You are viewing an outdated version of provider-azuread.Go to Latest
upbound/provider-azuread@v1.4.0
AccessPolicy
conditionalaccess.azuread.upbound.io
AccessPolicy
upbound/provider-azuread@v1.4.0conditionalaccess.azuread.upbound.io

AccessPolicy is the Schema for the AccessPolicys API.

Type

CRD

Group

conditionalaccess.azuread.upbound.io

Version

apiVersion: conditionalaccess.azuread.upbound.io/v1beta1

kind: AccessPolicy

API Documentation
apiVersion
string
kind
string
metadata
object
spec
object
object

AccessPolicySpec defines the desired state of AccessPolicy

forProvider
requiredobject
requiredobject

No description provided.

array

A conditions block as documented below, which specifies the rules that must be met for the policy to apply.

array

An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.

array

A list of application IDs explicitly excluded from the policy. Can also be set to Office365.

array

A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.

array

A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.

array

A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.

array

An client_applications block as documented below, which specifies service principals included in and excluded from the policy.

array

A list of service principal IDs explicitly excluded in the policy.

array

A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.

devices
array
array

A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.

filter
array
array

A filter block as described below.

mode
string
rule
string
array

A locations block as documented below, which specifies locations included in and excluded from the policy.

array

A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.

array

A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.

array

A platforms block as documented below, which specifies platforms included in and excluded from the policy.

array

A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.

array

A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

array

A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

users
array
array

A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.

array

A list of group IDs excluded from scope of policy.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs excluded from scope of policy.

array

A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.

array

A list of group IDs in scope of policy unless explicitly excluded.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs in scope of policy unless explicitly excluded.

array

A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.

array

A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.

array

List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.

array

List of custom controls IDs required by the policy.

operator
string
array

List of terms of use IDs required by the policy.

array

A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.

state
string
object

THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.

array

A conditions block as documented below, which specifies the rules that must be met for the policy to apply.

array

An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.

array

A list of application IDs explicitly excluded from the policy. Can also be set to Office365.

array

A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.

array

A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.

array

A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.

array

An client_applications block as documented below, which specifies service principals included in and excluded from the policy.

array

A list of service principal IDs explicitly excluded in the policy.

array

A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.

devices
array
array

A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.

filter
array
array

A filter block as described below.

mode
string
rule
string
array

A locations block as documented below, which specifies locations included in and excluded from the policy.

array

A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.

array

A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.

array

A platforms block as documented below, which specifies platforms included in and excluded from the policy.

array

A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.

array

A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

array

A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

users
array
array

A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.

array

A list of group IDs excluded from scope of policy.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs excluded from scope of policy.

array

A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.

array

A list of group IDs in scope of policy unless explicitly excluded.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs in scope of policy unless explicitly excluded.

array

A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.

array

A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.

array

List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.

array

List of custom controls IDs required by the policy.

operator
string
array

List of terms of use IDs required by the policy.

array

A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.

state
string
array

THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md

object

ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
object

PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.

configRef
object
object

SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
metadata
object
object

Metadata is the metadata for connection secret.

labels
object
type
string
name
requiredstring
object

WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.

name
requiredstring
namespace
requiredstring
status
object
object

AccessPolicyStatus defines the observed state of AccessPolicy.

object

No description provided.

array

A conditions block as documented below, which specifies the rules that must be met for the policy to apply.

array

An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.

array

A list of application IDs explicitly excluded from the policy. Can also be set to Office365.

array

A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.

array

A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.

array

A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.

array

An client_applications block as documented below, which specifies service principals included in and excluded from the policy.

array

A list of service principal IDs explicitly excluded in the policy.

array

A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.

devices
array
array

A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.

filter
array
array

A filter block as described below.

mode
string
rule
string
array

A locations block as documented below, which specifies locations included in and excluded from the policy.

array

A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.

array

A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.

array

A platforms block as documented below, which specifies platforms included in and excluded from the policy.

array

A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.

array

A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.

array

A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

array

A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

users
array
array

A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.

array

A list of group IDs excluded from scope of policy.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs excluded from scope of policy.

array

A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.

array

A list of group IDs in scope of policy unless explicitly excluded.

array

A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.

array

An external_tenants block as documented below, which specifies external tenants in a policy scope.

members
array
array

A list tenant IDs. Can only be specified if membership_kind is enumerated.

array

A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.

array

A list of role IDs in scope of policy unless explicitly excluded.

array

A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.

array

A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.

array

List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.

array

List of custom controls IDs required by the policy.

operator
string
array

List of terms of use IDs required by the policy.

id
string
array

A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.

state
string
array

Conditions of the resource.

lastTransitionTime
requiredstring
message
string
reason
requiredstring
status
requiredstring
type
requiredstring
Discover the building blocks for your internal cloud platform.
© 2024 Upbound, Inc.
Solutions