policies.v1beta1.groupRoleManagementPolicy
"GroupRoleManagementPolicy is the Schema for the GroupRoleManagementPolicys API."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withDeletionPolicy(deletionPolicy)fn withManagementPolicies(managementPolicies)fn withManagementPoliciesMixin(managementPolicies)obj spec.forProviderfn withGroupId(groupId)fn withRoleId(roleId)obj spec.forProvider.activationRulesfn withMaximumDuration(maximumDuration)fn withRequireApproval(requireApproval)fn withRequireJustification(requireJustification)fn withRequireMultifactorAuthentication(requireMultifactorAuthentication)fn withRequireTicketInfo(requireTicketInfo)fn withRequiredConditionalAccessAuthenticationContext(requiredConditionalAccessAuthenticationContext)obj spec.forProvider.activationRules.approvalStage
obj spec.forProvider.activeAssignmentRulesobj spec.forProvider.eligibleAssignmentRulesobj spec.forProvider.groupIdRefobj spec.forProvider.groupIdSelectorobj spec.forProvider.notificationRulesobj spec.forProvider.notificationRules.activeAssignmentsobj spec.forProvider.notificationRules.eligibleActivationsobj spec.forProvider.notificationRules.eligibleAssignments
obj spec.initProviderfn withGroupId(groupId)fn withRoleId(roleId)obj spec.initProvider.activationRulesfn withMaximumDuration(maximumDuration)fn withRequireApproval(requireApproval)fn withRequireJustification(requireJustification)fn withRequireMultifactorAuthentication(requireMultifactorAuthentication)fn withRequireTicketInfo(requireTicketInfo)fn withRequiredConditionalAccessAuthenticationContext(requiredConditionalAccessAuthenticationContext)obj spec.initProvider.activationRules.approvalStage
obj spec.initProvider.activeAssignmentRulesobj spec.initProvider.eligibleAssignmentRulesobj spec.initProvider.groupIdRefobj spec.initProvider.groupIdSelectorobj spec.initProvider.notificationRulesobj spec.initProvider.notificationRules.activeAssignmentsobj spec.initProvider.notificationRules.eligibleActivationsobj spec.initProvider.notificationRules.eligibleAssignments
obj spec.providerConfigRefobj spec.writeConnectionSecretToRef
Fields
fn new
new(name)
new returns an instance of GroupRoleManagementPolicy
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"GroupRoleManagementPolicySpec defines the desired state of GroupRoleManagementPolicy"
fn spec.withDeletionPolicy
withDeletionPolicy(deletionPolicy)
"DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223"
fn spec.withManagementPolicies
withManagementPolicies(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
fn spec.withManagementPoliciesMixin
withManagementPoliciesMixin(managementPolicies)
"THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md"
Note: This function appends passed data to existing values
obj spec.forProvider
fn spec.forProvider.withGroupId
withGroupId(groupId)
"The ID of the Azure AD group for which the policy applies.\nID of the group to which this policy is assigned"
fn spec.forProvider.withRoleId
withRoleId(roleId)
"The type of assignment this policy coveres. Can be either member or owner.\nThe ID of the role of this policy to the group"
obj spec.forProvider.activationRules
"An activation_rules block as defined below.\nThe activation rules of the policy"
fn spec.forProvider.activationRules.withMaximumDuration
withMaximumDuration(maximumDuration)
"The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.\nThe time after which the an activation can be valid for"
fn spec.forProvider.activationRules.withRequireApproval
withRequireApproval(requireApproval)
"Is approval required for activation. If true an approval_stage block must be provided.\nWhether an approval is required for activation"
fn spec.forProvider.activationRules.withRequireJustification
withRequireJustification(requireJustification)
"Is a justification required during activation of the role.\nWhether a justification is required during activation"
fn spec.forProvider.activationRules.withRequireMultifactorAuthentication
withRequireMultifactorAuthentication(requireMultifactorAuthentication)
"Is multi-factor authentication required to activate the role. Conflicts with required_conditional_access_authentication_context.\nWhether multi-factor authentication is required during activation"
fn spec.forProvider.activationRules.withRequireTicketInfo
withRequireTicketInfo(requireTicketInfo)
"Is ticket information requrired during activation of the role.\nWhether ticket information is required during activation"
fn spec.forProvider.activationRules.withRequiredConditionalAccessAuthenticationContext
withRequiredConditionalAccessAuthenticationContext(requiredConditionalAccessAuthenticationContext)
"The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with require_multifactor_authentication.\nWhether a conditional access context is required during activation"
obj spec.forProvider.activationRules.approvalStage
"An approval_stage block as defined below.\nThe approval stages for the activation"
fn spec.forProvider.activationRules.approvalStage.withPrimaryApprover
withPrimaryApprover(primaryApprover)
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
fn spec.forProvider.activationRules.approvalStage.withPrimaryApproverMixin
withPrimaryApproverMixin(primaryApprover)
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
Note: This function appends passed data to existing values
obj spec.forProvider.activationRules.approvalStage.primaryApprover
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
fn spec.forProvider.activationRules.approvalStage.primaryApprover.withObjectId
withObjectId(objectId)
"The ID of the object which will act as an approver.\nThe ID of the object to act as an approver"
fn spec.forProvider.activationRules.approvalStage.primaryApprover.withType
withType(type)
"The type of object acting as an approver. Possible options are singleUser and groupMembers.\nThe type of object acting as an approver"
obj spec.forProvider.activeAssignmentRules
"An active_assignment_rules block as defined below.\nThe rules for active assignment of the policy"
fn spec.forProvider.activeAssignmentRules.withExpirationRequired
withExpirationRequired(expirationRequired)
"Must an assignment have an expiry date. false allows permanent assignment.\nMust the assignment have an expiry date"
fn spec.forProvider.activeAssignmentRules.withExpireAfter
withExpireAfter(expireAfter)
"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.\nThe duration after which assignments expire"
fn spec.forProvider.activeAssignmentRules.withRequireJustification
withRequireJustification(requireJustification)
"Is a justification required to create new assignments.\nWhether a justification is required to make an assignment"
fn spec.forProvider.activeAssignmentRules.withRequireMultifactorAuthentication
withRequireMultifactorAuthentication(requireMultifactorAuthentication)
"Is multi-factor authentication required to create new assignments.\nWhether multi-factor authentication is required to make an assignment"
fn spec.forProvider.activeAssignmentRules.withRequireTicketInfo
withRequireTicketInfo(requireTicketInfo)
"Is ticket information required to create new assignments.\nWhether ticket information is required to make an assignment"
obj spec.forProvider.eligibleAssignmentRules
"An eligible_assignment_rules block as defined below.\nThe rules for eligible assignment of the policy"
fn spec.forProvider.eligibleAssignmentRules.withExpirationRequired
withExpirationRequired(expirationRequired)
"Must an assignment have an expiry date. false allows permanent assignment.\nMust the assignment have an expiry date"
fn spec.forProvider.eligibleAssignmentRules.withExpireAfter
withExpireAfter(expireAfter)
"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.\nThe duration after which assignments expire"
obj spec.forProvider.groupIdRef
"Reference to a Group in groups to populate groupId."
fn spec.forProvider.groupIdRef.withName
withName(name)
"Name of the referenced object."
obj spec.forProvider.groupIdRef.policy
"Policies for referencing."
fn spec.forProvider.groupIdRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.forProvider.groupIdRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.forProvider.groupIdSelector
"Selector for a Group in groups to populate groupId."
fn spec.forProvider.groupIdSelector.withMatchControllerRef
withMatchControllerRef(matchControllerRef)
"MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected."
fn spec.forProvider.groupIdSelector.withMatchLabels
withMatchLabels(matchLabels)
"MatchLabels ensures an object with matching labels is selected."
fn spec.forProvider.groupIdSelector.withMatchLabelsMixin
withMatchLabelsMixin(matchLabels)
"MatchLabels ensures an object with matching labels is selected."
Note: This function appends passed data to existing values
obj spec.forProvider.groupIdSelector.policy
"Policies for selection."
fn spec.forProvider.groupIdSelector.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.forProvider.groupIdSelector.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.forProvider.notificationRules
"A notification_rules block as defined below.\nThe notification rules of the policy"
obj spec.forProvider.notificationRules.activeAssignments
"A notification_target block as defined below to configure notfications on active role assignments.\nNotifications about active assignments"
obj spec.forProvider.notificationRules.activeAssignments.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.forProvider.notificationRules.activeAssignments.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.activeAssignments.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.activeAssignments.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.activeAssignments.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.activeAssignments.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.forProvider.notificationRules.activeAssignments.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.activeAssignments.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.activeAssignments.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.activeAssignments.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.activeAssignments.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.forProvider.notificationRules.activeAssignments.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.activeAssignments.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.activeAssignments.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.activeAssignments.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleActivations
"A notification_target block as defined below for configuring notifications on activation of eligible role.\nNotifications about activations of eligible assignments"
obj spec.forProvider.notificationRules.eligibleActivations.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.forProvider.notificationRules.eligibleActivations.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleActivations.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleActivations.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleActivations.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleActivations.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.forProvider.notificationRules.eligibleActivations.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleActivations.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleActivations.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleActivations.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleActivations.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.forProvider.notificationRules.eligibleActivations.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleActivations.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleActivations.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleActivations.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleAssignments
"A notification_target block as defined below to configure notification on eligible role assignments.\nNotifications about eligible assignments"
obj spec.forProvider.notificationRules.eligibleAssignments.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.forProvider.notificationRules.eligibleAssignments.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleAssignments.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleAssignments.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleAssignments.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleAssignments.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.forProvider.notificationRules.eligibleAssignments.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleAssignments.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleAssignments.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleAssignments.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.forProvider.notificationRules.eligibleAssignments.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.forProvider.notificationRules.eligibleAssignments.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.forProvider.notificationRules.eligibleAssignments.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.forProvider.notificationRules.eligibleAssignments.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.forProvider.notificationRules.eligibleAssignments.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider
"THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler."
fn spec.initProvider.withGroupId
withGroupId(groupId)
"The ID of the Azure AD group for which the policy applies.\nID of the group to which this policy is assigned"
fn spec.initProvider.withRoleId
withRoleId(roleId)
"The type of assignment this policy coveres. Can be either member or owner.\nThe ID of the role of this policy to the group"
obj spec.initProvider.activationRules
"An activation_rules block as defined below.\nThe activation rules of the policy"
fn spec.initProvider.activationRules.withMaximumDuration
withMaximumDuration(maximumDuration)
"The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.\nThe time after which the an activation can be valid for"
fn spec.initProvider.activationRules.withRequireApproval
withRequireApproval(requireApproval)
"Is approval required for activation. If true an approval_stage block must be provided.\nWhether an approval is required for activation"
fn spec.initProvider.activationRules.withRequireJustification
withRequireJustification(requireJustification)
"Is a justification required during activation of the role.\nWhether a justification is required during activation"
fn spec.initProvider.activationRules.withRequireMultifactorAuthentication
withRequireMultifactorAuthentication(requireMultifactorAuthentication)
"Is multi-factor authentication required to activate the role. Conflicts with required_conditional_access_authentication_context.\nWhether multi-factor authentication is required during activation"
fn spec.initProvider.activationRules.withRequireTicketInfo
withRequireTicketInfo(requireTicketInfo)
"Is ticket information requrired during activation of the role.\nWhether ticket information is required during activation"
fn spec.initProvider.activationRules.withRequiredConditionalAccessAuthenticationContext
withRequiredConditionalAccessAuthenticationContext(requiredConditionalAccessAuthenticationContext)
"The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with require_multifactor_authentication.\nWhether a conditional access context is required during activation"
obj spec.initProvider.activationRules.approvalStage
"An approval_stage block as defined below.\nThe approval stages for the activation"
fn spec.initProvider.activationRules.approvalStage.withPrimaryApprover
withPrimaryApprover(primaryApprover)
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
fn spec.initProvider.activationRules.approvalStage.withPrimaryApproverMixin
withPrimaryApproverMixin(primaryApprover)
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
Note: This function appends passed data to existing values
obj spec.initProvider.activationRules.approvalStage.primaryApprover
"blocks as defined below.\nThe IDs of the users or groups who can approve the activation"
fn spec.initProvider.activationRules.approvalStage.primaryApprover.withObjectId
withObjectId(objectId)
"The ID of the object which will act as an approver.\nThe ID of the object to act as an approver"
fn spec.initProvider.activationRules.approvalStage.primaryApprover.withType
withType(type)
"The type of object acting as an approver. Possible options are singleUser and groupMembers.\nThe type of object acting as an approver"
obj spec.initProvider.activeAssignmentRules
"An active_assignment_rules block as defined below.\nThe rules for active assignment of the policy"
fn spec.initProvider.activeAssignmentRules.withExpirationRequired
withExpirationRequired(expirationRequired)
"Must an assignment have an expiry date. false allows permanent assignment.\nMust the assignment have an expiry date"
fn spec.initProvider.activeAssignmentRules.withExpireAfter
withExpireAfter(expireAfter)
"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.\nThe duration after which assignments expire"
fn spec.initProvider.activeAssignmentRules.withRequireJustification
withRequireJustification(requireJustification)
"Is a justification required to create new assignments.\nWhether a justification is required to make an assignment"
fn spec.initProvider.activeAssignmentRules.withRequireMultifactorAuthentication
withRequireMultifactorAuthentication(requireMultifactorAuthentication)
"Is multi-factor authentication required to create new assignments.\nWhether multi-factor authentication is required to make an assignment"
fn spec.initProvider.activeAssignmentRules.withRequireTicketInfo
withRequireTicketInfo(requireTicketInfo)
"Is ticket information required to create new assignments.\nWhether ticket information is required to make an assignment"
obj spec.initProvider.eligibleAssignmentRules
"An eligible_assignment_rules block as defined below.\nThe rules for eligible assignment of the policy"
fn spec.initProvider.eligibleAssignmentRules.withExpirationRequired
withExpirationRequired(expirationRequired)
"Must an assignment have an expiry date. false allows permanent assignment.\nMust the assignment have an expiry date"
fn spec.initProvider.eligibleAssignmentRules.withExpireAfter
withExpireAfter(expireAfter)
"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.\nThe duration after which assignments expire"
obj spec.initProvider.groupIdRef
"Reference to a Group in groups to populate groupId."
fn spec.initProvider.groupIdRef.withName
withName(name)
"Name of the referenced object."
obj spec.initProvider.groupIdRef.policy
"Policies for referencing."
fn spec.initProvider.groupIdRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.initProvider.groupIdRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.initProvider.groupIdSelector
"Selector for a Group in groups to populate groupId."
fn spec.initProvider.groupIdSelector.withMatchControllerRef
withMatchControllerRef(matchControllerRef)
"MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected."
fn spec.initProvider.groupIdSelector.withMatchLabels
withMatchLabels(matchLabels)
"MatchLabels ensures an object with matching labels is selected."
fn spec.initProvider.groupIdSelector.withMatchLabelsMixin
withMatchLabelsMixin(matchLabels)
"MatchLabels ensures an object with matching labels is selected."
Note: This function appends passed data to existing values
obj spec.initProvider.groupIdSelector.policy
"Policies for selection."
fn spec.initProvider.groupIdSelector.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.initProvider.groupIdSelector.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.initProvider.notificationRules
"A notification_rules block as defined below.\nThe notification rules of the policy"
obj spec.initProvider.notificationRules.activeAssignments
"A notification_target block as defined below to configure notfications on active role assignments.\nNotifications about active assignments"
obj spec.initProvider.notificationRules.activeAssignments.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.initProvider.notificationRules.activeAssignments.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.activeAssignments.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.activeAssignments.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.activeAssignments.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.activeAssignments.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.initProvider.notificationRules.activeAssignments.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.activeAssignments.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.activeAssignments.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.activeAssignments.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.activeAssignments.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.initProvider.notificationRules.activeAssignments.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.activeAssignments.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.activeAssignments.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.activeAssignments.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleActivations
"A notification_target block as defined below for configuring notifications on activation of eligible role.\nNotifications about activations of eligible assignments"
obj spec.initProvider.notificationRules.eligibleActivations.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.initProvider.notificationRules.eligibleActivations.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleActivations.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleActivations.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleActivations.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleActivations.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.initProvider.notificationRules.eligibleActivations.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleActivations.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleActivations.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleActivations.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleActivations.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.initProvider.notificationRules.eligibleActivations.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleActivations.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleActivations.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleActivations.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleAssignments
"A notification_target block as defined below to configure notification on eligible role assignments.\nNotifications about eligible assignments"
obj spec.initProvider.notificationRules.eligibleAssignments.adminNotifications
"A notification_settings block as defined above.\nAdmin notification settings"
fn spec.initProvider.notificationRules.eligibleAssignments.adminNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleAssignments.adminNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleAssignments.adminNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleAssignments.adminNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleAssignments.approverNotifications
"A notification_settings block as defined above.\nApprover notification settings"
fn spec.initProvider.notificationRules.eligibleAssignments.approverNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleAssignments.approverNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleAssignments.approverNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleAssignments.approverNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.initProvider.notificationRules.eligibleAssignments.assigneeNotifications
"A notification_settings block as defined above.\nAssignee notification settings"
fn spec.initProvider.notificationRules.eligibleAssignments.assigneeNotifications.withAdditionalRecipients
withAdditionalRecipients(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
fn spec.initProvider.notificationRules.eligibleAssignments.assigneeNotifications.withAdditionalRecipientsMixin
withAdditionalRecipientsMixin(additionalRecipients)
"A list of additional email addresses that will receive these notifications.\nThe additional recipients to notify"
Note: This function appends passed data to existing values
fn spec.initProvider.notificationRules.eligibleAssignments.assigneeNotifications.withDefaultRecipients
withDefaultRecipients(defaultRecipients)
"Should the default recipients receive these notifications.\nWhether the default recipients are notified"
fn spec.initProvider.notificationRules.eligibleAssignments.assigneeNotifications.withNotificationLevel
withNotificationLevel(notificationLevel)
"What level of notifications should be sent. Options are All or Critical.\nWhat level of notifications are sent"
obj spec.providerConfigRef
"ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured."
fn spec.providerConfigRef.withName
withName(name)
"Name of the referenced object."
obj spec.providerConfigRef.policy
"Policies for referencing."
fn spec.providerConfigRef.policy.withResolution
withResolution(resolution)
"Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved."
fn spec.providerConfigRef.policy.withResolve
withResolve(resolve)
"Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile."
obj spec.writeConnectionSecretToRef
"WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource."
fn spec.writeConnectionSecretToRef.withName
withName(name)
"Name of the secret."
fn spec.writeConnectionSecretToRef.withNamespace
withNamespace(namespace)
"Namespace of the secret."