From c154055ec41f4333984deb50b4527751aa93a350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fatih=20T=C3=BCrken?= Date: Tue, 18 Apr 2023 18:59:21 +0300 Subject: [PATCH] Add Support for Observe Only Resources - Bump "up" to v0.16.1 --- Makefile | 2 +- .../v1beta1/zz_generated.deepcopy.go | 41 ++ .../v1beta1/zz_generated.managed.go | 20 + .../v1beta1/zz_member_types.go | 9 + .../v1beta1/zz_unit_types.go | 28 +- apis/app/v1beta1/zz_generated.deepcopy.go | 15 + apis/app/v1beta1/zz_generated.managed.go | 10 + apis/app/v1beta1/zz_roleassignment_types.go | 22 +- .../v1beta1/zz_application_types.go | 294 ++++++++- .../v1beta1/zz_certificate_types.go | 36 +- .../zz_federatedidentitycredential_types.go | 48 +- .../v1beta1/zz_generated.deepcopy.go | 611 +++++++++++++++++- .../v1beta1/zz_generated.managed.go | 50 ++ .../applications/v1beta1/zz_password_types.go | 25 + .../v1beta1/zz_preauthorized_types.go | 21 +- .../v1beta1/zz_accesspolicy_types.go | 138 +++- .../v1beta1/zz_generated.deepcopy.go | 373 +++++++++++ .../v1beta1/zz_generated.managed.go | 20 + .../v1beta1/zz_location_types.go | 30 +- .../v1beta1/zz_customdirectoryrole_types.go | 53 +- .../v1beta1/zz_generated.deepcopy.go | 78 +++ .../v1beta1/zz_generated.managed.go | 30 + apis/directoryroles/v1beta1/zz_role_types.go | 4 + .../v1beta1/zz_roleassignment_types.go | 23 + apis/groups/v1beta1/zz_generated.deepcopy.go | 158 +++++ apis/groups/v1beta1/zz_generated.managed.go | 20 + apis/groups/v1beta1/zz_group_types.go | 97 ++- apis/groups/v1beta1/zz_member_types.go | 9 + .../v1beta1/zz_generated.deepcopy.go | 48 ++ .../v1beta1/zz_generated.managed.go | 10 + .../v1beta1/zz_invitation_types.go | 46 +- .../v1beta1/zz_claimsmappingpolicy_types.go | 22 +- .../policies/v1beta1/zz_generated.deepcopy.go | 16 + apis/policies/v1beta1/zz_generated.managed.go | 10 + .../v1beta1/zz_generated.deepcopy.go | 26 + .../v1beta1/zz_generated.managed.go | 10 + .../v1beta1/zz_permissiongrant_types.go | 25 +- .../v1beta1/zz_certificate_types.go | 36 +- .../zz_claimsmappingpolicyassignment_types.go | 8 + .../v1beta1/zz_generated.deepcopy.go | 223 +++++++ .../v1beta1/zz_generated.managed.go | 50 ++ .../v1beta1/zz_password_types.go | 25 + .../v1beta1/zz_principal_types.go | 76 +++ .../zz_tokensigningcertificate_types.go | 14 + .../v1beta1/zz_generated.deepcopy.go | 32 + .../v1beta1/zz_generated.managed.go | 20 + apis/synchronization/v1beta1/zz_job_types.go | 21 +- .../v1beta1/zz_secret_types.go | 11 + apis/users/v1beta1/zz_generated.deepcopy.go | 182 ++++++ apis/users/v1beta1/zz_generated.managed.go | 10 + apis/users/v1beta1/zz_user_types.go | 150 ++++- cmd/provider/main.go | 8 + config/provider.go | 1 + go.mod | 34 +- go.sum | 74 +-- .../member/zz_controller.go | 12 +- .../administrativeunits/unit/zz_controller.go | 12 +- .../app/roleassignment/zz_controller.go | 12 +- .../applications/application/zz_controller.go | 12 +- .../applications/certificate/zz_controller.go | 12 +- .../zz_controller.go | 12 +- .../applications/password/zz_controller.go | 12 +- .../preauthorized/zz_controller.go | 12 +- .../accesspolicy/zz_controller.go | 12 +- .../location/zz_controller.go | 12 +- .../customdirectoryrole/zz_controller.go | 12 +- .../directoryroles/role/zz_controller.go | 12 +- .../roleassignment/zz_controller.go | 12 +- .../controller/groups/group/zz_controller.go | 12 +- .../controller/groups/member/zz_controller.go | 12 +- .../invitations/invitation/zz_controller.go | 12 +- .../claimsmappingpolicy/zz_controller.go | 12 +- .../permissiongrant/zz_controller.go | 12 +- .../certificate/zz_controller.go | 12 +- .../zz_controller.go | 12 +- .../password/zz_controller.go | 12 +- .../principal/zz_controller.go | 12 +- .../tokensigningcertificate/zz_controller.go | 12 +- .../synchronization/job/zz_controller.go | 12 +- .../synchronization/secret/zz_controller.go | 12 +- .../controller/users/user/zz_controller.go | 12 +- internal/features/features.go | 5 + ...ativeunits.azuread.upbound.io_members.yaml | 33 +- ...trativeunits.azuread.upbound.io_units.yaml | 53 +- ...pp.azuread.upbound.io_roleassignments.yaml | 46 +- ...tions.azuread.upbound.io_applications.yaml | 561 +++++++++++++++- ...tions.azuread.upbound.io_certificates.yaml | 80 ++- ...bound.io_federatedidentitycredentials.yaml | 78 ++- ...ications.azuread.upbound.io_passwords.yaml | 68 +- ...ons.azuread.upbound.io_preauthorizeds.yaml | 44 +- .../crds/azuread.upbound.io_storeconfigs.yaml | 33 +- ...ess.azuread.upbound.io_accesspolicies.yaml | 284 +++++++- ...alaccess.azuread.upbound.io_locations.yaml | 67 +- ...uread.upbound.io_customdirectoryroles.yaml | 76 ++- ...es.azuread.upbound.io_roleassignments.yaml | 57 +- ...rectoryroles.azuread.upbound.io_roles.yaml | 28 +- .../groups.azuread.upbound.io_groups.yaml | 196 +++++- .../groups.azuread.upbound.io_members.yaml | 36 +- ...ations.azuread.upbound.io_invitations.yaml | 80 ++- ...read.upbound.io_claimsmappingpolicies.yaml | 43 +- ...d.azuread.upbound.io_permissiongrants.yaml | 57 +- ...ipals.azuread.upbound.io_certificates.yaml | 78 ++- ...und.io_claimsmappingpolicyassignments.yaml | 32 +- ...incipals.azuread.upbound.io_passwords.yaml | 67 +- ...ncipals.azuread.upbound.io_principals.yaml | 166 ++++- ...d.upbound.io_tokensigningcertificates.yaml | 42 +- ...nchronization.azuread.upbound.io_jobs.yaml | 43 +- ...ronization.azuread.upbound.io_secrets.yaml | 40 +- .../crds/users.azuread.upbound.io_users.yaml | 210 +++++- 109 files changed, 6017 insertions(+), 351 deletions(-) diff --git a/Makefile b/Makefile index 1ee1ac06..43a21a2d 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ GO_SUBDIRS += cmd internal apis # Setup Kubernetes tools KIND_VERSION = v0.15.0 -UP_VERSION = v0.14.0 +UP_VERSION = v0.16.1 UP_CHANNEL = stable UPTEST_VERSION = v0.5.0 -include build/makelib/k8s_tools.mk diff --git a/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go b/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go index abc9dd31..2ffe6a14 100644 --- a/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go +++ b/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go @@ -76,11 +76,21 @@ func (in *MemberList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MemberObservation) DeepCopyInto(out *MemberObservation) { *out = *in + if in.AdministrativeUnitObjectID != nil { + in, out := &in.AdministrativeUnitObjectID, &out.AdministrativeUnitObjectID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.MemberObjectID != nil { + in, out := &in.MemberObjectID, &out.MemberObjectID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberObservation. @@ -224,16 +234,47 @@ func (in *UnitList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UnitObservation) DeepCopyInto(out *UnitObservation) { *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.HiddenMembershipEnabled != nil { + in, out := &in.HiddenMembershipEnabled, &out.HiddenMembershipEnabled + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ObjectID != nil { in, out := &in.ObjectID, &out.ObjectID *out = new(string) **out = **in } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnitObservation. diff --git a/apis/administrativeunits/v1beta1/zz_generated.managed.go b/apis/administrativeunits/v1beta1/zz_generated.managed.go index 9c63f879..b15bbc42 100644 --- a/apis/administrativeunits/v1beta1/zz_generated.managed.go +++ b/apis/administrativeunits/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Member) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Member. +func (mg *Member) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Member. func (mg *Member) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Member) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Member. +func (mg *Member) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Member. func (mg *Member) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Unit) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Unit. +func (mg *Unit) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Unit. func (mg *Unit) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Unit) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Unit. +func (mg *Unit) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Unit. func (mg *Unit) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/administrativeunits/v1beta1/zz_member_types.go b/apis/administrativeunits/v1beta1/zz_member_types.go index 09269ad7..7499a6c5 100755 --- a/apis/administrativeunits/v1beta1/zz_member_types.go +++ b/apis/administrativeunits/v1beta1/zz_member_types.go @@ -14,7 +14,16 @@ import ( ) type MemberObservation struct { + + // The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. + // The object ID of the administrative unit + AdministrativeUnitObjectID *string `json:"administrativeUnitObjectId,omitempty" tf:"administrative_unit_object_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created. + // The object ID of the member + MemberObjectID *string `json:"memberObjectId,omitempty" tf:"member_object_id,omitempty"` } type MemberParameters struct { diff --git a/apis/administrativeunits/v1beta1/zz_unit_types.go b/apis/administrativeunits/v1beta1/zz_unit_types.go index 39957a7e..2a6022b8 100755 --- a/apis/administrativeunits/v1beta1/zz_unit_types.go +++ b/apis/administrativeunits/v1beta1/zz_unit_types.go @@ -14,11 +14,30 @@ import ( ) type UnitObservation struct { + + // The description of the administrative unit. + // The description for the administrative unit + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name of the administrative unit. + // The display name for the administrative unit + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Whether the administrative unit and its members are hidden or publicly viewable in the directory + HiddenMembershipEnabled *bool `json:"hiddenMembershipEnabled,omitempty" tf:"hidden_membership_enabled,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. + // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + // The object ID of the administrative unit. // The object ID of the administrative unit ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + + // If `true`, will return an error if an existing administrative unit is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` } type UnitParameters struct { @@ -30,8 +49,8 @@ type UnitParameters struct { // The display name of the administrative unit. // The display name for the administrative unit - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Whether the administrative unit and its members are hidden or publicly viewable in the directory // +kubebuilder:validation:Optional @@ -71,8 +90,9 @@ type UnitStatus struct { type Unit struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec UnitSpec `json:"spec"` - Status UnitStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + Spec UnitSpec `json:"spec"` + Status UnitStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/app/v1beta1/zz_generated.deepcopy.go b/apis/app/v1beta1/zz_generated.deepcopy.go index 95456d98..7d6f828e 100644 --- a/apis/app/v1beta1/zz_generated.deepcopy.go +++ b/apis/app/v1beta1/zz_generated.deepcopy.go @@ -76,6 +76,11 @@ func (in *RoleAssignmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RoleAssignmentObservation) DeepCopyInto(out *RoleAssignmentObservation) { *out = *in + if in.AppRoleID != nil { + in, out := &in.AppRoleID, &out.AppRoleID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -86,6 +91,11 @@ func (in *RoleAssignmentObservation) DeepCopyInto(out *RoleAssignmentObservation *out = new(string) **out = **in } + if in.PrincipalObjectID != nil { + in, out := &in.PrincipalObjectID, &out.PrincipalObjectID + *out = new(string) + **out = **in + } if in.PrincipalType != nil { in, out := &in.PrincipalType, &out.PrincipalType *out = new(string) @@ -96,6 +106,11 @@ func (in *RoleAssignmentObservation) DeepCopyInto(out *RoleAssignmentObservation *out = new(string) **out = **in } + if in.ResourceObjectID != nil { + in, out := &in.ResourceObjectID, &out.ResourceObjectID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleAssignmentObservation. diff --git a/apis/app/v1beta1/zz_generated.managed.go b/apis/app/v1beta1/zz_generated.managed.go index 6f724c02..3ada5641 100644 --- a/apis/app/v1beta1/zz_generated.managed.go +++ b/apis/app/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *RoleAssignment) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this RoleAssignment. +func (mg *RoleAssignment) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this RoleAssignment. func (mg *RoleAssignment) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *RoleAssignment) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this RoleAssignment. +func (mg *RoleAssignment) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this RoleAssignment. func (mg *RoleAssignment) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/app/v1beta1/zz_roleassignment_types.go b/apis/app/v1beta1/zz_roleassignment_types.go index a9c5b625..37987783 100755 --- a/apis/app/v1beta1/zz_roleassignment_types.go +++ b/apis/app/v1beta1/zz_roleassignment_types.go @@ -14,12 +14,21 @@ import ( ) type RoleAssignmentObservation struct { + + // The ID of the app role to be assigned, or the default role ID 00000000-0000-0000-0000-000000000000. Changing this forces a new resource to be created. + // The ID of the app role to be assigned + AppRoleID *string `json:"appRoleId,omitempty" tf:"app_role_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // The display name of the principal to which the app role is assigned. // The display name of the principal to which the app role is assigned PrincipalDisplayName *string `json:"principalDisplayName,omitempty" tf:"principal_display_name,omitempty"` + // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the user, group or service principal to be assigned this app role + PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` + // The object type of the principal to which the app role is assigned. // The object type of the principal to which the app role is assigned PrincipalType *string `json:"principalType,omitempty" tf:"principal_type,omitempty"` @@ -27,14 +36,18 @@ type RoleAssignmentObservation struct { // The display name of the application representing the resource. // The display name of the application representing the resource ResourceDisplayName *string `json:"resourceDisplayName,omitempty" tf:"resource_display_name,omitempty"` + + // The object ID of the service principal representing the resource. Changing this forces a new resource to be created. + // The object ID of the service principal representing the resource + ResourceObjectID *string `json:"resourceObjectId,omitempty" tf:"resource_object_id,omitempty"` } type RoleAssignmentParameters struct { // The ID of the app role to be assigned, or the default role ID 00000000-0000-0000-0000-000000000000. Changing this forces a new resource to be created. // The ID of the app role to be assigned - // +kubebuilder:validation:Required - AppRoleID *string `json:"appRoleId" tf:"app_role_id,omitempty"` + // +kubebuilder:validation:Optional + AppRoleID *string `json:"appRoleId,omitempty" tf:"app_role_id,omitempty"` // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. // The object ID of the user, group or service principal to be assigned this app role @@ -89,8 +102,9 @@ type RoleAssignmentStatus struct { type RoleAssignment struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec RoleAssignmentSpec `json:"spec"` - Status RoleAssignmentStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.appRoleId)",message="appRoleId is a required parameter" + Spec RoleAssignmentSpec `json:"spec"` + Status RoleAssignmentStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/applications/v1beta1/zz_application_types.go b/apis/applications/v1beta1/zz_application_types.go index 8e6d8246..1ee1cd64 100755 --- a/apis/applications/v1beta1/zz_application_types.go +++ b/apis/applications/v1beta1/zz_application_types.go @@ -14,6 +14,22 @@ import ( ) type APIObservation struct { + + // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` + + // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. + // Allows an application to use claims mapping without specifying a custom signing key + MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"` + + // One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application. + // One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application + Oauth2PermissionScope []Oauth2PermissionScopeObservation `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"` + + // The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1. + // The access token version expected by this resource + RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"` } type APIParameters struct { @@ -40,6 +56,22 @@ type APIParameters struct { } type AccessTokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` } type AccessTokenParameters struct { @@ -66,6 +98,30 @@ type AccessTokenParameters struct { } type AppRoleObservation struct { + + // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. + // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` + + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. + // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Display name for the app role that appears during app role assignment and in consent experiences. + // Display name for the app role that appears during app role assignment and in consent experiences + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Determines if the app role is enabled. Defaults to true. + // Determines if the app role is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the app role. Must be a valid UUID. + // The unique identifier of the app role + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. + // The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal + Value *string `json:"value,omitempty" tf:"value,omitempty"` } type AppRoleParameters struct { @@ -103,6 +159,12 @@ type AppRoleParameters struct { type ApplicationObservation struct { + // An api block as documented below, which configures API related settings for this application. + API []APIObservation `json:"api,omitempty" tf:"api,omitempty"` + + // A collection of app_role blocks as documented below. For more information see official documentation on Application Roles. + AppRole []AppRoleObservation `json:"appRole,omitempty" tf:"app_role,omitempty"` + // A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. // Mapping of app role names to UUIDs AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` @@ -111,28 +173,119 @@ type ApplicationObservation struct { // The Application ID (also called Client ID) ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + // A description of the application, as shown to end users. + // Description of the application as shown to end users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Specifies whether this application supports device authentication without a user. Defaults to false. + // Specifies whether this application supports device authentication without a user. + DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"` + // Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement // Whether Microsoft has disabled the registered application DisabledByMicrosoft *string `json:"disabledByMicrosoft,omitempty" tf:"disabled_by_microsoft,omitempty"` + // The display name for the application. + // The display name for the application + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. + // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI + FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"` + + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this application using tags + FeatureTags []FeatureTagsObservation `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + + // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. + // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` + // The unique identifier for an app role or OAuth2 permission scope published by the resource application. ID *string `json:"id,omitempty" tf:"id,omitempty"` + // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. + // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` + + // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. + // Base64 encoded logo image in gif, png or jpeg format + LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"` + // CDN URL to the application's logo, as uploaded with the logo_image property. // CDN URL to the application's logo LogoURL *string `json:"logoUrl,omitempty" tf:"logo_url,omitempty"` + // URL of the application's marketing page. + // URL of the application's marketing page + MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"` + + // User-specified notes relevant for the management of the application. + // User-specified notes relevant for the management of the application + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + // A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration. // Mapping of OAuth2.0 permission scope names to UUIDs Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"` + // The application's object ID. // The application's object ID ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + // An optional_claims block as documented below. + OptionalClaims []OptionalClaimsObservation `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"` + + // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the application + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // If true, will return an error if an existing application is found with the same name. Defaults to false. + // If `true`, will return an error if an existing application is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // URL of the application's privacy statement. + // URL of the application's privacy statement + PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"` + + // A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. + PublicClient []PublicClientObservation `json:"publicClient,omitempty" tf:"public_client,omitempty"` + // The verified publisher domain for the application. // The verified publisher domain for the application PublisherDomain *string `json:"publisherDomain,omitempty" tf:"publisher_domain,omitempty"` + + // A collection of required_resource_access blocks as documented below. + RequiredResourceAccess []RequiredResourceAccessObservation `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. + // The Microsoft account types that are supported for the current application + SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + + // A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application. + SinglePageApplication []SinglePageApplicationObservation `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"` + + // URL of the application's support page. + // URL of the application's support page + SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"` + + // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the application + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. + // Unique ID of the application template from which this application is created + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` + + // URL of the application's terms of service statement. + // URL of the application's terms of service statement + TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"` + + // A web block as documented below, which configures web related settings for this application. + Web []WebObservation `json:"web,omitempty" tf:"web,omitempty"` } type ApplicationParameters struct { @@ -157,8 +310,8 @@ type ApplicationParameters struct { // The display name for the application. // The display name for the application - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false. // Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI @@ -262,6 +415,22 @@ type ApplicationParameters struct { } type FeatureTagsObservation struct { + + // Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this application represents a custom SAML application for linked service principals + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this application represents an Enterprise Application for linked service principals + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this application represents a gallery application for linked service principals + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this application is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` } type FeatureTagsParameters struct { @@ -288,6 +457,22 @@ type FeatureTagsParameters struct { } type IDTokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` } type IDTokenParameters struct { @@ -314,6 +499,14 @@ type IDTokenParameters struct { } type ImplicitGrantObservation struct { + + // Whether this web application can request an access token using OAuth 2.0 implicit flow. + // Whether this web application can request an access token using OAuth 2.0 implicit flow + AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"` + + // Whether this web application can request an ID token using OAuth 2.0 implicit flow. + // Whether this web application can request an ID token using OAuth 2.0 implicit flow + IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"` } type ImplicitGrantParameters struct { @@ -330,6 +523,38 @@ type ImplicitGrantParameters struct { } type Oauth2PermissionScopeObservation struct { + + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. + // Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"` + + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. + // Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users + AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"` + + // Determines if the permission scope is enabled. Defaults to true. + // Determines if the permission scope is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The unique identifier of the delegated permission. Must be a valid UUID. + // The unique identifier of the delegated permission + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin. + // Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. + // Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf + UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"` + + // Display name for the delegated permission that appears in the end user consent experience. + // Display name for the delegated permission that appears in the end user consent experience + UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"` + + // The value that is used for the scp claim in OAuth 2.0 access tokens. + // The value that is used for the `scp` claim in OAuth 2.0 access tokens + Value *string `json:"value,omitempty" tf:"value,omitempty"` } type Oauth2PermissionScopeParameters struct { @@ -376,6 +601,15 @@ type Oauth2PermissionScopeParameters struct { } type OptionalClaimsObservation struct { + + // One or more access_token blocks as documented below. + AccessToken []AccessTokenObservation `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // One or more id_token blocks as documented below. + IDToken []IDTokenObservation `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // One or more saml2_token blocks as documented below. + Saml2Token []Saml2TokenObservation `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"` } type OptionalClaimsParameters struct { @@ -394,6 +628,10 @@ type OptionalClaimsParameters struct { } type PublicClientObservation struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } type PublicClientParameters struct { @@ -405,6 +643,12 @@ type PublicClientParameters struct { } type RequiredResourceAccessObservation struct { + + // A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource. + ResourceAccess []ResourceAccessObservation `json:"resourceAccess,omitempty" tf:"resource_access,omitempty"` + + // The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application. + ResourceAppID *string `json:"resourceAppId,omitempty" tf:"resource_app_id,omitempty"` } type RequiredResourceAccessParameters struct { @@ -419,6 +663,12 @@ type RequiredResourceAccessParameters struct { } type ResourceAccessObservation struct { + + // The unique identifier for an app role or OAuth2 permission scope published by the resource application. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ResourceAccessParameters struct { @@ -433,6 +683,22 @@ type ResourceAccessParameters struct { } type Saml2TokenObservation struct { + + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. + // List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim + AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"` + + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience. + // Whether the claim specified by the client is necessary to ensure a smooth authorization experience + Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"` + + // The name of the optional claim. + // The name of the optional claim + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object. + // The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object + Source *string `json:"source,omitempty" tf:"source,omitempty"` } type Saml2TokenParameters struct { @@ -459,6 +725,10 @@ type Saml2TokenParameters struct { } type SinglePageApplicationObservation struct { + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } type SinglePageApplicationParameters struct { @@ -470,6 +740,21 @@ type SinglePageApplicationParameters struct { } type WebObservation struct { + + // Home page or landing page of the application. + // Home page or landing page of the application + HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` + + // An implicit_grant block as documented above. + ImplicitGrant []ImplicitGrantObservation `json:"implicitGrant,omitempty" tf:"implicit_grant,omitempty"` + + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. + // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols + LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + + // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. + // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } type WebParameters struct { @@ -518,8 +803,9 @@ type ApplicationStatus struct { type Application struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ApplicationSpec `json:"spec"` - Status ApplicationStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + Spec ApplicationSpec `json:"spec"` + Status ApplicationStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/applications/v1beta1/zz_certificate_types.go b/apis/applications/v1beta1/zz_certificate_types.go index 9991c878..61d7d26d 100755 --- a/apis/applications/v1beta1/zz_certificate_types.go +++ b/apis/applications/v1beta1/zz_certificate_types.go @@ -14,7 +14,36 @@ import ( ) type CertificateObservation struct { + + // The object ID of the application for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this certificate should be created + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem. + // Specifies the encoding used for the supplied certificate data + Encoding *string `json:"encoding,omitempty" tf:"encoding,omitempty"` + + // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. + // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date + EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + + // A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created. + // A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m` + EndDateRelative *string `json:"endDateRelative,omitempty" tf:"end_date_relative,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created. + // A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date and time are use + StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` + + // The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created. + // The type of key/certificate + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type CertificateParameters struct { @@ -65,7 +94,7 @@ type CertificateParameters struct { // The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument. // The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argumen - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional ValueSecretRef v1.SecretKeySelector `json:"valueSecretRef" tf:"-"` } @@ -93,8 +122,9 @@ type CertificateStatus struct { type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec CertificateSpec `json:"spec"` - Status CertificateStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.valueSecretRef)",message="valueSecretRef is a required parameter" + Spec CertificateSpec `json:"spec"` + Status CertificateStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go index fa6ff290..83a3cfb9 100755 --- a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go +++ b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go @@ -15,11 +15,35 @@ import ( type FederatedIdentityCredentialObservation struct { + // The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this federated identity credential should be created + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens. + // List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens. + Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"` + // A UUID used to uniquely identify this federated identity credential. // A UUID used to uniquely identify this federated identity credential CredentialID *string `json:"credentialId,omitempty" tf:"credential_id,omitempty"` + // A description for the federated identity credential. + // A description for the federated identity credential + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A unique display name for the federated identity credential. Changing this forces a new resource to be created. + // A unique display name for the federated identity credential + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app. + // The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app. + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` + + // The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app. + // The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app. + Subject *string `json:"subject,omitempty" tf:"subject,omitempty"` } type FederatedIdentityCredentialParameters struct { @@ -40,8 +64,8 @@ type FederatedIdentityCredentialParameters struct { // List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens. // List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens. - // +kubebuilder:validation:Required - Audiences []*string `json:"audiences" tf:"audiences,omitempty"` + // +kubebuilder:validation:Optional + Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"` // A description for the federated identity credential. // A description for the federated identity credential @@ -50,18 +74,18 @@ type FederatedIdentityCredentialParameters struct { // A unique display name for the federated identity credential. Changing this forces a new resource to be created. // A unique display name for the federated identity credential - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app. // The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app. - // +kubebuilder:validation:Required - Issuer *string `json:"issuer" tf:"issuer,omitempty"` + // +kubebuilder:validation:Optional + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` // The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app. // The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app. - // +kubebuilder:validation:Required - Subject *string `json:"subject" tf:"subject,omitempty"` + // +kubebuilder:validation:Optional + Subject *string `json:"subject,omitempty" tf:"subject,omitempty"` } // FederatedIdentityCredentialSpec defines the desired state of FederatedIdentityCredential @@ -88,8 +112,12 @@ type FederatedIdentityCredentialStatus struct { type FederatedIdentityCredential struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec FederatedIdentityCredentialSpec `json:"spec"` - Status FederatedIdentityCredentialStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.audiences)",message="audiences is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.issuer)",message="issuer is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.subject)",message="subject is a required parameter" + Spec FederatedIdentityCredentialSpec `json:"spec"` + Status FederatedIdentityCredentialStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/applications/v1beta1/zz_generated.deepcopy.go b/apis/applications/v1beta1/zz_generated.deepcopy.go index 793b8802..3268a98d 100644 --- a/apis/applications/v1beta1/zz_generated.deepcopy.go +++ b/apis/applications/v1beta1/zz_generated.deepcopy.go @@ -17,6 +17,34 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIObservation) DeepCopyInto(out *APIObservation) { *out = *in + if in.KnownClientApplications != nil { + in, out := &in.KnownClientApplications, &out.KnownClientApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.MappedClaimsEnabled != nil { + in, out := &in.MappedClaimsEnabled, &out.MappedClaimsEnabled + *out = new(bool) + **out = **in + } + if in.Oauth2PermissionScope != nil { + in, out := &in.Oauth2PermissionScope, &out.Oauth2PermissionScope + *out = make([]Oauth2PermissionScopeObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestedAccessTokenVersion != nil { + in, out := &in.RequestedAccessTokenVersion, &out.RequestedAccessTokenVersion + *out = new(float64) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIObservation. @@ -75,6 +103,32 @@ func (in *APIParameters) DeepCopy() *APIParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessTokenObservation) DeepCopyInto(out *AccessTokenObservation) { *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenObservation. @@ -131,6 +185,42 @@ func (in *AccessTokenParameters) DeepCopy() *AccessTokenParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AppRoleObservation) DeepCopyInto(out *AppRoleObservation) { *out = *in + if in.AllowedMemberTypes != nil { + in, out := &in.AllowedMemberTypes, &out.AllowedMemberTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleObservation. @@ -256,6 +346,20 @@ func (in *ApplicationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationObservation) DeepCopyInto(out *ApplicationObservation) { *out = *in + if in.API != nil { + in, out := &in.API, &out.API + *out = make([]APIObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AppRole != nil { + in, out := &in.AppRole, &out.AppRole + *out = make([]AppRoleObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AppRoleIds != nil { in, out := &in.AppRoleIds, &out.AppRoleIds *out = make(map[string]*string, len(*in)) @@ -276,21 +380,85 @@ func (in *ApplicationObservation) DeepCopyInto(out *ApplicationObservation) { *out = new(string) **out = **in } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DeviceOnlyAuthEnabled != nil { + in, out := &in.DeviceOnlyAuthEnabled, &out.DeviceOnlyAuthEnabled + *out = new(bool) + **out = **in + } if in.DisabledByMicrosoft != nil { in, out := &in.DisabledByMicrosoft, &out.DisabledByMicrosoft *out = new(string) **out = **in } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.FallbackPublicClientEnabled != nil { + in, out := &in.FallbackPublicClientEnabled, &out.FallbackPublicClientEnabled + *out = new(bool) + **out = **in + } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupMembershipClaims != nil { + in, out := &in.GroupMembershipClaims, &out.GroupMembershipClaims + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.IdentifierUris != nil { + in, out := &in.IdentifierUris, &out.IdentifierUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.LogoImage != nil { + in, out := &in.LogoImage, &out.LogoImage + *out = new(string) + **out = **in + } if in.LogoURL != nil { in, out := &in.LogoURL, &out.LogoURL *out = new(string) **out = **in } + if in.MarketingURL != nil { + in, out := &in.MarketingURL, &out.MarketingURL + *out = new(string) + **out = **in + } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } if in.Oauth2PermissionScopeIds != nil { in, out := &in.Oauth2PermissionScopeIds, &out.Oauth2PermissionScopeIds *out = make(map[string]*string, len(*in)) @@ -306,16 +474,108 @@ func (in *ApplicationObservation) DeepCopyInto(out *ApplicationObservation) { (*out)[key] = outVal } } + if in.Oauth2PostResponseRequired != nil { + in, out := &in.Oauth2PostResponseRequired, &out.Oauth2PostResponseRequired + *out = new(bool) + **out = **in + } if in.ObjectID != nil { in, out := &in.ObjectID, &out.ObjectID *out = new(string) **out = **in } + if in.OptionalClaims != nil { + in, out := &in.OptionalClaims, &out.OptionalClaims + *out = make([]OptionalClaimsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.PrivacyStatementURL != nil { + in, out := &in.PrivacyStatementURL, &out.PrivacyStatementURL + *out = new(string) + **out = **in + } + if in.PublicClient != nil { + in, out := &in.PublicClient, &out.PublicClient + *out = make([]PublicClientObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PublisherDomain != nil { in, out := &in.PublisherDomain, &out.PublisherDomain *out = new(string) **out = **in } + if in.RequiredResourceAccess != nil { + in, out := &in.RequiredResourceAccess, &out.RequiredResourceAccess + *out = make([]RequiredResourceAccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SignInAudience != nil { + in, out := &in.SignInAudience, &out.SignInAudience + *out = new(string) + **out = **in + } + if in.SinglePageApplication != nil { + in, out := &in.SinglePageApplication, &out.SinglePageApplication + *out = make([]SinglePageApplicationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SupportURL != nil { + in, out := &in.SupportURL, &out.SupportURL + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } + if in.TermsOfServiceURL != nil { + in, out := &in.TermsOfServiceURL, &out.TermsOfServiceURL + *out = new(string) + **out = **in + } + if in.Web != nil { + in, out := &in.Web, &out.Web + *out = make([]WebObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationObservation. @@ -609,11 +869,46 @@ func (in *CertificateList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.Encoding != nil { + in, out := &in.Encoding, &out.Encoding + *out = new(string) + **out = **in + } + if in.EndDate != nil { + in, out := &in.EndDate, &out.EndDate + *out = new(string) + **out = **in + } + if in.EndDateRelative != nil { + in, out := &in.EndDateRelative, &out.EndDateRelative + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } + if in.StartDate != nil { + in, out := &in.StartDate, &out.StartDate + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateObservation. @@ -724,6 +1019,26 @@ func (in *CertificateStatus) DeepCopy() *CertificateStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureTagsObservation) DeepCopyInto(out *FeatureTagsObservation) { *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsObservation. @@ -833,13 +1148,49 @@ func (in *FederatedIdentityCredentialList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FederatedIdentityCredentialObservation) DeepCopyInto(out *FederatedIdentityCredentialObservation) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.CredentialID != nil { in, out := &in.CredentialID, &out.CredentialID *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Issuer != nil { + in, out := &in.Issuer, &out.Issuer + *out = new(string) + **out = **in + } + if in.Subject != nil { + in, out := &in.Subject, &out.Subject *out = new(string) **out = **in } @@ -953,6 +1304,32 @@ func (in *FederatedIdentityCredentialStatus) DeepCopy() *FederatedIdentityCreden // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IDTokenObservation) DeepCopyInto(out *IDTokenObservation) { *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDTokenObservation. @@ -1009,6 +1386,16 @@ func (in *IDTokenParameters) DeepCopy() *IDTokenParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImplicitGrantObservation) DeepCopyInto(out *ImplicitGrantObservation) { *out = *in + if in.AccessTokenIssuanceEnabled != nil { + in, out := &in.AccessTokenIssuanceEnabled, &out.AccessTokenIssuanceEnabled + *out = new(bool) + **out = **in + } + if in.IDTokenIssuanceEnabled != nil { + in, out := &in.IDTokenIssuanceEnabled, &out.IDTokenIssuanceEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImplicitGrantObservation. @@ -1049,6 +1436,46 @@ func (in *ImplicitGrantParameters) DeepCopy() *ImplicitGrantParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Oauth2PermissionScopeObservation) DeepCopyInto(out *Oauth2PermissionScopeObservation) { *out = *in + if in.AdminConsentDescription != nil { + in, out := &in.AdminConsentDescription, &out.AdminConsentDescription + *out = new(string) + **out = **in + } + if in.AdminConsentDisplayName != nil { + in, out := &in.AdminConsentDisplayName, &out.AdminConsentDisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserConsentDescription != nil { + in, out := &in.UserConsentDescription, &out.UserConsentDescription + *out = new(string) + **out = **in + } + if in.UserConsentDisplayName != nil { + in, out := &in.UserConsentDisplayName, &out.UserConsentDisplayName + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Oauth2PermissionScopeObservation. @@ -1119,6 +1546,27 @@ func (in *Oauth2PermissionScopeParameters) DeepCopy() *Oauth2PermissionScopePara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OptionalClaimsObservation) DeepCopyInto(out *OptionalClaimsObservation) { *out = *in + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken + *out = make([]AccessTokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = make([]IDTokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Saml2Token != nil { + in, out := &in.Saml2Token, &out.Saml2Token + *out = make([]Saml2TokenObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OptionalClaimsObservation. @@ -1229,6 +1677,26 @@ func (in *PasswordList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PasswordObservation) DeepCopyInto(out *PasswordObservation) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EndDate != nil { + in, out := &in.EndDate, &out.EndDate + *out = new(string) + **out = **in + } + if in.EndDateRelative != nil { + in, out := &in.EndDateRelative, &out.EndDateRelative + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1239,6 +1707,26 @@ func (in *PasswordObservation) DeepCopyInto(out *PasswordObservation) { *out = new(string) **out = **in } + if in.RotateWhenChanged != nil { + in, out := &in.RotateWhenChanged, &out.RotateWhenChanged + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.StartDate != nil { + in, out := &in.StartDate, &out.StartDate + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordObservation. @@ -1412,11 +1900,32 @@ func (in *PreAuthorizedList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PreAuthorizedObservation) DeepCopyInto(out *PreAuthorizedObservation) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.AuthorizedAppID != nil { + in, out := &in.AuthorizedAppID, &out.AuthorizedAppID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.PermissionIds != nil { + in, out := &in.PermissionIds, &out.PermissionIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreAuthorizedObservation. @@ -1522,6 +2031,17 @@ func (in *PreAuthorizedStatus) DeepCopy() *PreAuthorizedStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PublicClientObservation) DeepCopyInto(out *PublicClientObservation) { *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicClientObservation. @@ -1563,6 +2083,18 @@ func (in *PublicClientParameters) DeepCopy() *PublicClientParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RequiredResourceAccessObservation) DeepCopyInto(out *RequiredResourceAccessObservation) { *out = *in + if in.ResourceAccess != nil { + in, out := &in.ResourceAccess, &out.ResourceAccess + *out = make([]ResourceAccessObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ResourceAppID != nil { + in, out := &in.ResourceAppID, &out.ResourceAppID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredResourceAccessObservation. @@ -1605,6 +2137,16 @@ func (in *RequiredResourceAccessParameters) DeepCopy() *RequiredResourceAccessPa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResourceAccessObservation) DeepCopyInto(out *ResourceAccessObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAccessObservation. @@ -1645,6 +2187,32 @@ func (in *ResourceAccessParameters) DeepCopy() *ResourceAccessParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Saml2TokenObservation) DeepCopyInto(out *Saml2TokenObservation) { *out = *in + if in.AdditionalProperties != nil { + in, out := &in.AdditionalProperties, &out.AdditionalProperties + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Essential != nil { + in, out := &in.Essential, &out.Essential + *out = new(bool) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Saml2TokenObservation. @@ -1701,6 +2269,17 @@ func (in *Saml2TokenParameters) DeepCopy() *Saml2TokenParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SinglePageApplicationObservation) DeepCopyInto(out *SinglePageApplicationObservation) { *out = *in + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SinglePageApplicationObservation. @@ -1742,6 +2321,34 @@ func (in *SinglePageApplicationParameters) DeepCopy() *SinglePageApplicationPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebObservation) DeepCopyInto(out *WebObservation) { *out = *in + if in.HomepageURL != nil { + in, out := &in.HomepageURL, &out.HomepageURL + *out = new(string) + **out = **in + } + if in.ImplicitGrant != nil { + in, out := &in.ImplicitGrant, &out.ImplicitGrant + *out = make([]ImplicitGrantObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LogoutURL != nil { + in, out := &in.LogoutURL, &out.LogoutURL + *out = new(string) + **out = **in + } + if in.RedirectUris != nil { + in, out := &in.RedirectUris, &out.RedirectUris + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebObservation. diff --git a/apis/applications/v1beta1/zz_generated.managed.go b/apis/applications/v1beta1/zz_generated.managed.go index bcdd7654..ce6c2edf 100644 --- a/apis/applications/v1beta1/zz_generated.managed.go +++ b/apis/applications/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Application) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Application. +func (mg *Application) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Application. func (mg *Application) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Application) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Application. +func (mg *Application) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Application. func (mg *Application) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Certificate) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Certificate. +func (mg *Certificate) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Certificate. func (mg *Certificate) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Certificate) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Certificate. +func (mg *Certificate) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Certificate. func (mg *Certificate) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -149,6 +169,11 @@ func (mg *FederatedIdentityCredential) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this FederatedIdentityCredential. +func (mg *FederatedIdentityCredential) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this FederatedIdentityCredential. func (mg *FederatedIdentityCredential) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -182,6 +207,11 @@ func (mg *FederatedIdentityCredential) SetDeletionPolicy(r xpv1.DeletionPolicy) mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this FederatedIdentityCredential. +func (mg *FederatedIdentityCredential) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this FederatedIdentityCredential. func (mg *FederatedIdentityCredential) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -215,6 +245,11 @@ func (mg *Password) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Password. +func (mg *Password) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Password. func (mg *Password) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -248,6 +283,11 @@ func (mg *Password) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Password. +func (mg *Password) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Password. func (mg *Password) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -281,6 +321,11 @@ func (mg *PreAuthorized) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this PreAuthorized. +func (mg *PreAuthorized) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this PreAuthorized. func (mg *PreAuthorized) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -314,6 +359,11 @@ func (mg *PreAuthorized) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this PreAuthorized. +func (mg *PreAuthorized) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this PreAuthorized. func (mg *PreAuthorized) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/applications/v1beta1/zz_password_types.go b/apis/applications/v1beta1/zz_password_types.go index 3d9458a9..a76a2dcb 100755 --- a/apis/applications/v1beta1/zz_password_types.go +++ b/apis/applications/v1beta1/zz_password_types.go @@ -14,11 +14,36 @@ import ( ) type PasswordObservation struct { + + // The object ID of the application for which this password should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this password should be created + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // A display name for the password. Changing this field forces a new resource to be created. + // A display name for the password + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. + // The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`) + EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + + // A relative duration for which the password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created. + // A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created + EndDateRelative *string `json:"endDateRelative,omitempty" tf:"end_date_relative,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // A UUID used to uniquely identify this password credential. // A UUID used to uniquely identify this password credential KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + + // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. + // Arbitrary map of values that, when changed, will trigger rotation of the password + RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` + + // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. + // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used + StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` } type PasswordParameters struct { diff --git a/apis/applications/v1beta1/zz_preauthorized_types.go b/apis/applications/v1beta1/zz_preauthorized_types.go index 4b6e092f..5fd5a40b 100755 --- a/apis/applications/v1beta1/zz_preauthorized_types.go +++ b/apis/applications/v1beta1/zz_preauthorized_types.go @@ -14,7 +14,19 @@ import ( ) type PreAuthorizedObservation struct { + + // The object ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created. + // The object ID of the application to which this pre-authorized application should be added + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // The application ID of the pre-authorized application + AuthorizedAppID *string `json:"authorizedAppId,omitempty" tf:"authorized_app_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A set of permission scope IDs required by the authorized application. + // The IDs of the permission scopes required by the pre-authorized application + PermissionIds []*string `json:"permissionIds,omitempty" tf:"permission_ids,omitempty"` } type PreAuthorizedParameters struct { @@ -49,8 +61,8 @@ type PreAuthorizedParameters struct { // A set of permission scope IDs required by the authorized application. // The IDs of the permission scopes required by the pre-authorized application - // +kubebuilder:validation:Required - PermissionIds []*string `json:"permissionIds" tf:"permission_ids,omitempty"` + // +kubebuilder:validation:Optional + PermissionIds []*string `json:"permissionIds,omitempty" tf:"permission_ids,omitempty"` } // PreAuthorizedSpec defines the desired state of PreAuthorized @@ -77,8 +89,9 @@ type PreAuthorizedStatus struct { type PreAuthorized struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec PreAuthorizedSpec `json:"spec"` - Status PreAuthorizedStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.permissionIds)",message="permissionIds is a required parameter" + Spec PreAuthorizedSpec `json:"spec"` + Status PreAuthorizedStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go b/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go index 69726060..5c566a03 100755 --- a/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go +++ b/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go @@ -15,34 +15,58 @@ import ( type AccessPolicyObservation struct { + // A conditions block as documented below, which specifies the rules that must be met for the policy to apply. + Conditions []ConditionsObservation `json:"conditions,omitempty" tf:"conditions,omitempty"` + + // The friendly name for this Conditional Access Policy. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy. + GrantControls []GrantControlsObservation `json:"grantControls,omitempty" tf:"grant_controls,omitempty"` + // The ID of the Conditional Access Policy. ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A session_controls block as documented below, which specifies the session controls that are enforced after sign-in. + SessionControls []SessionControlsObservation `json:"sessionControls,omitempty" tf:"session_controls,omitempty"` + + // Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced + State *string `json:"state,omitempty" tf:"state,omitempty"` } type AccessPolicyParameters struct { // A conditions block as documented below, which specifies the rules that must be met for the policy to apply. - // +kubebuilder:validation:Required - Conditions []ConditionsParameters `json:"conditions" tf:"conditions,omitempty"` + // +kubebuilder:validation:Optional + Conditions []ConditionsParameters `json:"conditions,omitempty" tf:"conditions,omitempty"` // The friendly name for this Conditional Access Policy. - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy. - // +kubebuilder:validation:Required - GrantControls []GrantControlsParameters `json:"grantControls" tf:"grant_controls,omitempty"` + // +kubebuilder:validation:Optional + GrantControls []GrantControlsParameters `json:"grantControls,omitempty" tf:"grant_controls,omitempty"` // A session_controls block as documented below, which specifies the session controls that are enforced after sign-in. // +kubebuilder:validation:Optional SessionControls []SessionControlsParameters `json:"sessionControls,omitempty" tf:"session_controls,omitempty"` // Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced - // +kubebuilder:validation:Required - State *string `json:"state" tf:"state,omitempty"` + // +kubebuilder:validation:Optional + State *string `json:"state,omitempty" tf:"state,omitempty"` } type ApplicationsObservation struct { + + // A list of application IDs explicitly excluded from the policy. Can also be set to Office365. + ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"` + + // A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified. + IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"` + + // A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified. + IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"` } type ApplicationsParameters struct { @@ -61,6 +85,30 @@ type ApplicationsParameters struct { } type ConditionsObservation struct { + + // An applications block as documented below, which specifies applications and user actions included in and excluded from the policy. + Applications []ApplicationsObservation `json:"applications,omitempty" tf:"applications,omitempty"` + + // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. + ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. + Devices []DevicesObservation `json:"devices,omitempty" tf:"devices,omitempty"` + + // A locations block as documented below, which specifies locations included in and excluded from the policy. + Locations []LocationsObservation `json:"locations,omitempty" tf:"locations,omitempty"` + + // A platforms block as documented below, which specifies platforms included in and excluded from the policy. + Platforms []PlatformsObservation `json:"platforms,omitempty" tf:"platforms,omitempty"` + + // A list of sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` + + // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"` + + // A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy. + Users []UsersObservation `json:"users,omitempty" tf:"users,omitempty"` } type ConditionsParameters struct { @@ -99,6 +147,9 @@ type ConditionsParameters struct { } type DevicesObservation struct { + + // A filter block as described below. A filter block can be added to an existing policy, but removing the filter block forces a new resource to be created. + Filter []FilterObservation `json:"filter,omitempty" tf:"filter,omitempty"` } type DevicesParameters struct { @@ -109,6 +160,12 @@ type DevicesParameters struct { } type FilterObservation struct { + + // Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // Condition filter to match devices. For more information, see official documentation. + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` } type FilterParameters struct { @@ -123,6 +180,18 @@ type FilterParameters struct { } type GrantControlsObservation struct { + + // List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue. + BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"` + + // List of custom controls IDs required by the policy. + CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"` + + // Defines the relationship of the grant controls. Possible values are: AND, OR. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // List of terms of use IDs required by the policy. + TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"` } type GrantControlsParameters struct { @@ -145,6 +214,12 @@ type GrantControlsParameters struct { } type LocationsObservation struct { + + // A list of location IDs excluded from scope of policy. Can also be set to AllTrusted. + ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"` + + // A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted. + IncludedLocations []*string `json:"includedLocations,omitempty" tf:"included_locations,omitempty"` } type LocationsParameters struct { @@ -159,6 +234,12 @@ type LocationsParameters struct { } type PlatformsObservation struct { + + // A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"` + + // A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue. + IncludedPlatforms []*string `json:"includedPlatforms,omitempty" tf:"included_platforms,omitempty"` } type PlatformsParameters struct { @@ -173,6 +254,21 @@ type PlatformsParameters struct { } type SessionControlsObservation struct { + + // Whether or not application enforced restrictions are enabled. Defaults to false. + ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"` + + // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. + CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + + // Session control to define whether to persist cookies or not. Possible values are: always or never. + PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` + + // Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified. Due to an API issue, removing this property forces a new resource to be created. + SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"` + + // The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified. Due to an API issue, removing this property forces a new resource to be created. + SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"` } type SessionControlsParameters struct { @@ -199,6 +295,24 @@ type SessionControlsParameters struct { } type UsersObservation struct { + + // A list of group IDs excluded from scope of policy. + ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"` + + // A list of role IDs excluded from scope of policy. + ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"` + + // A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers. + ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"` + + // A list of group IDs in scope of policy unless explicitly excluded. + IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"` + + // A list of role IDs in scope of policy unless explicitly excluded. + IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"` + + // A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers. + IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"` } type UsersParameters struct { @@ -252,8 +366,12 @@ type AccessPolicyStatus struct { type AccessPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec AccessPolicySpec `json:"spec"` - Status AccessPolicyStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.conditions)",message="conditions is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.grantControls)",message="grantControls is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.state)",message="state is a required parameter" + Spec AccessPolicySpec `json:"spec"` + Status AccessPolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go b/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go index 3f931cbf..8d82415b 100644 --- a/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go +++ b/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go @@ -75,11 +75,42 @@ func (in *AccessPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessPolicyObservation) DeepCopyInto(out *AccessPolicyObservation) { *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]ConditionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.GrantControls != nil { + in, out := &in.GrantControls, &out.GrantControls + *out = make([]GrantControlsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.SessionControls != nil { + in, out := &in.SessionControls, &out.SessionControls + *out = make([]SessionControlsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyObservation. @@ -175,6 +206,39 @@ func (in *AccessPolicyStatus) DeepCopy() *AccessPolicyStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationsObservation) DeepCopyInto(out *ApplicationsObservation) { *out = *in + if in.ExcludedApplications != nil { + in, out := &in.ExcludedApplications, &out.ExcludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedApplications != nil { + in, out := &in.IncludedApplications, &out.IncludedApplications + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUserActions != nil { + in, out := &in.IncludedUserActions, &out.IncludedUserActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationsObservation. @@ -238,6 +302,74 @@ func (in *ApplicationsParameters) DeepCopy() *ApplicationsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionsObservation) DeepCopyInto(out *ConditionsObservation) { *out = *in + if in.Applications != nil { + in, out := &in.Applications, &out.Applications + *out = make([]ApplicationsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ClientAppTypes != nil { + in, out := &in.ClientAppTypes, &out.ClientAppTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Devices != nil { + in, out := &in.Devices, &out.Devices + *out = make([]DevicesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Locations != nil { + in, out := &in.Locations, &out.Locations + *out = make([]LocationsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Platforms != nil { + in, out := &in.Platforms, &out.Platforms + *out = make([]PlatformsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SignInRiskLevels != nil { + in, out := &in.SignInRiskLevels, &out.SignInRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserRiskLevels != nil { + in, out := &in.UserRiskLevels, &out.UserRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = make([]UsersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsObservation. @@ -336,6 +468,22 @@ func (in *ConditionsParameters) DeepCopy() *ConditionsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CountryObservation) DeepCopyInto(out *CountryObservation) { *out = *in + if in.CountriesAndRegions != nil { + in, out := &in.CountriesAndRegions, &out.CountriesAndRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeUnknownCountriesAndRegions != nil { + in, out := &in.IncludeUnknownCountriesAndRegions, &out.IncludeUnknownCountriesAndRegions + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountryObservation. @@ -382,6 +530,13 @@ func (in *CountryParameters) DeepCopy() *CountryParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DevicesObservation) DeepCopyInto(out *DevicesObservation) { *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = make([]FilterObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DevicesObservation. @@ -419,6 +574,16 @@ func (in *DevicesParameters) DeepCopy() *DevicesParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FilterObservation) DeepCopyInto(out *FilterObservation) { *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterObservation. @@ -459,6 +624,44 @@ func (in *FilterParameters) DeepCopy() *FilterParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GrantControlsObservation) DeepCopyInto(out *GrantControlsObservation) { *out = *in + if in.BuiltInControls != nil { + in, out := &in.BuiltInControls, &out.BuiltInControls + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.CustomAuthenticationFactors != nil { + in, out := &in.CustomAuthenticationFactors, &out.CustomAuthenticationFactors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.TermsOfUse != nil { + in, out := &in.TermsOfUse, &out.TermsOfUse + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantControlsObservation. @@ -527,6 +730,22 @@ func (in *GrantControlsParameters) DeepCopy() *GrantControlsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPObservation) DeepCopyInto(out *IPObservation) { *out = *in + if in.IPRanges != nil { + in, out := &in.IPRanges, &out.IPRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Trusted != nil { + in, out := &in.Trusted, &out.Trusted + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPObservation. @@ -632,11 +851,30 @@ func (in *LocationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LocationObservation) DeepCopyInto(out *LocationObservation) { *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = make([]CountryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.IP != nil { + in, out := &in.IP, &out.IP + *out = make([]IPObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationObservation. @@ -720,6 +958,28 @@ func (in *LocationStatus) DeepCopy() *LocationStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LocationsObservation) DeepCopyInto(out *LocationsObservation) { *out = *in + if in.ExcludedLocations != nil { + in, out := &in.ExcludedLocations, &out.ExcludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedLocations != nil { + in, out := &in.IncludedLocations, &out.IncludedLocations + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocationsObservation. @@ -772,6 +1032,28 @@ func (in *LocationsParameters) DeepCopy() *LocationsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlatformsObservation) DeepCopyInto(out *PlatformsObservation) { *out = *in + if in.ExcludedPlatforms != nil { + in, out := &in.ExcludedPlatforms, &out.ExcludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedPlatforms != nil { + in, out := &in.IncludedPlatforms, &out.IncludedPlatforms + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformsObservation. @@ -824,6 +1106,31 @@ func (in *PlatformsParameters) DeepCopy() *PlatformsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SessionControlsObservation) DeepCopyInto(out *SessionControlsObservation) { *out = *in + if in.ApplicationEnforcedRestrictionsEnabled != nil { + in, out := &in.ApplicationEnforcedRestrictionsEnabled, &out.ApplicationEnforcedRestrictionsEnabled + *out = new(bool) + **out = **in + } + if in.CloudAppSecurityPolicy != nil { + in, out := &in.CloudAppSecurityPolicy, &out.CloudAppSecurityPolicy + *out = new(string) + **out = **in + } + if in.PersistentBrowserMode != nil { + in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode + *out = new(string) + **out = **in + } + if in.SignInFrequency != nil { + in, out := &in.SignInFrequency, &out.SignInFrequency + *out = new(float64) + **out = **in + } + if in.SignInFrequencyPeriod != nil { + in, out := &in.SignInFrequencyPeriod, &out.SignInFrequencyPeriod + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionControlsObservation. @@ -879,6 +1186,72 @@ func (in *SessionControlsParameters) DeepCopy() *SessionControlsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UsersObservation) DeepCopyInto(out *UsersObservation) { *out = *in + if in.ExcludedGroups != nil { + in, out := &in.ExcludedGroups, &out.ExcludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedRoles != nil { + in, out := &in.ExcludedRoles, &out.ExcludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ExcludedUsers != nil { + in, out := &in.ExcludedUsers, &out.ExcludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedGroups != nil { + in, out := &in.IncludedGroups, &out.IncludedGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedRoles != nil { + in, out := &in.IncludedRoles, &out.IncludedRoles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedUsers != nil { + in, out := &in.IncludedUsers, &out.IncludedUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsersObservation. diff --git a/apis/conditionalaccess/v1beta1/zz_generated.managed.go b/apis/conditionalaccess/v1beta1/zz_generated.managed.go index b71e7756..ecb31e3c 100644 --- a/apis/conditionalaccess/v1beta1/zz_generated.managed.go +++ b/apis/conditionalaccess/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *AccessPolicy) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this AccessPolicy. +func (mg *AccessPolicy) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this AccessPolicy. func (mg *AccessPolicy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *AccessPolicy) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this AccessPolicy. +func (mg *AccessPolicy) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this AccessPolicy. func (mg *AccessPolicy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Location) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Location. +func (mg *Location) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Location. func (mg *Location) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Location) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Location. +func (mg *Location) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Location. func (mg *Location) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/conditionalaccess/v1beta1/zz_location_types.go b/apis/conditionalaccess/v1beta1/zz_location_types.go index 754967cb..555aa20e 100755 --- a/apis/conditionalaccess/v1beta1/zz_location_types.go +++ b/apis/conditionalaccess/v1beta1/zz_location_types.go @@ -14,6 +14,12 @@ import ( ) type CountryObservation struct { + + // List of countries and/or regions in two-letter format specified by ISO 3166-2. + CountriesAndRegions []*string `json:"countriesAndRegions,omitempty" tf:"countries_and_regions,omitempty"` + + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to false. + IncludeUnknownCountriesAndRegions *bool `json:"includeUnknownCountriesAndRegions,omitempty" tf:"include_unknown_countries_and_regions,omitempty"` } type CountryParameters struct { @@ -28,6 +34,12 @@ type CountryParameters struct { } type IPObservation struct { + + // List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. + IPRanges []*string `json:"ipRanges,omitempty" tf:"ip_ranges,omitempty"` + + // Whether the named location is trusted. Defaults to false. + Trusted *bool `json:"trusted,omitempty" tf:"trusted,omitempty"` } type IPParameters struct { @@ -43,8 +55,17 @@ type IPParameters struct { type LocationObservation struct { + // A country block as documented below, which configures a country-based named location. + Country []CountryObservation `json:"country,omitempty" tf:"country,omitempty"` + + // The friendly name for this named location. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The ID of the named location. ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // An ip block as documented below, which configures an IP-based named location. + IP []IPObservation `json:"ip,omitempty" tf:"ip,omitempty"` } type LocationParameters struct { @@ -54,8 +75,8 @@ type LocationParameters struct { Country []CountryParameters `json:"country,omitempty" tf:"country,omitempty"` // The friendly name for this named location. - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // An ip block as documented below, which configures an IP-based named location. // +kubebuilder:validation:Optional @@ -86,8 +107,9 @@ type LocationStatus struct { type Location struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec LocationSpec `json:"spec"` - Status LocationStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + Spec LocationSpec `json:"spec"` + Status LocationStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go b/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go index c9eaf945..360f898b 100755 --- a/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go +++ b/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go @@ -14,11 +14,36 @@ import ( ) type CustomDirectoryRoleObservation struct { + + // The description of the custom directory role. + // The description of the custom directory role + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name of the custom directory role. + // The display name of the custom directory role + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Indicates whether the role is enabled for assignment. + // Indicates whether the role is enabled for assignment + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // The object ID of the custom directory role. // The object ID of the directory role ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + + // A collection of permissions blocks as documented below. + // List of permissions that are included in the custom directory role + Permissions []PermissionsObservation `json:"permissions,omitempty" tf:"permissions,omitempty"` + + // Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created. + // Custom template identifier that is typically used if one needs an identifier to be the same across different directories. + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` + + // - The version of the role definition. This can be any arbitrary string between 1-128 characters. + // The version of the role definition. + Version *string `json:"version,omitempty" tf:"version,omitempty"` } type CustomDirectoryRoleParameters struct { @@ -30,18 +55,18 @@ type CustomDirectoryRoleParameters struct { // The display name of the custom directory role. // The display name of the custom directory role - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // Indicates whether the role is enabled for assignment. // Indicates whether the role is enabled for assignment - // +kubebuilder:validation:Required - Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` // A collection of permissions blocks as documented below. // List of permissions that are included in the custom directory role - // +kubebuilder:validation:Required - Permissions []PermissionsParameters `json:"permissions" tf:"permissions,omitempty"` + // +kubebuilder:validation:Optional + Permissions []PermissionsParameters `json:"permissions,omitempty" tf:"permissions,omitempty"` // Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created. // Custom template identifier that is typically used if one needs an identifier to be the same across different directories. @@ -50,11 +75,15 @@ type CustomDirectoryRoleParameters struct { // - The version of the role definition. This can be any arbitrary string between 1-128 characters. // The version of the role definition. - // +kubebuilder:validation:Required - Version *string `json:"version" tf:"version,omitempty"` + // +kubebuilder:validation:Optional + Version *string `json:"version,omitempty" tf:"version,omitempty"` } type PermissionsObservation struct { + + // A set of tasks that can be performed on a resource. For more information, see the Permissions Reference documentation. + // Set of tasks that can be performed on a resource + AllowedResourceActions []*string `json:"allowedResourceActions,omitempty" tf:"allowed_resource_actions,omitempty"` } type PermissionsParameters struct { @@ -89,8 +118,12 @@ type CustomDirectoryRoleStatus struct { type CustomDirectoryRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec CustomDirectoryRoleSpec `json:"spec"` - Status CustomDirectoryRoleStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.enabled)",message="enabled is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.permissions)",message="permissions is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.version)",message="version is a required parameter" + Spec CustomDirectoryRoleSpec `json:"spec"` + Status CustomDirectoryRoleStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/directoryroles/v1beta1/zz_generated.deepcopy.go b/apis/directoryroles/v1beta1/zz_generated.deepcopy.go index 96f5f908..2cbd21b6 100644 --- a/apis/directoryroles/v1beta1/zz_generated.deepcopy.go +++ b/apis/directoryroles/v1beta1/zz_generated.deepcopy.go @@ -76,6 +76,21 @@ func (in *CustomDirectoryRoleList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomDirectoryRoleObservation) DeepCopyInto(out *CustomDirectoryRoleObservation) { *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -86,6 +101,23 @@ func (in *CustomDirectoryRoleObservation) DeepCopyInto(out *CustomDirectoryRoleO *out = new(string) **out = **in } + if in.Permissions != nil { + in, out := &in.Permissions, &out.Permissions + *out = make([]PermissionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomDirectoryRoleObservation. @@ -182,6 +214,17 @@ func (in *CustomDirectoryRoleStatus) DeepCopy() *CustomDirectoryRoleStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PermissionsObservation) DeepCopyInto(out *PermissionsObservation) { *out = *in + if in.AllowedResourceActions != nil { + in, out := &in.AllowedResourceActions, &out.AllowedResourceActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsObservation. @@ -309,11 +352,41 @@ func (in *RoleAssignmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RoleAssignmentObservation) DeepCopyInto(out *RoleAssignmentObservation) { *out = *in + if in.AppScopeID != nil { + in, out := &in.AppScopeID, &out.AppScopeID + *out = new(string) + **out = **in + } + if in.AppScopeObjectID != nil { + in, out := &in.AppScopeObjectID, &out.AppScopeObjectID + *out = new(string) + **out = **in + } + if in.DirectoryScopeID != nil { + in, out := &in.DirectoryScopeID, &out.DirectoryScopeID + *out = new(string) + **out = **in + } + if in.DirectoryScopeObjectID != nil { + in, out := &in.DirectoryScopeObjectID, &out.DirectoryScopeObjectID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.PrincipalObjectID != nil { + in, out := &in.PrincipalObjectID, &out.PrincipalObjectID + *out = new(string) + **out = **in + } + if in.RoleID != nil { + in, out := &in.RoleID, &out.RoleID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleAssignmentObservation. @@ -465,6 +538,11 @@ func (in *RoleObservation) DeepCopyInto(out *RoleObservation) { *out = new(string) **out = **in } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) diff --git a/apis/directoryroles/v1beta1/zz_generated.managed.go b/apis/directoryroles/v1beta1/zz_generated.managed.go index ab12dfc5..5dd980cb 100644 --- a/apis/directoryroles/v1beta1/zz_generated.managed.go +++ b/apis/directoryroles/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *CustomDirectoryRole) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this CustomDirectoryRole. +func (mg *CustomDirectoryRole) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this CustomDirectoryRole. func (mg *CustomDirectoryRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *CustomDirectoryRole) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this CustomDirectoryRole. +func (mg *CustomDirectoryRole) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this CustomDirectoryRole. func (mg *CustomDirectoryRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Role) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Role. +func (mg *Role) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Role. func (mg *Role) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Role) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Role. +func (mg *Role) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Role. func (mg *Role) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -149,6 +169,11 @@ func (mg *RoleAssignment) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this RoleAssignment. +func (mg *RoleAssignment) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this RoleAssignment. func (mg *RoleAssignment) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -182,6 +207,11 @@ func (mg *RoleAssignment) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this RoleAssignment. +func (mg *RoleAssignment) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this RoleAssignment. func (mg *RoleAssignment) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/directoryroles/v1beta1/zz_role_types.go b/apis/directoryroles/v1beta1/zz_role_types.go index b31a9782..d942cbfa 100755 --- a/apis/directoryroles/v1beta1/zz_role_types.go +++ b/apis/directoryroles/v1beta1/zz_role_types.go @@ -19,6 +19,10 @@ type RoleObservation struct { // The description of the directory role Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The display name of the directory role to activate. Changing this forces a new resource to be created. + // The display name of the directory role + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // The object ID of the directory role. diff --git a/apis/directoryroles/v1beta1/zz_roleassignment_types.go b/apis/directoryroles/v1beta1/zz_roleassignment_types.go index 35bf17b0..bed4baad 100755 --- a/apis/directoryroles/v1beta1/zz_roleassignment_types.go +++ b/apis/directoryroles/v1beta1/zz_roleassignment_types.go @@ -14,7 +14,30 @@ import ( ) type RoleAssignmentObservation struct { + + // Identifier of the app-specific scope when the assignment scope is app-specific. Cannot be used with directory_scope_id. See official documentation for example usage. Changing this forces a new resource to be created. + // Identifier of the app-specific scope when the assignment scope is app-specific + AppScopeID *string `json:"appScopeId,omitempty" tf:"app_scope_id,omitempty"` + + // Identifier of the app-specific scope when the assignment scope is app-specific + AppScopeObjectID *string `json:"appScopeObjectId,omitempty" tf:"app_scope_object_id,omitempty"` + + // Identifier of the directory object representing the scope of the assignment. Cannot be used with app_scope_id. See official documentation for example usage. Changing this forces a new resource to be created. + // Identifier of the directory object representing the scope of the assignment + DirectoryScopeID *string `json:"directoryScopeId,omitempty" tf:"directory_scope_id,omitempty"` + + // Identifier of the directory object representing the scope of the assignment + DirectoryScopeObjectID *string `json:"directoryScopeObjectId,omitempty" tf:"directory_scope_object_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the member principal + PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` + + // The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. + // The object ID of the directory role for this assignment + RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` } type RoleAssignmentParameters struct { diff --git a/apis/groups/v1beta1/zz_generated.deepcopy.go b/apis/groups/v1beta1/zz_generated.deepcopy.go index 462cb07b..1ac1917c 100644 --- a/apis/groups/v1beta1/zz_generated.deepcopy.go +++ b/apis/groups/v1beta1/zz_generated.deepcopy.go @@ -17,6 +17,16 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DynamicMembershipObservation) DeepCopyInto(out *DynamicMembershipObservation) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.Rule != nil { + in, out := &in.Rule, &out.Rule + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicMembershipObservation. @@ -116,6 +126,70 @@ func (in *GroupList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = *in + if in.AdministrativeUnitIds != nil { + in, out := &in.AdministrativeUnitIds, &out.AdministrativeUnitIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AssignableToRole != nil { + in, out := &in.AssignableToRole, &out.AssignableToRole + *out = new(bool) + **out = **in + } + if in.AutoSubscribeNewMembers != nil { + in, out := &in.AutoSubscribeNewMembers, &out.AutoSubscribeNewMembers + *out = new(bool) + **out = **in + } + if in.Behaviors != nil { + in, out := &in.Behaviors, &out.Behaviors + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.DynamicMembership != nil { + in, out := &in.DynamicMembership, &out.DynamicMembership + *out = make([]DynamicMembershipObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalSendersAllowed != nil { + in, out := &in.ExternalSendersAllowed, &out.ExternalSendersAllowed + *out = new(bool) + **out = **in + } + if in.HideFromAddressLists != nil { + in, out := &in.HideFromAddressLists, &out.HideFromAddressLists + *out = new(bool) + **out = **in + } + if in.HideFromOutlookClients != nil { + in, out := &in.HideFromOutlookClients, &out.HideFromOutlookClients + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -126,6 +200,27 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = new(string) **out = **in } + if in.MailEnabled != nil { + in, out := &in.MailEnabled, &out.MailEnabled + *out = new(bool) + **out = **in + } + if in.MailNickname != nil { + in, out := &in.MailNickname, &out.MailNickname + *out = new(string) + **out = **in + } + if in.Members != nil { + in, out := &in.Members, &out.Members + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ObjectID != nil { in, out := &in.ObjectID, &out.ObjectID *out = new(string) @@ -156,11 +251,38 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = new(bool) **out = **in } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.PreferredLanguage != nil { in, out := &in.PreferredLanguage, &out.PreferredLanguage *out = new(string) **out = **in } + if in.PreventDuplicateNames != nil { + in, out := &in.PreventDuplicateNames, &out.PreventDuplicateNames + *out = new(bool) + **out = **in + } + if in.ProvisioningOptions != nil { + in, out := &in.ProvisioningOptions, &out.ProvisioningOptions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ProxyAddresses != nil { in, out := &in.ProxyAddresses, &out.ProxyAddresses *out = make([]*string, len(*in)) @@ -172,6 +294,32 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { } } } + if in.SecurityEnabled != nil { + in, out := &in.SecurityEnabled, &out.SecurityEnabled + *out = new(bool) + **out = **in + } + if in.Theme != nil { + in, out := &in.Theme, &out.Theme + *out = new(string) + **out = **in + } + if in.Types != nil { + in, out := &in.Types, &out.Types + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Visibility != nil { + in, out := &in.Visibility, &out.Visibility + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupObservation. @@ -433,11 +581,21 @@ func (in *MemberList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MemberObservation) DeepCopyInto(out *MemberObservation) { *out = *in + if in.GroupObjectID != nil { + in, out := &in.GroupObjectID, &out.GroupObjectID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.MemberObjectID != nil { + in, out := &in.MemberObjectID, &out.MemberObjectID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberObservation. diff --git a/apis/groups/v1beta1/zz_generated.managed.go b/apis/groups/v1beta1/zz_generated.managed.go index 5523b612..3821e3dc 100644 --- a/apis/groups/v1beta1/zz_generated.managed.go +++ b/apis/groups/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Group) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Group. +func (mg *Group) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Group. func (mg *Group) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Group) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Group. +func (mg *Group) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Group. func (mg *Group) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Member) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Member. +func (mg *Member) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Member. func (mg *Member) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Member) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Member. +func (mg *Member) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Member. func (mg *Member) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/groups/v1beta1/zz_group_types.go b/apis/groups/v1beta1/zz_group_types.go index 974370d4..7bb6072c 100755 --- a/apis/groups/v1beta1/zz_group_types.go +++ b/apis/groups/v1beta1/zz_group_types.go @@ -14,6 +14,13 @@ import ( ) type DynamicMembershipObservation struct { + + // Whether rule processing is "On" (true) or "Paused" (false). + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // The rule that determines membership of this group. For more information, see official documentation on membership rules syntax. + // Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership' + Rule *string `json:"rule,omitempty" tf:"rule,omitempty"` } type DynamicMembershipParameters struct { @@ -29,12 +36,65 @@ type DynamicMembershipParameters struct { } type GroupObservation struct { + + // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. + // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` + + // Indicates whether this group can be assigned to an Azure Active Directory role. Can only be true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. + AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` + + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. + // Indicates whether new members added to the group will be auto-subscribed to receive email notifications. + AutoSubscribeNewMembers *bool `json:"autoSubscribeNewMembers,omitempty" tf:"auto_subscribe_new_members,omitempty"` + + // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. + // The group behaviours for a Microsoft 365 group + Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` + + // The description for the group. + // The description for the group + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The display name for the group. + // The display name for the group + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. + // An optional block to configure dynamic membership for the group. Cannot be used with `members` + DynamicMembership []DynamicMembershipObservation `json:"dynamicMembership,omitempty" tf:"dynamic_membership,omitempty"` + + // Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. + // Indicates whether people external to the organization can send messages to the group. + ExternalSendersAllowed *bool `json:"externalSendersAllowed,omitempty" tf:"external_senders_allowed,omitempty"` + + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. + // Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. + HideFromAddressLists *bool `json:"hideFromAddressLists,omitempty" tf:"hide_from_address_lists,omitempty"` + + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. + // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. + HideFromOutlookClients *bool `json:"hideFromOutlookClients,omitempty" tf:"hide_from_outlook_clients,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // The SMTP address for the group. // The SMTP address for the group Mail *string `json:"mail,omitempty" tf:"mail,omitempty"` + // Whether the group is a mail enabled, with a shared group mailbox. At least one of mail_enabled or security_enabled must be specified. Only Microsoft 365 groups can be mail enabled (see the types property). + // Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled + MailEnabled *bool `json:"mailEnabled,omitempty" tf:"mail_enabled,omitempty"` + + // The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created. + // The mail alias for the group, unique in the organisation + MailNickname *string `json:"mailNickname,omitempty" tf:"mail_nickname,omitempty"` + + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. + // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + Members []*string `json:"members,omitempty" tf:"members,omitempty"` + // The object ID of the group. // The object ID of the group ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` @@ -59,13 +119,41 @@ type GroupObservation struct { // Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null) OnpremisesSyncEnabled *bool `json:"onpremisesSyncEnabled,omitempty" tf:"onpremises_sync_enabled,omitempty"` + // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. + // A set of owners who own this group. Supported object types are Users or Service Principals + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + // The preferred language for a Microsoft 365 group, in ISO 639-1 notation. // The preferred language for a Microsoft 365 group, in ISO 639-1 notation PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + // If true, will return an error if an existing group is found with the same name. Defaults to false. + // If `true`, will return an error if an existing group is found with the same name + PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"` + + // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. + // The group provisioning options for a Microsoft 365 group + ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` + // List of email addresses for the group that direct to the same group mailbox. // Email addresses for the group that direct to the same group mailbox ProxyAddresses []*string `json:"proxyAddresses,omitempty" tf:"proxy_addresses,omitempty"` + + // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). + // Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled + SecurityEnabled *bool `json:"securityEnabled,omitempty" tf:"security_enabled,omitempty"` + + // The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set. + // The colour theme for a Microsoft 365 group + Theme *string `json:"theme,omitempty" tf:"theme,omitempty"` + + // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. + // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + Types []*string `json:"types,omitempty" tf:"types,omitempty"` + + // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. + // Specifies the group join policy and group content visibility + Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` } type GroupParameters struct { @@ -97,8 +185,8 @@ type GroupParameters struct { // The display name for the group. // The display name for the group - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // A dynamic_membership block as documented below. Required when types contains DynamicMembership. Cannot be used with the members property. // An optional block to configure dynamic membership for the group. Cannot be used with `members` @@ -195,8 +283,9 @@ type GroupStatus struct { type Group struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec GroupSpec `json:"spec"` - Status GroupStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + Spec GroupSpec `json:"spec"` + Status GroupStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/groups/v1beta1/zz_member_types.go b/apis/groups/v1beta1/zz_member_types.go index 28eae4f3..65927d54 100755 --- a/apis/groups/v1beta1/zz_member_types.go +++ b/apis/groups/v1beta1/zz_member_types.go @@ -14,7 +14,16 @@ import ( ) type MemberObservation struct { + + // The object ID of the group you want to add the member to. Changing this forces a new resource to be created. + // The object ID of the group you want to add the member to + GroupObjectID *string `json:"groupObjectId,omitempty" tf:"group_object_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals + MemberObjectID *string `json:"memberObjectId,omitempty" tf:"member_object_id,omitempty"` } type MemberParameters struct { diff --git a/apis/invitations/v1beta1/zz_generated.deepcopy.go b/apis/invitations/v1beta1/zz_generated.deepcopy.go index 4cd119a6..cd4427a8 100644 --- a/apis/invitations/v1beta1/zz_generated.deepcopy.go +++ b/apis/invitations/v1beta1/zz_generated.deepcopy.go @@ -80,16 +80,43 @@ func (in *InvitationObservation) DeepCopyInto(out *InvitationObservation) { *out = new(string) **out = **in } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = make([]MessageObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RedeemURL != nil { in, out := &in.RedeemURL, &out.RedeemURL *out = new(string) **out = **in } + if in.RedirectURL != nil { + in, out := &in.RedirectURL, &out.RedirectURL + *out = new(string) + **out = **in + } + if in.UserDisplayName != nil { + in, out := &in.UserDisplayName, &out.UserDisplayName + *out = new(string) + **out = **in + } + if in.UserEmailAddress != nil { + in, out := &in.UserEmailAddress, &out.UserEmailAddress + *out = new(string) + **out = **in + } if in.UserID != nil { in, out := &in.UserID, &out.UserID *out = new(string) **out = **in } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InvitationObservation. @@ -181,6 +208,27 @@ func (in *InvitationStatus) DeepCopy() *InvitationStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MessageObservation) DeepCopyInto(out *MessageObservation) { *out = *in + if in.AdditionalRecipients != nil { + in, out := &in.AdditionalRecipients, &out.AdditionalRecipients + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Body != nil { + in, out := &in.Body, &out.Body + *out = new(string) + **out = **in + } + if in.Language != nil { + in, out := &in.Language, &out.Language + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MessageObservation. diff --git a/apis/invitations/v1beta1/zz_generated.managed.go b/apis/invitations/v1beta1/zz_generated.managed.go index f853b855..1915a290 100644 --- a/apis/invitations/v1beta1/zz_generated.managed.go +++ b/apis/invitations/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Invitation) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Invitation. +func (mg *Invitation) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Invitation. func (mg *Invitation) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Invitation) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Invitation. +func (mg *Invitation) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Invitation. func (mg *Invitation) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/invitations/v1beta1/zz_invitation_types.go b/apis/invitations/v1beta1/zz_invitation_types.go index 632ec548..29a67cc0 100755 --- a/apis/invitations/v1beta1/zz_invitation_types.go +++ b/apis/invitations/v1beta1/zz_invitation_types.go @@ -16,13 +16,33 @@ import ( type InvitationObservation struct { ID *string `json:"id,omitempty" tf:"id,omitempty"` + // A message block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent. + // Customize the message sent to the invited user + Message []MessageObservation `json:"message,omitempty" tf:"message,omitempty"` + // The URL the user can use to redeem their invitation. // The URL the user can use to redeem their invitation RedeemURL *string `json:"redeemUrl,omitempty" tf:"redeem_url,omitempty"` + // The URL that the user should be redirected to once the invitation is redeemed. + // The URL that the user should be redirected to once the invitation is redeemed + RedirectURL *string `json:"redirectUrl,omitempty" tf:"redirect_url,omitempty"` + + // The display name of the user being invited. + // The display name of the user being invited + UserDisplayName *string `json:"userDisplayName,omitempty" tf:"user_display_name,omitempty"` + + // The email address of the user being invited. + // The email address of the user being invited + UserEmailAddress *string `json:"userEmailAddress,omitempty" tf:"user_email_address,omitempty"` + // Object ID of the invited user. // Object ID of the invited user UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. + // The user type of the user being invited + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` } type InvitationParameters struct { @@ -34,8 +54,8 @@ type InvitationParameters struct { // The URL that the user should be redirected to once the invitation is redeemed. // The URL that the user should be redirected to once the invitation is redeemed - // +kubebuilder:validation:Required - RedirectURL *string `json:"redirectUrl" tf:"redirect_url,omitempty"` + // +kubebuilder:validation:Optional + RedirectURL *string `json:"redirectUrl,omitempty" tf:"redirect_url,omitempty"` // The display name of the user being invited. // The display name of the user being invited @@ -44,8 +64,8 @@ type InvitationParameters struct { // The email address of the user being invited. // The email address of the user being invited - // +kubebuilder:validation:Required - UserEmailAddress *string `json:"userEmailAddress" tf:"user_email_address,omitempty"` + // +kubebuilder:validation:Optional + UserEmailAddress *string `json:"userEmailAddress,omitempty" tf:"user_email_address,omitempty"` // The user type of the user being invited. Must be one of Guest or Member. Only Global Administrators can invite users as members. Defaults to Guest. // The user type of the user being invited @@ -54,6 +74,18 @@ type InvitationParameters struct { } type MessageObservation struct { + + // Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. + // Email addresses of additional recipients the invitation message should be sent to + AdditionalRecipients []*string `json:"additionalRecipients,omitempty" tf:"additional_recipients,omitempty"` + + // Customized message body you want to send if you don't want to send the default message. Cannot be specified with language. + // Customized message body you want to send if you don't want to send the default message + Body *string `json:"body,omitempty" tf:"body,omitempty"` + + // The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to en-US. Cannot be specified with body. + // The language you want to send the default message in + Language *string `json:"language,omitempty" tf:"language,omitempty"` } type MessageParameters struct { @@ -98,8 +130,10 @@ type InvitationStatus struct { type Invitation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec InvitationSpec `json:"spec"` - Status InvitationStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.redirectUrl)",message="redirectUrl is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.userEmailAddress)",message="userEmailAddress is a required parameter" + Spec InvitationSpec `json:"spec"` + Status InvitationStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/policies/v1beta1/zz_claimsmappingpolicy_types.go b/apis/policies/v1beta1/zz_claimsmappingpolicy_types.go index bd7b16cc..51e011d6 100755 --- a/apis/policies/v1beta1/zz_claimsmappingpolicy_types.go +++ b/apis/policies/v1beta1/zz_claimsmappingpolicy_types.go @@ -15,6 +15,14 @@ import ( type ClaimsMappingPolicyObservation struct { + // The claims mapping policy. This is a JSON formatted string, for which the jsonencode() function can be used. + // A string collection containing a JSON string that defines the rules and settings for this policy + Definition []*string `json:"definition,omitempty" tf:"definition,omitempty"` + + // The display name for this Claims Mapping Policy. + // Display name for this policy + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The ID of the Claims Mapping Policy. ID *string `json:"id,omitempty" tf:"id,omitempty"` } @@ -23,13 +31,13 @@ type ClaimsMappingPolicyParameters struct { // The claims mapping policy. This is a JSON formatted string, for which the jsonencode() function can be used. // A string collection containing a JSON string that defines the rules and settings for this policy - // +kubebuilder:validation:Required - Definition []*string `json:"definition" tf:"definition,omitempty"` + // +kubebuilder:validation:Optional + Definition []*string `json:"definition,omitempty" tf:"definition,omitempty"` // The display name for this Claims Mapping Policy. // Display name for this policy - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` } // ClaimsMappingPolicySpec defines the desired state of ClaimsMappingPolicy @@ -56,8 +64,10 @@ type ClaimsMappingPolicyStatus struct { type ClaimsMappingPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ClaimsMappingPolicySpec `json:"spec"` - Status ClaimsMappingPolicyStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.definition)",message="definition is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + Spec ClaimsMappingPolicySpec `json:"spec"` + Status ClaimsMappingPolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/policies/v1beta1/zz_generated.deepcopy.go b/apis/policies/v1beta1/zz_generated.deepcopy.go index b4bcf038..2dcc7262 100644 --- a/apis/policies/v1beta1/zz_generated.deepcopy.go +++ b/apis/policies/v1beta1/zz_generated.deepcopy.go @@ -75,6 +75,22 @@ func (in *ClaimsMappingPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClaimsMappingPolicyObservation) DeepCopyInto(out *ClaimsMappingPolicyObservation) { *out = *in + if in.Definition != nil { + in, out := &in.Definition, &out.Definition + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) diff --git a/apis/policies/v1beta1/zz_generated.managed.go b/apis/policies/v1beta1/zz_generated.managed.go index e94a5483..59731560 100644 --- a/apis/policies/v1beta1/zz_generated.managed.go +++ b/apis/policies/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *ClaimsMappingPolicy) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this ClaimsMappingPolicy. +func (mg *ClaimsMappingPolicy) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this ClaimsMappingPolicy. func (mg *ClaimsMappingPolicy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *ClaimsMappingPolicy) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this ClaimsMappingPolicy. +func (mg *ClaimsMappingPolicy) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this ClaimsMappingPolicy. func (mg *ClaimsMappingPolicy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go b/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go index ced04b08..bd783129 100644 --- a/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go @@ -76,11 +76,37 @@ func (in *PermissionGrantList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PermissionGrantObservation) DeepCopyInto(out *PermissionGrantObservation) { *out = *in + if in.ClaimValues != nil { + in, out := &in.ClaimValues, &out.ClaimValues + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.ResourceServicePrincipalObjectID != nil { + in, out := &in.ResourceServicePrincipalObjectID, &out.ResourceServicePrincipalObjectID + *out = new(string) + **out = **in + } + if in.ServicePrincipalObjectID != nil { + in, out := &in.ServicePrincipalObjectID, &out.ServicePrincipalObjectID + *out = new(string) + **out = **in + } + if in.UserObjectID != nil { + in, out := &in.UserObjectID, &out.UserObjectID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionGrantObservation. diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_generated.managed.go b/apis/serviceprincipaldelegated/v1beta1/zz_generated.managed.go index e561518c..e8e94713 100644 --- a/apis/serviceprincipaldelegated/v1beta1/zz_generated.managed.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *PermissionGrant) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this PermissionGrant. +func (mg *PermissionGrant) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this PermissionGrant. func (mg *PermissionGrant) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *PermissionGrant) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this PermissionGrant. +func (mg *PermissionGrant) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this PermissionGrant. func (mg *PermissionGrant) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go index e0b8adb1..fe8099ab 100755 --- a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go @@ -15,16 +15,32 @@ import ( type PermissionGrantObservation struct { + // - A set of claim values for delegated permission scopes which should be included in access tokens for the resource. + // A set of claim values for delegated permission scopes which should be included in access tokens for the resource + ClaimValues []*string `json:"claimValues,omitempty" tf:"claim_values,omitempty"` + // The ID of the delegated permission grant. ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. + // The object ID of the service principal representing the resource to be accessed + ResourceServicePrincipalObjectID *string `json:"resourceServicePrincipalObjectId,omitempty" tf:"resource_service_principal_object_id,omitempty"` + + // The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created. + // The object ID of the service principal for which this delegated permission grant should be created + ServicePrincipalObjectID *string `json:"servicePrincipalObjectId,omitempty" tf:"service_principal_object_id,omitempty"` + + // - The object ID of the user on behalf of whom the service principal is authorized to access the resource. When omitted, the delegated permission grant will be consented for all users. Changing this forces a new resource to be created. + // The object ID of the user on behalf of whom the service principal is authorized to access the resource + UserObjectID *string `json:"userObjectId,omitempty" tf:"user_object_id,omitempty"` } type PermissionGrantParameters struct { // - A set of claim values for delegated permission scopes which should be included in access tokens for the resource. // A set of claim values for delegated permission scopes which should be included in access tokens for the resource - // +kubebuilder:validation:Required - ClaimValues []*string `json:"claimValues" tf:"claim_values,omitempty"` + // +kubebuilder:validation:Optional + ClaimValues []*string `json:"claimValues,omitempty" tf:"claim_values,omitempty"` // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. // The object ID of the service principal representing the resource to be accessed @@ -94,8 +110,9 @@ type PermissionGrantStatus struct { type PermissionGrant struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec PermissionGrantSpec `json:"spec"` - Status PermissionGrantStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.claimValues)",message="claimValues is a required parameter" + Spec PermissionGrantSpec `json:"spec"` + Status PermissionGrantStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/serviceprincipals/v1beta1/zz_certificate_types.go b/apis/serviceprincipals/v1beta1/zz_certificate_types.go index 52d93431..630bfcc3 100755 --- a/apis/serviceprincipals/v1beta1/zz_certificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_certificate_types.go @@ -14,7 +14,36 @@ import ( ) type CertificateObservation struct { + + // Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem. + // Specifies the encoding used for the supplied certificate data + Encoding *string `json:"encoding,omitempty" tf:"encoding,omitempty"` + + // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. + // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`) + EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + + // A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. + // A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + EndDateRelative *string `json:"endDateRelative,omitempty" tf:"end_date_relative,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created. + // A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + + // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this certificate should be created + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used + StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` + + // The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created. + // The type of key/certificate + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type CertificateParameters struct { @@ -65,7 +94,7 @@ type CertificateParameters struct { // The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument. // The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional ValueSecretRef v1.SecretKeySelector `json:"valueSecretRef" tf:"-"` } @@ -93,8 +122,9 @@ type CertificateStatus struct { type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec CertificateSpec `json:"spec"` - Status CertificateStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.valueSecretRef)",message="valueSecretRef is a required parameter" + Spec CertificateSpec `json:"spec"` + Status CertificateStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go index 971e695f..298b14ad 100755 --- a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go +++ b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go @@ -15,8 +15,16 @@ import ( type ClaimsMappingPolicyAssignmentObservation struct { + // The ID of the claims mapping policy to assign. + // ID of the claims mapping policy to assign + ClaimsMappingPolicyID *string `json:"claimsMappingPolicyId,omitempty" tf:"claims_mapping_policy_id,omitempty"` + // The ID of the Claims Mapping Policy Assignment. ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the service principal for the policy assignment. + // Object ID of the service principal for which to assign the policy + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` } type ClaimsMappingPolicyAssignmentParameters struct { diff --git a/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go b/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go index 8b219f77..67410c1d 100644 --- a/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go @@ -142,11 +142,46 @@ func (in *CertificateList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = *in + if in.Encoding != nil { + in, out := &in.Encoding, &out.Encoding + *out = new(string) + **out = **in + } + if in.EndDate != nil { + in, out := &in.EndDate, &out.EndDate + *out = new(string) + **out = **in + } + if in.EndDateRelative != nil { + in, out := &in.EndDateRelative, &out.EndDateRelative + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.StartDate != nil { + in, out := &in.StartDate, &out.StartDate + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateObservation. @@ -316,11 +351,21 @@ func (in *ClaimsMappingPolicyAssignmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClaimsMappingPolicyAssignmentObservation) DeepCopyInto(out *ClaimsMappingPolicyAssignmentObservation) { *out = *in + if in.ClaimsMappingPolicyID != nil { + in, out := &in.ClaimsMappingPolicyID, &out.ClaimsMappingPolicyID + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimsMappingPolicyAssignmentObservation. @@ -415,6 +460,26 @@ func (in *ClaimsMappingPolicyAssignmentStatus) DeepCopy() *ClaimsMappingPolicyAs // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureTagsObservation) DeepCopyInto(out *FeatureTagsObservation) { *out = *in + if in.CustomSingleSignOn != nil { + in, out := &in.CustomSingleSignOn, &out.CustomSingleSignOn + *out = new(bool) + **out = **in + } + if in.Enterprise != nil { + in, out := &in.Enterprise, &out.Enterprise + *out = new(bool) + **out = **in + } + if in.Gallery != nil { + in, out := &in.Gallery, &out.Gallery + *out = new(bool) + **out = **in + } + if in.Hide != nil { + in, out := &in.Hide, &out.Hide + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureTagsObservation. @@ -594,6 +659,21 @@ func (in *PasswordList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PasswordObservation) DeepCopyInto(out *PasswordObservation) { *out = *in + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EndDate != nil { + in, out := &in.EndDate, &out.EndDate + *out = new(string) + **out = **in + } + if in.EndDateRelative != nil { + in, out := &in.EndDateRelative, &out.EndDateRelative + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -604,6 +684,31 @@ func (in *PasswordObservation) DeepCopyInto(out *PasswordObservation) { *out = new(string) **out = **in } + if in.RotateWhenChanged != nil { + in, out := &in.RotateWhenChanged, &out.RotateWhenChanged + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.StartDate != nil { + in, out := &in.StartDate, &out.StartDate + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordObservation. @@ -777,6 +882,27 @@ func (in *PrincipalList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { *out = *in + if in.AccountEnabled != nil { + in, out := &in.AccountEnabled, &out.AccountEnabled + *out = new(bool) + **out = **in + } + if in.AlternativeNames != nil { + in, out := &in.AlternativeNames, &out.AlternativeNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AppRoleAssignmentRequired != nil { + in, out := &in.AppRoleAssignmentRequired, &out.AppRoleAssignmentRequired + *out = new(bool) + **out = **in + } if in.AppRoleIds != nil { in, out := &in.AppRoleIds, &out.AppRoleIds *out = make(map[string]*string, len(*in)) @@ -799,16 +925,33 @@ func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } if in.ApplicationTenantID != nil { in, out := &in.ApplicationTenantID, &out.ApplicationTenantID *out = new(string) **out = **in } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) **out = **in } + if in.FeatureTags != nil { + in, out := &in.FeatureTags, &out.FeatureTags + *out = make([]FeatureTagsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.HomepageURL != nil { in, out := &in.HomepageURL, &out.HomepageURL *out = new(string) @@ -819,11 +962,32 @@ func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { *out = new(string) **out = **in } + if in.LoginURL != nil { + in, out := &in.LoginURL, &out.LoginURL + *out = new(string) + **out = **in + } if in.LogoutURL != nil { in, out := &in.LogoutURL, &out.LogoutURL *out = new(string) **out = **in } + if in.Notes != nil { + in, out := &in.Notes, &out.Notes + *out = new(string) + **out = **in + } + if in.NotificationEmailAddresses != nil { + in, out := &in.NotificationEmailAddresses, &out.NotificationEmailAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Oauth2PermissionScopeIds != nil { in, out := &in.Oauth2PermissionScopeIds, &out.Oauth2PermissionScopeIds *out = make(map[string]*string, len(*in)) @@ -851,6 +1015,22 @@ func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { *out = new(string) **out = **in } + if in.Owners != nil { + in, out := &in.Owners, &out.Owners + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PreferredSingleSignOnMode != nil { + in, out := &in.PreferredSingleSignOnMode, &out.PreferredSingleSignOnMode + *out = new(string) + **out = **in + } if in.RedirectUris != nil { in, out := &in.RedirectUris, &out.RedirectUris *out = make([]*string, len(*in)) @@ -867,6 +1047,13 @@ func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { *out = new(string) **out = **in } + if in.SAMLSingleSignOn != nil { + in, out := &in.SAMLSingleSignOn, &out.SAMLSingleSignOn + *out = make([]SAMLSingleSignOnObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServicePrincipalNames != nil { in, out := &in.ServicePrincipalNames, &out.ServicePrincipalNames *out = make([]*string, len(*in)) @@ -883,11 +1070,27 @@ func (in *PrincipalObservation) DeepCopyInto(out *PrincipalObservation) { *out = new(string) **out = **in } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Type != nil { in, out := &in.Type, &out.Type *out = new(string) **out = **in } + if in.UseExisting != nil { + in, out := &in.UseExisting, &out.UseExisting + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalObservation. @@ -1060,6 +1263,11 @@ func (in *PrincipalStatus) DeepCopy() *PrincipalStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SAMLSingleSignOnObservation) DeepCopyInto(out *SAMLSingleSignOnObservation) { *out = *in + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLSingleSignOnObservation. @@ -1154,6 +1362,16 @@ func (in *TokenSigningCertificateList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenSigningCertificateObservation) DeepCopyInto(out *TokenSigningCertificateObservation) { *out = *in + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.EndDate != nil { + in, out := &in.EndDate, &out.EndDate + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1164,6 +1382,11 @@ func (in *TokenSigningCertificateObservation) DeepCopyInto(out *TokenSigningCert *out = new(string) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } if in.StartDate != nil { in, out := &in.StartDate, &out.StartDate *out = new(string) diff --git a/apis/serviceprincipals/v1beta1/zz_generated.managed.go b/apis/serviceprincipals/v1beta1/zz_generated.managed.go index 08c31544..d60e3cd1 100644 --- a/apis/serviceprincipals/v1beta1/zz_generated.managed.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Certificate) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Certificate. +func (mg *Certificate) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Certificate. func (mg *Certificate) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Certificate) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Certificate. +func (mg *Certificate) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Certificate. func (mg *Certificate) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *ClaimsMappingPolicyAssignment) GetDeletionPolicy() xpv1.DeletionPolicy return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this ClaimsMappingPolicyAssignment. +func (mg *ClaimsMappingPolicyAssignment) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this ClaimsMappingPolicyAssignment. func (mg *ClaimsMappingPolicyAssignment) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *ClaimsMappingPolicyAssignment) SetDeletionPolicy(r xpv1.DeletionPolicy mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this ClaimsMappingPolicyAssignment. +func (mg *ClaimsMappingPolicyAssignment) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this ClaimsMappingPolicyAssignment. func (mg *ClaimsMappingPolicyAssignment) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -149,6 +169,11 @@ func (mg *Password) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Password. +func (mg *Password) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Password. func (mg *Password) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -182,6 +207,11 @@ func (mg *Password) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Password. +func (mg *Password) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Password. func (mg *Password) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -215,6 +245,11 @@ func (mg *Principal) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Principal. +func (mg *Principal) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Principal. func (mg *Principal) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -248,6 +283,11 @@ func (mg *Principal) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Principal. +func (mg *Principal) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Principal. func (mg *Principal) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -281,6 +321,11 @@ func (mg *TokenSigningCertificate) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this TokenSigningCertificate. +func (mg *TokenSigningCertificate) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this TokenSigningCertificate. func (mg *TokenSigningCertificate) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -314,6 +359,11 @@ func (mg *TokenSigningCertificate) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this TokenSigningCertificate. +func (mg *TokenSigningCertificate) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this TokenSigningCertificate. func (mg *TokenSigningCertificate) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/serviceprincipals/v1beta1/zz_password_types.go b/apis/serviceprincipals/v1beta1/zz_password_types.go index 2e3209c0..0d7dcd75 100755 --- a/apis/serviceprincipals/v1beta1/zz_password_types.go +++ b/apis/serviceprincipals/v1beta1/zz_password_types.go @@ -14,11 +14,36 @@ import ( ) type PasswordObservation struct { + + // A display name for the password. + // A display name for the password + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The end date until which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. + // The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`) + EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + + // A relative duration for which the password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created. + // A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created + EndDateRelative *string `json:"endDateRelative,omitempty" tf:"end_date_relative,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // A UUID used to uniquely identify this password credential. // A UUID used to uniquely identify this password credential KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + + // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. + // Arbitrary map of values that, when changed, will trigger rotation of the password + RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` + + // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this password should be created + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. + // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used + StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` } type PasswordParameters struct { diff --git a/apis/serviceprincipals/v1beta1/zz_principal_types.go b/apis/serviceprincipals/v1beta1/zz_principal_types.go index e1ef2282..8dfa73e1 100755 --- a/apis/serviceprincipals/v1beta1/zz_principal_types.go +++ b/apis/serviceprincipals/v1beta1/zz_principal_types.go @@ -38,6 +38,22 @@ type AppRolesParameters struct { } type FeatureTagsObservation struct { + + // Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false. + // Whether this service principal represents a custom SAML application + CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"` + + // Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false. + // Whether this service principal represents an Enterprise Application + Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"` + + // Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false. + // Whether this service principal represents a gallery application + Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"` + + // Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false. + // Whether this app is invisible to users in My Apps and Office 365 Launcher + Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"` } type FeatureTagsParameters struct { @@ -95,6 +111,18 @@ type Oauth2PermissionScopesParameters struct { type PrincipalObservation struct { + // Whether or not the service principal account is enabled. Defaults to true. + // Whether or not the service principal account is enabled + AccountEnabled *bool `json:"accountEnabled,omitempty" tf:"account_enabled,omitempty"` + + // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. + // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` + + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. + // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application + AppRoleAssignmentRequired *bool `json:"appRoleAssignmentRequired,omitempty" tf:"app_role_assignment_required,omitempty"` + // A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. // Mapping of app role names to UUIDs AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` @@ -102,14 +130,26 @@ type PrincipalObservation struct { // A list of app roles published by the associated application, as documented below. For more information official documentation. AppRoles []AppRolesObservation `json:"appRoles,omitempty" tf:"app_roles,omitempty"` + // The application ID (client ID) of the application for which to create a service principal. + // The application ID (client ID) of the application for which to create a service principal + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + // The tenant ID where the associated application is registered. // The tenant ID where the associated application is registered ApplicationTenantID *string `json:"applicationTenantId,omitempty" tf:"application_tenant_id,omitempty"` + // A description of the service principal provided for internal end-users. + // Description of the service principal provided for internal end-users + Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The display name of the application associated with this service principal. // The display name of the application associated with this service principal DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // A feature_tags block as described below. Cannot be used together with the tags property. + // Block of features to configure for this service principal using tags + FeatureTags []FeatureTagsObservation `json:"featureTags,omitempty" tf:"feature_tags,omitempty"` + // Home page or landing page of the associated application. // Home page or landing page of the application HomepageURL *string `json:"homepageUrl,omitempty" tf:"homepage_url,omitempty"` @@ -117,10 +157,22 @@ type PrincipalObservation struct { // The unique identifier of the app_role. ID *string `json:"id,omitempty" tf:"id,omitempty"` + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. + // The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on + LoginURL *string `json:"loginUrl,omitempty" tf:"login_url,omitempty"` + // The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application. // The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols LogoutURL *string `json:"logoutUrl,omitempty" tf:"logout_url,omitempty"` + // A free text field to capture information about the service principal, typically used for operational purposes. + // Free text field to capture information about the service principal, typically used for operational purposes + Notes *string `json:"notes,omitempty" tf:"notes,omitempty"` + + // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. + // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` + // A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration. // Mapping of OAuth2.0 permission scope names to UUIDs Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` @@ -132,6 +184,14 @@ type PrincipalObservation struct { // The object ID of the service principal ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. + // A list of object IDs of principals that will be granted ownership of the service principal + Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` + + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. + // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps + PreferredSingleSignOnMode *string `json:"preferredSingleSignOnMode,omitempty" tf:"preferred_single_sign_on_mode,omitempty"` + // A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application. // The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` @@ -140,6 +200,10 @@ type PrincipalObservation struct { // The URL where the service exposes SAML metadata for federation SAMLMetadataURL *string `json:"samlMetadataUrl,omitempty" tf:"saml_metadata_url,omitempty"` + // A saml_single_sign_on block as documented below. + // Settings related to SAML single sign-on + SAMLSingleSignOn []SAMLSingleSignOnObservation `json:"samlSingleSignOn,omitempty" tf:"saml_single_sign_on,omitempty"` + // A list of identifier URI(s), copied over from the associated application. // A list of identifier URI(s), copied over from the associated application ServicePrincipalNames []*string `json:"servicePrincipalNames,omitempty" tf:"service_principal_names,omitempty"` @@ -148,9 +212,17 @@ type PrincipalObservation struct { // The Microsoft account types that are supported for the associated application SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` + // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. + // A set of tags to apply to the service principal + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` + // Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. // Identifies whether the service principal represents an application or a managed identity Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. + // When true, the resource will return an existing service principal instead of failing with an error + UseExisting *bool `json:"useExisting,omitempty" tf:"use_existing,omitempty"` } type PrincipalParameters struct { @@ -237,6 +309,10 @@ type PrincipalParameters struct { } type SAMLSingleSignOnObservation struct { + + // The relative URI the service provider would redirect to after completion of the single sign-on flow. + // The relative URI the service provider would redirect to after completion of the single sign-on flow + RelayState *string `json:"relayState,omitempty" tf:"relay_state,omitempty"` } type SAMLSingleSignOnParameters struct { diff --git a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go index 60bbeb4b..4a8d7245 100755 --- a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go @@ -14,12 +14,26 @@ import ( ) type TokenSigningCertificateObservation struct { + + // Specifies a friendly name for the certificate. + // Must start with CN=. Changing this field forces a new resource to be created. + // A friendly name for the certificate + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. + // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date. + EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // A UUID used to uniquely identify the verify certificate. // A UUID used to uniquely identify the verify certificate. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this certificate should be created + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` diff --git a/apis/synchronization/v1beta1/zz_generated.deepcopy.go b/apis/synchronization/v1beta1/zz_generated.deepcopy.go index 8ba6b4b3..146efc6e 100644 --- a/apis/synchronization/v1beta1/zz_generated.deepcopy.go +++ b/apis/synchronization/v1beta1/zz_generated.deepcopy.go @@ -17,6 +17,11 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialObservation) DeepCopyInto(out *CredentialObservation) { *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialObservation. @@ -112,6 +117,11 @@ func (in *JobList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *JobObservation) DeepCopyInto(out *JobObservation) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -124,6 +134,16 @@ func (in *JobObservation) DeepCopyInto(out *JobObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.TemplateID != nil { + in, out := &in.TemplateID, &out.TemplateID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobObservation. @@ -317,11 +337,23 @@ func (in *SecretList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = make([]CredentialObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObservation. diff --git a/apis/synchronization/v1beta1/zz_generated.managed.go b/apis/synchronization/v1beta1/zz_generated.managed.go index ec8bb3a7..53d68ea7 100644 --- a/apis/synchronization/v1beta1/zz_generated.managed.go +++ b/apis/synchronization/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *Job) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Job. +func (mg *Job) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Job. func (mg *Job) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *Job) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Job. +func (mg *Job) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Job. func (mg *Job) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r @@ -83,6 +93,11 @@ func (mg *Secret) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this Secret. +func (mg *Secret) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this Secret. func (mg *Secret) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -116,6 +131,11 @@ func (mg *Secret) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this Secret. +func (mg *Secret) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this Secret. func (mg *Secret) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/synchronization/v1beta1/zz_job_types.go b/apis/synchronization/v1beta1/zz_job_types.go index 7f364cab..78809e90 100755 --- a/apis/synchronization/v1beta1/zz_job_types.go +++ b/apis/synchronization/v1beta1/zz_job_types.go @@ -15,11 +15,23 @@ import ( type JobObservation struct { + // Whether or not the provisioning job is enabled. Default state is true. + // Whether or not the synchronization job is enabled + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // An ID used to uniquely identify this synchronization job. ID *string `json:"id,omitempty" tf:"id,omitempty"` // A schedule list as documented below. Schedule []ScheduleObservation `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this synchronization job should be created + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Identifier of the synchronization template this job is based on. + // Identifier of the synchronization template this job is based on. + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` } type JobParameters struct { @@ -45,8 +57,8 @@ type JobParameters struct { // Identifier of the synchronization template this job is based on. // Identifier of the synchronization template this job is based on. - // +kubebuilder:validation:Required - TemplateID *string `json:"templateId" tf:"template_id,omitempty"` + // +kubebuilder:validation:Optional + TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` } type ScheduleObservation struct { @@ -88,8 +100,9 @@ type JobStatus struct { type Job struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec JobSpec `json:"spec"` - Status JobStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.templateId)",message="templateId is a required parameter" + Spec JobSpec `json:"spec"` + Status JobStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/synchronization/v1beta1/zz_secret_types.go b/apis/synchronization/v1beta1/zz_secret_types.go index 272cc159..127fecc2 100755 --- a/apis/synchronization/v1beta1/zz_secret_types.go +++ b/apis/synchronization/v1beta1/zz_secret_types.go @@ -14,6 +14,10 @@ import ( ) type CredentialObservation struct { + + // The key of the secret. + // Name for this key-value pair. + Key *string `json:"key,omitempty" tf:"key,omitempty"` } type CredentialParameters struct { @@ -31,8 +35,15 @@ type CredentialParameters struct { type SecretObservation struct { + // One or more credential blocks as documented below. + Credential []CredentialObservation `json:"credential,omitempty" tf:"credential,omitempty"` + // An ID used to uniquely identify this synchronization sec. ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this synchronization secret should be created + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` } type SecretParameters struct { diff --git a/apis/users/v1beta1/zz_generated.deepcopy.go b/apis/users/v1beta1/zz_generated.deepcopy.go index bf10c79e..78050744 100644 --- a/apis/users/v1beta1/zz_generated.deepcopy.go +++ b/apis/users/v1beta1/zz_generated.deepcopy.go @@ -81,16 +81,112 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { *out = new(string) **out = **in } + if in.AccountEnabled != nil { + in, out := &in.AccountEnabled, &out.AccountEnabled + *out = new(bool) + **out = **in + } + if in.AgeGroup != nil { + in, out := &in.AgeGroup, &out.AgeGroup + *out = new(string) + **out = **in + } + if in.BusinessPhones != nil { + in, out := &in.BusinessPhones, &out.BusinessPhones + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.City != nil { + in, out := &in.City, &out.City + *out = new(string) + **out = **in + } + if in.CompanyName != nil { + in, out := &in.CompanyName, &out.CompanyName + *out = new(string) + **out = **in + } + if in.ConsentProvidedForMinor != nil { + in, out := &in.ConsentProvidedForMinor, &out.ConsentProvidedForMinor + *out = new(string) + **out = **in + } + if in.CostCenter != nil { + in, out := &in.CostCenter, &out.CostCenter + *out = new(string) + **out = **in + } + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } if in.CreationType != nil { in, out := &in.CreationType, &out.CreationType *out = new(string) **out = **in } + if in.Department != nil { + in, out := &in.Department, &out.Department + *out = new(string) + **out = **in + } + if in.DisablePasswordExpiration != nil { + in, out := &in.DisablePasswordExpiration, &out.DisablePasswordExpiration + *out = new(bool) + **out = **in + } + if in.DisableStrongPassword != nil { + in, out := &in.DisableStrongPassword, &out.DisableStrongPassword + *out = new(bool) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Division != nil { + in, out := &in.Division, &out.Division + *out = new(string) + **out = **in + } + if in.EmployeeID != nil { + in, out := &in.EmployeeID, &out.EmployeeID + *out = new(string) + **out = **in + } + if in.EmployeeType != nil { + in, out := &in.EmployeeType, &out.EmployeeType + *out = new(string) + **out = **in + } if in.ExternalUserState != nil { in, out := &in.ExternalUserState, &out.ExternalUserState *out = new(string) **out = **in } + if in.FaxNumber != nil { + in, out := &in.FaxNumber, &out.FaxNumber + *out = new(string) + **out = **in + } + if in.ForcePasswordChange != nil { + in, out := &in.ForcePasswordChange, &out.ForcePasswordChange + *out = new(bool) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -107,11 +203,41 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { } } } + if in.JobTitle != nil { + in, out := &in.JobTitle, &out.JobTitle + *out = new(string) + **out = **in + } + if in.Mail != nil { + in, out := &in.Mail, &out.Mail + *out = new(string) + **out = **in + } + if in.MailNickname != nil { + in, out := &in.MailNickname, &out.MailNickname + *out = new(string) + **out = **in + } + if in.ManagerID != nil { + in, out := &in.ManagerID, &out.ManagerID + *out = new(string) + **out = **in + } + if in.MobilePhone != nil { + in, out := &in.MobilePhone, &out.MobilePhone + *out = new(string) + **out = **in + } if in.ObjectID != nil { in, out := &in.ObjectID, &out.ObjectID *out = new(string) **out = **in } + if in.OfficeLocation != nil { + in, out := &in.OfficeLocation, &out.OfficeLocation + *out = new(string) + **out = **in + } if in.OnpremisesDistinguishedName != nil { in, out := &in.OnpremisesDistinguishedName, &out.OnpremisesDistinguishedName *out = new(string) @@ -122,6 +248,11 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { *out = new(string) **out = **in } + if in.OnpremisesImmutableID != nil { + in, out := &in.OnpremisesImmutableID, &out.OnpremisesImmutableID + *out = new(string) + **out = **in + } if in.OnpremisesSamAccountName != nil { in, out := &in.OnpremisesSamAccountName, &out.OnpremisesSamAccountName *out = new(string) @@ -142,6 +273,27 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { *out = new(string) **out = **in } + if in.OtherMails != nil { + in, out := &in.OtherMails, &out.OtherMails + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } if in.ProxyAddresses != nil { in, out := &in.ProxyAddresses, &out.ProxyAddresses *out = make([]*string, len(*in)) @@ -153,6 +305,36 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { } } } + if in.ShowInAddressList != nil { + in, out := &in.ShowInAddressList, &out.ShowInAddressList + *out = new(bool) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Surname != nil { + in, out := &in.Surname, &out.Surname + *out = new(string) + **out = **in + } + if in.UsageLocation != nil { + in, out := &in.UsageLocation, &out.UsageLocation + *out = new(string) + **out = **in + } + if in.UserPrincipalName != nil { + in, out := &in.UserPrincipalName, &out.UserPrincipalName + *out = new(string) + **out = **in + } if in.UserType != nil { in, out := &in.UserType, &out.UserType *out = new(string) diff --git a/apis/users/v1beta1/zz_generated.managed.go b/apis/users/v1beta1/zz_generated.managed.go index d3748ae1..4d73c1a3 100644 --- a/apis/users/v1beta1/zz_generated.managed.go +++ b/apis/users/v1beta1/zz_generated.managed.go @@ -17,6 +17,11 @@ func (mg *User) GetDeletionPolicy() xpv1.DeletionPolicy { return mg.Spec.DeletionPolicy } +// GetManagementPolicy of this User. +func (mg *User) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + // GetProviderConfigReference of this User. func (mg *User) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference @@ -50,6 +55,11 @@ func (mg *User) SetDeletionPolicy(r xpv1.DeletionPolicy) { mg.Spec.DeletionPolicy = r } +// SetManagementPolicy of this User. +func (mg *User) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + // SetProviderConfigReference of this User. func (mg *User) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r diff --git a/apis/users/v1beta1/zz_user_types.go b/apis/users/v1beta1/zz_user_types.go index a55e5a3e..e02a5175 100755 --- a/apis/users/v1beta1/zz_user_types.go +++ b/apis/users/v1beta1/zz_user_types.go @@ -18,24 +18,120 @@ type UserObservation struct { // A freeform field for the user to describe themselves AboutMe *string `json:"aboutMe,omitempty" tf:"about_me,omitempty"` + // Whether or not the account should be enabled. + // Whether or not the account should be enabled + AccountEnabled *bool `json:"accountEnabled,omitempty" tf:"account_enabled,omitempty"` + + // The age group of the user. Supported values are Adult, NotAdult and Minor. Omit this property or specify a blank string to unset. + // The age group of the user + AgeGroup *string `json:"ageGroup,omitempty" tf:"age_group,omitempty"` + + // A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect. + // The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect + BusinessPhones []*string `json:"businessPhones,omitempty" tf:"business_phones,omitempty"` + + // The city in which the user is located. + // The city in which the user is located + City *string `json:"city,omitempty" tf:"city,omitempty"` + + // The company name which the user is associated. This property can be useful for describing the company that an external user comes from. + // The company name which the user is associated. This property can be useful for describing the company that an external user comes from + CompanyName *string `json:"companyName,omitempty" tf:"company_name,omitempty"` + + // Whether consent has been obtained for minors. Supported values are Granted, Denied and NotRequired. Omit this property or specify a blank string to unset. + // Whether consent has been obtained for minors + ConsentProvidedForMinor *string `json:"consentProvidedForMinor,omitempty" tf:"consent_provided_for_minor,omitempty"` + + // The cost center associated with the user. + // The cost center associated with the user. + CostCenter *string `json:"costCenter,omitempty" tf:"cost_center,omitempty"` + + // The country/region in which the user is located, e.g. US or UK. + // The country/region in which the user is located, e.g. `US` or `UK` + Country *string `json:"country,omitempty" tf:"country,omitempty"` + // Indicates whether the user account was created as a regular school or work account (null), an external account (Invitation), a local account for an Azure Active Directory B2C tenant (LocalAccount) or self-service sign-up using email verification (EmailVerified). // Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`) CreationType *string `json:"creationType,omitempty" tf:"creation_type,omitempty"` + // The name for the department in which the user works. + // The name for the department in which the user works + Department *string `json:"department,omitempty" tf:"department,omitempty"` + + // Whether the user's password is exempt from expiring. Defaults to false. + // Whether the users password is exempt from expiring + DisablePasswordExpiration *bool `json:"disablePasswordExpiration,omitempty" tf:"disable_password_expiration,omitempty"` + + // Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to false. + // Whether the user is allowed weaker passwords than the default policy to be specified. + DisableStrongPassword *bool `json:"disableStrongPassword,omitempty" tf:"disable_strong_password,omitempty"` + + // The name to display in the address book for the user. + // The name to display in the address book for the user + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // The name of the division in which the user works. + // The name of the division in which the user works. + Division *string `json:"division,omitempty" tf:"division,omitempty"` + + // The employee identifier assigned to the user by the organisation. + // The employee identifier assigned to the user by the organisation + EmployeeID *string `json:"employeeId,omitempty" tf:"employee_id,omitempty"` + + // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. + // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. + EmployeeType *string `json:"employeeType,omitempty" tf:"employee_type,omitempty"` + // For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are PendingAcceptance or Accepted. // For an external user invited to the tenant, this property represents the invited user's invitation status ExternalUserState *string `json:"externalUserState,omitempty" tf:"external_user_state,omitempty"` + // The fax number of the user. + // The fax number of the user + FaxNumber *string `json:"faxNumber,omitempty" tf:"fax_number,omitempty"` + + // Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to false. + // Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password + ForcePasswordChange *bool `json:"forcePasswordChange,omitempty" tf:"force_password_change,omitempty"` + + // The given name (first name) of the user. + // The given name (first name) of the user + GivenName *string `json:"givenName,omitempty" tf:"given_name,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. // The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user ImAddresses []*string `json:"imAddresses,omitempty" tf:"im_addresses,omitempty"` + // The user’s job title. + // The user’s job title + JobTitle *string `json:"jobTitle,omitempty" tf:"job_title,omitempty"` + + // The SMTP address for the user. This property cannot be unset once specified. + // The SMTP address for the user. Cannot be unset. + Mail *string `json:"mail,omitempty" tf:"mail,omitempty"` + + // The mail alias for the user. Defaults to the user name part of the user principal name (UPN). + // The mail alias for the user. Defaults to the user name part of the user principal name (UPN) + MailNickname *string `json:"mailNickname,omitempty" tf:"mail_nickname,omitempty"` + + // The object ID of the user's manager. + // The object ID of the user's manager + ManagerID *string `json:"managerId,omitempty" tf:"manager_id,omitempty"` + + // The primary cellular telephone number for the user. + // The primary cellular telephone number for the user + MobilePhone *string `json:"mobilePhone,omitempty" tf:"mobile_phone,omitempty"` + // The object ID of the user. // The object ID of the user ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"` + // The office location in the user's place of business. + // The office location in the user's place of business + OfficeLocation *string `json:"officeLocation,omitempty" tf:"office_location,omitempty"` + // The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used. // The on-premise Active Directory distinguished name (DN) of the user OnpremisesDistinguishedName *string `json:"onpremisesDistinguishedName,omitempty" tf:"onpremises_distinguished_name,omitempty"` @@ -44,6 +140,10 @@ type UserObservation struct { // The on-premise FQDN (i.e. dnsDomainName) of the user OnpremisesDomainName *string `json:"onpremisesDomainName,omitempty" tf:"onpremises_domain_name,omitempty"` + // The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's user_principal_name property when creating a new user account. + // The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account + OnpremisesImmutableID *string `json:"onpremisesImmutableId,omitempty" tf:"onpremises_immutable_id,omitempty"` + // The on-premise SAM account name of the user. // The on-premise SAM account name of the user OnpremisesSamAccountName *string `json:"onpremisesSamAccountName,omitempty" tf:"onpremises_sam_account_name,omitempty"` @@ -60,10 +160,46 @@ type UserObservation struct { // The on-premise user principal name of the user OnpremisesUserPrincipalName *string `json:"onpremisesUserPrincipalName,omitempty" tf:"onpremises_user_principal_name,omitempty"` + // A list of additional email addresses for the user. + // Additional email addresses for the user + OtherMails []*string `json:"otherMails,omitempty" tf:"other_mails,omitempty"` + + // The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. + // The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // The user's preferred language, in ISO 639-1 notation. + // The user's preferred language, in ISO 639-1 notation + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + // List of email addresses for the user that direct to the same mailbox. // Email addresses for the user that direct to the same mailbox ProxyAddresses []*string `json:"proxyAddresses,omitempty" tf:"proxy_addresses,omitempty"` + // Whether or not the Outlook global address list should include this user. Defaults to true. + // Whether or not the Outlook global address list should include this user + ShowInAddressList *bool `json:"showInAddressList,omitempty" tf:"show_in_address_list,omitempty"` + + // The state or province in the user's address. + // The state or province in the user's address + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // The street address of the user's place of business. + // The street address of the user's place of business + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The user's surname (family name or last name). + // The user's surname (family name or last name) + Surname *string `json:"surname,omitempty" tf:"surname,omitempty"` + + // The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: NO, JP, and GB. Cannot be reset to null once set. + // The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set + UsageLocation *string `json:"usageLocation,omitempty" tf:"usage_location,omitempty"` + + // The user principal name (UPN) of the user. + // The user principal name (UPN) of the user + UserPrincipalName *string `json:"userPrincipalName,omitempty" tf:"user_principal_name,omitempty"` + // The user type in the directory. Possible values are Guest or Member. // The user type in the directory. Possible values are `Guest` or `Member` UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` @@ -128,8 +264,8 @@ type UserParameters struct { // The name to display in the address book for the user. // The name to display in the address book for the user - // +kubebuilder:validation:Required - DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` // The name of the division in which the user works. // The name of the division in which the user works. @@ -243,8 +379,8 @@ type UserParameters struct { // The user principal name (UPN) of the user. // The user principal name (UPN) of the user - // +kubebuilder:validation:Required - UserPrincipalName *string `json:"userPrincipalName" tf:"user_principal_name,omitempty"` + // +kubebuilder:validation:Optional + UserPrincipalName *string `json:"userPrincipalName,omitempty" tf:"user_principal_name,omitempty"` } // UserSpec defines the desired state of User @@ -271,8 +407,10 @@ type UserStatus struct { type User struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec UserSpec `json:"spec"` - Status UserStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName)",message="displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="self.managementPolicy == 'ObserveOnly' || has(self.forProvider.userPrincipalName)",message="userPrincipalName is a required parameter" + Spec UserSpec `json:"spec"` + Status UserStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 527b4439..e28dae26 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -22,6 +22,7 @@ import ( xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" "github.com/crossplane/crossplane-runtime/pkg/logging" "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" "github.com/crossplane/crossplane-runtime/pkg/resource" @@ -58,6 +59,7 @@ func main() { namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() ) kingpin.MustParse(app.Parse(os.Args[1:])) @@ -105,6 +107,7 @@ func main() { GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), PollInterval: *pollInterval, MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, }, Provider: config.GetProvider(), // use the following WorkspaceStoreOption to enable the shared gRPC mode @@ -132,6 +135,11 @@ func main() { })), "cannot create default store config") } + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + kingpin.FatalIfError(controller.Setup(mgr, o), "Cannot setup Azuread controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/config/provider.go b/config/provider.go index 608e98a8..8037952f 100644 --- a/config/provider.go +++ b/config/provider.go @@ -44,6 +44,7 @@ func GetProvider() *ujconfig.Provider { ExternalNameConfigurations(), ), ujconfig.WithReferenceInjectors([]ujconfig.ReferenceInjector{reference.NewInjector(modulePath)}), + ujconfig.WithFeaturesPackage("internal/features"), ) for _, configure := range []func(provider *ujconfig.Provider){ diff --git a/go.mod b/go.mod index 09dc2171..6e6fba27 100644 --- a/go.mod +++ b/go.mod @@ -3,13 +3,13 @@ module github.com/upbound/provider-azuread go 1.19 require ( - github.com/crossplane/crossplane-runtime v0.19.2 - github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e + github.com/crossplane/crossplane-runtime v0.20.0-rc.0.0.20230406155702-4e1673b7141f + github.com/crossplane/crossplane-tools v0.0.0-20230327091744-4236bf732aa5 github.com/pkg/errors v0.9.1 - github.com/upbound/upjet v0.9.0-rc.0.0.20230327151245-05c3d628e791 + github.com/upbound/upjet v0.9.0-rc.0.0.20230418102526-1268a48eba95 gopkg.in/alecthomas/kingpin.v2 v2.2.6 - k8s.io/apimachinery v0.26.1 - k8s.io/client-go v0.26.1 + k8s.io/apimachinery v0.26.3 + k8s.io/client-go v0.26.3 sigs.k8s.io/controller-runtime v0.14.6 sigs.k8s.io/controller-tools v0.11.3 ) @@ -55,7 +55,7 @@ require ( github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.4.4 // indirect - github.com/hashicorp/go-retryablehttp v0.6.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 // indirect @@ -82,7 +82,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.16 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect @@ -110,13 +110,13 @@ require ( github.com/vmihailenco/tagparser v0.1.1 // indirect github.com/yuin/goldmark v1.5.3 // indirect github.com/zclconf/go-cty v1.11.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.7.0 // indirect + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.8.0 // indirect go.uber.org/zap v1.24.0 // indirect - golang.org/x/crypto v0.1.0 // indirect + golang.org/x/crypto v0.2.0 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/net v0.7.0 // indirect - golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect + golang.org/x/oauth2 v0.1.0 // indirect golang.org/x/sys v0.5.0 // indirect golang.org/x/term v0.5.0 // indirect golang.org/x/text v0.7.0 // indirect @@ -124,16 +124,16 @@ require ( golang.org/x/tools v0.4.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect - google.golang.org/grpc v1.49.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd // indirect + google.golang.org/grpc v1.50.1 // indirect + google.golang.org/protobuf v1.28.2-0.20220831092852-f930b1dc76e8 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.26.1 // indirect - k8s.io/apiextensions-apiserver v0.26.1 // indirect - k8s.io/component-base v0.26.1 // indirect + k8s.io/api v0.26.3 // indirect + k8s.io/apiextensions-apiserver v0.26.3 // indirect + k8s.io/component-base v0.26.3 // indirect k8s.io/klog/v2 v2.80.1 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect diff --git a/go.sum b/go.sum index d5c79bbc..23acc52e 100644 --- a/go.sum +++ b/go.sum @@ -92,18 +92,14 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane/crossplane-runtime v0.19.2 h1:9qBnhpqKN4x6apF2siaQ6PvgxqBXbGcKmgeD8mSIDO8= -github.com/crossplane/crossplane-runtime v0.19.2/go.mod h1:OJQ1NxtQK2ZTRmvtnQPoy8LsXsARTnVydRVDQEgIuz4= -github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e h1:HqLaMji3FRPwEBA5P6twPz0HbE6no0XOnByLU5O1noM= -github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e/go.mod h1:xFf30hwHd5n0/a0D4ZomId8nxQTTjE0Hc1j4/rWxefc= +github.com/crossplane/crossplane-runtime v0.20.0-rc.0.0.20230406155702-4e1673b7141f h1:wDRr6gaoiQstEdddrn0B5SSSgzdXreOQAbdmRH+9JeI= +github.com/crossplane/crossplane-runtime v0.20.0-rc.0.0.20230406155702-4e1673b7141f/go.mod h1:ebtUpmconMy8RKUEhrCXTUFSOpfGQqbKM2E+rjCCYJo= +github.com/crossplane/crossplane-tools v0.0.0-20230327091744-4236bf732aa5 h1:K9H55wcwfXcGroZApIgPmIGRGuZLszsLDCYB12p2yMo= +github.com/crossplane/crossplane-tools v0.0.0-20230327091744-4236bf732aa5/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -119,7 +115,6 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= @@ -227,7 +222,6 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -280,8 +274,9 @@ github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ3 github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ= github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= +github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= @@ -389,8 +384,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM= -github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -513,8 +508,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/upbound/upjet v0.9.0-rc.0.0.20230327151245-05c3d628e791 h1:Y2+LQwPlfgRFbe3Yev6P+7aumifXRvGl+I3nryrU8qM= -github.com/upbound/upjet v0.9.0-rc.0.0.20230327151245-05c3d628e791/go.mod h1:wwCuupQRfs+SL6LGAlAHu5Z/oPffvWaBQ9Luf+7CIZ8= +github.com/upbound/upjet v0.9.0-rc.0.0.20230418102526-1268a48eba95 h1:+4Ne/byOLvBjE49C5XCcj+5KKK3OYMsAafYrVIMfSP8= +github.com/upbound/upjet v0.9.0-rc.0.0.20230418102526-1268a48eba95/go.mod h1:IhrO+1L/Ieq7ZCORhiuZ4sShOzl/GoVGVjq0+JCMDYo= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -547,13 +542,14 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= -go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= +go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= @@ -567,8 +563,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE= +golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -659,8 +655,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y= +golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -878,8 +874,8 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd h1:OjndDrsik+Gt+e6fs45z9AxiewiKyLKYpA45W5Kpkks= +google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -901,9 +897,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -917,9 +912,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.2-0.20220831092852-f930b1dc76e8 h1:KR8+MyP7/qOlV+8Af01LtjL04bu7on42eVsxT4EyBQk= +google.golang.org/protobuf v1.28.2-0.20220831092852-f930b1dc76e8/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -954,16 +948,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= -k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= -k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= -k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= -k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= +k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= +k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= +k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= +k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= +k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= +k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= +k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= +k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g= +k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= diff --git a/internal/controller/administrativeunits/member/zz_controller.go b/internal/controller/administrativeunits/member/zz_controller.go index d1c638ff..32b82732 100755 --- a/internal/controller/administrativeunits/member/zz_controller.go +++ b/internal/controller/administrativeunits/member/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/administrativeunits/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Member managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Member_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_administrative_unit_member"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Member_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Member_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/administrativeunits/unit/zz_controller.go b/internal/controller/administrativeunits/unit/zz_controller.go index a67e9b94..25c4da0d 100755 --- a/internal/controller/administrativeunits/unit/zz_controller.go +++ b/internal/controller/administrativeunits/unit/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/administrativeunits/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Unit managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Unit_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_administrative_unit"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Unit_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Unit_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/app/roleassignment/zz_controller.go b/internal/controller/app/roleassignment/zz_controller.go index 57314ce2..5e78768c 100755 --- a/internal/controller/app/roleassignment/zz_controller.go +++ b/internal/controller/app/roleassignment/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/app/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles RoleAssignment managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_app_role_assignment"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/applications/application/zz_controller.go b/internal/controller/applications/application/zz_controller.go index b7cccfa0..d18b87cd 100755 --- a/internal/controller/applications/application/zz_controller.go +++ b/internal/controller/applications/application/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Application managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Application_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_application"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Application_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Application_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/applications/certificate/zz_controller.go b/internal/controller/applications/certificate/zz_controller.go index 46100bff..085bfd26 100755 --- a/internal/controller/applications/certificate/zz_controller.go +++ b/internal/controller/applications/certificate/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Certificate managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_application_certificate"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/applications/federatedidentitycredential/zz_controller.go b/internal/controller/applications/federatedidentitycredential/zz_controller.go index 4995e79c..8ff3e93b 100755 --- a/internal/controller/applications/federatedidentitycredential/zz_controller.go +++ b/internal/controller/applications/federatedidentitycredential/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles FederatedIdentityCredential managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.FederatedIdentityCredential_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_application_federated_identity_credential"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.FederatedIdentityCredential_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.FederatedIdentityCredential_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/applications/password/zz_controller.go b/internal/controller/applications/password/zz_controller.go index 9f683b1e..4657402a 100755 --- a/internal/controller/applications/password/zz_controller.go +++ b/internal/controller/applications/password/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Password managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Password_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_application_password"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Password_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Password_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/applications/preauthorized/zz_controller.go b/internal/controller/applications/preauthorized/zz_controller.go index 9b69700c..742de26d 100755 --- a/internal/controller/applications/preauthorized/zz_controller.go +++ b/internal/controller/applications/preauthorized/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/applications/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles PreAuthorized managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.PreAuthorized_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_application_pre_authorized"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PreAuthorized_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PreAuthorized_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/conditionalaccess/accesspolicy/zz_controller.go b/internal/controller/conditionalaccess/accesspolicy/zz_controller.go index c0fa3218..edf97b14 100755 --- a/internal/controller/conditionalaccess/accesspolicy/zz_controller.go +++ b/internal/controller/conditionalaccess/accesspolicy/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles AccessPolicy managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.AccessPolicy_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_conditional_access_policy"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessPolicy_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessPolicy_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/conditionalaccess/location/zz_controller.go b/internal/controller/conditionalaccess/location/zz_controller.go index c9293187..23e1245b 100755 --- a/internal/controller/conditionalaccess/location/zz_controller.go +++ b/internal/controller/conditionalaccess/location/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/conditionalaccess/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Location managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Location_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_named_location"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Location_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Location_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/directoryroles/customdirectoryrole/zz_controller.go b/internal/controller/directoryroles/customdirectoryrole/zz_controller.go index 13581f31..cad55324 100755 --- a/internal/controller/directoryroles/customdirectoryrole/zz_controller.go +++ b/internal/controller/directoryroles/customdirectoryrole/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/directoryroles/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles CustomDirectoryRole managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.CustomDirectoryRole_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_custom_directory_role"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.CustomDirectoryRole_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.CustomDirectoryRole_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/directoryroles/role/zz_controller.go b/internal/controller/directoryroles/role/zz_controller.go index 14f27cd5..19ddcd6f 100755 --- a/internal/controller/directoryroles/role/zz_controller.go +++ b/internal/controller/directoryroles/role/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/directoryroles/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Role managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Role_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_directory_role"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Role_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Role_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/directoryroles/roleassignment/zz_controller.go b/internal/controller/directoryroles/roleassignment/zz_controller.go index 0e608712..71800181 100755 --- a/internal/controller/directoryroles/roleassignment/zz_controller.go +++ b/internal/controller/directoryroles/roleassignment/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/directoryroles/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles RoleAssignment managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_directory_role_assignment"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.RoleAssignment_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/groups/group/zz_controller.go b/internal/controller/groups/group/zz_controller.go index e2b20fee..ec0ce694 100755 --- a/internal/controller/groups/group/zz_controller.go +++ b/internal/controller/groups/group/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/groups/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Group managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_group"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/groups/member/zz_controller.go b/internal/controller/groups/member/zz_controller.go index 653c03e1..5433dd26 100755 --- a/internal/controller/groups/member/zz_controller.go +++ b/internal/controller/groups/member/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/groups/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Member managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Member_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_group_member"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Member_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Member_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/invitations/invitation/zz_controller.go b/internal/controller/invitations/invitation/zz_controller.go index d7255606..52794114 100755 --- a/internal/controller/invitations/invitation/zz_controller.go +++ b/internal/controller/invitations/invitation/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/invitations/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Invitation managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Invitation_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_invitation"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Invitation_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Invitation_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/policies/claimsmappingpolicy/zz_controller.go b/internal/controller/policies/claimsmappingpolicy/zz_controller.go index 165fab50..feb5c4cf 100755 --- a/internal/controller/policies/claimsmappingpolicy/zz_controller.go +++ b/internal/controller/policies/claimsmappingpolicy/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/policies/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles ClaimsMappingPolicy managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.ClaimsMappingPolicy_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_claims_mapping_policy"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.ClaimsMappingPolicy_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.ClaimsMappingPolicy_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipaldelegated/permissiongrant/zz_controller.go b/internal/controller/serviceprincipaldelegated/permissiongrant/zz_controller.go index 0cd9b5f1..542fdacb 100755 --- a/internal/controller/serviceprincipaldelegated/permissiongrant/zz_controller.go +++ b/internal/controller/serviceprincipaldelegated/permissiongrant/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipaldelegated/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles PermissionGrant managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.PermissionGrant_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal_delegated_permission_grant"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PermissionGrant_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PermissionGrant_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipals/certificate/zz_controller.go b/internal/controller/serviceprincipals/certificate/zz_controller.go index ed77539d..8d2f8ca9 100755 --- a/internal/controller/serviceprincipals/certificate/zz_controller.go +++ b/internal/controller/serviceprincipals/certificate/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Certificate managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal_certificate"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Certificate_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipals/claimsmappingpolicyassignment/zz_controller.go b/internal/controller/serviceprincipals/claimsmappingpolicyassignment/zz_controller.go index 875f5925..e2ab0643 100755 --- a/internal/controller/serviceprincipals/claimsmappingpolicyassignment/zz_controller.go +++ b/internal/controller/serviceprincipals/claimsmappingpolicyassignment/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles ClaimsMappingPolicyAssignment managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.ClaimsMappingPolicyAssignment_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal_claims_mapping_policy_assignment"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.ClaimsMappingPolicyAssignment_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.ClaimsMappingPolicyAssignment_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipals/password/zz_controller.go b/internal/controller/serviceprincipals/password/zz_controller.go index 3d70b892..0623d362 100755 --- a/internal/controller/serviceprincipals/password/zz_controller.go +++ b/internal/controller/serviceprincipals/password/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Password managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Password_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal_password"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Password_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Password_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipals/principal/zz_controller.go b/internal/controller/serviceprincipals/principal/zz_controller.go index 731cb888..96b6e766 100755 --- a/internal/controller/serviceprincipals/principal/zz_controller.go +++ b/internal/controller/serviceprincipals/principal/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Principal managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Principal_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Principal_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Principal_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/serviceprincipals/tokensigningcertificate/zz_controller.go b/internal/controller/serviceprincipals/tokensigningcertificate/zz_controller.go index 0b60848c..0be606a0 100755 --- a/internal/controller/serviceprincipals/tokensigningcertificate/zz_controller.go +++ b/internal/controller/serviceprincipals/tokensigningcertificate/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles TokenSigningCertificate managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.TokenSigningCertificate_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_service_principal_token_signing_certificate"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.TokenSigningCertificate_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.TokenSigningCertificate_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/synchronization/job/zz_controller.go b/internal/controller/synchronization/job/zz_controller.go index 66fbaf6b..ce20ac81 100755 --- a/internal/controller/synchronization/job/zz_controller.go +++ b/internal/controller/synchronization/job/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/synchronization/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Job managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Job_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_synchronization_job"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Job_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Job_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/synchronization/secret/zz_controller.go b/internal/controller/synchronization/secret/zz_controller.go index 2ed7487d..1129ca1a 100755 --- a/internal/controller/synchronization/secret/zz_controller.go +++ b/internal/controller/synchronization/secret/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/synchronization/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles Secret managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.Secret_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_synchronization_secret"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Secret_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Secret_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/controller/users/user/zz_controller.go b/internal/controller/users/user/zz_controller.go index 3cbd77cf..f86481d5 100755 --- a/internal/controller/users/user/zz_controller.go +++ b/internal/controller/users/user/zz_controller.go @@ -19,6 +19,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" v1beta1 "github.com/upbound/provider-azuread/apis/users/v1beta1" + features "github.com/upbound/provider-azuread/internal/features" ) // Setup adds a controller that reconciles User managed resources. @@ -29,19 +30,22 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) } - r := managed.NewReconciler(mgr, - xpresource.ManagedKind(v1beta1.User_GroupVersionKind), + opts := []managed.ReconcilerOption{ managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azuread_user"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind))), )), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3*time.Minute), + managed.WithTimeout(3 * time.Minute), managed.WithInitializers(initializers), managed.WithConnectionPublishers(cps...), managed.WithPollInterval(o.PollInterval), - ) + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). diff --git a/internal/features/features.go b/internal/features/features.go index 420cd550..1b37951b 100644 --- a/internal/features/features.go +++ b/internal/features/features.go @@ -12,4 +12,9 @@ const ( // External Secret Stores. See the below design for more details. // https://github.com/crossplane/crossplane/blob/390ddd/design/design-doc-external-secret-stores.md EnableAlphaExternalSecretStores feature.Flag = "EnableAlphaExternalSecretStores" + + // EnableAlphaManagementPolicies enables alpha support for + // Management Policies. See the below design for more details. + // https://github.com/crossplane/crossplane/pull/3531 + EnableAlphaManagementPolicies feature.Flag = "EnableAlphaManagementPolicies" ) diff --git a/package/crds/administrativeunits.azuread.upbound.io_members.yaml b/package/crds/administrativeunits.azuread.upbound.io_members.yaml index 1179c231..0039bcb8 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_members.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_members.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -147,6 +151,21 @@ spec: a new resource to be created. The object ID of the member type: string type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -323,8 +342,18 @@ spec: properties: atProvider: properties: + administrativeUnitObjectId: + description: The object ID of the administrative unit you want + to add the member to. Changing this forces a new resource to + be created. The object ID of the administrative unit + type: string id: type: string + memberObjectId: + description: The object ID of the user or group you want to add + as a member of the administrative unit. Changing this forces + a new resource to be created. The object ID of the member + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/administrativeunits.azuread.upbound.io_units.yaml b/package/crds/administrativeunits.azuread.upbound.io_units.yaml index cc0a52d6..4f6ae314 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_units.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_units.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -88,9 +92,22 @@ spec: description: If `true`, will return an error if an existing administrative unit is found with the same name type: boolean - required: - - displayName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -262,17 +279,45 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) status: description: UnitStatus defines the observed state of Unit. properties: atProvider: properties: + description: + description: The description of the administrative unit. The description + for the administrative unit + type: string + displayName: + description: The display name of the administrative unit. The + display name for the administrative unit + type: string + hiddenMembershipEnabled: + description: Whether the administrative unit and its members are + hidden or publicly viewable in the directory + type: boolean id: type: string + members: + description: A set of object IDs of members who should be present + in this administrative unit. Supported object types are Users + or Groups. A set of object IDs of members who should be present + in this administrative unit. Supported object types are Users + or Groups + items: + type: string + type: array objectId: description: The object ID of the administrative unit. The object ID of the administrative unit type: string + preventDuplicateNames: + description: If `true`, will return an error if an existing administrative + unit is found with the same name + type: boolean type: object conditions: description: Conditions of the resource. diff --git a/package/crds/app.azuread.upbound.io_roleassignments.yaml b/package/crds/app.azuread.upbound.io_roleassignments.yaml index 32504c9f..64d3c1dd 100644 --- a/package/crds/app.azuread.upbound.io_roleassignments.yaml +++ b/package/crds/app.azuread.upbound.io_roleassignments.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -231,9 +235,22 @@ spec: type: string type: object type: object - required: - - appRoleId type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -405,11 +422,20 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: appRoleId is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.appRoleId) status: description: RoleAssignmentStatus defines the observed state of RoleAssignment. properties: atProvider: properties: + appRoleId: + description: The ID of the app role to be assigned, or the default + role ID 00000000-0000-0000-0000-000000000000. Changing this + forces a new resource to be created. The ID of the app role + to be assigned + type: string id: type: string principalDisplayName: @@ -417,6 +443,13 @@ spec: role is assigned. The display name of the principal to which the app role is assigned type: string + principalObjectId: + description: The object ID of the user, group or service principal + to be assigned this app role. Supported object types are Users, + Groups or Service Principals. Changing this forces a new resource + to be created. The object ID of the user, group or service principal + to be assigned this app role + type: string principalType: description: The object type of the principal to which the app role is assigned. The object type of the principal to which @@ -427,6 +460,11 @@ spec: the resource. The display name of the application representing the resource type: string + resourceObjectId: + description: The object ID of the service principal representing + the resource. Changing this forces a new resource to be created. + The object ID of the service principal representing the resource + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/applications.azuread.upbound.io_applications.yaml b/package/crds/applications.azuread.upbound.io_applications.yaml index 7131ceb1..c004bd89 100644 --- a/package/crds/applications.azuread.upbound.io_applications.yaml +++ b/package/crds/applications.azuread.upbound.io_applications.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -607,9 +611,22 @@ spec: type: array type: object type: array - required: - - displayName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -781,11 +798,163 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) status: description: ApplicationStatus defines the observed state of Application. properties: atProvider: properties: + api: + description: An api block as documented below, which configures + API related settings for this application. + items: + properties: + knownClientApplications: + description: 'A set of application IDs (client IDs), used + for bundling consent if you have a solution that contains + two parts: a client app and a custom web API app. Used + for bundling consent if you have a solution that contains + two parts: a client app and a custom web API app' + items: + type: string + type: array + mappedClaimsEnabled: + description: Allows an application to use claims mapping + without specifying a custom signing key. Defaults to false. + Allows an application to use claims mapping without specifying + a custom signing key + type: boolean + oauth2PermissionScope: + description: One or more oauth2_permission_scope blocks + as documented below, to describe delegated permissions + exposed by the web API represented by this application. + One or more `oauth2_permission_scope` blocks to describe + delegated permissions exposed by the web API represented + by this application + items: + properties: + adminConsentDescription: + description: Delegated permission description that + appears in all tenant-wide admin consent experiences, + intended to be read by an administrator granting + the permission on behalf of all users. Delegated + permission description that appears in all tenant-wide + admin consent experiences, intended to be read by + an administrator granting the permission on behalf + of all users + type: string + adminConsentDisplayName: + description: Display name for the delegated permission, + intended to be read by an administrator granting + the permission on behalf of all users. Display name + for the delegated permission, intended to be read + by an administrator granting the permission on behalf + of all users + type: string + enabled: + description: Determines if the permission scope is + enabled. Defaults to true. Determines if the permission + scope is enabled + type: boolean + id: + description: The unique identifier of the delegated + permission. Must be a valid UUID. The unique identifier + of the delegated permission + type: string + type: + description: Whether this delegated permission should + be considered safe for non-admin users to consent + to on behalf of themselves, or whether an administrator + should be required for consent to the permissions. + Defaults to User. Possible values are User or Admin. + Whether this delegated permission should be considered + safe for non-admin users to consent to on behalf + of themselves, or whether an administrator should + be required for consent to the permissions + type: string + userConsentDescription: + description: Delegated permission description that + appears in the end user consent experience, intended + to be read by a user consenting on their own behalf. + Delegated permission description that appears in + the end user consent experience, intended to be + read by a user consenting on their own behalf + type: string + userConsentDisplayName: + description: Display name for the delegated permission + that appears in the end user consent experience. + Display name for the delegated permission that appears + in the end user consent experience + type: string + value: + description: The value that is used for the scp claim + in OAuth 2.0 access tokens. The value that is used + for the `scp` claim in OAuth 2.0 access tokens + type: string + type: object + type: array + requestedAccessTokenVersion: + description: The access token version expected by this resource. + Must be one of 1 or 2, and must be 2 when sign_in_audience + is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount + Defaults to 1. The access token version expected by this + resource + type: number + type: object + type: array + appRole: + description: A collection of app_role blocks as documented below. + For more information see official documentation on Application + Roles. + items: + properties: + allowedMemberTypes: + description: Specifies whether this app role definition + can be assigned to users and groups by setting to User, + or to other applications (that are accessing this application + in a standalone scenario) by setting to Application, or + to both. Specifies whether this app role definition can + be assigned to users and groups by setting to `User`, + or to other applications (that are accessing this application + in a standalone scenario) by setting to `Application`, + or to both + items: + type: string + type: array + description: + description: Description of the app role that appears when + the role is being assigned and, if the role functions + as an application permissions, during the consent experiences. + Description of the app role that appears when the role + is being assigned and, if the role functions as an application + permissions, during the consent experiences + type: string + displayName: + description: Display name for the app role that appears + during app role assignment and in consent experiences. + Display name for the app role that appears during app + role assignment and in consent experiences + type: string + enabled: + description: Determines if the app role is enabled. Defaults + to true. Determines if the app role is enabled + type: boolean + id: + description: The unique identifier of the app role. Must + be a valid UUID. The unique identifier of the app role + type: string + value: + description: The value that is used for the roles claim + in ID tokens and OAuth 2.0 access tokens that are authenticating + an assigned service or user principal. The value that + is used for the `roles` claim in ID tokens and OAuth 2.0 + access tokens that are authenticating an assigned service + or user principal + type: string + type: object + type: array appRoleIds: additionalProperties: type: string @@ -797,20 +966,111 @@ spec: description: The Application ID (also called Client ID). The Application ID (also called Client ID) type: string + description: + description: A description of the application, as shown to end + users. Description of the application as shown to end users + type: string + deviceOnlyAuthEnabled: + description: Specifies whether this application supports device + authentication without a user. Defaults to false. Specifies + whether this application supports device authentication without + a user. + type: boolean disabledByMicrosoft: description: Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement Whether Microsoft has disabled the registered application type: string + displayName: + description: The display name for the application. The display + name for the application + type: string + fallbackPublicClientEnabled: + description: Specifies whether the application is a public client. + Appropriate for apps using token grant flows that don't use + a redirect URI. Defaults to false. Specifies whether the application + is a public client. Appropriate for apps using token grant flows + that don't use a redirect URI + type: boolean + featureTags: + description: A feature_tags block as described below. Cannot be + used together with the tags property. Block of features to configure + for this application using tags + items: + properties: + customSingleSignOn: + description: Whether this application represents a custom + SAML application for linked service principals. Enabling + this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication + tag. Defaults to false. Whether this application represents + a custom SAML application for linked service principals + type: boolean + enterprise: + description: Whether this application represents an Enterprise + Application for linked service principals. Enabling this + will assign the WindowsAzureActiveDirectoryIntegratedApp + tag. Defaults to false. Whether this application represents + an Enterprise Application for linked service principals + type: boolean + gallery: + description: Whether this application represents a gallery + application for linked service principals. Enabling this + will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 + tag. Defaults to false. Whether this application represents + a gallery application for linked service principals + type: boolean + hide: + description: Whether this app is invisible to users in My + Apps and Office 365 Launcher. Enabling this will assign + the HideApp tag. Defaults to false. Whether this application + is invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array + groupMembershipClaims: + description: Configures the groups claim issued in a user or OAuth + 2.0 access token that the app expects. Possible values are None, + SecurityGroup, DirectoryRole, ApplicationGroup or All. Configures + the `groups` claim issued in a user or OAuth 2.0 access token + that the app expects + items: + type: string + type: array id: description: The unique identifier for an app role or OAuth2 permission scope published by the resource application. type: string + identifierUris: + description: A set of user-defined URI(s) that uniquely identify + an application within its Azure AD tenant, or within a verified + custom domain if the application is multi-tenant. The user-defined + URI(s) that uniquely identify an application within its Azure + AD tenant, or within a verified custom domain if the application + is multi-tenant + items: + type: string + type: array + logoImage: + description: A logo image to upload for the application, as a + raw base64-encoded string. The image should be in gif, jpeg + or png format. Note that once an image has been uploaded, it + is not possible to remove it without replacing it with another + image. Base64 encoded logo image in gif, png or jpeg format + type: string logoUrl: description: CDN URL to the application's logo, as uploaded with the logo_image property. CDN URL to the application's logo type: string + marketingUrl: + description: URL of the application's marketing page. URL of the + application's marketing page + type: string + notes: + description: User-specified notes relevant for the management + of the application. User-specified notes relevant for the management + of the application + type: string oauth2PermissionScopeIds: additionalProperties: type: string @@ -819,14 +1079,299 @@ spec: scopes in other resources in your configuration. Mapping of OAuth2.0 permission scope names to UUIDs type: object + oauth2PostResponseRequired: + description: Specifies whether, as part of OAuth 2.0 token requests, + Azure AD allows POST requests, as opposed to GET requests. Defaults + to false, which specifies that only GET requests are allowed. + Specifies whether, as part of OAuth 2.0 token requests, Azure + AD allows POST requests, as opposed to GET requests. + type: boolean objectId: description: The application's object ID. The application's object ID type: string - publisherDomain: - description: The verified publisher domain for the application. - The verified publisher domain for the application - type: string + optionalClaims: + description: An optional_claims block as documented below. + items: + properties: + accessToken: + description: One or more access_token blocks as documented + below. + items: + properties: + additionalProperties: + description: List of additional properties of the + claim. If a property exists in this list, it modifies + the behaviour of the optional claim. List of additional + properties of the claim. If a property exists in + this list, it modifies the behaviour of the optional + claim + items: + type: string + type: array + essential: + description: Whether the claim specified by the client + is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary + to ensure a smooth authorization experience + type: boolean + name: + description: The name of the optional claim. The name + of the optional claim + type: string + source: + description: The source of the claim. If source is + absent, the claim is a predefined optional claim. + If source is user, the value of name is the extension + property from the user object. The source of the + claim. If `source` is absent, the claim is a predefined + optional claim. If `source` is `user`, the value + of `name` is the extension property from the user + object + type: string + type: object + type: array + idToken: + description: One or more id_token blocks as documented below. + items: + properties: + additionalProperties: + description: List of additional properties of the + claim. If a property exists in this list, it modifies + the behaviour of the optional claim. List of additional + properties of the claim. If a property exists in + this list, it modifies the behaviour of the optional + claim + items: + type: string + type: array + essential: + description: Whether the claim specified by the client + is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary + to ensure a smooth authorization experience + type: boolean + name: + description: The name of the optional claim. The name + of the optional claim + type: string + source: + description: The source of the claim. If source is + absent, the claim is a predefined optional claim. + If source is user, the value of name is the extension + property from the user object. The source of the + claim. If `source` is absent, the claim is a predefined + optional claim. If `source` is `user`, the value + of `name` is the extension property from the user + object + type: string + type: object + type: array + saml2Token: + description: One or more saml2_token blocks as documented + below. + items: + properties: + additionalProperties: + description: List of additional properties of the + claim. If a property exists in this list, it modifies + the behaviour of the optional claim. List of additional + properties of the claim. If a property exists in + this list, it modifies the behaviour of the optional + claim + items: + type: string + type: array + essential: + description: Whether the claim specified by the client + is necessary to ensure a smooth authorization experience. + Whether the claim specified by the client is necessary + to ensure a smooth authorization experience + type: boolean + name: + description: The name of the optional claim. The name + of the optional claim + type: string + source: + description: The source of the claim. If source is + absent, the claim is a predefined optional claim. + If source is user, the value of name is the extension + property from the user object. The source of the + claim. If `source` is absent, the claim is a predefined + optional claim. If `source` is `user`, the value + of `name` is the extension property from the user + object + type: string + type: object + type: array + type: object + type: array + owners: + description: A set of object IDs of principals that will be granted + ownership of the application. Supported object types are users + or service principals. By default, no owners are assigned. A + list of object IDs of principals that will be granted ownership + of the application + items: + type: string + type: array + preventDuplicateNames: + description: If true, will return an error if an existing application + is found with the same name. Defaults to false. If `true`, will + return an error if an existing application is found with the + same name + type: boolean + privacyStatementUrl: + description: URL of the application's privacy statement. URL of + the application's privacy statement + type: string + publicClient: + description: A public_client block as documented below, which + configures non-web app or non-web API application settings, + for example mobile or other public clients such as an installed + application running on a desktop device. + items: + properties: + redirectUris: + description: A set of URLs where user tokens are sent for + sign-in, or the redirect URIs where OAuth 2.0 authorization + codes and access tokens are sent. Must be a valid https + or ms-appx-web URL. The URLs where user tokens are sent + for sign-in, or the redirect URIs where OAuth 2.0 authorization + codes and access tokens are sent + items: + type: string + type: array + type: object + type: array + publisherDomain: + description: The verified publisher domain for the application. + The verified publisher domain for the application + type: string + requiredResourceAccess: + description: A collection of required_resource_access blocks as + documented below. + items: + properties: + resourceAccess: + description: A collection of resource_access blocks as documented + below, describing OAuth2.0 permission scopes and app roles + that the application requires from the specified resource. + items: + properties: + id: + description: The unique identifier for an app role + or OAuth2 permission scope published by the resource + application. + type: string + type: + description: Specifies whether the id property references + an app role or an OAuth2 permission scope. Possible + values are Role or Scope. + type: string + type: object + type: array + resourceAppId: + description: The unique identifier for the resource that + the application requires access to. This should be the + Application ID of the target application. + type: string + type: object + type: array + signInAudience: + description: The Microsoft account types that are supported for + the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, + AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. + Defaults to AzureADMyOrg. The Microsoft account types that are + supported for the current application + type: string + singlePageApplication: + description: A single_page_application block as documented below, + which configures single-page application (SPA) related settings + for this application. + items: + properties: + redirectUris: + description: A set of URLs where user tokens are sent for + sign-in, or the redirect URIs where OAuth 2.0 authorization + codes and access tokens are sent. Must be a valid https + URL. The URLs where user tokens are sent for sign-in, + or the redirect URIs where OAuth 2.0 authorization codes + and access tokens are sent + items: + type: string + type: array + type: object + type: array + supportUrl: + description: URL of the application's support page. URL of the + application's support page + type: string + tags: + description: A set of tags to apply to the application for configuring + specific behaviours of the application and linked service principals. + Note that these are not provided for use by practitioners. Cannot + be used together with the feature_tags block. A set of tags + to apply to the application + items: + type: string + type: array + templateId: + description: Unique ID for a templated application in the Azure + AD App Gallery, from which to create the application. Changing + this forces a new resource to be created. Unique ID of the application + template from which this application is created + type: string + termsOfServiceUrl: + description: URL of the application's terms of service statement. + URL of the application's terms of service statement + type: string + web: + description: A web block as documented below, which configures + web related settings for this application. + items: + properties: + homepageUrl: + description: Home page or landing page of the application. + Home page or landing page of the application + type: string + implicitGrant: + description: An implicit_grant block as documented above. + items: + properties: + accessTokenIssuanceEnabled: + description: Whether this web application can request + an access token using OAuth 2.0 implicit flow. Whether + this web application can request an access token + using OAuth 2.0 implicit flow + type: boolean + idTokenIssuanceEnabled: + description: Whether this web application can request + an ID token using OAuth 2.0 implicit flow. Whether + this web application can request an ID token using + OAuth 2.0 implicit flow + type: boolean + type: object + type: array + logoutUrl: + description: The URL that will be used by Microsoft's authorization + service to sign out a user using front-channel, back-channel + or SAML logout protocols. The URL that will be used by + Microsoft's authorization service to sign out a user using + front-channel, back-channel or SAML logout protocols + type: string + redirectUris: + description: A set of URLs where user tokens are sent for + sign-in, or the redirect URIs where OAuth 2.0 authorization + codes and access tokens are sent. Must be a valid http + URL or a URN. The URLs where user tokens are sent for + sign-in, or the redirect URIs where OAuth 2.0 authorization + codes and access tokens are sent + items: + type: string + type: array + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/applications.azuread.upbound.io_certificates.yaml b/package/crds/applications.azuread.upbound.io_certificates.yaml index f5cac60f..87efda1b 100644 --- a/package/crds/applications.azuread.upbound.io_certificates.yaml +++ b/package/crds/applications.azuread.upbound.io_certificates.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -209,9 +213,22 @@ spec: - name - namespace type: object - required: - - valueSecretRef type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -383,13 +400,68 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: valueSecretRef is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.valueSecretRef) status: description: CertificateStatus defines the observed state of Certificate. properties: atProvider: properties: + applicationObjectId: + description: The object ID of the application for which this certificate + should be created. Changing this field forces a new resource + to be created. The object ID of the application for which this + certificate should be created + type: string + encoding: + description: Specifies the encoding used for the supplied certificate + data. Must be one of pem, base64 or hex. Defaults to pem. Specifies + the encoding used for the supplied certificate data + type: string + endDate: + description: The end date until which the certificate is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + If omitted, the API will decide a suitable expiry date, which + is typically around 2 years from the start date. Changing this + field forces a new resource to be created. The end date until + which the certificate is valid, formatted as an RFC3339 date + string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will + decide a suitable expiry date, which is typically around 2 years + from the start date + type: string + endDateRelative: + description: A relative duration for which the certificate is + valid until, for example 240h (10 days) or 2400h30m. Changing + this field forces a new resource to be created. A relative duration + for which the certificate is valid until, for example `240h` + (10 days) or `2400h30m` + type: string id: type: string + keyId: + description: A UUID used to uniquely identify this certificate. + If omitted, a random UUID will be automatically generated. Changing + this field forces a new resource to be created. A UUID used + to uniquely identify this certificate. If omitted, a random + UUID will be automatically generated + type: string + startDate: + description: The start date from which the certificate is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + If this isn't specified, the value is determined by Azure Active + Directory and is usually the start date of the certificate for + asymmetric keys, or the current timestamp for symmetric keys. + Changing this field forces a new resource to be created. The + start date from which the certificate is valid, formatted as + an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this + isn't specified, the current date and time are use + type: string + type: + description: The type of key/certificate. Must be one of AsymmetricX509Cert + or Symmetric. Changing this fields forces a new resource to + be created. The type of key/certificate + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml index 11ca6ea7..66f060ed 100644 --- a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml +++ b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml @@ -56,9 +56,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -179,12 +183,22 @@ spec: The combination of issuer and subject must be unique on the app. type: string - required: - - audiences - - displayName - - issuer - - subject type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -356,19 +370,69 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: audiences is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.audiences) + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) + - message: issuer is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.issuer) + - message: subject is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.subject) status: description: FederatedIdentityCredentialStatus defines the observed state of FederatedIdentityCredential. properties: atProvider: properties: + applicationObjectId: + description: The object ID of the application for which this federated + identity credential should be created. Changing this field forces + a new resource to be created. The object ID of the application + for which this federated identity credential should be created + type: string + audiences: + description: List of audiences that can appear in the external + token. This specifies what should be accepted in the aud claim + of incoming tokens. List of audiences that can appear in the + external token. This specifies what should be accepted in the + `aud` claim of incoming tokens. + items: + type: string + type: array credentialId: description: A UUID used to uniquely identify this federated identity credential. A UUID used to uniquely identify this federated identity credential type: string + description: + description: A description for the federated identity credential. + A description for the federated identity credential + type: string + displayName: + description: A unique display name for the federated identity + credential. Changing this forces a new resource to be created. + A unique display name for the federated identity credential + type: string id: type: string + issuer: + description: The URL of the external identity provider, which + must match the issuer claim of the external token being exchanged. + The combination of the values of issuer and subject must be + unique on the app. The URL of the external identity provider, + which must match the issuer claim of the external token being + exchanged. The combination of the values of issuer and subject + must be unique on the app. + type: string + subject: + description: The identifier of the external software workload + within the external identity provider. The combination of issuer + and subject must be unique on the app. The identifier of the + external software workload within the external identity provider. + The combination of issuer and subject must be unique on the + app. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/applications.azuread.upbound.io_passwords.yaml b/package/crds/applications.azuread.upbound.io_passwords.yaml index c9c67c17..0711f8c7 100644 --- a/package/crds/applications.azuread.upbound.io_passwords.yaml +++ b/package/crds/applications.azuread.upbound.io_passwords.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -182,6 +186,21 @@ spec: the current date is used type: string type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -358,12 +377,57 @@ spec: properties: atProvider: properties: + applicationObjectId: + description: The object ID of the application for which this password + should be created. Changing this field forces a new resource + to be created. The object ID of the application for which this + password should be created + type: string + displayName: + description: A display name for the password. Changing this field + forces a new resource to be created. A display name for the + password + type: string + endDate: + description: The end date until which the password is valid, formatted + as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing + this field forces a new resource to be created. The end date + until which the password is valid, formatted as an RFC3339 date + string (e.g. `2018-01-01T01:02:03Z`) + type: string + endDateRelative: + description: A relative duration for which the password is valid + until, for example 240h (10 days) or 2400h30m. Changing this + field forces a new resource to be created. A relative duration + for which the password is valid until, for example `240h` (10 + days) or `2400h30m`. Changing this field forces a new resource + to be created + type: string id: type: string keyId: description: A UUID used to uniquely identify this password credential. A UUID used to uniquely identify this password credential type: string + rotateWhenChanged: + additionalProperties: + type: string + description: A map of arbitrary key/value pairs that will force + recreation of the password when they change, enabling password + rotation based on external conditions such as a rotating timestamp. + Changing this forces a new resource to be created. Arbitrary + map of values that, when changed, will trigger rotation of the + password + type: object + startDate: + description: The start date from which the password is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + If this isn't specified, the current date is used. Changing + this field forces a new resource to be created. The start date + from which the password is valid, formatted as an RFC3339 date + string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, + the current date is used + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml index 349137a6..975faef9 100644 --- a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml +++ b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -225,9 +229,22 @@ spec: items: type: string type: array - required: - - permissionIds type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -399,13 +416,32 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: permissionIds is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.permissionIds) status: description: PreAuthorizedStatus defines the observed state of PreAuthorized. properties: atProvider: properties: + applicationObjectId: + description: The object ID of the application for which permissions + are being authorized. Changing this field forces a new resource + to be created. The object ID of the application to which this + pre-authorized application should be added + type: string + authorizedAppId: + description: The application ID of the pre-authorized application + type: string id: type: string + permissionIds: + description: A set of permission scope IDs required by the authorized + application. The IDs of the permission scopes required by the + pre-authorized application + items: + type: string + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/azuread.upbound.io_storeconfigs.yaml b/package/crds/azuread.upbound.io_storeconfigs.yaml index e9bcd4a5..928eb2eb 100644 --- a/package/crds/azuread.upbound.io_storeconfigs.yaml +++ b/package/crds/azuread.upbound.io_storeconfigs.yaml @@ -120,14 +120,45 @@ spec: required: - auth type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object type: default: Kubernetes description: Type configures which secret store to be used. Only the configuration block for this store will be used and others will be ignored if provided. Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin type: string vault: - description: Vault configures a Vault secret store. + description: 'Vault configures a Vault secret store. Deprecated: This + API is scheduled to be removed in a future release. Vault should + be used as a plugin going forward. See https://github.com/crossplane-contrib/ess-plugin-vault + for more information.' properties: auth: description: Auth configures an authentication method for Vault. diff --git a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml index 621c68d0..d19d8d52 100644 --- a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml +++ b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -324,12 +328,22 @@ spec: description: 'Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced' type: string - required: - - conditions - - displayName - - grantControls - - state type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -501,14 +515,270 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: conditions is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.conditions) + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) + - message: grantControls is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.grantControls) + - message: state is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.state) status: description: AccessPolicyStatus defines the observed state of AccessPolicy. properties: atProvider: properties: + conditions: + description: A conditions block as documented below, which specifies + the rules that must be met for the policy to apply. + items: + properties: + applications: + description: An applications block as documented below, + which specifies applications and user actions included + in and excluded from the policy. + items: + properties: + excludedApplications: + description: A list of application IDs explicitly + excluded from the policy. Can also be set to Office365. + items: + type: string + type: array + includedApplications: + description: A list of application IDs the policy + applies to, unless explicitly excluded (in excluded_applications). + Can also be set to All, None or Office365. Cannot + be specified with included_user_actions. One of + included_applications or included_user_actions must + be specified. + items: + type: string + type: array + includedUserActions: + description: A list of user actions to include. Supported + values are urn:user:registerdevice and urn:user:registersecurityinfo. + Cannot be specified with included_applications. + One of included_applications or included_user_actions + must be specified. + items: + type: string + type: array + type: object + type: array + clientAppTypes: + description: 'A list of client application types included + in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, + exchangeActiveSync, easSupported and other.' + items: + type: string + type: array + devices: + description: A devices block as documented below, which + describes devices to be included in and excluded from + the policy. A devices block can be added to an existing + policy, but removing the devices block forces a new resource + to be created. + items: + properties: + filter: + description: A filter block as described below. A + filter block can be added to an existing policy, + but removing the filter block forces a new resource + to be created. + items: + properties: + mode: + description: Whether to include in, or exclude + from, matching devices from the policy. Supported + values are include or exclude. + type: string + rule: + description: Condition filter to match devices. + For more information, see official documentation. + type: string + type: object + type: array + type: object + type: array + locations: + description: A locations block as documented below, which + specifies locations included in and excluded from the + policy. + items: + properties: + excludedLocations: + description: A list of location IDs excluded from + scope of policy. Can also be set to AllTrusted. + items: + type: string + type: array + includedLocations: + description: A list of location IDs in scope of policy + unless explicitly excluded. Can also be set to All, + or AllTrusted. + items: + type: string + type: array + type: object + type: array + platforms: + description: A platforms block as documented below, which + specifies platforms included in and excluded from the + policy. + items: + properties: + excludedPlatforms: + description: 'A list of platforms explicitly excluded + from the policy. Possible values are: all, android, + iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.' + items: + type: string + type: array + includedPlatforms: + description: 'A list of platforms the policy applies + to, unless explicitly excluded. Possible values + are: all, android, iOS, linux, macOS, windows, windowsPhone + or unknownFutureValue.' + items: + type: string + type: array + type: object + type: array + signInRiskLevels: + description: 'A list of sign-in risk levels included in + the policy. Possible values are: low, medium, high, hidden, + none, unknownFutureValue.' + items: + type: string + type: array + userRiskLevels: + description: 'A list of user risk levels included in the + policy. Possible values are: low, medium, high, hidden, + none, unknownFutureValue.' + items: + type: string + type: array + users: + description: A users block as documented below, which specifies + users, groups, and roles included in and excluded from + the policy. + items: + properties: + excludedGroups: + description: A list of group IDs excluded from scope + of policy. + items: + type: string + type: array + excludedRoles: + description: A list of role IDs excluded from scope + of policy. + items: + type: string + type: array + excludedUsers: + description: A list of user IDs excluded from scope + of policy and/or GuestsOrExternalUsers. + items: + type: string + type: array + includedGroups: + description: A list of group IDs in scope of policy + unless explicitly excluded. + items: + type: string + type: array + includedRoles: + description: A list of role IDs in scope of policy + unless explicitly excluded. + items: + type: string + type: array + includedUsers: + description: A list of user IDs in scope of policy + unless explicitly excluded, or None or All or GuestsOrExternalUsers. + items: + type: string + type: array + type: object + type: array + type: object + type: array + displayName: + description: The friendly name for this Conditional Access Policy. + type: string + grantControls: + description: A grant_controls block as documented below, which + specifies the grant controls that must be fulfilled to pass + the policy. + items: + properties: + builtInControls: + description: 'List of built-in controls required by the + policy. Possible values are: block, mfa, approvedApplication, + compliantApplication, compliantDevice, domainJoinedDevice, + passwordChange or unknownFutureValue.' + items: + type: string + type: array + customAuthenticationFactors: + description: List of custom controls IDs required by the + policy. + items: + type: string + type: array + operator: + description: 'Defines the relationship of the grant controls. + Possible values are: AND, OR.' + type: string + termsOfUse: + description: List of terms of use IDs required by the policy. + items: + type: string + type: array + type: object + type: array id: description: The ID of the Conditional Access Policy. type: string + sessionControls: + description: A session_controls block as documented below, which + specifies the session controls that are enforced after sign-in. + items: + properties: + applicationEnforcedRestrictionsEnabled: + description: Whether or not application enforced restrictions + are enabled. Defaults to false. + type: boolean + cloudAppSecurityPolicy: + description: 'Enables cloud app security and specifies the + cloud app security policy to use. Possible values are: + blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.' + type: string + persistentBrowserMode: + description: 'Session control to define whether to persist + cookies or not. Possible values are: always or never.' + type: string + signInFrequency: + description: Number of days or hours to enforce sign-in + frequency. Required when sign_in_frequency_period is specified. + Due to an API issue, removing this property forces a new + resource to be created. + type: number + signInFrequencyPeriod: + description: 'The time period to enforce sign-in frequency. + Possible values are: hours or days. Required when sign_in_frequency_period + is specified. Due to an API issue, removing this property + forces a new resource to be created.' + type: string + type: object + type: array + state: + description: 'Specifies the state of the policy object. Possible + values are: enabled, disabled and enabledForReportingButNotEnforced' + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml b/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml index cb7c9ad9..3a7e98cb 100644 --- a/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml +++ b/package/crds/conditionalaccess.azuread.upbound.io_locations.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -106,9 +110,22 @@ spec: - ipRanges type: object type: array - required: - - displayName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -280,14 +297,56 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) status: description: LocationStatus defines the observed state of Location. properties: atProvider: properties: + country: + description: A country block as documented below, which configures + a country-based named location. + items: + properties: + countriesAndRegions: + description: List of countries and/or regions in two-letter + format specified by ISO 3166-2. + items: + type: string + type: array + includeUnknownCountriesAndRegions: + description: Whether IP addresses that don't map to a country + or region should be included in the named location. Defaults + to false. + type: boolean + type: object + type: array + displayName: + description: The friendly name for this named location. + type: string id: description: The ID of the named location. type: string + ip: + description: An ip block as documented below, which configures + an IP-based named location. + items: + properties: + ipRanges: + description: List of IP address ranges in IPv4 CIDR format + (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF + RFC596. + items: + type: string + type: array + trusted: + description: Whether the named location is trusted. Defaults + to false. + type: boolean + type: object + type: array type: object conditions: description: Conditions of the resource. diff --git a/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml b/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml index e062b12c..8a6f35c3 100644 --- a/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml @@ -55,9 +55,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -105,12 +109,22 @@ spec: any arbitrary string between 1-128 characters. The version of the role definition.' type: string - required: - - displayName - - enabled - - permissions - - version type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -282,17 +296,65 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) + - message: enabled is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.enabled) + - message: permissions is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.permissions) + - message: version is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.version) status: description: CustomDirectoryRoleStatus defines the observed state of CustomDirectoryRole. properties: atProvider: properties: + description: + description: The description of the custom directory role. The + description of the custom directory role + type: string + displayName: + description: The display name of the custom directory role. The + display name of the custom directory role + type: string + enabled: + description: Indicates whether the role is enabled for assignment. + Indicates whether the role is enabled for assignment + type: boolean id: type: string objectId: description: The object ID of the custom directory role. The object ID of the directory role type: string + permissions: + description: A collection of permissions blocks as documented + below. List of permissions that are included in the custom directory + role + items: + properties: + allowedResourceActions: + description: A set of tasks that can be performed on a resource. + For more information, see the Permissions Reference documentation. + Set of tasks that can be performed on a resource + items: + type: string + type: array + type: object + type: array + templateId: + description: Custom template identifier that is typically used + if one needs an identifier to be the same across different directories. + Changing this forces a new resource to be created. Custom template + identifier that is typically used if one needs an identifier + to be the same across different directories. + type: string + version: + description: '- The version of the role definition. This can be + any arbitrary string between 1-128 characters. The version of + the role definition.' + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml index 7af68cf6..133a7cf3 100644 --- a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -244,6 +248,21 @@ spec: type: object type: object type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -420,8 +439,42 @@ spec: properties: atProvider: properties: + appScopeId: + description: Identifier of the app-specific scope when the assignment + scope is app-specific. Cannot be used with directory_scope_id. + See official documentation for example usage. Changing this + forces a new resource to be created. Identifier of the app-specific + scope when the assignment scope is app-specific + type: string + appScopeObjectId: + description: Identifier of the app-specific scope when the assignment + scope is app-specific + type: string + directoryScopeId: + description: Identifier of the directory object representing the + scope of the assignment. Cannot be used with app_scope_id. See + official documentation for example usage. Changing this forces + a new resource to be created. Identifier of the directory object + representing the scope of the assignment + type: string + directoryScopeObjectId: + description: Identifier of the directory object representing the + scope of the assignment + type: string id: type: string + principalObjectId: + description: The object ID of the principal for you want to create + a role assignment. Supported object types are Users, Groups + or Service Principals. Changing this forces a new resource to + be created. The object ID of the member principal + type: string + roleId: + description: The template ID (in the case of built-in roles) or + object ID (in the case of custom roles) of the directory role + you want to assign. Changing this forces a new resource to be + created. The object ID of the directory role for this assignment + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/directoryroles.azuread.upbound.io_roles.yaml b/package/crds/directoryroles.azuread.upbound.io_roles.yaml index ba5e556f..8f47e2a7 100644 --- a/package/crds/directoryroles.azuread.upbound.io_roles.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_roles.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -69,6 +73,21 @@ spec: name of the directory role type: string type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -249,6 +268,11 @@ spec: description: The description of the directory role. The description of the directory role type: string + displayName: + description: The display name of the directory role to activate. + Changing this forces a new resource to be created. The display + name of the directory role + type: string id: type: string objectId: diff --git a/package/crds/groups.azuread.upbound.io_groups.yaml b/package/crds/groups.azuread.upbound.io_groups.yaml index f4086028..dbb40086 100644 --- a/package/crds/groups.azuread.upbound.io_groups.yaml +++ b/package/crds/groups.azuread.upbound.io_groups.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -234,9 +238,22 @@ spec: 365 groups will receive Public visibility. Specifies the group join policy and group content visibility type: string - required: - - displayName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -408,17 +425,129 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) status: description: GroupStatus defines the observed state of Group. properties: atProvider: properties: + administrativeUnitIds: + description: The object IDs of administrative units in which the + group is a member. If specified, new groups will be created + in the scope of the first administrative unit and added to the + others. If empty, new groups will be created at the tenant level. + The administrative unit IDs in which the group should be. If + empty, the group will be created at the tenant level. + items: + type: string + type: array + assignableToRole: + description: Indicates whether this group can be assigned to an + Azure Active Directory role. Can only be true for security-enabled + groups. Changing this forces a new resource to be created. Indicates + whether this group can be assigned to an Azure Active Directory + role. This property can only be `true` for security-enabled + groups. + type: boolean + autoSubscribeNewMembers: + description: Indicates whether new members added to the group + will be auto-subscribed to receive email notifications. Can + only be set for Unified groups. Indicates whether new members + added to the group will be auto-subscribed to receive email + notifications. + type: boolean + behaviors: + description: A set of behaviors for a Microsoft 365 group. Possible + values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, + SubscribeNewGroupMembers and WelcomeEmailDisabled. See official + documentation for more details. Changing this forces a new resource + to be created. The group behaviours for a Microsoft 365 group + items: + type: string + type: array + description: + description: The description for the group. The description for + the group + type: string + displayName: + description: The display name for the group. The display name + for the group + type: string + dynamicMembership: + description: A dynamic_membership block as documented below. Required + when types contains DynamicMembership. Cannot be used with the + members property. An optional block to configure dynamic membership + for the group. Cannot be used with `members` + items: + properties: + enabled: + description: Whether rule processing is "On" (true) or "Paused" + (false). + type: boolean + rule: + description: The rule that determines membership of this + group. For more information, see official documentation + on membership rules syntax. Rule to determine members + for a dynamic group. Required when `group_types` contains + 'DynamicMembership' + type: string + type: object + type: array + externalSendersAllowed: + description: Indicates whether people external to the organization + can send messages to the group. Can only be set for Unified + groups. Indicates whether people external to the organization + can send messages to the group. + type: boolean + hideFromAddressLists: + description: 'Indicates whether the group is displayed in certain + parts of the Outlook user interface: in the Address Book, in + address lists for selecting message recipients, and in the Browse + Groups dialog for searching groups. Can only be set for Unified + groups. Indicates whether the group is displayed in certain + parts of the Outlook user interface: in the Address Book, in + address lists for selecting message recipients, and in the Browse + Groups dialog for searching groups.' + type: boolean + hideFromOutlookClients: + description: Indicates whether the group is displayed in Outlook + clients, such as Outlook for Windows and Outlook on the web. + Can only be set for Unified groups. Indicates whether the group + is displayed in Outlook clients, such as Outlook for Windows + and Outlook on the web. + type: boolean id: type: string mail: description: The SMTP address for the group. The SMTP address for the group type: string + mailEnabled: + description: Whether the group is a mail enabled, with a shared + group mailbox. At least one of mail_enabled or security_enabled + must be specified. Only Microsoft 365 groups can be mail enabled + (see the types property). Whether the group is a mail enabled, + with a shared group mailbox. At least one of `mail_enabled` + or `security_enabled` must be specified. A group can be mail + enabled _and_ security enabled + type: boolean + mailNickname: + description: The mail alias for the group, unique in the organisation. + Required for mail-enabled groups. Changing this forces a new + resource to be created. The mail alias for the group, unique + in the organisation + type: string + members: + description: A set of members who should be present in this group. + Supported object types are Users, Groups or Service Principals. + Cannot be used with the dynamic_membership block. A set of members + who should be present in this group. Supported object types + are Users, Groups or Service Principals + items: + type: string + type: array objectId: description: The object ID of the group. The object ID of the group @@ -454,11 +583,34 @@ spec: from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null) type: boolean + owners: + description: A set of object IDs of principals that will be granted + ownership of the group. Supported object types are users or + service principals. Groups cannot be created with no owners + or have all their owners removed. A set of owners who own this + group. Supported object types are Users or Service Principals + items: + type: string + type: array preferredLanguage: description: The preferred language for a Microsoft 365 group, in ISO 639-1 notation. The preferred language for a Microsoft 365 group, in ISO 639-1 notation type: string + preventDuplicateNames: + description: If true, will return an error if an existing group + is found with the same name. Defaults to false. If `true`, will + return an error if an existing group is found with the same + name + type: boolean + provisioningOptions: + description: A set of provisioning options for a Microsoft 365 + group. The only supported value is Team. See official documentation + for details. Changing this forces a new resource to be created. + The group provisioning options for a Microsoft 365 group + items: + type: string + type: array proxyAddresses: description: List of email addresses for the group that direct to the same group mailbox. Email addresses for the group that @@ -466,6 +618,42 @@ spec: items: type: string type: array + securityEnabled: + description: Whether the group is a security group for controlling + access to in-app resources. At least one of security_enabled + or mail_enabled must be specified. A Microsoft 365 group can + be security enabled and mail enabled (see the types property). + Whether the group is a security group for controlling access + to in-app resources. At least one of `security_enabled` or `mail_enabled` + must be specified. A group can be security enabled _and_ mail + enabled + type: boolean + theme: + description: The colour theme for a Microsoft 365 group. Possible + values are Blue, Green, Orange, Pink, Purple, Red or Teal. By + default, no theme is set. The colour theme for a Microsoft 365 + group + type: string + types: + description: A set of group types to configure for the group. + Supported values are DynamicMembership, which denotes a group + with dynamic membership, and Unified, which specifies a Microsoft + 365 group. Required when mail_enabled is true. Changing this + forces a new resource to be created. A set of group types to + configure for the group. `Unified` specifies a Microsoft 365 + group. Required when `mail_enabled` is true + items: + type: string + type: array + visibility: + description: The group join policy and group content visibility. + Possible values are Private, Public, or Hiddenmembership. Only + Microsoft 365 groups can have Hiddenmembership visibility and + this value must be set when the group is created. By default, + security groups will receive Private visibility and Microsoft + 365 groups will receive Public visibility. Specifies the group + join policy and group content visibility + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/groups.azuread.upbound.io_members.yaml b/package/crds/groups.azuread.upbound.io_members.yaml index 5d88a3ce..1aa1c7f5 100644 --- a/package/crds/groups.azuread.upbound.io_members.yaml +++ b/package/crds/groups.azuread.upbound.io_members.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -223,6 +227,21 @@ spec: type: object type: object type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -399,8 +418,21 @@ spec: properties: atProvider: properties: + groupObjectId: + description: The object ID of the group you want to add the member + to. Changing this forces a new resource to be created. The object + ID of the group you want to add the member to + type: string id: type: string + memberObjectId: + description: The object ID of the principal you want to add as + a member to the group. Supported object types are Users, Groups + or Service Principals. Changing this forces a new resource to + be created. The object ID of the principal you want to add as + a member to the group. Supported object types are Users, Groups + or Service Principals + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/invitations.azuread.upbound.io_invitations.yaml b/package/crds/invitations.azuread.upbound.io_invitations.yaml index 4dc3540b..bee8b997 100644 --- a/package/crds/invitations.azuread.upbound.io_invitations.yaml +++ b/package/crds/invitations.azuread.upbound.io_invitations.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -112,10 +116,22 @@ spec: users as members. Defaults to Guest. The user type of the user being invited type: string - required: - - redirectUrl - - userEmailAddress type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -287,6 +303,11 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: redirectUrl is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.redirectUrl) + - message: userEmailAddress is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.userEmailAddress) status: description: InvitationStatus defines the observed state of Invitation. properties: @@ -294,14 +315,63 @@ spec: properties: id: type: string + message: + description: A message block as documented below, which configures + the message being sent to the invited user. If this block is + omitted, no message will be sent. Customize the message sent + to the invited user + items: + properties: + additionalRecipients: + description: Email addresses of additional recipients the + invitation message should be sent to. Only 1 additional + recipient is currently supported by Azure. Email addresses + of additional recipients the invitation message should + be sent to + items: + type: string + type: array + body: + description: Customized message body you want to send if + you don't want to send the default message. Cannot be + specified with language. Customized message body you want + to send if you don't want to send the default message + type: string + language: + description: The language you want to send the default message + in. The value specified must be in ISO 639 format. Defaults + to en-US. Cannot be specified with body. The language + you want to send the default message in + type: string + type: object + type: array redeemUrl: description: The URL the user can use to redeem their invitation. The URL the user can use to redeem their invitation type: string + redirectUrl: + description: The URL that the user should be redirected to once + the invitation is redeemed. The URL that the user should be + redirected to once the invitation is redeemed + type: string + userDisplayName: + description: The display name of the user being invited. The display + name of the user being invited + type: string + userEmailAddress: + description: The email address of the user being invited. The + email address of the user being invited + type: string userId: description: Object ID of the invited user. Object ID of the invited user type: string + userType: + description: The user type of the user being invited. Must be + one of Guest or Member. Only Global Administrators can invite + users as members. Defaults to Guest. The user type of the user + being invited + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/policies.azuread.upbound.io_claimsmappingpolicies.yaml b/package/crds/policies.azuread.upbound.io_claimsmappingpolicies.yaml index ea9d766e..5bd9a69f 100644 --- a/package/crds/policies.azuread.upbound.io_claimsmappingpolicies.yaml +++ b/package/crds/policies.azuread.upbound.io_claimsmappingpolicies.yaml @@ -55,9 +55,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -76,10 +80,22 @@ spec: description: The display name for this Claims Mapping Policy. Display name for this policy type: string - required: - - definition - - displayName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -251,11 +267,28 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: definition is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.definition) + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) status: description: ClaimsMappingPolicyStatus defines the observed state of ClaimsMappingPolicy. properties: atProvider: properties: + definition: + description: The claims mapping policy. This is a JSON formatted + string, for which the jsonencode() function can be used. A string + collection containing a JSON string that defines the rules and + settings for this policy + items: + type: string + type: array + displayName: + description: The display name for this Claims Mapping Policy. + Display name for this policy + type: string id: description: The ID of the Claims Mapping Policy. type: string diff --git a/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml b/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml index 3d4e3887..81b78380 100644 --- a/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml +++ b/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -315,9 +319,22 @@ spec: type: string type: object type: object - required: - - claimValues type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -489,14 +506,46 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: claimValues is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.claimValues) status: description: PermissionGrantStatus defines the observed state of PermissionGrant. properties: atProvider: properties: + claimValues: + description: '- A set of claim values for delegated permission + scopes which should be included in access tokens for the resource. + A set of claim values for delegated permission scopes which + should be included in access tokens for the resource' + items: + type: string + type: array id: description: The ID of the delegated permission grant. type: string + resourceServicePrincipalObjectId: + description: The object ID of the service principal representing + the resource to be accessed. Changing this forces a new resource + to be created. The object ID of the service principal representing + the resource to be accessed + type: string + servicePrincipalObjectId: + description: The object ID of the service principal for which + this delegated permission grant should be created. Changing + this forces a new resource to be created. The object ID of the + service principal for which this delegated permission grant + should be created + type: string + userObjectId: + description: '- The object ID of the user on behalf of whom the + service principal is authorized to access the resource. When + omitted, the delegated permission grant will be consented for + all users. Changing this forces a new resource to be created. + The object ID of the user on behalf of whom the service principal + is authorized to access the resource' + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml index 567f4063..a982ba90 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -206,9 +210,22 @@ spec: - name - namespace type: object - required: - - valueSecretRef type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -380,13 +397,66 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: valueSecretRef is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.valueSecretRef) status: description: CertificateStatus defines the observed state of Certificate. properties: atProvider: properties: + encoding: + description: Specifies the encoding used for the supplied certificate + data. Must be one of pem, base64 or hex. Defaults to pem. Specifies + the encoding used for the supplied certificate data + type: string + endDate: + description: The end date until which the certificate is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + Changing this field forces a new resource to be created. The + end date until which the certificate is valid, formatted as + an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`) + type: string + endDateRelative: + description: A relative duration for which the certificate is + valid until, for example 240h (10 days) or 2400h30m. Valid time + units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing + this field forces a new resource to be created. A relative duration + for which the certificate is valid until, for example `240h` + (10 days) or `2400h30m`. Valid time units are "ns", "us" (or + "µs"), "ms", "s", "m", "h" + type: string id: type: string + keyId: + description: A UUID used to uniquely identify this certificate. + If not specified a UUID will be automatically generated. Changing + this field forces a new resource to be created. A UUID used + to uniquely identify this certificate. If not specified a UUID + will be automatically generated + type: string + servicePrincipalId: + description: The object ID of the service principal for which + this certificate should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this certificate should be created + type: string + startDate: + description: The start date from which the certificate is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + If this isn't specified, the value is determined by Azure Active + Directory and is usually the start date of the certificate for + asymmetric keys, or the current timestamp for symmetric keys. + Changing this field forces a new resource to be created. The + start date from which the certificate is valid, formatted as + an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this + isn't specified, the current date is used + type: string + type: + description: The type of key/certificate. Must be one of AsymmetricX509Cert + or Symmetric. Changing this fields forces a new resource to + be created. The type of key/certificate + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml index 3d073abe..e14c30ed 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml @@ -56,9 +56,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -223,6 +227,21 @@ spec: type: object type: object type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -400,9 +419,18 @@ spec: properties: atProvider: properties: + claimsMappingPolicyId: + description: The ID of the claims mapping policy to assign. ID + of the claims mapping policy to assign + type: string id: description: The ID of the Claims Mapping Policy Assignment. type: string + servicePrincipalId: + description: The object ID of the service principal for the policy + assignment. Object ID of the service principal for which to + assign the policy + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml index c88c2962..80de58e8 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -181,6 +185,21 @@ spec: the current date is used type: string type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -357,12 +376,56 @@ spec: properties: atProvider: properties: + displayName: + description: A display name for the password. A display name for + the password + type: string + endDate: + description: The end date until which the password is valid, formatted + as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing + this field forces a new resource to be created. The end date + until which the password is valid, formatted as an RFC3339 date + string (e.g. `2018-01-01T01:02:03Z`) + type: string + endDateRelative: + description: A relative duration for which the password is valid + until, for example 240h (10 days) or 2400h30m. Changing this + field forces a new resource to be created. A relative duration + for which the password is valid until, for example `240h` (10 + days) or `2400h30m`. Changing this field forces a new resource + to be created + type: string id: type: string keyId: description: A UUID used to uniquely identify this password credential. A UUID used to uniquely identify this password credential type: string + rotateWhenChanged: + additionalProperties: + type: string + description: A map of arbitrary key/value pairs that will force + recreation of the password when they change, enabling password + rotation based on external conditions such as a rotating timestamp. + Changing this forces a new resource to be created. Arbitrary + map of values that, when changed, will trigger rotation of the + password + type: object + servicePrincipalId: + description: The object ID of the service principal for which + this password should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this password should be created + type: string + startDate: + description: The start date from which the password is valid, + formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + If this isn't specified, the current date is used. Changing + this field forces a new resource to be created. The start date + from which the password is valid, formatted as an RFC3339 date + string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, + the current date is used + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml index 2a060ce2..ac65260f 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -282,6 +286,21 @@ spec: principal instead of failing with an error type: boolean type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -458,6 +477,28 @@ spec: properties: atProvider: properties: + accountEnabled: + description: Whether or not the service principal account is enabled. + Defaults to true. Whether or not the service principal account + is enabled + type: boolean + alternativeNames: + description: A set of alternative names, used to retrieve service + principals by subscription, identify resource group and full + resource ids for managed identities. A list of alternative names, + used to retrieve service principals by subscription, identify + resource group and full resource ids for managed identities + items: + type: string + type: array + appRoleAssignmentRequired: + description: Whether this service principal requires an app role + assignment to a user or group before Azure AD will issue a user + or access token to the application. Defaults to false. Whether + this service principal requires an app role assignment to a + user or group before Azure AD will issue a user or access token + to the application + type: boolean appRoleIds: additionalProperties: type: string @@ -500,16 +541,61 @@ spec: type: string type: object type: array + applicationId: + description: The application ID (client ID) of the application + for which to create a service principal. The application ID + (client ID) of the application for which to create a service + principal + type: string applicationTenantId: description: The tenant ID where the associated application is registered. The tenant ID where the associated application is registered type: string + description: + description: A description of the service principal provided for + internal end-users. Description of the service principal provided + for internal end-users + type: string displayName: description: The display name of the application associated with this service principal. The display name of the application associated with this service principal type: string + featureTags: + description: A feature_tags block as described below. Cannot be + used together with the tags property. Block of features to configure + for this service principal using tags + items: + properties: + customSingleSignOn: + description: Whether this service principal represents a + custom SAML application. Enabling this will assign the + WindowsAzureActiveDirectoryCustomSingleSignOnApplication + tag. Defaults to false. Whether this service principal + represents a custom SAML application + type: boolean + enterprise: + description: Whether this service principal represents an + Enterprise Application. Enabling this will assign the + WindowsAzureActiveDirectoryIntegratedApp tag. Defaults + to false. Whether this service principal represents an + Enterprise Application + type: boolean + gallery: + description: Whether this service principal represents a + gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 + tag. Defaults to false. Whether this service principal + represents a gallery application + type: boolean + hide: + description: Whether this app is invisible to users in My + Apps and Office 365 Launcher. Enabling this will assign + the HideApp tag. Defaults to false. Whether this app is + invisible to users in My Apps and Office 365 Launcher + type: boolean + type: object + type: array homepageUrl: description: Home page or landing page of the associated application. Home page or landing page of the application @@ -517,6 +603,17 @@ spec: id: description: The unique identifier of the app_role. type: string + loginUrl: + description: The URL where the service provider redirects the + user to Azure AD to authenticate. Azure AD uses the URL to launch + the application from Microsoft 365 or the Azure AD My Apps. + When blank, Azure AD performs IdP-initiated sign-on for applications + configured with SAML-based single sign-on. The URL where the + service provider redirects the user to Azure AD to authenticate. + Azure AD uses the URL to launch the application from Microsoft + 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated + sign-on for applications configured with SAML-based single sign-on + type: string logoutUrl: description: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, @@ -525,6 +622,23 @@ spec: service to sign out a user using front-channel, back-channel or SAML logout protocols type: string + notes: + description: A free text field to capture information about the + service principal, typically used for operational purposes. + Free text field to capture information about the service principal, + typically used for operational purposes + type: string + notificationEmailAddresses: + description: A set of email addresses where Azure AD sends a notification + when the active certificate is near the expiration date. This + is only for the certificates used to sign the SAML token issued + for Azure AD Gallery applications. List of email addresses where + Azure AD sends a notification when the active certificate is + near the expiration date. This is only for the certificates + used to sign the SAML token issued for Azure AD Gallery applications + items: + type: string + type: array oauth2PermissionScopeIds: additionalProperties: type: string @@ -581,6 +695,25 @@ spec: description: The object ID of the service principal. The object ID of the service principal type: string + owners: + description: A set of object IDs of principals that will be granted + ownership of the service principal. Supported object types are + users or service principals. By default, no owners are assigned. + A list of object IDs of principals that will be granted ownership + of the service principal + items: + type: string + type: array + preferredSingleSignOnMode: + description: The single sign-on mode configured for this application. + Azure AD uses the preferred single sign-on mode to launch the + application from Microsoft 365 or the Azure AD My Apps. Supported + values are oidc, password, saml or notSupported. Omit this property + or specify a blank string to unset. The single sign-on mode + configured for this application. Azure AD uses the preferred + single sign-on mode to launch the application from Microsoft + 365 or the Azure AD My Apps + type: string redirectUris: description: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where @@ -597,6 +730,19 @@ spec: federation. The URL where the service exposes SAML metadata for federation type: string + samlSingleSignOn: + description: A saml_single_sign_on block as documented below. + Settings related to SAML single sign-on + items: + properties: + relayState: + description: The relative URI the service provider would + redirect to after completion of the single sign-on flow. + The relative URI the service provider would redirect to + after completion of the single sign-on flow + type: string + type: object + type: array servicePrincipalNames: description: A list of identifier URI(s), copied over from the associated application. A list of identifier URI(s), copied @@ -611,12 +757,28 @@ spec: The Microsoft account types that are supported for the associated application type: string + tags: + description: A set of tags to apply to the service principal for + configuring specific behaviours of the service principal. Note + that these are not provided for use by practitioners. Cannot + be used together with the feature_tags block. A set of tags + to apply to the service principal + items: + type: string + type: array type: description: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. Identifies whether the service principal represents an application or a managed identity type: string + useExisting: + description: When true, any existing service principal linked + to the same application will be automatically imported. When + false, an import error will be raised for any pre-existing service + principal. When true, the resource will return an existing service + principal instead of failing with an error + type: boolean type: object conditions: description: Conditions of the resource. diff --git a/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml b/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml index e1b57917..cc3baa0f 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml @@ -56,9 +56,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -160,6 +164,21 @@ spec: type: object type: object type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -337,12 +356,31 @@ spec: properties: atProvider: properties: + displayName: + description: Specifies a friendly name for the certificate. Must + start with CN=. Changing this field forces a new resource to + be created. A friendly name for the certificate + type: string + endDate: + description: The end date until which the token signing certificate + is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + Changing this field forces a new resource to be created. The + end date until which the certificate is valid, formatted as + an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default + is 3 years from current date. + type: string id: type: string keyId: description: A UUID used to uniquely identify the verify certificate. A UUID used to uniquely identify the verify certificate. type: string + servicePrincipalId: + description: The object ID of the service principal for which + this certificate should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this certificate should be created + type: string startDate: description: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). diff --git a/package/crds/synchronization.azuread.upbound.io_jobs.yaml b/package/crds/synchronization.azuread.upbound.io_jobs.yaml index 674123b6..28dfb3b2 100644 --- a/package/crds/synchronization.azuread.upbound.io_jobs.yaml +++ b/package/crds/synchronization.azuread.upbound.io_jobs.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -153,9 +157,22 @@ spec: is based on. Identifier of the synchronization template this job is based on. type: string - required: - - templateId type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -327,11 +344,18 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: templateId is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.templateId) status: description: JobStatus defines the observed state of Job. properties: atProvider: properties: + enabled: + description: Whether or not the provisioning job is enabled. Default + state is true. Whether or not the synchronization job is enabled + type: boolean id: description: An ID used to uniquely identify this synchronization job. @@ -353,6 +377,17 @@ spec: type: string type: object type: array + servicePrincipalId: + description: The object ID of the service principal for which + this synchronization job should be created. Changing this field + forces a new resource to be created. The object ID of the service + principal for which this synchronization job should be created + type: string + templateId: + description: Identifier of the synchronization template this job + is based on. Identifier of the synchronization template this + job is based on. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/synchronization.azuread.upbound.io_secrets.yaml b/package/crds/synchronization.azuread.upbound.io_secrets.yaml index 8499c481..a919165b 100644 --- a/package/crds/synchronization.azuread.upbound.io_secrets.yaml +++ b/package/crds/synchronization.azuread.upbound.io_secrets.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -177,6 +181,21 @@ spec: type: object type: object type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -353,10 +372,27 @@ spec: properties: atProvider: properties: + credential: + description: One or more credential blocks as documented below. + items: + properties: + key: + description: The key of the secret. Name for this key-value + pair. + type: string + type: object + type: array id: description: An ID used to uniquely identify this synchronization sec. type: string + servicePrincipalId: + description: The object ID of the service principal for which + this synchronization secrets should be stored. Changing this + field forces a new resource to be created. The object ID of + the service principal for which this synchronization secret + should be created + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/users.azuread.upbound.io_users.yaml b/package/crds/users.azuread.upbound.io_users.yaml index 9d42c891..6b5aa853 100644 --- a/package/crds/users.azuread.upbound.io_users.yaml +++ b/package/crds/users.azuread.upbound.io_users.yaml @@ -54,9 +54,13 @@ spec: properties: deletionPolicy: default: Delete - description: DeletionPolicy specifies what will happen to the underlying + description: 'DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' enum: - Orphan - Delete @@ -265,10 +269,22 @@ spec: description: The user principal name (UPN) of the user. The user principal name (UPN) of the user type: string - required: - - displayName - - userPrincipalName type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string providerConfigRef: default: name: default @@ -440,6 +456,11 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: displayName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.displayName) + - message: userPrincipalName is a required parameter + rule: self.managementPolicy == 'ObserveOnly' || has(self.forProvider.userPrincipalName) status: description: UserStatus defines the observed state of User. properties: @@ -448,6 +469,50 @@ spec: aboutMe: description: A freeform field for the user to describe themselves type: string + accountEnabled: + description: Whether or not the account should be enabled. Whether + or not the account should be enabled + type: boolean + ageGroup: + description: The age group of the user. Supported values are Adult, + NotAdult and Minor. Omit this property or specify a blank string + to unset. The age group of the user + type: string + businessPhones: + description: A list of telephone numbers for the user. Only one + number can be set for this property. Read-only for users synced + with Azure AD Connect. The telephone numbers for the user. Only + one number can be set for this property. Read-only for users + synced with Azure AD Connect + items: + type: string + type: array + city: + description: The city in which the user is located. The city in + which the user is located + type: string + companyName: + description: The company name which the user is associated. This + property can be useful for describing the company that an external + user comes from. The company name which the user is associated. + This property can be useful for describing the company that + an external user comes from + type: string + consentProvidedForMinor: + description: Whether consent has been obtained for minors. Supported + values are Granted, Denied and NotRequired. Omit this property + or specify a blank string to unset. Whether consent has been + obtained for minors + type: string + costCenter: + description: The cost center associated with the user. The cost + center associated with the user. + type: string + country: + description: The country/region in which the user is located, + e.g. US or UK. The country/region in which the user is located, + e.g. `US` or `UK` + type: string creationType: description: Indicates whether the user account was created as a regular school or work account (null), an external account @@ -459,6 +524,39 @@ spec: Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`) type: string + department: + description: The name for the department in which the user works. + The name for the department in which the user works + type: string + disablePasswordExpiration: + description: Whether the user's password is exempt from expiring. + Defaults to false. Whether the users password is exempt from + expiring + type: boolean + disableStrongPassword: + description: Whether the user is allowed weaker passwords than + the default policy to be specified. Defaults to false. Whether + the user is allowed weaker passwords than the default policy + to be specified. + type: boolean + displayName: + description: The name to display in the address book for the user. + The name to display in the address book for the user + type: string + division: + description: The name of the division in which the user works. + The name of the division in which the user works. + type: string + employeeId: + description: The employee identifier assigned to the user by the + organisation. The employee identifier assigned to the user by + the organisation + type: string + employeeType: + description: Captures enterprise worker type. For example, Employee, + Contractor, Consultant, or Vendor. Captures enterprise worker + type. For example, Employee, Contractor, Consultant, or Vendor. + type: string externalUserState: description: For an external user invited to the tenant, this property represents the invited user's invitation status. Possible @@ -466,6 +564,21 @@ spec: invited to the tenant, this property represents the invited user's invitation status type: string + faxNumber: + description: The fax number of the user. The fax number of the + user + type: string + forcePasswordChange: + description: Whether the user is forced to change the password + during the next sign-in. Only takes effect when also changing + the password. Defaults to false. Whether the user is forced + to change the password during the next sign-in. Only takes effect + when also changing the password + type: boolean + givenName: + description: The given name (first name) of the user. The given + name (first name) of the user + type: string id: type: string imAddresses: @@ -476,9 +589,35 @@ spec: items: type: string type: array + jobTitle: + description: The user’s job title. The user’s job title + type: string + mail: + description: The SMTP address for the user. This property cannot + be unset once specified. The SMTP address for the user. Cannot + be unset. + type: string + mailNickname: + description: The mail alias for the user. Defaults to the user + name part of the user principal name (UPN). The mail alias for + the user. Defaults to the user name part of the user principal + name (UPN) + type: string + managerId: + description: The object ID of the user's manager. The object ID + of the user's manager + type: string + mobilePhone: + description: The primary cellular telephone number for the user. + The primary cellular telephone number for the user + type: string objectId: description: The object ID of the user. The object ID of the user type: string + officeLocation: + description: The office location in the user's place of business. + The office location in the user's place of business + type: string onpremisesDistinguishedName: description: The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect @@ -490,6 +629,16 @@ spec: synchronised from the on-premises directory when Azure AD Connect is used. The on-premise FQDN (i.e. dnsDomainName) of the user type: string + onpremisesImmutableId: + description: The value used to associate an on-premise Active + Directory user account with their Azure AD user object. This + must be specified if you are using a federated domain for the + user's user_principal_name property when creating a new user + account. The value used to associate an on-premise Active Directory + user account with their Azure AD user object. This must be specified + if you are using a federated domain for the user's `user_principal_name` + property when creating a new user account + type: string onpremisesSamAccountName: description: The on-premise SAM account name of the user. The on-premise SAM account name of the user @@ -510,6 +659,24 @@ spec: description: The on-premise user principal name of the user. The on-premise user principal name of the user type: string + otherMails: + description: A list of additional email addresses for the user. + Additional email addresses for the user + items: + type: string + type: array + postalCode: + description: The postal code for the user's postal address. The + postal code is specific to the user's country/region. In the + United States of America, this attribute contains the ZIP code. + The postal code for the user's postal address. The postal code + is specific to the user's country/region. In the United States + of America, this attribute contains the ZIP code + type: string + preferredLanguage: + description: The user's preferred language, in ISO 639-1 notation. + The user's preferred language, in ISO 639-1 notation + type: string proxyAddresses: description: List of email addresses for the user that direct to the same mailbox. Email addresses for the user that direct @@ -517,6 +684,39 @@ spec: items: type: string type: array + showInAddressList: + description: Whether or not the Outlook global address list should + include this user. Defaults to true. Whether or not the Outlook + global address list should include this user + type: boolean + state: + description: The state or province in the user's address. The + state or province in the user's address + type: string + streetAddress: + description: The street address of the user's place of business. + The street address of the user's place of business + type: string + surname: + description: The user's surname (family name or last name). The + user's surname (family name or last name) + type: string + usageLocation: + description: 'The usage location of the user. Required for users + that will be assigned licenses due to legal requirement to check + for availability of services in countries. The usage location + is a two letter country code (ISO standard 3166). Examples include: + NO, JP, and GB. Cannot be reset to null once set. The usage + location of the user. Required for users that will be assigned + licenses due to legal requirement to check for availability + of services in countries. The usage location is a two letter + country code (ISO standard 3166). Examples include: `NO`, `JP`, + and `GB`. Cannot be reset to null once set' + type: string + userPrincipalName: + description: The user principal name (UPN) of the user. The user + principal name (UPN) of the user + type: string userType: description: The user type in the directory. Possible values are Guest or Member. The user type in the directory. Possible values