1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. getManagedHardwareSecurityModuleRoleDefinition

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

azure.keyvault.getManagedHardwareSecurityModuleRoleDefinition

Explore with Pulumi AI

Use this data source to access information about an existing Key Vault Managed Hardware Security Module Role Definition.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.keyvault.getManagedHardwareSecurityModuleRoleDefinition({
    managedHsmId: exampleAzurermKeyVaultManagedHardwareSecurityModule.id,
    name: "21dbd100-6940-42c2-9190-5d6cb909625b",
});
export const id = example.then(example => example.resourceManagerId);
Copy
import pulumi
import pulumi_azure as azure

example = azure.keyvault.get_managed_hardware_security_module_role_definition(managed_hsm_id=example_azurerm_key_vault_managed_hardware_security_module["id"],
    name="21dbd100-6940-42c2-9190-5d6cb909625b")
pulumi.export("id", example.resource_manager_id)
Copy
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := keyvault.LookupManagedHardwareSecurityModuleRoleDefinition(ctx, &keyvault.LookupManagedHardwareSecurityModuleRoleDefinitionArgs{
			ManagedHsmId: exampleAzurermKeyVaultManagedHardwareSecurityModule.Id,
			Name:         "21dbd100-6940-42c2-9190-5d6cb909625b",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.ResourceManagerId)
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = Azure.KeyVault.GetManagedHardwareSecurityModuleRoleDefinition.Invoke(new()
    {
        ManagedHsmId = exampleAzurermKeyVaultManagedHardwareSecurityModule.Id,
        Name = "21dbd100-6940-42c2-9190-5d6cb909625b",
    });

    return new Dictionary<string, object?>
    {
        ["id"] = example.Apply(getManagedHardwareSecurityModuleRoleDefinitionResult => getManagedHardwareSecurityModuleRoleDefinitionResult.ResourceManagerId),
    };
});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetManagedHardwareSecurityModuleRoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = KeyvaultFunctions.getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs.builder()
            .managedHsmId(exampleAzurermKeyVaultManagedHardwareSecurityModule.id())
            .name("21dbd100-6940-42c2-9190-5d6cb909625b")
            .build());

        ctx.export("id", example.applyValue(getManagedHardwareSecurityModuleRoleDefinitionResult -> getManagedHardwareSecurityModuleRoleDefinitionResult.resourceManagerId()));
    }
}
Copy
variables:
  example:
    fn::invoke:
      function: azure:keyvault:getManagedHardwareSecurityModuleRoleDefinition
      arguments:
        managedHsmId: ${exampleAzurermKeyVaultManagedHardwareSecurityModule.id}
        name: 21dbd100-6940-42c2-9190-5d6cb909625b
outputs:
  id: ${example.resourceManagerId}
Copy

Using getManagedHardwareSecurityModuleRoleDefinition

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getManagedHardwareSecurityModuleRoleDefinition(args: GetManagedHardwareSecurityModuleRoleDefinitionArgs, opts?: InvokeOptions): Promise<GetManagedHardwareSecurityModuleRoleDefinitionResult>
function getManagedHardwareSecurityModuleRoleDefinitionOutput(args: GetManagedHardwareSecurityModuleRoleDefinitionOutputArgs, opts?: InvokeOptions): Output<GetManagedHardwareSecurityModuleRoleDefinitionResult>
Copy
def get_managed_hardware_security_module_role_definition(managed_hsm_id: Optional[str] = None,
                                                         name: Optional[str] = None,
                                                         opts: Optional[InvokeOptions] = None) -> GetManagedHardwareSecurityModuleRoleDefinitionResult
def get_managed_hardware_security_module_role_definition_output(managed_hsm_id: Optional[pulumi.Input[str]] = None,
                                                         name: Optional[pulumi.Input[str]] = None,
                                                         opts: Optional[InvokeOptions] = None) -> Output[GetManagedHardwareSecurityModuleRoleDefinitionResult]
Copy
func LookupManagedHardwareSecurityModuleRoleDefinition(ctx *Context, args *LookupManagedHardwareSecurityModuleRoleDefinitionArgs, opts ...InvokeOption) (*LookupManagedHardwareSecurityModuleRoleDefinitionResult, error)
func LookupManagedHardwareSecurityModuleRoleDefinitionOutput(ctx *Context, args *LookupManagedHardwareSecurityModuleRoleDefinitionOutputArgs, opts ...InvokeOption) LookupManagedHardwareSecurityModuleRoleDefinitionResultOutput
Copy

> Note: This function is named LookupManagedHardwareSecurityModuleRoleDefinition in the Go SDK.

public static class GetManagedHardwareSecurityModuleRoleDefinition 
{
    public static Task<GetManagedHardwareSecurityModuleRoleDefinitionResult> InvokeAsync(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions? opts = null)
    public static Output<GetManagedHardwareSecurityModuleRoleDefinitionResult> Invoke(GetManagedHardwareSecurityModuleRoleDefinitionInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetManagedHardwareSecurityModuleRoleDefinitionResult> getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions options)
public static Output<GetManagedHardwareSecurityModuleRoleDefinitionResult> getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: azure:keyvault/getManagedHardwareSecurityModuleRoleDefinition:getManagedHardwareSecurityModuleRoleDefinition
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

ManagedHsmId This property is required. string
The ID of the Key Vault Managed Hardware Security Module.
Name This property is required. string
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
ManagedHsmId This property is required. string
The ID of the Key Vault Managed Hardware Security Module.
Name This property is required. string
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
managedHsmId This property is required. String
The ID of the Key Vault Managed Hardware Security Module.
name This property is required. String
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
managedHsmId This property is required. string
The ID of the Key Vault Managed Hardware Security Module.
name This property is required. string
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
managed_hsm_id This property is required. str
The ID of the Key Vault Managed Hardware Security Module.
name This property is required. str
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
managedHsmId This property is required. String
The ID of the Key Vault Managed Hardware Security Module.
name This property is required. String
The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.

getManagedHardwareSecurityModuleRoleDefinition Result

The following output properties are available:

AssignableScopes List<string>
A list of assignable role scopes. Possible values are / and /keys.
Description string
A text description of the Key Vault Managed Hardware Security Module Role Definition.
Id string
The provider-assigned unique ID for this managed resource.
ManagedHsmId string
Name string
Permissions List<GetManagedHardwareSecurityModuleRoleDefinitionPermission>
A permission block as defined below.
ResourceManagerId string
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
RoleName string
The display name of the Key Vault Managed Hardware Security Module Role Definition.
RoleType string
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.
AssignableScopes []string
A list of assignable role scopes. Possible values are / and /keys.
Description string
A text description of the Key Vault Managed Hardware Security Module Role Definition.
Id string
The provider-assigned unique ID for this managed resource.
ManagedHsmId string
Name string
Permissions []GetManagedHardwareSecurityModuleRoleDefinitionPermission
A permission block as defined below.
ResourceManagerId string
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
RoleName string
The display name of the Key Vault Managed Hardware Security Module Role Definition.
RoleType string
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.
assignableScopes List<String>
A list of assignable role scopes. Possible values are / and /keys.
description String
A text description of the Key Vault Managed Hardware Security Module Role Definition.
id String
The provider-assigned unique ID for this managed resource.
managedHsmId String
name String
permissions List<GetManagedHardwareSecurityModuleRoleDefinitionPermission>
A permission block as defined below.
resourceManagerId String
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
roleName String
The display name of the Key Vault Managed Hardware Security Module Role Definition.
roleType String
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.
assignableScopes string[]
A list of assignable role scopes. Possible values are / and /keys.
description string
A text description of the Key Vault Managed Hardware Security Module Role Definition.
id string
The provider-assigned unique ID for this managed resource.
managedHsmId string
name string
permissions GetManagedHardwareSecurityModuleRoleDefinitionPermission[]
A permission block as defined below.
resourceManagerId string
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
roleName string
The display name of the Key Vault Managed Hardware Security Module Role Definition.
roleType string
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.
assignable_scopes Sequence[str]
A list of assignable role scopes. Possible values are / and /keys.
description str
A text description of the Key Vault Managed Hardware Security Module Role Definition.
id str
The provider-assigned unique ID for this managed resource.
managed_hsm_id str
name str
permissions Sequence[GetManagedHardwareSecurityModuleRoleDefinitionPermission]
A permission block as defined below.
resource_manager_id str
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
role_name str
The display name of the Key Vault Managed Hardware Security Module Role Definition.
role_type str
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.
assignableScopes List<String>
A list of assignable role scopes. Possible values are / and /keys.
description String
A text description of the Key Vault Managed Hardware Security Module Role Definition.
id String
The provider-assigned unique ID for this managed resource.
managedHsmId String
name String
permissions List<Property Map>
A permission block as defined below.
resourceManagerId String
The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
roleName String
The display name of the Key Vault Managed Hardware Security Module Role Definition.
roleType String
The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are AKVBuiltInRole and CustomRole.

Supporting Types

GetManagedHardwareSecurityModuleRoleDefinitionPermission

Actions This property is required. List<string>
A list of action permission granted.
DataActions This property is required. List<string>
A list of data action permission granted.
NotActions This property is required. List<string>
A list of action permission excluded (but not denied).
NotDataActions This property is required. List<string>
A list of data action permission granted.
Actions This property is required. []string
A list of action permission granted.
DataActions This property is required. []string
A list of data action permission granted.
NotActions This property is required. []string
A list of action permission excluded (but not denied).
NotDataActions This property is required. []string
A list of data action permission granted.
actions This property is required. List<String>
A list of action permission granted.
dataActions This property is required. List<String>
A list of data action permission granted.
notActions This property is required. List<String>
A list of action permission excluded (but not denied).
notDataActions This property is required. List<String>
A list of data action permission granted.
actions This property is required. string[]
A list of action permission granted.
dataActions This property is required. string[]
A list of data action permission granted.
notActions This property is required. string[]
A list of action permission excluded (but not denied).
notDataActions This property is required. string[]
A list of data action permission granted.
actions This property is required. Sequence[str]
A list of action permission granted.
data_actions This property is required. Sequence[str]
A list of data action permission granted.
not_actions This property is required. Sequence[str]
A list of action permission excluded (but not denied).
not_data_actions This property is required. Sequence[str]
A list of data action permission granted.
actions This property is required. List<String>
A list of action permission granted.
dataActions This property is required. List<String>
A list of data action permission granted.
notActions This property is required. List<String>
A list of action permission excluded (but not denied).
notDataActions This property is required. List<String>
A list of data action permission granted.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.