conditionalaccess.v1beta1.accessPolicy
"AccessPolicy is the Schema for the AccessPolicys API."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withDeletionPolicy(deletionPolicy)fn withManagementPolicies(managementPolicies)fn withManagementPoliciesMixin(managementPolicies)obj spec.forProviderfn withConditions(conditions)fn withConditionsMixin(conditions)fn withDisplayName(displayName)fn withGrantControls(grantControls)fn withGrantControlsMixin(grantControls)fn withSessionControls(sessionControls)fn withSessionControlsMixin(sessionControls)fn withState(state)obj spec.forProvider.conditionsfn withApplications(applications)fn withApplicationsMixin(applications)fn withClientAppTypes(clientAppTypes)fn withClientAppTypesMixin(clientAppTypes)fn withClientApplications(clientApplications)fn withClientApplicationsMixin(clientApplications)fn withDevices(devices)fn withDevicesMixin(devices)fn withInsiderRiskLevels(insiderRiskLevels)fn withLocations(locations)fn withLocationsMixin(locations)fn withPlatforms(platforms)fn withPlatformsMixin(platforms)fn withServicePrincipalRiskLevels(servicePrincipalRiskLevels)fn withServicePrincipalRiskLevelsMixin(servicePrincipalRiskLevels)fn withSignInRiskLevels(signInRiskLevels)fn withSignInRiskLevelsMixin(signInRiskLevels)fn withUserRiskLevels(userRiskLevels)fn withUserRiskLevelsMixin(userRiskLevels)fn withUsers(users)fn withUsersMixin(users)obj spec.forProvider.conditions.applicationsfn withExcludedApplications(excludedApplications)fn withExcludedApplicationsMixin(excludedApplications)fn withIncludedApplications(includedApplications)fn withIncludedApplicationsMixin(includedApplications)fn withIncludedUserActions(includedUserActions)fn withIncludedUserActionsMixin(includedUserActions)
obj spec.forProvider.conditions.clientApplicationsobj spec.forProvider.conditions.devicesobj spec.forProvider.conditions.locationsobj spec.forProvider.conditions.platformsobj spec.forProvider.conditions.usersfn withExcludedGroups(excludedGroups)fn withExcludedGroupsMixin(excludedGroups)fn withExcludedGuestsOrExternalUsers(excludedGuestsOrExternalUsers)fn withExcludedGuestsOrExternalUsersMixin(excludedGuestsOrExternalUsers)fn withExcludedRoles(excludedRoles)fn withExcludedRolesMixin(excludedRoles)fn withExcludedUsers(excludedUsers)fn withExcludedUsersMixin(excludedUsers)fn withIncludedGroups(includedGroups)fn withIncludedGroupsMixin(includedGroups)fn withIncludedGuestsOrExternalUsers(includedGuestsOrExternalUsers)fn withIncludedGuestsOrExternalUsersMixin(includedGuestsOrExternalUsers)fn withIncludedRoles(includedRoles)fn withIncludedRolesMixin(includedRoles)fn withIncludedUsers(includedUsers)fn withIncludedUsersMixin(includedUsers)obj spec.forProvider.conditions.users.excludedGuestsOrExternalUsersobj spec.forProvider.conditions.users.includedGuestsOrExternalUsers
obj spec.forProvider.grantControlsfn withAuthenticationStrengthPolicyId(authenticationStrengthPolicyId)fn withBuiltInControls(builtInControls)fn withBuiltInControlsMixin(builtInControls)fn withCustomAuthenticationFactors(customAuthenticationFactors)fn withCustomAuthenticationFactorsMixin(customAuthenticationFactors)fn withOperator(operator)fn withTermsOfUse(termsOfUse)fn withTermsOfUseMixin(termsOfUse)
obj spec.forProvider.sessionControlsfn withApplicationEnforcedRestrictionsEnabled(applicationEnforcedRestrictionsEnabled)fn withCloudAppSecurityPolicy(cloudAppSecurityPolicy)fn withDisableResilienceDefaults(disableResilienceDefaults)fn withPersistentBrowserMode(persistentBrowserMode)fn withSignInFrequency(signInFrequency)fn withSignInFrequencyAuthenticationType(signInFrequencyAuthenticationType)fn withSignInFrequencyInterval(signInFrequencyInterval)fn withSignInFrequencyPeriod(signInFrequencyPeriod)
obj spec.initProviderfn withConditions(conditions)fn withConditionsMixin(conditions)fn withDisplayName(displayName)fn withGrantControls(grantControls)fn withGrantControlsMixin(grantControls)fn withSessionControls(sessionControls)fn withSessionControlsMixin(sessionControls)fn withState(state)obj spec.initProvider.conditionsfn withApplications(applications)fn withApplicationsMixin(applications)fn withClientAppTypes(clientAppTypes)fn withClientAppTypesMixin(clientAppTypes)fn withClientApplications(clientApplications)fn withClientApplicationsMixin(clientApplications)fn withDevices(devices)fn withDevicesMixin(devices)fn withInsiderRiskLevels(insiderRiskLevels)fn withLocations(locations)fn withLocationsMixin(locations)fn withPlatforms(platforms)fn withPlatformsMixin(platforms)fn withServicePrincipalRiskLevels(servicePrincipalRiskLevels)fn withServicePrincipalRiskLevelsMixin(servicePrincipalRiskLevels)fn withSignInRiskLevels(signInRiskLevels)fn withSignInRiskLevelsMixin(signInRiskLevels)fn withUserRiskLevels(userRiskLevels)fn withUserRiskLevelsMixin(userRiskLevels)fn withUsers(users)fn withUsersMixin(users)obj spec.initProvider.conditions.applicationsfn withExcludedApplications(excludedApplications)fn withExcludedApplicationsMixin(excludedApplications)fn withIncludedApplications(includedApplications)fn withIncludedApplicationsMixin(includedApplications)fn withIncludedUserActions(includedUserActions)fn withIncludedUserActionsMixin(includedUserActions)
obj spec.initProvider.conditions.clientApplicationsobj spec.initProvider.conditions.devicesobj spec.initProvider.conditions.locationsobj spec.initProvider.conditions.platformsobj spec.initProvider.conditions.usersfn withExcludedGroups(excludedGroups)fn withExcludedGroupsMixin(excludedGroups)fn withExcludedGuestsOrExternalUsers(excludedGuestsOrExternalUsers)fn withExcludedGuestsOrExternalUsersMixin(excludedGuestsOrExternalUsers)fn withExcludedRoles(excludedRoles)fn withExcludedRolesMixin(excludedRoles)fn withExcludedUsers(excludedUsers)fn withExcludedUsersMixin(excludedUsers)fn withIncludedGroups(includedGroups)fn withIncludedGroupsMixin(includedGroups)fn withIncludedGuestsOrExternalUsers(includedGuestsOrExternalUsers)fn withIncludedGuestsOrExternalUsersMixin(includedGuestsOrExternalUsers)fn withIncludedRoles(includedRoles)fn withIncludedRolesMixin(includedRoles)fn withIncludedUsers(includedUsers)fn withIncludedUsersMixin(includedUsers)obj spec.initProvider.conditions.users.excludedGuestsOrExternalUsersobj spec.initProvider.conditions.users.includedGuestsOrExternalUsers
obj spec.initProvider.grantControlsfn withAuthenticationStrengthPolicyId(authenticationStrengthPolicyId)fn withBuiltInControls(builtInControls)fn withBuiltInControlsMixin(builtInControls)fn withCustomAuthenticationFactors(customAuthenticationFactors)fn withCustomAuthenticationFactorsMixin(customAuthenticationFactors)fn withOperator(operator)fn withTermsOfUse(termsOfUse)fn withTermsOfUseMixin(termsOfUse)
obj spec.initProvider.sessionControlsfn withApplicationEnforcedRestrictionsEnabled(applicationEnforcedRestrictionsEnabled)fn withCloudAppSecurityPolicy(cloudAppSecurityPolicy)fn withDisableResilienceDefaults(disableResilienceDefaults)fn withPersistentBrowserMode(persistentBrowserMode)fn withSignInFrequency(signInFrequency)fn withSignInFrequencyAuthenticationType(signInFrequencyAuthenticationType)fn withSignInFrequencyInterval(signInFrequencyInterval)fn withSignInFrequencyPeriod(signInFrequencyPeriod)
obj spec.providerConfigRefobj spec.writeConnectionSecretToRef
Fields
fn new
new(name)
new returns an instance of AccessPolicy
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"AccessPolicySpec defines the desired state of AccessPolicy"
fn spec.withDeletionPolicy
withDeletionPolicy(deletionPolicy)
"DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223"
fn spec.withManagementPolicies
withManagementPolicies(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
fn spec.withManagementPoliciesMixin
withManagementPoliciesMixin(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
Note: This function appends passed data to existing values
obj spec.forProvider
fn spec.forProvider.withConditions
withConditions(conditions)
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
fn spec.forProvider.withConditionsMixin
withConditionsMixin(conditions)
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
Note: This function appends passed data to existing values
fn spec.forProvider.withDisplayName
withDisplayName(displayName)
"The friendly name for this Conditional Access Policy."
fn spec.forProvider.withGrantControls
withGrantControls(grantControls)
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
fn spec.forProvider.withGrantControlsMixin
withGrantControlsMixin(grantControls)
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.withSessionControls
withSessionControls(sessionControls)
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
fn spec.forProvider.withSessionControlsMixin
withSessionControlsMixin(sessionControls)
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
Note: This function appends passed data to existing values
fn spec.forProvider.withState
withState(state)
"Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced"
obj spec.forProvider.conditions
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
fn spec.forProvider.conditions.withApplications
withApplications(applications)
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
fn spec.forProvider.conditions.withApplicationsMixin
withApplicationsMixin(applications)
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withClientAppTypes
withClientAppTypes(clientAppTypes)
"A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other."
fn spec.forProvider.conditions.withClientAppTypesMixin
withClientAppTypesMixin(clientAppTypes)
"A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withClientApplications
withClientApplications(clientApplications)
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
fn spec.forProvider.conditions.withClientApplicationsMixin
withClientApplicationsMixin(clientApplications)
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withDevices
withDevices(devices)
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
fn spec.forProvider.conditions.withDevicesMixin
withDevicesMixin(devices)
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withInsiderRiskLevels
withInsiderRiskLevels(insiderRiskLevels)
"The insider risk level in the policy. Possible values are: minor, moderate, elevated, unknownFutureValue."
fn spec.forProvider.conditions.withLocations
withLocations(locations)
"A locations block as documented below, which specifies locations included in and excluded from the policy."
fn spec.forProvider.conditions.withLocationsMixin
withLocationsMixin(locations)
"A locations block as documented below, which specifies locations included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withPlatforms
withPlatforms(platforms)
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
fn spec.forProvider.conditions.withPlatformsMixin
withPlatformsMixin(platforms)
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withServicePrincipalRiskLevels
withServicePrincipalRiskLevels(servicePrincipalRiskLevels)
"A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue."
fn spec.forProvider.conditions.withServicePrincipalRiskLevelsMixin
withServicePrincipalRiskLevelsMixin(servicePrincipalRiskLevels)
"A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withSignInRiskLevels
withSignInRiskLevels(signInRiskLevels)
"A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
fn spec.forProvider.conditions.withSignInRiskLevelsMixin
withSignInRiskLevelsMixin(signInRiskLevels)
"A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withUserRiskLevels
withUserRiskLevels(userRiskLevels)
"A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
fn spec.forProvider.conditions.withUserRiskLevelsMixin
withUserRiskLevelsMixin(userRiskLevels)
"A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.withUsers
withUsers(users)
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
fn spec.forProvider.conditions.withUsersMixin
withUsersMixin(users)
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.applications
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
fn spec.forProvider.conditions.applications.withExcludedApplications
withExcludedApplications(excludedApplications)
"A list of application IDs explicitly excluded from the policy. Can also be set to Office365."
fn spec.forProvider.conditions.applications.withExcludedApplicationsMixin
withExcludedApplicationsMixin(excludedApplications)
"A list of application IDs explicitly excluded from the policy. Can also be set to Office365."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.applications.withIncludedApplications
withIncludedApplications(includedApplications)
"A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified."
fn spec.forProvider.conditions.applications.withIncludedApplicationsMixin
withIncludedApplicationsMixin(includedApplications)
"A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.applications.withIncludedUserActions
withIncludedUserActions(includedUserActions)
"A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified."
fn spec.forProvider.conditions.applications.withIncludedUserActionsMixin
withIncludedUserActionsMixin(includedUserActions)
"A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.clientApplications
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
fn spec.forProvider.conditions.clientApplications.withExcludedServicePrincipals
withExcludedServicePrincipals(excludedServicePrincipals)
"A list of service principal IDs explicitly excluded in the policy."
fn spec.forProvider.conditions.clientApplications.withExcludedServicePrincipalsMixin
withExcludedServicePrincipalsMixin(excludedServicePrincipals)
"A list of service principal IDs explicitly excluded in the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.clientApplications.withIncludedServicePrincipals
withIncludedServicePrincipals(includedServicePrincipals)
"A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set."
fn spec.forProvider.conditions.clientApplications.withIncludedServicePrincipalsMixin
withIncludedServicePrincipalsMixin(includedServicePrincipals)
"A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.devices
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
fn spec.forProvider.conditions.devices.withFilter
withFilter(filter)
"A filter block as described below."
fn spec.forProvider.conditions.devices.withFilterMixin
withFilterMixin(filter)
"A filter block as described below."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.devices.filter
"A filter block as described below."
fn spec.forProvider.conditions.devices.filter.withMode
withMode(mode)
"Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude."
fn spec.forProvider.conditions.devices.filter.withRule
withRule(rule)
"Condition filter to match devices. For more information, see official documentation."
obj spec.forProvider.conditions.locations
"A locations block as documented below, which specifies locations included in and excluded from the policy."
fn spec.forProvider.conditions.locations.withExcludedLocations
withExcludedLocations(excludedLocations)
"A list of location IDs excluded from scope of policy. Can also be set to AllTrusted."
fn spec.forProvider.conditions.locations.withExcludedLocationsMixin
withExcludedLocationsMixin(excludedLocations)
"A list of location IDs excluded from scope of policy. Can also be set to AllTrusted."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.locations.withIncludedLocations
withIncludedLocations(includedLocations)
"A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted."
fn spec.forProvider.conditions.locations.withIncludedLocationsMixin
withIncludedLocationsMixin(includedLocations)
"A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.platforms
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
fn spec.forProvider.conditions.platforms.withExcludedPlatforms
withExcludedPlatforms(excludedPlatforms)
"A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
fn spec.forProvider.conditions.platforms.withExcludedPlatformsMixin
withExcludedPlatformsMixin(excludedPlatforms)
"A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.platforms.withIncludedPlatforms
withIncludedPlatforms(includedPlatforms)
"A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
fn spec.forProvider.conditions.platforms.withIncludedPlatformsMixin
withIncludedPlatformsMixin(includedPlatforms)
"A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.users
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
fn spec.forProvider.conditions.users.withExcludedGroups
withExcludedGroups(excludedGroups)
"A list of group IDs excluded from scope of policy."
fn spec.forProvider.conditions.users.withExcludedGroupsMixin
withExcludedGroupsMixin(excludedGroups)
"A list of group IDs excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withExcludedGuestsOrExternalUsers
withExcludedGuestsOrExternalUsers(excludedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
fn spec.forProvider.conditions.users.withExcludedGuestsOrExternalUsersMixin
withExcludedGuestsOrExternalUsersMixin(excludedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withExcludedRoles
withExcludedRoles(excludedRoles)
"A list of role IDs excluded from scope of policy."
fn spec.forProvider.conditions.users.withExcludedRolesMixin
withExcludedRolesMixin(excludedRoles)
"A list of role IDs excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withExcludedUsers
withExcludedUsers(excludedUsers)
"A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers."
fn spec.forProvider.conditions.users.withExcludedUsersMixin
withExcludedUsersMixin(excludedUsers)
"A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withIncludedGroups
withIncludedGroups(includedGroups)
"A list of group IDs in scope of policy unless explicitly excluded."
fn spec.forProvider.conditions.users.withIncludedGroupsMixin
withIncludedGroupsMixin(includedGroups)
"A list of group IDs in scope of policy unless explicitly excluded."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withIncludedGuestsOrExternalUsers
withIncludedGuestsOrExternalUsers(includedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
fn spec.forProvider.conditions.users.withIncludedGuestsOrExternalUsersMixin
withIncludedGuestsOrExternalUsersMixin(includedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withIncludedRoles
withIncludedRoles(includedRoles)
"A list of role IDs in scope of policy unless explicitly excluded."
fn spec.forProvider.conditions.users.withIncludedRolesMixin
withIncludedRolesMixin(includedRoles)
"A list of role IDs in scope of policy unless explicitly excluded."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.withIncludedUsers
withIncludedUsers(includedUsers)
"A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers."
fn spec.forProvider.conditions.users.withIncludedUsersMixin
withIncludedUsersMixin(includedUsers)
"A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.users.excludedGuestsOrExternalUsers
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.withExternalTenants
withExternalTenants(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.withExternalTenantsMixin
withExternalTenantsMixin(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.withGuestOrExternalUserTypes
withGuestOrExternalUserTypes(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.withGuestOrExternalUserTypesMixin
withGuestOrExternalUserTypesMixin(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembers
withMembers(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembersMixin
withMembersMixin(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembershipKind
withMembershipKind(membershipKind)
"The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue."
obj spec.forProvider.conditions.users.includedGuestsOrExternalUsers
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.withExternalTenants
withExternalTenants(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.withExternalTenantsMixin
withExternalTenantsMixin(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.withGuestOrExternalUserTypes
withGuestOrExternalUserTypes(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.withGuestOrExternalUserTypesMixin
withGuestOrExternalUserTypesMixin(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.forProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembers
withMembers(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembersMixin
withMembersMixin(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
Note: This function appends passed data to existing values
fn spec.forProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembershipKind
withMembershipKind(membershipKind)
"The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue."
obj spec.forProvider.grantControls
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
fn spec.forProvider.grantControls.withAuthenticationStrengthPolicyId
withAuthenticationStrengthPolicyId(authenticationStrengthPolicyId)
"ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: /policies/authenticationStrengthPolicies/."
fn spec.forProvider.grantControls.withBuiltInControls
withBuiltInControls(builtInControls)
"List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue."
fn spec.forProvider.grantControls.withBuiltInControlsMixin
withBuiltInControlsMixin(builtInControls)
"List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.forProvider.grantControls.withCustomAuthenticationFactors
withCustomAuthenticationFactors(customAuthenticationFactors)
"List of custom controls IDs required by the policy."
fn spec.forProvider.grantControls.withCustomAuthenticationFactorsMixin
withCustomAuthenticationFactorsMixin(customAuthenticationFactors)
"List of custom controls IDs required by the policy."
Note: This function appends passed data to existing values
fn spec.forProvider.grantControls.withOperator
withOperator(operator)
"Defines the relationship of the grant controls. Possible values are: AND, OR."
fn spec.forProvider.grantControls.withTermsOfUse
withTermsOfUse(termsOfUse)
"List of terms of use IDs required by the policy."
fn spec.forProvider.grantControls.withTermsOfUseMixin
withTermsOfUseMixin(termsOfUse)
"List of terms of use IDs required by the policy."
Note: This function appends passed data to existing values
obj spec.forProvider.sessionControls
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
fn spec.forProvider.sessionControls.withApplicationEnforcedRestrictionsEnabled
withApplicationEnforcedRestrictionsEnabled(applicationEnforcedRestrictionsEnabled)
"Whether application enforced restrictions are enabled. Defaults to false."
fn spec.forProvider.sessionControls.withCloudAppSecurityPolicy
withCloudAppSecurityPolicy(cloudAppSecurityPolicy)
"Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue."
fn spec.forProvider.sessionControls.withDisableResilienceDefaults
withDisableResilienceDefaults(disableResilienceDefaults)
"Disables resilience defaults. Defaults to false."
fn spec.forProvider.sessionControls.withPersistentBrowserMode
withPersistentBrowserMode(persistentBrowserMode)
"Session control to define whether to persist cookies. Possible values are: always or never."
fn spec.forProvider.sessionControls.withSignInFrequency
withSignInFrequency(signInFrequency)
"Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified."
fn spec.forProvider.sessionControls.withSignInFrequencyAuthenticationType
withSignInFrequencyAuthenticationType(signInFrequencyAuthenticationType)
"Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication."
fn spec.forProvider.sessionControls.withSignInFrequencyInterval
withSignInFrequencyInterval(signInFrequencyInterval)
"The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased."
fn spec.forProvider.sessionControls.withSignInFrequencyPeriod
withSignInFrequencyPeriod(signInFrequencyPeriod)
"The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified."
obj spec.initProvider
"THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler."
fn spec.initProvider.withConditions
withConditions(conditions)
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
fn spec.initProvider.withConditionsMixin
withConditionsMixin(conditions)
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
Note: This function appends passed data to existing values
fn spec.initProvider.withDisplayName
withDisplayName(displayName)
"The friendly name for this Conditional Access Policy."
fn spec.initProvider.withGrantControls
withGrantControls(grantControls)
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
fn spec.initProvider.withGrantControlsMixin
withGrantControlsMixin(grantControls)
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.withSessionControls
withSessionControls(sessionControls)
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
fn spec.initProvider.withSessionControlsMixin
withSessionControlsMixin(sessionControls)
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
Note: This function appends passed data to existing values
fn spec.initProvider.withState
withState(state)
"Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced"
obj spec.initProvider.conditions
"A conditions block as documented below, which specifies the rules that must be met for the policy to apply."
fn spec.initProvider.conditions.withApplications
withApplications(applications)
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
fn spec.initProvider.conditions.withApplicationsMixin
withApplicationsMixin(applications)
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withClientAppTypes
withClientAppTypes(clientAppTypes)
"A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other."
fn spec.initProvider.conditions.withClientAppTypesMixin
withClientAppTypesMixin(clientAppTypes)
"A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withClientApplications
withClientApplications(clientApplications)
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
fn spec.initProvider.conditions.withClientApplicationsMixin
withClientApplicationsMixin(clientApplications)
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withDevices
withDevices(devices)
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
fn spec.initProvider.conditions.withDevicesMixin
withDevicesMixin(devices)
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withInsiderRiskLevels
withInsiderRiskLevels(insiderRiskLevels)
"The insider risk level in the policy. Possible values are: minor, moderate, elevated, unknownFutureValue."
fn spec.initProvider.conditions.withLocations
withLocations(locations)
"A locations block as documented below, which specifies locations included in and excluded from the policy."
fn spec.initProvider.conditions.withLocationsMixin
withLocationsMixin(locations)
"A locations block as documented below, which specifies locations included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withPlatforms
withPlatforms(platforms)
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
fn spec.initProvider.conditions.withPlatformsMixin
withPlatformsMixin(platforms)
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withServicePrincipalRiskLevels
withServicePrincipalRiskLevels(servicePrincipalRiskLevels)
"A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue."
fn spec.initProvider.conditions.withServicePrincipalRiskLevelsMixin
withServicePrincipalRiskLevelsMixin(servicePrincipalRiskLevels)
"A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withSignInRiskLevels
withSignInRiskLevels(signInRiskLevels)
"A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
fn spec.initProvider.conditions.withSignInRiskLevelsMixin
withSignInRiskLevelsMixin(signInRiskLevels)
"A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withUserRiskLevels
withUserRiskLevels(userRiskLevels)
"A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
fn spec.initProvider.conditions.withUserRiskLevelsMixin
withUserRiskLevelsMixin(userRiskLevels)
"A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.withUsers
withUsers(users)
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
fn spec.initProvider.conditions.withUsersMixin
withUsersMixin(users)
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.applications
"An applications block as documented below, which specifies applications and user actions included in and excluded from the policy."
fn spec.initProvider.conditions.applications.withExcludedApplications
withExcludedApplications(excludedApplications)
"A list of application IDs explicitly excluded from the policy. Can also be set to Office365."
fn spec.initProvider.conditions.applications.withExcludedApplicationsMixin
withExcludedApplicationsMixin(excludedApplications)
"A list of application IDs explicitly excluded from the policy. Can also be set to Office365."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.applications.withIncludedApplications
withIncludedApplications(includedApplications)
"A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified."
fn spec.initProvider.conditions.applications.withIncludedApplicationsMixin
withIncludedApplicationsMixin(includedApplications)
"A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.applications.withIncludedUserActions
withIncludedUserActions(includedUserActions)
"A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified."
fn spec.initProvider.conditions.applications.withIncludedUserActionsMixin
withIncludedUserActionsMixin(includedUserActions)
"A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.clientApplications
"An client_applications block as documented below, which specifies service principals included in and excluded from the policy."
fn spec.initProvider.conditions.clientApplications.withExcludedServicePrincipals
withExcludedServicePrincipals(excludedServicePrincipals)
"A list of service principal IDs explicitly excluded in the policy."
fn spec.initProvider.conditions.clientApplications.withExcludedServicePrincipalsMixin
withExcludedServicePrincipalsMixin(excludedServicePrincipals)
"A list of service principal IDs explicitly excluded in the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.clientApplications.withIncludedServicePrincipals
withIncludedServicePrincipals(includedServicePrincipals)
"A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set."
fn spec.initProvider.conditions.clientApplications.withIncludedServicePrincipalsMixin
withIncludedServicePrincipalsMixin(includedServicePrincipals)
"A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.devices
"A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created."
fn spec.initProvider.conditions.devices.withFilter
withFilter(filter)
"A filter block as described below."
fn spec.initProvider.conditions.devices.withFilterMixin
withFilterMixin(filter)
"A filter block as described below."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.devices.filter
"A filter block as described below."
fn spec.initProvider.conditions.devices.filter.withMode
withMode(mode)
"Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude."
fn spec.initProvider.conditions.devices.filter.withRule
withRule(rule)
"Condition filter to match devices. For more information, see official documentation."
obj spec.initProvider.conditions.locations
"A locations block as documented below, which specifies locations included in and excluded from the policy."
fn spec.initProvider.conditions.locations.withExcludedLocations
withExcludedLocations(excludedLocations)
"A list of location IDs excluded from scope of policy. Can also be set to AllTrusted."
fn spec.initProvider.conditions.locations.withExcludedLocationsMixin
withExcludedLocationsMixin(excludedLocations)
"A list of location IDs excluded from scope of policy. Can also be set to AllTrusted."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.locations.withIncludedLocations
withIncludedLocations(includedLocations)
"A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted."
fn spec.initProvider.conditions.locations.withIncludedLocationsMixin
withIncludedLocationsMixin(includedLocations)
"A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.platforms
"A platforms block as documented below, which specifies platforms included in and excluded from the policy."
fn spec.initProvider.conditions.platforms.withExcludedPlatforms
withExcludedPlatforms(excludedPlatforms)
"A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
fn spec.initProvider.conditions.platforms.withExcludedPlatformsMixin
withExcludedPlatformsMixin(excludedPlatforms)
"A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.platforms.withIncludedPlatforms
withIncludedPlatforms(includedPlatforms)
"A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
fn spec.initProvider.conditions.platforms.withIncludedPlatformsMixin
withIncludedPlatformsMixin(includedPlatforms)
"A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.users
"A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy."
fn spec.initProvider.conditions.users.withExcludedGroups
withExcludedGroups(excludedGroups)
"A list of group IDs excluded from scope of policy."
fn spec.initProvider.conditions.users.withExcludedGroupsMixin
withExcludedGroupsMixin(excludedGroups)
"A list of group IDs excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withExcludedGuestsOrExternalUsers
withExcludedGuestsOrExternalUsers(excludedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
fn spec.initProvider.conditions.users.withExcludedGuestsOrExternalUsersMixin
withExcludedGuestsOrExternalUsersMixin(excludedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withExcludedRoles
withExcludedRoles(excludedRoles)
"A list of role IDs excluded from scope of policy."
fn spec.initProvider.conditions.users.withExcludedRolesMixin
withExcludedRolesMixin(excludedRoles)
"A list of role IDs excluded from scope of policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withExcludedUsers
withExcludedUsers(excludedUsers)
"A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers."
fn spec.initProvider.conditions.users.withExcludedUsersMixin
withExcludedUsersMixin(excludedUsers)
"A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withIncludedGroups
withIncludedGroups(includedGroups)
"A list of group IDs in scope of policy unless explicitly excluded."
fn spec.initProvider.conditions.users.withIncludedGroupsMixin
withIncludedGroupsMixin(includedGroups)
"A list of group IDs in scope of policy unless explicitly excluded."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withIncludedGuestsOrExternalUsers
withIncludedGuestsOrExternalUsers(includedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
fn spec.initProvider.conditions.users.withIncludedGuestsOrExternalUsersMixin
withIncludedGuestsOrExternalUsersMixin(includedGuestsOrExternalUsers)
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withIncludedRoles
withIncludedRoles(includedRoles)
"A list of role IDs in scope of policy unless explicitly excluded."
fn spec.initProvider.conditions.users.withIncludedRolesMixin
withIncludedRolesMixin(includedRoles)
"A list of role IDs in scope of policy unless explicitly excluded."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.withIncludedUsers
withIncludedUsers(includedUsers)
"A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers."
fn spec.initProvider.conditions.users.withIncludedUsersMixin
withIncludedUsersMixin(includedUsers)
"A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.users.excludedGuestsOrExternalUsers
"A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy."
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.withExternalTenants
withExternalTenants(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.withExternalTenantsMixin
withExternalTenantsMixin(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.withGuestOrExternalUserTypes
withGuestOrExternalUserTypes(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.withGuestOrExternalUserTypesMixin
withGuestOrExternalUserTypesMixin(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembers
withMembers(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembersMixin
withMembersMixin(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.excludedGuestsOrExternalUsers.externalTenants.withMembershipKind
withMembershipKind(membershipKind)
"The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue."
obj spec.initProvider.conditions.users.includedGuestsOrExternalUsers
"A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy."
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.withExternalTenants
withExternalTenants(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.withExternalTenantsMixin
withExternalTenantsMixin(externalTenants)
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.withGuestOrExternalUserTypes
withGuestOrExternalUserTypes(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.withGuestOrExternalUserTypesMixin
withGuestOrExternalUserTypesMixin(guestOrExternalUserTypes)
"A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue."
Note: This function appends passed data to existing values
obj spec.initProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants
"An external_tenants block as documented below, which specifies external tenants in a policy scope."
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembers
withMembers(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembersMixin
withMembersMixin(members)
"A list tenant IDs. Can only be specified if membership_kind is enumerated."
Note: This function appends passed data to existing values
fn spec.initProvider.conditions.users.includedGuestsOrExternalUsers.externalTenants.withMembershipKind
withMembershipKind(membershipKind)
"The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue."
obj spec.initProvider.grantControls
"A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy."
fn spec.initProvider.grantControls.withAuthenticationStrengthPolicyId
withAuthenticationStrengthPolicyId(authenticationStrengthPolicyId)
"ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: /policies/authenticationStrengthPolicies/."
fn spec.initProvider.grantControls.withBuiltInControls
withBuiltInControls(builtInControls)
"List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue."
fn spec.initProvider.grantControls.withBuiltInControlsMixin
withBuiltInControlsMixin(builtInControls)
"List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue."
Note: This function appends passed data to existing values
fn spec.initProvider.grantControls.withCustomAuthenticationFactors
withCustomAuthenticationFactors(customAuthenticationFactors)
"List of custom controls IDs required by the policy."
fn spec.initProvider.grantControls.withCustomAuthenticationFactorsMixin
withCustomAuthenticationFactorsMixin(customAuthenticationFactors)
"List of custom controls IDs required by the policy."
Note: This function appends passed data to existing values
fn spec.initProvider.grantControls.withOperator
withOperator(operator)
"Defines the relationship of the grant controls. Possible values are: AND, OR."
fn spec.initProvider.grantControls.withTermsOfUse
withTermsOfUse(termsOfUse)
"List of terms of use IDs required by the policy."
fn spec.initProvider.grantControls.withTermsOfUseMixin
withTermsOfUseMixin(termsOfUse)
"List of terms of use IDs required by the policy."
Note: This function appends passed data to existing values
obj spec.initProvider.sessionControls
"A session_controls block as documented below, which specifies the session controls that are enforced after sign-in."
fn spec.initProvider.sessionControls.withApplicationEnforcedRestrictionsEnabled
withApplicationEnforcedRestrictionsEnabled(applicationEnforcedRestrictionsEnabled)
"Whether application enforced restrictions are enabled. Defaults to false."
fn spec.initProvider.sessionControls.withCloudAppSecurityPolicy
withCloudAppSecurityPolicy(cloudAppSecurityPolicy)
"Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue."
fn spec.initProvider.sessionControls.withDisableResilienceDefaults
withDisableResilienceDefaults(disableResilienceDefaults)
"Disables resilience defaults. Defaults to false."
fn spec.initProvider.sessionControls.withPersistentBrowserMode
withPersistentBrowserMode(persistentBrowserMode)
"Session control to define whether to persist cookies. Possible values are: always or never."
fn spec.initProvider.sessionControls.withSignInFrequency
withSignInFrequency(signInFrequency)
"Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified."
fn spec.initProvider.sessionControls.withSignInFrequencyAuthenticationType
withSignInFrequencyAuthenticationType(signInFrequencyAuthenticationType)
"Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication."
fn spec.initProvider.sessionControls.withSignInFrequencyInterval
withSignInFrequencyInterval(signInFrequencyInterval)
"The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased."
fn spec.initProvider.sessionControls.withSignInFrequencyPeriod
withSignInFrequencyPeriod(signInFrequencyPeriod)
"The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified."
obj spec.providerConfigRef
"ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured."
fn spec.providerConfigRef.withName
withName(name)
"Name of the referenced object."
obj spec.providerConfigRef.policy
"Policies for referencing."
fn spec.providerConfigRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.providerConfigRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.writeConnectionSecretToRef
"WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource."
fn spec.writeConnectionSecretToRef.withName
withName(name)
"Name of the secret."
fn spec.writeConnectionSecretToRef.withNamespace
withNamespace(namespace)
"Namespace of the secret."