Folks, is there already a convenience layer in Pulumi for Azure that could save me from working with UUIDs when assigning API permissions? For example, something like this:

export const app = new azuread.Application('app', {
  requiredResourceAccesses: [
    Apps.WindowsAzureActiveDirectory.withRoles(roles => [
      roles.Application.ReadWrite.All,
      roles.Application.ReadWrite.OwnedBy,
    ]),
  ],
});

Instead of this:

export const app = new azuread.Application('app', {
  requiredResourceAccesses: [
    {
      resourceAppId: '00000002-0000-0000-c000-000000000000',
      resourceAccesses: [
        {
          id: "1cda74f2-2616-4834-b122-5cb1b07f8a59",
          type: "Role",
        },
        {
          id: "824c81eb-e3f8-4ee6-8f6d-de7f50d565b7",
          type: "Role",
        },
      ],
    },
  ],
});

Not that I know of… Would be great to have it!

Thanks. I presume that would be a low-hanging fruit for contributing to Pulumi. I'll see how much time I can allot right now.