ServicePrincipal.ts

import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";

export const app = new azuread.Application('pulumi', {
  availableToOtherTenants: false,
  homepage: "http://example.com",
  identifierUris: ["http://example.com"],
  oauth2AllowImplicitFlow: true,
  replyUrls: ["http://example.com"],
});

export const sp = new azuread.ServicePrincipal('pulumi', {
  applicationId: app.applicationId,
});

var password = new random.RandomPassword('pulumi-pass', {
  length: 20,
  special: true,
});

var servicePrincipalPassword = new azuread.ServicePrincipalPassword('pulumi-sp-pass', {
  servicePrincipalId: sp.id,
  endDate: '2099-01-01T00:00:00Z',
  value: password.result,
});

const subscription = azure.core.getSubscription({});

new azure.authorization.Assignment('pulumi-contributor', {
  principalId: sp.objectId,
  scope: subscription.then(p => p.id),
  roleDefinitionName: 'Contributor',
});

export const appID = app.applicationId;
export const spID = sp.id;