diff --git a/Makefile b/Makefile index 3c549095..c957983e 100644 --- a/Makefile +++ b/Makefile @@ -53,12 +53,28 @@ GO_SUBDIRS += cmd internal apis # ==================================================================================== # Setup Kubernetes tools -KIND_VERSION = v0.15.0 -UP_VERSION = v0.16.1 +KIND_VERSION = v0.21.0 +UP_VERSION = v0.28.0 UP_CHANNEL = stable -UPTEST_VERSION = v0.7.0 +UPTEST_VERSION = v0.11.1 +UPTEST_LOCAL_VERSION = v0.12.0-9.gac371c9 +UPTEST_LOCAL_CHANNEL = main +KUSTOMIZE_VERSION = v5.3.0 +YQ_VERSION = v4.40.5 +UXP_VERSION = 1.14.6-up.1 + -include build/makelib/k8s_tools.mk +# uptest download and install +UPTEST_LOCAL := $(TOOLS_HOST_DIR)/uptest-$(UPTEST_LOCAL_VERSION) + +$(UPTEST_LOCAL): + @$(INFO) installing uptest $(UPTEST_LOCAL) + @mkdir -p $(TOOLS_HOST_DIR) + @curl -fsSLo $(UPTEST_LOCAL) https://s3.us-west-2.amazonaws.com/crossplane.uptest.releases/$(UPTEST_LOCAL_CHANNEL)/$(UPTEST_LOCAL_VERSION)/bin/$(SAFEHOST_PLATFORM)/uptest || $(FAIL) + @chmod +x $(UPTEST_LOCAL) + @$(OK) installing uptest $(UPTEST_LOCAL) + # ==================================================================================== # Setup Images @@ -74,6 +90,9 @@ XPKG_REG_ORGS ?= xpkg.upbound.io/upbound # inferred. XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/upbound XPKGS = $(PROJECT_NAME) +XPKG_DIR = $(OUTPUT_DIR)/package +XPKG_IGNORE = kustomize/*,crds/kustomization.yaml + -include build/makelib/xpkg.mk # NOTE(hasheddan): we force image building to happen prior to xpkg build so that @@ -164,7 +183,7 @@ submodules: run: go.build @$(INFO) Running Crossplane locally out-of-cluster . . . @# To see other arguments that can be provided, run the command with --help instead - UPBOUND_CONTEXT="local" $(GO_OUT_DIR)/provider --debug + UPBOUND_CONTEXT="local" $(GO_OUT_DIR)/provider --debug --certs-dir="" # ==================================================================================== # End to End Testing @@ -176,9 +195,9 @@ CROSSPLANE_NAMESPACE = upbound-system # - UPTEST_EXAMPLE_LIST, a comma-separated list of examples to test # - UPTEST_CLOUD_CREDENTIALS (optional), cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials) # - UPTEST_DATASOURCE_PATH (optional), see https://github.com/upbound/uptest#injecting-dynamic-values-and-datasource -uptest: $(UPTEST) $(KUBECTL) $(KUTTL) +uptest: $(UPTEST_LOCAL) $(KUBECTL) $(KUTTL) @$(INFO) running automated tests - @KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) $(UPTEST) e2e "${UPTEST_EXAMPLE_LIST}" --setup-script=cluster/test/setup.sh || $(FAIL) + @KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) $(UPTEST_LOCAL) e2e "${UPTEST_EXAMPLE_LIST}" --setup-script=cluster/test/setup.sh || $(FAIL) @$(OK) running automated tests local-deploy: build controlplane.up local.xpkg.deploy.provider.$(PROJECT_NAME) @@ -244,3 +263,17 @@ crossplane.help: help-special: crossplane.help .PHONY: crossplane.help help-special + +build.init: kustomize-crds + +kustomize-crds: output.init $(KUSTOMIZE) $(YQ) + @$(INFO) Kustomizing CRDs... + @rm -fr $(OUTPUT_DIR)/package || $(FAIL) + @cp -R package $(OUTPUT_DIR) && \ + cd $(OUTPUT_DIR)/package/crds && \ + $(KUSTOMIZE) create --autodetect || $(FAIL) + @export YQ=$(YQ) && \ + XDG_CONFIG_HOME=$(PWD)/package $(KUSTOMIZE) build --enable-alpha-plugins $(OUTPUT_DIR)/package/kustomize -o $(OUTPUT_DIR)/package/crds.yaml || $(FAIL) + @$(OK) Kustomizing CRDs. + +.PHONY: kustomize-crds diff --git a/apis/administrativeunits/v1beta1/zz_generated.conversion_hubs.go b/apis/administrativeunits/v1beta1/zz_generated.conversion_hubs.go index 723b6482..ceeb6336 100755 --- a/apis/administrativeunits/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/administrativeunits/v1beta1/zz_generated.conversion_hubs.go @@ -7,7 +7,7 @@ package v1beta1 // Hub marks this type as a conversion hub. -func (tr *Unit) Hub() {} +func (tr *Member) Hub() {} // Hub marks this type as a conversion hub. -func (tr *Member) Hub() {} +func (tr *Unit) Hub() {} diff --git a/apis/administrativeunits/v1beta1/zz_generated.resolvers.go b/apis/administrativeunits/v1beta1/zz_generated.resolvers.go index ada3e1b0..4138998c 100644 --- a/apis/administrativeunits/v1beta1/zz_generated.resolvers.go +++ b/apis/administrativeunits/v1beta1/zz_generated.resolvers.go @@ -2,49 +2,61 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" errors "github.com/pkg/errors" client "sigs.k8s.io/controller-runtime/pkg/client" + + // ResolveReferences of this Member. + apisresolver "github.com/upbound/provider-azuread/internal/apis" ) -// ResolveReferences of this Member. func (mg *Member) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("administrativeunits.azuread.upbound.io", "v1beta1", "Unit", "UnitList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AdministrativeUnitObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.AdministrativeUnitObjectIDRef, - Selector: mg.Spec.ForProvider.AdministrativeUnitObjectIDSelector, - To: reference.To{ - List: &UnitList{}, - Managed: &Unit{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AdministrativeUnitObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.AdministrativeUnitObjectIDRef, + Selector: mg.Spec.ForProvider.AdministrativeUnitObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.AdministrativeUnitObjectID") } mg.Spec.ForProvider.AdministrativeUnitObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.AdministrativeUnitObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("administrativeunits.azuread.upbound.io", "v1beta1", "Unit", "UnitList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AdministrativeUnitObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.AdministrativeUnitObjectIDRef, - Selector: mg.Spec.InitProvider.AdministrativeUnitObjectIDSelector, - To: reference.To{ - List: &UnitList{}, - Managed: &Unit{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AdministrativeUnitObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.AdministrativeUnitObjectIDRef, + Selector: mg.Spec.InitProvider.AdministrativeUnitObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.AdministrativeUnitObjectID") } diff --git a/apis/administrativeunits/v1beta1/zz_member_types.go b/apis/administrativeunits/v1beta1/zz_member_types.go index b54549b8..d2885e68 100755 --- a/apis/administrativeunits/v1beta1/zz_member_types.go +++ b/apis/administrativeunits/v1beta1/zz_member_types.go @@ -17,14 +17,14 @@ type MemberInitParameters struct { // The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. // The object ID of the administrative unit - // +crossplane:generate:reference:type=Unit + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/administrativeunits/v1beta1.Unit AdministrativeUnitObjectID *string `json:"administrativeUnitObjectId,omitempty" tf:"administrative_unit_object_id,omitempty"` - // Reference to a Unit to populate administrativeUnitObjectId. + // Reference to a Unit in administrativeunits to populate administrativeUnitObjectId. // +kubebuilder:validation:Optional AdministrativeUnitObjectIDRef *v1.Reference `json:"administrativeUnitObjectIdRef,omitempty" tf:"-"` - // Selector for a Unit to populate administrativeUnitObjectId. + // Selector for a Unit in administrativeunits to populate administrativeUnitObjectId. // +kubebuilder:validation:Optional AdministrativeUnitObjectIDSelector *v1.Selector `json:"administrativeUnitObjectIdSelector,omitempty" tf:"-"` @@ -50,15 +50,15 @@ type MemberParameters struct { // The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. // The object ID of the administrative unit - // +crossplane:generate:reference:type=Unit + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/administrativeunits/v1beta1.Unit // +kubebuilder:validation:Optional AdministrativeUnitObjectID *string `json:"administrativeUnitObjectId,omitempty" tf:"administrative_unit_object_id,omitempty"` - // Reference to a Unit to populate administrativeUnitObjectId. + // Reference to a Unit in administrativeunits to populate administrativeUnitObjectId. // +kubebuilder:validation:Optional AdministrativeUnitObjectIDRef *v1.Reference `json:"administrativeUnitObjectIdRef,omitempty" tf:"-"` - // Selector for a Unit to populate administrativeUnitObjectId. + // Selector for a Unit in administrativeunits to populate administrativeUnitObjectId. // +kubebuilder:validation:Optional AdministrativeUnitObjectIDSelector *v1.Selector `json:"administrativeUnitObjectIdSelector,omitempty" tf:"-"` diff --git a/apis/app/v1beta1/zz_generated.resolvers.go b/apis/app/v1beta1/zz_generated.resolvers.go index dd91b9df..9be8ed4b 100644 --- a/apis/app/v1beta1/zz_generated.resolvers.go +++ b/apis/app/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -9,75 +10,91 @@ import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" - v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) -// ResolveReferences of this RoleAssignment. -func (mg *RoleAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { +func (mg *RoleAssignment) ResolveReferences( // ResolveReferences of this RoleAssignment. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.PrincipalObjectIDRef, - Selector: mg.Spec.ForProvider.PrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PrincipalObjectIDRef, + Selector: mg.Spec.ForProvider.PrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalObjectID") } mg.Spec.ForProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.PrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ResourceObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ResourceObjectIDRef, - Selector: mg.Spec.ForProvider.ResourceObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ResourceObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ResourceObjectIDRef, + Selector: mg.Spec.ForProvider.ResourceObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ResourceObjectID") } mg.Spec.ForProvider.ResourceObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ResourceObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, - Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.PrincipalObjectID") } mg.Spec.InitProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.PrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ResourceObjectIDRef, - Selector: mg.Spec.InitProvider.ResourceObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ResourceObjectIDRef, + Selector: mg.Spec.InitProvider.ResourceObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ResourceObjectID") } diff --git a/apis/app/v1beta1/zz_roleassignment_types.go b/apis/app/v1beta1/zz_roleassignment_types.go index bdeb05ee..cdbd6832 100755 --- a/apis/app/v1beta1/zz_roleassignment_types.go +++ b/apis/app/v1beta1/zz_roleassignment_types.go @@ -21,7 +21,7 @@ type RoleAssignmentInitParameters struct { // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. // The object ID of the user, group or service principal to be assigned this app role - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` // Reference to a Principal in serviceprincipals to populate principalObjectId. @@ -34,7 +34,7 @@ type RoleAssignmentInitParameters struct { // The object ID of the service principal representing the resource. Changing this forces a new resource to be created. // The object ID of the service principal representing the resource - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ResourceObjectID *string `json:"resourceObjectId,omitempty" tf:"resource_object_id,omitempty"` // Reference to a Principal in serviceprincipals to populate resourceObjectId. @@ -84,7 +84,7 @@ type RoleAssignmentParameters struct { // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. // The object ID of the user, group or service principal to be assigned this app role - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` @@ -98,7 +98,7 @@ type RoleAssignmentParameters struct { // The object ID of the service principal representing the resource. Changing this forces a new resource to be created. // The object ID of the service principal representing the resource - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ResourceObjectID *string `json:"resourceObjectId,omitempty" tf:"resource_object_id,omitempty"` diff --git a/apis/applications/v1beta1/zz_certificate_types.go b/apis/applications/v1beta1/zz_certificate_types.go index a14b7067..20868e0d 100755 --- a/apis/applications/v1beta1/zz_certificate_types.go +++ b/apis/applications/v1beta1/zz_certificate_types.go @@ -17,7 +17,7 @@ type CertificateInitParameters struct { // The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created. // The resource ID of the application for which this certificate should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta1.Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` @@ -30,14 +30,14 @@ type CertificateInitParameters struct { ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` // The object ID of the application for which this certificate should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` @@ -106,7 +106,7 @@ type CertificateParameters struct { // The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created. // The resource ID of the application for which this certificate should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta1.Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` @@ -120,15 +120,15 @@ type CertificateParameters struct { ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` // The object ID of the application for which this certificate should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +kubebuilder:validation:Optional ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` diff --git a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go index 0ba4a543..00de4542 100755 --- a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go +++ b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go @@ -20,14 +20,14 @@ type FederatedIdentityCredentialInitParameters struct { ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` // The object ID of the application for which this federated identity credential should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` @@ -96,15 +96,15 @@ type FederatedIdentityCredentialParameters struct { ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` // The object ID of the application for which this federated identity credential should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +kubebuilder:validation:Optional ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` diff --git a/apis/applications/v1beta1/zz_generated.conversion_hubs.go b/apis/applications/v1beta1/zz_generated.conversion_hubs.go index 65e9b8d9..51df7b79 100755 --- a/apis/applications/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/applications/v1beta1/zz_generated.conversion_hubs.go @@ -6,9 +6,6 @@ package v1beta1 -// Hub marks this type as a conversion hub. -func (tr *Application) Hub() {} - // Hub marks this type as a conversion hub. func (tr *Certificate) Hub() {} diff --git a/apis/applications/v1beta1/zz_generated.conversion_spokes.go b/apis/applications/v1beta1/zz_generated.conversion_spokes.go new file mode 100755 index 00000000..ada25ff0 --- /dev/null +++ b/apis/applications/v1beta1/zz_generated.conversion_spokes.go @@ -0,0 +1,34 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + ujconversion "github.com/crossplane/upjet/pkg/controller/conversion" + "github.com/crossplane/upjet/pkg/resource" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/conversion" +) + +// ConvertTo converts this Application to the hub type. +func (tr *Application) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the Application type. +func (tr *Application) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} diff --git a/apis/applications/v1beta1/zz_generated.resolvers.go b/apis/applications/v1beta1/zz_generated.resolvers.go index c28d94dc..b8298e21 100644 --- a/apis/applications/v1beta1/zz_generated.resolvers.go +++ b/apis/applications/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -10,74 +11,91 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) -// ResolveReferences of this Certificate. -func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) error { +func (mg *Certificate) ResolveReferences( // ResolveReferences of this Certificate. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.ApplicationIDRef, - Selector: mg.Spec.ForProvider.ApplicationIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.ApplicationIDRef, + Selector: mg.Spec.ForProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationID") } mg.Spec.ForProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, - Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, + Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationObjectID") } mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.InitProvider.ApplicationIDRef, - Selector: mg.Spec.InitProvider.ApplicationIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.ApplicationIDRef, + Selector: mg.Spec.InitProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationID") } mg.Spec.InitProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, - Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") } @@ -89,37 +107,45 @@ func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) e // ResolveReferences of this FederatedIdentityCredential. func (mg *FederatedIdentityCredential) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, - Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, + Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationObjectID") } mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, - Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") } @@ -131,37 +157,45 @@ func (mg *FederatedIdentityCredential) ResolveReferences(ctx context.Context, c // ResolveReferences of this Password. func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, - Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, + Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationObjectID") } mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, - Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") } @@ -173,101 +207,121 @@ func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) erro // ResolveReferences of this PreAuthorized. func (mg *PreAuthorized) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.ApplicationIDRef, - Selector: mg.Spec.ForProvider.ApplicationIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.ApplicationIDRef, + Selector: mg.Spec.ForProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationID") } mg.Spec.ForProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, - Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ApplicationObjectIDRef, + Selector: mg.Spec.ForProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationObjectID") } mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AuthorizedAppID), - Extract: resource.ExtractParamPath("application_id", true), - Reference: mg.Spec.ForProvider.AuthorizedAppIDRef, - Selector: mg.Spec.ForProvider.AuthorizedAppIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AuthorizedAppID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.ForProvider.AuthorizedAppIDRef, + Selector: mg.Spec.ForProvider.AuthorizedAppIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.AuthorizedAppID") } mg.Spec.ForProvider.AuthorizedAppID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.AuthorizedAppIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.InitProvider.ApplicationIDRef, - Selector: mg.Spec.InitProvider.ApplicationIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.ApplicationIDRef, + Selector: mg.Spec.InitProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationID") } mg.Spec.InitProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, - Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") } mg.Spec.InitProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ApplicationObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthorizedAppID), - Extract: resource.ExtractParamPath("application_id", true), - Reference: mg.Spec.InitProvider.AuthorizedAppIDRef, - Selector: mg.Spec.InitProvider.AuthorizedAppIDSelector, - To: reference.To{ - List: &ApplicationList{}, - Managed: &Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthorizedAppID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.InitProvider.AuthorizedAppIDRef, + Selector: mg.Spec.InitProvider.AuthorizedAppIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.AuthorizedAppID") } diff --git a/apis/applications/v1beta1/zz_password_types.go b/apis/applications/v1beta1/zz_password_types.go index edcf5c9e..daff519b 100755 --- a/apis/applications/v1beta1/zz_password_types.go +++ b/apis/applications/v1beta1/zz_password_types.go @@ -20,14 +20,14 @@ type PasswordInitParameters struct { ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` // The object ID of the application for which this password should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` @@ -98,15 +98,15 @@ type PasswordParameters struct { ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` // The object ID of the application for which this password should be created - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +kubebuilder:validation:Optional ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` diff --git a/apis/applications/v1beta1/zz_preauthorized_types.go b/apis/applications/v1beta1/zz_preauthorized_types.go index f15cdf69..300afec1 100755 --- a/apis/applications/v1beta1/zz_preauthorized_types.go +++ b/apis/applications/v1beta1/zz_preauthorized_types.go @@ -17,7 +17,7 @@ type PreAuthorizedInitParameters struct { // The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created. // The resource ID of the application to which this pre-authorized application should be added - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta1.Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` @@ -30,27 +30,27 @@ type PreAuthorizedInitParameters struct { ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` // The object ID of the application to which this pre-authorized application should be added - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` // The application ID of the pre-authorized application - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) AuthorizedAppID *string `json:"authorizedAppId,omitempty" tf:"authorized_app_id,omitempty"` - // Reference to a Application to populate authorizedAppId. + // Reference to a Application in applications to populate authorizedAppId. // +kubebuilder:validation:Optional AuthorizedAppIDRef *v1.Reference `json:"authorizedAppIdRef,omitempty" tf:"-"` - // Selector for a Application to populate authorizedAppId. + // Selector for a Application in applications to populate authorizedAppId. // +kubebuilder:validation:Optional AuthorizedAppIDSelector *v1.Selector `json:"authorizedAppIdSelector,omitempty" tf:"-"` @@ -92,7 +92,7 @@ type PreAuthorizedParameters struct { // The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created. // The resource ID of the application to which this pre-authorized application should be added - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta1.Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` @@ -106,29 +106,29 @@ type PreAuthorizedParameters struct { ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` // The object ID of the application to which this pre-authorized application should be added - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +kubebuilder:validation:Optional ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` - // Reference to a Application to populate applicationObjectId. + // Reference to a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` - // Selector for a Application to populate applicationObjectId. + // Selector for a Application in applications to populate applicationObjectId. // +kubebuilder:validation:Optional ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` // The application ID of the pre-authorized application - // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) // +kubebuilder:validation:Optional AuthorizedAppID *string `json:"authorizedAppId,omitempty" tf:"authorized_app_id,omitempty"` - // Reference to a Application to populate authorizedAppId. + // Reference to a Application in applications to populate authorizedAppId. // +kubebuilder:validation:Optional AuthorizedAppIDRef *v1.Reference `json:"authorizedAppIdRef,omitempty" tf:"-"` - // Selector for a Application to populate authorizedAppId. + // Selector for a Application in applications to populate authorizedAppId. // +kubebuilder:validation:Optional AuthorizedAppIDSelector *v1.Selector `json:"authorizedAppIdSelector,omitempty" tf:"-"` diff --git a/apis/applications/v1beta2/zz_application_terraformed.go b/apis/applications/v1beta2/zz_application_terraformed.go new file mode 100755 index 00000000..203c15d7 --- /dev/null +++ b/apis/applications/v1beta2/zz_application_terraformed.go @@ -0,0 +1,130 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Application +func (mg *Application) GetTerraformResourceType() string { + return "azuread_application" +} + +// GetConnectionDetailsMapping for this Application +func (tr *Application) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Application +func (tr *Application) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Application +func (tr *Application) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Application +func (tr *Application) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Application +func (tr *Application) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Application +func (tr *Application) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Application +func (tr *Application) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Application +func (tr *Application) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Application using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Application) LateInitialize(attrs []byte) (bool, error) { + params := &ApplicationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("Tags")) + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Application) GetTerraformSchemaVersion() int { + return 2 +} diff --git a/apis/applications/v1beta2/zz_application_types.go b/apis/applications/v1beta2/zz_application_types.go new file mode 100755 index 00000000..b494ba5a --- /dev/null +++ b/apis/applications/v1beta2/zz_application_types.go @@ -0,0 +1,1215 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type APIInitParameters struct { + + // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + // +listType=set + KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` + + // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + // Allows an application to use claims mapping without specifying a custom signing key + MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"` + + // One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + // One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + Oauth2PermissionScope []Oauth2PermissionScopeInitParameters `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"` + + // The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + // The access token version expected by this resource + RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"` +} + +type APIObservation struct { + + // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + // +listType=set + KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` + + // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + // Allows an application to use claims mapping without specifying a custom signing key + MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"` + + // One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + // One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + Oauth2PermissionScope []Oauth2PermissionScopeObservation `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"` + + // The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + // The access token version expected by this resource + RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"` +} + +type APIParameters struct { + + // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + // +kubebuilder:validation:Optional + // +listType=set + KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` + + // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + // Allows an application to use claims mapping without specifying a custom signing key + // +kubebuilder:validation:Optional + MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"` + + // One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + // One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + // +kubebuilder:validation:Optional + Oauth2PermissionScope []Oauth2PermissionScopeParameters `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"` + + // The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + // The access token version expected by this resource + // +kubebuilder:validation:Optional + RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"` +} + +type AccessTokenInitParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type AccessTokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type AccessTokenParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + // +kubebuilder:validation:Optional + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + // +kubebuilder:validation:Optional + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + // +kubebuilder:validation:Optional + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type AppRoleInitParameters struct { + + // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + // +listType=set + AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` + + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Display name for the app role that appears during app role assignment and in consent experiences. + // Display name for the app role that appears during app role assignment and in consent experiences + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Determines if the app role is enabled. Defaults to true. + // Determines if the app role is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app role. Must be a valid UUID. + // The unique identifier of the app role + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + // The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type AppRoleObservation struct { + + // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + // +listType=set + AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` + + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Display name for the app role that appears during app role assignment and in consent experiences. + // Display name for the app role that appears during app role assignment and in consent experiences + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Determines if the app role is enabled. Defaults to true. + // Determines if the app role is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app role. Must be a valid UUID. + // The unique identifier of the app role + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + // The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type AppRoleParameters struct { + + // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + // +kubebuilder:validation:Optional + // +listType=set + AllowedMemberTypes []*string `json:"allowedMemberTypes" tf:"allowed_member_types,omitempty"` + + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + // +kubebuilder:validation:Optional + Description *string `json:"description" tf:"description,omitempty"` + + // Display name for the app role that appears during app role assignment and in consent experiences. + // Display name for the app role that appears during app role assignment and in consent experiences + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + + // Determines if the app role is enabled. Defaults to true. + // Determines if the app role is enabled + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app role. Must be a valid UUID. + // The unique identifier of the app role + // +kubebuilder:validation:Optional + ID *string `json:"id" tf:"id,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + // The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type ApplicationInitParameters struct { + + // An api block as documented below, which configures API related settings for this application. + API *APIInitParameters `json:"api,omitempty" tf:"api,omitempty"` + + // A collection of app_role blocks as documented below. For more information see official documentation on Application Roles. + AppRole []AppRoleInitParameters `json:"appRole,omitempty" tf:"app_role,omitempty"` + + // A description of the application, as shown to end users. + // Description of the application as shown to end users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Specifies whether this application supports device authentication without a user. Defaults to false. + // Specifies whether this application supports device authentication without a user. + DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"` + + // The display name for the application. + // The display name for the application + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this application using tags + FeatureTags []FeatureTagsInitParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + // +listType=set + GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` + + // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + // +listType=set + IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` + + // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + // Base64 encoded logo image in gif, png or jpeg format + LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"` + + // URL of the application's marketing page. + // URL of the application's marketing page + MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"` + + // User-specified notes relevant for the management of the application. + // User-specified notes relevant for the management of the application + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"` + + // An optional_claims block as documented below. + OptionalClaims *OptionalClaimsInitParameters `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the application + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing application is found with the same name. Defaults to false. + // If `true`, will return an error if an existing application is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // URL of the application's privacy statement. + // URL of the application's privacy statement + PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"` + + // A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. + PublicClient *PublicClientInitParameters `json:"publicClient,omitempty" tf:"public_client,omitempty"` + + // A collection of required_resource_access blocks as documented below. + RequiredResourceAccess []RequiredResourceAccessInitParameters `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + + // References application context information from a Service or Asset Management database. + // References application or service contact information from a Service or Asset Management database + ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"` + + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + // The Microsoft account types that are supported for the current application + SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + + // A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application. + SinglePageApplication *SinglePageApplicationInitParameters `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"` + + // URL of the application's support page. + // URL of the application's support page + SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"` + + // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the application + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + // Unique ID of the application template from which this application is created + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` + + // URL of the application's terms of service statement. + // URL of the application's terms of service statement + TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"` + + // A web block as documented below, which configures web related settings for this application. + Web *WebInitParameters `json:"web,omitempty" tf:"web,omitempty"` +} + +type ApplicationObservation struct { + + // An api block as documented below, which configures API related settings for this application. + API *APIObservation `json:"api,omitempty" tf:"api,omitempty"` + + // A collection of app_role blocks as documented below. For more information see official documentation on Application Roles. + AppRole []AppRoleObservation `json:"appRole,omitempty" tf:"app_role,omitempty"` + + // A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. + // Mapping of app role names to UUIDs + // +mapType=granular + AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` + + // The Application ID (also called Client ID) + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + + // The Client ID for the application. + // The Client ID (also called Application ID) + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + // A description of the application, as shown to end users. + // Description of the application as shown to end users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Specifies whether this application supports device authentication without a user. Defaults to false. + // Specifies whether this application supports device authentication without a user. + DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"` + + // Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement + // Whether Microsoft has disabled the registered application + DisabledByMicrosoft *string `json:"disabledByMicrosoft,omitempty" tf:"disabled_by_microsoft,omitempty"` + + // The display name for the application. + // The display name for the application + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this application using tags + FeatureTags []FeatureTagsObservation `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + // +listType=set + GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + // +listType=set + IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` + + // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + // Base64 encoded logo image in gif, png or jpeg format + LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"` + + // CDN URL to the application's logo, as uploaded with the logo_image property. + // CDN URL to the application's logo + LogoURL *string `json:"logoUrl,omitempty" tf:"logo_url,omitempty"` + + // URL of the application's marketing page. + // URL of the application's marketing page + MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"` + + // User-specified notes relevant for the management of the application. + // User-specified notes relevant for the management of the application + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration. + // Mapping of OAuth2.0 permission scope names to UUIDs + // +mapType=granular + Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` + + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"` + + // The application's object ID. + // The application's object ID + ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + + // An optional_claims block as documented below. + OptionalClaims *OptionalClaimsObservation `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the application + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing application is found with the same name. Defaults to false. + // If `true`, will return an error if an existing application is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // URL of the application's privacy statement. + // URL of the application's privacy statement + PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"` + + // A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. + PublicClient *PublicClientObservation `json:"publicClient,omitempty" tf:"public_client,omitempty"` + + // The verified publisher domain for the application. + // The verified publisher domain for the application + PublisherDomain *string `json:"publisherDomain,omitempty" tf:"publisher_domain,omitempty"` + + // A collection of required_resource_access blocks as documented below. + RequiredResourceAccess []RequiredResourceAccessObservation `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + + // References application context information from a Service or Asset Management database. + // References application or service contact information from a Service or Asset Management database + ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"` + + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + // The Microsoft account types that are supported for the current application + SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + + // A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application. + SinglePageApplication *SinglePageApplicationObservation `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"` + + // URL of the application's support page. + // URL of the application's support page + SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"` + + // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the application + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + // Unique ID of the application template from which this application is created + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` + + // URL of the application's terms of service statement. + // URL of the application's terms of service statement + TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"` + + // A web block as documented below, which configures web related settings for this application. + Web *WebObservation `json:"web,omitempty" tf:"web,omitempty"` +} + +type ApplicationParameters struct { + + // An api block as documented below, which configures API related settings for this application. + // +kubebuilder:validation:Optional + API *APIParameters `json:"api,omitempty" tf:"api,omitempty"` + + // A collection of app_role blocks as documented below. For more information see official documentation on Application Roles. + // +kubebuilder:validation:Optional + AppRole []AppRoleParameters `json:"appRole,omitempty" tf:"app_role,omitempty"` + + // A description of the application, as shown to end users. + // Description of the application as shown to end users + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Specifies whether this application supports device authentication without a user. Defaults to false. + // Specifies whether this application supports device authentication without a user. + // +kubebuilder:validation:Optional + DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"` + + // The display name for the application. + // The display name for the application + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + // +kubebuilder:validation:Optional + FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this application using tags + // +kubebuilder:validation:Optional + FeatureTags []FeatureTagsParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + // +kubebuilder:validation:Optional + // +listType=set + GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` + + // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + // +kubebuilder:validation:Optional + // +listType=set + IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` + + // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + // Base64 encoded logo image in gif, png or jpeg format + // +kubebuilder:validation:Optional + LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"` + + // URL of the application's marketing page. + // URL of the application's marketing page + // +kubebuilder:validation:Optional + MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"` + + // User-specified notes relevant for the management of the application. + // User-specified notes relevant for the management of the application + // +kubebuilder:validation:Optional + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + // +kubebuilder:validation:Optional + Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"` + + // An optional_claims block as documented below. + // +kubebuilder:validation:Optional + OptionalClaims *OptionalClaimsParameters `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the application + // +kubebuilder:validation:Optional + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing application is found with the same name. Defaults to false. + // If `true`, will return an error if an existing application is found with the same name + // +kubebuilder:validation:Optional + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // URL of the application's privacy statement. + // URL of the application's privacy statement + // +kubebuilder:validation:Optional + PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"` + + // A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. + // +kubebuilder:validation:Optional + PublicClient *PublicClientParameters `json:"publicClient,omitempty" tf:"public_client,omitempty"` + + // A collection of required_resource_access blocks as documented below. + // +kubebuilder:validation:Optional + RequiredResourceAccess []RequiredResourceAccessParameters `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + + // References application context information from a Service or Asset Management database. + // References application or service contact information from a Service or Asset Management database + // +kubebuilder:validation:Optional + ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"` + + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + // The Microsoft account types that are supported for the current application + // +kubebuilder:validation:Optional + SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + + // A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application. + // +kubebuilder:validation:Optional + SinglePageApplication *SinglePageApplicationParameters `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"` + + // URL of the application's support page. + // URL of the application's support page + // +kubebuilder:validation:Optional + SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"` + + // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the application + // +kubebuilder:validation:Optional + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + // Unique ID of the application template from which this application is created + // +kubebuilder:validation:Optional + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` + + // URL of the application's terms of service statement. + // URL of the application's terms of service statement + // +kubebuilder:validation:Optional + TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"` + + // A web block as documented below, which configures web related settings for this application. + // +kubebuilder:validation:Optional + Web *WebParameters `json:"web,omitempty" tf:"web,omitempty"` +} + +type FeatureTagsInitParameters struct { + + // Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this application represents a custom SAML application for linked service principals + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this application represents an Enterprise Application for linked service principals + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this application represents a gallery application for linked service principals + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this application is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type FeatureTagsObservation struct { + + // Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this application represents a custom SAML application for linked service principals + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this application represents an Enterprise Application for linked service principals + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this application represents a gallery application for linked service principals + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this application is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type FeatureTagsParameters struct { + + // Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this application represents a custom SAML application for linked service principals + // +kubebuilder:validation:Optional + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this application represents an Enterprise Application for linked service principals + // +kubebuilder:validation:Optional + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this application represents a gallery application for linked service principals + // +kubebuilder:validation:Optional + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this application is invisible to users in My Apps and Office 365 Launcher + // +kubebuilder:validation:Optional + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type IDTokenInitParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type IDTokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type IDTokenParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + // +kubebuilder:validation:Optional + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + // +kubebuilder:validation:Optional + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + // +kubebuilder:validation:Optional + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type ImplicitGrantInitParameters struct { + + // Whether this web application can request an access token using OAuth 2.0 implicit flow. + // Whether this web application can request an access token using OAuth 2.0 implicit flow + AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"` + + // Whether this web application can request an ID token using OAuth 2.0 implicit flow. + // Whether this web application can request an ID token using OAuth 2.0 implicit flow + IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"` +} + +type ImplicitGrantObservation struct { + + // Whether this web application can request an access token using OAuth 2.0 implicit flow. + // Whether this web application can request an access token using OAuth 2.0 implicit flow + AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"` + + // Whether this web application can request an ID token using OAuth 2.0 implicit flow. + // Whether this web application can request an ID token using OAuth 2.0 implicit flow + IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"` +} + +type ImplicitGrantParameters struct { + + // Whether this web application can request an access token using OAuth 2.0 implicit flow. + // Whether this web application can request an access token using OAuth 2.0 implicit flow + // +kubebuilder:validation:Optional + AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"` + + // Whether this web application can request an ID token using OAuth 2.0 implicit flow. + // Whether this web application can request an ID token using OAuth 2.0 implicit flow + // +kubebuilder:validation:Optional + IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"` +} + +type Oauth2PermissionScopeInitParameters struct { + + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"` + + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"` + + // Determines if the permission scope is enabled. Defaults to true. + // Determines if the permission scope is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the delegated permission. Must be a valid UUID. + // The unique identifier of the delegated permission + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"` + + // Display name for the delegated permission that appears in the end user consent experience. + // Display name for the delegated permission that appears in the end user consent experience + UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"` + + // The value that is used for the scp claim in OAuth 2.0 access tokens. + // The value that is used for the `scp` claim in OAuth 2.0 access tokens + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type Oauth2PermissionScopeObservation struct { + + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"` + + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"` + + // Determines if the permission scope is enabled. Defaults to true. + // Determines if the permission scope is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the delegated permission. Must be a valid UUID. + // The unique identifier of the delegated permission + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"` + + // Display name for the delegated permission that appears in the end user consent experience. + // Display name for the delegated permission that appears in the end user consent experience + UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"` + + // The value that is used for the scp claim in OAuth 2.0 access tokens. + // The value that is used for the `scp` claim in OAuth 2.0 access tokens + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type Oauth2PermissionScopeParameters struct { + + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + // +kubebuilder:validation:Optional + AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"` + + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + // +kubebuilder:validation:Optional + AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"` + + // Determines if the permission scope is enabled. Defaults to true. + // Determines if the permission scope is enabled + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the delegated permission. Must be a valid UUID. + // The unique identifier of the delegated permission + // +kubebuilder:validation:Optional + ID *string `json:"id" tf:"id,omitempty"` + + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + // +kubebuilder:validation:Optional + UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"` + + // Display name for the delegated permission that appears in the end user consent experience. + // Display name for the delegated permission that appears in the end user consent experience + // +kubebuilder:validation:Optional + UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"` + + // The value that is used for the scp claim in OAuth 2.0 access tokens. + // The value that is used for the `scp` claim in OAuth 2.0 access tokens + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type OptionalClaimsInitParameters struct { + + // One or more access_token blocks as documented below. + AccessToken []AccessTokenInitParameters `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // One or more id_token blocks as documented below. + IDToken []IDTokenInitParameters `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // One or more saml2_token blocks as documented below. + Saml2Token []Saml2TokenInitParameters `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"` +} + +type OptionalClaimsObservation struct { + + // One or more access_token blocks as documented below. + AccessToken []AccessTokenObservation `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // One or more id_token blocks as documented below. + IDToken []IDTokenObservation `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // One or more saml2_token blocks as documented below. + Saml2Token []Saml2TokenObservation `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"` +} + +type OptionalClaimsParameters struct { + + // One or more access_token blocks as documented below. + // +kubebuilder:validation:Optional + AccessToken []AccessTokenParameters `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // One or more id_token blocks as documented below. + // +kubebuilder:validation:Optional + IDToken []IDTokenParameters `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // One or more saml2_token blocks as documented below. + // +kubebuilder:validation:Optional + Saml2Token []Saml2TokenParameters `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"` +} + +type PublicClientInitParameters struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type PublicClientObservation struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type PublicClientParameters struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +kubebuilder:validation:Optional + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type RequiredResourceAccessInitParameters struct { + + // A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. + ResourceAccess []ResourceAccessInitParameters `json:"resourceAccess,omitempty" tf:"resource_access,omitempty"` + + // The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application. + ResourceAppID *string `json:"resourceAppId,omitempty" tf:"resource_app_id,omitempty"` +} + +type RequiredResourceAccessObservation struct { + + // A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. + ResourceAccess []ResourceAccessObservation `json:"resourceAccess,omitempty" tf:"resource_access,omitempty"` + + // The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application. + ResourceAppID *string `json:"resourceAppId,omitempty" tf:"resource_app_id,omitempty"` +} + +type RequiredResourceAccessParameters struct { + + // A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. + // +kubebuilder:validation:Optional + ResourceAccess []ResourceAccessParameters `json:"resourceAccess" tf:"resource_access,omitempty"` + + // The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application. + // +kubebuilder:validation:Optional + ResourceAppID *string `json:"resourceAppId" tf:"resource_app_id,omitempty"` +} + +type ResourceAccessInitParameters struct { + + // The unique identifier for an app role or OAuth2 permission scope published by the resource application. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ResourceAccessObservation struct { + + // The unique identifier for an app role or OAuth2 permission scope published by the resource application. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ResourceAccessParameters struct { + + // The unique identifier for an app role or OAuth2 permission scope published by the resource application. + // +kubebuilder:validation:Optional + ID *string `json:"id" tf:"id,omitempty"` + + // Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope. + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` +} + +type Saml2TokenInitParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type Saml2TokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type Saml2TokenParameters struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + // +kubebuilder:validation:Optional + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + // +kubebuilder:validation:Optional + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + // +kubebuilder:validation:Optional + Source *string `json:"source,omitempty" tf:"source,omitempty"` +} + +type SinglePageApplicationInitParameters struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type SinglePageApplicationObservation struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type SinglePageApplicationParameters struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +kubebuilder:validation:Optional + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type WebInitParameters struct { + + // Home page or landing page of the application. + // Home page or landing page of the application + HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` + + // An implicit_grant block as documented above. + ImplicitGrant *ImplicitGrantInitParameters `json:"implicitGrant,omitempty" tf:"implicit_grant,omitempty"` + + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type WebObservation struct { + + // Home page or landing page of the application. + // Home page or landing page of the application + HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` + + // An implicit_grant block as documented above. + ImplicitGrant *ImplicitGrantObservation `json:"implicitGrant,omitempty" tf:"implicit_grant,omitempty"` + + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +type WebParameters struct { + + // Home page or landing page of the application. + // Home page or landing page of the application + // +kubebuilder:validation:Optional + HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` + + // An implicit_grant block as documented above. + // +kubebuilder:validation:Optional + ImplicitGrant *ImplicitGrantParameters `json:"implicitGrant,omitempty" tf:"implicit_grant,omitempty"` + + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + // +kubebuilder:validation:Optional + LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +kubebuilder:validation:Optional + // +listType=set + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` +} + +// ApplicationSpec defines the desired state of Application +type ApplicationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ApplicationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider ApplicationInitParameters `json:"initProvider,omitempty"` +} + +// ApplicationStatus defines the observed state of Application. +type ApplicationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ApplicationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Application is the Schema for the Applications API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type Application struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + Spec ApplicationSpec `json:"spec"` + Status ApplicationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ApplicationList contains a list of Applications +type ApplicationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Application `json:"items"` +} + +// Repository type metadata. +var ( + Application_Kind = "Application" + Application_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Application_Kind}.String() + Application_KindAPIVersion = Application_Kind + "." + CRDGroupVersion.String() + Application_GroupVersionKind = CRDGroupVersion.WithKind(Application_Kind) +) + +func init() { + SchemeBuilder.Register(&Application{}, &ApplicationList{}) +} diff --git a/apis/applications/v1beta2/zz_generated.conversion_hubs.go b/apis/applications/v1beta2/zz_generated.conversion_hubs.go new file mode 100755 index 00000000..2d486555 --- /dev/null +++ b/apis/applications/v1beta2/zz_generated.conversion_hubs.go @@ -0,0 +1,10 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +// Hub marks this type as a conversion hub. +func (tr *Application) Hub() {} diff --git a/apis/applications/v1beta2/zz_generated.deepcopy.go b/apis/applications/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 00000000..1a55d4aa --- /dev/null +++ b/apis/applications/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,2253 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIInitParameters) DeepCopyInto(out *APIInitParameters) { + *out = *in + if in.KnownClientApplications != nil { + in, out := &in.KnownClientApplications, &out.KnownClientApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MappedClaimsEnabled != nil { + in, out := &in.MappedClaimsEnabled, &out.MappedClaimsEnabled + *out = new(bool) + **out = **in + } + if in.Oauth2PermissionScope != nil { + in, out := &in.Oauth2PermissionScope, &out.Oauth2PermissionScope + *out = make([]Oauth2PermissionScopeInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestedAccessTokenVersion != nil { + in, out := &in.RequestedAccessTokenVersion, &out.RequestedAccessTokenVersion + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIInitParameters. +func (in *APIInitParameters) DeepCopy() *APIInitParameters { + if in == nil { + return nil + } + out := new(APIInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIObservation) DeepCopyInto(out *APIObservation) { + *out = *in + if in.KnownClientApplications != nil { + in, out := &in.KnownClientApplications, &out.KnownClientApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MappedClaimsEnabled != nil { + in, out := &in.MappedClaimsEnabled, &out.MappedClaimsEnabled + *out = new(bool) + **out = **in + } + if in.Oauth2PermissionScope != nil { + in, out := &in.Oauth2PermissionScope, &out.Oauth2PermissionScope + *out = make([]Oauth2PermissionScopeObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestedAccessTokenVersion != nil { + in, out := &in.RequestedAccessTokenVersion, &out.RequestedAccessTokenVersion + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIObservation. +func (in *APIObservation) DeepCopy() *APIObservation { + if in == nil { + return nil + } + out := new(APIObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIParameters) DeepCopyInto(out *APIParameters) { + *out = *in + if in.KnownClientApplications != nil { + in, out := &in.KnownClientApplications, &out.KnownClientApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MappedClaimsEnabled != nil { + in, out := &in.MappedClaimsEnabled, &out.MappedClaimsEnabled + *out = new(bool) + **out = **in + } + if in.Oauth2PermissionScope != nil { + in, out := &in.Oauth2PermissionScope, &out.Oauth2PermissionScope + *out = make([]Oauth2PermissionScopeParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestedAccessTokenVersion != nil { + in, out := &in.RequestedAccessTokenVersion, &out.RequestedAccessTokenVersion + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIParameters. +func (in *APIParameters) DeepCopy() *APIParameters { + if in == nil { + return nil + } + out := new(APIParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessTokenInitParameters) DeepCopyInto(out *AccessTokenInitParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenInitParameters. +func (in *AccessTokenInitParameters) DeepCopy() *AccessTokenInitParameters { + if in == nil { + return nil + } + out := new(AccessTokenInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessTokenObservation) DeepCopyInto(out *AccessTokenObservation) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenObservation. +func (in *AccessTokenObservation) DeepCopy() *AccessTokenObservation { + if in == nil { + return nil + } + out := new(AccessTokenObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessTokenParameters) DeepCopyInto(out *AccessTokenParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenParameters. +func (in *AccessTokenParameters) DeepCopy() *AccessTokenParameters { + if in == nil { + return nil + } + out := new(AccessTokenParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRoleInitParameters) DeepCopyInto(out *AppRoleInitParameters) { + *out = *in + if in.AllowedMemberTypes != nil { + in, out := &in.AllowedMemberTypes, &out.AllowedMemberTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleInitParameters. +func (in *AppRoleInitParameters) DeepCopy() *AppRoleInitParameters { + if in == nil { + return nil + } + out := new(AppRoleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRoleObservation) DeepCopyInto(out *AppRoleObservation) { + *out = *in + if in.AllowedMemberTypes != nil { + in, out := &in.AllowedMemberTypes, &out.AllowedMemberTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleObservation. +func (in *AppRoleObservation) DeepCopy() *AppRoleObservation { + if in == nil { + return nil + } + out := new(AppRoleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRoleParameters) DeepCopyInto(out *AppRoleParameters) { + *out = *in + if in.AllowedMemberTypes != nil { + in, out := &in.AllowedMemberTypes, &out.AllowedMemberTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleParameters. +func (in *AppRoleParameters) DeepCopy() *AppRoleParameters { + if in == nil { + return nil + } + out := new(AppRoleParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Application) DeepCopyInto(out *Application) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Application. +func (in *Application) DeepCopy() *Application { + if in == nil { + return nil + } + out := new(Application) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Application) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationInitParameters) DeepCopyInto(out *ApplicationInitParameters) { + *out = *in + if in.API != nil { + in, out := &in.API, &out.API + *out = new(APIInitParameters) + (*in).DeepCopyInto(*out) + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = make([]AppRoleInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DeviceOnlyAuthEnabled != nil { + in, out := &in.DeviceOnlyAuthEnabled, &out.DeviceOnlyAuthEnabled + *out = new(bool) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.FallbackPublicClientEnabled != nil { + in, out := &in.FallbackPublicClientEnabled, &out.FallbackPublicClientEnabled + *out = new(bool) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupMembershipClaims != nil { + in, out := &in.GroupMembershipClaims, &out.GroupMembershipClaims + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IdentifierUris != nil { + in, out := &in.IdentifierUris, &out.IdentifierUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.LogoImage != nil { + in, out := &in.LogoImage, &out.LogoImage + *out = new(string) + **out = **in + } + if in.MarketingURL != nil { + in, out := &in.MarketingURL, &out.MarketingURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.Oauth2PostResponseRequired != nil { + in, out := &in.Oauth2PostResponseRequired, &out.Oauth2PostResponseRequired + *out = new(bool) + **out = **in + } + if in.OptionalClaims != nil { + in, out := &in.OptionalClaims, &out.OptionalClaims + *out = new(OptionalClaimsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.PrivacyStatementURL != nil { + in, out := &in.PrivacyStatementURL, &out.PrivacyStatementURL + *out = new(string) + **out = **in + } + if in.PublicClient != nil { + in, out := &in.PublicClient, &out.PublicClient + *out = new(PublicClientInitParameters) + (*in).DeepCopyInto(*out) + } + if in.RequiredResourceAccess != nil { + in, out := &in.RequiredResourceAccess, &out.RequiredResourceAccess + *out = make([]RequiredResourceAccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ServiceManagementReference != nil { + in, out := &in.ServiceManagementReference, &out.ServiceManagementReference + *out = new(string) + **out = **in + } + if in.SignInAudience != nil { + in, out := &in.SignInAudience, &out.SignInAudience + *out = new(string) + **out = **in + } + if in.SinglePageApplication != nil { + in, out := &in.SinglePageApplication, &out.SinglePageApplication + *out = new(SinglePageApplicationInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SupportURL != nil { + in, out := &in.SupportURL, &out.SupportURL + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } + if in.TermsOfServiceURL != nil { + in, out := &in.TermsOfServiceURL, &out.TermsOfServiceURL + *out = new(string) + **out = **in + } + if in.Web != nil { + in, out := &in.Web, &out.Web + *out = new(WebInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationInitParameters. +func (in *ApplicationInitParameters) DeepCopy() *ApplicationInitParameters { + if in == nil { + return nil + } + out := new(ApplicationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationList) DeepCopyInto(out *ApplicationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Application, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationList. +func (in *ApplicationList) DeepCopy() *ApplicationList { + if in == nil { + return nil + } + out := new(ApplicationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ApplicationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationObservation) DeepCopyInto(out *ApplicationObservation) { + *out = *in + if in.API != nil { + in, out := &in.API, &out.API + *out = new(APIObservation) + (*in).DeepCopyInto(*out) + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = make([]AppRoleObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AppRoleIds != nil { + in, out := &in.AppRoleIds, &out.AppRoleIds + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DeviceOnlyAuthEnabled != nil { + in, out := &in.DeviceOnlyAuthEnabled, &out.DeviceOnlyAuthEnabled + *out = new(bool) + **out = **in + } + if in.DisabledByMicrosoft != nil { + in, out := &in.DisabledByMicrosoft, &out.DisabledByMicrosoft + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.FallbackPublicClientEnabled != nil { + in, out := &in.FallbackPublicClientEnabled, &out.FallbackPublicClientEnabled + *out = new(bool) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupMembershipClaims != nil { + in, out := &in.GroupMembershipClaims, &out.GroupMembershipClaims + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentifierUris != nil { + in, out := &in.IdentifierUris, &out.IdentifierUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.LogoImage != nil { + in, out := &in.LogoImage, &out.LogoImage + *out = new(string) + **out = **in + } + if in.LogoURL != nil { + in, out := &in.LogoURL, &out.LogoURL + *out = new(string) + **out = **in + } + if in.MarketingURL != nil { + in, out := &in.MarketingURL, &out.MarketingURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.Oauth2PermissionScopeIds != nil { + in, out := &in.Oauth2PermissionScopeIds, &out.Oauth2PermissionScopeIds + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Oauth2PostResponseRequired != nil { + in, out := &in.Oauth2PostResponseRequired, &out.Oauth2PostResponseRequired + *out = new(bool) + **out = **in + } + if in.ObjectID != nil { + in, out := &in.ObjectID, &out.ObjectID + *out = new(string) + **out = **in + } + if in.OptionalClaims != nil { + in, out := &in.OptionalClaims, &out.OptionalClaims + *out = new(OptionalClaimsObservation) + (*in).DeepCopyInto(*out) + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.PrivacyStatementURL != nil { + in, out := &in.PrivacyStatementURL, &out.PrivacyStatementURL + *out = new(string) + **out = **in + } + if in.PublicClient != nil { + in, out := &in.PublicClient, &out.PublicClient + *out = new(PublicClientObservation) + (*in).DeepCopyInto(*out) + } + if in.PublisherDomain != nil { + in, out := &in.PublisherDomain, &out.PublisherDomain + *out = new(string) + **out = **in + } + if in.RequiredResourceAccess != nil { + in, out := &in.RequiredResourceAccess, &out.RequiredResourceAccess + *out = make([]RequiredResourceAccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ServiceManagementReference != nil { + in, out := &in.ServiceManagementReference, &out.ServiceManagementReference + *out = new(string) + **out = **in + } + if in.SignInAudience != nil { + in, out := &in.SignInAudience, &out.SignInAudience + *out = new(string) + **out = **in + } + if in.SinglePageApplication != nil { + in, out := &in.SinglePageApplication, &out.SinglePageApplication + *out = new(SinglePageApplicationObservation) + (*in).DeepCopyInto(*out) + } + if in.SupportURL != nil { + in, out := &in.SupportURL, &out.SupportURL + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } + if in.TermsOfServiceURL != nil { + in, out := &in.TermsOfServiceURL, &out.TermsOfServiceURL + *out = new(string) + **out = **in + } + if in.Web != nil { + in, out := &in.Web, &out.Web + *out = new(WebObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationObservation. +func (in *ApplicationObservation) DeepCopy() *ApplicationObservation { + if in == nil { + return nil + } + out := new(ApplicationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationParameters) DeepCopyInto(out *ApplicationParameters) { + *out = *in + if in.API != nil { + in, out := &in.API, &out.API + *out = new(APIParameters) + (*in).DeepCopyInto(*out) + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = make([]AppRoleParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DeviceOnlyAuthEnabled != nil { + in, out := &in.DeviceOnlyAuthEnabled, &out.DeviceOnlyAuthEnabled + *out = new(bool) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.FallbackPublicClientEnabled != nil { + in, out := &in.FallbackPublicClientEnabled, &out.FallbackPublicClientEnabled + *out = new(bool) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupMembershipClaims != nil { + in, out := &in.GroupMembershipClaims, &out.GroupMembershipClaims + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IdentifierUris != nil { + in, out := &in.IdentifierUris, &out.IdentifierUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.LogoImage != nil { + in, out := &in.LogoImage, &out.LogoImage + *out = new(string) + **out = **in + } + if in.MarketingURL != nil { + in, out := &in.MarketingURL, &out.MarketingURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.Oauth2PostResponseRequired != nil { + in, out := &in.Oauth2PostResponseRequired, &out.Oauth2PostResponseRequired + *out = new(bool) + **out = **in + } + if in.OptionalClaims != nil { + in, out := &in.OptionalClaims, &out.OptionalClaims + *out = new(OptionalClaimsParameters) + (*in).DeepCopyInto(*out) + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.PrivacyStatementURL != nil { + in, out := &in.PrivacyStatementURL, &out.PrivacyStatementURL + *out = new(string) + **out = **in + } + if in.PublicClient != nil { + in, out := &in.PublicClient, &out.PublicClient + *out = new(PublicClientParameters) + (*in).DeepCopyInto(*out) + } + if in.RequiredResourceAccess != nil { + in, out := &in.RequiredResourceAccess, &out.RequiredResourceAccess + *out = make([]RequiredResourceAccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ServiceManagementReference != nil { + in, out := &in.ServiceManagementReference, &out.ServiceManagementReference + *out = new(string) + **out = **in + } + if in.SignInAudience != nil { + in, out := &in.SignInAudience, &out.SignInAudience + *out = new(string) + **out = **in + } + if in.SinglePageApplication != nil { + in, out := &in.SinglePageApplication, &out.SinglePageApplication + *out = new(SinglePageApplicationParameters) + (*in).DeepCopyInto(*out) + } + if in.SupportURL != nil { + in, out := &in.SupportURL, &out.SupportURL + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } + if in.TermsOfServiceURL != nil { + in, out := &in.TermsOfServiceURL, &out.TermsOfServiceURL + *out = new(string) + **out = **in + } + if in.Web != nil { + in, out := &in.Web, &out.Web + *out = new(WebParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationParameters. +func (in *ApplicationParameters) DeepCopy() *ApplicationParameters { + if in == nil { + return nil + } + out := new(ApplicationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationSpec) DeepCopyInto(out *ApplicationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSpec. +func (in *ApplicationSpec) DeepCopy() *ApplicationSpec { + if in == nil { + return nil + } + out := new(ApplicationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationStatus) DeepCopyInto(out *ApplicationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationStatus. +func (in *ApplicationStatus) DeepCopy() *ApplicationStatus { + if in == nil { + return nil + } + out := new(ApplicationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsInitParameters) DeepCopyInto(out *FeatureTagsInitParameters) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsInitParameters. +func (in *FeatureTagsInitParameters) DeepCopy() *FeatureTagsInitParameters { + if in == nil { + return nil + } + out := new(FeatureTagsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsObservation) DeepCopyInto(out *FeatureTagsObservation) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsObservation. +func (in *FeatureTagsObservation) DeepCopy() *FeatureTagsObservation { + if in == nil { + return nil + } + out := new(FeatureTagsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsParameters) DeepCopyInto(out *FeatureTagsParameters) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsParameters. +func (in *FeatureTagsParameters) DeepCopy() *FeatureTagsParameters { + if in == nil { + return nil + } + out := new(FeatureTagsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IDTokenInitParameters) DeepCopyInto(out *IDTokenInitParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDTokenInitParameters. +func (in *IDTokenInitParameters) DeepCopy() *IDTokenInitParameters { + if in == nil { + return nil + } + out := new(IDTokenInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IDTokenObservation) DeepCopyInto(out *IDTokenObservation) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDTokenObservation. +func (in *IDTokenObservation) DeepCopy() *IDTokenObservation { + if in == nil { + return nil + } + out := new(IDTokenObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IDTokenParameters) DeepCopyInto(out *IDTokenParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDTokenParameters. +func (in *IDTokenParameters) DeepCopy() *IDTokenParameters { + if in == nil { + return nil + } + out := new(IDTokenParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImplicitGrantInitParameters) DeepCopyInto(out *ImplicitGrantInitParameters) { + *out = *in + if in.AccessTokenIssuanceEnabled != nil { + in, out := &in.AccessTokenIssuanceEnabled, &out.AccessTokenIssuanceEnabled + *out = new(bool) + **out = **in + } + if in.IDTokenIssuanceEnabled != nil { + in, out := &in.IDTokenIssuanceEnabled, &out.IDTokenIssuanceEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImplicitGrantInitParameters. +func (in *ImplicitGrantInitParameters) DeepCopy() *ImplicitGrantInitParameters { + if in == nil { + return nil + } + out := new(ImplicitGrantInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImplicitGrantObservation) DeepCopyInto(out *ImplicitGrantObservation) { + *out = *in + if in.AccessTokenIssuanceEnabled != nil { + in, out := &in.AccessTokenIssuanceEnabled, &out.AccessTokenIssuanceEnabled + *out = new(bool) + **out = **in + } + if in.IDTokenIssuanceEnabled != nil { + in, out := &in.IDTokenIssuanceEnabled, &out.IDTokenIssuanceEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImplicitGrantObservation. +func (in *ImplicitGrantObservation) DeepCopy() *ImplicitGrantObservation { + if in == nil { + return nil + } + out := new(ImplicitGrantObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImplicitGrantParameters) DeepCopyInto(out *ImplicitGrantParameters) { + *out = *in + if in.AccessTokenIssuanceEnabled != nil { + in, out := &in.AccessTokenIssuanceEnabled, &out.AccessTokenIssuanceEnabled + *out = new(bool) + **out = **in + } + if in.IDTokenIssuanceEnabled != nil { + in, out := &in.IDTokenIssuanceEnabled, &out.IDTokenIssuanceEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImplicitGrantParameters. +func (in *ImplicitGrantParameters) DeepCopy() *ImplicitGrantParameters { + if in == nil { + return nil + } + out := new(ImplicitGrantParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopeInitParameters) DeepCopyInto(out *Oauth2PermissionScopeInitParameters) { + *out = *in + if in.AdminConsentDescription != nil { + in, out := &in.AdminConsentDescription, &out.AdminConsentDescription + *out = new(string) + **out = **in + } + if in.AdminConsentDisplayName != nil { + in, out := &in.AdminConsentDisplayName, &out.AdminConsentDisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserConsentDescription != nil { + in, out := &in.UserConsentDescription, &out.UserConsentDescription + *out = new(string) + **out = **in + } + if in.UserConsentDisplayName != nil { + in, out := &in.UserConsentDisplayName, &out.UserConsentDisplayName + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopeInitParameters. +func (in *Oauth2PermissionScopeInitParameters) DeepCopy() *Oauth2PermissionScopeInitParameters { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopeObservation) DeepCopyInto(out *Oauth2PermissionScopeObservation) { + *out = *in + if in.AdminConsentDescription != nil { + in, out := &in.AdminConsentDescription, &out.AdminConsentDescription + *out = new(string) + **out = **in + } + if in.AdminConsentDisplayName != nil { + in, out := &in.AdminConsentDisplayName, &out.AdminConsentDisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserConsentDescription != nil { + in, out := &in.UserConsentDescription, &out.UserConsentDescription + *out = new(string) + **out = **in + } + if in.UserConsentDisplayName != nil { + in, out := &in.UserConsentDisplayName, &out.UserConsentDisplayName + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopeObservation. +func (in *Oauth2PermissionScopeObservation) DeepCopy() *Oauth2PermissionScopeObservation { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopeParameters) DeepCopyInto(out *Oauth2PermissionScopeParameters) { + *out = *in + if in.AdminConsentDescription != nil { + in, out := &in.AdminConsentDescription, &out.AdminConsentDescription + *out = new(string) + **out = **in + } + if in.AdminConsentDisplayName != nil { + in, out := &in.AdminConsentDisplayName, &out.AdminConsentDisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserConsentDescription != nil { + in, out := &in.UserConsentDescription, &out.UserConsentDescription + *out = new(string) + **out = **in + } + if in.UserConsentDisplayName != nil { + in, out := &in.UserConsentDisplayName, &out.UserConsentDisplayName + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopeParameters. +func (in *Oauth2PermissionScopeParameters) DeepCopy() *Oauth2PermissionScopeParameters { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopeParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OptionalClaimsInitParameters) DeepCopyInto(out *OptionalClaimsInitParameters) { + *out = *in + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken + *out = make([]AccessTokenInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = make([]IDTokenInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Saml2Token != nil { + in, out := &in.Saml2Token, &out.Saml2Token + *out = make([]Saml2TokenInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OptionalClaimsInitParameters. +func (in *OptionalClaimsInitParameters) DeepCopy() *OptionalClaimsInitParameters { + if in == nil { + return nil + } + out := new(OptionalClaimsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OptionalClaimsObservation) DeepCopyInto(out *OptionalClaimsObservation) { + *out = *in + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken + *out = make([]AccessTokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = make([]IDTokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Saml2Token != nil { + in, out := &in.Saml2Token, &out.Saml2Token + *out = make([]Saml2TokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OptionalClaimsObservation. +func (in *OptionalClaimsObservation) DeepCopy() *OptionalClaimsObservation { + if in == nil { + return nil + } + out := new(OptionalClaimsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OptionalClaimsParameters) DeepCopyInto(out *OptionalClaimsParameters) { + *out = *in + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken + *out = make([]AccessTokenParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = make([]IDTokenParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Saml2Token != nil { + in, out := &in.Saml2Token, &out.Saml2Token + *out = make([]Saml2TokenParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OptionalClaimsParameters. +func (in *OptionalClaimsParameters) DeepCopy() *OptionalClaimsParameters { + if in == nil { + return nil + } + out := new(OptionalClaimsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicClientInitParameters) DeepCopyInto(out *PublicClientInitParameters) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicClientInitParameters. +func (in *PublicClientInitParameters) DeepCopy() *PublicClientInitParameters { + if in == nil { + return nil + } + out := new(PublicClientInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicClientObservation) DeepCopyInto(out *PublicClientObservation) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicClientObservation. +func (in *PublicClientObservation) DeepCopy() *PublicClientObservation { + if in == nil { + return nil + } + out := new(PublicClientObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PublicClientParameters) DeepCopyInto(out *PublicClientParameters) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicClientParameters. +func (in *PublicClientParameters) DeepCopy() *PublicClientParameters { + if in == nil { + return nil + } + out := new(PublicClientParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredResourceAccessInitParameters) DeepCopyInto(out *RequiredResourceAccessInitParameters) { + *out = *in + if in.ResourceAccess != nil { + in, out := &in.ResourceAccess, &out.ResourceAccess + *out = make([]ResourceAccessInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ResourceAppID != nil { + in, out := &in.ResourceAppID, &out.ResourceAppID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredResourceAccessInitParameters. +func (in *RequiredResourceAccessInitParameters) DeepCopy() *RequiredResourceAccessInitParameters { + if in == nil { + return nil + } + out := new(RequiredResourceAccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredResourceAccessObservation) DeepCopyInto(out *RequiredResourceAccessObservation) { + *out = *in + if in.ResourceAccess != nil { + in, out := &in.ResourceAccess, &out.ResourceAccess + *out = make([]ResourceAccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ResourceAppID != nil { + in, out := &in.ResourceAppID, &out.ResourceAppID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredResourceAccessObservation. +func (in *RequiredResourceAccessObservation) DeepCopy() *RequiredResourceAccessObservation { + if in == nil { + return nil + } + out := new(RequiredResourceAccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredResourceAccessParameters) DeepCopyInto(out *RequiredResourceAccessParameters) { + *out = *in + if in.ResourceAccess != nil { + in, out := &in.ResourceAccess, &out.ResourceAccess + *out = make([]ResourceAccessParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ResourceAppID != nil { + in, out := &in.ResourceAppID, &out.ResourceAppID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredResourceAccessParameters. +func (in *RequiredResourceAccessParameters) DeepCopy() *RequiredResourceAccessParameters { + if in == nil { + return nil + } + out := new(RequiredResourceAccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ResourceAccessInitParameters) DeepCopyInto(out *ResourceAccessInitParameters) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAccessInitParameters. +func (in *ResourceAccessInitParameters) DeepCopy() *ResourceAccessInitParameters { + if in == nil { + return nil + } + out := new(ResourceAccessInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ResourceAccessObservation) DeepCopyInto(out *ResourceAccessObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAccessObservation. +func (in *ResourceAccessObservation) DeepCopy() *ResourceAccessObservation { + if in == nil { + return nil + } + out := new(ResourceAccessObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ResourceAccessParameters) DeepCopyInto(out *ResourceAccessParameters) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAccessParameters. +func (in *ResourceAccessParameters) DeepCopy() *ResourceAccessParameters { + if in == nil { + return nil + } + out := new(ResourceAccessParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Saml2TokenInitParameters) DeepCopyInto(out *Saml2TokenInitParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Saml2TokenInitParameters. +func (in *Saml2TokenInitParameters) DeepCopy() *Saml2TokenInitParameters { + if in == nil { + return nil + } + out := new(Saml2TokenInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Saml2TokenObservation) DeepCopyInto(out *Saml2TokenObservation) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Saml2TokenObservation. +func (in *Saml2TokenObservation) DeepCopy() *Saml2TokenObservation { + if in == nil { + return nil + } + out := new(Saml2TokenObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Saml2TokenParameters) DeepCopyInto(out *Saml2TokenParameters) { + *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Saml2TokenParameters. +func (in *Saml2TokenParameters) DeepCopy() *Saml2TokenParameters { + if in == nil { + return nil + } + out := new(Saml2TokenParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SinglePageApplicationInitParameters) DeepCopyInto(out *SinglePageApplicationInitParameters) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SinglePageApplicationInitParameters. +func (in *SinglePageApplicationInitParameters) DeepCopy() *SinglePageApplicationInitParameters { + if in == nil { + return nil + } + out := new(SinglePageApplicationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SinglePageApplicationObservation) DeepCopyInto(out *SinglePageApplicationObservation) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SinglePageApplicationObservation. +func (in *SinglePageApplicationObservation) DeepCopy() *SinglePageApplicationObservation { + if in == nil { + return nil + } + out := new(SinglePageApplicationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SinglePageApplicationParameters) DeepCopyInto(out *SinglePageApplicationParameters) { + *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SinglePageApplicationParameters. +func (in *SinglePageApplicationParameters) DeepCopy() *SinglePageApplicationParameters { + if in == nil { + return nil + } + out := new(SinglePageApplicationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebInitParameters) DeepCopyInto(out *WebInitParameters) { + *out = *in + if in.HomepageURL != nil { + in, out := &in.HomepageURL, &out.HomepageURL + *out = new(string) + **out = **in + } + if in.ImplicitGrant != nil { + in, out := &in.ImplicitGrant, &out.ImplicitGrant + *out = new(ImplicitGrantInitParameters) + (*in).DeepCopyInto(*out) + } + if in.LogoutURL != nil { + in, out := &in.LogoutURL, &out.LogoutURL + *out = new(string) + **out = **in + } + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebInitParameters. +func (in *WebInitParameters) DeepCopy() *WebInitParameters { + if in == nil { + return nil + } + out := new(WebInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebObservation) DeepCopyInto(out *WebObservation) { + *out = *in + if in.HomepageURL != nil { + in, out := &in.HomepageURL, &out.HomepageURL + *out = new(string) + **out = **in + } + if in.ImplicitGrant != nil { + in, out := &in.ImplicitGrant, &out.ImplicitGrant + *out = new(ImplicitGrantObservation) + (*in).DeepCopyInto(*out) + } + if in.LogoutURL != nil { + in, out := &in.LogoutURL, &out.LogoutURL + *out = new(string) + **out = **in + } + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebObservation. +func (in *WebObservation) DeepCopy() *WebObservation { + if in == nil { + return nil + } + out := new(WebObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebParameters) DeepCopyInto(out *WebParameters) { + *out = *in + if in.HomepageURL != nil { + in, out := &in.HomepageURL, &out.HomepageURL + *out = new(string) + **out = **in + } + if in.ImplicitGrant != nil { + in, out := &in.ImplicitGrant, &out.ImplicitGrant + *out = new(ImplicitGrantParameters) + (*in).DeepCopyInto(*out) + } + if in.LogoutURL != nil { + in, out := &in.LogoutURL, &out.LogoutURL + *out = new(string) + **out = **in + } + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebParameters. +func (in *WebParameters) DeepCopy() *WebParameters { + if in == nil { + return nil + } + out := new(WebParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/applications/v1beta2/zz_generated.managed.go b/apis/applications/v1beta2/zz_generated.managed.go new file mode 100644 index 00000000..d1481109 --- /dev/null +++ b/apis/applications/v1beta2/zz_generated.managed.go @@ -0,0 +1,68 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Application. +func (mg *Application) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Application. +func (mg *Application) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Application. +func (mg *Application) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Application. +func (mg *Application) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Application. +func (mg *Application) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Application. +func (mg *Application) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Application. +func (mg *Application) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Application. +func (mg *Application) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Application. +func (mg *Application) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Application. +func (mg *Application) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Application. +func (mg *Application) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Application. +func (mg *Application) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/applications/v1beta2/zz_generated.managedlist.go b/apis/applications/v1beta2/zz_generated.managedlist.go new file mode 100644 index 00000000..9c9817b1 --- /dev/null +++ b/apis/applications/v1beta2/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this ApplicationList. +func (l *ApplicationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/applications/v1beta2/zz_groupversion_info.go b/apis/applications/v1beta2/zz_groupversion_info.go new file mode 100755 index 00000000..b37f0838 --- /dev/null +++ b/apis/applications/v1beta2/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=applications.azuread.upbound.io +// +versionName=v1beta2 +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "applications.azuread.upbound.io" + CRDVersion = "v1beta2" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/conditionalaccess/v1beta1/zz_generated.conversion_spokes.go b/apis/conditionalaccess/v1beta1/zz_generated.conversion_spokes.go new file mode 100755 index 00000000..c1640aeb --- /dev/null +++ b/apis/conditionalaccess/v1beta1/zz_generated.conversion_spokes.go @@ -0,0 +1,54 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + ujconversion "github.com/crossplane/upjet/pkg/controller/conversion" + "github.com/crossplane/upjet/pkg/resource" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/conversion" +) + +// ConvertTo converts this AccessPolicy to the hub type. +func (tr *AccessPolicy) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the AccessPolicy type. +func (tr *AccessPolicy) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} + +// ConvertTo converts this Location to the hub type. +func (tr *Location) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the Location type. +func (tr *Location) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} diff --git a/apis/conditionalaccess/v1beta2/zz_accesspolicy_terraformed.go b/apis/conditionalaccess/v1beta2/zz_accesspolicy_terraformed.go new file mode 100755 index 00000000..41abdef6 --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_accesspolicy_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this AccessPolicy +func (mg *AccessPolicy) GetTerraformResourceType() string { + return "azuread_conditional_access_policy" +} + +// GetConnectionDetailsMapping for this AccessPolicy +func (tr *AccessPolicy) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this AccessPolicy +func (tr *AccessPolicy) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this AccessPolicy +func (tr *AccessPolicy) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this AccessPolicy +func (tr *AccessPolicy) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this AccessPolicy +func (tr *AccessPolicy) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this AccessPolicy +func (tr *AccessPolicy) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this AccessPolicy +func (tr *AccessPolicy) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this AccessPolicy +func (tr *AccessPolicy) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this AccessPolicy using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *AccessPolicy) LateInitialize(attrs []byte) (bool, error) { + params := &AccessPolicyParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *AccessPolicy) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/conditionalaccess/v1beta2/zz_accesspolicy_types.go b/apis/conditionalaccess/v1beta2/zz_accesspolicy_types.go new file mode 100755 index 00000000..38de4f5c --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_accesspolicy_types.go @@ -0,0 +1,775 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AccessPolicyInitParameters struct { + + // A conditions block as documented below, which specifies the rules that must be met for the policy to apply. + Conditions *ConditionsInitParameters `json:"conditions,omitempty" tf:"conditions,omitempty"` + + // The friendly name for this Conditional Access Policy. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy. + GrantControls *GrantControlsInitParameters `json:"grantControls,omitempty" tf:"grant_controls,omitempty"` + + // A session_controls block as documented below, which specifies the session controls that are enforced after sign-in. + SessionControls *SessionControlsInitParameters `json:"sessionControls,omitempty" tf:"session_controls,omitempty"` + + // Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type AccessPolicyObservation struct { + + // A conditions block as documented below, which specifies the rules that must be met for the policy to apply. + Conditions *ConditionsObservation `json:"conditions,omitempty" tf:"conditions,omitempty"` + + // The friendly name for this Conditional Access Policy. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy. + GrantControls *GrantControlsObservation `json:"grantControls,omitempty" tf:"grant_controls,omitempty"` + + // The ID of the Conditional Access Policy. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A session_controls block as documented below, which specifies the session controls that are enforced after sign-in. + SessionControls *SessionControlsObservation `json:"sessionControls,omitempty" tf:"session_controls,omitempty"` + + // Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type AccessPolicyParameters struct { + + // A conditions block as documented below, which specifies the rules that must be met for the policy to apply. + // +kubebuilder:validation:Optional + Conditions *ConditionsParameters `json:"conditions,omitempty" tf:"conditions,omitempty"` + + // The friendly name for this Conditional Access Policy. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy. + // +kubebuilder:validation:Optional + GrantControls *GrantControlsParameters `json:"grantControls,omitempty" tf:"grant_controls,omitempty"` + + // A session_controls block as documented below, which specifies the session controls that are enforced after sign-in. + // +kubebuilder:validation:Optional + SessionControls *SessionControlsParameters `json:"sessionControls,omitempty" tf:"session_controls,omitempty"` + + // Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced + // +kubebuilder:validation:Optional + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type ApplicationsInitParameters struct { + + // A list of application IDs explicitly excluded from the policy. Can also be set to Office365. + ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"` + + // A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified. + IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"` + + // A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified. + IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"` +} + +type ApplicationsObservation struct { + + // A list of application IDs explicitly excluded from the policy. Can also be set to Office365. + ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"` + + // A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified. + IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"` + + // A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified. + IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"` +} + +type ApplicationsParameters struct { + + // A list of application IDs explicitly excluded from the policy. Can also be set to Office365. + // +kubebuilder:validation:Optional + ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"` + + // A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified. + // +kubebuilder:validation:Optional + IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"` + + // A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified. + // +kubebuilder:validation:Optional + IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"` +} + +type ClientApplicationsInitParameters struct { + + // A list of service principal IDs explicitly excluded in the policy. + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + +type ClientApplicationsObservation struct { + + // A list of service principal IDs explicitly excluded in the policy. + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + +type ClientApplicationsParameters struct { + + // A list of service principal IDs explicitly excluded in the policy. + // +kubebuilder:validation:Optional + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + // +kubebuilder:validation:Optional + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + +type ConditionsInitParameters struct { + + // An applications block as documented below, which specifies applications and user actions included in and excluded from the policy. + Applications *ApplicationsInitParameters `json:"applications,omitempty" tf:"applications,omitempty"` + + // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. + ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + ClientApplications *ClientApplicationsInitParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. + Devices *DevicesInitParameters `json:"devices,omitempty" tf:"devices,omitempty"` + + // A locations block as documented below, which specifies locations included in and excluded from the policy. + Locations *LocationsInitParameters `json:"locations,omitempty" tf:"locations,omitempty"` + + // A platforms block as documented below, which specifies platforms included in and excluded from the policy. + Platforms *PlatformsInitParameters `json:"platforms,omitempty" tf:"platforms,omitempty"` + + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` + + // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"` + + // A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy. + Users *UsersInitParameters `json:"users,omitempty" tf:"users,omitempty"` +} + +type ConditionsObservation struct { + + // An applications block as documented below, which specifies applications and user actions included in and excluded from the policy. + Applications *ApplicationsObservation `json:"applications,omitempty" tf:"applications,omitempty"` + + // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. + ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + ClientApplications *ClientApplicationsObservation `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. + Devices *DevicesObservation `json:"devices,omitempty" tf:"devices,omitempty"` + + // A locations block as documented below, which specifies locations included in and excluded from the policy. + Locations *LocationsObservation `json:"locations,omitempty" tf:"locations,omitempty"` + + // A platforms block as documented below, which specifies platforms included in and excluded from the policy. + Platforms *PlatformsObservation `json:"platforms,omitempty" tf:"platforms,omitempty"` + + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` + + // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"` + + // A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy. + Users *UsersObservation `json:"users,omitempty" tf:"users,omitempty"` +} + +type ConditionsParameters struct { + + // An applications block as documented below, which specifies applications and user actions included in and excluded from the policy. + // +kubebuilder:validation:Optional + Applications *ApplicationsParameters `json:"applications" tf:"applications,omitempty"` + + // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. + // +kubebuilder:validation:Optional + ClientAppTypes []*string `json:"clientAppTypes" tf:"client_app_types,omitempty"` + + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + // +kubebuilder:validation:Optional + ClientApplications *ClientApplicationsParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. + // +kubebuilder:validation:Optional + Devices *DevicesParameters `json:"devices,omitempty" tf:"devices,omitempty"` + + // A locations block as documented below, which specifies locations included in and excluded from the policy. + // +kubebuilder:validation:Optional + Locations *LocationsParameters `json:"locations,omitempty" tf:"locations,omitempty"` + + // A platforms block as documented below, which specifies platforms included in and excluded from the policy. + // +kubebuilder:validation:Optional + Platforms *PlatformsParameters `json:"platforms,omitempty" tf:"platforms,omitempty"` + + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + // +kubebuilder:validation:Optional + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + // +kubebuilder:validation:Optional + SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` + + // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + // +kubebuilder:validation:Optional + UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"` + + // A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy. + // +kubebuilder:validation:Optional + Users *UsersParameters `json:"users" tf:"users,omitempty"` +} + +type DevicesInitParameters struct { + + // A filter block as described below. + Filter *FilterInitParameters `json:"filter,omitempty" tf:"filter,omitempty"` +} + +type DevicesObservation struct { + + // A filter block as described below. + Filter *FilterObservation `json:"filter,omitempty" tf:"filter,omitempty"` +} + +type DevicesParameters struct { + + // A filter block as described below. + // +kubebuilder:validation:Optional + Filter *FilterParameters `json:"filter,omitempty" tf:"filter,omitempty"` +} + +type ExcludedGuestsOrExternalUsersInitParameters struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + ExternalTenants []ExternalTenantsInitParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"` +} + +type ExcludedGuestsOrExternalUsersObservation struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + ExternalTenants []ExternalTenantsObservation `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"` +} + +type ExcludedGuestsOrExternalUsersParameters struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + // +kubebuilder:validation:Optional + ExternalTenants []ExternalTenantsParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + // +kubebuilder:validation:Optional + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes" tf:"guest_or_external_user_types,omitempty"` +} + +type ExternalTenantsInitParameters struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"` +} + +type ExternalTenantsObservation struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"` +} + +type ExternalTenantsParameters struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + // +kubebuilder:validation:Optional + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + // +kubebuilder:validation:Optional + MembershipKind *string `json:"membershipKind" tf:"membership_kind,omitempty"` +} + +type FilterInitParameters struct { + + // Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // Condition filter to match devices. For more information, see official documentation. + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` +} + +type FilterObservation struct { + + // Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // Condition filter to match devices. For more information, see official documentation. + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` +} + +type FilterParameters struct { + + // Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude. + // +kubebuilder:validation:Optional + Mode *string `json:"mode" tf:"mode,omitempty"` + + // Condition filter to match devices. For more information, see official documentation. + // +kubebuilder:validation:Optional + Rule *string `json:"rule" tf:"rule,omitempty"` +} + +type GrantControlsInitParameters struct { + + // ID of an Authentication Strength Policy to use in this policy. + AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"` + + // List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue. + BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"` + + // List of custom controls IDs required by the policy. + CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"` + + // Defines the relationship of the grant controls. Possible values are: AND, OR. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // List of terms of use IDs required by the policy. + TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"` +} + +type GrantControlsObservation struct { + + // ID of an Authentication Strength Policy to use in this policy. + AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"` + + // List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue. + BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"` + + // List of custom controls IDs required by the policy. + CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"` + + // Defines the relationship of the grant controls. Possible values are: AND, OR. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // List of terms of use IDs required by the policy. + TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"` +} + +type GrantControlsParameters struct { + + // ID of an Authentication Strength Policy to use in this policy. + // +kubebuilder:validation:Optional + AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"` + + // List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue. + // +kubebuilder:validation:Optional + BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"` + + // List of custom controls IDs required by the policy. + // +kubebuilder:validation:Optional + CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"` + + // Defines the relationship of the grant controls. Possible values are: AND, OR. + // +kubebuilder:validation:Optional + Operator *string `json:"operator" tf:"operator,omitempty"` + + // List of terms of use IDs required by the policy. + // +kubebuilder:validation:Optional + TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"` +} + +type IncludedGuestsOrExternalUsersExternalTenantsInitParameters struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"` +} + +type IncludedGuestsOrExternalUsersExternalTenantsObservation struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"` +} + +type IncludedGuestsOrExternalUsersExternalTenantsParameters struct { + + // A list tenant IDs. Can only be specified if membership_kind is enumerated. + // +kubebuilder:validation:Optional + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue. + // +kubebuilder:validation:Optional + MembershipKind *string `json:"membershipKind" tf:"membership_kind,omitempty"` +} + +type IncludedGuestsOrExternalUsersInitParameters struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsInitParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"` +} + +type IncludedGuestsOrExternalUsersObservation struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsObservation `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"` +} + +type IncludedGuestsOrExternalUsersParameters struct { + + // An external_tenants block as documented below, which specifies external tenants in a policy scope. + // +kubebuilder:validation:Optional + ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"` + + // A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue. + // +kubebuilder:validation:Optional + GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes" tf:"guest_or_external_user_types,omitempty"` +} + +type LocationsInitParameters struct { + + // A list of location IDs excluded from scope of policy. Can also be set to AllTrusted. + ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"` + + // A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted. + IncludedLocations []*string `json:"includedLocations,omitempty" tf:"included_locations,omitempty"` +} + +type LocationsObservation struct { + + // A list of location IDs excluded from scope of policy. Can also be set to AllTrusted. + ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"` + + // A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted. + IncludedLocations []*string `json:"includedLocations,omitempty" tf:"included_locations,omitempty"` +} + +type LocationsParameters struct { + + // A list of location IDs excluded from scope of policy. Can also be set to AllTrusted. + // +kubebuilder:validation:Optional + ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"` + + // A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted. + // +kubebuilder:validation:Optional + IncludedLocations []*string `json:"includedLocations" tf:"included_locations,omitempty"` +} + +type PlatformsInitParameters struct { + + // A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"` + + // A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + IncludedPlatforms []*string `json:"includedPlatforms,omitempty" tf:"included_platforms,omitempty"` +} + +type PlatformsObservation struct { + + // A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"` + + // A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + IncludedPlatforms []*string `json:"includedPlatforms,omitempty" tf:"included_platforms,omitempty"` +} + +type PlatformsParameters struct { + + // A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + // +kubebuilder:validation:Optional + ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"` + + // A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + // +kubebuilder:validation:Optional + IncludedPlatforms []*string `json:"includedPlatforms" tf:"included_platforms,omitempty"` +} + +type SessionControlsInitParameters struct { + + // Whether application enforced restrictions are enabled. Defaults to false. + ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"` + + // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. + CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + + // Disables resilience defaults. Defaults to false. + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + + // Session control to define whether to persist cookies. Possible values are: always or never. + PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` + + // Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified. + SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"` + + // Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication. + SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"` + + // The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased. + SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"` + + // The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified. + SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"` +} + +type SessionControlsObservation struct { + + // Whether application enforced restrictions are enabled. Defaults to false. + ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"` + + // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. + CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + + // Disables resilience defaults. Defaults to false. + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + + // Session control to define whether to persist cookies. Possible values are: always or never. + PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` + + // Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified. + SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"` + + // Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication. + SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"` + + // The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased. + SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"` + + // The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified. + SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"` +} + +type SessionControlsParameters struct { + + // Whether application enforced restrictions are enabled. Defaults to false. + // +kubebuilder:validation:Optional + ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"` + + // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. + // +kubebuilder:validation:Optional + CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + + // Disables resilience defaults. Defaults to false. + // +kubebuilder:validation:Optional + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + + // Session control to define whether to persist cookies. Possible values are: always or never. + // +kubebuilder:validation:Optional + PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` + + // Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified. + // +kubebuilder:validation:Optional + SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"` + + // Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication. + // +kubebuilder:validation:Optional + SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"` + + // The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased. + // +kubebuilder:validation:Optional + SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"` + + // The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified. + // +kubebuilder:validation:Optional + SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"` +} + +type UsersInitParameters struct { + + // A list of group IDs excluded from scope of policy. + ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy. + ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersInitParameters `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"` + + // A list of role IDs excluded from scope of policy. + ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"` + + // A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers. + ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"` + + // A list of group IDs in scope of policy unless explicitly excluded. + IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy. + IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersInitParameters `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"` + + // A list of role IDs in scope of policy unless explicitly excluded. + IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"` + + // A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers. + IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"` +} + +type UsersObservation struct { + + // A list of group IDs excluded from scope of policy. + ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy. + ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersObservation `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"` + + // A list of role IDs excluded from scope of policy. + ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"` + + // A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers. + ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"` + + // A list of group IDs in scope of policy unless explicitly excluded. + IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy. + IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersObservation `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"` + + // A list of role IDs in scope of policy unless explicitly excluded. + IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"` + + // A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers. + IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"` +} + +type UsersParameters struct { + + // A list of group IDs excluded from scope of policy. + // +kubebuilder:validation:Optional + ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy. + // +kubebuilder:validation:Optional + ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersParameters `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"` + + // A list of role IDs excluded from scope of policy. + // +kubebuilder:validation:Optional + ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"` + + // A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers. + // +kubebuilder:validation:Optional + ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"` + + // A list of group IDs in scope of policy unless explicitly excluded. + // +kubebuilder:validation:Optional + IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"` + + // A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy. + // +kubebuilder:validation:Optional + IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersParameters `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"` + + // A list of role IDs in scope of policy unless explicitly excluded. + // +kubebuilder:validation:Optional + IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"` + + // A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers. + // +kubebuilder:validation:Optional + IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"` +} + +// AccessPolicySpec defines the desired state of AccessPolicy +type AccessPolicySpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider AccessPolicyParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider AccessPolicyInitParameters `json:"initProvider,omitempty"` +} + +// AccessPolicyStatus defines the observed state of AccessPolicy. +type AccessPolicyStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider AccessPolicyObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// AccessPolicy is the Schema for the AccessPolicys API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type AccessPolicy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.conditions) || (has(self.initProvider) && has(self.initProvider.conditions))",message="spec.forProvider.conditions is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.state) || (has(self.initProvider) && has(self.initProvider.state))",message="spec.forProvider.state is a required parameter" + Spec AccessPolicySpec `json:"spec"` + Status AccessPolicyStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AccessPolicyList contains a list of AccessPolicys +type AccessPolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessPolicy `json:"items"` +} + +// Repository type metadata. +var ( + AccessPolicy_Kind = "AccessPolicy" + AccessPolicy_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessPolicy_Kind}.String() + AccessPolicy_KindAPIVersion = AccessPolicy_Kind + "." + CRDGroupVersion.String() + AccessPolicy_GroupVersionKind = CRDGroupVersion.WithKind(AccessPolicy_Kind) +) + +func init() { + SchemeBuilder.Register(&AccessPolicy{}, &AccessPolicyList{}) +} diff --git a/apis/conditionalaccess/v1beta1/zz_generated.conversion_hubs.go b/apis/conditionalaccess/v1beta2/zz_generated.conversion_hubs.go similarity index 95% rename from apis/conditionalaccess/v1beta1/zz_generated.conversion_hubs.go rename to apis/conditionalaccess/v1beta2/zz_generated.conversion_hubs.go index c4525769..ba9fee0c 100755 --- a/apis/conditionalaccess/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/conditionalaccess/v1beta2/zz_generated.conversion_hubs.go @@ -4,7 +4,7 @@ // Code generated by upjet. DO NOT EDIT. -package v1beta1 +package v1beta2 // Hub marks this type as a conversion hub. func (tr *AccessPolicy) Hub() {} diff --git a/apis/conditionalaccess/v1beta2/zz_generated.deepcopy.go b/apis/conditionalaccess/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 00000000..c9a5acfc --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,2494 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicy) DeepCopyInto(out *AccessPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicy. +func (in *AccessPolicy) DeepCopy() *AccessPolicy { + if in == nil { + return nil + } + out := new(AccessPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyInitParameters) DeepCopyInto(out *AccessPolicyInitParameters) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = new(ConditionsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.GrantControls != nil { + in, out := &in.GrantControls, &out.GrantControls + *out = new(GrantControlsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SessionControls != nil { + in, out := &in.SessionControls, &out.SessionControls + *out = new(SessionControlsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyInitParameters. +func (in *AccessPolicyInitParameters) DeepCopy() *AccessPolicyInitParameters { + if in == nil { + return nil + } + out := new(AccessPolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyList) DeepCopyInto(out *AccessPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AccessPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyList. +func (in *AccessPolicyList) DeepCopy() *AccessPolicyList { + if in == nil { + return nil + } + out := new(AccessPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyObservation) DeepCopyInto(out *AccessPolicyObservation) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = new(ConditionsObservation) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.GrantControls != nil { + in, out := &in.GrantControls, &out.GrantControls + *out = new(GrantControlsObservation) + (*in).DeepCopyInto(*out) + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.SessionControls != nil { + in, out := &in.SessionControls, &out.SessionControls + *out = new(SessionControlsObservation) + (*in).DeepCopyInto(*out) + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyObservation. +func (in *AccessPolicyObservation) DeepCopy() *AccessPolicyObservation { + if in == nil { + return nil + } + out := new(AccessPolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyParameters) DeepCopyInto(out *AccessPolicyParameters) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = new(ConditionsParameters) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.GrantControls != nil { + in, out := &in.GrantControls, &out.GrantControls + *out = new(GrantControlsParameters) + (*in).DeepCopyInto(*out) + } + if in.SessionControls != nil { + in, out := &in.SessionControls, &out.SessionControls + *out = new(SessionControlsParameters) + (*in).DeepCopyInto(*out) + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyParameters. +func (in *AccessPolicyParameters) DeepCopy() *AccessPolicyParameters { + if in == nil { + return nil + } + out := new(AccessPolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicySpec) DeepCopyInto(out *AccessPolicySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicySpec. +func (in *AccessPolicySpec) DeepCopy() *AccessPolicySpec { + if in == nil { + return nil + } + out := new(AccessPolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyStatus) DeepCopyInto(out *AccessPolicyStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyStatus. +func (in *AccessPolicyStatus) DeepCopy() *AccessPolicyStatus { + if in == nil { + return nil + } + out := new(AccessPolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationsInitParameters) DeepCopyInto(out *ApplicationsInitParameters) { + *out = *in + if in.ExcludedApplications != nil { + in, out := &in.ExcludedApplications, &out.ExcludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedApplications != nil { + in, out := &in.IncludedApplications, &out.IncludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUserActions != nil { + in, out := &in.IncludedUserActions, &out.IncludedUserActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationsInitParameters. +func (in *ApplicationsInitParameters) DeepCopy() *ApplicationsInitParameters { + if in == nil { + return nil + } + out := new(ApplicationsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationsObservation) DeepCopyInto(out *ApplicationsObservation) { + *out = *in + if in.ExcludedApplications != nil { + in, out := &in.ExcludedApplications, &out.ExcludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedApplications != nil { + in, out := &in.IncludedApplications, &out.IncludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUserActions != nil { + in, out := &in.IncludedUserActions, &out.IncludedUserActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationsObservation. +func (in *ApplicationsObservation) DeepCopy() *ApplicationsObservation { + if in == nil { + return nil + } + out := new(ApplicationsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationsParameters) DeepCopyInto(out *ApplicationsParameters) { + *out = *in + if in.ExcludedApplications != nil { + in, out := &in.ExcludedApplications, &out.ExcludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedApplications != nil { + in, out := &in.IncludedApplications, &out.IncludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUserActions != nil { + in, out := &in.IncludedUserActions, &out.IncludedUserActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationsParameters. +func (in *ApplicationsParameters) DeepCopy() *ApplicationsParameters { + if in == nil { + return nil + } + out := new(ApplicationsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsInitParameters) DeepCopyInto(out *ClientApplicationsInitParameters) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsInitParameters. +func (in *ClientApplicationsInitParameters) DeepCopy() *ClientApplicationsInitParameters { + if in == nil { + return nil + } + out := new(ClientApplicationsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsObservation) DeepCopyInto(out *ClientApplicationsObservation) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsObservation. +func (in *ClientApplicationsObservation) DeepCopy() *ClientApplicationsObservation { + if in == nil { + return nil + } + out := new(ClientApplicationsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsParameters) DeepCopyInto(out *ClientApplicationsParameters) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsParameters. +func (in *ClientApplicationsParameters) DeepCopy() *ClientApplicationsParameters { + if in == nil { + return nil + } + out := new(ClientApplicationsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionsInitParameters) DeepCopyInto(out *ConditionsInitParameters) { + *out = *in + if in.Applications != nil { + in, out := &in.Applications, &out.Applications + *out = new(ApplicationsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ClientAppTypes != nil { + in, out := &in.ClientAppTypes, &out.ClientAppTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = new(ClientApplicationsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Devices != nil { + in, out := &in.Devices, &out.Devices + *out = new(DevicesInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Locations != nil { + in, out := &in.Locations, &out.Locations + *out = new(LocationsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Platforms != nil { + in, out := &in.Platforms, &out.Platforms + *out = new(PlatformsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SignInRiskLevels != nil { + in, out := &in.SignInRiskLevels, &out.SignInRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserRiskLevels != nil { + in, out := &in.UserRiskLevels, &out.UserRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = new(UsersInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsInitParameters. +func (in *ConditionsInitParameters) DeepCopy() *ConditionsInitParameters { + if in == nil { + return nil + } + out := new(ConditionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionsObservation) DeepCopyInto(out *ConditionsObservation) { + *out = *in + if in.Applications != nil { + in, out := &in.Applications, &out.Applications + *out = new(ApplicationsObservation) + (*in).DeepCopyInto(*out) + } + if in.ClientAppTypes != nil { + in, out := &in.ClientAppTypes, &out.ClientAppTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = new(ClientApplicationsObservation) + (*in).DeepCopyInto(*out) + } + if in.Devices != nil { + in, out := &in.Devices, &out.Devices + *out = new(DevicesObservation) + (*in).DeepCopyInto(*out) + } + if in.Locations != nil { + in, out := &in.Locations, &out.Locations + *out = new(LocationsObservation) + (*in).DeepCopyInto(*out) + } + if in.Platforms != nil { + in, out := &in.Platforms, &out.Platforms + *out = new(PlatformsObservation) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SignInRiskLevels != nil { + in, out := &in.SignInRiskLevels, &out.SignInRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserRiskLevels != nil { + in, out := &in.UserRiskLevels, &out.UserRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = new(UsersObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsObservation. +func (in *ConditionsObservation) DeepCopy() *ConditionsObservation { + if in == nil { + return nil + } + out := new(ConditionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionsParameters) DeepCopyInto(out *ConditionsParameters) { + *out = *in + if in.Applications != nil { + in, out := &in.Applications, &out.Applications + *out = new(ApplicationsParameters) + (*in).DeepCopyInto(*out) + } + if in.ClientAppTypes != nil { + in, out := &in.ClientAppTypes, &out.ClientAppTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = new(ClientApplicationsParameters) + (*in).DeepCopyInto(*out) + } + if in.Devices != nil { + in, out := &in.Devices, &out.Devices + *out = new(DevicesParameters) + (*in).DeepCopyInto(*out) + } + if in.Locations != nil { + in, out := &in.Locations, &out.Locations + *out = new(LocationsParameters) + (*in).DeepCopyInto(*out) + } + if in.Platforms != nil { + in, out := &in.Platforms, &out.Platforms + *out = new(PlatformsParameters) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SignInRiskLevels != nil { + in, out := &in.SignInRiskLevels, &out.SignInRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserRiskLevels != nil { + in, out := &in.UserRiskLevels, &out.UserRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = new(UsersParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsParameters. +func (in *ConditionsParameters) DeepCopy() *ConditionsParameters { + if in == nil { + return nil + } + out := new(ConditionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CountryInitParameters) DeepCopyInto(out *CountryInitParameters) { + *out = *in + if in.CountriesAndRegions != nil { + in, out := &in.CountriesAndRegions, &out.CountriesAndRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeUnknownCountriesAndRegions != nil { + in, out := &in.IncludeUnknownCountriesAndRegions, &out.IncludeUnknownCountriesAndRegions + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountryInitParameters. +func (in *CountryInitParameters) DeepCopy() *CountryInitParameters { + if in == nil { + return nil + } + out := new(CountryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CountryObservation) DeepCopyInto(out *CountryObservation) { + *out = *in + if in.CountriesAndRegions != nil { + in, out := &in.CountriesAndRegions, &out.CountriesAndRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeUnknownCountriesAndRegions != nil { + in, out := &in.IncludeUnknownCountriesAndRegions, &out.IncludeUnknownCountriesAndRegions + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountryObservation. +func (in *CountryObservation) DeepCopy() *CountryObservation { + if in == nil { + return nil + } + out := new(CountryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CountryParameters) DeepCopyInto(out *CountryParameters) { + *out = *in + if in.CountriesAndRegions != nil { + in, out := &in.CountriesAndRegions, &out.CountriesAndRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeUnknownCountriesAndRegions != nil { + in, out := &in.IncludeUnknownCountriesAndRegions, &out.IncludeUnknownCountriesAndRegions + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountryParameters. +func (in *CountryParameters) DeepCopy() *CountryParameters { + if in == nil { + return nil + } + out := new(CountryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DevicesInitParameters) DeepCopyInto(out *DevicesInitParameters) { + *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(FilterInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicesInitParameters. +func (in *DevicesInitParameters) DeepCopy() *DevicesInitParameters { + if in == nil { + return nil + } + out := new(DevicesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DevicesObservation) DeepCopyInto(out *DevicesObservation) { + *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(FilterObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicesObservation. +func (in *DevicesObservation) DeepCopy() *DevicesObservation { + if in == nil { + return nil + } + out := new(DevicesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DevicesParameters) DeepCopyInto(out *DevicesParameters) { + *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(FilterParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicesParameters. +func (in *DevicesParameters) DeepCopy() *DevicesParameters { + if in == nil { + return nil + } + out := new(DevicesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExcludedGuestsOrExternalUsersInitParameters) DeepCopyInto(out *ExcludedGuestsOrExternalUsersInitParameters) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]ExternalTenantsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedGuestsOrExternalUsersInitParameters. +func (in *ExcludedGuestsOrExternalUsersInitParameters) DeepCopy() *ExcludedGuestsOrExternalUsersInitParameters { + if in == nil { + return nil + } + out := new(ExcludedGuestsOrExternalUsersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExcludedGuestsOrExternalUsersObservation) DeepCopyInto(out *ExcludedGuestsOrExternalUsersObservation) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]ExternalTenantsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedGuestsOrExternalUsersObservation. +func (in *ExcludedGuestsOrExternalUsersObservation) DeepCopy() *ExcludedGuestsOrExternalUsersObservation { + if in == nil { + return nil + } + out := new(ExcludedGuestsOrExternalUsersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExcludedGuestsOrExternalUsersParameters) DeepCopyInto(out *ExcludedGuestsOrExternalUsersParameters) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]ExternalTenantsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedGuestsOrExternalUsersParameters. +func (in *ExcludedGuestsOrExternalUsersParameters) DeepCopy() *ExcludedGuestsOrExternalUsersParameters { + if in == nil { + return nil + } + out := new(ExcludedGuestsOrExternalUsersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalTenantsInitParameters) DeepCopyInto(out *ExternalTenantsInitParameters) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalTenantsInitParameters. +func (in *ExternalTenantsInitParameters) DeepCopy() *ExternalTenantsInitParameters { + if in == nil { + return nil + } + out := new(ExternalTenantsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalTenantsObservation) DeepCopyInto(out *ExternalTenantsObservation) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalTenantsObservation. +func (in *ExternalTenantsObservation) DeepCopy() *ExternalTenantsObservation { + if in == nil { + return nil + } + out := new(ExternalTenantsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalTenantsParameters) DeepCopyInto(out *ExternalTenantsParameters) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalTenantsParameters. +func (in *ExternalTenantsParameters) DeepCopy() *ExternalTenantsParameters { + if in == nil { + return nil + } + out := new(ExternalTenantsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterInitParameters) DeepCopyInto(out *FilterInitParameters) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterInitParameters. +func (in *FilterInitParameters) DeepCopy() *FilterInitParameters { + if in == nil { + return nil + } + out := new(FilterInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterObservation) DeepCopyInto(out *FilterObservation) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterObservation. +func (in *FilterObservation) DeepCopy() *FilterObservation { + if in == nil { + return nil + } + out := new(FilterObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilterParameters) DeepCopyInto(out *FilterParameters) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterParameters. +func (in *FilterParameters) DeepCopy() *FilterParameters { + if in == nil { + return nil + } + out := new(FilterParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GrantControlsInitParameters) DeepCopyInto(out *GrantControlsInitParameters) { + *out = *in + if in.AuthenticationStrengthPolicyID != nil { + in, out := &in.AuthenticationStrengthPolicyID, &out.AuthenticationStrengthPolicyID + *out = new(string) + **out = **in + } + if in.BuiltInControls != nil { + in, out := &in.BuiltInControls, &out.BuiltInControls + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.CustomAuthenticationFactors != nil { + in, out := &in.CustomAuthenticationFactors, &out.CustomAuthenticationFactors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.TermsOfUse != nil { + in, out := &in.TermsOfUse, &out.TermsOfUse + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantControlsInitParameters. +func (in *GrantControlsInitParameters) DeepCopy() *GrantControlsInitParameters { + if in == nil { + return nil + } + out := new(GrantControlsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GrantControlsObservation) DeepCopyInto(out *GrantControlsObservation) { + *out = *in + if in.AuthenticationStrengthPolicyID != nil { + in, out := &in.AuthenticationStrengthPolicyID, &out.AuthenticationStrengthPolicyID + *out = new(string) + **out = **in + } + if in.BuiltInControls != nil { + in, out := &in.BuiltInControls, &out.BuiltInControls + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.CustomAuthenticationFactors != nil { + in, out := &in.CustomAuthenticationFactors, &out.CustomAuthenticationFactors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.TermsOfUse != nil { + in, out := &in.TermsOfUse, &out.TermsOfUse + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantControlsObservation. +func (in *GrantControlsObservation) DeepCopy() *GrantControlsObservation { + if in == nil { + return nil + } + out := new(GrantControlsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GrantControlsParameters) DeepCopyInto(out *GrantControlsParameters) { + *out = *in + if in.AuthenticationStrengthPolicyID != nil { + in, out := &in.AuthenticationStrengthPolicyID, &out.AuthenticationStrengthPolicyID + *out = new(string) + **out = **in + } + if in.BuiltInControls != nil { + in, out := &in.BuiltInControls, &out.BuiltInControls + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.CustomAuthenticationFactors != nil { + in, out := &in.CustomAuthenticationFactors, &out.CustomAuthenticationFactors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.TermsOfUse != nil { + in, out := &in.TermsOfUse, &out.TermsOfUse + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantControlsParameters. +func (in *GrantControlsParameters) DeepCopy() *GrantControlsParameters { + if in == nil { + return nil + } + out := new(GrantControlsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPInitParameters) DeepCopyInto(out *IPInitParameters) { + *out = *in + if in.IPRanges != nil { + in, out := &in.IPRanges, &out.IPRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Trusted != nil { + in, out := &in.Trusted, &out.Trusted + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPInitParameters. +func (in *IPInitParameters) DeepCopy() *IPInitParameters { + if in == nil { + return nil + } + out := new(IPInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPObservation) DeepCopyInto(out *IPObservation) { + *out = *in + if in.IPRanges != nil { + in, out := &in.IPRanges, &out.IPRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Trusted != nil { + in, out := &in.Trusted, &out.Trusted + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPObservation. +func (in *IPObservation) DeepCopy() *IPObservation { + if in == nil { + return nil + } + out := new(IPObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPParameters) DeepCopyInto(out *IPParameters) { + *out = *in + if in.IPRanges != nil { + in, out := &in.IPRanges, &out.IPRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Trusted != nil { + in, out := &in.Trusted, &out.Trusted + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPParameters. +func (in *IPParameters) DeepCopy() *IPParameters { + if in == nil { + return nil + } + out := new(IPParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersExternalTenantsInitParameters) DeepCopyInto(out *IncludedGuestsOrExternalUsersExternalTenantsInitParameters) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersExternalTenantsInitParameters. +func (in *IncludedGuestsOrExternalUsersExternalTenantsInitParameters) DeepCopy() *IncludedGuestsOrExternalUsersExternalTenantsInitParameters { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersExternalTenantsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersExternalTenantsObservation) DeepCopyInto(out *IncludedGuestsOrExternalUsersExternalTenantsObservation) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersExternalTenantsObservation. +func (in *IncludedGuestsOrExternalUsersExternalTenantsObservation) DeepCopy() *IncludedGuestsOrExternalUsersExternalTenantsObservation { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersExternalTenantsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersExternalTenantsParameters) DeepCopyInto(out *IncludedGuestsOrExternalUsersExternalTenantsParameters) { + *out = *in + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MembershipKind != nil { + in, out := &in.MembershipKind, &out.MembershipKind + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersExternalTenantsParameters. +func (in *IncludedGuestsOrExternalUsersExternalTenantsParameters) DeepCopy() *IncludedGuestsOrExternalUsersExternalTenantsParameters { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersExternalTenantsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersInitParameters) DeepCopyInto(out *IncludedGuestsOrExternalUsersInitParameters) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]IncludedGuestsOrExternalUsersExternalTenantsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersInitParameters. +func (in *IncludedGuestsOrExternalUsersInitParameters) DeepCopy() *IncludedGuestsOrExternalUsersInitParameters { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersObservation) DeepCopyInto(out *IncludedGuestsOrExternalUsersObservation) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]IncludedGuestsOrExternalUsersExternalTenantsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersObservation. +func (in *IncludedGuestsOrExternalUsersObservation) DeepCopy() *IncludedGuestsOrExternalUsersObservation { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IncludedGuestsOrExternalUsersParameters) DeepCopyInto(out *IncludedGuestsOrExternalUsersParameters) { + *out = *in + if in.ExternalTenants != nil { + in, out := &in.ExternalTenants, &out.ExternalTenants + *out = make([]IncludedGuestsOrExternalUsersExternalTenantsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GuestOrExternalUserTypes != nil { + in, out := &in.GuestOrExternalUserTypes, &out.GuestOrExternalUserTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IncludedGuestsOrExternalUsersParameters. +func (in *IncludedGuestsOrExternalUsersParameters) DeepCopy() *IncludedGuestsOrExternalUsersParameters { + if in == nil { + return nil + } + out := new(IncludedGuestsOrExternalUsersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Location) DeepCopyInto(out *Location) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Location. +func (in *Location) DeepCopy() *Location { + if in == nil { + return nil + } + out := new(Location) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Location) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationInitParameters) DeepCopyInto(out *LocationInitParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(CountryInitParameters) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IP != nil { + in, out := &in.IP, &out.IP + *out = new(IPInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationInitParameters. +func (in *LocationInitParameters) DeepCopy() *LocationInitParameters { + if in == nil { + return nil + } + out := new(LocationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationList) DeepCopyInto(out *LocationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Location, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationList. +func (in *LocationList) DeepCopy() *LocationList { + if in == nil { + return nil + } + out := new(LocationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *LocationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationObservation) DeepCopyInto(out *LocationObservation) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(CountryObservation) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IP != nil { + in, out := &in.IP, &out.IP + *out = new(IPObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationObservation. +func (in *LocationObservation) DeepCopy() *LocationObservation { + if in == nil { + return nil + } + out := new(LocationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationParameters) DeepCopyInto(out *LocationParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(CountryParameters) + (*in).DeepCopyInto(*out) + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IP != nil { + in, out := &in.IP, &out.IP + *out = new(IPParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationParameters. +func (in *LocationParameters) DeepCopy() *LocationParameters { + if in == nil { + return nil + } + out := new(LocationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationSpec) DeepCopyInto(out *LocationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationSpec. +func (in *LocationSpec) DeepCopy() *LocationSpec { + if in == nil { + return nil + } + out := new(LocationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationStatus) DeepCopyInto(out *LocationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationStatus. +func (in *LocationStatus) DeepCopy() *LocationStatus { + if in == nil { + return nil + } + out := new(LocationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationsInitParameters) DeepCopyInto(out *LocationsInitParameters) { + *out = *in + if in.ExcludedLocations != nil { + in, out := &in.ExcludedLocations, &out.ExcludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedLocations != nil { + in, out := &in.IncludedLocations, &out.IncludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationsInitParameters. +func (in *LocationsInitParameters) DeepCopy() *LocationsInitParameters { + if in == nil { + return nil + } + out := new(LocationsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationsObservation) DeepCopyInto(out *LocationsObservation) { + *out = *in + if in.ExcludedLocations != nil { + in, out := &in.ExcludedLocations, &out.ExcludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedLocations != nil { + in, out := &in.IncludedLocations, &out.IncludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationsObservation. +func (in *LocationsObservation) DeepCopy() *LocationsObservation { + if in == nil { + return nil + } + out := new(LocationsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocationsParameters) DeepCopyInto(out *LocationsParameters) { + *out = *in + if in.ExcludedLocations != nil { + in, out := &in.ExcludedLocations, &out.ExcludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedLocations != nil { + in, out := &in.IncludedLocations, &out.IncludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationsParameters. +func (in *LocationsParameters) DeepCopy() *LocationsParameters { + if in == nil { + return nil + } + out := new(LocationsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformsInitParameters) DeepCopyInto(out *PlatformsInitParameters) { + *out = *in + if in.ExcludedPlatforms != nil { + in, out := &in.ExcludedPlatforms, &out.ExcludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedPlatforms != nil { + in, out := &in.IncludedPlatforms, &out.IncludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformsInitParameters. +func (in *PlatformsInitParameters) DeepCopy() *PlatformsInitParameters { + if in == nil { + return nil + } + out := new(PlatformsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformsObservation) DeepCopyInto(out *PlatformsObservation) { + *out = *in + if in.ExcludedPlatforms != nil { + in, out := &in.ExcludedPlatforms, &out.ExcludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedPlatforms != nil { + in, out := &in.IncludedPlatforms, &out.IncludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformsObservation. +func (in *PlatformsObservation) DeepCopy() *PlatformsObservation { + if in == nil { + return nil + } + out := new(PlatformsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformsParameters) DeepCopyInto(out *PlatformsParameters) { + *out = *in + if in.ExcludedPlatforms != nil { + in, out := &in.ExcludedPlatforms, &out.ExcludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedPlatforms != nil { + in, out := &in.IncludedPlatforms, &out.IncludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformsParameters. +func (in *PlatformsParameters) DeepCopy() *PlatformsParameters { + if in == nil { + return nil + } + out := new(PlatformsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SessionControlsInitParameters) DeepCopyInto(out *SessionControlsInitParameters) { + *out = *in + if in.ApplicationEnforcedRestrictionsEnabled != nil { + in, out := &in.ApplicationEnforcedRestrictionsEnabled, &out.ApplicationEnforcedRestrictionsEnabled + *out = new(bool) + **out = **in + } + if in.CloudAppSecurityPolicy != nil { + in, out := &in.CloudAppSecurityPolicy, &out.CloudAppSecurityPolicy + *out = new(string) + **out = **in + } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } + if in.PersistentBrowserMode != nil { + in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode + *out = new(string) + **out = **in + } + if in.SignInFrequency != nil { + in, out := &in.SignInFrequency, &out.SignInFrequency + *out = new(float64) + **out = **in + } + if in.SignInFrequencyAuthenticationType != nil { + in, out := &in.SignInFrequencyAuthenticationType, &out.SignInFrequencyAuthenticationType + *out = new(string) + **out = **in + } + if in.SignInFrequencyInterval != nil { + in, out := &in.SignInFrequencyInterval, &out.SignInFrequencyInterval + *out = new(string) + **out = **in + } + if in.SignInFrequencyPeriod != nil { + in, out := &in.SignInFrequencyPeriod, &out.SignInFrequencyPeriod + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionControlsInitParameters. +func (in *SessionControlsInitParameters) DeepCopy() *SessionControlsInitParameters { + if in == nil { + return nil + } + out := new(SessionControlsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SessionControlsObservation) DeepCopyInto(out *SessionControlsObservation) { + *out = *in + if in.ApplicationEnforcedRestrictionsEnabled != nil { + in, out := &in.ApplicationEnforcedRestrictionsEnabled, &out.ApplicationEnforcedRestrictionsEnabled + *out = new(bool) + **out = **in + } + if in.CloudAppSecurityPolicy != nil { + in, out := &in.CloudAppSecurityPolicy, &out.CloudAppSecurityPolicy + *out = new(string) + **out = **in + } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } + if in.PersistentBrowserMode != nil { + in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode + *out = new(string) + **out = **in + } + if in.SignInFrequency != nil { + in, out := &in.SignInFrequency, &out.SignInFrequency + *out = new(float64) + **out = **in + } + if in.SignInFrequencyAuthenticationType != nil { + in, out := &in.SignInFrequencyAuthenticationType, &out.SignInFrequencyAuthenticationType + *out = new(string) + **out = **in + } + if in.SignInFrequencyInterval != nil { + in, out := &in.SignInFrequencyInterval, &out.SignInFrequencyInterval + *out = new(string) + **out = **in + } + if in.SignInFrequencyPeriod != nil { + in, out := &in.SignInFrequencyPeriod, &out.SignInFrequencyPeriod + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionControlsObservation. +func (in *SessionControlsObservation) DeepCopy() *SessionControlsObservation { + if in == nil { + return nil + } + out := new(SessionControlsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SessionControlsParameters) DeepCopyInto(out *SessionControlsParameters) { + *out = *in + if in.ApplicationEnforcedRestrictionsEnabled != nil { + in, out := &in.ApplicationEnforcedRestrictionsEnabled, &out.ApplicationEnforcedRestrictionsEnabled + *out = new(bool) + **out = **in + } + if in.CloudAppSecurityPolicy != nil { + in, out := &in.CloudAppSecurityPolicy, &out.CloudAppSecurityPolicy + *out = new(string) + **out = **in + } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } + if in.PersistentBrowserMode != nil { + in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode + *out = new(string) + **out = **in + } + if in.SignInFrequency != nil { + in, out := &in.SignInFrequency, &out.SignInFrequency + *out = new(float64) + **out = **in + } + if in.SignInFrequencyAuthenticationType != nil { + in, out := &in.SignInFrequencyAuthenticationType, &out.SignInFrequencyAuthenticationType + *out = new(string) + **out = **in + } + if in.SignInFrequencyInterval != nil { + in, out := &in.SignInFrequencyInterval, &out.SignInFrequencyInterval + *out = new(string) + **out = **in + } + if in.SignInFrequencyPeriod != nil { + in, out := &in.SignInFrequencyPeriod, &out.SignInFrequencyPeriod + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionControlsParameters. +func (in *SessionControlsParameters) DeepCopy() *SessionControlsParameters { + if in == nil { + return nil + } + out := new(SessionControlsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsersInitParameters) DeepCopyInto(out *UsersInitParameters) { + *out = *in + if in.ExcludedGroups != nil { + in, out := &in.ExcludedGroups, &out.ExcludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedGuestsOrExternalUsers != nil { + in, out := &in.ExcludedGuestsOrExternalUsers, &out.ExcludedGuestsOrExternalUsers + *out = make([]ExcludedGuestsOrExternalUsersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExcludedRoles != nil { + in, out := &in.ExcludedRoles, &out.ExcludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedUsers != nil { + in, out := &in.ExcludedUsers, &out.ExcludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGroups != nil { + in, out := &in.IncludedGroups, &out.IncludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGuestsOrExternalUsers != nil { + in, out := &in.IncludedGuestsOrExternalUsers, &out.IncludedGuestsOrExternalUsers + *out = make([]IncludedGuestsOrExternalUsersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IncludedRoles != nil { + in, out := &in.IncludedRoles, &out.IncludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUsers != nil { + in, out := &in.IncludedUsers, &out.IncludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsersInitParameters. +func (in *UsersInitParameters) DeepCopy() *UsersInitParameters { + if in == nil { + return nil + } + out := new(UsersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsersObservation) DeepCopyInto(out *UsersObservation) { + *out = *in + if in.ExcludedGroups != nil { + in, out := &in.ExcludedGroups, &out.ExcludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedGuestsOrExternalUsers != nil { + in, out := &in.ExcludedGuestsOrExternalUsers, &out.ExcludedGuestsOrExternalUsers + *out = make([]ExcludedGuestsOrExternalUsersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExcludedRoles != nil { + in, out := &in.ExcludedRoles, &out.ExcludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedUsers != nil { + in, out := &in.ExcludedUsers, &out.ExcludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGroups != nil { + in, out := &in.IncludedGroups, &out.IncludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGuestsOrExternalUsers != nil { + in, out := &in.IncludedGuestsOrExternalUsers, &out.IncludedGuestsOrExternalUsers + *out = make([]IncludedGuestsOrExternalUsersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IncludedRoles != nil { + in, out := &in.IncludedRoles, &out.IncludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUsers != nil { + in, out := &in.IncludedUsers, &out.IncludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsersObservation. +func (in *UsersObservation) DeepCopy() *UsersObservation { + if in == nil { + return nil + } + out := new(UsersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsersParameters) DeepCopyInto(out *UsersParameters) { + *out = *in + if in.ExcludedGroups != nil { + in, out := &in.ExcludedGroups, &out.ExcludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedGuestsOrExternalUsers != nil { + in, out := &in.ExcludedGuestsOrExternalUsers, &out.ExcludedGuestsOrExternalUsers + *out = make([]ExcludedGuestsOrExternalUsersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExcludedRoles != nil { + in, out := &in.ExcludedRoles, &out.ExcludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedUsers != nil { + in, out := &in.ExcludedUsers, &out.ExcludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGroups != nil { + in, out := &in.IncludedGroups, &out.IncludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGuestsOrExternalUsers != nil { + in, out := &in.IncludedGuestsOrExternalUsers, &out.IncludedGuestsOrExternalUsers + *out = make([]IncludedGuestsOrExternalUsersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IncludedRoles != nil { + in, out := &in.IncludedRoles, &out.IncludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUsers != nil { + in, out := &in.IncludedUsers, &out.IncludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsersParameters. +func (in *UsersParameters) DeepCopy() *UsersParameters { + if in == nil { + return nil + } + out := new(UsersParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/conditionalaccess/v1beta2/zz_generated.managed.go b/apis/conditionalaccess/v1beta2/zz_generated.managed.go new file mode 100644 index 00000000..b3508e30 --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_generated.managed.go @@ -0,0 +1,128 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this AccessPolicy. +func (mg *AccessPolicy) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AccessPolicy. +func (mg *AccessPolicy) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this AccessPolicy. +func (mg *AccessPolicy) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this AccessPolicy. +func (mg *AccessPolicy) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this AccessPolicy. +func (mg *AccessPolicy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this AccessPolicy. +func (mg *AccessPolicy) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AccessPolicy. +func (mg *AccessPolicy) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AccessPolicy. +func (mg *AccessPolicy) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this AccessPolicy. +func (mg *AccessPolicy) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this AccessPolicy. +func (mg *AccessPolicy) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this AccessPolicy. +func (mg *AccessPolicy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this AccessPolicy. +func (mg *AccessPolicy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this Location. +func (mg *Location) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Location. +func (mg *Location) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Location. +func (mg *Location) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Location. +func (mg *Location) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Location. +func (mg *Location) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Location. +func (mg *Location) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Location. +func (mg *Location) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Location. +func (mg *Location) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Location. +func (mg *Location) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Location. +func (mg *Location) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Location. +func (mg *Location) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Location. +func (mg *Location) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/conditionalaccess/v1beta2/zz_generated.managedlist.go b/apis/conditionalaccess/v1beta2/zz_generated.managedlist.go new file mode 100644 index 00000000..107924ab --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_generated.managedlist.go @@ -0,0 +1,26 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this AccessPolicyList. +func (l *AccessPolicyList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this LocationList. +func (l *LocationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/conditionalaccess/v1beta2/zz_groupversion_info.go b/apis/conditionalaccess/v1beta2/zz_groupversion_info.go new file mode 100755 index 00000000..03111fc7 --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=conditionalaccess.azuread.upbound.io +// +versionName=v1beta2 +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "conditionalaccess.azuread.upbound.io" + CRDVersion = "v1beta2" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/conditionalaccess/v1beta2/zz_location_terraformed.go b/apis/conditionalaccess/v1beta2/zz_location_terraformed.go new file mode 100755 index 00000000..8380ca4b --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_location_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Location +func (mg *Location) GetTerraformResourceType() string { + return "azuread_named_location" +} + +// GetConnectionDetailsMapping for this Location +func (tr *Location) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Location +func (tr *Location) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Location +func (tr *Location) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Location +func (tr *Location) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Location +func (tr *Location) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Location +func (tr *Location) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Location +func (tr *Location) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Location +func (tr *Location) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Location using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Location) LateInitialize(attrs []byte) (bool, error) { + params := &LocationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Location) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/conditionalaccess/v1beta2/zz_location_types.go b/apis/conditionalaccess/v1beta2/zz_location_types.go new file mode 100755 index 00000000..fbf2d409 --- /dev/null +++ b/apis/conditionalaccess/v1beta2/zz_location_types.go @@ -0,0 +1,175 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type CountryInitParameters struct { + + // List of countries and/or regions in two-letter format specified by ISO 3166-2. + CountriesAndRegions []*string `json:"countriesAndRegions,omitempty" tf:"countries_and_regions,omitempty"` + + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to false. + IncludeUnknownCountriesAndRegions *bool `json:"includeUnknownCountriesAndRegions,omitempty" tf:"include_unknown_countries_and_regions,omitempty"` +} + +type CountryObservation struct { + + // List of countries and/or regions in two-letter format specified by ISO 3166-2. + CountriesAndRegions []*string `json:"countriesAndRegions,omitempty" tf:"countries_and_regions,omitempty"` + + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to false. + IncludeUnknownCountriesAndRegions *bool `json:"includeUnknownCountriesAndRegions,omitempty" tf:"include_unknown_countries_and_regions,omitempty"` +} + +type CountryParameters struct { + + // List of countries and/or regions in two-letter format specified by ISO 3166-2. + // +kubebuilder:validation:Optional + CountriesAndRegions []*string `json:"countriesAndRegions" tf:"countries_and_regions,omitempty"` + + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to false. + // +kubebuilder:validation:Optional + IncludeUnknownCountriesAndRegions *bool `json:"includeUnknownCountriesAndRegions,omitempty" tf:"include_unknown_countries_and_regions,omitempty"` +} + +type IPInitParameters struct { + + // List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. Each CIDR prefix must be /8 or larger. + IPRanges []*string `json:"ipRanges,omitempty" tf:"ip_ranges,omitempty"` + + // Whether the named location is trusted. Defaults to false. + Trusted *bool `json:"trusted,omitempty" tf:"trusted,omitempty"` +} + +type IPObservation struct { + + // List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. Each CIDR prefix must be /8 or larger. + IPRanges []*string `json:"ipRanges,omitempty" tf:"ip_ranges,omitempty"` + + // Whether the named location is trusted. Defaults to false. + Trusted *bool `json:"trusted,omitempty" tf:"trusted,omitempty"` +} + +type IPParameters struct { + + // List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. Each CIDR prefix must be /8 or larger. + // +kubebuilder:validation:Optional + IPRanges []*string `json:"ipRanges" tf:"ip_ranges,omitempty"` + + // Whether the named location is trusted. Defaults to false. + // +kubebuilder:validation:Optional + Trusted *bool `json:"trusted,omitempty" tf:"trusted,omitempty"` +} + +type LocationInitParameters struct { + + // A country block as documented below, which configures a country-based named location. + Country *CountryInitParameters `json:"country,omitempty" tf:"country,omitempty"` + + // The friendly name for this named location. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // An ip block as documented below, which configures an IP-based named location. + IP *IPInitParameters `json:"ip,omitempty" tf:"ip,omitempty"` +} + +type LocationObservation struct { + + // A country block as documented below, which configures a country-based named location. + Country *CountryObservation `json:"country,omitempty" tf:"country,omitempty"` + + // The friendly name for this named location. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The ID of the named location. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // An ip block as documented below, which configures an IP-based named location. + IP *IPObservation `json:"ip,omitempty" tf:"ip,omitempty"` +} + +type LocationParameters struct { + + // A country block as documented below, which configures a country-based named location. + // +kubebuilder:validation:Optional + Country *CountryParameters `json:"country,omitempty" tf:"country,omitempty"` + + // The friendly name for this named location. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // An ip block as documented below, which configures an IP-based named location. + // +kubebuilder:validation:Optional + IP *IPParameters `json:"ip,omitempty" tf:"ip,omitempty"` +} + +// LocationSpec defines the desired state of Location +type LocationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider LocationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider LocationInitParameters `json:"initProvider,omitempty"` +} + +// LocationStatus defines the observed state of Location. +type LocationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider LocationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Location is the Schema for the Locations API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type Location struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + Spec LocationSpec `json:"spec"` + Status LocationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// LocationList contains a list of Locations +type LocationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Location `json:"items"` +} + +// Repository type metadata. +var ( + Location_Kind = "Location" + Location_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Location_Kind}.String() + Location_KindAPIVersion = Location_Kind + "." + CRDGroupVersion.String() + Location_GroupVersionKind = CRDGroupVersion.WithKind(Location_Kind) +) + +func init() { + SchemeBuilder.Register(&Location{}, &LocationList{}) +} diff --git a/apis/directoryroles/v1beta1/zz_generated.resolvers.go b/apis/directoryroles/v1beta1/zz_generated.resolvers.go index aed8f714..4a23b336 100644 --- a/apis/directoryroles/v1beta1/zz_generated.resolvers.go +++ b/apis/directoryroles/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -10,75 +11,91 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" - v1beta1 "github.com/upbound/provider-azuread/apis/users/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) -// ResolveReferences of this RoleAssignment. -func (mg *RoleAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { +func (mg *RoleAssignment) ResolveReferences( // ResolveReferences of this RoleAssignment. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.PrincipalObjectIDRef, - Selector: mg.Spec.ForProvider.PrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.UserList{}, - Managed: &v1beta1.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PrincipalObjectIDRef, + Selector: mg.Spec.ForProvider.PrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalObjectID") } mg.Spec.ForProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.PrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("directoryroles.azuread.upbound.io", "v1beta1", "Role", "RoleList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RoleID), - Extract: resource.ExtractParamPath("template_id", true), - Reference: mg.Spec.ForProvider.RoleIDRef, - Selector: mg.Spec.ForProvider.RoleIDSelector, - To: reference.To{ - List: &RoleList{}, - Managed: &Role{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RoleID), + Extract: resource.ExtractParamPath("template_id", true), + Reference: mg.Spec.ForProvider.RoleIDRef, + Selector: mg.Spec.ForProvider.RoleIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.RoleID") } mg.Spec.ForProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RoleIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, - Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.UserList{}, - Managed: &v1beta1.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.PrincipalObjectID") } mg.Spec.InitProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.PrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("directoryroles.azuread.upbound.io", "v1beta1", "Role", "RoleList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RoleID), - Extract: resource.ExtractParamPath("template_id", true), - Reference: mg.Spec.InitProvider.RoleIDRef, - Selector: mg.Spec.InitProvider.RoleIDSelector, - To: reference.To{ - List: &RoleList{}, - Managed: &Role{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RoleID), + Extract: resource.ExtractParamPath("template_id", true), + Reference: mg.Spec.InitProvider.RoleIDRef, + Selector: mg.Spec.InitProvider.RoleIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.RoleID") } diff --git a/apis/directoryroles/v1beta1/zz_roleassignment_types.go b/apis/directoryroles/v1beta1/zz_roleassignment_types.go index ff459e0c..60bb7090 100755 --- a/apis/directoryroles/v1beta1/zz_roleassignment_types.go +++ b/apis/directoryroles/v1beta1/zz_roleassignment_types.go @@ -44,15 +44,15 @@ type RoleAssignmentInitParameters struct { // The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. // The object ID of the directory role for this assignment - // +crossplane:generate:reference:type=Role + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/directoryroles/v1beta1.Role // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("template_id",true) RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` - // Reference to a Role to populate roleId. + // Reference to a Role in directoryroles to populate roleId. // +kubebuilder:validation:Optional RoleIDRef *v1.Reference `json:"roleIdRef,omitempty" tf:"-"` - // Selector for a Role to populate roleId. + // Selector for a Role in directoryroles to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.Selector `json:"roleIdSelector,omitempty" tf:"-"` } @@ -120,16 +120,16 @@ type RoleAssignmentParameters struct { // The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. // The object ID of the directory role for this assignment - // +crossplane:generate:reference:type=Role + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/directoryroles/v1beta1.Role // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("template_id",true) // +kubebuilder:validation:Optional RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` - // Reference to a Role to populate roleId. + // Reference to a Role in directoryroles to populate roleId. // +kubebuilder:validation:Optional RoleIDRef *v1.Reference `json:"roleIdRef,omitempty" tf:"-"` - // Selector for a Role to populate roleId. + // Selector for a Role in directoryroles to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.Selector `json:"roleIdSelector,omitempty" tf:"-"` } diff --git a/apis/generate.go b/apis/generate.go index fb72b6dd..093839bb 100644 --- a/apis/generate.go +++ b/apis/generate.go @@ -12,7 +12,7 @@ //go:generate rm -rf ../package/crds // Remove generated files -//go:generate bash -c "find . -iname 'zz_*' ! -iname 'zz_generated.managed*.go' -delete" +//go:generate bash -c "find . \\( -iname 'zz_generated.conversion_hubs.go' -o -iname 'zz_generated.conversion_spokes.go' \\) -delete" //go:generate bash -c "find . -type d -empty -delete" //go:generate bash -c "find ../internal/controller -iname 'zz_*' -delete" //go:generate bash -c "find ../internal/controller -type d -empty -delete" @@ -30,6 +30,10 @@ // Generate crossplane-runtime methodsets (resource.Claim, etc) //go:generate go run -tags generate github.com/crossplane/crossplane-tools/cmd/angryjet generate-methodsets --header-file=../hack/boilerplate.go.txt ./... +// Run upjet's transformer for the generated resolvers to get rid of the cross +// API-group imports and to prevent import cycles +//go:generate go run github.com/crossplane/upjet/cmd/resolver -g azuread.upbound.io -a github.com/upbound/provider-azuread/internal/apis -s + package apis import ( diff --git a/apis/groups/v1beta1/zz_generated.conversion_hubs.go b/apis/groups/v1beta1/zz_generated.conversion_hubs.go index 1ca79a07..ea5d2378 100755 --- a/apis/groups/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/groups/v1beta1/zz_generated.conversion_hubs.go @@ -6,8 +6,5 @@ package v1beta1 -// Hub marks this type as a conversion hub. -func (tr *Group) Hub() {} - // Hub marks this type as a conversion hub. func (tr *Member) Hub() {} diff --git a/apis/groups/v1beta1/zz_generated.conversion_spokes.go b/apis/groups/v1beta1/zz_generated.conversion_spokes.go new file mode 100755 index 00000000..6e5344f6 --- /dev/null +++ b/apis/groups/v1beta1/zz_generated.conversion_spokes.go @@ -0,0 +1,34 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + ujconversion "github.com/crossplane/upjet/pkg/controller/conversion" + "github.com/crossplane/upjet/pkg/resource" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/conversion" +) + +// ConvertTo converts this Group to the hub type. +func (tr *Group) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the Group type. +func (tr *Group) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} diff --git a/apis/groups/v1beta1/zz_generated.resolvers.go b/apis/groups/v1beta1/zz_generated.resolvers.go index 38c528f1..24be442e 100644 --- a/apis/groups/v1beta1/zz_generated.resolvers.go +++ b/apis/groups/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -9,75 +10,92 @@ import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" - v1beta1 "github.com/upbound/provider-azuread/apis/users/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" client "sigs.k8s.io/controller-runtime/pkg/client" + + // ResolveReferences of this Member. + apisresolver "github.com/upbound/provider-azuread/internal/apis" ) -// ResolveReferences of this Member. func (mg *Member) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("groups.azuread.upbound.io", "v1beta2", "Group", "GroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.GroupObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.GroupObjectIDRef, - Selector: mg.Spec.ForProvider.GroupObjectIDSelector, - To: reference.To{ - List: &GroupList{}, - Managed: &Group{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.GroupObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.GroupObjectIDRef, + Selector: mg.Spec.ForProvider.GroupObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.GroupObjectID") } mg.Spec.ForProvider.GroupObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.GroupObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.MemberObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.MemberObjectIDRef, - Selector: mg.Spec.ForProvider.MemberObjectIDSelector, - To: reference.To{ - List: &v1beta1.UserList{}, - Managed: &v1beta1.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.MemberObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.MemberObjectIDRef, + Selector: mg.Spec.ForProvider.MemberObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.MemberObjectID") } mg.Spec.ForProvider.MemberObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.MemberObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("groups.azuread.upbound.io", "v1beta2", "Group", "GroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.GroupObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.GroupObjectIDRef, - Selector: mg.Spec.InitProvider.GroupObjectIDSelector, - To: reference.To{ - List: &GroupList{}, - Managed: &Group{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.GroupObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.GroupObjectIDRef, + Selector: mg.Spec.InitProvider.GroupObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.GroupObjectID") } mg.Spec.InitProvider.GroupObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.GroupObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.MemberObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.MemberObjectIDRef, - Selector: mg.Spec.InitProvider.MemberObjectIDSelector, - To: reference.To{ - List: &v1beta1.UserList{}, - Managed: &v1beta1.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.MemberObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.MemberObjectIDRef, + Selector: mg.Spec.InitProvider.MemberObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.MemberObjectID") } diff --git a/apis/groups/v1beta1/zz_member_types.go b/apis/groups/v1beta1/zz_member_types.go index 1e031410..77c5ba98 100755 --- a/apis/groups/v1beta1/zz_member_types.go +++ b/apis/groups/v1beta1/zz_member_types.go @@ -17,14 +17,14 @@ type MemberInitParameters struct { // The object ID of the group you want to add the member to. Changing this forces a new resource to be created. // The object ID of the group you want to add the member to - // +crossplane:generate:reference:type=Group + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/groups/v1beta2.Group GroupObjectID *string `json:"groupObjectId,omitempty" tf:"group_object_id,omitempty"` - // Reference to a Group to populate groupObjectId. + // Reference to a Group in groups to populate groupObjectId. // +kubebuilder:validation:Optional GroupObjectIDRef *v1.Reference `json:"groupObjectIdRef,omitempty" tf:"-"` - // Selector for a Group to populate groupObjectId. + // Selector for a Group in groups to populate groupObjectId. // +kubebuilder:validation:Optional GroupObjectIDSelector *v1.Selector `json:"groupObjectIdSelector,omitempty" tf:"-"` @@ -59,15 +59,15 @@ type MemberParameters struct { // The object ID of the group you want to add the member to. Changing this forces a new resource to be created. // The object ID of the group you want to add the member to - // +crossplane:generate:reference:type=Group + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/groups/v1beta2.Group // +kubebuilder:validation:Optional GroupObjectID *string `json:"groupObjectId,omitempty" tf:"group_object_id,omitempty"` - // Reference to a Group to populate groupObjectId. + // Reference to a Group in groups to populate groupObjectId. // +kubebuilder:validation:Optional GroupObjectIDRef *v1.Reference `json:"groupObjectIdRef,omitempty" tf:"-"` - // Selector for a Group to populate groupObjectId. + // Selector for a Group in groups to populate groupObjectId. // +kubebuilder:validation:Optional GroupObjectIDSelector *v1.Selector `json:"groupObjectIdSelector,omitempty" tf:"-"` diff --git a/apis/groups/v1beta2/zz_generated.conversion_hubs.go b/apis/groups/v1beta2/zz_generated.conversion_hubs.go new file mode 100755 index 00000000..471e2253 --- /dev/null +++ b/apis/groups/v1beta2/zz_generated.conversion_hubs.go @@ -0,0 +1,10 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +// Hub marks this type as a conversion hub. +func (tr *Group) Hub() {} diff --git a/apis/groups/v1beta2/zz_generated.deepcopy.go b/apis/groups/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 00000000..39b80e41 --- /dev/null +++ b/apis/groups/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,721 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicMembershipInitParameters) DeepCopyInto(out *DynamicMembershipInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicMembershipInitParameters. +func (in *DynamicMembershipInitParameters) DeepCopy() *DynamicMembershipInitParameters { + if in == nil { + return nil + } + out := new(DynamicMembershipInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicMembershipObservation) DeepCopyInto(out *DynamicMembershipObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicMembershipObservation. +func (in *DynamicMembershipObservation) DeepCopy() *DynamicMembershipObservation { + if in == nil { + return nil + } + out := new(DynamicMembershipObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicMembershipParameters) DeepCopyInto(out *DynamicMembershipParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicMembershipParameters. +func (in *DynamicMembershipParameters) DeepCopy() *DynamicMembershipParameters { + if in == nil { + return nil + } + out := new(DynamicMembershipParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Group) DeepCopyInto(out *Group) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Group. +func (in *Group) DeepCopy() *Group { + if in == nil { + return nil + } + out := new(Group) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Group) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupInitParameters) DeepCopyInto(out *GroupInitParameters) { + *out = *in + if in.AdministrativeUnitIds != nil { + in, out := &in.AdministrativeUnitIds, &out.AdministrativeUnitIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AssignableToRole != nil { + in, out := &in.AssignableToRole, &out.AssignableToRole + *out = new(bool) + **out = **in + } + if in.AutoSubscribeNewMembers != nil { + in, out := &in.AutoSubscribeNewMembers, &out.AutoSubscribeNewMembers + *out = new(bool) + **out = **in + } + if in.Behaviors != nil { + in, out := &in.Behaviors, &out.Behaviors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.DynamicMembership != nil { + in, out := &in.DynamicMembership, &out.DynamicMembership + *out = new(DynamicMembershipInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ExternalSendersAllowed != nil { + in, out := &in.ExternalSendersAllowed, &out.ExternalSendersAllowed + *out = new(bool) + **out = **in + } + if in.HideFromAddressLists != nil { + in, out := &in.HideFromAddressLists, &out.HideFromAddressLists + *out = new(bool) + **out = **in + } + if in.HideFromOutlookClients != nil { + in, out := &in.HideFromOutlookClients, &out.HideFromOutlookClients + *out = new(bool) + **out = **in + } + if in.MailEnabled != nil { + in, out := &in.MailEnabled, &out.MailEnabled + *out = new(bool) + **out = **in + } + if in.MailNickname != nil { + in, out := &in.MailNickname, &out.MailNickname + *out = new(string) + **out = **in + } + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.OnpremisesGroupType != nil { + in, out := &in.OnpremisesGroupType, &out.OnpremisesGroupType + *out = new(string) + **out = **in + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.ProvisioningOptions != nil { + in, out := &in.ProvisioningOptions, &out.ProvisioningOptions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SecurityEnabled != nil { + in, out := &in.SecurityEnabled, &out.SecurityEnabled + *out = new(bool) + **out = **in + } + if in.Theme != nil { + in, out := &in.Theme, &out.Theme + *out = new(string) + **out = **in + } + if in.Types != nil { + in, out := &in.Types, &out.Types + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Visibility != nil { + in, out := &in.Visibility, &out.Visibility + *out = new(string) + **out = **in + } + if in.WritebackEnabled != nil { + in, out := &in.WritebackEnabled, &out.WritebackEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupInitParameters. +func (in *GroupInitParameters) DeepCopy() *GroupInitParameters { + if in == nil { + return nil + } + out := new(GroupInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupList) DeepCopyInto(out *GroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Group, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupList. +func (in *GroupList) DeepCopy() *GroupList { + if in == nil { + return nil + } + out := new(GroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { + *out = *in + if in.AdministrativeUnitIds != nil { + in, out := &in.AdministrativeUnitIds, &out.AdministrativeUnitIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AssignableToRole != nil { + in, out := &in.AssignableToRole, &out.AssignableToRole + *out = new(bool) + **out = **in + } + if in.AutoSubscribeNewMembers != nil { + in, out := &in.AutoSubscribeNewMembers, &out.AutoSubscribeNewMembers + *out = new(bool) + **out = **in + } + if in.Behaviors != nil { + in, out := &in.Behaviors, &out.Behaviors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.DynamicMembership != nil { + in, out := &in.DynamicMembership, &out.DynamicMembership + *out = new(DynamicMembershipObservation) + (*in).DeepCopyInto(*out) + } + if in.ExternalSendersAllowed != nil { + in, out := &in.ExternalSendersAllowed, &out.ExternalSendersAllowed + *out = new(bool) + **out = **in + } + if in.HideFromAddressLists != nil { + in, out := &in.HideFromAddressLists, &out.HideFromAddressLists + *out = new(bool) + **out = **in + } + if in.HideFromOutlookClients != nil { + in, out := &in.HideFromOutlookClients, &out.HideFromOutlookClients + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Mail != nil { + in, out := &in.Mail, &out.Mail + *out = new(string) + **out = **in + } + if in.MailEnabled != nil { + in, out := &in.MailEnabled, &out.MailEnabled + *out = new(bool) + **out = **in + } + if in.MailNickname != nil { + in, out := &in.MailNickname, &out.MailNickname + *out = new(string) + **out = **in + } + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ObjectID != nil { + in, out := &in.ObjectID, &out.ObjectID + *out = new(string) + **out = **in + } + if in.OnpremisesDomainName != nil { + in, out := &in.OnpremisesDomainName, &out.OnpremisesDomainName + *out = new(string) + **out = **in + } + if in.OnpremisesGroupType != nil { + in, out := &in.OnpremisesGroupType, &out.OnpremisesGroupType + *out = new(string) + **out = **in + } + if in.OnpremisesNetbiosName != nil { + in, out := &in.OnpremisesNetbiosName, &out.OnpremisesNetbiosName + *out = new(string) + **out = **in + } + if in.OnpremisesSamAccountName != nil { + in, out := &in.OnpremisesSamAccountName, &out.OnpremisesSamAccountName + *out = new(string) + **out = **in + } + if in.OnpremisesSecurityIdentifier != nil { + in, out := &in.OnpremisesSecurityIdentifier, &out.OnpremisesSecurityIdentifier + *out = new(string) + **out = **in + } + if in.OnpremisesSyncEnabled != nil { + in, out := &in.OnpremisesSyncEnabled, &out.OnpremisesSyncEnabled + *out = new(bool) + **out = **in + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.ProvisioningOptions != nil { + in, out := &in.ProvisioningOptions, &out.ProvisioningOptions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ProxyAddresses != nil { + in, out := &in.ProxyAddresses, &out.ProxyAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SecurityEnabled != nil { + in, out := &in.SecurityEnabled, &out.SecurityEnabled + *out = new(bool) + **out = **in + } + if in.Theme != nil { + in, out := &in.Theme, &out.Theme + *out = new(string) + **out = **in + } + if in.Types != nil { + in, out := &in.Types, &out.Types + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Visibility != nil { + in, out := &in.Visibility, &out.Visibility + *out = new(string) + **out = **in + } + if in.WritebackEnabled != nil { + in, out := &in.WritebackEnabled, &out.WritebackEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupObservation. +func (in *GroupObservation) DeepCopy() *GroupObservation { + if in == nil { + return nil + } + out := new(GroupObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { + *out = *in + if in.AdministrativeUnitIds != nil { + in, out := &in.AdministrativeUnitIds, &out.AdministrativeUnitIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AssignableToRole != nil { + in, out := &in.AssignableToRole, &out.AssignableToRole + *out = new(bool) + **out = **in + } + if in.AutoSubscribeNewMembers != nil { + in, out := &in.AutoSubscribeNewMembers, &out.AutoSubscribeNewMembers + *out = new(bool) + **out = **in + } + if in.Behaviors != nil { + in, out := &in.Behaviors, &out.Behaviors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.DynamicMembership != nil { + in, out := &in.DynamicMembership, &out.DynamicMembership + *out = new(DynamicMembershipParameters) + (*in).DeepCopyInto(*out) + } + if in.ExternalSendersAllowed != nil { + in, out := &in.ExternalSendersAllowed, &out.ExternalSendersAllowed + *out = new(bool) + **out = **in + } + if in.HideFromAddressLists != nil { + in, out := &in.HideFromAddressLists, &out.HideFromAddressLists + *out = new(bool) + **out = **in + } + if in.HideFromOutlookClients != nil { + in, out := &in.HideFromOutlookClients, &out.HideFromOutlookClients + *out = new(bool) + **out = **in + } + if in.MailEnabled != nil { + in, out := &in.MailEnabled, &out.MailEnabled + *out = new(bool) + **out = **in + } + if in.MailNickname != nil { + in, out := &in.MailNickname, &out.MailNickname + *out = new(string) + **out = **in + } + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.OnpremisesGroupType != nil { + in, out := &in.OnpremisesGroupType, &out.OnpremisesGroupType + *out = new(string) + **out = **in + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.ProvisioningOptions != nil { + in, out := &in.ProvisioningOptions, &out.ProvisioningOptions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SecurityEnabled != nil { + in, out := &in.SecurityEnabled, &out.SecurityEnabled + *out = new(bool) + **out = **in + } + if in.Theme != nil { + in, out := &in.Theme, &out.Theme + *out = new(string) + **out = **in + } + if in.Types != nil { + in, out := &in.Types, &out.Types + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Visibility != nil { + in, out := &in.Visibility, &out.Visibility + *out = new(string) + **out = **in + } + if in.WritebackEnabled != nil { + in, out := &in.WritebackEnabled, &out.WritebackEnabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupParameters. +func (in *GroupParameters) DeepCopy() *GroupParameters { + if in == nil { + return nil + } + out := new(GroupParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec. +func (in *GroupSpec) DeepCopy() *GroupSpec { + if in == nil { + return nil + } + out := new(GroupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupStatus) DeepCopyInto(out *GroupStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus. +func (in *GroupStatus) DeepCopy() *GroupStatus { + if in == nil { + return nil + } + out := new(GroupStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/groups/v1beta2/zz_generated.managed.go b/apis/groups/v1beta2/zz_generated.managed.go new file mode 100644 index 00000000..93fa4677 --- /dev/null +++ b/apis/groups/v1beta2/zz_generated.managed.go @@ -0,0 +1,68 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Group. +func (mg *Group) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Group. +func (mg *Group) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Group. +func (mg *Group) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Group. +func (mg *Group) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Group. +func (mg *Group) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Group. +func (mg *Group) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Group. +func (mg *Group) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Group. +func (mg *Group) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Group. +func (mg *Group) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Group. +func (mg *Group) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Group. +func (mg *Group) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Group. +func (mg *Group) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/groups/v1beta2/zz_generated.managedlist.go b/apis/groups/v1beta2/zz_generated.managedlist.go new file mode 100644 index 00000000..5274ced3 --- /dev/null +++ b/apis/groups/v1beta2/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this GroupList. +func (l *GroupList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/groups/v1beta2/zz_group_terraformed.go b/apis/groups/v1beta2/zz_group_terraformed.go new file mode 100755 index 00000000..e4552130 --- /dev/null +++ b/apis/groups/v1beta2/zz_group_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Group +func (mg *Group) GetTerraformResourceType() string { + return "azuread_group" +} + +// GetConnectionDetailsMapping for this Group +func (tr *Group) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Group +func (tr *Group) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Group +func (tr *Group) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Group +func (tr *Group) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Group +func (tr *Group) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Group +func (tr *Group) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Group +func (tr *Group) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Group +func (tr *Group) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Group using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Group) LateInitialize(attrs []byte) (bool, error) { + params := &GroupParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Group) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/groups/v1beta2/zz_group_types.go b/apis/groups/v1beta2/zz_group_types.go new file mode 100755 index 00000000..4a5e923a --- /dev/null +++ b/apis/groups/v1beta2/zz_group_types.go @@ -0,0 +1,458 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type DynamicMembershipInitParameters struct { + + // Whether rule processing is "On" (true) or "Paused" (false). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + // Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` +} + +type DynamicMembershipObservation struct { + + // Whether rule processing is "On" (true) or "Paused" (false). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + // Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` +} + +type DynamicMembershipParameters struct { + + // Whether rule processing is "On" (true) or "Paused" (false). + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + + // The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + // Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + // +kubebuilder:validation:Optional + Rule *string `json:"rule" tf:"rule,omitempty"` +} + +type GroupInitParameters struct { + + // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + // +listType=set + AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` + + // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` + + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + AutoSubscribeNewMembers *bool `json:"autoSubscribeNewMembers,omitempty" tf:"auto_subscribe_new_members,omitempty"` + + // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + // The group behaviours for a Microsoft 365 group + // +listType=set + Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` + + // The description for the group. + // The description for the group + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name for the group. + // The display name for the group + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + // An optional block to configure dynamic membership for the group. Cannot be used with `members` + DynamicMembership *DynamicMembershipInitParameters `json:"dynamicMembership,omitempty" tf:"dynamic_membership,omitempty"` + + // Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + // Indicates whether people external to the organization can send messages to the group. + ExternalSendersAllowed *bool `json:"externalSendersAllowed,omitempty" tf:"external_senders_allowed,omitempty"` + + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + HideFromAddressLists *bool `json:"hideFromAddressLists,omitempty" tf:"hide_from_address_lists,omitempty"` + + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + HideFromOutlookClients *bool `json:"hideFromOutlookClients,omitempty" tf:"hide_from_outlook_clients,omitempty"` + + // Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + // Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + MailEnabled *bool `json:"mailEnabled,omitempty" tf:"mail_enabled,omitempty"` + + // The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + // The mail alias for the group, unique in the organisation + MailNickname *string `json:"mailNickname,omitempty" tf:"mail_nickname,omitempty"` + + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + // +listType=set + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + // Indicates the target on-premise group type the group will be written back as + OnpremisesGroupType *string `json:"onpremisesGroupType,omitempty" tf:"onpremises_group_type,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + // A set of owners who own this group. Supported object types are Users or Service Principals + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing group is found with the same name. Defaults to false. + // If `true`, will return an error if an existing group is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + // The group provisioning options for a Microsoft 365 group + // +listType=set + ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` + + // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + // Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + SecurityEnabled *bool `json:"securityEnabled,omitempty" tf:"security_enabled,omitempty"` + + // The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + // The colour theme for a Microsoft 365 group + Theme *string `json:"theme,omitempty" tf:"theme,omitempty"` + + // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + // +listType=set + Types []*string `json:"types,omitempty" tf:"types,omitempty"` + + // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + // Specifies the group join policy and group content visibility + Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` + + // Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + // Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + WritebackEnabled *bool `json:"writebackEnabled,omitempty" tf:"writeback_enabled,omitempty"` +} + +type GroupObservation struct { + + // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + // +listType=set + AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` + + // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` + + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + AutoSubscribeNewMembers *bool `json:"autoSubscribeNewMembers,omitempty" tf:"auto_subscribe_new_members,omitempty"` + + // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + // The group behaviours for a Microsoft 365 group + // +listType=set + Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` + + // The description for the group. + // The description for the group + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name for the group. + // The display name for the group + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + // An optional block to configure dynamic membership for the group. Cannot be used with `members` + DynamicMembership *DynamicMembershipObservation `json:"dynamicMembership,omitempty" tf:"dynamic_membership,omitempty"` + + // Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + // Indicates whether people external to the organization can send messages to the group. + ExternalSendersAllowed *bool `json:"externalSendersAllowed,omitempty" tf:"external_senders_allowed,omitempty"` + + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + HideFromAddressLists *bool `json:"hideFromAddressLists,omitempty" tf:"hide_from_address_lists,omitempty"` + + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + HideFromOutlookClients *bool `json:"hideFromOutlookClients,omitempty" tf:"hide_from_outlook_clients,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The SMTP address for the group. + // The SMTP address for the group + Mail *string `json:"mail,omitempty" tf:"mail,omitempty"` + + // Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + // Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + MailEnabled *bool `json:"mailEnabled,omitempty" tf:"mail_enabled,omitempty"` + + // The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + // The mail alias for the group, unique in the organisation + MailNickname *string `json:"mailNickname,omitempty" tf:"mail_nickname,omitempty"` + + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + // +listType=set + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The object ID of the group. + // The object ID of the group + ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + + // The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used. + // The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used + OnpremisesDomainName *string `json:"onpremisesDomainName,omitempty" tf:"onpremises_domain_name,omitempty"` + + // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + // Indicates the target on-premise group type the group will be written back as + OnpremisesGroupType *string `json:"onpremisesGroupType,omitempty" tf:"onpremises_group_type,omitempty"` + + // The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used. + // The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used + OnpremisesNetbiosName *string `json:"onpremisesNetbiosName,omitempty" tf:"onpremises_netbios_name,omitempty"` + + // The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used. + // The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used + OnpremisesSamAccountName *string `json:"onpremisesSamAccountName,omitempty" tf:"onpremises_sam_account_name,omitempty"` + + // The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used. + // The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used + OnpremisesSecurityIdentifier *string `json:"onpremisesSecurityIdentifier,omitempty" tf:"onpremises_security_identifier,omitempty"` + + // Whether this group is synchronised from an on-premises directory (true), no longer synchronised (false), or has never been synchronised (null). + // Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null) + OnpremisesSyncEnabled *bool `json:"onpremisesSyncEnabled,omitempty" tf:"onpremises_sync_enabled,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + // A set of owners who own this group. Supported object types are Users or Service Principals + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // The preferred language for a Microsoft 365 group, in ISO 639-1 notation. + // The preferred language for a Microsoft 365 group, in ISO 639-1 notation + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // If true, will return an error if an existing group is found with the same name. Defaults to false. + // If `true`, will return an error if an existing group is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + // The group provisioning options for a Microsoft 365 group + // +listType=set + ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` + + // List of email addresses for the group that direct to the same group mailbox. + // Email addresses for the group that direct to the same group mailbox + ProxyAddresses []*string `json:"proxyAddresses,omitempty" tf:"proxy_addresses,omitempty"` + + // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + // Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + SecurityEnabled *bool `json:"securityEnabled,omitempty" tf:"security_enabled,omitempty"` + + // The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + // The colour theme for a Microsoft 365 group + Theme *string `json:"theme,omitempty" tf:"theme,omitempty"` + + // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + // +listType=set + Types []*string `json:"types,omitempty" tf:"types,omitempty"` + + // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + // Specifies the group join policy and group content visibility + Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` + + // Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + // Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + WritebackEnabled *bool `json:"writebackEnabled,omitempty" tf:"writeback_enabled,omitempty"` +} + +type GroupParameters struct { + + // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + // +kubebuilder:validation:Optional + // +listType=set + AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` + + // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + // +kubebuilder:validation:Optional + AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` + + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + // +kubebuilder:validation:Optional + AutoSubscribeNewMembers *bool `json:"autoSubscribeNewMembers,omitempty" tf:"auto_subscribe_new_members,omitempty"` + + // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + // The group behaviours for a Microsoft 365 group + // +kubebuilder:validation:Optional + // +listType=set + Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` + + // The description for the group. + // The description for the group + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name for the group. + // The display name for the group + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + // An optional block to configure dynamic membership for the group. Cannot be used with `members` + // +kubebuilder:validation:Optional + DynamicMembership *DynamicMembershipParameters `json:"dynamicMembership,omitempty" tf:"dynamic_membership,omitempty"` + + // Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + // Indicates whether people external to the organization can send messages to the group. + // +kubebuilder:validation:Optional + ExternalSendersAllowed *bool `json:"externalSendersAllowed,omitempty" tf:"external_senders_allowed,omitempty"` + + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + // +kubebuilder:validation:Optional + HideFromAddressLists *bool `json:"hideFromAddressLists,omitempty" tf:"hide_from_address_lists,omitempty"` + + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + // +kubebuilder:validation:Optional + HideFromOutlookClients *bool `json:"hideFromOutlookClients,omitempty" tf:"hide_from_outlook_clients,omitempty"` + + // Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + // Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + // +kubebuilder:validation:Optional + MailEnabled *bool `json:"mailEnabled,omitempty" tf:"mail_enabled,omitempty"` + + // The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + // The mail alias for the group, unique in the organisation + // +kubebuilder:validation:Optional + MailNickname *string `json:"mailNickname,omitempty" tf:"mail_nickname,omitempty"` + + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + // +kubebuilder:validation:Optional + // +listType=set + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + + // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + // Indicates the target on-premise group type the group will be written back as + // +kubebuilder:validation:Optional + OnpremisesGroupType *string `json:"onpremisesGroupType,omitempty" tf:"onpremises_group_type,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + // A set of owners who own this group. Supported object types are Users or Service Principals + // +kubebuilder:validation:Optional + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing group is found with the same name. Defaults to false. + // If `true`, will return an error if an existing group is found with the same name + // +kubebuilder:validation:Optional + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + // The group provisioning options for a Microsoft 365 group + // +kubebuilder:validation:Optional + // +listType=set + ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` + + // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + // Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + // +kubebuilder:validation:Optional + SecurityEnabled *bool `json:"securityEnabled,omitempty" tf:"security_enabled,omitempty"` + + // The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + // The colour theme for a Microsoft 365 group + // +kubebuilder:validation:Optional + Theme *string `json:"theme,omitempty" tf:"theme,omitempty"` + + // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + // +kubebuilder:validation:Optional + // +listType=set + Types []*string `json:"types,omitempty" tf:"types,omitempty"` + + // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + // Specifies the group join policy and group content visibility + // +kubebuilder:validation:Optional + Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` + + // Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + // Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + // +kubebuilder:validation:Optional + WritebackEnabled *bool `json:"writebackEnabled,omitempty" tf:"writeback_enabled,omitempty"` +} + +// GroupSpec defines the desired state of Group +type GroupSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider GroupParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider GroupInitParameters `json:"initProvider,omitempty"` +} + +// GroupStatus defines the observed state of Group. +type GroupStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider GroupObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Group is the Schema for the Groups API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type Group struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + Spec GroupSpec `json:"spec"` + Status GroupStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupList contains a list of Groups +type GroupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Group `json:"items"` +} + +// Repository type metadata. +var ( + Group_Kind = "Group" + Group_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Group_Kind}.String() + Group_KindAPIVersion = Group_Kind + "." + CRDGroupVersion.String() + Group_GroupVersionKind = CRDGroupVersion.WithKind(Group_Kind) +) + +func init() { + SchemeBuilder.Register(&Group{}, &GroupList{}) +} diff --git a/apis/groups/v1beta2/zz_groupversion_info.go b/apis/groups/v1beta2/zz_groupversion_info.go new file mode 100755 index 00000000..f2bf0865 --- /dev/null +++ b/apis/groups/v1beta2/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=groups.azuread.upbound.io +// +versionName=v1beta2 +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "groups.azuread.upbound.io" + CRDVersion = "v1beta2" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/invitations/v1beta1/zz_generated.conversion_spokes.go b/apis/invitations/v1beta1/zz_generated.conversion_spokes.go new file mode 100755 index 00000000..baaae8a1 --- /dev/null +++ b/apis/invitations/v1beta1/zz_generated.conversion_spokes.go @@ -0,0 +1,34 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + ujconversion "github.com/crossplane/upjet/pkg/controller/conversion" + "github.com/crossplane/upjet/pkg/resource" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/conversion" +) + +// ConvertTo converts this Invitation to the hub type. +func (tr *Invitation) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the Invitation type. +func (tr *Invitation) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} diff --git a/apis/invitations/v1beta1/zz_generated.conversion_hubs.go b/apis/invitations/v1beta2/zz_generated.conversion_hubs.go similarity index 93% rename from apis/invitations/v1beta1/zz_generated.conversion_hubs.go rename to apis/invitations/v1beta2/zz_generated.conversion_hubs.go index c0a960d6..e6d8c1c9 100755 --- a/apis/invitations/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/invitations/v1beta2/zz_generated.conversion_hubs.go @@ -4,7 +4,7 @@ // Code generated by upjet. DO NOT EDIT. -package v1beta1 +package v1beta2 // Hub marks this type as a conversion hub. func (tr *Invitation) Hub() {} diff --git a/apis/invitations/v1beta2/zz_generated.deepcopy.go b/apis/invitations/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 00000000..595f9c60 --- /dev/null +++ b/apis/invitations/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,350 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Invitation) DeepCopyInto(out *Invitation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Invitation. +func (in *Invitation) DeepCopy() *Invitation { + if in == nil { + return nil + } + out := new(Invitation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Invitation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationInitParameters) DeepCopyInto(out *InvitationInitParameters) { + *out = *in + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(MessageInitParameters) + (*in).DeepCopyInto(*out) + } + if in.RedirectURL != nil { + in, out := &in.RedirectURL, &out.RedirectURL + *out = new(string) + **out = **in + } + if in.UserDisplayName != nil { + in, out := &in.UserDisplayName, &out.UserDisplayName + *out = new(string) + **out = **in + } + if in.UserEmailAddress != nil { + in, out := &in.UserEmailAddress, &out.UserEmailAddress + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationInitParameters. +func (in *InvitationInitParameters) DeepCopy() *InvitationInitParameters { + if in == nil { + return nil + } + out := new(InvitationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationList) DeepCopyInto(out *InvitationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Invitation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationList. +func (in *InvitationList) DeepCopy() *InvitationList { + if in == nil { + return nil + } + out := new(InvitationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InvitationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationObservation) DeepCopyInto(out *InvitationObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(MessageObservation) + (*in).DeepCopyInto(*out) + } + if in.RedeemURL != nil { + in, out := &in.RedeemURL, &out.RedeemURL + *out = new(string) + **out = **in + } + if in.RedirectURL != nil { + in, out := &in.RedirectURL, &out.RedirectURL + *out = new(string) + **out = **in + } + if in.UserDisplayName != nil { + in, out := &in.UserDisplayName, &out.UserDisplayName + *out = new(string) + **out = **in + } + if in.UserEmailAddress != nil { + in, out := &in.UserEmailAddress, &out.UserEmailAddress + *out = new(string) + **out = **in + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationObservation. +func (in *InvitationObservation) DeepCopy() *InvitationObservation { + if in == nil { + return nil + } + out := new(InvitationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationParameters) DeepCopyInto(out *InvitationParameters) { + *out = *in + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(MessageParameters) + (*in).DeepCopyInto(*out) + } + if in.RedirectURL != nil { + in, out := &in.RedirectURL, &out.RedirectURL + *out = new(string) + **out = **in + } + if in.UserDisplayName != nil { + in, out := &in.UserDisplayName, &out.UserDisplayName + *out = new(string) + **out = **in + } + if in.UserEmailAddress != nil { + in, out := &in.UserEmailAddress, &out.UserEmailAddress + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationParameters. +func (in *InvitationParameters) DeepCopy() *InvitationParameters { + if in == nil { + return nil + } + out := new(InvitationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationSpec) DeepCopyInto(out *InvitationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationSpec. +func (in *InvitationSpec) DeepCopy() *InvitationSpec { + if in == nil { + return nil + } + out := new(InvitationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InvitationStatus) DeepCopyInto(out *InvitationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationStatus. +func (in *InvitationStatus) DeepCopy() *InvitationStatus { + if in == nil { + return nil + } + out := new(InvitationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessageInitParameters) DeepCopyInto(out *MessageInitParameters) { + *out = *in + if in.AdditionalRecipients != nil { + in, out := &in.AdditionalRecipients, &out.AdditionalRecipients + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Body != nil { + in, out := &in.Body, &out.Body + *out = new(string) + **out = **in + } + if in.Language != nil { + in, out := &in.Language, &out.Language + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessageInitParameters. +func (in *MessageInitParameters) DeepCopy() *MessageInitParameters { + if in == nil { + return nil + } + out := new(MessageInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessageObservation) DeepCopyInto(out *MessageObservation) { + *out = *in + if in.AdditionalRecipients != nil { + in, out := &in.AdditionalRecipients, &out.AdditionalRecipients + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Body != nil { + in, out := &in.Body, &out.Body + *out = new(string) + **out = **in + } + if in.Language != nil { + in, out := &in.Language, &out.Language + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessageObservation. +func (in *MessageObservation) DeepCopy() *MessageObservation { + if in == nil { + return nil + } + out := new(MessageObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MessageParameters) DeepCopyInto(out *MessageParameters) { + *out = *in + if in.AdditionalRecipients != nil { + in, out := &in.AdditionalRecipients, &out.AdditionalRecipients + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Body != nil { + in, out := &in.Body, &out.Body + *out = new(string) + **out = **in + } + if in.Language != nil { + in, out := &in.Language, &out.Language + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessageParameters. +func (in *MessageParameters) DeepCopy() *MessageParameters { + if in == nil { + return nil + } + out := new(MessageParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/invitations/v1beta2/zz_generated.managed.go b/apis/invitations/v1beta2/zz_generated.managed.go new file mode 100644 index 00000000..f33c8cc7 --- /dev/null +++ b/apis/invitations/v1beta2/zz_generated.managed.go @@ -0,0 +1,68 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Invitation. +func (mg *Invitation) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Invitation. +func (mg *Invitation) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Invitation. +func (mg *Invitation) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Invitation. +func (mg *Invitation) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Invitation. +func (mg *Invitation) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Invitation. +func (mg *Invitation) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Invitation. +func (mg *Invitation) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Invitation. +func (mg *Invitation) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Invitation. +func (mg *Invitation) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Invitation. +func (mg *Invitation) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Invitation. +func (mg *Invitation) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Invitation. +func (mg *Invitation) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/invitations/v1beta2/zz_generated.managedlist.go b/apis/invitations/v1beta2/zz_generated.managedlist.go new file mode 100644 index 00000000..b45d7cab --- /dev/null +++ b/apis/invitations/v1beta2/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this InvitationList. +func (l *InvitationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/invitations/v1beta2/zz_groupversion_info.go b/apis/invitations/v1beta2/zz_groupversion_info.go new file mode 100755 index 00000000..fc6631d6 --- /dev/null +++ b/apis/invitations/v1beta2/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=invitations.azuread.upbound.io +// +versionName=v1beta2 +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "invitations.azuread.upbound.io" + CRDVersion = "v1beta2" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/invitations/v1beta2/zz_invitation_terraformed.go b/apis/invitations/v1beta2/zz_invitation_terraformed.go new file mode 100755 index 00000000..4673483f --- /dev/null +++ b/apis/invitations/v1beta2/zz_invitation_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Invitation +func (mg *Invitation) GetTerraformResourceType() string { + return "azuread_invitation" +} + +// GetConnectionDetailsMapping for this Invitation +func (tr *Invitation) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Invitation +func (tr *Invitation) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Invitation +func (tr *Invitation) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Invitation +func (tr *Invitation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Invitation +func (tr *Invitation) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Invitation +func (tr *Invitation) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Invitation +func (tr *Invitation) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Invitation +func (tr *Invitation) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Invitation using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Invitation) LateInitialize(attrs []byte) (bool, error) { + params := &InvitationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Invitation) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/invitations/v1beta2/zz_invitation_types.go b/apis/invitations/v1beta2/zz_invitation_types.go new file mode 100755 index 00000000..0c5282f3 --- /dev/null +++ b/apis/invitations/v1beta2/zz_invitation_types.go @@ -0,0 +1,207 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type InvitationInitParameters struct { + + // A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + // Customize the message sent to the invited user + Message *MessageInitParameters `json:"message,omitempty" tf:"message,omitempty"` + + // The URL that the user should be redirected to once the invitation is redeemed. + // The URL that the user should be redirected to once the invitation is redeemed + RedirectURL *string `json:"redirectUrl,omitempty" tf:"redirect_url,omitempty"` + + // The display name of the user being invited. + // The display name of the user being invited + UserDisplayName *string `json:"userDisplayName,omitempty" tf:"user_display_name,omitempty"` + + // The email address of the user being invited. + // The email address of the user being invited + UserEmailAddress *string `json:"userEmailAddress,omitempty" tf:"user_email_address,omitempty"` + + // The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + // The user type of the user being invited + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type InvitationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + // Customize the message sent to the invited user + Message *MessageObservation `json:"message,omitempty" tf:"message,omitempty"` + + // The URL the user can use to redeem their invitation. + // The URL the user can use to redeem their invitation + RedeemURL *string `json:"redeemUrl,omitempty" tf:"redeem_url,omitempty"` + + // The URL that the user should be redirected to once the invitation is redeemed. + // The URL that the user should be redirected to once the invitation is redeemed + RedirectURL *string `json:"redirectUrl,omitempty" tf:"redirect_url,omitempty"` + + // The display name of the user being invited. + // The display name of the user being invited + UserDisplayName *string `json:"userDisplayName,omitempty" tf:"user_display_name,omitempty"` + + // The email address of the user being invited. + // The email address of the user being invited + UserEmailAddress *string `json:"userEmailAddress,omitempty" tf:"user_email_address,omitempty"` + + // Object ID of the invited user. + // Object ID of the invited user + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + // The user type of the user being invited + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type InvitationParameters struct { + + // A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + // Customize the message sent to the invited user + // +kubebuilder:validation:Optional + Message *MessageParameters `json:"message,omitempty" tf:"message,omitempty"` + + // The URL that the user should be redirected to once the invitation is redeemed. + // The URL that the user should be redirected to once the invitation is redeemed + // +kubebuilder:validation:Optional + RedirectURL *string `json:"redirectUrl,omitempty" tf:"redirect_url,omitempty"` + + // The display name of the user being invited. + // The display name of the user being invited + // +kubebuilder:validation:Optional + UserDisplayName *string `json:"userDisplayName,omitempty" tf:"user_display_name,omitempty"` + + // The email address of the user being invited. + // The email address of the user being invited + // +kubebuilder:validation:Optional + UserEmailAddress *string `json:"userEmailAddress,omitempty" tf:"user_email_address,omitempty"` + + // The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + // The user type of the user being invited + // +kubebuilder:validation:Optional + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type MessageInitParameters struct { + + // Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + // Email addresses of additional recipients the invitation message should be sent to + AdditionalRecipients []*string `json:"additionalRecipients,omitempty" tf:"additional_recipients,omitempty"` + + // Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + // Customized message body you want to send if you don't want to send the default message + Body *string `json:"body,omitempty" tf:"body,omitempty"` + + // The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + // The language you want to send the default message in + Language *string `json:"language,omitempty" tf:"language,omitempty"` +} + +type MessageObservation struct { + + // Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + // Email addresses of additional recipients the invitation message should be sent to + AdditionalRecipients []*string `json:"additionalRecipients,omitempty" tf:"additional_recipients,omitempty"` + + // Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + // Customized message body you want to send if you don't want to send the default message + Body *string `json:"body,omitempty" tf:"body,omitempty"` + + // The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + // The language you want to send the default message in + Language *string `json:"language,omitempty" tf:"language,omitempty"` +} + +type MessageParameters struct { + + // Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + // Email addresses of additional recipients the invitation message should be sent to + // +kubebuilder:validation:Optional + AdditionalRecipients []*string `json:"additionalRecipients,omitempty" tf:"additional_recipients,omitempty"` + + // Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + // Customized message body you want to send if you don't want to send the default message + // +kubebuilder:validation:Optional + Body *string `json:"body,omitempty" tf:"body,omitempty"` + + // The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + // The language you want to send the default message in + // +kubebuilder:validation:Optional + Language *string `json:"language,omitempty" tf:"language,omitempty"` +} + +// InvitationSpec defines the desired state of Invitation +type InvitationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider InvitationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider InvitationInitParameters `json:"initProvider,omitempty"` +} + +// InvitationStatus defines the observed state of Invitation. +type InvitationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider InvitationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Invitation is the Schema for the Invitations API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type Invitation struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.redirectUrl) || (has(self.initProvider) && has(self.initProvider.redirectUrl))",message="spec.forProvider.redirectUrl is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.userEmailAddress) || (has(self.initProvider) && has(self.initProvider.userEmailAddress))",message="spec.forProvider.userEmailAddress is a required parameter" + Spec InvitationSpec `json:"spec"` + Status InvitationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// InvitationList contains a list of Invitations +type InvitationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Invitation `json:"items"` +} + +// Repository type metadata. +var ( + Invitation_Kind = "Invitation" + Invitation_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Invitation_Kind}.String() + Invitation_KindAPIVersion = Invitation_Kind + "." + CRDGroupVersion.String() + Invitation_GroupVersionKind = CRDGroupVersion.WithKind(Invitation_Kind) +) + +func init() { + SchemeBuilder.Register(&Invitation{}, &InvitationList{}) +} diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go b/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go index 8fbd1073..965ac8dd 100644 --- a/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -10,108 +11,129 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" - v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" - v1beta11 "github.com/upbound/provider-azuread/apis/users/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) -// ResolveReferences of this PermissionGrant. -func (mg *PermissionGrant) ResolveReferences(ctx context.Context, c client.Reader) error { +func (mg *PermissionGrant) ResolveReferences( // ResolveReferences of this PermissionGrant. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ResourceServicePrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ResourceServicePrincipalObjectIDRef, - Selector: mg.Spec.ForProvider.ResourceServicePrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ResourceServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ResourceServicePrincipalObjectIDRef, + Selector: mg.Spec.ForProvider.ResourceServicePrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ResourceServicePrincipalObjectID") } mg.Spec.ForProvider.ResourceServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ResourceServicePrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalObjectIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalObjectIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalObjectID") } mg.Spec.ForProvider.ServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.UserObjectID), - Extract: resource.ExtractParamPath("object_id", true), - Reference: mg.Spec.ForProvider.UserObjectIDRef, - Selector: mg.Spec.ForProvider.UserObjectIDSelector, - To: reference.To{ - List: &v1beta11.UserList{}, - Managed: &v1beta11.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.UserObjectID), + Extract: resource.ExtractParamPath("object_id", true), + Reference: mg.Spec.ForProvider.UserObjectIDRef, + Selector: mg.Spec.ForProvider.UserObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.UserObjectID") } mg.Spec.ForProvider.UserObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.UserObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceServicePrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDRef, - Selector: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ResourceServicePrincipalObjectID") } mg.Spec.InitProvider.ResourceServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ResourceServicePrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalObjectID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalObjectIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalObjectIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalObjectID") } mg.Spec.InitProvider.ServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ServicePrincipalObjectIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("users.azuread.upbound.io", "v1beta1", "User", "UserList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.UserObjectID), - Extract: resource.ExtractParamPath("object_id", true), - Reference: mg.Spec.InitProvider.UserObjectIDRef, - Selector: mg.Spec.InitProvider.UserObjectIDSelector, - To: reference.To{ - List: &v1beta11.UserList{}, - Managed: &v1beta11.User{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.UserObjectID), + Extract: resource.ExtractParamPath("object_id", true), + Reference: mg.Spec.InitProvider.UserObjectIDRef, + Selector: mg.Spec.InitProvider.UserObjectIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.UserObjectID") } diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go index d20dbd3e..11b9fd4e 100755 --- a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go @@ -22,7 +22,7 @@ type PermissionGrantInitParameters struct { // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. // The object ID of the service principal representing the resource to be accessed - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ResourceServicePrincipalObjectID *string `json:"resourceServicePrincipalObjectId,omitempty" tf:"resource_service_principal_object_id,omitempty"` // Reference to a Principal in serviceprincipals to populate resourceServicePrincipalObjectId. @@ -35,7 +35,7 @@ type PermissionGrantInitParameters struct { // The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created. // The object ID of the service principal for which this delegated permission grant should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalObjectID *string `json:"servicePrincipalObjectId,omitempty" tf:"service_principal_object_id,omitempty"` // Reference to a Principal in serviceprincipals to populate servicePrincipalObjectId. @@ -94,7 +94,7 @@ type PermissionGrantParameters struct { // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. // The object ID of the service principal representing the resource to be accessed - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ResourceServicePrincipalObjectID *string `json:"resourceServicePrincipalObjectId,omitempty" tf:"resource_service_principal_object_id,omitempty"` @@ -108,7 +108,7 @@ type PermissionGrantParameters struct { // The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created. // The object ID of the service principal for which this delegated permission grant should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalObjectID *string `json:"servicePrincipalObjectId,omitempty" tf:"service_principal_object_id,omitempty"` diff --git a/apis/serviceprincipals/v1beta1/zz_certificate_types.go b/apis/serviceprincipals/v1beta1/zz_certificate_types.go index e8020b36..590a890d 100755 --- a/apis/serviceprincipals/v1beta1/zz_certificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_certificate_types.go @@ -33,14 +33,14 @@ type CertificateInitParameters struct { // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this certificate should be created - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` @@ -110,15 +110,15 @@ type CertificateParameters struct { // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this certificate should be created - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` diff --git a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go index 276f4e71..308a50c2 100755 --- a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go +++ b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go @@ -30,14 +30,14 @@ type ClaimsMappingPolicyAssignmentInitParameters struct { // The object ID of the service principal for the policy assignment. // Object ID of the service principal for which to assign the policy - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` } @@ -74,15 +74,15 @@ type ClaimsMappingPolicyAssignmentParameters struct { // The object ID of the service principal for the policy assignment. // Object ID of the service principal for which to assign the policy - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` } diff --git a/apis/serviceprincipals/v1beta1/zz_generated.conversion_hubs.go b/apis/serviceprincipals/v1beta1/zz_generated.conversion_hubs.go index 150d3c0b..c05c867d 100755 --- a/apis/serviceprincipals/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.conversion_hubs.go @@ -6,9 +6,6 @@ package v1beta1 -// Hub marks this type as a conversion hub. -func (tr *Principal) Hub() {} - // Hub marks this type as a conversion hub. func (tr *Certificate) Hub() {} diff --git a/apis/serviceprincipals/v1beta1/zz_generated.conversion_spokes.go b/apis/serviceprincipals/v1beta1/zz_generated.conversion_spokes.go new file mode 100755 index 00000000..5807a491 --- /dev/null +++ b/apis/serviceprincipals/v1beta1/zz_generated.conversion_spokes.go @@ -0,0 +1,34 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + ujconversion "github.com/crossplane/upjet/pkg/controller/conversion" + "github.com/crossplane/upjet/pkg/resource" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/conversion" +) + +// ConvertTo converts this Principal to the hub type. +func (tr *Principal) ConvertTo(dstRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { + return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) + } + return nil +} + +// ConvertFrom converts from the hub type to the Principal type. +func (tr *Principal) ConvertFrom(srcRaw conversion.Hub) error { + spokeVersion := tr.GetObjectKind().GroupVersionKind().Version + hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version + if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { + return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) + } + return nil +} diff --git a/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go b/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go index 5e5941bb..61be8b4b 100644 --- a/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -10,44 +11,53 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" - v1beta11 "github.com/upbound/provider-azuread/apis/applications/v1beta1" - v1beta1 "github.com/upbound/provider-azuread/apis/policies/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) -// ResolveReferences of this Certificate. -func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) error { +func (mg *Certificate) ResolveReferences( // ResolveReferences of this Certificate. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } @@ -59,69 +69,83 @@ func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) e // ResolveReferences of this ClaimsMappingPolicyAssignment. func (mg *ClaimsMappingPolicyAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("policies.azuread.upbound.io", "v1beta1", "ClaimsMappingPolicy", "ClaimsMappingPolicyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClaimsMappingPolicyID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ClaimsMappingPolicyIDRef, - Selector: mg.Spec.ForProvider.ClaimsMappingPolicyIDSelector, - To: reference.To{ - List: &v1beta1.ClaimsMappingPolicyList{}, - Managed: &v1beta1.ClaimsMappingPolicy{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClaimsMappingPolicyID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ClaimsMappingPolicyIDRef, + Selector: mg.Spec.ForProvider.ClaimsMappingPolicyIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ClaimsMappingPolicyID") } mg.Spec.ForProvider.ClaimsMappingPolicyID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ClaimsMappingPolicyIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("policies.azuread.upbound.io", "v1beta1", "ClaimsMappingPolicy", "ClaimsMappingPolicyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClaimsMappingPolicyID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ClaimsMappingPolicyIDRef, - Selector: mg.Spec.InitProvider.ClaimsMappingPolicyIDSelector, - To: reference.To{ - List: &v1beta1.ClaimsMappingPolicyList{}, - Managed: &v1beta1.ClaimsMappingPolicy{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClaimsMappingPolicyID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ClaimsMappingPolicyIDRef, + Selector: mg.Spec.InitProvider.ClaimsMappingPolicyIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ClaimsMappingPolicyID") } mg.Spec.InitProvider.ClaimsMappingPolicyID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ClaimsMappingPolicyIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } @@ -133,37 +157,45 @@ func (mg *ClaimsMappingPolicyAssignment) ResolveReferences(ctx context.Context, // ResolveReferences of this Password. func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } @@ -175,69 +207,83 @@ func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) erro // ResolveReferences of this Principal. func (mg *Principal) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta1", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), - Extract: resource.ExtractParamPath("application_id", true), - Reference: mg.Spec.ForProvider.ApplicationIDRef, - Selector: mg.Spec.ForProvider.ApplicationIDSelector, - To: reference.To{ - List: &v1beta11.ApplicationList{}, - Managed: &v1beta11.Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.ForProvider.ApplicationIDRef, + Selector: mg.Spec.ForProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationID") } mg.Spec.ForProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta1", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: resource.ExtractParamPath("client_id", true), - Reference: mg.Spec.ForProvider.ClientIDRef, - Selector: mg.Spec.ForProvider.ClientIDSelector, - To: reference.To{ - List: &v1beta11.ApplicationList{}, - Managed: &v1beta11.Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), + Extract: resource.ExtractParamPath("client_id", true), + Reference: mg.Spec.ForProvider.ClientIDRef, + Selector: mg.Spec.ForProvider.ClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") } mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta1", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), - Extract: resource.ExtractParamPath("application_id", true), - Reference: mg.Spec.InitProvider.ApplicationIDRef, - Selector: mg.Spec.InitProvider.ApplicationIDSelector, - To: reference.To{ - List: &v1beta11.ApplicationList{}, - Managed: &v1beta11.Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.InitProvider.ApplicationIDRef, + Selector: mg.Spec.InitProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationID") } mg.Spec.InitProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta1", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: resource.ExtractParamPath("client_id", true), - Reference: mg.Spec.InitProvider.ClientIDRef, - Selector: mg.Spec.InitProvider.ClientIDSelector, - To: reference.To{ - List: &v1beta11.ApplicationList{}, - Managed: &v1beta11.Application{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), + Extract: resource.ExtractParamPath("client_id", true), + Reference: mg.Spec.InitProvider.ClientIDRef, + Selector: mg.Spec.InitProvider.ClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ClientID") } @@ -249,37 +295,45 @@ func (mg *Principal) ResolveReferences(ctx context.Context, c client.Reader) err // ResolveReferences of this TokenSigningCertificate. func (mg *TokenSigningCertificate) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &PrincipalList{}, - Managed: &Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } diff --git a/apis/serviceprincipals/v1beta1/zz_password_types.go b/apis/serviceprincipals/v1beta1/zz_password_types.go index 7ca0d851..40339d21 100755 --- a/apis/serviceprincipals/v1beta1/zz_password_types.go +++ b/apis/serviceprincipals/v1beta1/zz_password_types.go @@ -34,14 +34,14 @@ type PasswordInitParameters struct { // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this password should be created - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` @@ -109,15 +109,15 @@ type PasswordParameters struct { // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this password should be created - // +crossplane:generate:reference:type=Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` - // Reference to a Principal to populate servicePrincipalId. + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` - // Selector for a Principal to populate servicePrincipalId. + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. // +kubebuilder:validation:Optional ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` diff --git a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go index d7180f6f..05f870b3 100755 --- a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go @@ -26,7 +26,7 @@ type TokenSigningCertificateInitParameters struct { // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this certificate should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` // Reference to a Principal in serviceprincipals to populate servicePrincipalId. @@ -83,7 +83,7 @@ type TokenSigningCertificateParameters struct { // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this certificate should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` diff --git a/apis/serviceprincipals/v1beta2/zz_generated.conversion_hubs.go b/apis/serviceprincipals/v1beta2/zz_generated.conversion_hubs.go new file mode 100755 index 00000000..2e6d365a --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_generated.conversion_hubs.go @@ -0,0 +1,10 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +// Hub marks this type as a conversion hub. +func (tr *Principal) Hub() {} diff --git a/apis/serviceprincipals/v1beta2/zz_generated.deepcopy.go b/apis/serviceprincipals/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 00000000..4d240b90 --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,940 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRolesInitParameters) DeepCopyInto(out *AppRolesInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRolesInitParameters. +func (in *AppRolesInitParameters) DeepCopy() *AppRolesInitParameters { + if in == nil { + return nil + } + out := new(AppRolesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRolesObservation) DeepCopyInto(out *AppRolesObservation) { + *out = *in + if in.AllowedMemberTypes != nil { + in, out := &in.AllowedMemberTypes, &out.AllowedMemberTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRolesObservation. +func (in *AppRolesObservation) DeepCopy() *AppRolesObservation { + if in == nil { + return nil + } + out := new(AppRolesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AppRolesParameters) DeepCopyInto(out *AppRolesParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRolesParameters. +func (in *AppRolesParameters) DeepCopy() *AppRolesParameters { + if in == nil { + return nil + } + out := new(AppRolesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsInitParameters) DeepCopyInto(out *FeatureTagsInitParameters) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsInitParameters. +func (in *FeatureTagsInitParameters) DeepCopy() *FeatureTagsInitParameters { + if in == nil { + return nil + } + out := new(FeatureTagsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsObservation) DeepCopyInto(out *FeatureTagsObservation) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsObservation. +func (in *FeatureTagsObservation) DeepCopy() *FeatureTagsObservation { + if in == nil { + return nil + } + out := new(FeatureTagsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureTagsParameters) DeepCopyInto(out *FeatureTagsParameters) { + *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsParameters. +func (in *FeatureTagsParameters) DeepCopy() *FeatureTagsParameters { + if in == nil { + return nil + } + out := new(FeatureTagsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopesInitParameters) DeepCopyInto(out *Oauth2PermissionScopesInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopesInitParameters. +func (in *Oauth2PermissionScopesInitParameters) DeepCopy() *Oauth2PermissionScopesInitParameters { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopesObservation) DeepCopyInto(out *Oauth2PermissionScopesObservation) { + *out = *in + if in.AdminConsentDescription != nil { + in, out := &in.AdminConsentDescription, &out.AdminConsentDescription + *out = new(string) + **out = **in + } + if in.AdminConsentDisplayName != nil { + in, out := &in.AdminConsentDisplayName, &out.AdminConsentDisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserConsentDescription != nil { + in, out := &in.UserConsentDescription, &out.UserConsentDescription + *out = new(string) + **out = **in + } + if in.UserConsentDisplayName != nil { + in, out := &in.UserConsentDisplayName, &out.UserConsentDisplayName + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopesObservation. +func (in *Oauth2PermissionScopesObservation) DeepCopy() *Oauth2PermissionScopesObservation { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Oauth2PermissionScopesParameters) DeepCopyInto(out *Oauth2PermissionScopesParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopesParameters. +func (in *Oauth2PermissionScopesParameters) DeepCopy() *Oauth2PermissionScopesParameters { + if in == nil { + return nil + } + out := new(Oauth2PermissionScopesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Principal) DeepCopyInto(out *Principal) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principal. +func (in *Principal) DeepCopy() *Principal { + if in == nil { + return nil + } + out := new(Principal) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Principal) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalInitParameters) DeepCopyInto(out *PrincipalInitParameters) { + *out = *in + if in.AccountEnabled != nil { + in, out := &in.AccountEnabled, &out.AccountEnabled + *out = new(bool) + **out = **in + } + if in.AlternativeNames != nil { + in, out := &in.AlternativeNames, &out.AlternativeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AppRoleAssignmentRequired != nil { + in, out := &in.AppRoleAssignmentRequired, &out.AppRoleAssignmentRequired + *out = new(bool) + **out = **in + } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } + if in.ApplicationIDRef != nil { + in, out := &in.ApplicationIDRef, &out.ApplicationIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationIDSelector != nil { + in, out := &in.ApplicationIDSelector, &out.ApplicationIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.ClientIDRef != nil { + in, out := &in.ClientIDRef, &out.ClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClientIDSelector != nil { + in, out := &in.ClientIDSelector, &out.ClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LoginURL != nil { + in, out := &in.LoginURL, &out.LoginURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.NotificationEmailAddresses != nil { + in, out := &in.NotificationEmailAddresses, &out.NotificationEmailAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreferredSingleSignOnMode != nil { + in, out := &in.PreferredSingleSignOnMode, &out.PreferredSingleSignOnMode + *out = new(string) + **out = **in + } + if in.SAMLSingleSignOn != nil { + in, out := &in.SAMLSingleSignOn, &out.SAMLSingleSignOn + *out = new(SAMLSingleSignOnInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UseExisting != nil { + in, out := &in.UseExisting, &out.UseExisting + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalInitParameters. +func (in *PrincipalInitParameters) DeepCopy() *PrincipalInitParameters { + if in == nil { + return nil + } + out := new(PrincipalInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalList) DeepCopyInto(out *PrincipalList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Principal, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalList. +func (in *PrincipalList) DeepCopy() *PrincipalList { + if in == nil { + return nil + } + out := new(PrincipalList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PrincipalList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { + *out = *in + if in.AccountEnabled != nil { + in, out := &in.AccountEnabled, &out.AccountEnabled + *out = new(bool) + **out = **in + } + if in.AlternativeNames != nil { + in, out := &in.AlternativeNames, &out.AlternativeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AppRoleAssignmentRequired != nil { + in, out := &in.AppRoleAssignmentRequired, &out.AppRoleAssignmentRequired + *out = new(bool) + **out = **in + } + if in.AppRoleIds != nil { + in, out := &in.AppRoleIds, &out.AppRoleIds + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.AppRoles != nil { + in, out := &in.AppRoles, &out.AppRoles + *out = make([]AppRolesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } + if in.ApplicationTenantID != nil { + in, out := &in.ApplicationTenantID, &out.ApplicationTenantID + *out = new(string) + **out = **in + } + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.HomepageURL != nil { + in, out := &in.HomepageURL, &out.HomepageURL + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.LoginURL != nil { + in, out := &in.LoginURL, &out.LoginURL + *out = new(string) + **out = **in + } + if in.LogoutURL != nil { + in, out := &in.LogoutURL, &out.LogoutURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.NotificationEmailAddresses != nil { + in, out := &in.NotificationEmailAddresses, &out.NotificationEmailAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Oauth2PermissionScopeIds != nil { + in, out := &in.Oauth2PermissionScopeIds, &out.Oauth2PermissionScopeIds + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Oauth2PermissionScopes != nil { + in, out := &in.Oauth2PermissionScopes, &out.Oauth2PermissionScopes + *out = make([]Oauth2PermissionScopesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ObjectID != nil { + in, out := &in.ObjectID, &out.ObjectID + *out = new(string) + **out = **in + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreferredSingleSignOnMode != nil { + in, out := &in.PreferredSingleSignOnMode, &out.PreferredSingleSignOnMode + *out = new(string) + **out = **in + } + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SAMLMetadataURL != nil { + in, out := &in.SAMLMetadataURL, &out.SAMLMetadataURL + *out = new(string) + **out = **in + } + if in.SAMLSingleSignOn != nil { + in, out := &in.SAMLSingleSignOn, &out.SAMLSingleSignOn + *out = new(SAMLSingleSignOnObservation) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalNames != nil { + in, out := &in.ServicePrincipalNames, &out.ServicePrincipalNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SignInAudience != nil { + in, out := &in.SignInAudience, &out.SignInAudience + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UseExisting != nil { + in, out := &in.UseExisting, &out.UseExisting + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalObservation. +func (in *PrincipalObservation) DeepCopy() *PrincipalObservation { + if in == nil { + return nil + } + out := new(PrincipalObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalParameters) DeepCopyInto(out *PrincipalParameters) { + *out = *in + if in.AccountEnabled != nil { + in, out := &in.AccountEnabled, &out.AccountEnabled + *out = new(bool) + **out = **in + } + if in.AlternativeNames != nil { + in, out := &in.AlternativeNames, &out.AlternativeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AppRoleAssignmentRequired != nil { + in, out := &in.AppRoleAssignmentRequired, &out.AppRoleAssignmentRequired + *out = new(bool) + **out = **in + } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } + if in.ApplicationIDRef != nil { + in, out := &in.ApplicationIDRef, &out.ApplicationIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationIDSelector != nil { + in, out := &in.ApplicationIDSelector, &out.ApplicationIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.ClientIDRef != nil { + in, out := &in.ClientIDRef, &out.ClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClientIDSelector != nil { + in, out := &in.ClientIDSelector, &out.ClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LoginURL != nil { + in, out := &in.LoginURL, &out.LoginURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.NotificationEmailAddresses != nil { + in, out := &in.NotificationEmailAddresses, &out.NotificationEmailAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreferredSingleSignOnMode != nil { + in, out := &in.PreferredSingleSignOnMode, &out.PreferredSingleSignOnMode + *out = new(string) + **out = **in + } + if in.SAMLSingleSignOn != nil { + in, out := &in.SAMLSingleSignOn, &out.SAMLSingleSignOn + *out = new(SAMLSingleSignOnParameters) + (*in).DeepCopyInto(*out) + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UseExisting != nil { + in, out := &in.UseExisting, &out.UseExisting + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalParameters. +func (in *PrincipalParameters) DeepCopy() *PrincipalParameters { + if in == nil { + return nil + } + out := new(PrincipalParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalSpec) DeepCopyInto(out *PrincipalSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalSpec. +func (in *PrincipalSpec) DeepCopy() *PrincipalSpec { + if in == nil { + return nil + } + out := new(PrincipalSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrincipalStatus) DeepCopyInto(out *PrincipalStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalStatus. +func (in *PrincipalStatus) DeepCopy() *PrincipalStatus { + if in == nil { + return nil + } + out := new(PrincipalStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLSingleSignOnInitParameters) DeepCopyInto(out *SAMLSingleSignOnInitParameters) { + *out = *in + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLSingleSignOnInitParameters. +func (in *SAMLSingleSignOnInitParameters) DeepCopy() *SAMLSingleSignOnInitParameters { + if in == nil { + return nil + } + out := new(SAMLSingleSignOnInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLSingleSignOnObservation) DeepCopyInto(out *SAMLSingleSignOnObservation) { + *out = *in + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLSingleSignOnObservation. +func (in *SAMLSingleSignOnObservation) DeepCopy() *SAMLSingleSignOnObservation { + if in == nil { + return nil + } + out := new(SAMLSingleSignOnObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SAMLSingleSignOnParameters) DeepCopyInto(out *SAMLSingleSignOnParameters) { + *out = *in + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLSingleSignOnParameters. +func (in *SAMLSingleSignOnParameters) DeepCopy() *SAMLSingleSignOnParameters { + if in == nil { + return nil + } + out := new(SAMLSingleSignOnParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/serviceprincipals/v1beta2/zz_generated.managed.go b/apis/serviceprincipals/v1beta2/zz_generated.managed.go new file mode 100644 index 00000000..ca1bb20d --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_generated.managed.go @@ -0,0 +1,68 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Principal. +func (mg *Principal) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Principal. +func (mg *Principal) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Principal. +func (mg *Principal) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Principal. +func (mg *Principal) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Principal. +func (mg *Principal) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Principal. +func (mg *Principal) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Principal. +func (mg *Principal) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Principal. +func (mg *Principal) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Principal. +func (mg *Principal) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Principal. +func (mg *Principal) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Principal. +func (mg *Principal) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Principal. +func (mg *Principal) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/serviceprincipals/v1beta2/zz_generated.managedlist.go b/apis/serviceprincipals/v1beta2/zz_generated.managedlist.go new file mode 100644 index 00000000..1143a169 --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta2 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this PrincipalList. +func (l *PrincipalList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/serviceprincipals/v1beta2/zz_generated.resolvers.go b/apis/serviceprincipals/v1beta2/zz_generated.resolvers.go new file mode 100644 index 00000000..34fbfc99 --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_generated.resolvers.go @@ -0,0 +1,106 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" + resource "github.com/crossplane/upjet/pkg/resource" + errors "github.com/pkg/errors" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + apisresolver "github.com/upbound/provider-azuread/internal/apis" + client "sigs.k8s.io/controller-runtime/pkg/client" +) + +func (mg *Principal) ResolveReferences( // ResolveReferences of this Principal. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ApplicationID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.ForProvider.ApplicationIDRef, + Selector: mg.Spec.ForProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ApplicationID") + } + mg.Spec.ForProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), + Extract: resource.ExtractParamPath("client_id", true), + Reference: mg.Spec.ForProvider.ClientIDRef, + Selector: mg.Spec.ForProvider.ClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") + } + mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.InitProvider.ApplicationIDRef, + Selector: mg.Spec.InitProvider.ApplicationIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationID") + } + mg.Spec.InitProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("applications.azuread.upbound.io", "v1beta2", "Application", "ApplicationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), + Extract: resource.ExtractParamPath("client_id", true), + Reference: mg.Spec.InitProvider.ClientIDRef, + Selector: mg.Spec.InitProvider.ClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ClientID") + } + mg.Spec.InitProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ClientIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/serviceprincipals/v1beta2/zz_groupversion_info.go b/apis/serviceprincipals/v1beta2/zz_groupversion_info.go new file mode 100755 index 00000000..6a21ab4a --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=serviceprincipals.azuread.upbound.io +// +versionName=v1beta2 +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "serviceprincipals.azuread.upbound.io" + CRDVersion = "v1beta2" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/serviceprincipals/v1beta2/zz_principal_terraformed.go b/apis/serviceprincipals/v1beta2/zz_principal_terraformed.go new file mode 100755 index 00000000..c500d1d7 --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_principal_terraformed.go @@ -0,0 +1,130 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Principal +func (mg *Principal) GetTerraformResourceType() string { + return "azuread_service_principal" +} + +// GetConnectionDetailsMapping for this Principal +func (tr *Principal) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Principal +func (tr *Principal) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Principal +func (tr *Principal) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Principal +func (tr *Principal) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Principal +func (tr *Principal) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Principal +func (tr *Principal) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Principal +func (tr *Principal) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Principal +func (tr *Principal) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Principal using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Principal) LateInitialize(attrs []byte) (bool, error) { + params := &PrincipalParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("Tags")) + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Principal) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/serviceprincipals/v1beta2/zz_principal_types.go b/apis/serviceprincipals/v1beta2/zz_principal_types.go new file mode 100755 index 00000000..a7805cca --- /dev/null +++ b/apis/serviceprincipals/v1beta2/zz_principal_types.go @@ -0,0 +1,532 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AppRolesInitParameters struct { +} + +type AppRolesObservation struct { + + // Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both. + AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` + + // A description of the service principal provided for internal end-users. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name of the application associated with this service principal. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Determines if the app role is enabled. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app_role. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type AppRolesParameters struct { +} + +type FeatureTagsInitParameters struct { + + // Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this service principal represents a custom SAML application + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this service principal represents an Enterprise Application + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this service principal represents a gallery application + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this app is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type FeatureTagsObservation struct { + + // Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this service principal represents a custom SAML application + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this service principal represents an Enterprise Application + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this service principal represents a gallery application + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this app is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type FeatureTagsParameters struct { + + // Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this service principal represents a custom SAML application + // +kubebuilder:validation:Optional + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this service principal represents an Enterprise Application + // +kubebuilder:validation:Optional + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this service principal represents a gallery application + // +kubebuilder:validation:Optional + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this app is invisible to users in My Apps and Office 365 Launcher + // +kubebuilder:validation:Optional + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` +} + +type Oauth2PermissionScopesInitParameters struct { +} + +type Oauth2PermissionScopesObservation struct { + + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"` + + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"` + + // Determines if the app role is enabled. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app_role. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"` + + // Display name for the delegated permission that appears in the end user consent experience. + UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type Oauth2PermissionScopesParameters struct { +} + +type PrincipalInitParameters struct { + + // Whether or not the service principal account is enabled. Defaults to true. + // Whether or not the service principal account is enabled + AccountEnabled *bool `json:"accountEnabled,omitempty" tf:"account_enabled,omitempty"` + + // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + // +listType=set + AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` + + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + AppRoleAssignmentRequired *bool `json:"appRoleAssignmentRequired,omitempty" tf:"app_role_assignment_required,omitempty"` + + // The unique identifier of the app_role. + // The application ID (client ID) of the application for which to create a service principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + + // Reference to a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDRef *v1.Reference `json:"applicationIdRef,omitempty" tf:"-"` + + // Selector for a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` + + // The client ID of the application for which to create a service principal. + // The client ID of the application for which to create a service principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("client_id",true) + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + // Reference to a Application in applications to populate clientId. + // +kubebuilder:validation:Optional + ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` + + // Selector for a Application in applications to populate clientId. + // +kubebuilder:validation:Optional + ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` + + // A description of the service principal provided for internal end-users. + // Description of the service principal provided for internal end-users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this service principal using tags + FeatureTags []FeatureTagsInitParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + LoginURL *string `json:"loginUrl,omitempty" tf:"login_url,omitempty"` + + // A free text field to capture information about the service principal, typically used for operational purposes. + // Free text field to capture information about the service principal, typically used for operational purposes + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + // +listType=set + NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the service principal + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + PreferredSingleSignOnMode *string `json:"preferredSingleSignOnMode,omitempty" tf:"preferred_single_sign_on_mode,omitempty"` + + // A saml_single_sign_on block as documented below. + // Settings related to SAML single sign-on + SAMLSingleSignOn *SAMLSingleSignOnInitParameters `json:"samlSingleSignOn,omitempty" tf:"saml_single_sign_on,omitempty"` + + // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the service principal + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + // When true, the resource will return an existing service principal instead of failing with an error + UseExisting *bool `json:"useExisting,omitempty" tf:"use_existing,omitempty"` +} + +type PrincipalObservation struct { + + // Whether or not the service principal account is enabled. Defaults to true. + // Whether or not the service principal account is enabled + AccountEnabled *bool `json:"accountEnabled,omitempty" tf:"account_enabled,omitempty"` + + // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + // +listType=set + AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` + + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + AppRoleAssignmentRequired *bool `json:"appRoleAssignmentRequired,omitempty" tf:"app_role_assignment_required,omitempty"` + + // A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. + // Mapping of app role names to UUIDs + // +mapType=granular + AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` + + // A list of app roles published by the associated application, as documented below. For more information official documentation. + AppRoles []AppRolesObservation `json:"appRoles,omitempty" tf:"app_roles,omitempty"` + + // The unique identifier of the app_role. + // The application ID (client ID) of the application for which to create a service principal + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + + // The tenant ID where the associated application is registered. + // The tenant ID where the associated application is registered + ApplicationTenantID *string `json:"applicationTenantId,omitempty" tf:"application_tenant_id,omitempty"` + + // The client ID of the application for which to create a service principal. + // The client ID of the application for which to create a service principal + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + // A description of the service principal provided for internal end-users. + // Description of the service principal provided for internal end-users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name of the application associated with this service principal. + // The display name of the application associated with this service principal + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this service principal using tags + FeatureTags []FeatureTagsObservation `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // Home page or landing page of the associated application. + // Home page or landing page of the application + HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` + + // The unique identifier of the app_role. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + LoginURL *string `json:"loginUrl,omitempty" tf:"login_url,omitempty"` + + // The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application. + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + + // A free text field to capture information about the service principal, typically used for operational purposes. + // Free text field to capture information about the service principal, typically used for operational purposes + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + // +listType=set + NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` + + // A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration. + // Mapping of OAuth2.0 permission scope names to UUIDs + // +mapType=granular + Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` + + // A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below. + Oauth2PermissionScopes []Oauth2PermissionScopesObservation `json:"oauth2PermissionScopes,omitempty" tf:"oauth2_permission_scopes,omitempty"` + + // The object ID of the service principal. + // The object ID of the service principal + ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the service principal + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + PreferredSingleSignOnMode *string `json:"preferredSingleSignOnMode,omitempty" tf:"preferred_single_sign_on_mode,omitempty"` + + // A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application. + // The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` + + // The URL where the service exposes SAML metadata for federation. + // The URL where the service exposes SAML metadata for federation + SAMLMetadataURL *string `json:"samlMetadataUrl,omitempty" tf:"saml_metadata_url,omitempty"` + + // A saml_single_sign_on block as documented below. + // Settings related to SAML single sign-on + SAMLSingleSignOn *SAMLSingleSignOnObservation `json:"samlSingleSignOn,omitempty" tf:"saml_single_sign_on,omitempty"` + + // A list of identifier URI(s), copied over from the associated application. + // A list of identifier URI(s), copied over from the associated application + ServicePrincipalNames []*string `json:"servicePrincipalNames,omitempty" tf:"service_principal_names,omitempty"` + + // The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. + // The Microsoft account types that are supported for the associated application + SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + + // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the service principal + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. + // Identifies whether the service principal represents an application or a managed identity + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + // When true, the resource will return an existing service principal instead of failing with an error + UseExisting *bool `json:"useExisting,omitempty" tf:"use_existing,omitempty"` +} + +type PrincipalParameters struct { + + // Whether or not the service principal account is enabled. Defaults to true. + // Whether or not the service principal account is enabled + // +kubebuilder:validation:Optional + AccountEnabled *bool `json:"accountEnabled,omitempty" tf:"account_enabled,omitempty"` + + // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + // +kubebuilder:validation:Optional + // +listType=set + AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` + + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + // +kubebuilder:validation:Optional + AppRoleAssignmentRequired *bool `json:"appRoleAssignmentRequired,omitempty" tf:"app_role_assignment_required,omitempty"` + + // The unique identifier of the app_role. + // The application ID (client ID) of the application for which to create a service principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) + // +kubebuilder:validation:Optional + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + + // Reference to a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDRef *v1.Reference `json:"applicationIdRef,omitempty" tf:"-"` + + // Selector for a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` + + // The client ID of the application for which to create a service principal. + // The client ID of the application for which to create a service principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta2.Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("client_id",true) + // +kubebuilder:validation:Optional + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + // Reference to a Application in applications to populate clientId. + // +kubebuilder:validation:Optional + ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` + + // Selector for a Application in applications to populate clientId. + // +kubebuilder:validation:Optional + ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` + + // A description of the service principal provided for internal end-users. + // Description of the service principal provided for internal end-users + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this service principal using tags + // +kubebuilder:validation:Optional + FeatureTags []FeatureTagsParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + // +kubebuilder:validation:Optional + LoginURL *string `json:"loginUrl,omitempty" tf:"login_url,omitempty"` + + // A free text field to capture information about the service principal, typically used for operational purposes. + // Free text field to capture information about the service principal, typically used for operational purposes + // +kubebuilder:validation:Optional + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + // +kubebuilder:validation:Optional + // +listType=set + NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the service principal + // +kubebuilder:validation:Optional + // +listType=set + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + // +kubebuilder:validation:Optional + PreferredSingleSignOnMode *string `json:"preferredSingleSignOnMode,omitempty" tf:"preferred_single_sign_on_mode,omitempty"` + + // A saml_single_sign_on block as documented below. + // Settings related to SAML single sign-on + // +kubebuilder:validation:Optional + SAMLSingleSignOn *SAMLSingleSignOnParameters `json:"samlSingleSignOn,omitempty" tf:"saml_single_sign_on,omitempty"` + + // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the service principal + // +kubebuilder:validation:Optional + // +listType=set + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + // When true, the resource will return an existing service principal instead of failing with an error + // +kubebuilder:validation:Optional + UseExisting *bool `json:"useExisting,omitempty" tf:"use_existing,omitempty"` +} + +type SAMLSingleSignOnInitParameters struct { + + // The relative URI the service provider would redirect to after completion of the single sign-on flow. + // The relative URI the service provider would redirect to after completion of the single sign-on flow + RelayState *string `json:"relayState,omitempty" tf:"relay_state,omitempty"` +} + +type SAMLSingleSignOnObservation struct { + + // The relative URI the service provider would redirect to after completion of the single sign-on flow. + // The relative URI the service provider would redirect to after completion of the single sign-on flow + RelayState *string `json:"relayState,omitempty" tf:"relay_state,omitempty"` +} + +type SAMLSingleSignOnParameters struct { + + // The relative URI the service provider would redirect to after completion of the single sign-on flow. + // The relative URI the service provider would redirect to after completion of the single sign-on flow + // +kubebuilder:validation:Optional + RelayState *string `json:"relayState,omitempty" tf:"relay_state,omitempty"` +} + +// PrincipalSpec defines the desired state of Principal +type PrincipalSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PrincipalParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PrincipalInitParameters `json:"initProvider,omitempty"` +} + +// PrincipalStatus defines the observed state of Principal. +type PrincipalStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PrincipalObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Principal is the Schema for the Principals API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread} +type Principal struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec PrincipalSpec `json:"spec"` + Status PrincipalStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PrincipalList contains a list of Principals +type PrincipalList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Principal `json:"items"` +} + +// Repository type metadata. +var ( + Principal_Kind = "Principal" + Principal_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Principal_Kind}.String() + Principal_KindAPIVersion = Principal_Kind + "." + CRDGroupVersion.String() + Principal_GroupVersionKind = CRDGroupVersion.WithKind(Principal_Kind) +) + +func init() { + SchemeBuilder.Register(&Principal{}, &PrincipalList{}) +} diff --git a/apis/synchronization/v1beta1/zz_generated.resolvers.go b/apis/synchronization/v1beta1/zz_generated.resolvers.go index 3e5dde20..5e67f9c9 100644 --- a/apis/synchronization/v1beta1/zz_generated.resolvers.go +++ b/apis/synchronization/v1beta1/zz_generated.resolvers.go @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 // Code generated by angryjet. DO NOT EDIT. +// Code transformed by upjet. DO NOT EDIT. package v1beta1 @@ -9,43 +10,54 @@ import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" - v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" client "sigs.k8s.io/controller-runtime/pkg/client" + + // ResolveReferences of this Job. + apisresolver "github.com/upbound/provider-azuread/internal/apis" ) -// ResolveReferences of this Job. func (mg *Job) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } @@ -57,37 +69,45 @@ func (mg *Job) ResolveReferences(ctx context.Context, c client.Reader) error { // ResolveReferences of this Secret. func (mg *Secret) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse var err error + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, - Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ServicePrincipalIDRef, + Selector: mg.Spec.ForProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.ForProvider.ServicePrincipalID") } mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("serviceprincipals.azuread.upbound.io", "v1beta2", "Principal", "PrincipalList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), - Extract: reference.ExternalName(), - Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, - Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, - To: reference.To{ - List: &v1beta1.PrincipalList{}, - Managed: &v1beta1.Principal{}, - }, - }) + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } if err != nil { return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") } diff --git a/apis/synchronization/v1beta1/zz_job_types.go b/apis/synchronization/v1beta1/zz_job_types.go index 9ee69089..239df8c3 100755 --- a/apis/synchronization/v1beta1/zz_job_types.go +++ b/apis/synchronization/v1beta1/zz_job_types.go @@ -21,7 +21,7 @@ type JobInitParameters struct { // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this synchronization job should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` // Reference to a Principal in serviceprincipals to populate servicePrincipalId. @@ -67,7 +67,7 @@ type JobParameters struct { // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. // The object ID of the service principal for which this synchronization job should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` diff --git a/apis/synchronization/v1beta1/zz_secret_types.go b/apis/synchronization/v1beta1/zz_secret_types.go index 05c1d9c1..3fb6e878 100755 --- a/apis/synchronization/v1beta1/zz_secret_types.go +++ b/apis/synchronization/v1beta1/zz_secret_types.go @@ -47,7 +47,7 @@ type SecretInitParameters struct { // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. // The object ID of the service principal for which this synchronization secret should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` // Reference to a Principal in serviceprincipals to populate servicePrincipalId. @@ -80,7 +80,7 @@ type SecretParameters struct { // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. // The object ID of the service principal for which this synchronization secret should be created - // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2.Principal // +kubebuilder:validation:Optional ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` diff --git a/apis/zz_register.go b/apis/zz_register.go index d40a496c..fcc529ed 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -13,13 +13,18 @@ import ( v1beta1 "github.com/upbound/provider-azuread/apis/administrativeunits/v1beta1" v1beta1app "github.com/upbound/provider-azuread/apis/app/v1beta1" v1beta1applications "github.com/upbound/provider-azuread/apis/applications/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/applications/v1beta2" v1beta1conditionalaccess "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta1" + v1beta2conditionalaccess "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta2" v1beta1directoryroles "github.com/upbound/provider-azuread/apis/directoryroles/v1beta1" v1beta1groups "github.com/upbound/provider-azuread/apis/groups/v1beta1" + v1beta2groups "github.com/upbound/provider-azuread/apis/groups/v1beta2" v1beta1invitations "github.com/upbound/provider-azuread/apis/invitations/v1beta1" + v1beta2invitations "github.com/upbound/provider-azuread/apis/invitations/v1beta2" v1beta1policies "github.com/upbound/provider-azuread/apis/policies/v1beta1" v1beta1serviceprincipaldelegated "github.com/upbound/provider-azuread/apis/serviceprincipaldelegated/v1beta1" v1beta1serviceprincipals "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + v1beta2serviceprincipals "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2" v1beta1synchronization "github.com/upbound/provider-azuread/apis/synchronization/v1beta1" v1beta1users "github.com/upbound/provider-azuread/apis/users/v1beta1" v1alpha1 "github.com/upbound/provider-azuread/apis/v1alpha1" @@ -32,13 +37,18 @@ func init() { v1beta1.SchemeBuilder.AddToScheme, v1beta1app.SchemeBuilder.AddToScheme, v1beta1applications.SchemeBuilder.AddToScheme, + v1beta2.SchemeBuilder.AddToScheme, v1beta1conditionalaccess.SchemeBuilder.AddToScheme, + v1beta2conditionalaccess.SchemeBuilder.AddToScheme, v1beta1directoryroles.SchemeBuilder.AddToScheme, v1beta1groups.SchemeBuilder.AddToScheme, + v1beta2groups.SchemeBuilder.AddToScheme, v1beta1invitations.SchemeBuilder.AddToScheme, + v1beta2invitations.SchemeBuilder.AddToScheme, v1beta1policies.SchemeBuilder.AddToScheme, v1beta1serviceprincipaldelegated.SchemeBuilder.AddToScheme, v1beta1serviceprincipals.SchemeBuilder.AddToScheme, + v1beta2serviceprincipals.SchemeBuilder.AddToScheme, v1beta1synchronization.SchemeBuilder.AddToScheme, v1beta1users.SchemeBuilder.AddToScheme, v1alpha1.SchemeBuilder.AddToScheme, diff --git a/build b/build index a6e25afa..4dc5a525 160000 --- a/build +++ b/build @@ -1 +1 @@ -Subproject commit a6e25afa0d43da62b11af96a5d29627a52f32cd9 +Subproject commit 4dc5a5256743d1782b88cc6892e600281837750a diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 9d555324..7ea0ce27 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -23,6 +23,7 @@ import ( "github.com/crossplane/crossplane-runtime/pkg/resource" "github.com/crossplane/crossplane-runtime/pkg/statemetrics" tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/conversion" "gopkg.in/alecthomas/kingpin.v2" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -31,15 +32,24 @@ import ( "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/metrics" + "sigs.k8s.io/controller-runtime/pkg/webhook" "github.com/upbound/provider-azuread/apis" "github.com/upbound/provider-azuread/apis/v1alpha1" "github.com/upbound/provider-azuread/config" + resolverapis "github.com/upbound/provider-azuread/internal/apis" "github.com/upbound/provider-azuread/internal/clients" "github.com/upbound/provider-azuread/internal/controller" "github.com/upbound/provider-azuread/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func main() { var ( app = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for Azuread").DefaultEnvars() @@ -67,6 +77,14 @@ func main() { enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + + certsDirSet = false + // we record whether the command-line option "--certs-dir" was supplied + // in the registered PreAction for the flag. + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() ) kingpin.MustParse(app.Parse(os.Args[1:])) @@ -90,18 +108,45 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-azuread", Cache: cache.Options{ SyncPeriod: syncPeriod, }, + WebhookServer: webhook.NewServer( + webhook.Options{ + CertDir: *certsDir, + }), LeaderElectionResourceLock: resourcelock.LeasesResourceLock, LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), }) kingpin.FatalIfError(err, "Cannot create controller manager") kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add Azuread APIs to scheme") + kingpin.FatalIfError(resolverapis.BuildScheme(apis.AddToSchemes), "Cannot register the AzureAD APIs with the API resolver's runtime scheme") metricRecorder := managed.NewMRMetricRecorder() stateMetrics := statemetrics.NewMRStateMetrics() @@ -129,6 +174,7 @@ func main() { SetupFn: clients.TerraformSetupBuilder(provider.TerraformProvider), PollJitter: pollJitter, OperationTrackerStore: tjcontroller.NewOperationStore(logr), + StartWebhooks: *certsDir != "", } if *enableManagementPolicies { @@ -164,6 +210,7 @@ func main() { })), "cannot create default store config") } + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup(mgr, o), "Cannot setup Azuread controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/config/administrativeunits/config.go b/config/administrativeunits/config.go index 6aa5c5ad..fdbdd2da 100644 --- a/config/administrativeunits/config.go +++ b/config/administrativeunits/config.go @@ -18,7 +18,7 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_administrative_unit_member", func(r *config.Resource) { r.Kind = "Member" r.References["administrative_unit_object_id"] = config.Reference{ - Type: "Unit", + TerraformName: "azuread_administrative_unit", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/app/config.go b/config/app/config.go index 65270022..23826341 100644 --- a/config/app/config.go +++ b/config/app/config.go @@ -10,10 +10,10 @@ import "github.com/crossplane/upjet/pkg/config" func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_app_role_assignment", func(r *config.Resource) { r.References["principal_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } r.References["resource_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/applications/config.go b/config/applications/config.go index 679ac7bd..55e724cf 100644 --- a/config/applications/config.go +++ b/config/applications/config.go @@ -23,7 +23,7 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_application_certificate", func(r *config.Resource) { r.References["application_object_id"] = config.Reference{ - Type: "Application", + TerraformName: "azuread_application", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -31,7 +31,7 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_application_password", func(r *config.Resource) { r.References["application_object_id"] = config.Reference{ - Type: "Application", + TerraformName: "azuread_application", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -39,7 +39,7 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_application_federated_identity_credential", func(r *config.Resource) { r.References["application_object_id"] = config.Reference{ - Type: "Application", + TerraformName: "azuread_application", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -47,11 +47,11 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_application_pre_authorized", func(r *config.Resource) { r.References["application_object_id"] = config.Reference{ - Type: "Application", + TerraformName: "azuread_application", } r.References["authorized_app_id"] = config.Reference{ - Type: "Application", - Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true)`, + TerraformName: "azuread_application", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true)`, } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/directoryroles/config.go b/config/directoryroles/config.go index 3ebe3fe3..dcbd625d 100644 --- a/config/directoryroles/config.go +++ b/config/directoryroles/config.go @@ -25,11 +25,11 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_directory_role_assignment", func(r *config.Resource) { r.References["role_id"] = config.Reference{ - Type: "Role", - Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("template_id",true)`, + TerraformName: "azuread_directory_role", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("template_id",true)`, } r.References["principal_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/users/v1beta1.User", + TerraformName: "azuread_user", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/groups/config.go b/config/groups/config.go index e4acd884..ba335636 100644 --- a/config/groups/config.go +++ b/config/groups/config.go @@ -15,10 +15,10 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_group_member", func(r *config.Resource) { r.References["group_object_id"] = config.Reference{ - Type: "Group", + TerraformName: "azuread_group", } r.References["member_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/users/v1beta1.User", + TerraformName: "azuread_user", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/provider.go b/config/provider.go index 94755caf..02733338 100644 --- a/config/provider.go +++ b/config/provider.go @@ -6,6 +6,9 @@ package config import ( "context" + + "github.com/crossplane/upjet/pkg/config/conversion" + // Note(turkenh): we are importing this to embed provider schema document _ "embed" @@ -85,8 +88,10 @@ func GetProvider(ctx context.Context, generationProvider bool) (*ujconfig.Provid ujconfig.WithReferenceInjectors([]ujconfig.ReferenceInjector{reference.NewInjector(modulePath)}), ujconfig.WithFeaturesPackage("internal/features"), ujconfig.WithTerraformProvider(p), + ujconfig.WithSchemaTraversers(&ujconfig.SingletonListEmbedder{}), ) + bumpVersionsWithEmbeddedLists(pc) for _, configure := range []func(provider *ujconfig.Provider){ // add custom config functions invitations.Configure, @@ -121,3 +126,23 @@ func resourceList(t map[string]ujconfig.ExternalName) []string { } return l } + +func bumpVersionsWithEmbeddedLists(pc *ujconfig.Provider) { + for name, r := range pc.Resources { + r := r + // nothing to do if no singleton list has been converted to + // an embedded object + if len(r.CRDListConversionPaths()) == 0 { + continue + } + r.Version = "v1beta2" + // we would like to set the storage version to v1beta1 to facilitate + // downgrades. + r.SetCRDStorageVersion("v1beta1") + r.Conversions = []conversion.Conversion{ + conversion.NewIdentityConversionExpandPaths(conversion.AllVersions, conversion.AllVersions, []string{"spec.forProvider", "spec.initProvider", "status.atProvider"}, r.CRDListConversionPaths()...), + conversion.NewSingletonListConversion("v1beta1", "v1beta2", r.CRDListConversionPaths(), conversion.ToEmbeddedObject), + conversion.NewSingletonListConversion("v1beta2", "v1beta1", r.CRDListConversionPaths(), conversion.ToSingletonList)} + pc.Resources[name] = r + } +} diff --git a/config/serviceprincipaldelegated/config.go b/config/serviceprincipaldelegated/config.go index 56b7ee3f..124584f1 100644 --- a/config/serviceprincipaldelegated/config.go +++ b/config/serviceprincipaldelegated/config.go @@ -11,10 +11,10 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_service_principal_delegated_permission_grant", func(r *config.Resource) { r.Kind = "PermissionGrant" r.References["service_principal_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } r.References["resource_service_principal_object_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/serviceprincipals/config.go b/config/serviceprincipals/config.go index 452fadab..1adf2989 100644 --- a/config/serviceprincipals/config.go +++ b/config/serviceprincipals/config.go @@ -12,8 +12,8 @@ const group = "serviceprincipals" func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_service_principal", func(r *config.Resource) { r.References["application_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/applications/v1beta1.Application", - Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true)`, + TerraformName: "azuread_application", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true)`, } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -30,10 +30,10 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_service_principal_claims_mapping_policy_assignment", func(r *config.Resource) { r.Kind = "ClaimsMappingPolicyAssignment" r.References["service_principal_id"] = config.Reference{ - Type: "Principal", + TerraformName: "azuread_service_principal", } r.References["claims_mapping_policy_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/policies/v1beta1.ClaimsMappingPolicy", + TerraformName: "azuread_claims_mapping_policy", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -42,7 +42,7 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_service_principal_certificate", func(r *config.Resource) { r.Kind = "Certificate" r.References["service_principal_id"] = config.Reference{ - Type: "Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -51,7 +51,7 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_service_principal_password", func(r *config.Resource) { r.Kind = "Password" r.References["service_principal_id"] = config.Reference{ - Type: "Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/config/synchronization/config.go b/config/synchronization/config.go index e08833d2..de4784ea 100644 --- a/config/synchronization/config.go +++ b/config/synchronization/config.go @@ -12,7 +12,7 @@ const group = "synchronization" func Configure(p *config.Provider) { p.AddResourceConfigurator("azuread_synchronization_job", func(r *config.Resource) { r.References["service_principal_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" @@ -20,7 +20,7 @@ func Configure(p *config.Provider) { }) p.AddResourceConfigurator("azuread_synchronization_secret", func(r *config.Resource) { r.References["service_principal_id"] = config.Reference{ - Type: "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal", + TerraformName: "azuread_service_principal", } // We need to override the default group that upjet generated for // this resource, which would be "azuread" diff --git a/examples-generated/app/v1beta1/roleassignment.yaml b/examples-generated/app/v1beta1/roleassignment.yaml index 81413caa..6d5efa2f 100644 --- a/examples-generated/app/v1beta1/roleassignment.yaml +++ b/examples-generated/app/v1beta1/roleassignment.yaml @@ -18,7 +18,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -39,7 +39,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: @@ -55,7 +55,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/applications/v1beta1/preauthorized.yaml b/examples-generated/applications/v1beta1/preauthorized.yaml index c1fd1319..f19d29e1 100644 --- a/examples-generated/applications/v1beta1/preauthorized.yaml +++ b/examples-generated/applications/v1beta1/preauthorized.yaml @@ -18,7 +18,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: diff --git a/examples-generated/applications/v1beta1/application.yaml b/examples-generated/applications/v1beta2/application.yaml similarity index 95% rename from examples-generated/applications/v1beta1/application.yaml rename to examples-generated/applications/v1beta2/application.yaml index b179d0fa..ea1fae02 100644 --- a/examples-generated/applications/v1beta1/application.yaml +++ b/examples-generated/applications/v1beta2/application.yaml @@ -1,8 +1,8 @@ -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: - meta.upbound.io/example-id: applications/v1beta1/application + meta.upbound.io/example-id: applications/v1beta2/application labels: testing.upbound.io/example-name: example name: example diff --git a/examples-generated/conditionalaccess/v1beta1/accesspolicy.yaml b/examples-generated/conditionalaccess/v1beta2/accesspolicy.yaml similarity index 90% rename from examples-generated/conditionalaccess/v1beta1/accesspolicy.yaml rename to examples-generated/conditionalaccess/v1beta2/accesspolicy.yaml index c55e2e04..cf9effef 100644 --- a/examples-generated/conditionalaccess/v1beta1/accesspolicy.yaml +++ b/examples-generated/conditionalaccess/v1beta2/accesspolicy.yaml @@ -1,8 +1,8 @@ -apiVersion: conditionalaccess.azuread.upbound.io/v1beta1 +apiVersion: conditionalaccess.azuread.upbound.io/v1beta2 kind: AccessPolicy metadata: annotations: - meta.upbound.io/example-id: conditionalaccess/v1beta1/accesspolicy + meta.upbound.io/example-id: conditionalaccess/v1beta2/accesspolicy labels: testing.upbound.io/example-name: example name: example diff --git a/examples-generated/conditionalaccess/v1beta1/location.yaml b/examples-generated/conditionalaccess/v1beta2/location.yaml similarity index 68% rename from examples-generated/conditionalaccess/v1beta1/location.yaml rename to examples-generated/conditionalaccess/v1beta2/location.yaml index de710b8f..bd5be281 100644 --- a/examples-generated/conditionalaccess/v1beta1/location.yaml +++ b/examples-generated/conditionalaccess/v1beta2/location.yaml @@ -1,8 +1,8 @@ -apiVersion: conditionalaccess.azuread.upbound.io/v1beta1 +apiVersion: conditionalaccess.azuread.upbound.io/v1beta2 kind: Location metadata: annotations: - meta.upbound.io/example-id: conditionalaccess/v1beta1/location + meta.upbound.io/example-id: conditionalaccess/v1beta2/location labels: testing.upbound.io/example-name: example-ip name: example-ip diff --git a/examples-generated/groups/v1beta1/member.yaml b/examples-generated/groups/v1beta1/member.yaml index e8655eec..657b898f 100644 --- a/examples-generated/groups/v1beta1/member.yaml +++ b/examples-generated/groups/v1beta1/member.yaml @@ -17,7 +17,7 @@ spec: --- -apiVersion: groups.azuread.upbound.io/v1beta1 +apiVersion: groups.azuread.upbound.io/v1beta2 kind: Group metadata: annotations: diff --git a/examples-generated/groups/v1beta1/group.yaml b/examples-generated/groups/v1beta2/group.yaml similarity index 71% rename from examples-generated/groups/v1beta1/group.yaml rename to examples-generated/groups/v1beta2/group.yaml index 77704071..149559fc 100644 --- a/examples-generated/groups/v1beta1/group.yaml +++ b/examples-generated/groups/v1beta2/group.yaml @@ -1,8 +1,8 @@ -apiVersion: groups.azuread.upbound.io/v1beta1 +apiVersion: groups.azuread.upbound.io/v1beta2 kind: Group metadata: annotations: - meta.upbound.io/example-id: groups/v1beta1/group + meta.upbound.io/example-id: groups/v1beta2/group labels: testing.upbound.io/example-name: example name: example diff --git a/examples-generated/invitations/v1beta1/invitation.yaml b/examples-generated/invitations/v1beta2/invitation.yaml similarity index 65% rename from examples-generated/invitations/v1beta1/invitation.yaml rename to examples-generated/invitations/v1beta2/invitation.yaml index 666f63b5..9e8c0006 100644 --- a/examples-generated/invitations/v1beta1/invitation.yaml +++ b/examples-generated/invitations/v1beta2/invitation.yaml @@ -1,8 +1,8 @@ -apiVersion: invitations.azuread.upbound.io/v1beta1 +apiVersion: invitations.azuread.upbound.io/v1beta2 kind: Invitation metadata: annotations: - meta.upbound.io/example-id: invitations/v1beta1/invitation + meta.upbound.io/example-id: invitations/v1beta2/invitation labels: testing.upbound.io/example-name: example name: example diff --git a/examples-generated/serviceprincipaldelegated/v1beta1/permissiongrant.yaml b/examples-generated/serviceprincipaldelegated/v1beta1/permissiongrant.yaml index d7eeaa07..9f220642 100644 --- a/examples-generated/serviceprincipaldelegated/v1beta1/permissiongrant.yaml +++ b/examples-generated/serviceprincipaldelegated/v1beta1/permissiongrant.yaml @@ -20,7 +20,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -41,7 +41,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: @@ -57,7 +57,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/serviceprincipals/v1beta1/certificate.yaml b/examples-generated/serviceprincipals/v1beta1/certificate.yaml index 982a37a4..9c45f0cb 100644 --- a/examples-generated/serviceprincipals/v1beta1/certificate.yaml +++ b/examples-generated/serviceprincipals/v1beta1/certificate.yaml @@ -20,7 +20,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -34,7 +34,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/serviceprincipals/v1beta1/password.yaml b/examples-generated/serviceprincipals/v1beta1/password.yaml index 2a28ce4d..63da1eb4 100644 --- a/examples-generated/serviceprincipals/v1beta1/password.yaml +++ b/examples-generated/serviceprincipals/v1beta1/password.yaml @@ -14,7 +14,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -28,7 +28,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/serviceprincipals/v1beta1/tokensigningcertificate.yaml b/examples-generated/serviceprincipals/v1beta1/tokensigningcertificate.yaml index c25938b0..48560c26 100644 --- a/examples-generated/serviceprincipals/v1beta1/tokensigningcertificate.yaml +++ b/examples-generated/serviceprincipals/v1beta1/tokensigningcertificate.yaml @@ -14,7 +14,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -28,7 +28,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/serviceprincipals/v1beta2/principal.yaml b/examples-generated/serviceprincipals/v1beta2/principal.yaml new file mode 100644 index 00000000..357c906a --- /dev/null +++ b/examples-generated/serviceprincipals/v1beta2/principal.yaml @@ -0,0 +1,32 @@ +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 +kind: Principal +metadata: + annotations: + meta.upbound.io/example-id: serviceprincipals/v1beta2/principal + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + appRoleAssignmentRequired: false + clientIdSelector: + matchLabels: + testing.upbound.io/example-name: example + owners: + - ${data.azuread_client_config.current.object_id} + +--- + +apiVersion: applications.azuread.upbound.io/v1beta2 +kind: Application +metadata: + annotations: + meta.upbound.io/example-id: serviceprincipals/v1beta2/principal + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: example + owners: + - ${data.azuread_client_config.current.object_id} diff --git a/examples-generated/synchronization/v1beta1/job.yaml b/examples-generated/synchronization/v1beta1/job.yaml index d2b566c6..a7247bd8 100644 --- a/examples-generated/synchronization/v1beta1/job.yaml +++ b/examples-generated/synchronization/v1beta1/job.yaml @@ -16,7 +16,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -34,7 +34,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples-generated/synchronization/v1beta1/secret.yaml b/examples-generated/synchronization/v1beta1/secret.yaml index 44303ead..d505469d 100644 --- a/examples-generated/synchronization/v1beta1/secret.yaml +++ b/examples-generated/synchronization/v1beta1/secret.yaml @@ -25,7 +25,7 @@ spec: --- -apiVersion: applications.azuread.upbound.io/v1beta1 +apiVersion: applications.azuread.upbound.io/v1beta2 kind: Application metadata: annotations: @@ -43,7 +43,7 @@ spec: --- -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: diff --git a/examples/administrativeunits/member.yaml b/examples/administrativeunits/v1beta1/member.yaml similarity index 100% rename from examples/administrativeunits/member.yaml rename to examples/administrativeunits/v1beta1/member.yaml diff --git a/examples/administrativeunits/unit.yaml b/examples/administrativeunits/v1beta1/unit.yaml similarity index 100% rename from examples/administrativeunits/unit.yaml rename to examples/administrativeunits/v1beta1/unit.yaml diff --git a/examples/app/roleassignment.yaml b/examples/app/v1beta1/roleassignment.yaml similarity index 100% rename from examples/app/roleassignment.yaml rename to examples/app/v1beta1/roleassignment.yaml diff --git a/examples/applications/application.yaml b/examples/applications/v1beta1/application.yaml similarity index 100% rename from examples/applications/application.yaml rename to examples/applications/v1beta1/application.yaml diff --git a/examples/applications/certificate.yaml b/examples/applications/v1beta1/certificate.yaml similarity index 100% rename from examples/applications/certificate.yaml rename to examples/applications/v1beta1/certificate.yaml diff --git a/examples/applications/federatedidentitycredential.yaml b/examples/applications/v1beta1/federatedidentitycredential.yaml similarity index 100% rename from examples/applications/federatedidentitycredential.yaml rename to examples/applications/v1beta1/federatedidentitycredential.yaml diff --git a/examples/applications/password.yaml b/examples/applications/v1beta1/password.yaml similarity index 100% rename from examples/applications/password.yaml rename to examples/applications/v1beta1/password.yaml diff --git a/examples/applications/preauthorized.yaml b/examples/applications/v1beta1/preauthorized.yaml similarity index 100% rename from examples/applications/preauthorized.yaml rename to examples/applications/v1beta1/preauthorized.yaml diff --git a/examples/applications/v1beta2/application.yaml b/examples/applications/v1beta2/application.yaml new file mode 100644 index 00000000..41f4e3ea --- /dev/null +++ b/examples/applications/v1beta2/application.yaml @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: applications.azuread.upbound.io/v1beta2 +kind: Application +metadata: + annotations: + meta.upbound.io/example-id: applications/v1beta1/application + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: example-${Rand.RFC1123Subdomain} diff --git a/examples/conditionalaccess/accesspolicy.yaml b/examples/conditionalaccess/v1beta1/accesspolicy.yaml similarity index 100% rename from examples/conditionalaccess/accesspolicy.yaml rename to examples/conditionalaccess/v1beta1/accesspolicy.yaml diff --git a/examples/conditionalaccess/location.yaml b/examples/conditionalaccess/v1beta1/location.yaml similarity index 100% rename from examples/conditionalaccess/location.yaml rename to examples/conditionalaccess/v1beta1/location.yaml diff --git a/examples/conditionalaccess/v1beta2/accesspolicy.yaml b/examples/conditionalaccess/v1beta2/accesspolicy.yaml new file mode 100644 index 00000000..29fa272e --- /dev/null +++ b/examples/conditionalaccess/v1beta2/accesspolicy.yaml @@ -0,0 +1,55 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: conditionalaccess.azuread.upbound.io/v1beta2 +kind: AccessPolicy +metadata: + annotations: + meta.upbound.io/example-id: conditionalaccess/v1beta2/accesspolicy + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + conditions: + applications: + excludedApplications: [] + includedApplications: + - All + clientAppTypes: + - all + devices: + filter: + mode: exclude + rule: device.operatingSystem eq "Doors" + locations: + excludedLocations: + - AllTrusted + includedLocations: + - All + platforms: + excludedPlatforms: + - iOS + includedPlatforms: + - android + signInRiskLevels: + - medium + userRiskLevels: + - medium + users: + excludedUsers: + - GuestsOrExternalUsers + includedUsers: + - All + displayName: example policy + grantControls: + builtInControls: + - mfa + operator: OR + sessionControls: + applicationEnforcedRestrictionsEnabled: true + cloudAppSecurityPolicy: monitorOnly + signInFrequency: 10 + signInFrequencyPeriod: hours + state: disabled diff --git a/examples/conditionalaccess/v1beta2/location.yaml b/examples/conditionalaccess/v1beta2/location.yaml new file mode 100644 index 00000000..0e9bfc7a --- /dev/null +++ b/examples/conditionalaccess/v1beta2/location.yaml @@ -0,0 +1,20 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: conditionalaccess.azuread.upbound.io/v1beta2 +kind: Location +metadata: + annotations: + meta.upbound.io/example-id: conditionalaccess/v1beta2/location + labels: + testing.upbound.io/example-name: example-ip + name: example-ip +spec: + forProvider: + displayName: IP Named Location + ip: + ipRanges: + - 1.1.1.1/32 + - 2.2.2.2/32 + trusted: true diff --git a/examples/directoryroles/customdirectoryrole.yaml b/examples/directoryroles/v1beta1/customdirectoryrole.yaml similarity index 94% rename from examples/directoryroles/customdirectoryrole.yaml rename to examples/directoryroles/v1beta1/customdirectoryrole.yaml index e0e03361..cb75a4fa 100644 --- a/examples/directoryroles/customdirectoryrole.yaml +++ b/examples/directoryroles/v1beta1/customdirectoryrole.yaml @@ -21,7 +21,6 @@ spec: - microsoft.directory/applications/create - microsoft.directory/applications/standard/read - allowedResourceActions: - - microsoft.directory/groups/allProperties/read - microsoft.directory/groups/allProperties/read - microsoft.directory/groups/basic/update - microsoft.directory/groups/create diff --git a/examples/directoryroles/role.yaml b/examples/directoryroles/v1beta1/role.yaml similarity index 100% rename from examples/directoryroles/role.yaml rename to examples/directoryroles/v1beta1/role.yaml diff --git a/examples/directoryroles/roleassignment.yaml b/examples/directoryroles/v1beta1/roleassignment.yaml similarity index 100% rename from examples/directoryroles/roleassignment.yaml rename to examples/directoryroles/v1beta1/roleassignment.yaml diff --git a/examples/groups/testhooks/delete-member.sh b/examples/groups/testhooks/delete-member.sh old mode 100644 new mode 100755 diff --git a/examples/groups/group.yaml b/examples/groups/v1beta1/group.yaml similarity index 100% rename from examples/groups/group.yaml rename to examples/groups/v1beta1/group.yaml diff --git a/examples/groups/member.yaml b/examples/groups/v1beta1/member.yaml similarity index 95% rename from examples/groups/member.yaml rename to examples/groups/v1beta1/member.yaml index ca3fc9d6..11a1fc87 100644 --- a/examples/groups/member.yaml +++ b/examples/groups/v1beta1/member.yaml @@ -23,7 +23,7 @@ apiVersion: groups.azuread.upbound.io/v1beta1 kind: Group metadata: annotations: - uptest.upbound.io/pre-delete-hook: testhooks/delete-member.sh + uptest.upbound.io/pre-delete-hook: ../testhooks/delete-member.sh meta.upbound.io/example-id: groups/v1beta1/member labels: testing.upbound.io/example-name: example diff --git a/examples/groups/v1beta2/group.yaml b/examples/groups/v1beta2/group.yaml new file mode 100644 index 00000000..fdf6b7d7 --- /dev/null +++ b/examples/groups/v1beta2/group.yaml @@ -0,0 +1,16 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: groups.azuread.upbound.io/v1beta2 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: groups/v1beta1/group + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: example + securityEnabled: true diff --git a/examples/invitations/invitation.yaml b/examples/invitations/v1beta1/invitation.yaml similarity index 100% rename from examples/invitations/invitation.yaml rename to examples/invitations/v1beta1/invitation.yaml diff --git a/examples/invitations/v1beta2/invitation.yaml b/examples/invitations/v1beta2/invitation.yaml new file mode 100644 index 00000000..8f23b370 --- /dev/null +++ b/examples/invitations/v1beta2/invitation.yaml @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: invitations.azuread.upbound.io/v1beta2 +kind: Invitation +metadata: + annotations: + meta.upbound.io/example-id: invitations/v1beta1/invitation + upjet.upbound.io/manual-intervention: "This resource either requires a user with an email in untrusted domain + (but this needs collaboration configuration) or an email in a trusted domain (but in our testing account invitations + in this domain has been disabled)" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + userEmailAddress: testuser@upbound.io + redirectUrl: https://portal.azure.com diff --git a/examples/policies/claimsmappingpolicy.yaml b/examples/policies/v1beta1/claimsmappingpolicy.yaml similarity index 100% rename from examples/policies/claimsmappingpolicy.yaml rename to examples/policies/v1beta1/claimsmappingpolicy.yaml diff --git a/examples/serviceprincipaldelegated/testhooks/delete-permissiongrant.sh b/examples/serviceprincipaldelegated/testhooks/delete-permissiongrant.sh old mode 100644 new mode 100755 diff --git a/examples/serviceprincipaldelegated/permissiongrant.yaml b/examples/serviceprincipaldelegated/v1beta1/permissiongrant.yaml similarity index 94% rename from examples/serviceprincipaldelegated/permissiongrant.yaml rename to examples/serviceprincipaldelegated/v1beta1/permissiongrant.yaml index bcdca2db..92d8617c 100644 --- a/examples/serviceprincipaldelegated/permissiongrant.yaml +++ b/examples/serviceprincipaldelegated/v1beta1/permissiongrant.yaml @@ -29,7 +29,7 @@ kind: Principal metadata: annotations: meta.upbound.io/example-id: serviceprincipaldelegated/v1beta1/permissiongrant - uptest.upbound.io/pre-delete-hook: testhooks/delete-permissiongrant.sh + uptest.upbound.io/pre-delete-hook: ../testhooks/delete-permissiongrant.sh labels: testing.upbound.io/example-name: example name: example @@ -66,7 +66,7 @@ kind: Principal metadata: annotations: meta.upbound.io/example-id: serviceprincipaldelegated/v1beta1/permissiongrant - uptest.upbound.io/pre-delete-hook: testhooks/delete-permissiongrant.sh + uptest.upbound.io/pre-delete-hook: ../testhooks/delete-permissiongrant.sh labels: testing.upbound.io/example-name: msgraph name: msgraph diff --git a/examples/serviceprincipals/certificate.yaml b/examples/serviceprincipals/v1beta1/certificate.yaml similarity index 100% rename from examples/serviceprincipals/certificate.yaml rename to examples/serviceprincipals/v1beta1/certificate.yaml diff --git a/examples/serviceprincipals/claimsmappingpolicyassignment.yaml b/examples/serviceprincipals/v1beta1/claimsmappingpolicyassignment.yaml similarity index 100% rename from examples/serviceprincipals/claimsmappingpolicyassignment.yaml rename to examples/serviceprincipals/v1beta1/claimsmappingpolicyassignment.yaml diff --git a/examples/serviceprincipals/password.yaml b/examples/serviceprincipals/v1beta1/password.yaml similarity index 100% rename from examples/serviceprincipals/password.yaml rename to examples/serviceprincipals/v1beta1/password.yaml diff --git a/examples/serviceprincipals/principal.yaml b/examples/serviceprincipals/v1beta1/principal.yaml similarity index 100% rename from examples/serviceprincipals/principal.yaml rename to examples/serviceprincipals/v1beta1/principal.yaml diff --git a/examples/serviceprincipals/tokensigningcertificate.yaml b/examples/serviceprincipals/v1beta1/tokensigningcertificate.yaml similarity index 100% rename from examples/serviceprincipals/tokensigningcertificate.yaml rename to examples/serviceprincipals/v1beta1/tokensigningcertificate.yaml diff --git a/examples-generated/serviceprincipals/v1beta1/principal.yaml b/examples/serviceprincipals/v1beta2/principal.yaml similarity index 73% rename from examples-generated/serviceprincipals/v1beta1/principal.yaml rename to examples/serviceprincipals/v1beta2/principal.yaml index 970788a2..695391c2 100644 --- a/examples-generated/serviceprincipals/v1beta1/principal.yaml +++ b/examples/serviceprincipals/v1beta2/principal.yaml @@ -1,4 +1,8 @@ -apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: serviceprincipals.azuread.upbound.io/v1beta2 kind: Principal metadata: annotations: @@ -8,15 +12,11 @@ metadata: name: example spec: forProvider: - appRoleAssignmentRequired: false - clientIdSelector: + applicationIdSelector: matchLabels: testing.upbound.io/example-name: example - owners: - - ${data.azuread_client_config.current.object_id} - + appRoleAssignmentRequired: false --- - apiVersion: applications.azuread.upbound.io/v1beta1 kind: Application metadata: @@ -28,5 +28,3 @@ metadata: spec: forProvider: displayName: example - owners: - - ${data.azuread_client_config.current.object_id} diff --git a/examples/synchronization/testhooks/delete-secret.sh b/examples/synchronization/testhooks/delete-secret.sh old mode 100644 new mode 100755 diff --git a/examples/synchronization/job.yaml b/examples/synchronization/v1beta1/job.yaml similarity index 97% rename from examples/synchronization/job.yaml rename to examples/synchronization/v1beta1/job.yaml index ac749d6b..858852b6 100644 --- a/examples/synchronization/job.yaml +++ b/examples/synchronization/v1beta1/job.yaml @@ -23,7 +23,7 @@ kind: Secret metadata: annotations: meta.upbound.io/example-id: synchronization/v1beta1/job - uptest.upbound.io/pre-delete-hook: testhooks/delete-secret.sh + uptest.upbound.io/pre-delete-hook: ../testhooks/delete-secret.sh labels: testing.upbound.io/example-name: example name: example diff --git a/examples/synchronization/secret.yaml b/examples/synchronization/v1beta1/secret.yaml similarity index 96% rename from examples/synchronization/secret.yaml rename to examples/synchronization/v1beta1/secret.yaml index 88352b2a..a5eddae4 100644 --- a/examples/synchronization/secret.yaml +++ b/examples/synchronization/v1beta1/secret.yaml @@ -42,7 +42,7 @@ kind: Principal metadata: annotations: meta.upbound.io/example-id: synchronization/v1beta1/secret - uptest.upbound.io/pre-delete-hook: testhooks/delete-secret.sh + uptest.upbound.io/pre-delete-hook: ../testhooks/delete-secret.sh labels: testing.upbound.io/example-name: example name: example diff --git a/examples/users/user.yaml b/examples/users/v1beta1/user.yaml similarity index 100% rename from examples/users/user.yaml rename to examples/users/v1beta1/user.yaml diff --git a/go.mod b/go.mod index 7415258c..d6fbe6eb 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( dario.cat/mergo v1.0.0 github.com/crossplane/crossplane-runtime v1.16.0-rc.1.0.20240424114634-8641eb2ba384 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 - github.com/crossplane/upjet v1.3.0 + github.com/crossplane/upjet v1.4.0-rc.0.0.20240508134714-03a207b6416a github.com/hashicorp/terraform-json v0.17.1 github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20230727144955-0adfe586f500 diff --git a/go.sum b/go.sum index c66d0e9a..41278022 100644 --- a/go.sum +++ b/go.sum @@ -700,8 +700,8 @@ github.com/crossplane/crossplane-runtime v1.16.0-rc.1.0.20240424114634-8641eb2ba github.com/crossplane/crossplane-runtime v1.16.0-rc.1.0.20240424114634-8641eb2ba384/go.mod h1:Pz2tdGVMF6KDGzHZOkvKro0nKc8EzK0sb/nSA7pH4Dc= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= -github.com/crossplane/upjet v1.3.0 h1:qRgcfqLz4M2v7enUku3xEriY5poc5XVbRl98nbvvu+E= -github.com/crossplane/upjet v1.3.0/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g= +github.com/crossplane/upjet v1.4.0-rc.0.0.20240508134714-03a207b6416a h1:VSpJnOWhWPz0sc9Qnp1st7jC49h8r4E9VYKi379I0lY= +github.com/crossplane/upjet v1.4.0-rc.0.0.20240508134714-03a207b6416a/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= diff --git a/internal/apis/scheme.go b/internal/apis/scheme.go new file mode 100644 index 00000000..031ca896 --- /dev/null +++ b/internal/apis/scheme.go @@ -0,0 +1,42 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +package apis + +import ( + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/pkg/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var s = runtime.NewScheme() + +// GetManagedResource returns a new object and list object for +// the specified GVK. The module's type registry is used to +// obtain these objects from the GVKs. +func GetManagedResource(group, version, kind, listKind string) (xpresource.Managed, xpresource.ManagedList, error) { + gv := schema.GroupVersion{ + Group: group, + Version: version, + } + kingGVK := gv.WithKind(kind) + m, err := s.New(kingGVK) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to get a new API object of GVK %q from the runtime scheme", kingGVK) + } + + listGVK := gv.WithKind(listKind) + l, err := s.New(listGVK) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to get a new API object list of GVK %q from the runtime scheme", listGVK) + } + return m.(xpresource.Managed), l.(xpresource.ManagedList), nil +} + +// BuildScheme builds the module's type registry using the specified +// runtime.SchemeBuilder. +func BuildScheme(sb runtime.SchemeBuilder) error { + return errors.Wrap(sb.AddToScheme(s), "failed to register the GVKs with the runtime scheme") +} diff --git a/internal/controller/applications/application/zz_controller.go b/internal/controller/applications/application/zz_controller.go index 9a0cae2b..70b7dd9b 100755 --- a/internal/controller/applications/application/zz_controller.go +++ b/internal/controller/applications/application/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/applications/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Application managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Application_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.Application_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Application_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Application_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.Application_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.Application_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_application"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Application_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.Application_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.Application + // register webhooks for the kind v1beta2.Application // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Application{}). + For(&v1beta2.Application{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Application") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.Application") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.ApplicationList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.ApplicationList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.ApplicationList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.ApplicationList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Application_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.Application_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Application{}, eventHandler). + Watches(&v1beta2.Application{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/conditionalaccess/accesspolicy/zz_controller.go b/internal/controller/conditionalaccess/accesspolicy/zz_controller.go index 44e141c1..595d3bf6 100755 --- a/internal/controller/conditionalaccess/accesspolicy/zz_controller.go +++ b/internal/controller/conditionalaccess/accesspolicy/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles AccessPolicy managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.AccessPolicy_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.AccessPolicy_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.AccessPolicy_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessPolicy_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.AccessPolicy_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.AccessPolicy_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_conditional_access_policy"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.AccessPolicy_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.AccessPolicy_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.AccessPolicy + // register webhooks for the kind v1beta2.AccessPolicy // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.AccessPolicy{}). + For(&v1beta2.AccessPolicy{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.AccessPolicy") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.AccessPolicy") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.AccessPolicyList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.AccessPolicyList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.AccessPolicyList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.AccessPolicyList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessPolicy_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.AccessPolicy_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.AccessPolicy{}, eventHandler). + Watches(&v1beta2.AccessPolicy{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/conditionalaccess/location/zz_controller.go b/internal/controller/conditionalaccess/location/zz_controller.go index db855293..7989cd17 100755 --- a/internal/controller/conditionalaccess/location/zz_controller.go +++ b/internal/controller/conditionalaccess/location/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Location managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Location_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.Location_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Location_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Location_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.Location_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.Location_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_named_location"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Location_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.Location_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.Location + // register webhooks for the kind v1beta2.Location // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Location{}). + For(&v1beta2.Location{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Location") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.Location") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.LocationList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.LocationList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.LocationList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.LocationList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Location_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.Location_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Location{}, eventHandler). + Watches(&v1beta2.Location{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/groups/group/zz_controller.go b/internal/controller/groups/group/zz_controller.go index 72e57ff0..fd5f7363 100755 --- a/internal/controller/groups/group/zz_controller.go +++ b/internal/controller/groups/group/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/groups/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/groups/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Group managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Group_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.Group_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Group_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.Group_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.Group_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_group"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Group_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.Group_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.Group + // register webhooks for the kind v1beta2.Group // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Group{}). + For(&v1beta2.Group{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Group") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.Group") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.GroupList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.GroupList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.GroupList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.GroupList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.Group_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Group{}, eventHandler). + Watches(&v1beta2.Group{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/invitations/invitation/zz_controller.go b/internal/controller/invitations/invitation/zz_controller.go index 6b4b2d1e..2d7db7f2 100755 --- a/internal/controller/invitations/invitation/zz_controller.go +++ b/internal/controller/invitations/invitation/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/invitations/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/invitations/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Invitation managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Invitation_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.Invitation_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Invitation_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Invitation_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.Invitation_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.Invitation_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_invitation"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Invitation_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.Invitation_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.Invitation + // register webhooks for the kind v1beta2.Invitation // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Invitation{}). + For(&v1beta2.Invitation{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Invitation") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.Invitation") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.InvitationList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.InvitationList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.InvitationList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.InvitationList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Invitation_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.Invitation_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Invitation{}, eventHandler). + Watches(&v1beta2.Invitation{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/serviceprincipals/principal/zz_controller.go b/internal/controller/serviceprincipals/principal/zz_controller.go index b029b0d4..8684e524 100755 --- a/internal/controller/serviceprincipals/principal/zz_controller.go +++ b/internal/controller/serviceprincipals/principal/zz_controller.go @@ -21,27 +21,27 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" - v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + v1beta2 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta2" features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Principal managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Principal_GroupVersionKind.String()) + name := managed.ControllerName(v1beta2.Principal_GroupVersionKind.String()) var initializers managed.InitializerChain cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Principal_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Principal_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta2.Principal_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta2.Principal_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azuread_service_principal"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Principal_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta2.Principal_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +61,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.Principal + // register webhooks for the kind v1beta2.Principal // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Principal{}). + For(&v1beta2.Principal{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Principal") + return errors.Wrap(err, "cannot register webhook for the kind v1beta2.Principal") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.PrincipalList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta2.PrincipalList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.PrincipalList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta2.PrincipalList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Principal_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta2.Principal_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Principal{}, eventHandler). + Watches(&v1beta2.Principal{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/package/crds/administrativeunits.azuread.upbound.io_members.yaml b/package/crds/administrativeunits.azuread.upbound.io_members.yaml index 41492a52..71f4d119 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_members.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_members.yaml @@ -78,7 +78,8 @@ spec: The object ID of the administrative unit type: string administrativeUnitObjectIdRef: - description: Reference to a Unit to populate administrativeUnitObjectId. + description: Reference to a Unit in administrativeunits to populate + administrativeUnitObjectId. properties: name: description: Name of the referenced object. @@ -112,7 +113,8 @@ spec: - name type: object administrativeUnitObjectIdSelector: - description: Selector for a Unit to populate administrativeUnitObjectId. + description: Selector for a Unit in administrativeunits to populate + administrativeUnitObjectId. properties: matchControllerRef: description: |- @@ -176,7 +178,8 @@ spec: The object ID of the administrative unit type: string administrativeUnitObjectIdRef: - description: Reference to a Unit to populate administrativeUnitObjectId. + description: Reference to a Unit in administrativeunits to populate + administrativeUnitObjectId. properties: name: description: Name of the referenced object. @@ -210,7 +213,8 @@ spec: - name type: object administrativeUnitObjectIdSelector: - description: Selector for a Unit to populate administrativeUnitObjectId. + description: Selector for a Unit in administrativeunits to populate + administrativeUnitObjectId. properties: matchControllerRef: description: |- diff --git a/package/crds/applications.azuread.upbound.io_applications.yaml b/package/crds/applications.azuread.upbound.io_applications.yaml index 7c245330..70c42331 100644 --- a/package/crds/applications.azuread.upbound.io_applications.yaml +++ b/package/crds/applications.azuread.upbound.io_applications.yaml @@ -1707,3 +1707,1656 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Application is the Schema for the Applications API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApplicationSpec defines the desired state of Application + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + api: + description: An api block as documented below, which configures + API related settings for this application. + properties: + knownClientApplications: + description: |- + A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + items: + type: string + type: array + x-kubernetes-list-type: set + mappedClaimsEnabled: + description: |- + Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + Allows an application to use claims mapping without specifying a custom signing key + type: boolean + oauth2PermissionScope: + description: |- + One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + items: + properties: + adminConsentDescription: + description: |- + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + type: string + adminConsentDisplayName: + description: |- + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + type: string + enabled: + description: |- + Determines if the permission scope is enabled. Defaults to true. + Determines if the permission scope is enabled + type: boolean + id: + description: |- + The unique identifier of the delegated permission. Must be a valid UUID. + The unique identifier of the delegated permission + type: string + type: + description: |- + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + type: string + userConsentDescription: + description: |- + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + type: string + userConsentDisplayName: + description: |- + Display name for the delegated permission that appears in the end user consent experience. + Display name for the delegated permission that appears in the end user consent experience + type: string + value: + description: |- + The value that is used for the scp claim in OAuth 2.0 access tokens. + The value that is used for the `scp` claim in OAuth 2.0 access tokens + type: string + type: object + type: array + requestedAccessTokenVersion: + description: |- + The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + The access token version expected by this resource + type: number + type: object + appRole: + description: A collection of app_role blocks as documented below. + For more information see official documentation on Application + Roles. + items: + properties: + allowedMemberTypes: + description: |- + Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + type: string + displayName: + description: |- + Display name for the app role that appears during app role assignment and in consent experiences. + Display name for the app role that appears during app role assignment and in consent experiences + type: string + enabled: + description: |- + Determines if the app role is enabled. Defaults to true. + Determines if the app role is enabled + type: boolean + id: + description: |- + The unique identifier of the app role. Must be a valid UUID. + The unique identifier of the app role + type: string + value: + description: |- + The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + type: string + type: object + type: array + description: + description: |- + A description of the application, as shown to end users. + Description of the application as shown to end users + type: string + deviceOnlyAuthEnabled: + description: |- + Specifies whether this application supports device authentication without a user. Defaults to false. + Specifies whether this application supports device authentication without a user. + type: boolean + displayName: + description: |- + The display name for the application. + The display name for the application + type: string + fallbackPublicClientEnabled: + description: |- + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + type: boolean + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this application using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this application represents a custom SAML application for linked service principals + type: boolean + enterprise: + description: |- + Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this application represents an Enterprise Application for linked service principals + type: boolean + gallery: + description: |- + Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this application represents a gallery application for linked service principals + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this application is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + groupMembershipClaims: + description: |- + Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + items: + type: string + type: array + x-kubernetes-list-type: set + identifierUris: + description: |- + A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + items: + type: string + type: array + x-kubernetes-list-type: set + logoImage: + description: |- + A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + Base64 encoded logo image in gif, png or jpeg format + type: string + marketingUrl: + description: |- + URL of the application's marketing page. + URL of the application's marketing page + type: string + notes: + description: |- + User-specified notes relevant for the management of the application. + User-specified notes relevant for the management of the application + type: string + oauth2PostResponseRequired: + description: |- + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + type: boolean + optionalClaims: + description: An optional_claims block as documented below. + properties: + accessToken: + description: One or more access_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + idToken: + description: One or more id_token blocks as documented below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + saml2Token: + description: One or more saml2_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + type: object + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the application + items: + type: string + type: array + x-kubernetes-list-type: set + preventDuplicateNames: + description: |- + If true, will return an error if an existing application is found with the same name. Defaults to false. + If `true`, will return an error if an existing application is found with the same name + type: boolean + privacyStatementUrl: + description: |- + URL of the application's privacy statement. + URL of the application's privacy statement + type: string + publicClient: + description: A public_client block as documented below, which + configures non-web app or non-web API application settings, + for example mobile or other public clients such as an installed + application running on a desktop device. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + requiredResourceAccess: + description: A collection of required_resource_access blocks as + documented below. + items: + properties: + resourceAccess: + description: A collection of resource_access blocks as documented + below, describing OAuth2.0 permission scopes and app roles + that the application requires from the specified resource. + items: + properties: + id: + description: The unique identifier for an app role + or OAuth2 permission scope published by the resource + application. + type: string + type: + description: Specifies whether the id property references + an app role or an OAuth2 permission scope. Possible + values are Role or Scope. + type: string + type: object + type: array + resourceAppId: + description: The unique identifier for the resource that + the application requires access to. This should be the + Application ID of the target application. + type: string + type: object + type: array + serviceManagementReference: + description: |- + References application context information from a Service or Asset Management database. + References application or service contact information from a Service or Asset Management database + type: string + signInAudience: + description: |- + The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + The Microsoft account types that are supported for the current application + type: string + singlePageApplication: + description: A single_page_application block as documented below, + which configures single-page application (SPA) related settings + for this application. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + supportUrl: + description: |- + URL of the application's support page. + URL of the application's support page + type: string + tags: + description: |- + A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the application + items: + type: string + type: array + x-kubernetes-list-type: set + templateId: + description: |- + Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + Unique ID of the application template from which this application is created + type: string + termsOfServiceUrl: + description: |- + URL of the application's terms of service statement. + URL of the application's terms of service statement + type: string + web: + description: A web block as documented below, which configures + web related settings for this application. + properties: + homepageUrl: + description: |- + Home page or landing page of the application. + Home page or landing page of the application + type: string + implicitGrant: + description: An implicit_grant block as documented above. + properties: + accessTokenIssuanceEnabled: + description: |- + Whether this web application can request an access token using OAuth 2.0 implicit flow. + Whether this web application can request an access token using OAuth 2.0 implicit flow + type: boolean + idTokenIssuanceEnabled: + description: |- + Whether this web application can request an ID token using OAuth 2.0 implicit flow. + Whether this web application can request an ID token using OAuth 2.0 implicit flow + type: boolean + type: object + logoutUrl: + description: |- + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + type: string + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + api: + description: An api block as documented below, which configures + API related settings for this application. + properties: + knownClientApplications: + description: |- + A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + items: + type: string + type: array + x-kubernetes-list-type: set + mappedClaimsEnabled: + description: |- + Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + Allows an application to use claims mapping without specifying a custom signing key + type: boolean + oauth2PermissionScope: + description: |- + One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + items: + properties: + adminConsentDescription: + description: |- + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + type: string + adminConsentDisplayName: + description: |- + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + type: string + enabled: + description: |- + Determines if the permission scope is enabled. Defaults to true. + Determines if the permission scope is enabled + type: boolean + id: + description: |- + The unique identifier of the delegated permission. Must be a valid UUID. + The unique identifier of the delegated permission + type: string + type: + description: |- + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + type: string + userConsentDescription: + description: |- + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + type: string + userConsentDisplayName: + description: |- + Display name for the delegated permission that appears in the end user consent experience. + Display name for the delegated permission that appears in the end user consent experience + type: string + value: + description: |- + The value that is used for the scp claim in OAuth 2.0 access tokens. + The value that is used for the `scp` claim in OAuth 2.0 access tokens + type: string + type: object + type: array + requestedAccessTokenVersion: + description: |- + The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + The access token version expected by this resource + type: number + type: object + appRole: + description: A collection of app_role blocks as documented below. + For more information see official documentation on Application + Roles. + items: + properties: + allowedMemberTypes: + description: |- + Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + type: string + displayName: + description: |- + Display name for the app role that appears during app role assignment and in consent experiences. + Display name for the app role that appears during app role assignment and in consent experiences + type: string + enabled: + description: |- + Determines if the app role is enabled. Defaults to true. + Determines if the app role is enabled + type: boolean + id: + description: |- + The unique identifier of the app role. Must be a valid UUID. + The unique identifier of the app role + type: string + value: + description: |- + The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + type: string + type: object + type: array + description: + description: |- + A description of the application, as shown to end users. + Description of the application as shown to end users + type: string + deviceOnlyAuthEnabled: + description: |- + Specifies whether this application supports device authentication without a user. Defaults to false. + Specifies whether this application supports device authentication without a user. + type: boolean + displayName: + description: |- + The display name for the application. + The display name for the application + type: string + fallbackPublicClientEnabled: + description: |- + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + type: boolean + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this application using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this application represents a custom SAML application for linked service principals + type: boolean + enterprise: + description: |- + Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this application represents an Enterprise Application for linked service principals + type: boolean + gallery: + description: |- + Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this application represents a gallery application for linked service principals + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this application is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + groupMembershipClaims: + description: |- + Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + items: + type: string + type: array + x-kubernetes-list-type: set + identifierUris: + description: |- + A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + items: + type: string + type: array + x-kubernetes-list-type: set + logoImage: + description: |- + A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + Base64 encoded logo image in gif, png or jpeg format + type: string + marketingUrl: + description: |- + URL of the application's marketing page. + URL of the application's marketing page + type: string + notes: + description: |- + User-specified notes relevant for the management of the application. + User-specified notes relevant for the management of the application + type: string + oauth2PostResponseRequired: + description: |- + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + type: boolean + optionalClaims: + description: An optional_claims block as documented below. + properties: + accessToken: + description: One or more access_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + idToken: + description: One or more id_token blocks as documented below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + saml2Token: + description: One or more saml2_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + type: object + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the application + items: + type: string + type: array + x-kubernetes-list-type: set + preventDuplicateNames: + description: |- + If true, will return an error if an existing application is found with the same name. Defaults to false. + If `true`, will return an error if an existing application is found with the same name + type: boolean + privacyStatementUrl: + description: |- + URL of the application's privacy statement. + URL of the application's privacy statement + type: string + publicClient: + description: A public_client block as documented below, which + configures non-web app or non-web API application settings, + for example mobile or other public clients such as an installed + application running on a desktop device. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + requiredResourceAccess: + description: A collection of required_resource_access blocks as + documented below. + items: + properties: + resourceAccess: + description: A collection of resource_access blocks as documented + below, describing OAuth2.0 permission scopes and app roles + that the application requires from the specified resource. + items: + properties: + id: + description: The unique identifier for an app role + or OAuth2 permission scope published by the resource + application. + type: string + type: + description: Specifies whether the id property references + an app role or an OAuth2 permission scope. Possible + values are Role or Scope. + type: string + type: object + type: array + resourceAppId: + description: The unique identifier for the resource that + the application requires access to. This should be the + Application ID of the target application. + type: string + type: object + type: array + serviceManagementReference: + description: |- + References application context information from a Service or Asset Management database. + References application or service contact information from a Service or Asset Management database + type: string + signInAudience: + description: |- + The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + The Microsoft account types that are supported for the current application + type: string + singlePageApplication: + description: A single_page_application block as documented below, + which configures single-page application (SPA) related settings + for this application. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + supportUrl: + description: |- + URL of the application's support page. + URL of the application's support page + type: string + tags: + description: |- + A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the application + items: + type: string + type: array + x-kubernetes-list-type: set + templateId: + description: |- + Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + Unique ID of the application template from which this application is created + type: string + termsOfServiceUrl: + description: |- + URL of the application's terms of service statement. + URL of the application's terms of service statement + type: string + web: + description: A web block as documented below, which configures + web related settings for this application. + properties: + homepageUrl: + description: |- + Home page or landing page of the application. + Home page or landing page of the application + type: string + implicitGrant: + description: An implicit_grant block as documented above. + properties: + accessTokenIssuanceEnabled: + description: |- + Whether this web application can request an access token using OAuth 2.0 implicit flow. + Whether this web application can request an access token using OAuth 2.0 implicit flow + type: boolean + idTokenIssuanceEnabled: + description: |- + Whether this web application can request an ID token using OAuth 2.0 implicit flow. + Whether this web application can request an ID token using OAuth 2.0 implicit flow + type: boolean + type: object + logoutUrl: + description: |- + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + type: string + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + status: + description: ApplicationStatus defines the observed state of Application. + properties: + atProvider: + properties: + api: + description: An api block as documented below, which configures + API related settings for this application. + properties: + knownClientApplications: + description: |- + A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + items: + type: string + type: array + x-kubernetes-list-type: set + mappedClaimsEnabled: + description: |- + Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + Allows an application to use claims mapping without specifying a custom signing key + type: boolean + oauth2PermissionScope: + description: |- + One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + items: + properties: + adminConsentDescription: + description: |- + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + type: string + adminConsentDisplayName: + description: |- + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + type: string + enabled: + description: |- + Determines if the permission scope is enabled. Defaults to true. + Determines if the permission scope is enabled + type: boolean + id: + description: |- + The unique identifier of the delegated permission. Must be a valid UUID. + The unique identifier of the delegated permission + type: string + type: + description: |- + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + type: string + userConsentDescription: + description: |- + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + type: string + userConsentDisplayName: + description: |- + Display name for the delegated permission that appears in the end user consent experience. + Display name for the delegated permission that appears in the end user consent experience + type: string + value: + description: |- + The value that is used for the scp claim in OAuth 2.0 access tokens. + The value that is used for the `scp` claim in OAuth 2.0 access tokens + type: string + type: object + type: array + requestedAccessTokenVersion: + description: |- + The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + The access token version expected by this resource + type: number + type: object + appRole: + description: A collection of app_role blocks as documented below. + For more information see official documentation on Application + Roles. + items: + properties: + allowedMemberTypes: + description: |- + Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + type: string + displayName: + description: |- + Display name for the app role that appears during app role assignment and in consent experiences. + Display name for the app role that appears during app role assignment and in consent experiences + type: string + enabled: + description: |- + Determines if the app role is enabled. Defaults to true. + Determines if the app role is enabled + type: boolean + id: + description: |- + The unique identifier of the app role. Must be a valid UUID. + The unique identifier of the app role + type: string + value: + description: |- + The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + type: string + type: object + type: array + appRoleIds: + additionalProperties: + type: string + description: |- + A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. + Mapping of app role names to UUIDs + type: object + x-kubernetes-map-type: granular + applicationId: + description: The Application ID (also called Client ID) + type: string + clientId: + description: |- + The Client ID for the application. + The Client ID (also called Application ID) + type: string + description: + description: |- + A description of the application, as shown to end users. + Description of the application as shown to end users + type: string + deviceOnlyAuthEnabled: + description: |- + Specifies whether this application supports device authentication without a user. Defaults to false. + Specifies whether this application supports device authentication without a user. + type: boolean + disabledByMicrosoft: + description: |- + Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement + Whether Microsoft has disabled the registered application + type: string + displayName: + description: |- + The display name for the application. + The display name for the application + type: string + fallbackPublicClientEnabled: + description: |- + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + type: boolean + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this application using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this application represents a custom SAML application for linked service principals + type: boolean + enterprise: + description: |- + Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this application represents an Enterprise Application for linked service principals + type: boolean + gallery: + description: |- + Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this application represents a gallery application for linked service principals + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this application is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + groupMembershipClaims: + description: |- + Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + items: + type: string + type: array + x-kubernetes-list-type: set + id: + type: string + identifierUris: + description: |- + A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + items: + type: string + type: array + x-kubernetes-list-type: set + logoImage: + description: |- + A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + Base64 encoded logo image in gif, png or jpeg format + type: string + logoUrl: + description: |- + CDN URL to the application's logo, as uploaded with the logo_image property. + CDN URL to the application's logo + type: string + marketingUrl: + description: |- + URL of the application's marketing page. + URL of the application's marketing page + type: string + notes: + description: |- + User-specified notes relevant for the management of the application. + User-specified notes relevant for the management of the application + type: string + oauth2PermissionScopeIds: + additionalProperties: + type: string + description: |- + A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration. + Mapping of OAuth2.0 permission scope names to UUIDs + type: object + x-kubernetes-map-type: granular + oauth2PostResponseRequired: + description: |- + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + type: boolean + objectId: + description: |- + The application's object ID. + The application's object ID + type: string + optionalClaims: + description: An optional_claims block as documented below. + properties: + accessToken: + description: One or more access_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + idToken: + description: One or more id_token blocks as documented below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + saml2Token: + description: One or more saml2_token blocks as documented + below. + items: + properties: + additionalProperties: + description: |- + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid. + List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + items: + type: string + type: array + essential: + description: |- + Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary to ensure a smooth authorization experience + type: boolean + name: + description: |- + The name of the optional claim. + The name of the optional claim + type: string + source: + description: |- + The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + type: string + type: object + type: array + type: object + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the application + items: + type: string + type: array + x-kubernetes-list-type: set + preventDuplicateNames: + description: |- + If true, will return an error if an existing application is found with the same name. Defaults to false. + If `true`, will return an error if an existing application is found with the same name + type: boolean + privacyStatementUrl: + description: |- + URL of the application's privacy statement. + URL of the application's privacy statement + type: string + publicClient: + description: A public_client block as documented below, which + configures non-web app or non-web API application settings, + for example mobile or other public clients such as an installed + application running on a desktop device. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + publisherDomain: + description: |- + The verified publisher domain for the application. + The verified publisher domain for the application + type: string + requiredResourceAccess: + description: A collection of required_resource_access blocks as + documented below. + items: + properties: + resourceAccess: + description: A collection of resource_access blocks as documented + below, describing OAuth2.0 permission scopes and app roles + that the application requires from the specified resource. + items: + properties: + id: + description: The unique identifier for an app role + or OAuth2 permission scope published by the resource + application. + type: string + type: + description: Specifies whether the id property references + an app role or an OAuth2 permission scope. Possible + values are Role or Scope. + type: string + type: object + type: array + resourceAppId: + description: The unique identifier for the resource that + the application requires access to. This should be the + Application ID of the target application. + type: string + type: object + type: array + serviceManagementReference: + description: |- + References application context information from a Service or Asset Management database. + References application or service contact information from a Service or Asset Management database + type: string + signInAudience: + description: |- + The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + The Microsoft account types that are supported for the current application + type: string + singlePageApplication: + description: A single_page_application block as documented below, + which configures single-page application (SPA) related settings + for this application. + properties: + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + supportUrl: + description: |- + URL of the application's support page. + URL of the application's support page + type: string + tags: + description: |- + A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the application + items: + type: string + type: array + x-kubernetes-list-type: set + templateId: + description: |- + Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + Unique ID of the application template from which this application is created + type: string + termsOfServiceUrl: + description: |- + URL of the application's terms of service statement. + URL of the application's terms of service statement + type: string + web: + description: A web block as documented below, which configures + web related settings for this application. + properties: + homepageUrl: + description: |- + Home page or landing page of the application. + Home page or landing page of the application + type: string + implicitGrant: + description: An implicit_grant block as documented above. + properties: + accessTokenIssuanceEnabled: + description: |- + Whether this web application can request an access token using OAuth 2.0 implicit flow. + Whether this web application can request an access token using OAuth 2.0 implicit flow + type: boolean + idTokenIssuanceEnabled: + description: |- + Whether this web application can request an ID token using OAuth 2.0 implicit flow. + Whether this web application can request an ID token using OAuth 2.0 implicit flow + type: boolean + type: object + logoutUrl: + description: |- + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + type: string + redirectUris: + description: |- + A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/crds/applications.azuread.upbound.io_certificates.yaml b/package/crds/applications.azuread.upbound.io_certificates.yaml index 182f37ca..c308b4f4 100644 --- a/package/crds/applications.azuread.upbound.io_certificates.yaml +++ b/package/crds/applications.azuread.upbound.io_certificates.yaml @@ -158,7 +158,8 @@ spec: should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -192,7 +193,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- @@ -380,7 +382,8 @@ spec: should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -414,7 +417,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- diff --git a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml index 4448d198..a2bc7f24 100644 --- a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml +++ b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml @@ -84,7 +84,8 @@ spec: identity credential should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -118,7 +119,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- @@ -208,7 +210,8 @@ spec: identity credential should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -242,7 +245,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- diff --git a/package/crds/applications.azuread.upbound.io_passwords.yaml b/package/crds/applications.azuread.upbound.io_passwords.yaml index 9434da76..2991680c 100644 --- a/package/crds/applications.azuread.upbound.io_passwords.yaml +++ b/package/crds/applications.azuread.upbound.io_passwords.yaml @@ -82,7 +82,8 @@ spec: should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -116,7 +117,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- @@ -207,7 +209,8 @@ spec: should be created type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -241,7 +244,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- diff --git a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml index b8760647..4794233f 100644 --- a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml +++ b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml @@ -158,7 +158,8 @@ spec: application should be added type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -192,7 +193,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- @@ -235,7 +237,8 @@ spec: description: The application ID of the pre-authorized application type: string authorizedAppIdRef: - description: Reference to a Application to populate authorizedAppId. + description: Reference to a Application in applications to populate + authorizedAppId. properties: name: description: Name of the referenced object. @@ -269,7 +272,8 @@ spec: - name type: object authorizedAppIdSelector: - description: Selector for a Application to populate authorizedAppId. + description: Selector for a Application in applications to populate + authorizedAppId. properties: matchControllerRef: description: |- @@ -421,7 +425,8 @@ spec: application should be added type: string applicationObjectIdRef: - description: Reference to a Application to populate applicationObjectId. + description: Reference to a Application in applications to populate + applicationObjectId. properties: name: description: Name of the referenced object. @@ -455,7 +460,8 @@ spec: - name type: object applicationObjectIdSelector: - description: Selector for a Application to populate applicationObjectId. + description: Selector for a Application in applications to populate + applicationObjectId. properties: matchControllerRef: description: |- @@ -498,7 +504,8 @@ spec: description: The application ID of the pre-authorized application type: string authorizedAppIdRef: - description: Reference to a Application to populate authorizedAppId. + description: Reference to a Application in applications to populate + authorizedAppId. properties: name: description: Name of the referenced object. @@ -532,7 +539,8 @@ spec: - name type: object authorizedAppIdSelector: - description: Selector for a Application to populate authorizedAppId. + description: Selector for a Application in applications to populate + authorizedAppId. properties: matchControllerRef: description: |- diff --git a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml index 4b7ccc87..2a1f292b 100644 --- a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml +++ b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml @@ -1417,3 +1417,1315 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: AccessPolicy is the Schema for the AccessPolicys API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessPolicySpec defines the desired state of AccessPolicy + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + conditions: + description: A conditions block as documented below, which specifies + the rules that must be met for the policy to apply. + properties: + applications: + description: An applications block as documented below, which + specifies applications and user actions included in and + excluded from the policy. + properties: + excludedApplications: + description: A list of application IDs explicitly excluded + from the policy. Can also be set to Office365. + items: + type: string + type: array + includedApplications: + description: A list of application IDs the policy applies + to, unless explicitly excluded (in excluded_applications). + Can also be set to All, None or Office365. Cannot be + specified with included_user_actions. One of included_applications + or included_user_actions must be specified. + items: + type: string + type: array + includedUserActions: + description: A list of user actions to include. Supported + values are urn:user:registerdevice and urn:user:registersecurityinfo. + Cannot be specified with included_applications. One + of included_applications or included_user_actions must + be specified. + items: + type: string + type: array + type: object + clientAppTypes: + description: 'A list of client application types included + in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, + exchangeActiveSync, easSupported and other.' + items: + type: string + type: array + clientApplications: + description: An client_applications block as documented below, + which specifies service principals included in and excluded + from the policy. + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + devices: + description: A devices block as documented below, which describes + devices to be included in and excluded from the policy. + A devices block can be added to an existing policy, but + removing the devices block forces a new resource to be created. + properties: + filter: + description: A filter block as described below. + properties: + mode: + description: Whether to include in, or exclude from, + matching devices from the policy. Supported values + are include or exclude. + type: string + rule: + description: Condition filter to match devices. For + more information, see official documentation. + type: string + type: object + type: object + locations: + description: A locations block as documented below, which + specifies locations included in and excluded from the policy. + properties: + excludedLocations: + description: A list of location IDs excluded from scope + of policy. Can also be set to AllTrusted. + items: + type: string + type: array + includedLocations: + description: A list of location IDs in scope of policy + unless explicitly excluded. Can also be set to All, + or AllTrusted. + items: + type: string + type: array + type: object + platforms: + description: A platforms block as documented below, which + specifies platforms included in and excluded from the policy. + properties: + excludedPlatforms: + description: 'A list of platforms explicitly excluded + from the policy. Possible values are: all, android, + iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.' + items: + type: string + type: array + includedPlatforms: + description: 'A list of platforms the policy applies to, + unless explicitly excluded. Possible values are: all, + android, iOS, linux, macOS, windows, windowsPhone or + unknownFutureValue.' + items: + type: string + type: array + type: object + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array + signInRiskLevels: + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, hidden, + none, unknownFutureValue.' + items: + type: string + type: array + userRiskLevels: + description: 'A list of user risk levels included in the policy. + Possible values are: low, medium, high, hidden, none, unknownFutureValue.' + items: + type: string + type: array + users: + description: A users block as documented below, which specifies + users, groups, and roles included in and excluded from the + policy. + properties: + excludedGroups: + description: A list of group IDs excluded from scope of + policy. + items: + type: string + type: array + excludedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users excluded from scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + excludedRoles: + description: A list of role IDs excluded from scope of + policy. + items: + type: string + type: array + excludedUsers: + description: A list of user IDs excluded from scope of + policy and/or GuestsOrExternalUsers. + items: + type: string + type: array + includedGroups: + description: A list of group IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users in scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + includedRoles: + description: A list of role IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedUsers: + description: A list of user IDs in scope of policy unless + explicitly excluded, or None or All or GuestsOrExternalUsers. + items: + type: string + type: array + type: object + type: object + displayName: + description: The friendly name for this Conditional Access Policy. + type: string + grantControls: + description: A grant_controls block as documented below, which + specifies the grant controls that must be fulfilled to pass + the policy. + properties: + authenticationStrengthPolicyId: + description: ID of an Authentication Strength Policy to use + in this policy. + type: string + builtInControls: + description: 'List of built-in controls required by the policy. + Possible values are: block, mfa, approvedApplication, compliantApplication, + compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.' + items: + type: string + type: array + customAuthenticationFactors: + description: List of custom controls IDs required by the policy. + items: + type: string + type: array + operator: + description: 'Defines the relationship of the grant controls. + Possible values are: AND, OR.' + type: string + termsOfUse: + description: List of terms of use IDs required by the policy. + items: + type: string + type: array + type: object + sessionControls: + description: A session_controls block as documented below, which + specifies the session controls that are enforced after sign-in. + properties: + applicationEnforcedRestrictionsEnabled: + description: Whether application enforced restrictions are + enabled. Defaults to false. + type: boolean + cloudAppSecurityPolicy: + description: 'Enables cloud app security and specifies the + cloud app security policy to use. Possible values are: blockDownloads, + mcasConfigured, monitorOnly or unknownFutureValue.' + type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean + persistentBrowserMode: + description: 'Session control to define whether to persist + cookies. Possible values are: always or never.' + type: string + signInFrequency: + description: Number of days or hours to enforce sign-in frequency. + Required when sign_in_frequency_period is specified. + type: number + signInFrequencyAuthenticationType: + description: 'Authentication type for enforcing sign-in frequency. + Possible values are: primaryAndSecondaryAuthentication or + secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.' + type: string + signInFrequencyInterval: + description: 'The interval to apply to sign-in frequency control. + Possible values are: timeBased or everyTime. Defaults to + timeBased.' + type: string + signInFrequencyPeriod: + description: 'The time period to enforce sign-in frequency. + Possible values are: hours or days. Required when sign_in_frequency_period + is specified.' + type: string + type: object + state: + description: 'Specifies the state of the policy object. Possible + values are: enabled, disabled and enabledForReportingButNotEnforced' + type: string + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + conditions: + description: A conditions block as documented below, which specifies + the rules that must be met for the policy to apply. + properties: + applications: + description: An applications block as documented below, which + specifies applications and user actions included in and + excluded from the policy. + properties: + excludedApplications: + description: A list of application IDs explicitly excluded + from the policy. Can also be set to Office365. + items: + type: string + type: array + includedApplications: + description: A list of application IDs the policy applies + to, unless explicitly excluded (in excluded_applications). + Can also be set to All, None or Office365. Cannot be + specified with included_user_actions. One of included_applications + or included_user_actions must be specified. + items: + type: string + type: array + includedUserActions: + description: A list of user actions to include. Supported + values are urn:user:registerdevice and urn:user:registersecurityinfo. + Cannot be specified with included_applications. One + of included_applications or included_user_actions must + be specified. + items: + type: string + type: array + type: object + clientAppTypes: + description: 'A list of client application types included + in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, + exchangeActiveSync, easSupported and other.' + items: + type: string + type: array + clientApplications: + description: An client_applications block as documented below, + which specifies service principals included in and excluded + from the policy. + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + devices: + description: A devices block as documented below, which describes + devices to be included in and excluded from the policy. + A devices block can be added to an existing policy, but + removing the devices block forces a new resource to be created. + properties: + filter: + description: A filter block as described below. + properties: + mode: + description: Whether to include in, or exclude from, + matching devices from the policy. Supported values + are include or exclude. + type: string + rule: + description: Condition filter to match devices. For + more information, see official documentation. + type: string + type: object + type: object + locations: + description: A locations block as documented below, which + specifies locations included in and excluded from the policy. + properties: + excludedLocations: + description: A list of location IDs excluded from scope + of policy. Can also be set to AllTrusted. + items: + type: string + type: array + includedLocations: + description: A list of location IDs in scope of policy + unless explicitly excluded. Can also be set to All, + or AllTrusted. + items: + type: string + type: array + type: object + platforms: + description: A platforms block as documented below, which + specifies platforms included in and excluded from the policy. + properties: + excludedPlatforms: + description: 'A list of platforms explicitly excluded + from the policy. Possible values are: all, android, + iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.' + items: + type: string + type: array + includedPlatforms: + description: 'A list of platforms the policy applies to, + unless explicitly excluded. Possible values are: all, + android, iOS, linux, macOS, windows, windowsPhone or + unknownFutureValue.' + items: + type: string + type: array + type: object + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array + signInRiskLevels: + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, hidden, + none, unknownFutureValue.' + items: + type: string + type: array + userRiskLevels: + description: 'A list of user risk levels included in the policy. + Possible values are: low, medium, high, hidden, none, unknownFutureValue.' + items: + type: string + type: array + users: + description: A users block as documented below, which specifies + users, groups, and roles included in and excluded from the + policy. + properties: + excludedGroups: + description: A list of group IDs excluded from scope of + policy. + items: + type: string + type: array + excludedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users excluded from scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + excludedRoles: + description: A list of role IDs excluded from scope of + policy. + items: + type: string + type: array + excludedUsers: + description: A list of user IDs excluded from scope of + policy and/or GuestsOrExternalUsers. + items: + type: string + type: array + includedGroups: + description: A list of group IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users in scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + includedRoles: + description: A list of role IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedUsers: + description: A list of user IDs in scope of policy unless + explicitly excluded, or None or All or GuestsOrExternalUsers. + items: + type: string + type: array + type: object + type: object + displayName: + description: The friendly name for this Conditional Access Policy. + type: string + grantControls: + description: A grant_controls block as documented below, which + specifies the grant controls that must be fulfilled to pass + the policy. + properties: + authenticationStrengthPolicyId: + description: ID of an Authentication Strength Policy to use + in this policy. + type: string + builtInControls: + description: 'List of built-in controls required by the policy. + Possible values are: block, mfa, approvedApplication, compliantApplication, + compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.' + items: + type: string + type: array + customAuthenticationFactors: + description: List of custom controls IDs required by the policy. + items: + type: string + type: array + operator: + description: 'Defines the relationship of the grant controls. + Possible values are: AND, OR.' + type: string + termsOfUse: + description: List of terms of use IDs required by the policy. + items: + type: string + type: array + type: object + sessionControls: + description: A session_controls block as documented below, which + specifies the session controls that are enforced after sign-in. + properties: + applicationEnforcedRestrictionsEnabled: + description: Whether application enforced restrictions are + enabled. Defaults to false. + type: boolean + cloudAppSecurityPolicy: + description: 'Enables cloud app security and specifies the + cloud app security policy to use. Possible values are: blockDownloads, + mcasConfigured, monitorOnly or unknownFutureValue.' + type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean + persistentBrowserMode: + description: 'Session control to define whether to persist + cookies. Possible values are: always or never.' + type: string + signInFrequency: + description: Number of days or hours to enforce sign-in frequency. + Required when sign_in_frequency_period is specified. + type: number + signInFrequencyAuthenticationType: + description: 'Authentication type for enforcing sign-in frequency. + Possible values are: primaryAndSecondaryAuthentication or + secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.' + type: string + signInFrequencyInterval: + description: 'The interval to apply to sign-in frequency control. + Possible values are: timeBased or everyTime. Defaults to + timeBased.' + type: string + signInFrequencyPeriod: + description: 'The time period to enforce sign-in frequency. + Possible values are: hours or days. Required when sign_in_frequency_period + is specified.' + type: string + type: object + state: + description: 'Specifies the state of the policy object. Possible + values are: enabled, disabled and enabledForReportingButNotEnforced' + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.conditions is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.conditions) + || (has(self.initProvider) && has(self.initProvider.conditions))' + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + - message: spec.forProvider.state is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.state) + || (has(self.initProvider) && has(self.initProvider.state))' + status: + description: AccessPolicyStatus defines the observed state of AccessPolicy. + properties: + atProvider: + properties: + conditions: + description: A conditions block as documented below, which specifies + the rules that must be met for the policy to apply. + properties: + applications: + description: An applications block as documented below, which + specifies applications and user actions included in and + excluded from the policy. + properties: + excludedApplications: + description: A list of application IDs explicitly excluded + from the policy. Can also be set to Office365. + items: + type: string + type: array + includedApplications: + description: A list of application IDs the policy applies + to, unless explicitly excluded (in excluded_applications). + Can also be set to All, None or Office365. Cannot be + specified with included_user_actions. One of included_applications + or included_user_actions must be specified. + items: + type: string + type: array + includedUserActions: + description: A list of user actions to include. Supported + values are urn:user:registerdevice and urn:user:registersecurityinfo. + Cannot be specified with included_applications. One + of included_applications or included_user_actions must + be specified. + items: + type: string + type: array + type: object + clientAppTypes: + description: 'A list of client application types included + in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, + exchangeActiveSync, easSupported and other.' + items: + type: string + type: array + clientApplications: + description: An client_applications block as documented below, + which specifies service principals included in and excluded + from the policy. + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + devices: + description: A devices block as documented below, which describes + devices to be included in and excluded from the policy. + A devices block can be added to an existing policy, but + removing the devices block forces a new resource to be created. + properties: + filter: + description: A filter block as described below. + properties: + mode: + description: Whether to include in, or exclude from, + matching devices from the policy. Supported values + are include or exclude. + type: string + rule: + description: Condition filter to match devices. For + more information, see official documentation. + type: string + type: object + type: object + locations: + description: A locations block as documented below, which + specifies locations included in and excluded from the policy. + properties: + excludedLocations: + description: A list of location IDs excluded from scope + of policy. Can also be set to AllTrusted. + items: + type: string + type: array + includedLocations: + description: A list of location IDs in scope of policy + unless explicitly excluded. Can also be set to All, + or AllTrusted. + items: + type: string + type: array + type: object + platforms: + description: A platforms block as documented below, which + specifies platforms included in and excluded from the policy. + properties: + excludedPlatforms: + description: 'A list of platforms explicitly excluded + from the policy. Possible values are: all, android, + iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.' + items: + type: string + type: array + includedPlatforms: + description: 'A list of platforms the policy applies to, + unless explicitly excluded. Possible values are: all, + android, iOS, linux, macOS, windows, windowsPhone or + unknownFutureValue.' + items: + type: string + type: array + type: object + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array + signInRiskLevels: + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, hidden, + none, unknownFutureValue.' + items: + type: string + type: array + userRiskLevels: + description: 'A list of user risk levels included in the policy. + Possible values are: low, medium, high, hidden, none, unknownFutureValue.' + items: + type: string + type: array + users: + description: A users block as documented below, which specifies + users, groups, and roles included in and excluded from the + policy. + properties: + excludedGroups: + description: A list of group IDs excluded from scope of + policy. + items: + type: string + type: array + excludedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users excluded from scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + excludedRoles: + description: A list of role IDs excluded from scope of + policy. + items: + type: string + type: array + excludedUsers: + description: A list of user IDs excluded from scope of + policy and/or GuestsOrExternalUsers. + items: + type: string + type: array + includedGroups: + description: A list of group IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedGuestsOrExternalUsers: + description: A guests_or_external_users block as documented + below, which specifies internal guests and external + users in scope of policy. + items: + properties: + externalTenants: + description: An external_tenants block as documented + below, which specifies external tenants in a policy + scope. + items: + properties: + members: + description: A list tenant IDs. Can only be + specified if membership_kind is enumerated. + items: + type: string + type: array + membershipKind: + description: 'The external tenant membership + kind. Possible values are: all, enumerated, + unknownFutureValue.' + type: string + type: object + type: array + guestOrExternalUserTypes: + description: 'A list of guest or external user types. + Possible values are: b2bCollaborationGuest, b2bCollaborationMember, + b2bDirectConnectUser, internalGuest, none, otherExternalUser, + serviceProvider, unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + includedRoles: + description: A list of role IDs in scope of policy unless + explicitly excluded. + items: + type: string + type: array + includedUsers: + description: A list of user IDs in scope of policy unless + explicitly excluded, or None or All or GuestsOrExternalUsers. + items: + type: string + type: array + type: object + type: object + displayName: + description: The friendly name for this Conditional Access Policy. + type: string + grantControls: + description: A grant_controls block as documented below, which + specifies the grant controls that must be fulfilled to pass + the policy. + properties: + authenticationStrengthPolicyId: + description: ID of an Authentication Strength Policy to use + in this policy. + type: string + builtInControls: + description: 'List of built-in controls required by the policy. + Possible values are: block, mfa, approvedApplication, compliantApplication, + compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.' + items: + type: string + type: array + customAuthenticationFactors: + description: List of custom controls IDs required by the policy. + items: + type: string + type: array + operator: + description: 'Defines the relationship of the grant controls. + Possible values are: AND, OR.' + type: string + termsOfUse: + description: List of terms of use IDs required by the policy. + items: + type: string + type: array + type: object + id: + description: The ID of the Conditional Access Policy. + type: string + sessionControls: + description: A session_controls block as documented below, which + specifies the session controls that are enforced after sign-in. + properties: + applicationEnforcedRestrictionsEnabled: + description: Whether application enforced restrictions are + enabled. Defaults to false. + type: boolean + cloudAppSecurityPolicy: + description: 'Enables cloud app security and specifies the + cloud app security policy to use. Possible values are: blockDownloads, + mcasConfigured, monitorOnly or unknownFutureValue.' + type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean + persistentBrowserMode: + description: 'Session control to define whether to persist + cookies. Possible values are: always or never.' + type: string + signInFrequency: + description: Number of days or hours to enforce sign-in frequency. + Required when sign_in_frequency_period is specified. + type: number + signInFrequencyAuthenticationType: + description: 'Authentication type for enforcing sign-in frequency. + Possible values are: primaryAndSecondaryAuthentication or + secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.' + type: string + signInFrequencyInterval: + description: 'The interval to apply to sign-in frequency control. + Possible values are: timeBased or everyTime. Defaults to + timeBased.' + type: string + signInFrequencyPeriod: + description: 'The time period to enforce sign-in frequency. + Possible values are: hours or days. Required when sign_in_frequency_period + is specified.' + type: string + type: object + state: + description: 'Specifies the state of the policy object. Possible + values are: enabled, disabled and enabledForReportingButNotEnforced' + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml b/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml index 6098cabe..be03b775 100644 --- a/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml +++ b/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml @@ -446,3 +446,419 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Location is the Schema for the Locations API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LocationSpec defines the desired state of Location + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + country: + description: A country block as documented below, which configures + a country-based named location. + properties: + countriesAndRegions: + description: List of countries and/or regions in two-letter + format specified by ISO 3166-2. + items: + type: string + type: array + includeUnknownCountriesAndRegions: + description: Whether IP addresses that don't map to a country + or region should be included in the named location. Defaults + to false. + type: boolean + type: object + displayName: + description: The friendly name for this named location. + type: string + ip: + description: An ip block as documented below, which configures + an IP-based named location. + properties: + ipRanges: + description: List of IP address ranges in IPv4 CIDR format + (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF + RFC596. Each CIDR prefix must be /8 or larger. + items: + type: string + type: array + trusted: + description: Whether the named location is trusted. Defaults + to false. + type: boolean + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + country: + description: A country block as documented below, which configures + a country-based named location. + properties: + countriesAndRegions: + description: List of countries and/or regions in two-letter + format specified by ISO 3166-2. + items: + type: string + type: array + includeUnknownCountriesAndRegions: + description: Whether IP addresses that don't map to a country + or region should be included in the named location. Defaults + to false. + type: boolean + type: object + displayName: + description: The friendly name for this named location. + type: string + ip: + description: An ip block as documented below, which configures + an IP-based named location. + properties: + ipRanges: + description: List of IP address ranges in IPv4 CIDR format + (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF + RFC596. Each CIDR prefix must be /8 or larger. + items: + type: string + type: array + trusted: + description: Whether the named location is trusted. Defaults + to false. + type: boolean + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + status: + description: LocationStatus defines the observed state of Location. + properties: + atProvider: + properties: + country: + description: A country block as documented below, which configures + a country-based named location. + properties: + countriesAndRegions: + description: List of countries and/or regions in two-letter + format specified by ISO 3166-2. + items: + type: string + type: array + includeUnknownCountriesAndRegions: + description: Whether IP addresses that don't map to a country + or region should be included in the named location. Defaults + to false. + type: boolean + type: object + displayName: + description: The friendly name for this named location. + type: string + id: + description: The ID of the named location. + type: string + ip: + description: An ip block as documented below, which configures + an IP-based named location. + properties: + ipRanges: + description: List of IP address ranges in IPv4 CIDR format + (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF + RFC596. Each CIDR prefix must be /8 or larger. + items: + type: string + type: array + trusted: + description: Whether the named location is trusted. Defaults + to false. + type: boolean + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml index 365f2f46..e290ac8c 100644 --- a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml @@ -175,7 +175,8 @@ spec: The object ID of the directory role for this assignment type: string roleIdRef: - description: Reference to a Role to populate roleId. + description: Reference to a Role in directoryroles to populate + roleId. properties: name: description: Name of the referenced object. @@ -209,7 +210,8 @@ spec: - name type: object roleIdSelector: - description: Selector for a Role to populate roleId. + description: Selector for a Role in directoryroles to populate + roleId. properties: matchControllerRef: description: |- @@ -365,7 +367,8 @@ spec: The object ID of the directory role for this assignment type: string roleIdRef: - description: Reference to a Role to populate roleId. + description: Reference to a Role in directoryroles to populate + roleId. properties: name: description: Name of the referenced object. @@ -399,7 +402,8 @@ spec: - name type: object roleIdSelector: - description: Selector for a Role to populate roleId. + description: Selector for a Role in directoryroles to populate + roleId. properties: matchControllerRef: description: |- diff --git a/package/crds/groups.azuread.upbound.io_groups.yaml b/package/crds/groups.azuread.upbound.io_groups.yaml index 0dee8023..122ebc43 100644 --- a/package/crds/groups.azuread.upbound.io_groups.yaml +++ b/package/crds/groups.azuread.upbound.io_groups.yaml @@ -795,3 +795,774 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Group is the Schema for the Groups API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: GroupSpec defines the desired state of Group + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + administrativeUnitIds: + description: |- + The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + items: + type: string + type: array + x-kubernetes-list-type: set + assignableToRole: + description: |- + Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + type: boolean + autoSubscribeNewMembers: + description: |- + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + type: boolean + behaviors: + description: |- + A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + The group behaviours for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + The description for the group. + The description for the group + type: string + displayName: + description: |- + The display name for the group. + The display name for the group + type: string + dynamicMembership: + description: |- + A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + An optional block to configure dynamic membership for the group. Cannot be used with `members` + properties: + enabled: + description: Whether rule processing is "On" (true) or "Paused" + (false). + type: boolean + rule: + description: |- + The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + type: string + type: object + externalSendersAllowed: + description: |- + Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + Indicates whether people external to the organization can send messages to the group. + type: boolean + hideFromAddressLists: + description: |- + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + type: boolean + hideFromOutlookClients: + description: |- + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + type: boolean + mailEnabled: + description: |- + Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + type: boolean + mailNickname: + description: |- + The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + The mail alias for the group, unique in the organisation + type: string + members: + description: |- + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + onpremisesGroupType: + description: |- + The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + Indicates the target on-premise group type the group will be written back as + type: string + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + A set of owners who own this group. Supported object types are Users or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + preventDuplicateNames: + description: |- + If true, will return an error if an existing group is found with the same name. Defaults to false. + If `true`, will return an error if an existing group is found with the same name + type: boolean + provisioningOptions: + description: |- + A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + The group provisioning options for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + securityEnabled: + description: |- + Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + type: boolean + theme: + description: |- + The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + The colour theme for a Microsoft 365 group + type: string + types: + description: |- + A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + items: + type: string + type: array + x-kubernetes-list-type: set + visibility: + description: |- + The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + Specifies the group join policy and group content visibility + type: string + writebackEnabled: + description: |- + Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + type: boolean + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + administrativeUnitIds: + description: |- + The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + items: + type: string + type: array + x-kubernetes-list-type: set + assignableToRole: + description: |- + Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + type: boolean + autoSubscribeNewMembers: + description: |- + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + type: boolean + behaviors: + description: |- + A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + The group behaviours for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + The description for the group. + The description for the group + type: string + displayName: + description: |- + The display name for the group. + The display name for the group + type: string + dynamicMembership: + description: |- + A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + An optional block to configure dynamic membership for the group. Cannot be used with `members` + properties: + enabled: + description: Whether rule processing is "On" (true) or "Paused" + (false). + type: boolean + rule: + description: |- + The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + type: string + type: object + externalSendersAllowed: + description: |- + Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + Indicates whether people external to the organization can send messages to the group. + type: boolean + hideFromAddressLists: + description: |- + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + type: boolean + hideFromOutlookClients: + description: |- + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + type: boolean + mailEnabled: + description: |- + Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + type: boolean + mailNickname: + description: |- + The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + The mail alias for the group, unique in the organisation + type: string + members: + description: |- + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + onpremisesGroupType: + description: |- + The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + Indicates the target on-premise group type the group will be written back as + type: string + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + A set of owners who own this group. Supported object types are Users or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + preventDuplicateNames: + description: |- + If true, will return an error if an existing group is found with the same name. Defaults to false. + If `true`, will return an error if an existing group is found with the same name + type: boolean + provisioningOptions: + description: |- + A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + The group provisioning options for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + securityEnabled: + description: |- + Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + type: boolean + theme: + description: |- + The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + The colour theme for a Microsoft 365 group + type: string + types: + description: |- + A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + items: + type: string + type: array + x-kubernetes-list-type: set + visibility: + description: |- + The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + Specifies the group join policy and group content visibility + type: string + writebackEnabled: + description: |- + Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + type: boolean + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + status: + description: GroupStatus defines the observed state of Group. + properties: + atProvider: + properties: + administrativeUnitIds: + description: |- + The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + items: + type: string + type: array + x-kubernetes-list-type: set + assignableToRole: + description: |- + Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. + Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + type: boolean + autoSubscribeNewMembers: + description: |- + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + type: boolean + behaviors: + description: |- + A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + The group behaviours for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + description: + description: |- + The description for the group. + The description for the group + type: string + displayName: + description: |- + The display name for the group. + The display name for the group + type: string + dynamicMembership: + description: |- + A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + An optional block to configure dynamic membership for the group. Cannot be used with `members` + properties: + enabled: + description: Whether rule processing is "On" (true) or "Paused" + (false). + type: boolean + rule: + description: |- + The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + type: string + type: object + externalSendersAllowed: + description: |- + Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + Indicates whether people external to the organization can send messages to the group. + type: boolean + hideFromAddressLists: + description: |- + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + type: boolean + hideFromOutlookClients: + description: |- + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + type: boolean + id: + type: string + mail: + description: |- + The SMTP address for the group. + The SMTP address for the group + type: string + mailEnabled: + description: |- + Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + type: boolean + mailNickname: + description: |- + The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + The mail alias for the group, unique in the organisation + type: string + members: + description: |- + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + objectId: + description: |- + The object ID of the group. + The object ID of the group + type: string + onpremisesDomainName: + description: |- + The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used. + The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used + type: string + onpremisesGroupType: + description: |- + The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + Indicates the target on-premise group type the group will be written back as + type: string + onpremisesNetbiosName: + description: |- + The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used. + The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used + type: string + onpremisesSamAccountName: + description: |- + The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used. + The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used + type: string + onpremisesSecurityIdentifier: + description: |- + The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used. + The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used + type: string + onpremisesSyncEnabled: + description: |- + Whether this group is synchronised from an on-premises directory (true), no longer synchronised (false), or has never been synchronised (null). + Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null) + type: boolean + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + A set of owners who own this group. Supported object types are Users or Service Principals + items: + type: string + type: array + x-kubernetes-list-type: set + preferredLanguage: + description: |- + The preferred language for a Microsoft 365 group, in ISO 639-1 notation. + The preferred language for a Microsoft 365 group, in ISO 639-1 notation + type: string + preventDuplicateNames: + description: |- + If true, will return an error if an existing group is found with the same name. Defaults to false. + If `true`, will return an error if an existing group is found with the same name + type: boolean + provisioningOptions: + description: |- + A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + The group provisioning options for a Microsoft 365 group + items: + type: string + type: array + x-kubernetes-list-type: set + proxyAddresses: + description: |- + List of email addresses for the group that direct to the same group mailbox. + Email addresses for the group that direct to the same group mailbox + items: + type: string + type: array + securityEnabled: + description: |- + Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + type: boolean + theme: + description: |- + The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + The colour theme for a Microsoft 365 group + type: string + types: + description: |- + A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + items: + type: string + type: array + x-kubernetes-list-type: set + visibility: + description: |- + The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + Specifies the group join policy and group content visibility + type: string + writebackEnabled: + description: |- + Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + type: boolean + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/crds/groups.azuread.upbound.io_members.yaml b/package/crds/groups.azuread.upbound.io_members.yaml index d98d42b0..cfd34128 100644 --- a/package/crds/groups.azuread.upbound.io_members.yaml +++ b/package/crds/groups.azuread.upbound.io_members.yaml @@ -78,7 +78,7 @@ spec: The object ID of the group you want to add the member to type: string groupObjectIdRef: - description: Reference to a Group to populate groupObjectId. + description: Reference to a Group in groups to populate groupObjectId. properties: name: description: Name of the referenced object. @@ -112,7 +112,7 @@ spec: - name type: object groupObjectIdSelector: - description: Selector for a Group to populate groupObjectId. + description: Selector for a Group in groups to populate groupObjectId. properties: matchControllerRef: description: |- @@ -250,7 +250,7 @@ spec: The object ID of the group you want to add the member to type: string groupObjectIdRef: - description: Reference to a Group to populate groupObjectId. + description: Reference to a Group in groups to populate groupObjectId. properties: name: description: Name of the referenced object. @@ -284,7 +284,7 @@ spec: - name type: object groupObjectIdSelector: - description: Selector for a Group to populate groupObjectId. + description: Selector for a Group in groups to populate groupObjectId. properties: matchControllerRef: description: |- diff --git a/package/crds/invitations.azuread.upbound.io_invitations.yaml b/package/crds/invitations.azuread.upbound.io_invitations.yaml index 8c9f031f..ed71e76d 100644 --- a/package/crds/invitations.azuread.upbound.io_invitations.yaml +++ b/package/crds/invitations.azuread.upbound.io_invitations.yaml @@ -477,3 +477,456 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Invitation is the Schema for the Invitations API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: InvitationSpec defines the desired state of Invitation + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + message: + description: |- + A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + Customize the message sent to the invited user + properties: + additionalRecipients: + description: |- + Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + Email addresses of additional recipients the invitation message should be sent to + items: + type: string + type: array + body: + description: |- + Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + Customized message body you want to send if you don't want to send the default message + type: string + language: + description: |- + The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + The language you want to send the default message in + type: string + type: object + redirectUrl: + description: |- + The URL that the user should be redirected to once the invitation is redeemed. + The URL that the user should be redirected to once the invitation is redeemed + type: string + userDisplayName: + description: |- + The display name of the user being invited. + The display name of the user being invited + type: string + userEmailAddress: + description: |- + The email address of the user being invited. + The email address of the user being invited + type: string + userType: + description: |- + The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + The user type of the user being invited + type: string + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + message: + description: |- + A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + Customize the message sent to the invited user + properties: + additionalRecipients: + description: |- + Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + Email addresses of additional recipients the invitation message should be sent to + items: + type: string + type: array + body: + description: |- + Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + Customized message body you want to send if you don't want to send the default message + type: string + language: + description: |- + The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + The language you want to send the default message in + type: string + type: object + redirectUrl: + description: |- + The URL that the user should be redirected to once the invitation is redeemed. + The URL that the user should be redirected to once the invitation is redeemed + type: string + userDisplayName: + description: |- + The display name of the user being invited. + The display name of the user being invited + type: string + userEmailAddress: + description: |- + The email address of the user being invited. + The email address of the user being invited + type: string + userType: + description: |- + The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + The user type of the user being invited + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.redirectUrl is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.redirectUrl) + || (has(self.initProvider) && has(self.initProvider.redirectUrl))' + - message: spec.forProvider.userEmailAddress is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.userEmailAddress) + || (has(self.initProvider) && has(self.initProvider.userEmailAddress))' + status: + description: InvitationStatus defines the observed state of Invitation. + properties: + atProvider: + properties: + id: + type: string + message: + description: |- + A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + Customize the message sent to the invited user + properties: + additionalRecipients: + description: |- + Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + Email addresses of additional recipients the invitation message should be sent to + items: + type: string + type: array + body: + description: |- + Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + Customized message body you want to send if you don't want to send the default message + type: string + language: + description: |- + The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + The language you want to send the default message in + type: string + type: object + redeemUrl: + description: |- + The URL the user can use to redeem their invitation. + The URL the user can use to redeem their invitation + type: string + redirectUrl: + description: |- + The URL that the user should be redirected to once the invitation is redeemed. + The URL that the user should be redirected to once the invitation is redeemed + type: string + userDisplayName: + description: |- + The display name of the user being invited. + The display name of the user being invited + type: string + userEmailAddress: + description: |- + The email address of the user being invited. + The email address of the user being invited + type: string + userId: + description: |- + Object ID of the invited user. + Object ID of the invited user + type: string + userType: + description: |- + The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + The user type of the user being invited + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml index 4dd0eb95..b675a3b6 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml @@ -98,7 +98,8 @@ spec: The object ID of the service principal for which this certificate should be created type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -132,7 +133,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- @@ -240,7 +242,8 @@ spec: The object ID of the service principal for which this certificate should be created type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -274,7 +277,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- diff --git a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml index d946daf7..e604b4e5 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml @@ -161,7 +161,8 @@ spec: Object ID of the service principal for which to assign the policy type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -195,7 +196,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- @@ -335,7 +337,8 @@ spec: Object ID of the service principal for which to assign the policy type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -369,7 +372,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- diff --git a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml index cb6a4604..85dda63a 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml @@ -101,7 +101,8 @@ spec: The object ID of the service principal for which this password should be created type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -135,7 +136,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- @@ -222,7 +224,8 @@ spec: The object ID of the service principal for which this password should be created type: string servicePrincipalIdRef: - description: Reference to a Principal to populate servicePrincipalId. + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. properties: name: description: Name of the referenced object. @@ -256,7 +259,8 @@ spec: - name type: object servicePrincipalIdSelector: - description: Selector for a Principal to populate servicePrincipalId. + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. properties: matchControllerRef: description: |- diff --git a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml index 9066f433..7678b1c0 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml @@ -1129,3 +1129,1108 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Principal is the Schema for the Principals API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PrincipalSpec defines the desired state of Principal + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + accountEnabled: + description: |- + Whether or not the service principal account is enabled. Defaults to true. + Whether or not the service principal account is enabled + type: boolean + alternativeNames: + description: |- + A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + items: + type: string + type: array + x-kubernetes-list-type: set + appRoleAssignmentRequired: + description: |- + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + type: boolean + applicationId: + description: |- + The unique identifier of the app_role. + The application ID (client ID) of the application for which to create a service principal + type: string + applicationIdRef: + description: Reference to a Application in applications to populate + applicationId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationIdSelector: + description: Selector for a Application in applications to populate + applicationId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + clientId: + description: |- + The client ID of the application for which to create a service principal. + The client ID of the application for which to create a service principal + type: string + clientIdRef: + description: Reference to a Application in applications to populate + clientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clientIdSelector: + description: Selector for a Application in applications to populate + clientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + description: + description: |- + A description of the service principal provided for internal end-users. + Description of the service principal provided for internal end-users + type: string + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this service principal using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this service principal represents a custom SAML application + type: boolean + enterprise: + description: |- + Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this service principal represents an Enterprise Application + type: boolean + gallery: + description: |- + Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this service principal represents a gallery application + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this app is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + loginUrl: + description: |- + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + type: string + notes: + description: |- + A free text field to capture information about the service principal, typically used for operational purposes. + Free text field to capture information about the service principal, typically used for operational purposes + type: string + notificationEmailAddresses: + description: |- + A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + items: + type: string + type: array + x-kubernetes-list-type: set + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + preferredSingleSignOnMode: + description: |- + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + type: string + samlSingleSignOn: + description: |- + A saml_single_sign_on block as documented below. + Settings related to SAML single sign-on + properties: + relayState: + description: |- + The relative URI the service provider would redirect to after completion of the single sign-on flow. + The relative URI the service provider would redirect to after completion of the single sign-on flow + type: string + type: object + tags: + description: |- + A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + useExisting: + description: |- + When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + When true, the resource will return an existing service principal instead of failing with an error + type: boolean + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + accountEnabled: + description: |- + Whether or not the service principal account is enabled. Defaults to true. + Whether or not the service principal account is enabled + type: boolean + alternativeNames: + description: |- + A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + items: + type: string + type: array + x-kubernetes-list-type: set + appRoleAssignmentRequired: + description: |- + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + type: boolean + applicationId: + description: |- + The unique identifier of the app_role. + The application ID (client ID) of the application for which to create a service principal + type: string + applicationIdRef: + description: Reference to a Application in applications to populate + applicationId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationIdSelector: + description: Selector for a Application in applications to populate + applicationId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + clientId: + description: |- + The client ID of the application for which to create a service principal. + The client ID of the application for which to create a service principal + type: string + clientIdRef: + description: Reference to a Application in applications to populate + clientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clientIdSelector: + description: Selector for a Application in applications to populate + clientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + description: + description: |- + A description of the service principal provided for internal end-users. + Description of the service principal provided for internal end-users + type: string + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this service principal using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this service principal represents a custom SAML application + type: boolean + enterprise: + description: |- + Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this service principal represents an Enterprise Application + type: boolean + gallery: + description: |- + Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this service principal represents a gallery application + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this app is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + loginUrl: + description: |- + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + type: string + notes: + description: |- + A free text field to capture information about the service principal, typically used for operational purposes. + Free text field to capture information about the service principal, typically used for operational purposes + type: string + notificationEmailAddresses: + description: |- + A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + items: + type: string + type: array + x-kubernetes-list-type: set + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + preferredSingleSignOnMode: + description: |- + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + type: string + samlSingleSignOn: + description: |- + A saml_single_sign_on block as documented below. + Settings related to SAML single sign-on + properties: + relayState: + description: |- + The relative URI the service provider would redirect to after completion of the single sign-on flow. + The relative URI the service provider would redirect to after completion of the single sign-on flow + type: string + type: object + tags: + description: |- + A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + useExisting: + description: |- + When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + When true, the resource will return an existing service principal instead of failing with an error + type: boolean + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: PrincipalStatus defines the observed state of Principal. + properties: + atProvider: + properties: + accountEnabled: + description: |- + Whether or not the service principal account is enabled. Defaults to true. + Whether or not the service principal account is enabled + type: boolean + alternativeNames: + description: |- + A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + items: + type: string + type: array + x-kubernetes-list-type: set + appRoleAssignmentRequired: + description: |- + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + type: boolean + appRoleIds: + additionalProperties: + type: string + description: |- + A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. + Mapping of app role names to UUIDs + type: object + x-kubernetes-map-type: granular + appRoles: + description: A list of app roles published by the associated application, + as documented below. For more information official documentation. + items: + properties: + allowedMemberTypes: + description: 'Specifies whether this app role definition + can be assigned to users and groups, or to other applications + (that are accessing this application in a standalone scenario). + Possible values are: User and Application, or both.' + items: + type: string + type: array + description: + description: A description of the service principal provided + for internal end-users. + type: string + displayName: + description: The display name of the application associated + with this service principal. + type: string + enabled: + description: Determines if the app role is enabled. + type: boolean + id: + description: The unique identifier of the app_role. + type: string + value: + description: The value that is used for the roles claim + in ID tokens and OAuth 2.0 access tokens that are authenticating + an assigned service or user principal. + type: string + type: object + type: array + applicationId: + description: |- + The unique identifier of the app_role. + The application ID (client ID) of the application for which to create a service principal + type: string + applicationTenantId: + description: |- + The tenant ID where the associated application is registered. + The tenant ID where the associated application is registered + type: string + clientId: + description: |- + The client ID of the application for which to create a service principal. + The client ID of the application for which to create a service principal + type: string + description: + description: |- + A description of the service principal provided for internal end-users. + Description of the service principal provided for internal end-users + type: string + displayName: + description: |- + The display name of the application associated with this service principal. + The display name of the application associated with this service principal + type: string + featureTags: + description: |- + A feature_tags block as described below. Cannot be used together with the tags property. + Block of features to configure for this service principal using tags + items: + properties: + customSingleSignOn: + description: |- + Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + Whether this service principal represents a custom SAML application + type: boolean + enterprise: + description: |- + Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + Whether this service principal represents an Enterprise Application + type: boolean + gallery: + description: |- + Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + Whether this service principal represents a gallery application + type: boolean + hide: + description: |- + Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + Whether this app is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + homepageUrl: + description: |- + Home page or landing page of the associated application. + Home page or landing page of the application + type: string + id: + description: The unique identifier of the app_role. + type: string + loginUrl: + description: |- + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + type: string + logoutUrl: + description: |- + The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application. + The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + type: string + notes: + description: |- + A free text field to capture information about the service principal, typically used for operational purposes. + Free text field to capture information about the service principal, typically used for operational purposes + type: string + notificationEmailAddresses: + description: |- + A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + items: + type: string + type: array + x-kubernetes-list-type: set + oauth2PermissionScopeIds: + additionalProperties: + type: string + description: |- + A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration. + Mapping of OAuth2.0 permission scope names to UUIDs + type: object + x-kubernetes-map-type: granular + oauth2PermissionScopes: + description: A list of OAuth 2.0 delegated permission scopes exposed + by the associated application, as documented below. + items: + properties: + adminConsentDescription: + description: Delegated permission description that appears + in all tenant-wide admin consent experiences, intended + to be read by an administrator granting the permission + on behalf of all users. + type: string + adminConsentDisplayName: + description: Display name for the delegated permission, + intended to be read by an administrator granting the permission + on behalf of all users. + type: string + enabled: + description: Determines if the app role is enabled. + type: boolean + id: + description: The unique identifier of the app_role. + type: string + type: + description: Identifies whether the service principal represents + an application or a managed identity. Possible values + include Application or ManagedIdentity. + type: string + userConsentDescription: + description: Delegated permission description that appears + in the end user consent experience, intended to be read + by a user consenting on their own behalf. + type: string + userConsentDisplayName: + description: Display name for the delegated permission that + appears in the end user consent experience. + type: string + value: + description: The value that is used for the roles claim + in ID tokens and OAuth 2.0 access tokens that are authenticating + an assigned service or user principal. + type: string + type: object + type: array + objectId: + description: |- + The object ID of the service principal. + The object ID of the service principal + type: string + owners: + description: |- + A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership of the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + preferredSingleSignOnMode: + description: |- + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + type: string + redirectUris: + description: |- + A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application. + The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application + items: + type: string + type: array + samlMetadataUrl: + description: |- + The URL where the service exposes SAML metadata for federation. + The URL where the service exposes SAML metadata for federation + type: string + samlSingleSignOn: + description: |- + A saml_single_sign_on block as documented below. + Settings related to SAML single sign-on + properties: + relayState: + description: |- + The relative URI the service provider would redirect to after completion of the single sign-on flow. + The relative URI the service provider would redirect to after completion of the single sign-on flow + type: string + type: object + servicePrincipalNames: + description: |- + A list of identifier URI(s), copied over from the associated application. + A list of identifier URI(s), copied over from the associated application + items: + type: string + type: array + signInAudience: + description: |- + The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. + The Microsoft account types that are supported for the associated application + type: string + tags: + description: |- + A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + A set of tags to apply to the service principal + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: |- + Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. + Identifies whether the service principal represents an application or a managed identity + type: string + useExisting: + description: |- + When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + When true, the resource will return an existing service principal instead of failing with an error + type: boolean + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/package/kustomize/kustomization.yaml b/package/kustomize/kustomization.yaml new file mode 100644 index 00000000..48398bc5 --- /dev/null +++ b/package/kustomize/kustomization.yaml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../crds + +patches: +- path: webhook.yaml + target: + group: apiextensions.k8s.io + kind: CustomResourceDefinition + +transformers: + - splitter.yaml diff --git a/package/kustomize/plugin/providers.upbound.io/splittransformer/SplitTransformer b/package/kustomize/plugin/providers.upbound.io/splittransformer/SplitTransformer new file mode 100755 index 00000000..ca27dcf3 --- /dev/null +++ b/package/kustomize/plugin/providers.upbound.io/splittransformer/SplitTransformer @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -aeuo pipefail + +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + +# skip the config directory argument +shift +output_dir="$1" + +cd "${output_dir}" +# prepend the YAML doc separator to the stdin +{ echo "---"; cat; } | ${YQ} --split-exp '.spec.group + "_" + .spec.names.plural + ".yaml"' - diff --git a/package/kustomize/splitter.yaml b/package/kustomize/splitter.yaml new file mode 100644 index 00000000..c4a3ba85 --- /dev/null +++ b/package/kustomize/splitter.yaml @@ -0,0 +1,9 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: providers.upbound.io +kind: SplitTransformer +metadata: + name: splitter +argsOneLiner: ../crds diff --git a/package/kustomize/webhook.yaml b/package/kustomize/webhook.yaml new file mode 100644 index 00000000..5add0c72 --- /dev/null +++ b/package/kustomize/webhook.yaml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ignored +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + path: /convert + conversionReviewVersions: + - v1