, { parent: this });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: password,
endDate: "2099-01-01T00:00:00Z",
}, { parent: this });
// Create a Virtual Network for the cluster
const vnet = new azure.network.VirtualNetwork("keda", {
resourceGroupName: args.resourceGroupName,
addressSpaces: ["10.2.0.0/16"],
}, { parent: this });
// Create a Subnet for the cluster
const subnet = new azure.network.Subnet("keda", {
resourceGroupName: args.resourceGroupName,// Copyright 2016-2019, Pulumi Corporation. All rights reserved.
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import * as config from "./config";
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: config.password,
endDate: "2099-01-01T00:00:00Z",
});
// Now allocate an AKS cluster.
export const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
resourceGroupName: config.resourceGroup.name,
location: config.location,
defaultNodePool: {
name: "aksagentpool",
nodeCount: config.nodeCount,
vmSize: config.nodeSize,
},const principalServer = new azuread.ServicePrincipal(`${name}-sp-server`, {
applicationId: applicationServer.applicationId,
});
// Generate a strong password for the Service Principal.
const passwordServer = new random.RandomString(`${name}-pwd-server`, {
length: 20,
special: true,
}, {additionalSecretOutputs: ["result"]}).result;
const spPasswordServer = new azuread.ServicePrincipalPassword(`${name}-sppwd-server`, {
servicePrincipalId: principalServer.id,
value: passwordServer,
endDate: "2099-01-01T00:00:00Z",
});
const applicationClient = new azuread.Application(`${name}-app-client`, {
replyUrls: ["http://k8s_server"],
type: "native",
requiredResourceAccesses: [
// Windows Azure Active Directory API
{
resourceAppId: "00000002-0000-0000-c000-000000000000",
resourceAccesses: [{
// DELEGATED PERMISSIONS: "Sign in and read user profile"
id: "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
type: "Scope",
}],
},
// AKS ad application server
{
resourceAppId: applicationServer.applicationId,
resourceAccesses: [{name: "east",
location: azure.Locations.EastUS,
nodeCount: 2,
nodeSize: "Standard_D2_v2",
},
{
name: "west",
location: azure.Locations.WestUS,
nodeCount: 5,
nodeSize: "Standard_D2_v2",
},
];
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: config.password,
endDate: "2099-01-01T00:00:00Z",
});
// Create the individual clusters
const k8sClusters = aksClusterConfig.map((perClusterConfig, index) => {
const cluster = new azure.containerservice.KubernetesCluster(`aksCluster-${perClusterConfig.name}`, {
// Global config arguments
resourceGroupName: config.resourceGroup.name,
linuxProfile: {
adminUsername: "aksuser",
sshKey: {
keyData: config.sshPublicKey,
},args: AksClusterArgs,
opts: pulumi.ComponentResourceOptions = {}) {
super("examples:keda:AksCluster", name, args, opts);
const password = new random.RandomPassword("password", {
length: 20,
special: true,
}).result;
const sshPublicKey = new tls.PrivateKey("keda", {
algorithm: "RSA",
rsaBits: 4096,
}).publicKeyOpenssh;
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks", undefined, { parent: this });
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId }, { parent: this });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: password,
endDate: "2099-01-01T00:00:00Z",
}, { parent: this });
// Create a Virtual Network for the cluster
const vnet = new azure.network.VirtualNetwork("keda", {
resourceGroupName: args.resourceGroupName,
addressSpaces: ["10.2.0.0/16"],
}, { parent: this });
// Create a Subnet for the cluster
const subnet = new azure.network.Subnet("keda", {
resourceGroupName: args.resourceGroupName,
virtualNetworkName: vnet.name,// DELEGATED PERMISSIONS: "Sign in and read user profile"
{
id: "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
type: "Scope",
},
// DELEGATED PERMISSIONS: "Read directory data"
{
id: "06da0dbc-49e2-44d2-8312-53f166ab848a",
type: "Scope",
},
],
},
],
});
const principalServer = new azuread.ServicePrincipal(`${name}-sp-server`, {
applicationId: applicationServer.applicationId,
});
// Generate a strong password for the Service Principal.
const passwordServer = new random.RandomString(`${name}-pwd-server`, {
length: 20,
special: true,
}, {additionalSecretOutputs: ["result"]}).result;
const spPasswordServer = new azuread.ServicePrincipalPassword(`${name}-sppwd-server`, {
servicePrincipalId: principalServer.id,
value: passwordServer,
endDate: "2099-01-01T00:00:00Z",
});
const applicationClient = new azuread.Application(`${name}-app-client`, {
replyUrls: ["http://k8s_server"],// Copyright 2016-2019, Pulumi Corporation. All rights reserved.
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import * as config from "./config";
// Create the AD service principal for the K8s cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
servicePrincipalId: adSp.id,
value: config.password,
endDate: "2099-01-01T00:00:00Z",
});
// Now allocate an AKS cluster.
export const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
resourceGroupName: config.resourceGroup.name,
location: config.location,
defaultNodePool: {
name: "aksagentpool",
nodeCount: config.nodeCount,
vmSize: config.nodeSize,
},
dnsPrefix: `${pulumi.getStack()}-kube`,@pulumi/azuread
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
