diff --git a/provider/cmd/pulumi-resource-azuread/schema.json b/provider/cmd/pulumi-resource-azuread/schema.json index 4cd5693b7..6faf579f3 100644 --- a/provider/cmd/pulumi-resource-azuread/schema.json +++ b/provider/cmd/pulumi-resource-azuread/schema.json @@ -876,6 +876,10 @@ "$ref": "#/types/azuread:index/ConditionalAccessPolicyConditionsDevices:ConditionalAccessPolicyConditionsDevices", "description": "A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created.\n" }, + "insiderRiskLevels": { + "type": "string", + "description": "The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`.\n" + }, "locations": { "$ref": "#/types/azuread:index/ConditionalAccessPolicyConditionsLocations:ConditionalAccessPolicyConditionsLocations", "description": "A `locations` block as documented below, which specifies locations included in and excluded from the policy.\n" @@ -915,7 +919,17 @@ "applications", "clientAppTypes", "users" - ] + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "applications", + "clientAppTypes", + "insiderRiskLevels", + "users" + ] + } + } }, "azuread:index/ConditionalAccessPolicyConditionsApplications:ConditionalAccessPolicyConditionsApplications": { "properties": { @@ -1179,7 +1193,7 @@ "properties": { "authenticationStrengthPolicyId": { "type": "string", - "description": "ID of an Authentication Strength Policy to use in this policy.\n" + "description": "ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`.\n" }, "builtInControls": { "type": "array", @@ -1849,6 +1863,10 @@ }, "description": "List of countries and/or regions in two-letter format specified by ISO 3166-2.\n" }, + "countryLookupMethod": { + "type": "string", + "description": "Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`.\n" + }, "includeUnknownCountriesAndRegions": { "type": "boolean", "description": "Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`.\n" @@ -2676,6 +2694,9 @@ "type": "string" } }, + "countryLookupMethod": { + "type": "string" + }, "includeUnknownCountriesAndRegions": { "type": "boolean" } @@ -2683,6 +2704,7 @@ "type": "object", "required": [ "countriesAndRegions", + "countryLookupMethod", "includeUnknownCountriesAndRegions" ], "language": { @@ -3723,7 +3745,7 @@ } }, "azuread:index/administrativeUnit:AdministrativeUnit": { - "description": "Manages an Administrative Unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AdministrativeUnit(\"example\", {\n displayName: \"Example-AU\",\n description: \"Just an example\",\n hiddenMembershipEnabled: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AdministrativeUnit(\"example\",\n display_name=\"Example-AU\",\n description=\"Just an example\",\n hidden_membership_enabled=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n Description = \"Just an example\",\n HiddenMembershipEnabled = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t\tDescription: pulumi.String(\"Just an example\"),\n\t\t\tHiddenMembershipEnabled: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AdministrativeUnit(\"example\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .description(\"Just an example\")\n .hiddenMembershipEnabled(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:AdministrativeUnit\n properties:\n displayName: Example-AU\n description: Just an example\n hiddenMembershipEnabled: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative units can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages an Administrative Unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AdministrativeUnit(\"example\", {\n displayName: \"Example-AU\",\n description: \"Just an example\",\n hiddenMembershipEnabled: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AdministrativeUnit(\"example\",\n display_name=\"Example-AU\",\n description=\"Just an example\",\n hidden_membership_enabled=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n Description = \"Just an example\",\n HiddenMembershipEnabled = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t\tDescription: pulumi.String(\"Just an example\"),\n\t\t\tHiddenMembershipEnabled: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AdministrativeUnit(\"example\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .description(\"Just an example\")\n .hiddenMembershipEnabled(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:AdministrativeUnit\n properties:\n displayName: Example-AU\n description: Just an example\n hiddenMembershipEnabled: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative units can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "description": { "type": "string", @@ -3821,7 +3843,7 @@ } }, "azuread:index/administrativeUnitMember:AdministrativeUnitMember": { - "description": "Manages a single administrative unit membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the `members` property of the `azuread.AdministrativeUnit` resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleAdministrativeUnitMember = new azuread.AdministrativeUnitMember(\"example\", {\n administrativeUnitObjectId: exampleAdministrativeUnit.id,\n memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_administrative_unit_member = azuread.AdministrativeUnitMember(\"example\",\n administrative_unit_object_id=example_administrative_unit.id,\n member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleAdministrativeUnit = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n });\n\n var exampleAdministrativeUnitMember = new AzureAD.AdministrativeUnitMember(\"example\", new()\n {\n AdministrativeUnitObjectId = exampleAdministrativeUnit.Id,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitMember(ctx, \"example\", \u0026azuread.AdministrativeUnitMemberArgs{\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ID(),\n\t\t\tMemberObjectId: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.AdministrativeUnitMember;\nimport com.pulumi.azuread.AdministrativeUnitMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .build());\n\n var exampleAdministrativeUnitMember = new AdministrativeUnitMember(\"exampleAdministrativeUnitMember\", AdministrativeUnitMemberArgs.builder()\n .administrativeUnitObjectId(exampleAdministrativeUnit.id())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleAdministrativeUnit:\n type: azuread:AdministrativeUnit\n name: example\n properties:\n displayName: Example-AU\n exampleAdministrativeUnitMember:\n type: azuread:AdministrativeUnitMember\n name: example\n properties:\n administrativeUnitObjectId: ${exampleAdministrativeUnit.id}\n memberObjectId: ${example.id}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`.\n\n", + "description": "Manages a single administrative unit membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the `members` property of the `azuread.AdministrativeUnit` resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleAdministrativeUnitMember = new azuread.AdministrativeUnitMember(\"example\", {\n administrativeUnitObjectId: exampleAdministrativeUnit.id,\n memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_administrative_unit_member = azuread.AdministrativeUnitMember(\"example\",\n administrative_unit_object_id=example_administrative_unit.id,\n member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleAdministrativeUnit = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n });\n\n var exampleAdministrativeUnitMember = new AzureAD.AdministrativeUnitMember(\"example\", new()\n {\n AdministrativeUnitObjectId = exampleAdministrativeUnit.Id,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitMember(ctx, \"example\", \u0026azuread.AdministrativeUnitMemberArgs{\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ID(),\n\t\t\tMemberObjectId: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.AdministrativeUnitMember;\nimport com.pulumi.azuread.AdministrativeUnitMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .build());\n\n var exampleAdministrativeUnitMember = new AdministrativeUnitMember(\"exampleAdministrativeUnitMember\", AdministrativeUnitMemberArgs.builder()\n .administrativeUnitObjectId(exampleAdministrativeUnit.id())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleAdministrativeUnit:\n type: azuread:AdministrativeUnit\n name: example\n properties:\n displayName: Example-AU\n exampleAdministrativeUnitMember:\n type: azuread:AdministrativeUnitMember\n name: example\n properties:\n administrativeUnitObjectId: ${exampleAdministrativeUnit.id}\n memberObjectId: ${example.id}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111\n```\n\n", "properties": { "administrativeUnitObjectId": { "type": "string", @@ -3862,7 +3884,7 @@ } }, "azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember": { - "description": "Manages a single directory role assignment scoped to an administrative unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` and `RoleManagement.ReadWrite.Directory`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Security administrator\"});\nconst exampleAdministrativeUnitRoleMember = new azuread.AdministrativeUnitRoleMember(\"example\", {\n roleObjectId: exampleDirectoryRole.objectId,\n administrativeUnitObjectId: exampleAdministrativeUnit.id,\n memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Security administrator\")\nexample_administrative_unit_role_member = azuread.AdministrativeUnitRoleMember(\"example\",\n role_object_id=example_directory_role.object_id,\n administrative_unit_object_id=example_administrative_unit.id,\n member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleAdministrativeUnit = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n });\n\n var exampleDirectoryRole = new AzureAD.DirectoryRole(\"example\", new()\n {\n DisplayName = \"Security administrator\",\n });\n\n var exampleAdministrativeUnitRoleMember = new AzureAD.AdministrativeUnitRoleMember(\"example\", new()\n {\n RoleObjectId = exampleDirectoryRole.ObjectId,\n AdministrativeUnitObjectId = exampleAdministrativeUnit.Id,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Security administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitRoleMember(ctx, \"example\", \u0026azuread.AdministrativeUnitRoleMemberArgs{\n\t\t\tRoleObjectId: exampleDirectoryRole.ObjectId,\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ID(),\n\t\t\tMemberObjectId: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.AdministrativeUnitRoleMember;\nimport com.pulumi.azuread.AdministrativeUnitRoleMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .build());\n\n var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n .displayName(\"Security administrator\")\n .build());\n\n var exampleAdministrativeUnitRoleMember = new AdministrativeUnitRoleMember(\"exampleAdministrativeUnitRoleMember\", AdministrativeUnitRoleMemberArgs.builder()\n .roleObjectId(exampleDirectoryRole.objectId())\n .administrativeUnitObjectId(exampleAdministrativeUnit.id())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleAdministrativeUnit:\n type: azuread:AdministrativeUnit\n name: example\n properties:\n displayName: Example-AU\n exampleDirectoryRole:\n type: azuread:DirectoryRole\n name: example\n properties:\n displayName: Security administrator\n exampleAdministrativeUnitRoleMember:\n type: azuread:AdministrativeUnitRoleMember\n name: example\n properties:\n roleObjectId: ${exampleDirectoryRole.objectId}\n administrativeUnitObjectId: ${exampleAdministrativeUnit.id}\n memberObjectId: ${example.id}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`.\n\n", + "description": "Manages a single directory role assignment scoped to an administrative unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` and `RoleManagement.ReadWrite.Directory`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Security administrator\"});\nconst exampleAdministrativeUnitRoleMember = new azuread.AdministrativeUnitRoleMember(\"example\", {\n roleObjectId: exampleDirectoryRole.objectId,\n administrativeUnitObjectId: exampleAdministrativeUnit.id,\n memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Security administrator\")\nexample_administrative_unit_role_member = azuread.AdministrativeUnitRoleMember(\"example\",\n role_object_id=example_directory_role.object_id,\n administrative_unit_object_id=example_administrative_unit.id,\n member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleAdministrativeUnit = new AzureAD.AdministrativeUnit(\"example\", new()\n {\n DisplayName = \"Example-AU\",\n });\n\n var exampleDirectoryRole = new AzureAD.DirectoryRole(\"example\", new()\n {\n DisplayName = \"Security administrator\",\n });\n\n var exampleAdministrativeUnitRoleMember = new AzureAD.AdministrativeUnitRoleMember(\"example\", new()\n {\n RoleObjectId = exampleDirectoryRole.ObjectId,\n AdministrativeUnitObjectId = exampleAdministrativeUnit.Id,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Security administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitRoleMember(ctx, \"example\", \u0026azuread.AdministrativeUnitRoleMemberArgs{\n\t\t\tRoleObjectId: exampleDirectoryRole.ObjectId,\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ID(),\n\t\t\tMemberObjectId: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.AdministrativeUnitRoleMember;\nimport com.pulumi.azuread.AdministrativeUnitRoleMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n .displayName(\"Example-AU\")\n .build());\n\n var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n .displayName(\"Security administrator\")\n .build());\n\n var exampleAdministrativeUnitRoleMember = new AdministrativeUnitRoleMember(\"exampleAdministrativeUnitRoleMember\", AdministrativeUnitRoleMemberArgs.builder()\n .roleObjectId(exampleDirectoryRole.objectId())\n .administrativeUnitObjectId(exampleAdministrativeUnit.id())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleAdministrativeUnit:\n type: azuread:AdministrativeUnit\n name: example\n properties:\n displayName: Example-AU\n exampleDirectoryRole:\n type: azuread:DirectoryRole\n name: example\n properties:\n displayName: Security administrator\n exampleAdministrativeUnitRoleMember:\n type: azuread:AdministrativeUnitRoleMember\n name: example\n properties:\n roleObjectId: ${exampleDirectoryRole.objectId}\n administrativeUnitObjectId: ${exampleAdministrativeUnit.id}\n memberObjectId: ${example.id}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example\n```\n\n/directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS\n\n", "properties": { "administrativeUnitObjectId": { "type": "string", @@ -3927,7 +3949,7 @@ } }, "azuread:index/appRoleAssignment:AppRoleAssignment": { - "description": "Manages an app role assignment for a group, user or service principal. Can be used to grant admin consent for application permissions.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AppRoleAssignment.ReadWrite.All` and `Application.Read.All`, or `AppRoleAssignment.ReadWrite.All` and `Directory.Read.All`, or `Application.ReadWrite.All`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*App role assignment for accessing Microsoft Graph*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n resourceAccesses: [\n {\n id: msgraph.appRoleIds[\"User.Read.All\"],\n type: \"Role\",\n },\n {\n id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n type: \"Scope\",\n },\n ],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n appRoleId: msgraph.appRoleIds[\"User.Read.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: msgraph.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n client_id=well_known.result[\"microsoftGraph\"],\n use_existing=True)\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n required_resource_accesses=[{\n \"resource_app_id\": well_known.result[\"microsoftGraph\"],\n \"resource_accesses\": [\n {\n \"id\": msgraph.app_role_ids[\"User.Read.All\"],\n \"type\": \"Role\",\n },\n {\n \"id\": msgraph.oauth2_permission_scope_ids[\"User.ReadWrite\"],\n \"type\": \"Scope\",\n },\n ],\n }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n app_role_id=msgraph.app_role_ids[\"User.Read.All\"],\n principal_object_id=example_service_principal.object_id,\n resource_object_id=msgraph.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n Type = \"Role\",\n },\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n Type = \"Scope\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"example\", new()\n {\n AppRoleId = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = msgraph.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: msgraph.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n .clientId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .useExisting(true)\n .build());\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .resourceAccesses( \n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .type(\"Role\")\n .build(),\n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.oauth2PermissionScopeIds().applyValue(oauth2PermissionScopeIds -\u003e oauth2PermissionScopeIds.User.ReadWrite()))\n .type(\"Scope\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n .appRoleId(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(msgraph.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n clientId: ${wellKnown.result.microsoftGraph}\n useExisting: true\n example:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${wellKnown.result.microsoftGraph}\n resourceAccesses:\n - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n type: Role\n - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n type: Scope\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n name: example\n properties:\n appRoleId: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${msgraph.objectId}\nvariables:\n wellKnown:\n fn::invoke:\n function: azuread:getApplicationPublishedAppIds\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*App role assignment for internal application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internal = new azuread.Application(\"internal\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\"Application\"],\n description: \"Apps can query the database\",\n displayName: \"Query\",\n enabled: true,\n id: \"00000000-0000-0000-0000-111111111111\",\n value: \"Query.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internal\", {clientId: internal.clientId});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: internal.clientId,\n resourceAccesses: [{\n id: internalServicePrincipal.appRoleIds[\"Query.All\"],\n type: \"Role\",\n }],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Query.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ninternal = azuread.Application(\"internal\",\n display_name=\"internal\",\n app_roles=[{\n \"allowed_member_types\": [\"Application\"],\n \"description\": \"Apps can query the database\",\n \"display_name\": \"Query\",\n \"enabled\": True,\n \"id\": \"00000000-0000-0000-0000-111111111111\",\n \"value\": \"Query.All\",\n }])\ninternal_service_principal = azuread.ServicePrincipal(\"internal\", client_id=internal.client_id)\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n required_resource_accesses=[{\n \"resource_app_id\": internal.client_id,\n \"resource_accesses\": [{\n \"id\": internal_service_principal.app_role_ids[\"Query.All\"],\n \"type\": \"Role\",\n }],\n }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n app_role_id=internal_service_principal.app_role_ids[\"Query.All\"],\n principal_object_id=example_service_principal.object_id,\n resource_object_id=internal_service_principal.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @internal = new AzureAD.Application(\"internal\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n },\n Description = \"Apps can query the database\",\n DisplayName = \"Query\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-111111111111\",\n Value = \"Query.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internal\", new()\n {\n ClientId = @internal.ClientId,\n });\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = @internal.ClientId,\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n Type = \"Role\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"example\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternal, err := azuread.NewApplication(ctx, \"internal\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: azuread.ApplicationAppRoleTypeArray{\n\t\t\t\t\u0026azuread.ApplicationAppRoleTypeArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Apps can query the database\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Query\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-111111111111\"),\n\t\t\t\t\tValue: pulumi.String(\"Query.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: internal.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: internal.ClientId,\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internal = new Application(\"internal\", ApplicationArgs.builder()\n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes(\"Application\")\n .description(\"Apps can query the database\")\n .displayName(\"Query\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-111111111111\")\n .value(\"Query.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(internal.clientId())\n .build());\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(internal.clientId())\n .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .type(\"Role\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internal:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n description: Apps can query the database\n displayName: Query\n enabled: true\n id: 00000000-0000-0000-0000-111111111111\n value: Query.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n name: internal\n properties:\n clientId: ${internal.clientId}\n example:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${internal.clientId}\n resourceAccesses:\n - id: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n type: Role\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n name: example\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Assign a user and group to an internal application*\n\n## Import\n\nApp role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g.\n\n```sh\n$ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`.\n\n", + "description": "Manages an app role assignment for a group, user or service principal. Can be used to grant admin consent for application permissions.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AppRoleAssignment.ReadWrite.All` and `Application.Read.All`, or `AppRoleAssignment.ReadWrite.All` and `Directory.Read.All`, or `Application.ReadWrite.All`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*App role assignment for accessing Microsoft Graph*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n resourceAccesses: [\n {\n id: msgraph.appRoleIds[\"User.Read.All\"],\n type: \"Role\",\n },\n {\n id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n type: \"Scope\",\n },\n ],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n appRoleId: msgraph.appRoleIds[\"User.Read.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: msgraph.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n client_id=well_known.result[\"microsoftGraph\"],\n use_existing=True)\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n required_resource_accesses=[{\n \"resource_app_id\": well_known.result[\"microsoftGraph\"],\n \"resource_accesses\": [\n {\n \"id\": msgraph.app_role_ids[\"User.Read.All\"],\n \"type\": \"Role\",\n },\n {\n \"id\": msgraph.oauth2_permission_scope_ids[\"User.ReadWrite\"],\n \"type\": \"Scope\",\n },\n ],\n }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n app_role_id=msgraph.app_role_ids[\"User.Read.All\"],\n principal_object_id=example_service_principal.object_id,\n resource_object_id=msgraph.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n Type = \"Role\",\n },\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n Type = \"Scope\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"example\", new()\n {\n AppRoleId = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = msgraph.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: msgraph.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n .clientId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .useExisting(true)\n .build());\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .resourceAccesses( \n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .type(\"Role\")\n .build(),\n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.oauth2PermissionScopeIds().applyValue(oauth2PermissionScopeIds -\u003e oauth2PermissionScopeIds.User.ReadWrite()))\n .type(\"Scope\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n .appRoleId(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(msgraph.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n clientId: ${wellKnown.result.microsoftGraph}\n useExisting: true\n example:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${wellKnown.result.microsoftGraph}\n resourceAccesses:\n - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n type: Role\n - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n type: Scope\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n name: example\n properties:\n appRoleId: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${msgraph.objectId}\nvariables:\n wellKnown:\n fn::invoke:\n function: azuread:getApplicationPublishedAppIds\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*App role assignment for internal application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internal = new azuread.Application(\"internal\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\"Application\"],\n description: \"Apps can query the database\",\n displayName: \"Query\",\n enabled: true,\n id: \"00000000-0000-0000-0000-111111111111\",\n value: \"Query.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internal\", {clientId: internal.clientId});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: internal.clientId,\n resourceAccesses: [{\n id: internalServicePrincipal.appRoleIds[\"Query.All\"],\n type: \"Role\",\n }],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Query.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ninternal = azuread.Application(\"internal\",\n display_name=\"internal\",\n app_roles=[{\n \"allowed_member_types\": [\"Application\"],\n \"description\": \"Apps can query the database\",\n \"display_name\": \"Query\",\n \"enabled\": True,\n \"id\": \"00000000-0000-0000-0000-111111111111\",\n \"value\": \"Query.All\",\n }])\ninternal_service_principal = azuread.ServicePrincipal(\"internal\", client_id=internal.client_id)\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n required_resource_accesses=[{\n \"resource_app_id\": internal.client_id,\n \"resource_accesses\": [{\n \"id\": internal_service_principal.app_role_ids[\"Query.All\"],\n \"type\": \"Role\",\n }],\n }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n app_role_id=internal_service_principal.app_role_ids[\"Query.All\"],\n principal_object_id=example_service_principal.object_id,\n resource_object_id=internal_service_principal.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @internal = new AzureAD.Application(\"internal\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n },\n Description = \"Apps can query the database\",\n DisplayName = \"Query\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-111111111111\",\n Value = \"Query.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internal\", new()\n {\n ClientId = @internal.ClientId,\n });\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = @internal.ClientId,\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n Type = \"Role\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"example\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternal, err := azuread.NewApplication(ctx, \"internal\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: azuread.ApplicationAppRoleTypeArray{\n\t\t\t\t\u0026azuread.ApplicationAppRoleTypeArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Apps can query the database\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Query\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-111111111111\"),\n\t\t\t\t\tValue: pulumi.String(\"Query.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: internal.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: internal.ClientId,\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internal = new Application(\"internal\", ApplicationArgs.builder()\n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes(\"Application\")\n .description(\"Apps can query the database\")\n .displayName(\"Query\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-111111111111\")\n .value(\"Query.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(internal.clientId())\n .build());\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(internal.clientId())\n .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .type(\"Role\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internal:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n description: Apps can query the database\n displayName: Query\n enabled: true\n id: 00000000-0000-0000-0000-111111111111\n value: Query.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n name: internal\n properties:\n clientId: ${internal.clientId}\n example:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${internal.clientId}\n resourceAccesses:\n - id: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n type: Role\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n name: example\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Assign a user and group to an internal application*\n\n## Import\n\nApp role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g.\n\n```sh\n$ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`.\n\n", "properties": { "appRoleId": { "type": "string", @@ -4198,7 +4220,6 @@ "logoUrl", "oauth2PermissionScopeIds", "objectId", - "password", "publisherDomain", "tags", "templateId" @@ -5114,7 +5135,7 @@ } }, "azuread:index/applicationIdentifierUri:ApplicationIdentifierUri": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {\n applicationId: example.id,\n identifierUri: \"https://app.hashitown.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\",\n application_id=example.id,\n identifier_uri=\"https://app.hashitown.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var exampleApplicationIdentifierUri = new AzureAD.ApplicationIdentifierUri(\"example\", new()\n {\n ApplicationId = example.Id,\n IdentifierUri = \"https://app.hashitown.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tIdentifierUri: pulumi.String(\"https://app.hashitown.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n .applicationId(example.id())\n .identifierUri(\"https://app.hashitown.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n exampleApplicationIdentifierUri:\n type: azuread:ApplicationIdentifierUri\n name: example\n properties:\n applicationId: ${example.id}\n identifierUri: https://app.hashitown.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing multiple identifier URIs for the same application, create another instance of this resource\n\n*Usage with azuread.Application resource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var exampleApplicationIdentifierUri = new AzureAD.ApplicationIdentifierUri(\"example\", new()\n {\n ApplicationId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n .applicationId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n exampleApplicationIdentifierUri:\n type: azuread:ApplicationIdentifierUri\n name: example\n properties:\n applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Identifier URIs can be imported using the object ID of the application and the base64-encoded identifier URI, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationIdentifierUri:ApplicationIdentifierUri example /applications/00000000-0000-0000-0000-000000000000/identifierUris/aHR0cHM6Ly9leGFtcGxlLm5ldC8=\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {\n applicationId: example.id,\n identifierUri: \"https://app.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\",\n application_id=example.id,\n identifier_uri=\"https://app.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var exampleApplicationIdentifierUri = new AzureAD.ApplicationIdentifierUri(\"example\", new()\n {\n ApplicationId = example.Id,\n IdentifierUri = \"https://app.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tIdentifierUri: pulumi.String(\"https://app.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n .applicationId(example.id())\n .identifierUri(\"https://app.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n exampleApplicationIdentifierUri:\n type: azuread:ApplicationIdentifierUri\n name: example\n properties:\n applicationId: ${example.id}\n identifierUri: https://app.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing multiple identifier URIs for the same application, create another instance of this resource\n\n*Usage with azuread.Application resource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var exampleApplicationIdentifierUri = new AzureAD.ApplicationIdentifierUri(\"example\", new()\n {\n ApplicationId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n .applicationId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n exampleApplicationIdentifierUri:\n type: azuread:ApplicationIdentifierUri\n name: example\n properties:\n applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Identifier URIs can be imported using the object ID of the application and the base64-encoded identifier URI, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationIdentifierUri:ApplicationIdentifierUri example /applications/00000000-0000-0000-0000-000000000000/identifierUris/aHR0cHM6Ly9leGFtcGxlLm5ldC8=\n```\n\n", "properties": { "applicationId": { "type": "string", @@ -5315,7 +5336,7 @@ } }, "azuread:index/applicationOwner:ApplicationOwner": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst jane = new azuread.User(\"jane\", {\n userPrincipalName: \"jane.fischer@hashitown.com\",\n displayName: \"Jane Fischer\",\n password: \"Ch@ngeMe\",\n});\nconst exampleJane = new azuread.ApplicationOwner(\"example_jane\", {\n applicationId: example.id,\n ownerObjectId: jane.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\njane = azuread.User(\"jane\",\n user_principal_name=\"jane.fischer@hashitown.com\",\n display_name=\"Jane Fischer\",\n password=\"Ch@ngeMe\")\nexample_jane = azuread.ApplicationOwner(\"example_jane\",\n application_id=example.id,\n owner_object_id=jane.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var jane = new AzureAD.User(\"jane\", new()\n {\n UserPrincipalName = \"jane.fischer@hashitown.com\",\n DisplayName = \"Jane Fischer\",\n Password = \"Ch@ngeMe\",\n });\n\n var exampleJane = new AzureAD.ApplicationOwner(\"example_jane\", new()\n {\n ApplicationId = example.Id,\n OwnerObjectId = jane.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjane, err := azuread.NewUser(ctx, \"jane\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jane.fischer@hashitown.com\"),\n\t\t\tDisplayName: pulumi.String(\"Jane Fischer\"),\n\t\t\tPassword: pulumi.String(\"Ch@ngeMe\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationOwner(ctx, \"example_jane\", \u0026azuread.ApplicationOwnerArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tOwnerObjectId: jane.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.ApplicationOwner;\nimport com.pulumi.azuread.ApplicationOwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var jane = new User(\"jane\", UserArgs.builder()\n .userPrincipalName(\"jane.fischer@hashitown.com\")\n .displayName(\"Jane Fischer\")\n .password(\"Ch@ngeMe\")\n .build());\n\n var exampleJane = new ApplicationOwner(\"exampleJane\", ApplicationOwnerArgs.builder()\n .applicationId(example.id())\n .ownerObjectId(jane.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n jane:\n type: azuread:User\n properties:\n userPrincipalName: jane.fischer@hashitown.com\n displayName: Jane Fischer\n password: Ch@ngeMe\n exampleJane:\n type: azuread:ApplicationOwner\n name: example_jane\n properties:\n applicationId: ${example.id}\n ownerObjectId: ${jane.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing more application owners, create additional instances of this resource\n\n## Import\n\nApplication Owners can be imported using the object ID of the application and the object ID of the owner, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationOwner:ApplicationOwner example /applications/00000000-0000-0000-0000-000000000000/owners/11111111-1111-1111-1111-111111111111\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst jane = new azuread.User(\"jane\", {\n userPrincipalName: \"jane.fischer@example.com\",\n displayName: \"Jane Fischer\",\n password: \"Ch@ngeMe\",\n});\nconst exampleJane = new azuread.ApplicationOwner(\"example_jane\", {\n applicationId: example.id,\n ownerObjectId: jane.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\njane = azuread.User(\"jane\",\n user_principal_name=\"jane.fischer@example.com\",\n display_name=\"Jane Fischer\",\n password=\"Ch@ngeMe\")\nexample_jane = azuread.ApplicationOwner(\"example_jane\",\n application_id=example.id,\n owner_object_id=jane.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var jane = new AzureAD.User(\"jane\", new()\n {\n UserPrincipalName = \"jane.fischer@example.com\",\n DisplayName = \"Jane Fischer\",\n Password = \"Ch@ngeMe\",\n });\n\n var exampleJane = new AzureAD.ApplicationOwner(\"example_jane\", new()\n {\n ApplicationId = example.Id,\n OwnerObjectId = jane.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjane, err := azuread.NewUser(ctx, \"jane\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jane.fischer@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"Jane Fischer\"),\n\t\t\tPassword: pulumi.String(\"Ch@ngeMe\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationOwner(ctx, \"example_jane\", \u0026azuread.ApplicationOwnerArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tOwnerObjectId: jane.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.ApplicationOwner;\nimport com.pulumi.azuread.ApplicationOwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var jane = new User(\"jane\", UserArgs.builder()\n .userPrincipalName(\"jane.fischer@example.com\")\n .displayName(\"Jane Fischer\")\n .password(\"Ch@ngeMe\")\n .build());\n\n var exampleJane = new ApplicationOwner(\"exampleJane\", ApplicationOwnerArgs.builder()\n .applicationId(example.id())\n .ownerObjectId(jane.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n jane:\n type: azuread:User\n properties:\n userPrincipalName: jane.fischer@example.com\n displayName: Jane Fischer\n password: Ch@ngeMe\n exampleJane:\n type: azuread:ApplicationOwner\n name: example_jane\n properties:\n applicationId: ${example.id}\n ownerObjectId: ${jane.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing more application owners, create additional instances of this resource\n\n## Import\n\nApplication Owners can be imported using the object ID of the application and the object ID of the owner, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationOwner:ApplicationOwner example /applications/00000000-0000-0000-0000-000000000000/owners/11111111-1111-1111-1111-111111111111\n```\n\n", "properties": { "applicationId": { "type": "string", @@ -5701,7 +5722,7 @@ } }, "azuread:index/applicationRedirectUris:ApplicationRedirectUris": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst examplePublic = new azuread.ApplicationRedirectUris(\"example_public\", {\n applicationId: example.id,\n type: \"PublicClient\",\n redirectUris: [\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n ],\n});\nconst exampleSpa = new azuread.ApplicationRedirectUris(\"example_spa\", {\n applicationId: example.id,\n type: \"SPA\",\n redirectUris: [\n \"https://mobile.hashitown.com/\",\n \"https://beta.hashitown.com/\",\n ],\n});\nconst exampleWeb = new azuread.ApplicationRedirectUris(\"example_web\", {\n applicationId: example.id,\n type: \"Web\",\n redirectUris: [\n \"https://app.hashitown.com/\",\n \"https://classic.hashitown.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_public = azuread.ApplicationRedirectUris(\"example_public\",\n application_id=example.id,\n type=\"PublicClient\",\n redirect_uris=[\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n ])\nexample_spa = azuread.ApplicationRedirectUris(\"example_spa\",\n application_id=example.id,\n type=\"SPA\",\n redirect_uris=[\n \"https://mobile.hashitown.com/\",\n \"https://beta.hashitown.com/\",\n ])\nexample_web = azuread.ApplicationRedirectUris(\"example_web\",\n application_id=example.id,\n type=\"Web\",\n redirect_uris=[\n \"https://app.hashitown.com/\",\n \"https://classic.hashitown.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var examplePublic = new AzureAD.ApplicationRedirectUris(\"example_public\", new()\n {\n ApplicationId = example.Id,\n Type = \"PublicClient\",\n RedirectUris = new[]\n {\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n },\n });\n\n var exampleSpa = new AzureAD.ApplicationRedirectUris(\"example_spa\", new()\n {\n ApplicationId = example.Id,\n Type = \"SPA\",\n RedirectUris = new[]\n {\n \"https://mobile.hashitown.com/\",\n \"https://beta.hashitown.com/\",\n },\n });\n\n var exampleWeb = new AzureAD.ApplicationRedirectUris(\"example_web\", new()\n {\n ApplicationId = example.Id,\n Type = \"Web\",\n RedirectUris = new[]\n {\n \"https://app.hashitown.com/\",\n \"https://classic.hashitown.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_public\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"PublicClient\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"myapp://auth\"),\n\t\t\t\tpulumi.String(\"sample.mobile.app.bundie.id://auth\"),\n\t\t\t\tpulumi.String(\"https://login.microsoftonline.com/common/oauth2/nativeclient\"),\n\t\t\t\tpulumi.String(\"https://login.live.com/oauth20_desktop.srf\"),\n\t\t\t\tpulumi.String(\"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_spa\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"SPA\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://mobile.hashitown.com/\"),\n\t\t\t\tpulumi.String(\"https://beta.hashitown.com/\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_web\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"Web\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://app.hashitown.com/\"),\n\t\t\t\tpulumi.String(\"https://classic.hashitown.com/\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:oob\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationRedirectUris;\nimport com.pulumi.azuread.ApplicationRedirectUrisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var examplePublic = new ApplicationRedirectUris(\"examplePublic\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"PublicClient\")\n .redirectUris( \n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\")\n .build());\n\n var exampleSpa = new ApplicationRedirectUris(\"exampleSpa\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"SPA\")\n .redirectUris( \n \"https://mobile.hashitown.com/\",\n \"https://beta.hashitown.com/\")\n .build());\n\n var exampleWeb = new ApplicationRedirectUris(\"exampleWeb\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"Web\")\n .redirectUris( \n \"https://app.hashitown.com/\",\n \"https://classic.hashitown.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n examplePublic:\n type: azuread:ApplicationRedirectUris\n name: example_public\n properties:\n applicationId: ${example.id}\n type: PublicClient\n redirectUris:\n - myapp://auth\n - sample.mobile.app.bundie.id://auth\n - https://login.microsoftonline.com/common/oauth2/nativeclient\n - https://login.live.com/oauth20_desktop.srf\n - ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\n - urn:ietf:wg:oauth:2.0:foo\n exampleSpa:\n type: azuread:ApplicationRedirectUris\n name: example_spa\n properties:\n applicationId: ${example.id}\n type: SPA\n redirectUris:\n - https://mobile.hashitown.com/\n - https://beta.hashitown.com/\n exampleWeb:\n type: azuread:ApplicationRedirectUris\n name: example_web\n properties:\n applicationId: ${example.id}\n type: Web\n redirectUris:\n - https://app.hashitown.com/\n - https://classic.hashitown.com/\n - urn:ietf:wg:oauth:2.0:oob\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication API Access can be imported using the object ID of the application and the URI type, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRedirectUris:ApplicationRedirectUris example /applications/00000000-0000-0000-0000-000000000000/redirectUris/Web\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst examplePublic = new azuread.ApplicationRedirectUris(\"example_public\", {\n applicationId: example.id,\n type: \"PublicClient\",\n redirectUris: [\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n ],\n});\nconst exampleSpa = new azuread.ApplicationRedirectUris(\"example_spa\", {\n applicationId: example.id,\n type: \"SPA\",\n redirectUris: [\n \"https://mobile.example.com/\",\n \"https://beta.example.com/\",\n ],\n});\nconst exampleWeb = new azuread.ApplicationRedirectUris(\"example_web\", {\n applicationId: example.id,\n type: \"Web\",\n redirectUris: [\n \"https://app.example.com/\",\n \"https://classic.example.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_public = azuread.ApplicationRedirectUris(\"example_public\",\n application_id=example.id,\n type=\"PublicClient\",\n redirect_uris=[\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n ])\nexample_spa = azuread.ApplicationRedirectUris(\"example_spa\",\n application_id=example.id,\n type=\"SPA\",\n redirect_uris=[\n \"https://mobile.example.com/\",\n \"https://beta.example.com/\",\n ])\nexample_web = azuread.ApplicationRedirectUris(\"example_web\",\n application_id=example.id,\n type=\"Web\",\n redirect_uris=[\n \"https://app.example.com/\",\n \"https://classic.example.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"example\",\n });\n\n var examplePublic = new AzureAD.ApplicationRedirectUris(\"example_public\", new()\n {\n ApplicationId = example.Id,\n Type = \"PublicClient\",\n RedirectUris = new[]\n {\n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\",\n },\n });\n\n var exampleSpa = new AzureAD.ApplicationRedirectUris(\"example_spa\", new()\n {\n ApplicationId = example.Id,\n Type = \"SPA\",\n RedirectUris = new[]\n {\n \"https://mobile.example.com/\",\n \"https://beta.example.com/\",\n },\n });\n\n var exampleWeb = new AzureAD.ApplicationRedirectUris(\"example_web\", new()\n {\n ApplicationId = example.Id,\n Type = \"Web\",\n RedirectUris = new[]\n {\n \"https://app.example.com/\",\n \"https://classic.example.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_public\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"PublicClient\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"myapp://auth\"),\n\t\t\t\tpulumi.String(\"sample.mobile.app.bundie.id://auth\"),\n\t\t\t\tpulumi.String(\"https://login.microsoftonline.com/common/oauth2/nativeclient\"),\n\t\t\t\tpulumi.String(\"https://login.live.com/oauth20_desktop.srf\"),\n\t\t\t\tpulumi.String(\"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_spa\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"SPA\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://mobile.example.com/\"),\n\t\t\t\tpulumi.String(\"https://beta.example.com/\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_web\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType: pulumi.String(\"Web\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://app.example.com/\"),\n\t\t\t\tpulumi.String(\"https://classic.example.com/\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:oob\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationRedirectUris;\nimport com.pulumi.azuread.ApplicationRedirectUrisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"example\")\n .build());\n\n var examplePublic = new ApplicationRedirectUris(\"examplePublic\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"PublicClient\")\n .redirectUris( \n \"myapp://auth\",\n \"sample.mobile.app.bundie.id://auth\",\n \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n \"https://login.live.com/oauth20_desktop.srf\",\n \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n \"urn:ietf:wg:oauth:2.0:foo\")\n .build());\n\n var exampleSpa = new ApplicationRedirectUris(\"exampleSpa\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"SPA\")\n .redirectUris( \n \"https://mobile.example.com/\",\n \"https://beta.example.com/\")\n .build());\n\n var exampleWeb = new ApplicationRedirectUris(\"exampleWeb\", ApplicationRedirectUrisArgs.builder()\n .applicationId(example.id())\n .type(\"Web\")\n .redirectUris( \n \"https://app.example.com/\",\n \"https://classic.example.com/\",\n \"urn:ietf:wg:oauth:2.0:oob\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: example\n examplePublic:\n type: azuread:ApplicationRedirectUris\n name: example_public\n properties:\n applicationId: ${example.id}\n type: PublicClient\n redirectUris:\n - myapp://auth\n - sample.mobile.app.bundie.id://auth\n - https://login.microsoftonline.com/common/oauth2/nativeclient\n - https://login.live.com/oauth20_desktop.srf\n - ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\n - urn:ietf:wg:oauth:2.0:foo\n exampleSpa:\n type: azuread:ApplicationRedirectUris\n name: example_spa\n properties:\n applicationId: ${example.id}\n type: SPA\n redirectUris:\n - https://mobile.example.com/\n - https://beta.example.com/\n exampleWeb:\n type: azuread:ApplicationRedirectUris\n name: example_web\n properties:\n applicationId: ${example.id}\n type: Web\n redirectUris:\n - https://app.example.com/\n - https://classic.example.com/\n - urn:ietf:wg:oauth:2.0:oob\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication API Access can be imported using the object ID of the application and the URI type, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRedirectUris:ApplicationRedirectUris example /applications/00000000-0000-0000-0000-000000000000/redirectUris/Web\n```\n\n", "properties": { "applicationId": { "type": "string", @@ -5773,7 +5794,7 @@ } }, "azuread:index/applicationRegistration:ApplicationRegistration": { - "description": "Manages an application registration within Azure Active Directory.\n\nFor a more comprehensive alternative, please see the azuread.Application resource. Please note that this resource should not be used together with the `azuread.Application` resource when managing the same application.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {\n displayName: \"Example Application\",\n description: \"My example application\",\n signInAudience: \"AzureADMyOrg\",\n homepageUrl: \"https://app.hashitown.com/\",\n logoutUrl: \"https://app.hashitown.com/logout\",\n marketingUrl: \"https://hashitown.com/\",\n privacyStatementUrl: \"https://hashitown.com/privacy\",\n supportUrl: \"https://support.hashitown.com/\",\n termsOfServiceUrl: \"https://hashitown.com/terms\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\",\n display_name=\"Example Application\",\n description=\"My example application\",\n sign_in_audience=\"AzureADMyOrg\",\n homepage_url=\"https://app.hashitown.com/\",\n logout_url=\"https://app.hashitown.com/logout\",\n marketing_url=\"https://hashitown.com/\",\n privacy_statement_url=\"https://hashitown.com/privacy\",\n support_url=\"https://support.hashitown.com/\",\n terms_of_service_url=\"https://hashitown.com/terms\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"Example Application\",\n Description = \"My example application\",\n SignInAudience = \"AzureADMyOrg\",\n HomepageUrl = \"https://app.hashitown.com/\",\n LogoutUrl = \"https://app.hashitown.com/logout\",\n MarketingUrl = \"https://hashitown.com/\",\n PrivacyStatementUrl = \"https://hashitown.com/privacy\",\n SupportUrl = \"https://support.hashitown.com/\",\n TermsOfServiceUrl = \"https://hashitown.com/terms\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Application\"),\n\t\t\tDescription: pulumi.String(\"My example application\"),\n\t\t\tSignInAudience: pulumi.String(\"AzureADMyOrg\"),\n\t\t\tHomepageUrl: pulumi.String(\"https://app.hashitown.com/\"),\n\t\t\tLogoutUrl: pulumi.String(\"https://app.hashitown.com/logout\"),\n\t\t\tMarketingUrl: pulumi.String(\"https://hashitown.com/\"),\n\t\t\tPrivacyStatementUrl: pulumi.String(\"https://hashitown.com/privacy\"),\n\t\t\tSupportUrl: pulumi.String(\"https://support.hashitown.com/\"),\n\t\t\tTermsOfServiceUrl: pulumi.String(\"https://hashitown.com/terms\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"Example Application\")\n .description(\"My example application\")\n .signInAudience(\"AzureADMyOrg\")\n .homepageUrl(\"https://app.hashitown.com/\")\n .logoutUrl(\"https://app.hashitown.com/logout\")\n .marketingUrl(\"https://hashitown.com/\")\n .privacyStatementUrl(\"https://hashitown.com/privacy\")\n .supportUrl(\"https://support.hashitown.com/\")\n .termsOfServiceUrl(\"https://hashitown.com/terms\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: Example Application\n description: My example application\n signInAudience: AzureADMyOrg\n homepageUrl: https://app.hashitown.com/\n logoutUrl: https://app.hashitown.com/logout\n marketingUrl: https://hashitown.com/\n privacyStatementUrl: https://hashitown.com/privacy\n supportUrl: https://support.hashitown.com/\n termsOfServiceUrl: https://hashitown.com/terms\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Registrations can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRegistration:ApplicationRegistration example /applications/00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages an application registration within Azure Active Directory.\n\nFor a more comprehensive alternative, please see the azuread.Application resource. Please note that this resource should not be used together with the `azuread.Application` resource when managing the same application.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {\n displayName: \"Example Application\",\n description: \"My example application\",\n signInAudience: \"AzureADMyOrg\",\n homepageUrl: \"https://app.example.com/\",\n logoutUrl: \"https://app.example.com/logout\",\n marketingUrl: \"https://example.com/\",\n privacyStatementUrl: \"https://example.com/privacy\",\n supportUrl: \"https://support.example.com/\",\n termsOfServiceUrl: \"https://example.com/terms\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\",\n display_name=\"Example Application\",\n description=\"My example application\",\n sign_in_audience=\"AzureADMyOrg\",\n homepage_url=\"https://app.example.com/\",\n logout_url=\"https://app.example.com/logout\",\n marketing_url=\"https://example.com/\",\n privacy_statement_url=\"https://example.com/privacy\",\n support_url=\"https://support.example.com/\",\n terms_of_service_url=\"https://example.com/terms\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ApplicationRegistration(\"example\", new()\n {\n DisplayName = \"Example Application\",\n Description = \"My example application\",\n SignInAudience = \"AzureADMyOrg\",\n HomepageUrl = \"https://app.example.com/\",\n LogoutUrl = \"https://app.example.com/logout\",\n MarketingUrl = \"https://example.com/\",\n PrivacyStatementUrl = \"https://example.com/privacy\",\n SupportUrl = \"https://support.example.com/\",\n TermsOfServiceUrl = \"https://example.com/terms\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Application\"),\n\t\t\tDescription: pulumi.String(\"My example application\"),\n\t\t\tSignInAudience: pulumi.String(\"AzureADMyOrg\"),\n\t\t\tHomepageUrl: pulumi.String(\"https://app.example.com/\"),\n\t\t\tLogoutUrl: pulumi.String(\"https://app.example.com/logout\"),\n\t\t\tMarketingUrl: pulumi.String(\"https://example.com/\"),\n\t\t\tPrivacyStatementUrl: pulumi.String(\"https://example.com/privacy\"),\n\t\t\tSupportUrl: pulumi.String(\"https://support.example.com/\"),\n\t\t\tTermsOfServiceUrl: pulumi.String(\"https://example.com/terms\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n .displayName(\"Example Application\")\n .description(\"My example application\")\n .signInAudience(\"AzureADMyOrg\")\n .homepageUrl(\"https://app.example.com/\")\n .logoutUrl(\"https://app.example.com/logout\")\n .marketingUrl(\"https://example.com/\")\n .privacyStatementUrl(\"https://example.com/privacy\")\n .supportUrl(\"https://support.example.com/\")\n .termsOfServiceUrl(\"https://example.com/terms\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ApplicationRegistration\n properties:\n displayName: Example Application\n description: My example application\n signInAudience: AzureADMyOrg\n homepageUrl: https://app.example.com/\n logoutUrl: https://app.example.com/logout\n marketingUrl: https://example.com/\n privacyStatementUrl: https://example.com/privacy\n supportUrl: https://support.example.com/\n termsOfServiceUrl: https://example.com/terms\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Registrations can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRegistration:ApplicationRegistration example /applications/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "clientId": { "type": "string", @@ -6017,7 +6038,7 @@ } }, "azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy": { - "description": "Manages a Authentication Strength Policy within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AuthenticationStrengthPolicy(\"example\", {\n displayName: \"Example Authentication Strength Policy\",\n description: \"Policy for demo purposes\",\n allowedCombinations: [\n \"fido2\",\n \"password\",\n ],\n});\nconst example2 = new azuread.AuthenticationStrengthPolicy(\"example2\", {\n displayName: \"Example Authentication Strength Policy\",\n description: \"Policy for demo purposes with all possible combinations\",\n allowedCombinations: [\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AuthenticationStrengthPolicy(\"example\",\n display_name=\"Example Authentication Strength Policy\",\n description=\"Policy for demo purposes\",\n allowed_combinations=[\n \"fido2\",\n \"password\",\n ])\nexample2 = azuread.AuthenticationStrengthPolicy(\"example2\",\n display_name=\"Example Authentication Strength Policy\",\n description=\"Policy for demo purposes with all possible combinations\",\n allowed_combinations=[\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.AuthenticationStrengthPolicy(\"example\", new()\n {\n DisplayName = \"Example Authentication Strength Policy\",\n Description = \"Policy for demo purposes\",\n AllowedCombinations = new[]\n {\n \"fido2\",\n \"password\",\n },\n });\n\n var example2 = new AzureAD.AuthenticationStrengthPolicy(\"example2\", new()\n {\n DisplayName = \"Example Authentication Strength Policy\",\n Description = \"Policy for demo purposes with all possible combinations\",\n AllowedCombinations = new[]\n {\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAuthenticationStrengthPolicy(ctx, \"example\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAuthenticationStrengthPolicy(ctx, \"example2\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes with all possible combinations\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t\tpulumi.String(\"deviceBasedPush\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassOneTime\"),\n\t\t\t\tpulumi.String(\"federatedMultiFactor\"),\n\t\t\t\tpulumi.String(\"federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"hardwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"microsoftAuthenticatorPush,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"password,hardwareOath\"),\n\t\t\t\tpulumi.String(\"password,microsoftAuthenticatorPush\"),\n\t\t\t\tpulumi.String(\"password,sms\"),\n\t\t\t\tpulumi.String(\"password,softwareOath\"),\n\t\t\t\tpulumi.String(\"password,voice\"),\n\t\t\t\tpulumi.String(\"sms\"),\n\t\t\t\tpulumi.String(\"sms,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"softwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassMultiUse\"),\n\t\t\t\tpulumi.String(\"voice,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"windowsHelloForBusiness\"),\n\t\t\t\tpulumi.String(\"x509CertificateMultiFactor\"),\n\t\t\t\tpulumi.String(\"x509CertificateSingleFactor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AuthenticationStrengthPolicy;\nimport com.pulumi.azuread.AuthenticationStrengthPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthenticationStrengthPolicy(\"example\", AuthenticationStrengthPolicyArgs.builder()\n .displayName(\"Example Authentication Strength Policy\")\n .description(\"Policy for demo purposes\")\n .allowedCombinations( \n \"fido2\",\n \"password\")\n .build());\n\n var example2 = new AuthenticationStrengthPolicy(\"example2\", AuthenticationStrengthPolicyArgs.builder()\n .displayName(\"Example Authentication Strength Policy\")\n .description(\"Policy for demo purposes with all possible combinations\")\n .allowedCombinations( \n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:AuthenticationStrengthPolicy\n properties:\n displayName: Example Authentication Strength Policy\n description: Policy for demo purposes\n allowedCombinations:\n - fido2\n - password\n example2:\n type: azuread:AuthenticationStrengthPolicy\n properties:\n displayName: Example Authentication Strength Policy\n description: Policy for demo purposes with all possible combinations\n allowedCombinations:\n - fido2\n - password\n - deviceBasedPush\n - temporaryAccessPassOneTime\n - federatedMultiFactor\n - federatedSingleFactor\n - hardwareOath,federatedSingleFactor\n - microsoftAuthenticatorPush,federatedSingleFactor\n - password,hardwareOath\n - password,microsoftAuthenticatorPush\n - password,sms\n - password,softwareOath\n - password,voice\n - sms\n - sms,federatedSingleFactor\n - softwareOath,federatedSingleFactor\n - temporaryAccessPassMultiUse\n - voice,federatedSingleFactor\n - windowsHelloForBusiness\n - x509CertificateMultiFactor\n - x509CertificateSingleFactor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication Strength Policies can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages a Authentication Strength Policy within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AuthenticationStrengthPolicy(\"example\", {\n displayName: \"Example Authentication Strength Policy\",\n description: \"Policy for demo purposes\",\n allowedCombinations: [\n \"fido2\",\n \"password\",\n ],\n});\nconst example2 = new azuread.AuthenticationStrengthPolicy(\"example2\", {\n displayName: \"Example Authentication Strength Policy\",\n description: \"Policy for demo purposes with all possible combinations\",\n allowedCombinations: [\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AuthenticationStrengthPolicy(\"example\",\n display_name=\"Example Authentication Strength Policy\",\n description=\"Policy for demo purposes\",\n allowed_combinations=[\n \"fido2\",\n \"password\",\n ])\nexample2 = azuread.AuthenticationStrengthPolicy(\"example2\",\n display_name=\"Example Authentication Strength Policy\",\n description=\"Policy for demo purposes with all possible combinations\",\n allowed_combinations=[\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.AuthenticationStrengthPolicy(\"example\", new()\n {\n DisplayName = \"Example Authentication Strength Policy\",\n Description = \"Policy for demo purposes\",\n AllowedCombinations = new[]\n {\n \"fido2\",\n \"password\",\n },\n });\n\n var example2 = new AzureAD.AuthenticationStrengthPolicy(\"example2\", new()\n {\n DisplayName = \"Example Authentication Strength Policy\",\n Description = \"Policy for demo purposes with all possible combinations\",\n AllowedCombinations = new[]\n {\n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAuthenticationStrengthPolicy(ctx, \"example\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAuthenticationStrengthPolicy(ctx, \"example2\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes with all possible combinations\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t\tpulumi.String(\"deviceBasedPush\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassOneTime\"),\n\t\t\t\tpulumi.String(\"federatedMultiFactor\"),\n\t\t\t\tpulumi.String(\"federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"hardwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"microsoftAuthenticatorPush,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"password,hardwareOath\"),\n\t\t\t\tpulumi.String(\"password,microsoftAuthenticatorPush\"),\n\t\t\t\tpulumi.String(\"password,sms\"),\n\t\t\t\tpulumi.String(\"password,softwareOath\"),\n\t\t\t\tpulumi.String(\"password,voice\"),\n\t\t\t\tpulumi.String(\"sms\"),\n\t\t\t\tpulumi.String(\"sms,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"softwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassMultiUse\"),\n\t\t\t\tpulumi.String(\"voice,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"windowsHelloForBusiness\"),\n\t\t\t\tpulumi.String(\"x509CertificateMultiFactor\"),\n\t\t\t\tpulumi.String(\"x509CertificateSingleFactor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AuthenticationStrengthPolicy;\nimport com.pulumi.azuread.AuthenticationStrengthPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthenticationStrengthPolicy(\"example\", AuthenticationStrengthPolicyArgs.builder()\n .displayName(\"Example Authentication Strength Policy\")\n .description(\"Policy for demo purposes\")\n .allowedCombinations( \n \"fido2\",\n \"password\")\n .build());\n\n var example2 = new AuthenticationStrengthPolicy(\"example2\", AuthenticationStrengthPolicyArgs.builder()\n .displayName(\"Example Authentication Strength Policy\")\n .description(\"Policy for demo purposes with all possible combinations\")\n .allowedCombinations( \n \"fido2\",\n \"password\",\n \"deviceBasedPush\",\n \"temporaryAccessPassOneTime\",\n \"federatedMultiFactor\",\n \"federatedSingleFactor\",\n \"hardwareOath,federatedSingleFactor\",\n \"microsoftAuthenticatorPush,federatedSingleFactor\",\n \"password,hardwareOath\",\n \"password,microsoftAuthenticatorPush\",\n \"password,sms\",\n \"password,softwareOath\",\n \"password,voice\",\n \"sms\",\n \"sms,federatedSingleFactor\",\n \"softwareOath,federatedSingleFactor\",\n \"temporaryAccessPassMultiUse\",\n \"voice,federatedSingleFactor\",\n \"windowsHelloForBusiness\",\n \"x509CertificateMultiFactor\",\n \"x509CertificateSingleFactor\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:AuthenticationStrengthPolicy\n properties:\n displayName: Example Authentication Strength Policy\n description: Policy for demo purposes\n allowedCombinations:\n - fido2\n - password\n example2:\n type: azuread:AuthenticationStrengthPolicy\n properties:\n displayName: Example Authentication Strength Policy\n description: Policy for demo purposes with all possible combinations\n allowedCombinations:\n - fido2\n - password\n - deviceBasedPush\n - temporaryAccessPassOneTime\n - federatedMultiFactor\n - federatedSingleFactor\n - hardwareOath,federatedSingleFactor\n - microsoftAuthenticatorPush,federatedSingleFactor\n - password,hardwareOath\n - password,microsoftAuthenticatorPush\n - password,sms\n - password,softwareOath\n - password,voice\n - sms\n - sms,federatedSingleFactor\n - softwareOath,federatedSingleFactor\n - temporaryAccessPassMultiUse\n - voice,federatedSingleFactor\n - windowsHelloForBusiness\n - x509CertificateMultiFactor\n - x509CertificateSingleFactor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication Strength Policies can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "allowedCombinations": { "type": "array", @@ -6137,7 +6158,7 @@ } }, "azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy": { - "description": "## Example Usage\n\n### All users except guests or external users\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n signInRiskLevels: [\"medium\"],\n userRiskLevels: [\"medium\"],\n applications: {\n includedApplications: [\"All\"],\n excludedApplications: [],\n },\n devices: {\n filter: {\n mode: \"exclude\",\n rule: \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n locations: {\n includedLocations: [\"All\"],\n excludedLocations: [\"AllTrusted\"],\n },\n platforms: {\n includedPlatforms: [\"android\"],\n excludedPlatforms: [\"iOS\"],\n },\n users: {\n includedUsers: [\"All\"],\n excludedUsers: [\"GuestsOrExternalUsers\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"mfa\"],\n },\n sessionControls: {\n applicationEnforcedRestrictionsEnabled: true,\n disableResilienceDefaults: false,\n signInFrequency: 10,\n signInFrequencyPeriod: \"hours\",\n cloudAppSecurityPolicy: \"monitorOnly\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"sign_in_risk_levels\": [\"medium\"],\n \"user_risk_levels\": [\"medium\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n \"excluded_applications\": [],\n },\n \"devices\": {\n \"filter\": {\n \"mode\": \"exclude\",\n \"rule\": \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n \"locations\": {\n \"included_locations\": [\"All\"],\n \"excluded_locations\": [\"AllTrusted\"],\n },\n \"platforms\": {\n \"included_platforms\": [\"android\"],\n \"excluded_platforms\": [\"iOS\"],\n },\n \"users\": {\n \"included_users\": [\"All\"],\n \"excluded_users\": [\"GuestsOrExternalUsers\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"mfa\"],\n },\n session_controls={\n \"application_enforced_restrictions_enabled\": True,\n \"disable_resilience_defaults\": False,\n \"sign_in_frequency\": 10,\n \"sign_in_frequency_period\": \"hours\",\n \"cloud_app_security_policy\": \"monitorOnly\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n SignInRiskLevels = new[]\n {\n \"medium\",\n },\n UserRiskLevels = new[]\n {\n \"medium\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n ExcludedApplications = new() { },\n },\n Devices = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesArgs\n {\n Filter = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs\n {\n Mode = \"exclude\",\n Rule = \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n Locations = new AzureAD.Inputs.ConditionalAccessPolicyConditionsLocationsArgs\n {\n IncludedLocations = new[]\n {\n \"All\",\n },\n ExcludedLocations = new[]\n {\n \"AllTrusted\",\n },\n },\n Platforms = new AzureAD.Inputs.ConditionalAccessPolicyConditionsPlatformsArgs\n {\n IncludedPlatforms = new[]\n {\n \"android\",\n },\n ExcludedPlatforms = new[]\n {\n \"iOS\",\n },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"All\",\n },\n ExcludedUsers = new[]\n {\n \"GuestsOrExternalUsers\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"mfa\",\n },\n },\n SessionControls = new AzureAD.Inputs.ConditionalAccessPolicySessionControlsArgs\n {\n ApplicationEnforcedRestrictionsEnabled = true,\n DisableResilienceDefaults = false,\n SignInFrequency = 10,\n SignInFrequencyPeriod = \"hours\",\n CloudAppSecurityPolicy = \"monitorOnly\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tSignInRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tUserRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedApplications: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tDevices: \u0026azuread.ConditionalAccessPolicyConditionsDevicesArgs{\n\t\t\t\t\tFilter: \u0026azuread.ConditionalAccessPolicyConditionsDevicesFilterArgs{\n\t\t\t\t\t\tMode: pulumi.String(\"exclude\"),\n\t\t\t\t\t\tRule: pulumi.String(\"device.operatingSystem eq \\\"Doors\\\"\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLocations: \u0026azuread.ConditionalAccessPolicyConditionsLocationsArgs{\n\t\t\t\t\tIncludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AllTrusted\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPlatforms: \u0026azuread.ConditionalAccessPolicyConditionsPlatformsArgs{\n\t\t\t\t\tIncludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"android\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"iOS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GuestsOrExternalUsers\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"mfa\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSessionControls: \u0026azuread.ConditionalAccessPolicySessionControlsArgs{\n\t\t\t\tApplicationEnforcedRestrictionsEnabled: pulumi.Bool(true),\n\t\t\t\tDisableResilienceDefaults: pulumi.Bool(false),\n\t\t\t\tSignInFrequency: pulumi.Int(10),\n\t\t\t\tSignInFrequencyPeriod: pulumi.String(\"hours\"),\n\t\t\t\tCloudAppSecurityPolicy: pulumi.String(\"monitorOnly\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsLocationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsPlatformsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicySessionControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .signInRiskLevels(\"medium\")\n .userRiskLevels(\"medium\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .excludedApplications()\n .build())\n .devices(ConditionalAccessPolicyConditionsDevicesArgs.builder()\n .filter(ConditionalAccessPolicyConditionsDevicesFilterArgs.builder()\n .mode(\"exclude\")\n .rule(\"device.operatingSystem eq \\\"Doors\\\"\")\n .build())\n .build())\n .locations(ConditionalAccessPolicyConditionsLocationsArgs.builder()\n .includedLocations(\"All\")\n .excludedLocations(\"AllTrusted\")\n .build())\n .platforms(ConditionalAccessPolicyConditionsPlatformsArgs.builder()\n .includedPlatforms(\"android\")\n .excludedPlatforms(\"iOS\")\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"All\")\n .excludedUsers(\"GuestsOrExternalUsers\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"mfa\")\n .build())\n .sessionControls(ConditionalAccessPolicySessionControlsArgs.builder()\n .applicationEnforcedRestrictionsEnabled(true)\n .disableResilienceDefaults(false)\n .signInFrequency(10)\n .signInFrequencyPeriod(\"hours\")\n .cloudAppSecurityPolicy(\"monitorOnly\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n signInRiskLevels:\n - medium\n userRiskLevels:\n - medium\n applications:\n includedApplications:\n - All\n excludedApplications: []\n devices:\n filter:\n mode: exclude\n rule: device.operatingSystem eq \"Doors\"\n locations:\n includedLocations:\n - All\n excludedLocations:\n - AllTrusted\n platforms:\n includedPlatforms:\n - android\n excludedPlatforms:\n - iOS\n users:\n includedUsers:\n - All\n excludedUsers:\n - GuestsOrExternalUsers\n grantControls:\n operator: OR\n builtInControls:\n - mfa\n sessionControls:\n applicationEnforcedRestrictionsEnabled: true\n disableResilienceDefaults: false\n signInFrequency: 10\n signInFrequencyPeriod: hours\n cloudAppSecurityPolicy: monitorOnly\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Included client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n applications: {\n includedApplications: [\"All\"],\n },\n clientApplications: {\n includedServicePrincipals: [current.then(current =\u003e current.objectId)],\n excludedServicePrincipals: [],\n },\n users: {\n includedUsers: [\"None\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"block\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n },\n \"client_applications\": {\n \"included_service_principals\": [current.object_id],\n \"excluded_service_principals\": [],\n },\n \"users\": {\n \"included_users\": [\"None\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"block\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n },\n ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n {\n IncludedServicePrincipals = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n ExcludedServicePrincipals = new() { },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"None\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"block\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .build())\n .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n .includedServicePrincipals(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .excludedServicePrincipals()\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"None\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"block\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n applications:\n includedApplications:\n - All\n clientApplications:\n includedServicePrincipals:\n - ${current.objectId}\n excludedServicePrincipals: []\n users:\n includedUsers:\n - None\n grantControls:\n operator: OR\n builtInControls:\n - block\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Excluded client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n applications: {\n includedApplications: [\"All\"],\n },\n clientApplications: {\n includedServicePrincipals: [\"ServicePrincipalsInMyTenant\"],\n excludedServicePrincipals: [current.then(current =\u003e current.objectId)],\n },\n users: {\n includedUsers: [\"None\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"block\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n },\n \"client_applications\": {\n \"included_service_principals\": [\"ServicePrincipalsInMyTenant\"],\n \"excluded_service_principals\": [current.object_id],\n },\n \"users\": {\n \"included_users\": [\"None\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"block\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n },\n ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n {\n IncludedServicePrincipals = new[]\n {\n \"ServicePrincipalsInMyTenant\",\n },\n ExcludedServicePrincipals = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"None\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"block\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ServicePrincipalsInMyTenant\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .build())\n .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n .includedServicePrincipals(\"ServicePrincipalsInMyTenant\")\n .excludedServicePrincipals(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"None\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"block\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n applications:\n includedApplications:\n - All\n clientApplications:\n includedServicePrincipals:\n - ServicePrincipalsInMyTenant\n excludedServicePrincipals:\n - ${current.objectId}\n users:\n includedUsers:\n - None\n grantControls:\n operator: OR\n builtInControls:\n - block\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConditional Access Policies can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "## Example Usage\n\n### All users except guests or external users\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n signInRiskLevels: [\"medium\"],\n userRiskLevels: [\"medium\"],\n applications: {\n includedApplications: [\"All\"],\n excludedApplications: [],\n },\n devices: {\n filter: {\n mode: \"exclude\",\n rule: \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n locations: {\n includedLocations: [\"All\"],\n excludedLocations: [\"AllTrusted\"],\n },\n platforms: {\n includedPlatforms: [\"android\"],\n excludedPlatforms: [\"iOS\"],\n },\n users: {\n includedUsers: [\"All\"],\n excludedUsers: [\"GuestsOrExternalUsers\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"mfa\"],\n },\n sessionControls: {\n applicationEnforcedRestrictionsEnabled: true,\n disableResilienceDefaults: false,\n signInFrequency: 10,\n signInFrequencyPeriod: \"hours\",\n cloudAppSecurityPolicy: \"monitorOnly\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"sign_in_risk_levels\": [\"medium\"],\n \"user_risk_levels\": [\"medium\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n \"excluded_applications\": [],\n },\n \"devices\": {\n \"filter\": {\n \"mode\": \"exclude\",\n \"rule\": \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n \"locations\": {\n \"included_locations\": [\"All\"],\n \"excluded_locations\": [\"AllTrusted\"],\n },\n \"platforms\": {\n \"included_platforms\": [\"android\"],\n \"excluded_platforms\": [\"iOS\"],\n },\n \"users\": {\n \"included_users\": [\"All\"],\n \"excluded_users\": [\"GuestsOrExternalUsers\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"mfa\"],\n },\n session_controls={\n \"application_enforced_restrictions_enabled\": True,\n \"disable_resilience_defaults\": False,\n \"sign_in_frequency\": 10,\n \"sign_in_frequency_period\": \"hours\",\n \"cloud_app_security_policy\": \"monitorOnly\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n SignInRiskLevels = new[]\n {\n \"medium\",\n },\n UserRiskLevels = new[]\n {\n \"medium\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n ExcludedApplications = new() { },\n },\n Devices = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesArgs\n {\n Filter = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs\n {\n Mode = \"exclude\",\n Rule = \"device.operatingSystem eq \\\"Doors\\\"\",\n },\n },\n Locations = new AzureAD.Inputs.ConditionalAccessPolicyConditionsLocationsArgs\n {\n IncludedLocations = new[]\n {\n \"All\",\n },\n ExcludedLocations = new[]\n {\n \"AllTrusted\",\n },\n },\n Platforms = new AzureAD.Inputs.ConditionalAccessPolicyConditionsPlatformsArgs\n {\n IncludedPlatforms = new[]\n {\n \"android\",\n },\n ExcludedPlatforms = new[]\n {\n \"iOS\",\n },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"All\",\n },\n ExcludedUsers = new[]\n {\n \"GuestsOrExternalUsers\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"mfa\",\n },\n },\n SessionControls = new AzureAD.Inputs.ConditionalAccessPolicySessionControlsArgs\n {\n ApplicationEnforcedRestrictionsEnabled = true,\n DisableResilienceDefaults = false,\n SignInFrequency = 10,\n SignInFrequencyPeriod = \"hours\",\n CloudAppSecurityPolicy = \"monitorOnly\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tSignInRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tUserRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedApplications: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tDevices: \u0026azuread.ConditionalAccessPolicyConditionsDevicesArgs{\n\t\t\t\t\tFilter: \u0026azuread.ConditionalAccessPolicyConditionsDevicesFilterArgs{\n\t\t\t\t\t\tMode: pulumi.String(\"exclude\"),\n\t\t\t\t\t\tRule: pulumi.String(\"device.operatingSystem eq \\\"Doors\\\"\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLocations: \u0026azuread.ConditionalAccessPolicyConditionsLocationsArgs{\n\t\t\t\t\tIncludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AllTrusted\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPlatforms: \u0026azuread.ConditionalAccessPolicyConditionsPlatformsArgs{\n\t\t\t\t\tIncludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"android\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"iOS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GuestsOrExternalUsers\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"mfa\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSessionControls: \u0026azuread.ConditionalAccessPolicySessionControlsArgs{\n\t\t\t\tApplicationEnforcedRestrictionsEnabled: pulumi.Bool(true),\n\t\t\t\tDisableResilienceDefaults: pulumi.Bool(false),\n\t\t\t\tSignInFrequency: pulumi.Int(10),\n\t\t\t\tSignInFrequencyPeriod: pulumi.String(\"hours\"),\n\t\t\t\tCloudAppSecurityPolicy: pulumi.String(\"monitorOnly\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsLocationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsPlatformsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicySessionControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .signInRiskLevels(\"medium\")\n .userRiskLevels(\"medium\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .excludedApplications()\n .build())\n .devices(ConditionalAccessPolicyConditionsDevicesArgs.builder()\n .filter(ConditionalAccessPolicyConditionsDevicesFilterArgs.builder()\n .mode(\"exclude\")\n .rule(\"device.operatingSystem eq \\\"Doors\\\"\")\n .build())\n .build())\n .locations(ConditionalAccessPolicyConditionsLocationsArgs.builder()\n .includedLocations(\"All\")\n .excludedLocations(\"AllTrusted\")\n .build())\n .platforms(ConditionalAccessPolicyConditionsPlatformsArgs.builder()\n .includedPlatforms(\"android\")\n .excludedPlatforms(\"iOS\")\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"All\")\n .excludedUsers(\"GuestsOrExternalUsers\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"mfa\")\n .build())\n .sessionControls(ConditionalAccessPolicySessionControlsArgs.builder()\n .applicationEnforcedRestrictionsEnabled(true)\n .disableResilienceDefaults(false)\n .signInFrequency(10)\n .signInFrequencyPeriod(\"hours\")\n .cloudAppSecurityPolicy(\"monitorOnly\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n signInRiskLevels:\n - medium\n userRiskLevels:\n - medium\n applications:\n includedApplications:\n - All\n excludedApplications: []\n devices:\n filter:\n mode: exclude\n rule: device.operatingSystem eq \"Doors\"\n locations:\n includedLocations:\n - All\n excludedLocations:\n - AllTrusted\n platforms:\n includedPlatforms:\n - android\n excludedPlatforms:\n - iOS\n users:\n includedUsers:\n - All\n excludedUsers:\n - GuestsOrExternalUsers\n grantControls:\n operator: OR\n builtInControls:\n - mfa\n sessionControls:\n applicationEnforcedRestrictionsEnabled: true\n disableResilienceDefaults: false\n signInFrequency: 10\n signInFrequencyPeriod: hours\n cloudAppSecurityPolicy: monitorOnly\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Included client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n applications: {\n includedApplications: [\"All\"],\n },\n clientApplications: {\n includedServicePrincipals: [current.then(current =\u003e current.objectId)],\n excludedServicePrincipals: [],\n },\n users: {\n includedUsers: [\"None\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"block\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n },\n \"client_applications\": {\n \"included_service_principals\": [current.object_id],\n \"excluded_service_principals\": [],\n },\n \"users\": {\n \"included_users\": [\"None\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"block\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n },\n ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n {\n IncludedServicePrincipals = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n ExcludedServicePrincipals = new() { },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"None\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"block\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .build())\n .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n .includedServicePrincipals(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .excludedServicePrincipals()\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"None\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"block\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n applications:\n includedApplications:\n - All\n clientApplications:\n includedServicePrincipals:\n - ${current.objectId}\n excludedServicePrincipals: []\n users:\n includedUsers:\n - None\n grantControls:\n operator: OR\n builtInControls:\n - block\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Excluded client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n displayName: \"example policy\",\n state: \"disabled\",\n conditions: {\n clientAppTypes: [\"all\"],\n applications: {\n includedApplications: [\"All\"],\n },\n clientApplications: {\n includedServicePrincipals: [\"ServicePrincipalsInMyTenant\"],\n excludedServicePrincipals: [current.then(current =\u003e current.objectId)],\n },\n users: {\n includedUsers: [\"None\"],\n },\n },\n grantControls: {\n operator: \"OR\",\n builtInControls: [\"block\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n display_name=\"example policy\",\n state=\"disabled\",\n conditions={\n \"client_app_types\": [\"all\"],\n \"applications\": {\n \"included_applications\": [\"All\"],\n },\n \"client_applications\": {\n \"included_service_principals\": [\"ServicePrincipalsInMyTenant\"],\n \"excluded_service_principals\": [current.object_id],\n },\n \"users\": {\n \"included_users\": [\"None\"],\n },\n },\n grant_controls={\n \"operator\": \"OR\",\n \"built_in_controls\": [\"block\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.ConditionalAccessPolicy(\"example\", new()\n {\n DisplayName = \"example policy\",\n State = \"disabled\",\n Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n {\n ClientAppTypes = new[]\n {\n \"all\",\n },\n Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n {\n IncludedApplications = new[]\n {\n \"All\",\n },\n },\n ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n {\n IncludedServicePrincipals = new[]\n {\n \"ServicePrincipalsInMyTenant\",\n },\n ExcludedServicePrincipals = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n },\n Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n {\n IncludedUsers = new[]\n {\n \"None\",\n },\n },\n },\n GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n {\n Operator = \"OR\",\n BuiltInControls = new[]\n {\n \"block\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState: pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ServicePrincipalsInMyTenant\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n .displayName(\"example policy\")\n .state(\"disabled\")\n .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n .clientAppTypes(\"all\")\n .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n .includedApplications(\"All\")\n .build())\n .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n .includedServicePrincipals(\"ServicePrincipalsInMyTenant\")\n .excludedServicePrincipals(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build())\n .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n .includedUsers(\"None\")\n .build())\n .build())\n .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n .operator(\"OR\")\n .builtInControls(\"block\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:ConditionalAccessPolicy\n properties:\n displayName: example policy\n state: disabled\n conditions:\n clientAppTypes:\n - all\n applications:\n includedApplications:\n - All\n clientApplications:\n includedServicePrincipals:\n - ServicePrincipalsInMyTenant\n excludedServicePrincipals:\n - ${current.objectId}\n users:\n includedUsers:\n - None\n grantControls:\n operator: OR\n builtInControls:\n - block\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConditional Access Policies can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "conditions": { "$ref": "#/types/azuread:index/ConditionalAccessPolicyConditions:ConditionalAccessPolicyConditions", @@ -6611,7 +6632,7 @@ } }, "azuread:index/group:Group": { - "description": "Manages a group within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used.\n\nThe `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n owners=[current.object_id],\n security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n securityEnabled: true\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n userPrincipalName: \"example-group-owner@example.com\",\n displayName: \"Group Owner\",\n mailNickname: \"example-group-owner\",\n password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n mailEnabled: true,\n mailNickname: \"ExampleGroup\",\n securityEnabled: true,\n types: [\"Unified\"],\n owners: [\n current.then(current =\u003e current.objectId),\n groupOwner.objectId,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n user_principal_name=\"example-group-owner@example.com\",\n display_name=\"Group Owner\",\n mail_nickname=\"example-group-owner\",\n password=\"SecretP@sswd99!\")\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n mail_enabled=True,\n mail_nickname=\"ExampleGroup\",\n security_enabled=True,\n types=[\"Unified\"],\n owners=[\n current.object_id,\n group_owner.object_id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var groupOwner = new AzureAD.User(\"group_owner\", new()\n {\n UserPrincipalName = \"example-group-owner@example.com\",\n DisplayName = \"Group Owner\",\n MailNickname = \"example-group-owner\",\n Password = \"SecretP@sswd99!\",\n });\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n MailEnabled = true,\n MailNickname = \"ExampleGroup\",\n SecurityEnabled = true,\n Types = new[]\n {\n \"Unified\",\n },\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n groupOwner.ObjectId,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname: pulumi.String(\"example-group-owner\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tMailEnabled: pulumi.Bool(true),\n\t\t\tMailNickname: pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var groupOwner = new User(\"groupOwner\", UserArgs.builder()\n .userPrincipalName(\"example-group-owner@example.com\")\n .displayName(\"Group Owner\")\n .mailNickname(\"example-group-owner\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"example\")\n .mailEnabled(true)\n .mailNickname(\"ExampleGroup\")\n .securityEnabled(true)\n .types(\"Unified\")\n .owners( \n current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()),\n groupOwner.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n groupOwner:\n type: azuread:User\n name: group_owner\n properties:\n userPrincipalName: example-group-owner@example.com\n displayName: Group Owner\n mailNickname: example-group-owner\n password: SecretP@sswd99!\n example:\n type: azuread:Group\n properties:\n displayName: example\n mailEnabled: true\n mailNickname: ExampleGroup\n securityEnabled: true\n types:\n - Unified\n owners:\n - ${current.objectId}\n - ${groupOwner.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with members*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n displayName: J Doe\n owners:\n - ${current.objectId}\n password: notSecure123\n userPrincipalName: jdoe@example.com\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n members:\n - ${example.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"MyGroup\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n types: [\"DynamicMembership\"],\n dynamicMembership: {\n enabled: true,\n rule: \"user.department -eq \\\"Sales\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"MyGroup\",\n owners=[current.object_id],\n security_enabled=True,\n types=[\"DynamicMembership\"],\n dynamic_membership={\n \"enabled\": True,\n \"rule\": \"user.department -eq \\\"Sales\\\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"MyGroup\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n Types = new[]\n {\n \"DynamicMembership\",\n },\n DynamicMembership = new AzureAD.Inputs.GroupDynamicMembershipArgs\n {\n Enabled = true,\n Rule = \"user.department -eq \\\"Sales\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule: pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GroupDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .types(\"DynamicMembership\")\n .dynamicMembership(GroupDynamicMembershipArgs.builder()\n .enabled(true)\n .rule(\"user.department -eq \\\"Sales\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n types:\n - DynamicMembership\n dynamicMembership:\n enabled: true\n rule: user.department -eq \"Sales\"\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages a group within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.\n\nThe `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n owners=[current.object_id],\n security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n securityEnabled: true\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n userPrincipalName: \"example-group-owner@example.com\",\n displayName: \"Group Owner\",\n mailNickname: \"example-group-owner\",\n password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n mailEnabled: true,\n mailNickname: \"ExampleGroup\",\n securityEnabled: true,\n types: [\"Unified\"],\n owners: [\n current.then(current =\u003e current.objectId),\n groupOwner.objectId,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n user_principal_name=\"example-group-owner@example.com\",\n display_name=\"Group Owner\",\n mail_nickname=\"example-group-owner\",\n password=\"SecretP@sswd99!\")\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n mail_enabled=True,\n mail_nickname=\"ExampleGroup\",\n security_enabled=True,\n types=[\"Unified\"],\n owners=[\n current.object_id,\n group_owner.object_id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var groupOwner = new AzureAD.User(\"group_owner\", new()\n {\n UserPrincipalName = \"example-group-owner@example.com\",\n DisplayName = \"Group Owner\",\n MailNickname = \"example-group-owner\",\n Password = \"SecretP@sswd99!\",\n });\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n MailEnabled = true,\n MailNickname = \"ExampleGroup\",\n SecurityEnabled = true,\n Types = new[]\n {\n \"Unified\",\n },\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n groupOwner.ObjectId,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname: pulumi.String(\"example-group-owner\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tMailEnabled: pulumi.Bool(true),\n\t\t\tMailNickname: pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var groupOwner = new User(\"groupOwner\", UserArgs.builder()\n .userPrincipalName(\"example-group-owner@example.com\")\n .displayName(\"Group Owner\")\n .mailNickname(\"example-group-owner\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"example\")\n .mailEnabled(true)\n .mailNickname(\"ExampleGroup\")\n .securityEnabled(true)\n .types(\"Unified\")\n .owners( \n current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()),\n groupOwner.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n groupOwner:\n type: azuread:User\n name: group_owner\n properties:\n userPrincipalName: example-group-owner@example.com\n displayName: Group Owner\n mailNickname: example-group-owner\n password: SecretP@sswd99!\n example:\n type: azuread:Group\n properties:\n displayName: example\n mailEnabled: true\n mailNickname: ExampleGroup\n securityEnabled: true\n types:\n - Unified\n owners:\n - ${current.objectId}\n - ${groupOwner.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with members*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n displayName: J Doe\n owners:\n - ${current.objectId}\n password: notSecure123\n userPrincipalName: jdoe@example.com\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n members:\n - ${example.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"MyGroup\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n types: [\"DynamicMembership\"],\n dynamicMembership: {\n enabled: true,\n rule: \"user.department -eq \\\"Sales\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"MyGroup\",\n owners=[current.object_id],\n security_enabled=True,\n types=[\"DynamicMembership\"],\n dynamic_membership={\n \"enabled\": True,\n \"rule\": \"user.department -eq \\\"Sales\\\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"MyGroup\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n Types = new[]\n {\n \"DynamicMembership\",\n },\n DynamicMembership = new AzureAD.Inputs.GroupDynamicMembershipArgs\n {\n Enabled = true,\n Rule = \"user.department -eq \\\"Sales\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule: pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GroupDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder()\n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .types(\"DynamicMembership\")\n .dynamicMembership(GroupDynamicMembershipArgs.builder()\n .enabled(true)\n .rule(\"user.department -eq \\\"Sales\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n types:\n - DynamicMembership\n dynamicMembership:\n enabled: true\n rule: user.department -eq \"Sales\"\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "administrativeUnitIds": { "type": "array", @@ -7054,7 +7075,7 @@ } }, "azuread:index/groupMember:GroupMember": { - "description": "Manages a single group membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the `members` property of the `azuread.Group` resource for the same group. Doing so will cause a conflict and group members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nHowever, if the authenticated service principal is an owner of the group being managed, an application role is not required.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleGroup = new azuread.Group(\"example\", {\n displayName: \"my_group\",\n securityEnabled: true,\n});\nconst exampleGroupMember = new azuread.GroupMember(\"example\", {\n groupObjectId: exampleGroup.id,\n memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_group = azuread.Group(\"example\",\n display_name=\"my_group\",\n security_enabled=True)\nexample_group_member = azuread.GroupMember(\"example\",\n group_object_id=example_group.id,\n member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleGroup = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"my_group\",\n SecurityEnabled = true,\n });\n\n var exampleGroupMember = new AzureAD.GroupMember(\"example\", new()\n {\n GroupObjectId = exampleGroup.Id,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my_group\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupMember(ctx, \"example\", \u0026azuread.GroupMemberArgs{\n\t\t\tGroupObjectId: exampleGroup.ID(),\n\t\t\tMemberObjectId: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.GroupMember;\nimport com.pulumi.azuread.GroupMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n .displayName(\"my_group\")\n .securityEnabled(true)\n .build());\n\n var exampleGroupMember = new GroupMember(\"exampleGroupMember\", GroupMemberArgs.builder()\n .groupObjectId(exampleGroup.id())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: my_group\n securityEnabled: true\n exampleGroupMember:\n type: azuread:GroupMember\n name: example\n properties:\n groupObjectId: ${exampleGroup.id}\n memberObjectId: ${example.id}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroup members can be imported using the object ID of the group and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/groupMember:GroupMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Azure AD Group Object ID and the target Member Object ID in the format `{GroupObjectID}/member/{MemberObjectID}`.\n\n", + "description": "Manages a single group membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the `members` property of the `azuread.Group` resource for the same group. Doing so will cause a conflict and group members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nHowever, if the authenticated service principal is an owner of the group being managed, an application role is not required.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleGroup = new azuread.Group(\"example\", {\n displayName: \"my_group\",\n securityEnabled: true,\n});\nconst exampleGroupMember = new azuread.GroupMember(\"example\", {\n groupObjectId: exampleGroup.objectId,\n memberObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_group = azuread.Group(\"example\",\n display_name=\"my_group\",\n security_enabled=True)\nexample_group_member = azuread.GroupMember(\"example\",\n group_object_id=example_group.object_id,\n member_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetUser.Invoke(new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n });\n\n var exampleGroup = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"my_group\",\n SecurityEnabled = true,\n });\n\n var exampleGroupMember = new AzureAD.GroupMember(\"example\", new()\n {\n GroupObjectId = exampleGroup.ObjectId,\n MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.LookupUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"my_group\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupMember(ctx, \"example\", \u0026azuread.GroupMemberArgs{\n\t\t\tGroupObjectId: exampleGroup.ObjectId,\n\t\t\tMemberObjectId: pulumi.String(example.ObjectId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.GroupMember;\nimport com.pulumi.azuread.GroupMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n .displayName(\"my_group\")\n .securityEnabled(true)\n .build());\n\n var exampleGroupMember = new GroupMember(\"exampleGroupMember\", GroupMemberArgs.builder()\n .groupObjectId(exampleGroup.objectId())\n .memberObjectId(example.applyValue(getUserResult -\u003e getUserResult.objectId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: my_group\n securityEnabled: true\n exampleGroupMember:\n type: azuread:GroupMember\n name: example\n properties:\n groupObjectId: ${exampleGroup.objectId}\n memberObjectId: ${example.objectId}\nvariables:\n example:\n fn::invoke:\n function: azuread:getUser\n arguments:\n userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroup members can be imported using the object ID of the group and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/groupMember:GroupMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111\n```\n\n-\u003e This ID format is unique to Terraform and is composed of the Azure AD Group Object ID and the target Member Object ID in the format `{GroupObjectID}/member/{MemberObjectID}`.\n\n", "properties": { "groupObjectId": { "type": "string", @@ -7331,7 +7352,7 @@ } }, "azuread:index/namedLocation:NamedLocation": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example_ip = new azuread.NamedLocation(\"example-ip\", {\n displayName: \"IP Named Location\",\n ip: {\n ipRanges: [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted: true,\n },\n});\nconst example_country = new azuread.NamedLocation(\"example-country\", {\n displayName: \"Country Named Location\",\n country: {\n countriesAndRegions: [\n \"GB\",\n \"US\",\n ],\n includeUnknownCountriesAndRegions: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_ip = azuread.NamedLocation(\"example-ip\",\n display_name=\"IP Named Location\",\n ip={\n \"ip_ranges\": [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n \"trusted\": True,\n })\nexample_country = azuread.NamedLocation(\"example-country\",\n display_name=\"Country Named Location\",\n country={\n \"countries_and_regions\": [\n \"GB\",\n \"US\",\n ],\n \"include_unknown_countries_and_regions\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_ip = new AzureAD.NamedLocation(\"example-ip\", new()\n {\n DisplayName = \"IP Named Location\",\n Ip = new AzureAD.Inputs.NamedLocationIpArgs\n {\n IpRanges = new[]\n {\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n },\n Trusted = true,\n },\n });\n\n var example_country = new AzureAD.NamedLocation(\"example-country\", new()\n {\n DisplayName = \"Country Named Location\",\n Country = new AzureAD.Inputs.NamedLocationCountryArgs\n {\n CountriesAndRegions = new[]\n {\n \"GB\",\n \"US\",\n },\n IncludeUnknownCountriesAndRegions = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewNamedLocation(ctx, \"example-ip\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"IP Named Location\"),\n\t\t\tIp: \u0026azuread.NamedLocationIpArgs{\n\t\t\t\tIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t\t},\n\t\t\t\tTrusted: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewNamedLocation(ctx, \"example-country\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"Country Named Location\"),\n\t\t\tCountry: \u0026azuread.NamedLocationCountryArgs{\n\t\t\t\tCountriesAndRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\tIncludeUnknownCountriesAndRegions: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.NamedLocation;\nimport com.pulumi.azuread.NamedLocationArgs;\nimport com.pulumi.azuread.inputs.NamedLocationIpArgs;\nimport com.pulumi.azuread.inputs.NamedLocationCountryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_ip = new NamedLocation(\"example-ip\", NamedLocationArgs.builder()\n .displayName(\"IP Named Location\")\n .ip(NamedLocationIpArgs.builder()\n .ipRanges( \n \"1.1.1.1/32\",\n \"2.2.2.2/32\")\n .trusted(true)\n .build())\n .build());\n\n var example_country = new NamedLocation(\"example-country\", NamedLocationArgs.builder()\n .displayName(\"Country Named Location\")\n .country(NamedLocationCountryArgs.builder()\n .countriesAndRegions( \n \"GB\",\n \"US\")\n .includeUnknownCountriesAndRegions(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-ip:\n type: azuread:NamedLocation\n properties:\n displayName: IP Named Location\n ip:\n ipRanges:\n - 1.1.1.1/32\n - 2.2.2.2/32\n trusted: true\n example-country:\n type: azuread:NamedLocation\n properties:\n displayName: Country Named Location\n country:\n countriesAndRegions:\n - GB\n - US\n includeUnknownCountriesAndRegions: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamed Locations can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example_ip = new azuread.NamedLocation(\"example-ip\", {\n displayName: \"IP Named Location\",\n ip: {\n ipRanges: [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted: true,\n },\n});\nconst example_country = new azuread.NamedLocation(\"example-country\", {\n displayName: \"Country Named Location\",\n country: {\n countriesAndRegions: [\n \"GB\",\n \"US\",\n ],\n includeUnknownCountriesAndRegions: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_ip = azuread.NamedLocation(\"example-ip\",\n display_name=\"IP Named Location\",\n ip={\n \"ip_ranges\": [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n \"trusted\": True,\n })\nexample_country = azuread.NamedLocation(\"example-country\",\n display_name=\"Country Named Location\",\n country={\n \"countries_and_regions\": [\n \"GB\",\n \"US\",\n ],\n \"include_unknown_countries_and_regions\": False,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_ip = new AzureAD.NamedLocation(\"example-ip\", new()\n {\n DisplayName = \"IP Named Location\",\n Ip = new AzureAD.Inputs.NamedLocationIpArgs\n {\n IpRanges = new[]\n {\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n },\n Trusted = true,\n },\n });\n\n var example_country = new AzureAD.NamedLocation(\"example-country\", new()\n {\n DisplayName = \"Country Named Location\",\n Country = new AzureAD.Inputs.NamedLocationCountryArgs\n {\n CountriesAndRegions = new[]\n {\n \"GB\",\n \"US\",\n },\n IncludeUnknownCountriesAndRegions = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewNamedLocation(ctx, \"example-ip\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"IP Named Location\"),\n\t\t\tIp: \u0026azuread.NamedLocationIpArgs{\n\t\t\t\tIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t\t},\n\t\t\t\tTrusted: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewNamedLocation(ctx, \"example-country\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"Country Named Location\"),\n\t\t\tCountry: \u0026azuread.NamedLocationCountryArgs{\n\t\t\t\tCountriesAndRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\tIncludeUnknownCountriesAndRegions: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.NamedLocation;\nimport com.pulumi.azuread.NamedLocationArgs;\nimport com.pulumi.azuread.inputs.NamedLocationIpArgs;\nimport com.pulumi.azuread.inputs.NamedLocationCountryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_ip = new NamedLocation(\"example-ip\", NamedLocationArgs.builder()\n .displayName(\"IP Named Location\")\n .ip(NamedLocationIpArgs.builder()\n .ipRanges( \n \"1.1.1.1/32\",\n \"2.2.2.2/32\")\n .trusted(true)\n .build())\n .build());\n\n var example_country = new NamedLocation(\"example-country\", NamedLocationArgs.builder()\n .displayName(\"Country Named Location\")\n .country(NamedLocationCountryArgs.builder()\n .countriesAndRegions( \n \"GB\",\n \"US\")\n .includeUnknownCountriesAndRegions(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-ip:\n type: azuread:NamedLocation\n properties:\n displayName: IP Named Location\n ip:\n ipRanges:\n - 1.1.1.1/32\n - 2.2.2.2/32\n trusted: true\n example-country:\n type: azuread:NamedLocation\n properties:\n displayName: Country Named Location\n country:\n countriesAndRegions:\n - GB\n - US\n includeUnknownCountriesAndRegions: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamed Locations can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "country": { "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", @@ -7712,7 +7733,7 @@ } }, "azuread:index/servicePrincipal:ServicePrincipal": { - "description": "## Example Usage\n\n*Create a service principal for an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: example.clientId,\n appRoleAssignmentRequired: false,\n owners: [current.then(current =\u003e current.objectId)],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example.client_id,\n app_role_assignment_required=False,\n owners=[current.object_id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n AppRoleAssignmentRequired = false,\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .appRoleAssignmentRequired(false)\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n appRoleAssignmentRequired: false\n owners:\n - ${current.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an enterprise application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: example.clientId,\n appRoleAssignmentRequired: false,\n owners: [current.then(current =\u003e current.objectId)],\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example.client_id,\n app_role_assignment_required=False,\n owners=[current.object_id],\n feature_tags=[{\n \"enterprise\": True,\n \"gallery\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n AppRoleAssignmentRequired = false,\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ServicePrincipalFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tFeatureTags: azuread.ServicePrincipalFeatureTagArray{\n\t\t\t\t\u0026azuread.ServicePrincipalFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ServicePrincipalFeatureTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .appRoleAssignmentRequired(false)\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .featureTags(ServicePrincipalFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n appRoleAssignmentRequired: false\n owners:\n - ${current.objectId}\n featureTags:\n - enterprise: true\n gallery: true\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Manage a service principal for a first-party Microsoft application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n client_id=well_known.result[\"microsoftGraph\"],\n use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n .clientId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .useExisting(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n clientId: ${wellKnown.result.microsoftGraph}\n useExisting: true\nvariables:\n wellKnown:\n fn::invoke:\n function: azuread:getApplicationPublishedAppIds\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an application created from a gallery template*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n displayName: \"Marketo\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n displayName: \"example\",\n templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: exampleApplication.clientId,\n useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\nexample_application = azuread.Application(\"example\",\n display_name=\"example\",\n template_id=example.template_id)\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example_application.client_id,\n use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Marketo\",\n });\n\n var exampleApplication = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = exampleApplication.ClientId,\n UseExisting = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(example.TemplateId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: exampleApplication.ClientId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Marketo\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n .displayName(\"example\")\n .templateId(example.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(exampleApplication.clientId())\n .useExisting(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleApplication:\n type: azuread:Application\n name: example\n properties:\n displayName: example\n templateId: ${example.templateId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${exampleApplication.clientId}\n useExisting: true\nvariables:\n example:\n fn::invoke:\n function: azuread:getApplicationTemplate\n arguments:\n displayName: Marketo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService principals can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "## Example Usage\n\n*Create a service principal for an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: example.clientId,\n appRoleAssignmentRequired: false,\n owners: [current.then(current =\u003e current.objectId)],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example.client_id,\n app_role_assignment_required=False,\n owners=[current.object_id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n AppRoleAssignmentRequired = false,\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .appRoleAssignmentRequired(false)\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n appRoleAssignmentRequired: false\n owners:\n - ${current.objectId}\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an enterprise application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: example.clientId,\n appRoleAssignmentRequired: false,\n owners: [current.then(current =\u003e current.objectId)],\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n display_name=\"example\",\n owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example.client_id,\n app_role_assignment_required=False,\n owners=[current.object_id],\n feature_tags=[{\n \"enterprise\": True,\n \"gallery\": True,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = example.ClientId,\n AppRoleAssignmentRequired = false,\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ServicePrincipalFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tFeatureTags: azuread.ServicePrincipalFeatureTagArray{\n\t\t\t\t\u0026azuread.ServicePrincipalFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ServicePrincipalFeatureTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Application(\"example\", ApplicationArgs.builder()\n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(example.clientId())\n .appRoleAssignmentRequired(false)\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .featureTags(ServicePrincipalFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Application\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${example.clientId}\n appRoleAssignmentRequired: false\n owners:\n - ${current.objectId}\n featureTags:\n - enterprise: true\n gallery: true\nvariables:\n current:\n fn::invoke:\n function: azuread:getClientConfig\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Manage a service principal for a first-party Microsoft application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n client_id=well_known.result[\"microsoftGraph\"],\n use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n .clientId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().microsoftGraph()))\n .useExisting(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n clientId: ${wellKnown.result.microsoftGraph}\n useExisting: true\nvariables:\n wellKnown:\n fn::invoke:\n function: azuread:getApplicationPublishedAppIds\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an application created from a gallery template*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n displayName: \"Marketo\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n displayName: \"example\",\n templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: exampleApplication.clientId,\n useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\nexample_application = azuread.Application(\"example\",\n display_name=\"example\",\n template_id=example.template_id)\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example_application.client_id,\n use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Marketo\",\n });\n\n var exampleApplication = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = exampleApplication.ClientId,\n UseExisting = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(example.TemplateId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: exampleApplication.ClientId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Marketo\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n .displayName(\"example\")\n .templateId(example.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n .clientId(exampleApplication.clientId())\n .useExisting(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleApplication:\n type: azuread:Application\n name: example\n properties:\n displayName: example\n templateId: ${example.templateId}\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${exampleApplication.clientId}\n useExisting: true\nvariables:\n example:\n fn::invoke:\n function: azuread:getApplicationTemplate\n arguments:\n displayName: Marketo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService principals can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "accountEnabled": { "type": "boolean", @@ -8875,7 +8896,7 @@ } }, "azuread:index/user:User": { - "description": "Manages a user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.User(\"example\", {\n userPrincipalName: \"jdoe@example.com\",\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.User(\"example\",\n user_principal_name=\"jdoe@example.com\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.User(\"example\", new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new User(\"example\", UserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsers can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages a user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.User(\"example\", {\n userPrincipalName: \"jdoe@example.com\",\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.User(\"example\",\n user_principal_name=\"jdoe@example.com\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.User(\"example\", new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new User(\"example\", UserArgs.builder()\n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsers can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "aboutMe": { "type": "string", @@ -8940,6 +8961,10 @@ "type": "string", "description": "The name of the division in which the user works.\n" }, + "employeeHireDate": { + "type": "string", + "description": "The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n" + }, "employeeId": { "type": "string", "description": "The employee identifier assigned to the user by the organisation.\n" @@ -9161,6 +9186,10 @@ "type": "string", "description": "The name of the division in which the user works.\n" }, + "employeeHireDate": { + "type": "string", + "description": "The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n" + }, "employeeId": { "type": "string", "description": "The employee identifier assigned to the user by the organisation.\n" @@ -9324,6 +9353,10 @@ "type": "string", "description": "The name of the division in which the user works.\n" }, + "employeeHireDate": { + "type": "string", + "description": "The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n" + }, "employeeId": { "type": "string", "description": "The employee identifier assigned to the user by the organisation.\n" @@ -10134,7 +10167,7 @@ } }, "azuread:index/getDirectoryObject:getDirectoryObject": { - "description": "Retrieves the OData type for a generic directory object having the provided object ID.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires either `User.Read.All`, `Group.Read.All` or `Directory.Read.All`, depending on the type of object being queried.\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up and output type of object by ID*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getDirectoryObject({\n objectId: \"00000000-0000-0000-0000-000000000000\",\n});\nexport const objectType = example.then(example =\u003e example.type);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_directory_object(object_id=\"00000000-0000-0000-0000-000000000000\")\npulumi.export(\"objectType\", example.type)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetDirectoryObject.Invoke(new()\n {\n ObjectId = \"00000000-0000-0000-0000-000000000000\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"objectType\"] = example.Apply(getDirectoryObjectResult =\u003e getDirectoryObjectResult.Type),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetDirectoryObject(ctx, \u0026azuread.GetDirectoryObjectArgs{\n\t\t\tObjectId: \"00000000-0000-0000-0000-000000000000\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"objectType\", example.Type)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDirectoryObjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getDirectoryObject(GetDirectoryObjectArgs.builder()\n .objectId(\"00000000-0000-0000-0000-000000000000\")\n .build());\n\n ctx.export(\"objectType\", example.applyValue(getDirectoryObjectResult -\u003e getDirectoryObjectResult.type()));\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: azuread:getDirectoryObject\n arguments:\n objectId: 00000000-0000-0000-0000-000000000000\noutputs:\n objectType: ${example.type}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes Reference \n\nThe following attributes are exported:\n\n*`object_id` - The object ID of the directory object.\n*`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`.\n", + "description": "Retrieves the OData type for a generic directory object having the provided object ID.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires either `User.Read.All`, `Group.Read.All` or `Directory.Read.All`, depending on the type of object being queried.\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up and output type of object by ID*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getDirectoryObject({\n objectId: \"00000000-0000-0000-0000-000000000000\",\n});\nexport const objectType = example.then(example =\u003e example.type);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_directory_object(object_id=\"00000000-0000-0000-0000-000000000000\")\npulumi.export(\"objectType\", example.type)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetDirectoryObject.Invoke(new()\n {\n ObjectId = \"00000000-0000-0000-0000-000000000000\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"objectType\"] = example.Apply(getDirectoryObjectResult =\u003e getDirectoryObjectResult.Type),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetDirectoryObject(ctx, \u0026azuread.GetDirectoryObjectArgs{\n\t\t\tObjectId: \"00000000-0000-0000-0000-000000000000\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"objectType\", example.Type)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDirectoryObjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getDirectoryObject(GetDirectoryObjectArgs.builder()\n .objectId(\"00000000-0000-0000-0000-000000000000\")\n .build());\n\n ctx.export(\"objectType\", example.applyValue(getDirectoryObjectResult -\u003e getDirectoryObjectResult.type()));\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: azuread:getDirectoryObject\n arguments:\n objectId: 00000000-0000-0000-0000-000000000000\noutputs:\n objectType: ${example.type}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes Reference \n\nThe following attributes are exported:\n\n* `object_id` - The object ID of the directory object.\n* `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`.\n", "inputs": { "description": "A collection of arguments for invoking getDirectoryObject.\n", "properties": { @@ -11101,6 +11134,10 @@ "description": "The name of the division in which the user works.\n", "type": "string" }, + "employeeHireDate": { + "description": "The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n", + "type": "string" + }, "employeeId": { "description": "The employee identifier assigned to the user by the organisation.\n", "type": "string" @@ -11252,6 +11289,7 @@ "department", "displayName", "division", + "employeeHireDate", "employeeId", "employeeType", "externalUserState", diff --git a/provider/go.mod b/provider/go.mod index 4829ab718..dc82568fd 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -138,7 +138,7 @@ require ( github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 // indirect github.com/hashicorp/terraform-plugin-testing v1.10.0 // indirect - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6 // indirect + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.12.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index a7ce905ab..4be29dc2d 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1697,8 +1697,8 @@ github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+ github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= github.com/hashicorp/terraform-plugin-testing v1.10.0 h1:2+tmRNhvnfE4Bs8rB6v58S/VpqzGC6RCh9Y8ujdn+aw= github.com/hashicorp/terraform-plugin-testing v1.10.0/go.mod h1:iWRW3+loP33WMch2P/TEyCxxct/ZEcCGMquSLSCVsrc= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6 h1:gQhVEED+By88+MYklcb+2/+D2px9ysBadmDAPlsGY1A= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6/go.mod h1:cHkQQ9TA7ESlqU0nH16oUyeEpe8Ms6OK/dPY8TuBO5g= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8 h1:SqIZPwDm7hxJVh/NseWmLDPRXeTwaLf+kNfJM+045aM= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8/go.mod h1:0hilTmnQWY+d/ftDQKoKuav3xsH7OGGPy18Y8qH1LJs= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= diff --git a/provider/shim/go.mod b/provider/shim/go.mod index 9211e4a42..b86936ad8 100644 --- a/provider/shim/go.mod +++ b/provider/shim/go.mod @@ -6,7 +6,7 @@ toolchain go1.23.0 require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6 + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8 ) require ( @@ -53,13 +53,13 @@ require ( github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.15.0 // indirect - golang.org/x/crypto v0.27.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.29.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/text v0.18.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.25.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect diff --git a/provider/shim/go.sum b/provider/shim/go.sum index 790bbacd7..1eb9183a5 100644 --- a/provider/shim/go.sum +++ b/provider/shim/go.sum @@ -91,8 +91,8 @@ github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMc github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg= github.com/hashicorp/terraform-plugin-testing v1.10.0 h1:2+tmRNhvnfE4Bs8rB6v58S/VpqzGC6RCh9Y8ujdn+aw= github.com/hashicorp/terraform-plugin-testing v1.10.0/go.mod h1:iWRW3+loP33WMch2P/TEyCxxct/ZEcCGMquSLSCVsrc= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6 h1:gQhVEED+By88+MYklcb+2/+D2px9ysBadmDAPlsGY1A= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20241004173910-f12931f0baa6/go.mod h1:cHkQQ9TA7ESlqU0nH16oUyeEpe8Ms6OK/dPY8TuBO5g= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8 h1:SqIZPwDm7hxJVh/NseWmLDPRXeTwaLf+kNfJM+045aM= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20250116153758-efb90bd0c4a8/go.mod h1:0hilTmnQWY+d/ftDQKoKuav3xsH7OGGPy18Y8qH1LJs= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -158,8 +158,8 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= @@ -174,8 +174,8 @@ golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbht golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -188,8 +188,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -197,8 +197,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/sdk/dotnet/AdministrativeUnit.cs b/sdk/dotnet/AdministrativeUnit.cs index bae8689f8..a71b4a87a 100644 --- a/sdk/dotnet/AdministrativeUnit.cs +++ b/sdk/dotnet/AdministrativeUnit.cs @@ -45,7 +45,7 @@ namespace Pulumi.AzureAD /// Administrative units can be imported using their object ID, e.g. /// /// ```sh - /// $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/administrativeUnit:AdministrativeUnit")] diff --git a/sdk/dotnet/AdministrativeUnitMember.cs b/sdk/dotnet/AdministrativeUnitMember.cs index c80e0f68e..5ee623d37 100644 --- a/sdk/dotnet/AdministrativeUnitMember.cs +++ b/sdk/dotnet/AdministrativeUnitMember.cs @@ -56,10 +56,8 @@ namespace Pulumi.AzureAD /// Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. /// /// ```sh - /// $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + /// $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 /// ``` - /// - /// -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. /// [AzureADResourceType("azuread:index/administrativeUnitMember:AdministrativeUnitMember")] public partial class AdministrativeUnitMember : global::Pulumi.CustomResource diff --git a/sdk/dotnet/AdministrativeUnitRoleMember.cs b/sdk/dotnet/AdministrativeUnitRoleMember.cs index fc4c181be..4b1b6f571 100644 --- a/sdk/dotnet/AdministrativeUnitRoleMember.cs +++ b/sdk/dotnet/AdministrativeUnitRoleMember.cs @@ -60,10 +60,10 @@ namespace Pulumi.AzureAD /// Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. /// /// ```sh - /// $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS + /// $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example /// ``` /// - /// -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. + /// /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS /// [AzureADResourceType("azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember")] public partial class AdministrativeUnitRoleMember : global::Pulumi.CustomResource diff --git a/sdk/dotnet/AppRoleAssignment.cs b/sdk/dotnet/AppRoleAssignment.cs index 5b7f9c48f..894625a79 100644 --- a/sdk/dotnet/AppRoleAssignment.cs +++ b/sdk/dotnet/AppRoleAssignment.cs @@ -157,10 +157,10 @@ namespace Pulumi.AzureAD /// App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. /// /// ```sh - /// $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz + /// $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz /// ``` /// - /// -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. + /// -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. /// [AzureADResourceType("azuread:index/appRoleAssignment:AppRoleAssignment")] public partial class AppRoleAssignment : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Application.cs b/sdk/dotnet/Application.cs index dd556dd57..907c1dcdd 100644 --- a/sdk/dotnet/Application.cs +++ b/sdk/dotnet/Application.cs @@ -342,7 +342,7 @@ public partial class Application : global::Pulumi.CustomResource /// > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource. /// [Output("password")] - public Output Password { get; private set; } = null!; + public Output Password { get; private set; } = null!; /// /// If `true`, will return an error if an existing application is found with the same name. Defaults to `false`. diff --git a/sdk/dotnet/ApplicationIdentifierUri.cs b/sdk/dotnet/ApplicationIdentifierUri.cs index a3aca00c5..3dd9714a9 100644 --- a/sdk/dotnet/ApplicationIdentifierUri.cs +++ b/sdk/dotnet/ApplicationIdentifierUri.cs @@ -28,7 +28,7 @@ namespace Pulumi.AzureAD /// var exampleApplicationIdentifierUri = new AzureAD.ApplicationIdentifierUri("example", new() /// { /// ApplicationId = example.Id, - /// IdentifierUri = "https://app.hashitown.com", + /// IdentifierUri = "https://app.example.com", /// }); /// /// }); diff --git a/sdk/dotnet/ApplicationOwner.cs b/sdk/dotnet/ApplicationOwner.cs index 9b41b07a8..49dce4e91 100644 --- a/sdk/dotnet/ApplicationOwner.cs +++ b/sdk/dotnet/ApplicationOwner.cs @@ -27,7 +27,7 @@ namespace Pulumi.AzureAD /// /// var jane = new AzureAD.User("jane", new() /// { - /// UserPrincipalName = "jane.fischer@hashitown.com", + /// UserPrincipalName = "jane.fischer@example.com", /// DisplayName = "Jane Fischer", /// Password = "Ch@ngeMe", /// }); diff --git a/sdk/dotnet/ApplicationRedirectUris.cs b/sdk/dotnet/ApplicationRedirectUris.cs index 9c57d33fb..93fe9857f 100644 --- a/sdk/dotnet/ApplicationRedirectUris.cs +++ b/sdk/dotnet/ApplicationRedirectUris.cs @@ -46,8 +46,8 @@ namespace Pulumi.AzureAD /// Type = "SPA", /// RedirectUris = new[] /// { - /// "https://mobile.hashitown.com/", - /// "https://beta.hashitown.com/", + /// "https://mobile.example.com/", + /// "https://beta.example.com/", /// }, /// }); /// @@ -57,8 +57,8 @@ namespace Pulumi.AzureAD /// Type = "Web", /// RedirectUris = new[] /// { - /// "https://app.hashitown.com/", - /// "https://classic.hashitown.com/", + /// "https://app.example.com/", + /// "https://classic.example.com/", /// "urn:ietf:wg:oauth:2.0:oob", /// }, /// }); diff --git a/sdk/dotnet/ApplicationRegistration.cs b/sdk/dotnet/ApplicationRegistration.cs index e3fc34b3a..092014bd6 100644 --- a/sdk/dotnet/ApplicationRegistration.cs +++ b/sdk/dotnet/ApplicationRegistration.cs @@ -37,12 +37,12 @@ namespace Pulumi.AzureAD /// DisplayName = "Example Application", /// Description = "My example application", /// SignInAudience = "AzureADMyOrg", - /// HomepageUrl = "https://app.hashitown.com/", - /// LogoutUrl = "https://app.hashitown.com/logout", - /// MarketingUrl = "https://hashitown.com/", - /// PrivacyStatementUrl = "https://hashitown.com/privacy", - /// SupportUrl = "https://support.hashitown.com/", - /// TermsOfServiceUrl = "https://hashitown.com/terms", + /// HomepageUrl = "https://app.example.com/", + /// LogoutUrl = "https://app.example.com/logout", + /// MarketingUrl = "https://example.com/", + /// PrivacyStatementUrl = "https://example.com/privacy", + /// SupportUrl = "https://support.example.com/", + /// TermsOfServiceUrl = "https://example.com/terms", /// }); /// /// }); diff --git a/sdk/dotnet/AuthenticationStrengthPolicy.cs b/sdk/dotnet/AuthenticationStrengthPolicy.cs index 407eb47f8..8d31d3d1e 100644 --- a/sdk/dotnet/AuthenticationStrengthPolicy.cs +++ b/sdk/dotnet/AuthenticationStrengthPolicy.cs @@ -79,7 +79,7 @@ namespace Pulumi.AzureAD /// Authentication Strength Policies can be imported using the `id`, e.g. /// /// ```sh - /// $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy")] diff --git a/sdk/dotnet/ConditionalAccessPolicy.cs b/sdk/dotnet/ConditionalAccessPolicy.cs index 6f904b100..211320852 100644 --- a/sdk/dotnet/ConditionalAccessPolicy.cs +++ b/sdk/dotnet/ConditionalAccessPolicy.cs @@ -235,7 +235,7 @@ namespace Pulumi.AzureAD /// Conditional Access Policies can be imported using the `id`, e.g. /// /// ```sh - /// $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy")] diff --git a/sdk/dotnet/GetDirectoryObject.cs b/sdk/dotnet/GetDirectoryObject.cs index d4f033db7..531160d50 100644 --- a/sdk/dotnet/GetDirectoryObject.cs +++ b/sdk/dotnet/GetDirectoryObject.cs @@ -49,8 +49,8 @@ public static class GetDirectoryObject /// /// The following attributes are exported: /// - /// *`object_id` - The object ID of the directory object. - /// *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + /// * `object_id` - The object ID of the directory object. + /// * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. /// public static Task InvokeAsync(GetDirectoryObjectArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("azuread:index/getDirectoryObject:getDirectoryObject", args ?? new GetDirectoryObjectArgs(), options.WithDefaults()); @@ -93,8 +93,8 @@ public static Task InvokeAsync(GetDirectoryObjectArgs /// /// The following attributes are exported: /// - /// *`object_id` - The object ID of the directory object. - /// *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + /// * `object_id` - The object ID of the directory object. + /// * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. /// public static Output Invoke(GetDirectoryObjectInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("azuread:index/getDirectoryObject:getDirectoryObject", args ?? new GetDirectoryObjectInvokeArgs(), options.WithDefaults()); @@ -137,8 +137,8 @@ public static Output Invoke(GetDirectoryObjectInvokeAr /// /// The following attributes are exported: /// - /// *`object_id` - The object ID of the directory object. - /// *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + /// * `object_id` - The object ID of the directory object. + /// * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. /// public static Output Invoke(GetDirectoryObjectInvokeArgs args, InvokeOutputOptions options) => global::Pulumi.Deployment.Instance.Invoke("azuread:index/getDirectoryObject:getDirectoryObject", args ?? new GetDirectoryObjectInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/GetUser.cs b/sdk/dotnet/GetUser.cs index 8edaea16e..48f1c6939 100644 --- a/sdk/dotnet/GetUser.cs +++ b/sdk/dotnet/GetUser.cs @@ -242,6 +242,10 @@ public sealed class GetUserResult /// public readonly string Division; /// + /// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + public readonly string EmployeeHireDate; + /// /// The employee identifier assigned to the user by the organisation. /// public readonly string EmployeeId; @@ -396,6 +400,8 @@ private GetUserResult( string division, + string employeeHireDate, + string employeeId, string employeeType, @@ -472,6 +478,7 @@ private GetUserResult( Department = department; DisplayName = displayName; Division = division; + EmployeeHireDate = employeeHireDate; EmployeeId = employeeId; EmployeeType = employeeType; ExternalUserState = externalUserState; diff --git a/sdk/dotnet/Group.cs b/sdk/dotnet/Group.cs index 4771ea9a9..26c7c1be3 100644 --- a/sdk/dotnet/Group.cs +++ b/sdk/dotnet/Group.cs @@ -26,7 +26,7 @@ namespace Pulumi.AzureAD /// /// When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` /// - /// When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. + /// When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. /// /// The `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. /// @@ -104,7 +104,7 @@ namespace Pulumi.AzureAD /// Groups can be imported using their object ID, e.g. /// /// ```sh - /// $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/group:Group")] diff --git a/sdk/dotnet/GroupMember.cs b/sdk/dotnet/GroupMember.cs index 955eb3907..644317003 100644 --- a/sdk/dotnet/GroupMember.cs +++ b/sdk/dotnet/GroupMember.cs @@ -47,8 +47,8 @@ namespace Pulumi.AzureAD /// /// var exampleGroupMember = new AzureAD.GroupMember("example", new() /// { - /// GroupObjectId = exampleGroup.Id, - /// MemberObjectId = example.Apply(getUserResult => getUserResult.Id), + /// GroupObjectId = exampleGroup.ObjectId, + /// MemberObjectId = example.Apply(getUserResult => getUserResult.ObjectId), /// }); /// /// }); diff --git a/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsArgs.cs b/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsArgs.cs index 6068e5b46..57c894377 100644 --- a/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsArgs.cs +++ b/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsArgs.cs @@ -42,6 +42,12 @@ public InputList ClientAppTypes [Input("devices")] public Input? Devices { get; set; } + /// + /// The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + /// + [Input("insiderRiskLevels")] + public Input? InsiderRiskLevels { get; set; } + /// /// A `locations` block as documented below, which specifies locations included in and excluded from the policy. /// diff --git a/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsGetArgs.cs b/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsGetArgs.cs index 338ef44ed..61b15d47c 100644 --- a/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsGetArgs.cs +++ b/sdk/dotnet/Inputs/ConditionalAccessPolicyConditionsGetArgs.cs @@ -42,6 +42,12 @@ public InputList ClientAppTypes [Input("devices")] public Input? Devices { get; set; } + /// + /// The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + /// + [Input("insiderRiskLevels")] + public Input? InsiderRiskLevels { get; set; } + /// /// A `locations` block as documented below, which specifies locations included in and excluded from the policy. /// diff --git a/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsArgs.cs b/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsArgs.cs index 319f55eb3..199289e70 100644 --- a/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsArgs.cs +++ b/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.AzureAD.Inputs public sealed class ConditionalAccessPolicyGrantControlsArgs : global::Pulumi.ResourceArgs { /// - /// ID of an Authentication Strength Policy to use in this policy. + /// ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. /// [Input("authenticationStrengthPolicyId")] public Input? AuthenticationStrengthPolicyId { get; set; } diff --git a/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsGetArgs.cs b/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsGetArgs.cs index 9698c5c38..152cf3c64 100644 --- a/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsGetArgs.cs +++ b/sdk/dotnet/Inputs/ConditionalAccessPolicyGrantControlsGetArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.AzureAD.Inputs public sealed class ConditionalAccessPolicyGrantControlsGetArgs : global::Pulumi.ResourceArgs { /// - /// ID of an Authentication Strength Policy to use in this policy. + /// ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. /// [Input("authenticationStrengthPolicyId")] public Input? AuthenticationStrengthPolicyId { get; set; } diff --git a/sdk/dotnet/Inputs/NamedLocationCountryArgs.cs b/sdk/dotnet/Inputs/NamedLocationCountryArgs.cs index 812bc7a1c..ddb2ecb10 100644 --- a/sdk/dotnet/Inputs/NamedLocationCountryArgs.cs +++ b/sdk/dotnet/Inputs/NamedLocationCountryArgs.cs @@ -24,6 +24,12 @@ public InputList CountriesAndRegions set => _countriesAndRegions = value; } + /// + /// Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + /// + [Input("countryLookupMethod")] + public Input? CountryLookupMethod { get; set; } + /// /// Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. /// diff --git a/sdk/dotnet/Inputs/NamedLocationCountryGetArgs.cs b/sdk/dotnet/Inputs/NamedLocationCountryGetArgs.cs index acb8bbd87..79d664971 100644 --- a/sdk/dotnet/Inputs/NamedLocationCountryGetArgs.cs +++ b/sdk/dotnet/Inputs/NamedLocationCountryGetArgs.cs @@ -24,6 +24,12 @@ public InputList CountriesAndRegions set => _countriesAndRegions = value; } + /// + /// Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + /// + [Input("countryLookupMethod")] + public Input? CountryLookupMethod { get; set; } + /// /// Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. /// diff --git a/sdk/dotnet/NamedLocation.cs b/sdk/dotnet/NamedLocation.cs index fc4ce8f89..0f40a1bfa 100644 --- a/sdk/dotnet/NamedLocation.cs +++ b/sdk/dotnet/NamedLocation.cs @@ -56,7 +56,7 @@ namespace Pulumi.AzureAD /// Named Locations can be imported using the `id`, e.g. /// /// ```sh - /// $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/namedLocation:NamedLocation")] diff --git a/sdk/dotnet/Outputs/ConditionalAccessPolicyConditions.cs b/sdk/dotnet/Outputs/ConditionalAccessPolicyConditions.cs index 67249aff8..f7626ef88 100644 --- a/sdk/dotnet/Outputs/ConditionalAccessPolicyConditions.cs +++ b/sdk/dotnet/Outputs/ConditionalAccessPolicyConditions.cs @@ -30,6 +30,10 @@ public sealed class ConditionalAccessPolicyConditions /// public readonly Outputs.ConditionalAccessPolicyConditionsDevices? Devices; /// + /// The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + /// + public readonly string? InsiderRiskLevels; + /// /// A `locations` block as documented below, which specifies locations included in and excluded from the policy. /// public readonly Outputs.ConditionalAccessPolicyConditionsLocations? Locations; @@ -64,6 +68,8 @@ private ConditionalAccessPolicyConditions( Outputs.ConditionalAccessPolicyConditionsDevices? devices, + string? insiderRiskLevels, + Outputs.ConditionalAccessPolicyConditionsLocations? locations, Outputs.ConditionalAccessPolicyConditionsPlatforms? platforms, @@ -80,6 +86,7 @@ private ConditionalAccessPolicyConditions( ClientAppTypes = clientAppTypes; ClientApplications = clientApplications; Devices = devices; + InsiderRiskLevels = insiderRiskLevels; Locations = locations; Platforms = platforms; ServicePrincipalRiskLevels = servicePrincipalRiskLevels; diff --git a/sdk/dotnet/Outputs/ConditionalAccessPolicyGrantControls.cs b/sdk/dotnet/Outputs/ConditionalAccessPolicyGrantControls.cs index c234aaf76..bcfcbd44a 100644 --- a/sdk/dotnet/Outputs/ConditionalAccessPolicyGrantControls.cs +++ b/sdk/dotnet/Outputs/ConditionalAccessPolicyGrantControls.cs @@ -14,7 +14,7 @@ namespace Pulumi.AzureAD.Outputs public sealed class ConditionalAccessPolicyGrantControls { /// - /// ID of an Authentication Strength Policy to use in this policy. + /// ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. /// public readonly string? AuthenticationStrengthPolicyId; /// diff --git a/sdk/dotnet/Outputs/GetNamedLocationCountryResult.cs b/sdk/dotnet/Outputs/GetNamedLocationCountryResult.cs index 8b421f93f..e2944421a 100644 --- a/sdk/dotnet/Outputs/GetNamedLocationCountryResult.cs +++ b/sdk/dotnet/Outputs/GetNamedLocationCountryResult.cs @@ -14,15 +14,19 @@ namespace Pulumi.AzureAD.Outputs public sealed class GetNamedLocationCountryResult { public readonly ImmutableArray CountriesAndRegions; + public readonly string CountryLookupMethod; public readonly bool IncludeUnknownCountriesAndRegions; [OutputConstructor] private GetNamedLocationCountryResult( ImmutableArray countriesAndRegions, + string countryLookupMethod, + bool includeUnknownCountriesAndRegions) { CountriesAndRegions = countriesAndRegions; + CountryLookupMethod = countryLookupMethod; IncludeUnknownCountriesAndRegions = includeUnknownCountriesAndRegions; } } diff --git a/sdk/dotnet/Outputs/NamedLocationCountry.cs b/sdk/dotnet/Outputs/NamedLocationCountry.cs index 5ef9fc1b8..0f67c006f 100644 --- a/sdk/dotnet/Outputs/NamedLocationCountry.cs +++ b/sdk/dotnet/Outputs/NamedLocationCountry.cs @@ -18,6 +18,10 @@ public sealed class NamedLocationCountry /// public readonly ImmutableArray CountriesAndRegions; /// + /// Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + /// + public readonly string? CountryLookupMethod; + /// /// Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. /// public readonly bool? IncludeUnknownCountriesAndRegions; @@ -26,9 +30,12 @@ public sealed class NamedLocationCountry private NamedLocationCountry( ImmutableArray countriesAndRegions, + string? countryLookupMethod, + bool? includeUnknownCountriesAndRegions) { CountriesAndRegions = countriesAndRegions; + CountryLookupMethod = countryLookupMethod; IncludeUnknownCountriesAndRegions = includeUnknownCountriesAndRegions; } } diff --git a/sdk/dotnet/ServicePrincipal.cs b/sdk/dotnet/ServicePrincipal.cs index b159c0ee6..d34c69627 100644 --- a/sdk/dotnet/ServicePrincipal.cs +++ b/sdk/dotnet/ServicePrincipal.cs @@ -144,7 +144,7 @@ namespace Pulumi.AzureAD /// Service principals can be imported using their object ID, e.g. /// /// ```sh - /// $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/servicePrincipal:ServicePrincipal")] diff --git a/sdk/dotnet/User.cs b/sdk/dotnet/User.cs index 84cd22c20..776d02682 100644 --- a/sdk/dotnet/User.cs +++ b/sdk/dotnet/User.cs @@ -46,7 +46,7 @@ namespace Pulumi.AzureAD /// Users can be imported using their object ID, e.g. /// /// ```sh - /// $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 + /// $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 /// ``` /// [AzureADResourceType("azuread:index/user:User")] @@ -142,6 +142,12 @@ public partial class User : global::Pulumi.CustomResource [Output("division")] public Output Division { get; private set; } = null!; + /// + /// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + [Output("employeeHireDate")] + public Output EmployeeHireDate { get; private set; } = null!; + /// /// The employee identifier assigned to the user by the organisation. /// @@ -475,6 +481,12 @@ public InputList BusinessPhones [Input("division")] public Input? Division { get; set; } + /// + /// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + [Input("employeeHireDate")] + public Input? EmployeeHireDate { get; set; } + /// /// The employee identifier assigned to the user by the organisation. /// @@ -728,6 +740,12 @@ public InputList BusinessPhones [Input("division")] public Input? Division { get; set; } + /// + /// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + [Input("employeeHireDate")] + public Input? EmployeeHireDate { get; set; } + /// /// The employee identifier assigned to the user by the organisation. /// diff --git a/sdk/go/azuread/administrativeUnit.go b/sdk/go/azuread/administrativeUnit.go index 70d5a6a1a..6c9b50776 100644 --- a/sdk/go/azuread/administrativeUnit.go +++ b/sdk/go/azuread/administrativeUnit.go @@ -55,7 +55,7 @@ import ( // Administrative units can be imported using their object ID, e.g. // // ```sh -// $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 // ``` type AdministrativeUnit struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/administrativeUnitMember.go b/sdk/go/azuread/administrativeUnitMember.go index 95c4429f0..13ae86a14 100644 --- a/sdk/go/azuread/administrativeUnitMember.go +++ b/sdk/go/azuread/administrativeUnitMember.go @@ -67,10 +67,8 @@ import ( // Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. // // ```sh -// $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 +// $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 // ``` -// -// -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. type AdministrativeUnitMember struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/administrativeUnitRoleMember.go b/sdk/go/azuread/administrativeUnitRoleMember.go index e5c5355d8..d4eb96109 100644 --- a/sdk/go/azuread/administrativeUnitRoleMember.go +++ b/sdk/go/azuread/administrativeUnitRoleMember.go @@ -73,10 +73,10 @@ import ( // Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. // // ```sh -// $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS +// $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example // ``` // -// -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. +// /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS type AdministrativeUnitRoleMember struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/appRoleAssignment.go b/sdk/go/azuread/appRoleAssignment.go index 12ca5ac11..5c9c1abfd 100644 --- a/sdk/go/azuread/appRoleAssignment.go +++ b/sdk/go/azuread/appRoleAssignment.go @@ -182,10 +182,10 @@ import ( // App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. // // ```sh -// $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz +// $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz // ``` // -// -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. +// -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. type AppRoleAssignment struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/application.go b/sdk/go/azuread/application.go index f4972b885..b6d3a2604 100644 --- a/sdk/go/azuread/application.go +++ b/sdk/go/azuread/application.go @@ -235,7 +235,7 @@ type Application struct { // A single `password` block as documented below. The password is generated during creation. By default, no password is generated. // // > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource. - Password ApplicationPasswordTypeOutput `pulumi:"password"` + Password ApplicationPasswordTypePtrOutput `pulumi:"password"` // If `true`, will return an error if an existing application is found with the same name. Defaults to `false`. PreventDuplicateNames pulumi.BoolPtrOutput `pulumi:"preventDuplicateNames"` // URL of the application's privacy statement. @@ -818,8 +818,8 @@ func (o ApplicationOutput) Owners() pulumi.StringArrayOutput { // A single `password` block as documented below. The password is generated during creation. By default, no password is generated. // // > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource. -func (o ApplicationOutput) Password() ApplicationPasswordTypeOutput { - return o.ApplyT(func(v *Application) ApplicationPasswordTypeOutput { return v.Password }).(ApplicationPasswordTypeOutput) +func (o ApplicationOutput) Password() ApplicationPasswordTypePtrOutput { + return o.ApplyT(func(v *Application) ApplicationPasswordTypePtrOutput { return v.Password }).(ApplicationPasswordTypePtrOutput) } // If `true`, will return an error if an existing application is found with the same name. Defaults to `false`. diff --git a/sdk/go/azuread/applicationIdentifierUri.go b/sdk/go/azuread/applicationIdentifierUri.go index 0ab0da23e..c3daaf297 100644 --- a/sdk/go/azuread/applicationIdentifierUri.go +++ b/sdk/go/azuread/applicationIdentifierUri.go @@ -34,7 +34,7 @@ import ( // } // _, err = azuread.NewApplicationIdentifierUri(ctx, "example", &azuread.ApplicationIdentifierUriArgs{ // ApplicationId: example.ID(), -// IdentifierUri: pulumi.String("https://app.hashitown.com"), +// IdentifierUri: pulumi.String("https://app.example.com"), // }) // if err != nil { // return err diff --git a/sdk/go/azuread/applicationOwner.go b/sdk/go/azuread/applicationOwner.go index 812083479..3a33ad1e7 100644 --- a/sdk/go/azuread/applicationOwner.go +++ b/sdk/go/azuread/applicationOwner.go @@ -33,7 +33,7 @@ import ( // return err // } // jane, err := azuread.NewUser(ctx, "jane", &azuread.UserArgs{ -// UserPrincipalName: pulumi.String("jane.fischer@hashitown.com"), +// UserPrincipalName: pulumi.String("jane.fischer@example.com"), // DisplayName: pulumi.String("Jane Fischer"), // Password: pulumi.String("Ch@ngeMe"), // }) diff --git a/sdk/go/azuread/applicationRedirectUris.go b/sdk/go/azuread/applicationRedirectUris.go index 9786443fe..3b841a2f5 100644 --- a/sdk/go/azuread/applicationRedirectUris.go +++ b/sdk/go/azuread/applicationRedirectUris.go @@ -51,8 +51,8 @@ import ( // ApplicationId: example.ID(), // Type: pulumi.String("SPA"), // RedirectUris: pulumi.StringArray{ -// pulumi.String("https://mobile.hashitown.com/"), -// pulumi.String("https://beta.hashitown.com/"), +// pulumi.String("https://mobile.example.com/"), +// pulumi.String("https://beta.example.com/"), // }, // }) // if err != nil { @@ -62,8 +62,8 @@ import ( // ApplicationId: example.ID(), // Type: pulumi.String("Web"), // RedirectUris: pulumi.StringArray{ -// pulumi.String("https://app.hashitown.com/"), -// pulumi.String("https://classic.hashitown.com/"), +// pulumi.String("https://app.example.com/"), +// pulumi.String("https://classic.example.com/"), // pulumi.String("urn:ietf:wg:oauth:2.0:oob"), // }, // }) diff --git a/sdk/go/azuread/applicationRegistration.go b/sdk/go/azuread/applicationRegistration.go index ec1735bb8..113902b00 100644 --- a/sdk/go/azuread/applicationRegistration.go +++ b/sdk/go/azuread/applicationRegistration.go @@ -42,12 +42,12 @@ import ( // DisplayName: pulumi.String("Example Application"), // Description: pulumi.String("My example application"), // SignInAudience: pulumi.String("AzureADMyOrg"), -// HomepageUrl: pulumi.String("https://app.hashitown.com/"), -// LogoutUrl: pulumi.String("https://app.hashitown.com/logout"), -// MarketingUrl: pulumi.String("https://hashitown.com/"), -// PrivacyStatementUrl: pulumi.String("https://hashitown.com/privacy"), -// SupportUrl: pulumi.String("https://support.hashitown.com/"), -// TermsOfServiceUrl: pulumi.String("https://hashitown.com/terms"), +// HomepageUrl: pulumi.String("https://app.example.com/"), +// LogoutUrl: pulumi.String("https://app.example.com/logout"), +// MarketingUrl: pulumi.String("https://example.com/"), +// PrivacyStatementUrl: pulumi.String("https://example.com/privacy"), +// SupportUrl: pulumi.String("https://support.example.com/"), +// TermsOfServiceUrl: pulumi.String("https://example.com/terms"), // }) // if err != nil { // return err diff --git a/sdk/go/azuread/authenticationStrengthPolicy.go b/sdk/go/azuread/authenticationStrengthPolicy.go index e2166fdd7..300157601 100644 --- a/sdk/go/azuread/authenticationStrengthPolicy.go +++ b/sdk/go/azuread/authenticationStrengthPolicy.go @@ -88,7 +88,7 @@ import ( // Authentication Strength Policies can be imported using the `id`, e.g. // // ```sh -// $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 // ``` type AuthenticationStrengthPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/conditionalAccessPolicy.go b/sdk/go/azuread/conditionalAccessPolicy.go index c2a663a46..0af03cf5e 100644 --- a/sdk/go/azuread/conditionalAccessPolicy.go +++ b/sdk/go/azuread/conditionalAccessPolicy.go @@ -224,7 +224,7 @@ import ( // Conditional Access Policies can be imported using the `id`, e.g. // // ```sh -// $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 // ``` type ConditionalAccessPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/getDirectoryObject.go b/sdk/go/azuread/getDirectoryObject.go index 9d6748587..a9d1ed946 100644 --- a/sdk/go/azuread/getDirectoryObject.go +++ b/sdk/go/azuread/getDirectoryObject.go @@ -53,8 +53,8 @@ import ( // // The following attributes are exported: // -// *`objectId` - The object ID of the directory object. -// *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. +// * `objectId` - The object ID of the directory object. +// * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. func GetDirectoryObject(ctx *pulumi.Context, args *GetDirectoryObjectArgs, opts ...pulumi.InvokeOption) (*GetDirectoryObjectResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetDirectoryObjectResult diff --git a/sdk/go/azuread/getUser.go b/sdk/go/azuread/getUser.go index 09abfb5d3..03d119381 100644 --- a/sdk/go/azuread/getUser.go +++ b/sdk/go/azuread/getUser.go @@ -98,6 +98,8 @@ type LookupUserResult struct { DisplayName string `pulumi:"displayName"` // The name of the division in which the user works. Division string `pulumi:"division"` + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate string `pulumi:"employeeHireDate"` // The employee identifier assigned to the user by the organisation. EmployeeId string `pulumi:"employeeId"` // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -268,6 +270,11 @@ func (o LookupUserResultOutput) Division() pulumi.StringOutput { return o.ApplyT(func(v LookupUserResult) string { return v.Division }).(pulumi.StringOutput) } +// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). +func (o LookupUserResultOutput) EmployeeHireDate() pulumi.StringOutput { + return o.ApplyT(func(v LookupUserResult) string { return v.EmployeeHireDate }).(pulumi.StringOutput) +} + // The employee identifier assigned to the user by the organisation. func (o LookupUserResultOutput) EmployeeId() pulumi.StringOutput { return o.ApplyT(func(v LookupUserResult) string { return v.EmployeeId }).(pulumi.StringOutput) diff --git a/sdk/go/azuread/group.go b/sdk/go/azuread/group.go index c26a17c93..6840fe5c0 100644 --- a/sdk/go/azuread/group.go +++ b/sdk/go/azuread/group.go @@ -28,7 +28,7 @@ import ( // // When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` // -// When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. +// When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. // // The `externalSendersAllowed`, `autoSubscribeNewMembers`, `hideFromAddressLists` and `hideFromOutlookClients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. // @@ -124,7 +124,7 @@ import ( // Groups can be imported using their object ID, e.g. // // ```sh -// $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 // ``` type Group struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/groupMember.go b/sdk/go/azuread/groupMember.go index 64cee469f..276a150f9 100644 --- a/sdk/go/azuread/groupMember.go +++ b/sdk/go/azuread/groupMember.go @@ -54,8 +54,8 @@ import ( // return err // } // _, err = azuread.NewGroupMember(ctx, "example", &azuread.GroupMemberArgs{ -// GroupObjectId: exampleGroup.ID(), -// MemberObjectId: pulumi.String(example.Id), +// GroupObjectId: exampleGroup.ObjectId, +// MemberObjectId: pulumi.String(example.ObjectId), // }) // if err != nil { // return err diff --git a/sdk/go/azuread/namedLocation.go b/sdk/go/azuread/namedLocation.go index 4a0112622..ed933b3fa 100644 --- a/sdk/go/azuread/namedLocation.go +++ b/sdk/go/azuread/namedLocation.go @@ -63,7 +63,7 @@ import ( // Named Locations can be imported using the `id`, e.g. // // ```sh -// $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 // ``` type NamedLocation struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/pulumiTypes.go b/sdk/go/azuread/pulumiTypes.go index 745602d70..646bc1c3c 100644 --- a/sdk/go/azuread/pulumiTypes.go +++ b/sdk/go/azuread/pulumiTypes.go @@ -4126,6 +4126,8 @@ type ConditionalAccessPolicyConditions struct { ClientApplications *ConditionalAccessPolicyConditionsClientApplications `pulumi:"clientApplications"` // A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. Devices *ConditionalAccessPolicyConditionsDevices `pulumi:"devices"` + // The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + InsiderRiskLevels *string `pulumi:"insiderRiskLevels"` // A `locations` block as documented below, which specifies locations included in and excluded from the policy. Locations *ConditionalAccessPolicyConditionsLocations `pulumi:"locations"` // A `platforms` block as documented below, which specifies platforms included in and excluded from the policy. @@ -4160,6 +4162,8 @@ type ConditionalAccessPolicyConditionsArgs struct { ClientApplications ConditionalAccessPolicyConditionsClientApplicationsPtrInput `pulumi:"clientApplications"` // A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. Devices ConditionalAccessPolicyConditionsDevicesPtrInput `pulumi:"devices"` + // The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + InsiderRiskLevels pulumi.StringPtrInput `pulumi:"insiderRiskLevels"` // A `locations` block as documented below, which specifies locations included in and excluded from the policy. Locations ConditionalAccessPolicyConditionsLocationsPtrInput `pulumi:"locations"` // A `platforms` block as documented below, which specifies platforms included in and excluded from the policy. @@ -4275,6 +4279,11 @@ func (o ConditionalAccessPolicyConditionsOutput) Devices() ConditionalAccessPoli return o.ApplyT(func(v ConditionalAccessPolicyConditions) *ConditionalAccessPolicyConditionsDevices { return v.Devices }).(ConditionalAccessPolicyConditionsDevicesPtrOutput) } +// The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. +func (o ConditionalAccessPolicyConditionsOutput) InsiderRiskLevels() pulumi.StringPtrOutput { + return o.ApplyT(func(v ConditionalAccessPolicyConditions) *string { return v.InsiderRiskLevels }).(pulumi.StringPtrOutput) +} + // A `locations` block as documented below, which specifies locations included in and excluded from the policy. func (o ConditionalAccessPolicyConditionsOutput) Locations() ConditionalAccessPolicyConditionsLocationsPtrOutput { return o.ApplyT(func(v ConditionalAccessPolicyConditions) *ConditionalAccessPolicyConditionsLocations { @@ -4373,6 +4382,16 @@ func (o ConditionalAccessPolicyConditionsPtrOutput) Devices() ConditionalAccessP }).(ConditionalAccessPolicyConditionsDevicesPtrOutput) } +// The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. +func (o ConditionalAccessPolicyConditionsPtrOutput) InsiderRiskLevels() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ConditionalAccessPolicyConditions) *string { + if v == nil { + return nil + } + return v.InsiderRiskLevels + }).(pulumi.StringPtrOutput) +} + // A `locations` block as documented below, which specifies locations included in and excluded from the policy. func (o ConditionalAccessPolicyConditionsPtrOutput) Locations() ConditionalAccessPolicyConditionsLocationsPtrOutput { return o.ApplyT(func(v *ConditionalAccessPolicyConditions) *ConditionalAccessPolicyConditionsLocations { @@ -6098,7 +6117,7 @@ func (o ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUserExtern } type ConditionalAccessPolicyGrantControls struct { - // ID of an Authentication Strength Policy to use in this policy. + // ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. AuthenticationStrengthPolicyId *string `pulumi:"authenticationStrengthPolicyId"` // List of built-in controls required by the policy. Possible values are: `block`, `mfa`, `approvedApplication`, `compliantApplication`, `compliantDevice`, `domainJoinedDevice`, `passwordChange` or `unknownFutureValue`. BuiltInControls []string `pulumi:"builtInControls"` @@ -6124,7 +6143,7 @@ type ConditionalAccessPolicyGrantControlsInput interface { } type ConditionalAccessPolicyGrantControlsArgs struct { - // ID of an Authentication Strength Policy to use in this policy. + // ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. AuthenticationStrengthPolicyId pulumi.StringPtrInput `pulumi:"authenticationStrengthPolicyId"` // List of built-in controls required by the policy. Possible values are: `block`, `mfa`, `approvedApplication`, `compliantApplication`, `compliantDevice`, `domainJoinedDevice`, `passwordChange` or `unknownFutureValue`. BuiltInControls pulumi.StringArrayInput `pulumi:"builtInControls"` @@ -6215,7 +6234,7 @@ func (o ConditionalAccessPolicyGrantControlsOutput) ToConditionalAccessPolicyGra }).(ConditionalAccessPolicyGrantControlsPtrOutput) } -// ID of an Authentication Strength Policy to use in this policy. +// ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. func (o ConditionalAccessPolicyGrantControlsOutput) AuthenticationStrengthPolicyId() pulumi.StringPtrOutput { return o.ApplyT(func(v ConditionalAccessPolicyGrantControls) *string { return v.AuthenticationStrengthPolicyId }).(pulumi.StringPtrOutput) } @@ -6266,7 +6285,7 @@ func (o ConditionalAccessPolicyGrantControlsPtrOutput) Elem() ConditionalAccessP }).(ConditionalAccessPolicyGrantControlsOutput) } -// ID of an Authentication Strength Policy to use in this policy. +// ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. func (o ConditionalAccessPolicyGrantControlsPtrOutput) AuthenticationStrengthPolicyId() pulumi.StringPtrOutput { return o.ApplyT(func(v *ConditionalAccessPolicyGrantControls) *string { if v == nil { @@ -10283,6 +10302,8 @@ func (o InvitationMessagePtrOutput) Language() pulumi.StringPtrOutput { type NamedLocationCountry struct { // List of countries and/or regions in two-letter format specified by ISO 3166-2. CountriesAndRegions []string `pulumi:"countriesAndRegions"` + // Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + CountryLookupMethod *string `pulumi:"countryLookupMethod"` // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. IncludeUnknownCountriesAndRegions *bool `pulumi:"includeUnknownCountriesAndRegions"` } @@ -10301,6 +10322,8 @@ type NamedLocationCountryInput interface { type NamedLocationCountryArgs struct { // List of countries and/or regions in two-letter format specified by ISO 3166-2. CountriesAndRegions pulumi.StringArrayInput `pulumi:"countriesAndRegions"` + // Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + CountryLookupMethod pulumi.StringPtrInput `pulumi:"countryLookupMethod"` // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. IncludeUnknownCountriesAndRegions pulumi.BoolPtrInput `pulumi:"includeUnknownCountriesAndRegions"` } @@ -10387,6 +10410,11 @@ func (o NamedLocationCountryOutput) CountriesAndRegions() pulumi.StringArrayOutp return o.ApplyT(func(v NamedLocationCountry) []string { return v.CountriesAndRegions }).(pulumi.StringArrayOutput) } +// Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. +func (o NamedLocationCountryOutput) CountryLookupMethod() pulumi.StringPtrOutput { + return o.ApplyT(func(v NamedLocationCountry) *string { return v.CountryLookupMethod }).(pulumi.StringPtrOutput) +} + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. func (o NamedLocationCountryOutput) IncludeUnknownCountriesAndRegions() pulumi.BoolPtrOutput { return o.ApplyT(func(v NamedLocationCountry) *bool { return v.IncludeUnknownCountriesAndRegions }).(pulumi.BoolPtrOutput) @@ -10426,6 +10454,16 @@ func (o NamedLocationCountryPtrOutput) CountriesAndRegions() pulumi.StringArrayO }).(pulumi.StringArrayOutput) } +// Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. +func (o NamedLocationCountryPtrOutput) CountryLookupMethod() pulumi.StringPtrOutput { + return o.ApplyT(func(v *NamedLocationCountry) *string { + if v == nil { + return nil + } + return v.CountryLookupMethod + }).(pulumi.StringPtrOutput) +} + // Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. func (o NamedLocationCountryPtrOutput) IncludeUnknownCountriesAndRegions() pulumi.BoolPtrOutput { return o.ApplyT(func(v *NamedLocationCountry) *bool { @@ -13896,6 +13934,7 @@ func (o GetGroupDynamicMembershipArrayOutput) Index(i pulumi.IntInput) GetGroupD type GetNamedLocationCountry struct { CountriesAndRegions []string `pulumi:"countriesAndRegions"` + CountryLookupMethod string `pulumi:"countryLookupMethod"` IncludeUnknownCountriesAndRegions bool `pulumi:"includeUnknownCountriesAndRegions"` } @@ -13912,6 +13951,7 @@ type GetNamedLocationCountryInput interface { type GetNamedLocationCountryArgs struct { CountriesAndRegions pulumi.StringArrayInput `pulumi:"countriesAndRegions"` + CountryLookupMethod pulumi.StringInput `pulumi:"countryLookupMethod"` IncludeUnknownCountriesAndRegions pulumi.BoolInput `pulumi:"includeUnknownCountriesAndRegions"` } @@ -13970,6 +14010,10 @@ func (o GetNamedLocationCountryOutput) CountriesAndRegions() pulumi.StringArrayO return o.ApplyT(func(v GetNamedLocationCountry) []string { return v.CountriesAndRegions }).(pulumi.StringArrayOutput) } +func (o GetNamedLocationCountryOutput) CountryLookupMethod() pulumi.StringOutput { + return o.ApplyT(func(v GetNamedLocationCountry) string { return v.CountryLookupMethod }).(pulumi.StringOutput) +} + func (o GetNamedLocationCountryOutput) IncludeUnknownCountriesAndRegions() pulumi.BoolOutput { return o.ApplyT(func(v GetNamedLocationCountry) bool { return v.IncludeUnknownCountriesAndRegions }).(pulumi.BoolOutput) } diff --git a/sdk/go/azuread/servicePrincipal.go b/sdk/go/azuread/servicePrincipal.go index 8a6692385..efcb5da57 100644 --- a/sdk/go/azuread/servicePrincipal.go +++ b/sdk/go/azuread/servicePrincipal.go @@ -182,7 +182,7 @@ import ( // Service principals can be imported using their object ID, e.g. // // ```sh -// $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 // ``` type ServicePrincipal struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/user.go b/sdk/go/azuread/user.go index f07f63150..5108a628b 100644 --- a/sdk/go/azuread/user.go +++ b/sdk/go/azuread/user.go @@ -56,7 +56,7 @@ import ( // Users can be imported using their object ID, e.g. // // ```sh -// $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 +// $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 // ``` type User struct { pulumi.CustomResourceState @@ -91,6 +91,8 @@ type User struct { DisplayName pulumi.StringOutput `pulumi:"displayName"` // The name of the division in which the user works. Division pulumi.StringPtrOutput `pulumi:"division"` + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate pulumi.StringPtrOutput `pulumi:"employeeHireDate"` // The employee identifier assigned to the user by the organisation. EmployeeId pulumi.StringPtrOutput `pulumi:"employeeId"` // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -233,6 +235,8 @@ type userState struct { DisplayName *string `pulumi:"displayName"` // The name of the division in which the user works. Division *string `pulumi:"division"` + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate *string `pulumi:"employeeHireDate"` // The employee identifier assigned to the user by the organisation. EmployeeId *string `pulumi:"employeeId"` // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -333,6 +337,8 @@ type UserState struct { DisplayName pulumi.StringPtrInput // The name of the division in which the user works. Division pulumi.StringPtrInput + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate pulumi.StringPtrInput // The employee identifier assigned to the user by the organisation. EmployeeId pulumi.StringPtrInput // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -433,6 +439,8 @@ type userArgs struct { DisplayName string `pulumi:"displayName"` // The name of the division in which the user works. Division *string `pulumi:"division"` + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate *string `pulumi:"employeeHireDate"` // The employee identifier assigned to the user by the organisation. EmployeeId *string `pulumi:"employeeId"` // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -508,6 +516,8 @@ type UserArgs struct { DisplayName pulumi.StringInput // The name of the division in which the user works. Division pulumi.StringPtrInput + // The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + EmployeeHireDate pulumi.StringPtrInput // The employee identifier assigned to the user by the organisation. EmployeeId pulumi.StringPtrInput // Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. @@ -717,6 +727,11 @@ func (o UserOutput) Division() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.Division }).(pulumi.StringPtrOutput) } +// The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). +func (o UserOutput) EmployeeHireDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.EmployeeHireDate }).(pulumi.StringPtrOutput) +} + // The employee identifier assigned to the user by the organisation. func (o UserOutput) EmployeeId() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.EmployeeId }).(pulumi.StringPtrOutput) diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnit.java b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnit.java index 372dc8074..59a71969a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnit.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnit.java @@ -69,7 +69,7 @@ * Administrative units can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitMember.java b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitMember.java index 48c8b6689..a0333e3cb 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitMember.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitMember.java @@ -80,11 +80,9 @@ * Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + * $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 * ``` * - * -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. - * */ @ResourceType(type="azuread:index/administrativeUnitMember:AdministrativeUnitMember") public class AdministrativeUnitMember extends com.pulumi.resources.CustomResource { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitRoleMember.java b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitRoleMember.java index bac2cf8d0..b96b91b40 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitRoleMember.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AdministrativeUnitRoleMember.java @@ -84,10 +84,10 @@ * Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS + * $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example * ``` * - * -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. + * /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS * */ @ResourceType(type="azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember") diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java index 4b318d4cf..bbee0b0b2 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java @@ -177,10 +177,10 @@ * App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. * * ```sh - * $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz + * $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz * ``` * - * -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. + * -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. * */ @ResourceType(type="azuread:index/appRoleAssignment:AppRoleAssignment") diff --git a/sdk/java/src/main/java/com/pulumi/azuread/Application.java b/sdk/java/src/main/java/com/pulumi/azuread/Application.java index b57702856..218509628 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/Application.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/Application.java @@ -494,7 +494,7 @@ public Output>> owners() { * */ @Export(name="password", refs={ApplicationPassword.class}, tree="[0]") - private Output password; + private Output password; /** * @return A single `password` block as documented below. The password is generated during creation. By default, no password is generated. @@ -502,8 +502,8 @@ public Output>> owners() { * > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource. * */ - public Output password() { - return this.password; + public Output> password() { + return Codegen.optional(this.password); } /** * If `true`, will return an error if an existing application is found with the same name. Defaults to `false`. diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationIdentifierUri.java b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationIdentifierUri.java index 6ee940c4f..45f626c40 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationIdentifierUri.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationIdentifierUri.java @@ -47,7 +47,7 @@ * * var exampleApplicationIdentifierUri = new ApplicationIdentifierUri("exampleApplicationIdentifierUri", ApplicationIdentifierUriArgs.builder() * .applicationId(example.id()) - * .identifierUri("https://app.hashitown.com") + * .identifierUri("https://app.example.com") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationOwner.java b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationOwner.java index 9387b0694..a3496e3fa 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationOwner.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationOwner.java @@ -48,7 +48,7 @@ * .build()); * * var jane = new User("jane", UserArgs.builder() - * .userPrincipalName("jane.fischer}{@literal @}{@code hashitown.com") + * .userPrincipalName("jane.fischer}{@literal @}{@code example.com") * .displayName("Jane Fischer") * .password("Ch}{@literal @}{@code ngeMe") * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRedirectUris.java b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRedirectUris.java index 4ff041813..3133302a8 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRedirectUris.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRedirectUris.java @@ -62,16 +62,16 @@ * .applicationId(example.id()) * .type("SPA") * .redirectUris( - * "https://mobile.hashitown.com/", - * "https://beta.hashitown.com/") + * "https://mobile.example.com/", + * "https://beta.example.com/") * .build()); * * var exampleWeb = new ApplicationRedirectUris("exampleWeb", ApplicationRedirectUrisArgs.builder() * .applicationId(example.id()) * .type("Web") * .redirectUris( - * "https://app.hashitown.com/", - * "https://classic.hashitown.com/", + * "https://app.example.com/", + * "https://classic.example.com/", * "urn:ietf:wg:oauth:2.0:oob") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRegistration.java b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRegistration.java index ca4ae8a7b..03003da8f 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRegistration.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationRegistration.java @@ -59,12 +59,12 @@ * .displayName("Example Application") * .description("My example application") * .signInAudience("AzureADMyOrg") - * .homepageUrl("https://app.hashitown.com/") - * .logoutUrl("https://app.hashitown.com/logout") - * .marketingUrl("https://hashitown.com/") - * .privacyStatementUrl("https://hashitown.com/privacy") - * .supportUrl("https://support.hashitown.com/") - * .termsOfServiceUrl("https://hashitown.com/terms") + * .homepageUrl("https://app.example.com/") + * .logoutUrl("https://app.example.com/logout") + * .marketingUrl("https://example.com/") + * .privacyStatementUrl("https://example.com/privacy") + * .supportUrl("https://support.example.com/") + * .termsOfServiceUrl("https://example.com/terms") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AuthenticationStrengthPolicy.java b/sdk/java/src/main/java/com/pulumi/azuread/AuthenticationStrengthPolicy.java index 34b8e5027..d5285306d 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AuthenticationStrengthPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AuthenticationStrengthPolicy.java @@ -97,7 +97,7 @@ * Authentication Strength Policies can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java b/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java index 5e0b6ed7c..51777c988 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java @@ -4247,8 +4247,8 @@ public static CompletableFuture getClientConfigPlain(Invo * * The following attributes are exported: * - * *`object_id` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `object_id` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. * */ public static Output getDirectoryObject(GetDirectoryObjectArgs args) { @@ -4306,8 +4306,8 @@ public static Output getDirectoryObject(GetDirectoryOb * * The following attributes are exported: * - * *`object_id` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `object_id` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. * */ public static CompletableFuture getDirectoryObjectPlain(GetDirectoryObjectPlainArgs args) { @@ -4365,8 +4365,8 @@ public static CompletableFuture getDirectoryObjectPlai * * The following attributes are exported: * - * *`object_id` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `object_id` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. * */ public static Output getDirectoryObject(GetDirectoryObjectArgs args, InvokeOptions options) { @@ -4424,8 +4424,8 @@ public static Output getDirectoryObject(GetDirectoryOb * * The following attributes are exported: * - * *`object_id` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `object_id` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. * */ public static Output getDirectoryObject(GetDirectoryObjectArgs args, InvokeOutputOptions options) { @@ -4483,8 +4483,8 @@ public static Output getDirectoryObject(GetDirectoryOb * * The following attributes are exported: * - * *`object_id` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `object_id` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. * */ public static CompletableFuture getDirectoryObjectPlain(GetDirectoryObjectPlainArgs args, InvokeOptions options) { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ConditionalAccessPolicy.java b/sdk/java/src/main/java/com/pulumi/azuread/ConditionalAccessPolicy.java index deb236c74..af532e785 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ConditionalAccessPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ConditionalAccessPolicy.java @@ -230,7 +230,7 @@ * Conditional Access Policies can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/Group.java b/sdk/java/src/main/java/com/pulumi/azuread/Group.java index d29ded588..eb07af829 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/Group.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/Group.java @@ -34,7 +34,7 @@ * * When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` * - * When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. + * When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. * * The `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. * @@ -190,7 +190,7 @@ * Groups can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/GroupMember.java b/sdk/java/src/main/java/com/pulumi/azuread/GroupMember.java index 826622f85..88d825c2e 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/GroupMember.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/GroupMember.java @@ -67,8 +67,8 @@ * .build()); * * var exampleGroupMember = new GroupMember("exampleGroupMember", GroupMemberArgs.builder() - * .groupObjectId(exampleGroup.id()) - * .memberObjectId(example.applyValue(getUserResult -> getUserResult.id())) + * .groupObjectId(exampleGroup.objectId()) + * .memberObjectId(example.applyValue(getUserResult -> getUserResult.objectId())) * .build()); * * }}{@code diff --git a/sdk/java/src/main/java/com/pulumi/azuread/NamedLocation.java b/sdk/java/src/main/java/com/pulumi/azuread/NamedLocation.java index b91c73e50..c40590f07 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/NamedLocation.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/NamedLocation.java @@ -75,7 +75,7 @@ * Named Locations can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ServicePrincipal.java b/sdk/java/src/main/java/com/pulumi/azuread/ServicePrincipal.java index a32d224ae..fd3187e97 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ServicePrincipal.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ServicePrincipal.java @@ -217,7 +217,7 @@ * Service principals can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 * ``` * */ diff --git a/sdk/java/src/main/java/com/pulumi/azuread/User.java b/sdk/java/src/main/java/com/pulumi/azuread/User.java index c1e655db3..7fa730677 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/User.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/User.java @@ -70,7 +70,7 @@ * Users can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 * ``` * */ @@ -286,6 +286,20 @@ public Output displayName() { public Output> division() { return Codegen.optional(this.division); } + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + @Export(name="employeeHireDate", refs={String.class}, tree="[0]") + private Output employeeHireDate; + + /** + * @return The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public Output> employeeHireDate() { + return Codegen.optional(this.employeeHireDate); + } /** * The employee identifier assigned to the user by the organisation. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/UserArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/UserArgs.java index f37b0608e..41b117991 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/UserArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/UserArgs.java @@ -213,6 +213,21 @@ public Optional> division() { return Optional.ofNullable(this.division); } + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + @Import(name="employeeHireDate") + private @Nullable Output employeeHireDate; + + /** + * @return The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public Optional> employeeHireDate() { + return Optional.ofNullable(this.employeeHireDate); + } + /** * The employee identifier assigned to the user by the organisation. * @@ -561,6 +576,7 @@ private UserArgs(UserArgs $) { this.disableStrongPassword = $.disableStrongPassword; this.displayName = $.displayName; this.division = $.division; + this.employeeHireDate = $.employeeHireDate; this.employeeId = $.employeeId; this.employeeType = $.employeeType; this.faxNumber = $.faxNumber; @@ -886,6 +902,27 @@ public Builder division(String division) { return division(Output.of(division)); } + /** + * @param employeeHireDate The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder employeeHireDate(@Nullable Output employeeHireDate) { + $.employeeHireDate = employeeHireDate; + return this; + } + + /** + * @param employeeHireDate The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder employeeHireDate(String employeeHireDate) { + return employeeHireDate(Output.of(employeeHireDate)); + } + /** * @param employeeId The employee identifier assigned to the user by the organisation. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyConditionsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyConditionsArgs.java index f76b84c65..6abf4e2e6 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyConditionsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyConditionsArgs.java @@ -83,6 +83,21 @@ public Optional> devices() return Optional.ofNullable(this.devices); } + /** + * The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + */ + @Import(name="insiderRiskLevels") + private @Nullable Output insiderRiskLevels; + + /** + * @return The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + */ + public Optional> insiderRiskLevels() { + return Optional.ofNullable(this.insiderRiskLevels); + } + /** * A `locations` block as documented below, which specifies locations included in and excluded from the policy. * @@ -180,6 +195,7 @@ private ConditionalAccessPolicyConditionsArgs(ConditionalAccessPolicyConditionsA this.clientAppTypes = $.clientAppTypes; this.clientApplications = $.clientApplications; this.devices = $.devices; + this.insiderRiskLevels = $.insiderRiskLevels; this.locations = $.locations; this.platforms = $.platforms; this.servicePrincipalRiskLevels = $.servicePrincipalRiskLevels; @@ -300,6 +316,27 @@ public Builder devices(ConditionalAccessPolicyConditionsDevicesArgs devices) { return devices(Output.of(devices)); } + /** + * @param insiderRiskLevels The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + * @return builder + * + */ + public Builder insiderRiskLevels(@Nullable Output insiderRiskLevels) { + $.insiderRiskLevels = insiderRiskLevels; + return this; + } + + /** + * @param insiderRiskLevels The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + * @return builder + * + */ + public Builder insiderRiskLevels(String insiderRiskLevels) { + return insiderRiskLevels(Output.of(insiderRiskLevels)); + } + /** * @param locations A `locations` block as documented below, which specifies locations included in and excluded from the policy. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyGrantControlsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyGrantControlsArgs.java index 3ae5425b5..371df033a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyGrantControlsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ConditionalAccessPolicyGrantControlsArgs.java @@ -18,14 +18,14 @@ public final class ConditionalAccessPolicyGrantControlsArgs extends com.pulumi.r public static final ConditionalAccessPolicyGrantControlsArgs Empty = new ConditionalAccessPolicyGrantControlsArgs(); /** - * ID of an Authentication Strength Policy to use in this policy. + * ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * */ @Import(name="authenticationStrengthPolicyId") private @Nullable Output authenticationStrengthPolicyId; /** - * @return ID of an Authentication Strength Policy to use in this policy. + * @return ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * */ public Optional> authenticationStrengthPolicyId() { @@ -125,7 +125,7 @@ public Builder(ConditionalAccessPolicyGrantControlsArgs defaults) { } /** - * @param authenticationStrengthPolicyId ID of an Authentication Strength Policy to use in this policy. + * @param authenticationStrengthPolicyId ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * * @return builder * @@ -136,7 +136,7 @@ public Builder authenticationStrengthPolicyId(@Nullable Output authentic } /** - * @param authenticationStrengthPolicyId ID of an Authentication Strength Policy to use in this policy. + * @param authenticationStrengthPolicyId ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/NamedLocationCountryArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/NamedLocationCountryArgs.java index 0b4d7f49f..9083d3af5 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/NamedLocationCountryArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/NamedLocationCountryArgs.java @@ -33,6 +33,21 @@ public Output> countriesAndRegions() { return this.countriesAndRegions; } + /** + * Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + */ + @Import(name="countryLookupMethod") + private @Nullable Output countryLookupMethod; + + /** + * @return Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + */ + public Optional> countryLookupMethod() { + return Optional.ofNullable(this.countryLookupMethod); + } + /** * Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. * @@ -52,6 +67,7 @@ private NamedLocationCountryArgs() {} private NamedLocationCountryArgs(NamedLocationCountryArgs $) { this.countriesAndRegions = $.countriesAndRegions; + this.countryLookupMethod = $.countryLookupMethod; this.includeUnknownCountriesAndRegions = $.includeUnknownCountriesAndRegions; } @@ -104,6 +120,27 @@ public Builder countriesAndRegions(String... countriesAndRegions) { return countriesAndRegions(List.of(countriesAndRegions)); } + /** + * @param countryLookupMethod Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + * @return builder + * + */ + public Builder countryLookupMethod(@Nullable Output countryLookupMethod) { + $.countryLookupMethod = countryLookupMethod; + return this; + } + + /** + * @param countryLookupMethod Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + * @return builder + * + */ + public Builder countryLookupMethod(String countryLookupMethod) { + return countryLookupMethod(Output.of(countryLookupMethod)); + } + /** * @param includeUnknownCountriesAndRegions Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/UserState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/UserState.java index bbdd1be85..efb32c94a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/UserState.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/UserState.java @@ -242,6 +242,21 @@ public Optional> division() { return Optional.ofNullable(this.division); } + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + @Import(name="employeeHireDate") + private @Nullable Output employeeHireDate; + + /** + * @return The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public Optional> employeeHireDate() { + return Optional.ofNullable(this.employeeHireDate); + } + /** * The employee identifier assigned to the user by the organisation. * @@ -757,6 +772,7 @@ private UserState(UserState $) { this.disableStrongPassword = $.disableStrongPassword; this.displayName = $.displayName; this.division = $.division; + this.employeeHireDate = $.employeeHireDate; this.employeeId = $.employeeId; this.employeeType = $.employeeType; this.externalUserState = $.externalUserState; @@ -1135,6 +1151,27 @@ public Builder division(String division) { return division(Output.of(division)); } + /** + * @param employeeHireDate The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder employeeHireDate(@Nullable Output employeeHireDate) { + $.employeeHireDate = employeeHireDate; + return this; + } + + /** + * @param employeeHireDate The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder employeeHireDate(String employeeHireDate) { + return employeeHireDate(Output.of(employeeHireDate)); + } + /** * @param employeeId The employee identifier assigned to the user by the organisation. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyConditions.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyConditions.java index 35af08317..33204de03 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyConditions.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyConditions.java @@ -39,6 +39,11 @@ public final class ConditionalAccessPolicyConditions { * */ private @Nullable ConditionalAccessPolicyConditionsDevices devices; + /** + * @return The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + */ + private @Nullable String insiderRiskLevels; /** * @return A `locations` block as documented below, which specifies locations included in and excluded from the policy. * @@ -99,6 +104,13 @@ public Optional clientAppli public Optional devices() { return Optional.ofNullable(this.devices); } + /** + * @return The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + * + */ + public Optional insiderRiskLevels() { + return Optional.ofNullable(this.insiderRiskLevels); + } /** * @return A `locations` block as documented below, which specifies locations included in and excluded from the policy. * @@ -155,6 +167,7 @@ public static final class Builder { private List clientAppTypes; private @Nullable ConditionalAccessPolicyConditionsClientApplications clientApplications; private @Nullable ConditionalAccessPolicyConditionsDevices devices; + private @Nullable String insiderRiskLevels; private @Nullable ConditionalAccessPolicyConditionsLocations locations; private @Nullable ConditionalAccessPolicyConditionsPlatforms platforms; private @Nullable List servicePrincipalRiskLevels; @@ -168,6 +181,7 @@ public Builder(ConditionalAccessPolicyConditions defaults) { this.clientAppTypes = defaults.clientAppTypes; this.clientApplications = defaults.clientApplications; this.devices = defaults.devices; + this.insiderRiskLevels = defaults.insiderRiskLevels; this.locations = defaults.locations; this.platforms = defaults.platforms; this.servicePrincipalRiskLevels = defaults.servicePrincipalRiskLevels; @@ -208,6 +222,12 @@ public Builder devices(@Nullable ConditionalAccessPolicyConditionsDevices device return this; } @CustomType.Setter + public Builder insiderRiskLevels(@Nullable String insiderRiskLevels) { + + this.insiderRiskLevels = insiderRiskLevels; + return this; + } + @CustomType.Setter public Builder locations(@Nullable ConditionalAccessPolicyConditionsLocations locations) { this.locations = locations; @@ -260,6 +280,7 @@ public ConditionalAccessPolicyConditions build() { _resultValue.clientAppTypes = clientAppTypes; _resultValue.clientApplications = clientApplications; _resultValue.devices = devices; + _resultValue.insiderRiskLevels = insiderRiskLevels; _resultValue.locations = locations; _resultValue.platforms = platforms; _resultValue.servicePrincipalRiskLevels = servicePrincipalRiskLevels; diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyGrantControls.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyGrantControls.java index f6c443c30..7f30051ef 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyGrantControls.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/ConditionalAccessPolicyGrantControls.java @@ -14,7 +14,7 @@ @CustomType public final class ConditionalAccessPolicyGrantControls { /** - * @return ID of an Authentication Strength Policy to use in this policy. + * @return ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * */ private @Nullable String authenticationStrengthPolicyId; @@ -43,7 +43,7 @@ public final class ConditionalAccessPolicyGrantControls { private ConditionalAccessPolicyGrantControls() {} /** - * @return ID of an Authentication Strength Policy to use in this policy. + * @return ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. * */ public Optional authenticationStrengthPolicyId() { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetNamedLocationCountry.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetNamedLocationCountry.java index fbe51702c..92ca83c62 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetNamedLocationCountry.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetNamedLocationCountry.java @@ -13,12 +13,16 @@ @CustomType public final class GetNamedLocationCountry { private List countriesAndRegions; + private String countryLookupMethod; private Boolean includeUnknownCountriesAndRegions; private GetNamedLocationCountry() {} public List countriesAndRegions() { return this.countriesAndRegions; } + public String countryLookupMethod() { + return this.countryLookupMethod; + } public Boolean includeUnknownCountriesAndRegions() { return this.includeUnknownCountriesAndRegions; } @@ -33,11 +37,13 @@ public static Builder builder(GetNamedLocationCountry defaults) { @CustomType.Builder public static final class Builder { private List countriesAndRegions; + private String countryLookupMethod; private Boolean includeUnknownCountriesAndRegions; public Builder() {} public Builder(GetNamedLocationCountry defaults) { Objects.requireNonNull(defaults); this.countriesAndRegions = defaults.countriesAndRegions; + this.countryLookupMethod = defaults.countryLookupMethod; this.includeUnknownCountriesAndRegions = defaults.includeUnknownCountriesAndRegions; } @@ -53,6 +59,14 @@ public Builder countriesAndRegions(String... countriesAndRegions) { return countriesAndRegions(List.of(countriesAndRegions)); } @CustomType.Setter + public Builder countryLookupMethod(String countryLookupMethod) { + if (countryLookupMethod == null) { + throw new MissingRequiredPropertyException("GetNamedLocationCountry", "countryLookupMethod"); + } + this.countryLookupMethod = countryLookupMethod; + return this; + } + @CustomType.Setter public Builder includeUnknownCountriesAndRegions(Boolean includeUnknownCountriesAndRegions) { if (includeUnknownCountriesAndRegions == null) { throw new MissingRequiredPropertyException("GetNamedLocationCountry", "includeUnknownCountriesAndRegions"); @@ -63,6 +77,7 @@ public Builder includeUnknownCountriesAndRegions(Boolean includeUnknownCountries public GetNamedLocationCountry build() { final var _resultValue = new GetNamedLocationCountry(); _resultValue.countriesAndRegions = countriesAndRegions; + _resultValue.countryLookupMethod = countryLookupMethod; _resultValue.includeUnknownCountriesAndRegions = includeUnknownCountriesAndRegions; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetUserResult.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetUserResult.java index a89e9c19b..7ec2cafb5 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetUserResult.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetUserResult.java @@ -72,6 +72,11 @@ public final class GetUserResult { * */ private String division; + /** + * @return The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + private String employeeHireDate; /** * @return The employee identifier assigned to the user by the organisation. * @@ -318,6 +323,13 @@ public String displayName() { public String division() { return this.division; } + /** + * @return The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public String employeeHireDate() { + return this.employeeHireDate; + } /** * @return The employee identifier assigned to the user by the organisation. * @@ -564,6 +576,7 @@ public static final class Builder { private String department; private String displayName; private String division; + private String employeeHireDate; private String employeeId; private String employeeType; private String externalUserState; @@ -611,6 +624,7 @@ public Builder(GetUserResult defaults) { this.department = defaults.department; this.displayName = defaults.displayName; this.division = defaults.division; + this.employeeHireDate = defaults.employeeHireDate; this.employeeId = defaults.employeeId; this.employeeType = defaults.employeeType; this.externalUserState = defaults.externalUserState; @@ -745,6 +759,14 @@ public Builder division(String division) { return this; } @CustomType.Setter + public Builder employeeHireDate(String employeeHireDate) { + if (employeeHireDate == null) { + throw new MissingRequiredPropertyException("GetUserResult", "employeeHireDate"); + } + this.employeeHireDate = employeeHireDate; + return this; + } + @CustomType.Setter public Builder employeeId(String employeeId) { if (employeeId == null) { throw new MissingRequiredPropertyException("GetUserResult", "employeeId"); @@ -1023,6 +1045,7 @@ public GetUserResult build() { _resultValue.department = department; _resultValue.displayName = displayName; _resultValue.division = division; + _resultValue.employeeHireDate = employeeHireDate; _resultValue.employeeId = employeeId; _resultValue.employeeType = employeeType; _resultValue.externalUserState = externalUserState; diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/NamedLocationCountry.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/NamedLocationCountry.java index 5bed88029..49fd14d6a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/NamedLocationCountry.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/NamedLocationCountry.java @@ -19,6 +19,11 @@ public final class NamedLocationCountry { * */ private List countriesAndRegions; + /** + * @return Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + */ + private @Nullable String countryLookupMethod; /** * @return Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. * @@ -33,6 +38,13 @@ private NamedLocationCountry() {} public List countriesAndRegions() { return this.countriesAndRegions; } + /** + * @return Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + * + */ + public Optional countryLookupMethod() { + return Optional.ofNullable(this.countryLookupMethod); + } /** * @return Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. * @@ -51,11 +63,13 @@ public static Builder builder(NamedLocationCountry defaults) { @CustomType.Builder public static final class Builder { private List countriesAndRegions; + private @Nullable String countryLookupMethod; private @Nullable Boolean includeUnknownCountriesAndRegions; public Builder() {} public Builder(NamedLocationCountry defaults) { Objects.requireNonNull(defaults); this.countriesAndRegions = defaults.countriesAndRegions; + this.countryLookupMethod = defaults.countryLookupMethod; this.includeUnknownCountriesAndRegions = defaults.includeUnknownCountriesAndRegions; } @@ -71,6 +85,12 @@ public Builder countriesAndRegions(String... countriesAndRegions) { return countriesAndRegions(List.of(countriesAndRegions)); } @CustomType.Setter + public Builder countryLookupMethod(@Nullable String countryLookupMethod) { + + this.countryLookupMethod = countryLookupMethod; + return this; + } + @CustomType.Setter public Builder includeUnknownCountriesAndRegions(@Nullable Boolean includeUnknownCountriesAndRegions) { this.includeUnknownCountriesAndRegions = includeUnknownCountriesAndRegions; @@ -79,6 +99,7 @@ public Builder includeUnknownCountriesAndRegions(@Nullable Boolean includeUnknow public NamedLocationCountry build() { final var _resultValue = new NamedLocationCountry(); _resultValue.countriesAndRegions = countriesAndRegions; + _resultValue.countryLookupMethod = countryLookupMethod; _resultValue.includeUnknownCountriesAndRegions = includeUnknownCountriesAndRegions; return _resultValue; } diff --git a/sdk/nodejs/administrativeUnit.ts b/sdk/nodejs/administrativeUnit.ts index debeab7a4..04c879238 100644 --- a/sdk/nodejs/administrativeUnit.ts +++ b/sdk/nodejs/administrativeUnit.ts @@ -33,7 +33,7 @@ import * as utilities from "./utilities"; * Administrative units can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 * ``` */ export class AdministrativeUnit extends pulumi.CustomResource { diff --git a/sdk/nodejs/administrativeUnitMember.ts b/sdk/nodejs/administrativeUnitMember.ts index 8b706b6f7..b6feabd5d 100644 --- a/sdk/nodejs/administrativeUnitMember.ts +++ b/sdk/nodejs/administrativeUnitMember.ts @@ -38,10 +38,8 @@ import * as utilities from "./utilities"; * Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + * $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 * ``` - * - * -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. */ export class AdministrativeUnitMember extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/administrativeUnitRoleMember.ts b/sdk/nodejs/administrativeUnitRoleMember.ts index 650ea5016..9a5380842 100644 --- a/sdk/nodejs/administrativeUnitRoleMember.ts +++ b/sdk/nodejs/administrativeUnitRoleMember.ts @@ -38,10 +38,10 @@ import * as utilities from "./utilities"; * Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. * * ```sh - * $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS + * $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example * ``` * - * -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. + * /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS */ export class AdministrativeUnitRoleMember extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/appRoleAssignment.ts b/sdk/nodejs/appRoleAssignment.ts index fd39532d6..ddb9a2756 100644 --- a/sdk/nodejs/appRoleAssignment.ts +++ b/sdk/nodejs/appRoleAssignment.ts @@ -95,10 +95,10 @@ import * as utilities from "./utilities"; * App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. * * ```sh - * $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz + * $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz * ``` * - * -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. + * -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. */ export class AppRoleAssignment extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/application.ts b/sdk/nodejs/application.ts index aac5ce1cb..7f8355b8c 100644 --- a/sdk/nodejs/application.ts +++ b/sdk/nodejs/application.ts @@ -260,7 +260,7 @@ export class Application extends pulumi.CustomResource { * * > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the azuread.ApplicationPassword resource. */ - public readonly password!: pulumi.Output; + public readonly password!: pulumi.Output; /** * If `true`, will return an error if an existing application is found with the same name. Defaults to `false`. */ diff --git a/sdk/nodejs/applicationIdentifierUri.ts b/sdk/nodejs/applicationIdentifierUri.ts index 41425c938..a2547d246 100644 --- a/sdk/nodejs/applicationIdentifierUri.ts +++ b/sdk/nodejs/applicationIdentifierUri.ts @@ -14,7 +14,7 @@ import * as utilities from "./utilities"; * const example = new azuread.ApplicationRegistration("example", {displayName: "example"}); * const exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri("example", { * applicationId: example.id, - * identifierUri: "https://app.hashitown.com", + * identifierUri: "https://app.example.com", * }); * ``` * diff --git a/sdk/nodejs/applicationOwner.ts b/sdk/nodejs/applicationOwner.ts index 2b0b27831..737bfd12b 100644 --- a/sdk/nodejs/applicationOwner.ts +++ b/sdk/nodejs/applicationOwner.ts @@ -13,7 +13,7 @@ import * as utilities from "./utilities"; * * const example = new azuread.ApplicationRegistration("example", {displayName: "example"}); * const jane = new azuread.User("jane", { - * userPrincipalName: "jane.fischer@hashitown.com", + * userPrincipalName: "jane.fischer@example.com", * displayName: "Jane Fischer", * password: "Ch@ngeMe", * }); diff --git a/sdk/nodejs/applicationRedirectUris.ts b/sdk/nodejs/applicationRedirectUris.ts index de2d03dd4..fadae732a 100644 --- a/sdk/nodejs/applicationRedirectUris.ts +++ b/sdk/nodejs/applicationRedirectUris.ts @@ -28,16 +28,16 @@ import * as utilities from "./utilities"; * applicationId: example.id, * type: "SPA", * redirectUris: [ - * "https://mobile.hashitown.com/", - * "https://beta.hashitown.com/", + * "https://mobile.example.com/", + * "https://beta.example.com/", * ], * }); * const exampleWeb = new azuread.ApplicationRedirectUris("example_web", { * applicationId: example.id, * type: "Web", * redirectUris: [ - * "https://app.hashitown.com/", - * "https://classic.hashitown.com/", + * "https://app.example.com/", + * "https://classic.example.com/", * "urn:ietf:wg:oauth:2.0:oob", * ], * }); diff --git a/sdk/nodejs/applicationRegistration.ts b/sdk/nodejs/applicationRegistration.ts index 4d231519a..87a43cc82 100644 --- a/sdk/nodejs/applicationRegistration.ts +++ b/sdk/nodejs/applicationRegistration.ts @@ -27,12 +27,12 @@ import * as utilities from "./utilities"; * displayName: "Example Application", * description: "My example application", * signInAudience: "AzureADMyOrg", - * homepageUrl: "https://app.hashitown.com/", - * logoutUrl: "https://app.hashitown.com/logout", - * marketingUrl: "https://hashitown.com/", - * privacyStatementUrl: "https://hashitown.com/privacy", - * supportUrl: "https://support.hashitown.com/", - * termsOfServiceUrl: "https://hashitown.com/terms", + * homepageUrl: "https://app.example.com/", + * logoutUrl: "https://app.example.com/logout", + * marketingUrl: "https://example.com/", + * privacyStatementUrl: "https://example.com/privacy", + * supportUrl: "https://support.example.com/", + * termsOfServiceUrl: "https://example.com/terms", * }); * ``` * diff --git a/sdk/nodejs/authenticationStrengthPolicy.ts b/sdk/nodejs/authenticationStrengthPolicy.ts index 70c09870c..f40c60dcf 100644 --- a/sdk/nodejs/authenticationStrengthPolicy.ts +++ b/sdk/nodejs/authenticationStrengthPolicy.ts @@ -63,7 +63,7 @@ import * as utilities from "./utilities"; * Authentication Strength Policies can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 * ``` */ export class AuthenticationStrengthPolicy extends pulumi.CustomResource { diff --git a/sdk/nodejs/conditionalAccessPolicy.ts b/sdk/nodejs/conditionalAccessPolicy.ts index 2be772694..de680403d 100644 --- a/sdk/nodejs/conditionalAccessPolicy.ts +++ b/sdk/nodejs/conditionalAccessPolicy.ts @@ -124,7 +124,7 @@ import * as utilities from "./utilities"; * Conditional Access Policies can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 * ``` */ export class ConditionalAccessPolicy extends pulumi.CustomResource { diff --git a/sdk/nodejs/getDirectoryObject.ts b/sdk/nodejs/getDirectoryObject.ts index 8d45281f5..69cc2d291 100644 --- a/sdk/nodejs/getDirectoryObject.ts +++ b/sdk/nodejs/getDirectoryObject.ts @@ -32,8 +32,8 @@ import * as utilities from "./utilities"; * * The following attributes are exported: * - * *`objectId` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `objectId` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. */ export function getDirectoryObject(args: GetDirectoryObjectArgs, opts?: pulumi.InvokeOptions): Promise { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); @@ -91,8 +91,8 @@ export interface GetDirectoryObjectResult { * * The following attributes are exported: * - * *`objectId` - The object ID of the directory object. - * *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * * `objectId` - The object ID of the directory object. + * * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. */ export function getDirectoryObjectOutput(args: GetDirectoryObjectOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); diff --git a/sdk/nodejs/getUser.ts b/sdk/nodejs/getUser.ts index d9ad164aa..3c9a8eedb 100644 --- a/sdk/nodejs/getUser.ts +++ b/sdk/nodejs/getUser.ts @@ -118,6 +118,10 @@ export interface GetUserResult { * The name of the division in which the user works. */ readonly division: string; + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + readonly employeeHireDate: string; /** * The employee identifier assigned to the user by the organisation. */ diff --git a/sdk/nodejs/group.ts b/sdk/nodejs/group.ts index 7ba5b34ff..baaa14715 100644 --- a/sdk/nodejs/group.ts +++ b/sdk/nodejs/group.ts @@ -23,7 +23,7 @@ import * as utilities from "./utilities"; * * When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` * - * When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. + * When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. * * The `externalSendersAllowed`, `autoSubscribeNewMembers`, `hideFromAddressLists` and `hideFromOutlookClients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. * @@ -76,7 +76,7 @@ import * as utilities from "./utilities"; * Groups can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 * ``` */ export class Group extends pulumi.CustomResource { diff --git a/sdk/nodejs/groupMember.ts b/sdk/nodejs/groupMember.ts index ef25ce11e..2f78e552e 100644 --- a/sdk/nodejs/groupMember.ts +++ b/sdk/nodejs/groupMember.ts @@ -33,8 +33,8 @@ import * as utilities from "./utilities"; * securityEnabled: true, * }); * const exampleGroupMember = new azuread.GroupMember("example", { - * groupObjectId: exampleGroup.id, - * memberObjectId: example.then(example => example.id), + * groupObjectId: exampleGroup.objectId, + * memberObjectId: example.then(example => example.objectId), * }); * ``` * diff --git a/sdk/nodejs/namedLocation.ts b/sdk/nodejs/namedLocation.ts index 792e33f41..d768358e2 100644 --- a/sdk/nodejs/namedLocation.ts +++ b/sdk/nodejs/namedLocation.ts @@ -40,7 +40,7 @@ import * as utilities from "./utilities"; * Named Locations can be imported using the `id`, e.g. * * ```sh - * $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 * ``` */ export class NamedLocation extends pulumi.CustomResource { diff --git a/sdk/nodejs/servicePrincipal.ts b/sdk/nodejs/servicePrincipal.ts index d86d50918..d682ebbb1 100644 --- a/sdk/nodejs/servicePrincipal.ts +++ b/sdk/nodejs/servicePrincipal.ts @@ -86,7 +86,7 @@ import * as utilities from "./utilities"; * Service principals can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 * ``` */ export class ServicePrincipal extends pulumi.CustomResource { diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index ea3b6db9c..08e0e819d 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -523,6 +523,10 @@ export interface ConditionalAccessPolicyConditions { * A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. */ devices?: pulumi.Input; + /** + * The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + */ + insiderRiskLevels?: pulumi.Input; /** * A `locations` block as documented below, which specifies locations included in and excluded from the policy. */ @@ -698,7 +702,7 @@ export interface ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalU export interface ConditionalAccessPolicyGrantControls { /** - * ID of an Authentication Strength Policy to use in this policy. + * ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. */ authenticationStrengthPolicyId?: pulumi.Input; /** @@ -1082,6 +1086,10 @@ export interface NamedLocationCountry { * List of countries and/or regions in two-letter format specified by ISO 3166-2. */ countriesAndRegions: pulumi.Input[]>; + /** + * Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + */ + countryLookupMethod?: pulumi.Input; /** * Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. */ diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index ac6cfdde2..355332c37 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -523,6 +523,10 @@ export interface ConditionalAccessPolicyConditions { * A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. */ devices?: outputs.ConditionalAccessPolicyConditionsDevices; + /** + * The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + */ + insiderRiskLevels: string; /** * A `locations` block as documented below, which specifies locations included in and excluded from the policy. */ @@ -698,7 +702,7 @@ export interface ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalU export interface ConditionalAccessPolicyGrantControls { /** - * ID of an Authentication Strength Policy to use in this policy. + * ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. */ authenticationStrengthPolicyId?: string; /** @@ -1085,6 +1089,7 @@ export interface GetGroupDynamicMembership { export interface GetNamedLocationCountry { countriesAndRegions: string[]; + countryLookupMethod: string; includeUnknownCountriesAndRegions: boolean; } @@ -1615,6 +1620,10 @@ export interface NamedLocationCountry { * List of countries and/or regions in two-letter format specified by ISO 3166-2. */ countriesAndRegions: string[]; + /** + * Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + */ + countryLookupMethod?: string; /** * Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. */ diff --git a/sdk/nodejs/user.ts b/sdk/nodejs/user.ts index 849283cb3..c10fb6137 100644 --- a/sdk/nodejs/user.ts +++ b/sdk/nodejs/user.ts @@ -34,7 +34,7 @@ import * as utilities from "./utilities"; * Users can be imported using their object ID, e.g. * * ```sh - * $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 + * $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 * ``` */ export class User extends pulumi.CustomResource { @@ -125,6 +125,10 @@ export class User extends pulumi.CustomResource { * The name of the division in which the user works. */ public readonly division!: pulumi.Output; + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + public readonly employeeHireDate!: pulumi.Output; /** * The employee identifier assigned to the user by the organisation. */ @@ -287,6 +291,7 @@ export class User extends pulumi.CustomResource { resourceInputs["disableStrongPassword"] = state ? state.disableStrongPassword : undefined; resourceInputs["displayName"] = state ? state.displayName : undefined; resourceInputs["division"] = state ? state.division : undefined; + resourceInputs["employeeHireDate"] = state ? state.employeeHireDate : undefined; resourceInputs["employeeId"] = state ? state.employeeId : undefined; resourceInputs["employeeType"] = state ? state.employeeType : undefined; resourceInputs["externalUserState"] = state ? state.externalUserState : undefined; @@ -341,6 +346,7 @@ export class User extends pulumi.CustomResource { resourceInputs["disableStrongPassword"] = args ? args.disableStrongPassword : undefined; resourceInputs["displayName"] = args ? args.displayName : undefined; resourceInputs["division"] = args ? args.division : undefined; + resourceInputs["employeeHireDate"] = args ? args.employeeHireDate : undefined; resourceInputs["employeeId"] = args ? args.employeeId : undefined; resourceInputs["employeeType"] = args ? args.employeeType : undefined; resourceInputs["faxNumber"] = args ? args.faxNumber : undefined; @@ -448,6 +454,10 @@ export interface UserState { * The name of the division in which the user works. */ division?: pulumi.Input; + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + employeeHireDate?: pulumi.Input; /** * The employee identifier assigned to the user by the organisation. */ @@ -639,6 +649,10 @@ export interface UserArgs { * The name of the division in which the user works. */ division?: pulumi.Input; + /** + * The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + employeeHireDate?: pulumi.Input; /** * The employee identifier assigned to the user by the organisation. */ diff --git a/sdk/python/pulumi_azuread/_inputs.py b/sdk/python/pulumi_azuread/_inputs.py index 79385f66c..d9e601f9c 100644 --- a/sdk/python/pulumi_azuread/_inputs.py +++ b/sdk/python/pulumi_azuread/_inputs.py @@ -2570,6 +2570,10 @@ class ConditionalAccessPolicyConditionsArgsDict(TypedDict): """ A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. """ + insider_risk_levels: NotRequired[pulumi.Input[str]] + """ + The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + """ locations: NotRequired[pulumi.Input['ConditionalAccessPolicyConditionsLocationsArgsDict']] """ A `locations` block as documented below, which specifies locations included in and excluded from the policy. @@ -2601,6 +2605,7 @@ def __init__(__self__, *, users: pulumi.Input['ConditionalAccessPolicyConditionsUsersArgs'], client_applications: Optional[pulumi.Input['ConditionalAccessPolicyConditionsClientApplicationsArgs']] = None, devices: Optional[pulumi.Input['ConditionalAccessPolicyConditionsDevicesArgs']] = None, + insider_risk_levels: Optional[pulumi.Input[str]] = None, locations: Optional[pulumi.Input['ConditionalAccessPolicyConditionsLocationsArgs']] = None, platforms: Optional[pulumi.Input['ConditionalAccessPolicyConditionsPlatformsArgs']] = None, service_principal_risk_levels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2612,6 +2617,7 @@ def __init__(__self__, *, :param pulumi.Input['ConditionalAccessPolicyConditionsUsersArgs'] users: A `users` block as documented below, which specifies users, groups, and roles included in and excluded from the policy. :param pulumi.Input['ConditionalAccessPolicyConditionsClientApplicationsArgs'] client_applications: An `client_applications` block as documented below, which specifies service principals included in and excluded from the policy. :param pulumi.Input['ConditionalAccessPolicyConditionsDevicesArgs'] devices: A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. + :param pulumi.Input[str] insider_risk_levels: The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. :param pulumi.Input['ConditionalAccessPolicyConditionsLocationsArgs'] locations: A `locations` block as documented below, which specifies locations included in and excluded from the policy. :param pulumi.Input['ConditionalAccessPolicyConditionsPlatformsArgs'] platforms: A `platforms` block as documented below, which specifies platforms included in and excluded from the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] service_principal_risk_levels: A list of service principal sign-in risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `none`, `unknownFutureValue`. @@ -2625,6 +2631,8 @@ def __init__(__self__, *, pulumi.set(__self__, "client_applications", client_applications) if devices is not None: pulumi.set(__self__, "devices", devices) + if insider_risk_levels is not None: + pulumi.set(__self__, "insider_risk_levels", insider_risk_levels) if locations is not None: pulumi.set(__self__, "locations", locations) if platforms is not None: @@ -2696,6 +2704,18 @@ def devices(self) -> Optional[pulumi.Input['ConditionalAccessPolicyConditionsDev def devices(self, value: Optional[pulumi.Input['ConditionalAccessPolicyConditionsDevicesArgs']]): pulumi.set(self, "devices", value) + @property + @pulumi.getter(name="insiderRiskLevels") + def insider_risk_levels(self) -> Optional[pulumi.Input[str]]: + """ + The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + """ + return pulumi.get(self, "insider_risk_levels") + + @insider_risk_levels.setter + def insider_risk_levels(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "insider_risk_levels", value) + @property @pulumi.getter def locations(self) -> Optional[pulumi.Input['ConditionalAccessPolicyConditionsLocationsArgs']]: @@ -3455,7 +3475,7 @@ class ConditionalAccessPolicyGrantControlsArgsDict(TypedDict): """ authentication_strength_policy_id: NotRequired[pulumi.Input[str]] """ - ID of an Authentication Strength Policy to use in this policy. + ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. """ built_in_controls: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] """ @@ -3484,7 +3504,7 @@ def __init__(__self__, *, terms_of_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ :param pulumi.Input[str] operator: Defines the relationship of the grant controls. Possible values are: `AND`, `OR`. - :param pulumi.Input[str] authentication_strength_policy_id: ID of an Authentication Strength Policy to use in this policy. + :param pulumi.Input[str] authentication_strength_policy_id: ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. :param pulumi.Input[Sequence[pulumi.Input[str]]] built_in_controls: List of built-in controls required by the policy. Possible values are: `block`, `mfa`, `approvedApplication`, `compliantApplication`, `compliantDevice`, `domainJoinedDevice`, `passwordChange` or `unknownFutureValue`. :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_authentication_factors: List of custom controls IDs required by the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] terms_of_uses: List of terms of use IDs required by the policy. @@ -3517,7 +3537,7 @@ def operator(self, value: pulumi.Input[str]): @pulumi.getter(name="authenticationStrengthPolicyId") def authentication_strength_policy_id(self) -> Optional[pulumi.Input[str]]: """ - ID of an Authentication Strength Policy to use in this policy. + ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. """ return pulumi.get(self, "authentication_strength_policy_id") @@ -5241,6 +5261,10 @@ class NamedLocationCountryArgsDict(TypedDict): """ List of countries and/or regions in two-letter format specified by ISO 3166-2. """ + country_lookup_method: NotRequired[pulumi.Input[str]] + """ + Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + """ include_unknown_countries_and_regions: NotRequired[pulumi.Input[bool]] """ Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. @@ -5252,12 +5276,16 @@ class NamedLocationCountryArgsDict(TypedDict): class NamedLocationCountryArgs: def __init__(__self__, *, countries_and_regions: pulumi.Input[Sequence[pulumi.Input[str]]], + country_lookup_method: Optional[pulumi.Input[str]] = None, include_unknown_countries_and_regions: Optional[pulumi.Input[bool]] = None): """ :param pulumi.Input[Sequence[pulumi.Input[str]]] countries_and_regions: List of countries and/or regions in two-letter format specified by ISO 3166-2. + :param pulumi.Input[str] country_lookup_method: Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. :param pulumi.Input[bool] include_unknown_countries_and_regions: Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. """ pulumi.set(__self__, "countries_and_regions", countries_and_regions) + if country_lookup_method is not None: + pulumi.set(__self__, "country_lookup_method", country_lookup_method) if include_unknown_countries_and_regions is not None: pulumi.set(__self__, "include_unknown_countries_and_regions", include_unknown_countries_and_regions) @@ -5273,6 +5301,18 @@ def countries_and_regions(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: def countries_and_regions(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): pulumi.set(self, "countries_and_regions", value) + @property + @pulumi.getter(name="countryLookupMethod") + def country_lookup_method(self) -> Optional[pulumi.Input[str]]: + """ + Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + """ + return pulumi.get(self, "country_lookup_method") + + @country_lookup_method.setter + def country_lookup_method(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "country_lookup_method", value) + @property @pulumi.getter(name="includeUnknownCountriesAndRegions") def include_unknown_countries_and_regions(self) -> Optional[pulumi.Input[bool]]: diff --git a/sdk/python/pulumi_azuread/administrative_unit.py b/sdk/python/pulumi_azuread/administrative_unit.py index a6a3d2292..779ca85b4 100644 --- a/sdk/python/pulumi_azuread/administrative_unit.py +++ b/sdk/python/pulumi_azuread/administrative_unit.py @@ -262,7 +262,7 @@ def __init__(__self__, Administrative units can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -311,7 +311,7 @@ def __init__(__self__, Administrative units can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/administrative_unit_member.py b/sdk/python/pulumi_azuread/administrative_unit_member.py index b9dd179ab..976eec9ee 100644 --- a/sdk/python/pulumi_azuread/administrative_unit_member.py +++ b/sdk/python/pulumi_azuread/administrative_unit_member.py @@ -143,11 +143,9 @@ def __init__(__self__, Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. ```sh - $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 ``` - -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] administrative_unit_object_id: The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. @@ -192,11 +190,9 @@ def __init__(__self__, Administrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g. ```sh - $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + $ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111 ``` - -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the target Member Object ID in the format `{AdministrativeUnitObjectID}/member/{MemberObjectID}`. - :param str resource_name: The name of the resource. :param AdministrativeUnitMemberArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_azuread/administrative_unit_role_member.py b/sdk/python/pulumi_azuread/administrative_unit_role_member.py index ea003e422..784320aa1 100644 --- a/sdk/python/pulumi_azuread/administrative_unit_role_member.py +++ b/sdk/python/pulumi_azuread/administrative_unit_role_member.py @@ -165,10 +165,10 @@ def __init__(__self__, Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. ```sh - $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS + $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example ``` - -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. + /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -213,10 +213,10 @@ def __init__(__self__, Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. ```sh - $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS + $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example ``` - -> This ID format is unique to Terraform and is composed of the Administrative Unit Object ID and the role assignment ID in the format `{AdministrativeUnitObjectID}/roleMember/{RoleAssignmentID}`. + /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS :param str resource_name: The name of the resource. :param AdministrativeUnitRoleMemberArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_azuread/app_role_assignment.py b/sdk/python/pulumi_azuread/app_role_assignment.py index f8096d03c..3572a70d7 100644 --- a/sdk/python/pulumi_azuread/app_role_assignment.py +++ b/sdk/python/pulumi_azuread/app_role_assignment.py @@ -267,10 +267,10 @@ def __init__(__self__, App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. ```sh - $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz + $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz ``` - -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. + -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. @@ -369,10 +369,10 @@ def __init__(__self__, App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g. ```sh - $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz + $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz ``` - -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. + -> This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`. :param str resource_name: The name of the resource. :param AppRoleAssignmentArgs args: The arguments to use to populate this resource's properties. diff --git a/sdk/python/pulumi_azuread/application.py b/sdk/python/pulumi_azuread/application.py index 4fb274a12..96d440de2 100644 --- a/sdk/python/pulumi_azuread/application.py +++ b/sdk/python/pulumi_azuread/application.py @@ -1838,7 +1838,7 @@ def owners(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter - def password(self) -> pulumi.Output['outputs.ApplicationPassword']: + def password(self) -> pulumi.Output[Optional['outputs.ApplicationPassword']]: """ A single `password` block as documented below. The password is generated during creation. By default, no password is generated. diff --git a/sdk/python/pulumi_azuread/application_identifier_uri.py b/sdk/python/pulumi_azuread/application_identifier_uri.py index 2689dce51..4148924f8 100644 --- a/sdk/python/pulumi_azuread/application_identifier_uri.py +++ b/sdk/python/pulumi_azuread/application_identifier_uri.py @@ -112,7 +112,7 @@ def __init__(__self__, example = azuread.ApplicationRegistration("example", display_name="example") example_application_identifier_uri = azuread.ApplicationIdentifierUri("example", application_id=example.id, - identifier_uri="https://app.hashitown.com") + identifier_uri="https://app.example.com") ``` > **Tip** For managing multiple identifier URIs for the same application, create another instance of this resource @@ -156,7 +156,7 @@ def __init__(__self__, example = azuread.ApplicationRegistration("example", display_name="example") example_application_identifier_uri = azuread.ApplicationIdentifierUri("example", application_id=example.id, - identifier_uri="https://app.hashitown.com") + identifier_uri="https://app.example.com") ``` > **Tip** For managing multiple identifier URIs for the same application, create another instance of this resource diff --git a/sdk/python/pulumi_azuread/application_owner.py b/sdk/python/pulumi_azuread/application_owner.py index 8fac08ddb..6794ee4ff 100644 --- a/sdk/python/pulumi_azuread/application_owner.py +++ b/sdk/python/pulumi_azuread/application_owner.py @@ -111,7 +111,7 @@ def __init__(__self__, example = azuread.ApplicationRegistration("example", display_name="example") jane = azuread.User("jane", - user_principal_name="jane.fischer@hashitown.com", + user_principal_name="jane.fischer@example.com", display_name="Jane Fischer", password="Ch@ngeMe") example_jane = azuread.ApplicationOwner("example_jane", @@ -149,7 +149,7 @@ def __init__(__self__, example = azuread.ApplicationRegistration("example", display_name="example") jane = azuread.User("jane", - user_principal_name="jane.fischer@hashitown.com", + user_principal_name="jane.fischer@example.com", display_name="Jane Fischer", password="Ch@ngeMe") example_jane = azuread.ApplicationOwner("example_jane", diff --git a/sdk/python/pulumi_azuread/application_redirect_uris.py b/sdk/python/pulumi_azuread/application_redirect_uris.py index 9a02ccfad..84a7cbef7 100644 --- a/sdk/python/pulumi_azuread/application_redirect_uris.py +++ b/sdk/python/pulumi_azuread/application_redirect_uris.py @@ -157,15 +157,15 @@ def __init__(__self__, application_id=example.id, type="SPA", redirect_uris=[ - "https://mobile.hashitown.com/", - "https://beta.hashitown.com/", + "https://mobile.example.com/", + "https://beta.example.com/", ]) example_web = azuread.ApplicationRedirectUris("example_web", application_id=example.id, type="Web", redirect_uris=[ - "https://app.hashitown.com/", - "https://classic.hashitown.com/", + "https://app.example.com/", + "https://classic.example.com/", "urn:ietf:wg:oauth:2.0:oob", ]) ``` @@ -213,15 +213,15 @@ def __init__(__self__, application_id=example.id, type="SPA", redirect_uris=[ - "https://mobile.hashitown.com/", - "https://beta.hashitown.com/", + "https://mobile.example.com/", + "https://beta.example.com/", ]) example_web = azuread.ApplicationRedirectUris("example_web", application_id=example.id, type="Web", redirect_uris=[ - "https://app.hashitown.com/", - "https://classic.hashitown.com/", + "https://app.example.com/", + "https://classic.example.com/", "urn:ietf:wg:oauth:2.0:oob", ]) ``` diff --git a/sdk/python/pulumi_azuread/application_registration.py b/sdk/python/pulumi_azuread/application_registration.py index 091c2572e..749da668f 100644 --- a/sdk/python/pulumi_azuread/application_registration.py +++ b/sdk/python/pulumi_azuread/application_registration.py @@ -619,12 +619,12 @@ def __init__(__self__, display_name="Example Application", description="My example application", sign_in_audience="AzureADMyOrg", - homepage_url="https://app.hashitown.com/", - logout_url="https://app.hashitown.com/logout", - marketing_url="https://hashitown.com/", - privacy_statement_url="https://hashitown.com/privacy", - support_url="https://support.hashitown.com/", - terms_of_service_url="https://hashitown.com/terms") + homepage_url="https://app.example.com/", + logout_url="https://app.example.com/logout", + marketing_url="https://example.com/", + privacy_statement_url="https://example.com/privacy", + support_url="https://support.example.com/", + terms_of_service_url="https://example.com/terms") ``` ## Import @@ -682,12 +682,12 @@ def __init__(__self__, display_name="Example Application", description="My example application", sign_in_audience="AzureADMyOrg", - homepage_url="https://app.hashitown.com/", - logout_url="https://app.hashitown.com/logout", - marketing_url="https://hashitown.com/", - privacy_statement_url="https://hashitown.com/privacy", - support_url="https://support.hashitown.com/", - terms_of_service_url="https://hashitown.com/terms") + homepage_url="https://app.example.com/", + logout_url="https://app.example.com/logout", + marketing_url="https://example.com/", + privacy_statement_url="https://example.com/privacy", + support_url="https://support.example.com/", + terms_of_service_url="https://example.com/terms") ``` ## Import diff --git a/sdk/python/pulumi_azuread/authentication_strength_policy.py b/sdk/python/pulumi_azuread/authentication_strength_policy.py index 4667a1efa..0f603454a 100644 --- a/sdk/python/pulumi_azuread/authentication_strength_policy.py +++ b/sdk/python/pulumi_azuread/authentication_strength_policy.py @@ -192,7 +192,7 @@ def __init__(__self__, Authentication Strength Policies can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -264,7 +264,7 @@ def __init__(__self__, Authentication Strength Policies can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/conditional_access_policy.py b/sdk/python/pulumi_azuread/conditional_access_policy.py index e636cc0b3..4f526a8f1 100644 --- a/sdk/python/pulumi_azuread/conditional_access_policy.py +++ b/sdk/python/pulumi_azuread/conditional_access_policy.py @@ -341,7 +341,7 @@ def __init__(__self__, Conditional Access Policies can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -475,7 +475,7 @@ def __init__(__self__, Conditional Access Policies can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/get_directory_object.py b/sdk/python/pulumi_azuread/get_directory_object.py index 7b90ff11f..ccdffa89f 100644 --- a/sdk/python/pulumi_azuread/get_directory_object.py +++ b/sdk/python/pulumi_azuread/get_directory_object.py @@ -95,8 +95,8 @@ def get_directory_object(object_id: Optional[str] = None, The following attributes are exported: - *`object_id` - The object ID of the directory object. - *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * `object_id` - The object ID of the directory object. + * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. :param str object_id: Specifies the Object ID of the directory object to look up. @@ -138,8 +138,8 @@ def get_directory_object_output(object_id: Optional[pulumi.Input[str]] = None, The following attributes are exported: - *`object_id` - The object ID of the directory object. - *`type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. + * `object_id` - The object ID of the directory object. + * `type` - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`. :param str object_id: Specifies the Object ID of the directory object to look up. diff --git a/sdk/python/pulumi_azuread/get_user.py b/sdk/python/pulumi_azuread/get_user.py index 080dd4da4..4cc6229d7 100644 --- a/sdk/python/pulumi_azuread/get_user.py +++ b/sdk/python/pulumi_azuread/get_user.py @@ -26,7 +26,7 @@ class GetUserResult: """ A collection of values returned by getUser. """ - def __init__(__self__, account_enabled=None, age_group=None, business_phones=None, city=None, company_name=None, consent_provided_for_minor=None, cost_center=None, country=None, creation_type=None, department=None, display_name=None, division=None, employee_id=None, employee_type=None, external_user_state=None, fax_number=None, given_name=None, id=None, im_addresses=None, job_title=None, mail=None, mail_nickname=None, manager_id=None, mobile_phone=None, object_id=None, office_location=None, onpremises_distinguished_name=None, onpremises_domain_name=None, onpremises_immutable_id=None, onpremises_sam_account_name=None, onpremises_security_identifier=None, onpremises_sync_enabled=None, onpremises_user_principal_name=None, other_mails=None, postal_code=None, preferred_language=None, proxy_addresses=None, show_in_address_list=None, state=None, street_address=None, surname=None, usage_location=None, user_principal_name=None, user_type=None): + def __init__(__self__, account_enabled=None, age_group=None, business_phones=None, city=None, company_name=None, consent_provided_for_minor=None, cost_center=None, country=None, creation_type=None, department=None, display_name=None, division=None, employee_hire_date=None, employee_id=None, employee_type=None, external_user_state=None, fax_number=None, given_name=None, id=None, im_addresses=None, job_title=None, mail=None, mail_nickname=None, manager_id=None, mobile_phone=None, object_id=None, office_location=None, onpremises_distinguished_name=None, onpremises_domain_name=None, onpremises_immutable_id=None, onpremises_sam_account_name=None, onpremises_security_identifier=None, onpremises_sync_enabled=None, onpremises_user_principal_name=None, other_mails=None, postal_code=None, preferred_language=None, proxy_addresses=None, show_in_address_list=None, state=None, street_address=None, surname=None, usage_location=None, user_principal_name=None, user_type=None): if account_enabled and not isinstance(account_enabled, bool): raise TypeError("Expected argument 'account_enabled' to be a bool") pulumi.set(__self__, "account_enabled", account_enabled) @@ -63,6 +63,9 @@ def __init__(__self__, account_enabled=None, age_group=None, business_phones=Non if division and not isinstance(division, str): raise TypeError("Expected argument 'division' to be a str") pulumi.set(__self__, "division", division) + if employee_hire_date and not isinstance(employee_hire_date, str): + raise TypeError("Expected argument 'employee_hire_date' to be a str") + pulumi.set(__self__, "employee_hire_date", employee_hire_date) if employee_id and not isinstance(employee_id, str): raise TypeError("Expected argument 'employee_id' to be a str") pulumi.set(__self__, "employee_id", employee_id) @@ -256,6 +259,14 @@ def division(self) -> str: """ return pulumi.get(self, "division") + @property + @pulumi.getter(name="employeeHireDate") + def employee_hire_date(self) -> str: + """ + The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "employee_hire_date") + @property @pulumi.getter(name="employeeId") def employee_id(self) -> str: @@ -531,6 +542,7 @@ def __await__(self): department=self.department, display_name=self.display_name, division=self.division, + employee_hire_date=self.employee_hire_date, employee_id=self.employee_id, employee_type=self.employee_type, external_user_state=self.external_user_state, @@ -622,6 +634,7 @@ def get_user(employee_id: Optional[str] = None, department=pulumi.get(__ret__, 'department'), display_name=pulumi.get(__ret__, 'display_name'), division=pulumi.get(__ret__, 'division'), + employee_hire_date=pulumi.get(__ret__, 'employee_hire_date'), employee_id=pulumi.get(__ret__, 'employee_id'), employee_type=pulumi.get(__ret__, 'employee_type'), external_user_state=pulumi.get(__ret__, 'external_user_state'), @@ -710,6 +723,7 @@ def get_user_output(employee_id: Optional[pulumi.Input[Optional[str]]] = None, department=pulumi.get(__response__, 'department'), display_name=pulumi.get(__response__, 'display_name'), division=pulumi.get(__response__, 'division'), + employee_hire_date=pulumi.get(__response__, 'employee_hire_date'), employee_id=pulumi.get(__response__, 'employee_id'), employee_type=pulumi.get(__response__, 'employee_type'), external_user_state=pulumi.get(__response__, 'external_user_state'), diff --git a/sdk/python/pulumi_azuread/group.py b/sdk/python/pulumi_azuread/group.py index 24f1f8bb8..0ebc75865 100644 --- a/sdk/python/pulumi_azuread/group.py +++ b/sdk/python/pulumi_azuread/group.py @@ -990,7 +990,7 @@ def __init__(__self__, When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` - When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. + When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. The `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. @@ -1040,7 +1040,7 @@ def __init__(__self__, Groups can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -1107,7 +1107,7 @@ def __init__(__self__, When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator` - When creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used. + When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles. The `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation. @@ -1157,7 +1157,7 @@ def __init__(__self__, Groups can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/group_member.py b/sdk/python/pulumi_azuread/group_member.py index 3961b6116..e9a5cbe16 100644 --- a/sdk/python/pulumi_azuread/group_member.py +++ b/sdk/python/pulumi_azuread/group_member.py @@ -128,8 +128,8 @@ def __init__(__self__, display_name="my_group", security_enabled=True) example_group_member = azuread.GroupMember("example", - group_object_id=example_group.id, - member_object_id=example.id) + group_object_id=example_group.object_id, + member_object_id=example.object_id) ``` ## Import @@ -179,8 +179,8 @@ def __init__(__self__, display_name="my_group", security_enabled=True) example_group_member = azuread.GroupMember("example", - group_object_id=example_group.id, - member_object_id=example.id) + group_object_id=example_group.object_id, + member_object_id=example.object_id) ``` ## Import diff --git a/sdk/python/pulumi_azuread/named_location.py b/sdk/python/pulumi_azuread/named_location.py index fe3b341b3..4b6cd370a 100644 --- a/sdk/python/pulumi_azuread/named_location.py +++ b/sdk/python/pulumi_azuread/named_location.py @@ -178,7 +178,7 @@ def __init__(__self__, Named Locations can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -227,7 +227,7 @@ def __init__(__self__, Named Locations can be imported using the `id`, e.g. ```sh - $ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/outputs.py b/sdk/python/pulumi_azuread/outputs.py index e9aeec5a9..91abf85a1 100644 --- a/sdk/python/pulumi_azuread/outputs.py +++ b/sdk/python/pulumi_azuread/outputs.py @@ -2078,6 +2078,8 @@ def __key_warning(key: str): suggest = "client_app_types" elif key == "clientApplications": suggest = "client_applications" + elif key == "insiderRiskLevels": + suggest = "insider_risk_levels" elif key == "servicePrincipalRiskLevels": suggest = "service_principal_risk_levels" elif key == "signInRiskLevels": @@ -2102,6 +2104,7 @@ def __init__(__self__, *, users: 'outputs.ConditionalAccessPolicyConditionsUsers', client_applications: Optional['outputs.ConditionalAccessPolicyConditionsClientApplications'] = None, devices: Optional['outputs.ConditionalAccessPolicyConditionsDevices'] = None, + insider_risk_levels: Optional[str] = None, locations: Optional['outputs.ConditionalAccessPolicyConditionsLocations'] = None, platforms: Optional['outputs.ConditionalAccessPolicyConditionsPlatforms'] = None, service_principal_risk_levels: Optional[Sequence[str]] = None, @@ -2113,6 +2116,7 @@ def __init__(__self__, *, :param 'ConditionalAccessPolicyConditionsUsersArgs' users: A `users` block as documented below, which specifies users, groups, and roles included in and excluded from the policy. :param 'ConditionalAccessPolicyConditionsClientApplicationsArgs' client_applications: An `client_applications` block as documented below, which specifies service principals included in and excluded from the policy. :param 'ConditionalAccessPolicyConditionsDevicesArgs' devices: A `devices` block as documented below, which describes devices to be included in and excluded from the policy. A `devices` block can be added to an existing policy, but removing the `devices` block forces a new resource to be created. + :param str insider_risk_levels: The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. :param 'ConditionalAccessPolicyConditionsLocationsArgs' locations: A `locations` block as documented below, which specifies locations included in and excluded from the policy. :param 'ConditionalAccessPolicyConditionsPlatformsArgs' platforms: A `platforms` block as documented below, which specifies platforms included in and excluded from the policy. :param Sequence[str] service_principal_risk_levels: A list of service principal sign-in risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `none`, `unknownFutureValue`. @@ -2126,6 +2130,8 @@ def __init__(__self__, *, pulumi.set(__self__, "client_applications", client_applications) if devices is not None: pulumi.set(__self__, "devices", devices) + if insider_risk_levels is not None: + pulumi.set(__self__, "insider_risk_levels", insider_risk_levels) if locations is not None: pulumi.set(__self__, "locations", locations) if platforms is not None: @@ -2177,6 +2183,14 @@ def devices(self) -> Optional['outputs.ConditionalAccessPolicyConditionsDevices' """ return pulumi.get(self, "devices") + @property + @pulumi.getter(name="insiderRiskLevels") + def insider_risk_levels(self) -> Optional[str]: + """ + The insider risk level in the policy. Possible values are: `minor`, `moderate`, `elevated`, `unknownFutureValue`. + """ + return pulumi.get(self, "insider_risk_levels") + @property @pulumi.getter def locations(self) -> Optional['outputs.ConditionalAccessPolicyConditionsLocations']: @@ -2841,7 +2855,7 @@ def __init__(__self__, *, terms_of_uses: Optional[Sequence[str]] = None): """ :param str operator: Defines the relationship of the grant controls. Possible values are: `AND`, `OR`. - :param str authentication_strength_policy_id: ID of an Authentication Strength Policy to use in this policy. + :param str authentication_strength_policy_id: ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. :param Sequence[str] built_in_controls: List of built-in controls required by the policy. Possible values are: `block`, `mfa`, `approvedApplication`, `compliantApplication`, `compliantDevice`, `domainJoinedDevice`, `passwordChange` or `unknownFutureValue`. :param Sequence[str] custom_authentication_factors: List of custom controls IDs required by the policy. :param Sequence[str] terms_of_uses: List of terms of use IDs required by the policy. @@ -2870,7 +2884,7 @@ def operator(self) -> str: @pulumi.getter(name="authenticationStrengthPolicyId") def authentication_strength_policy_id(self) -> Optional[str]: """ - ID of an Authentication Strength Policy to use in this policy. + ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`. """ return pulumi.get(self, "authentication_strength_policy_id") @@ -4344,6 +4358,8 @@ def __key_warning(key: str): suggest = None if key == "countriesAndRegions": suggest = "countries_and_regions" + elif key == "countryLookupMethod": + suggest = "country_lookup_method" elif key == "includeUnknownCountriesAndRegions": suggest = "include_unknown_countries_and_regions" @@ -4360,12 +4376,16 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, countries_and_regions: Sequence[str], + country_lookup_method: Optional[str] = None, include_unknown_countries_and_regions: Optional[bool] = None): """ :param Sequence[str] countries_and_regions: List of countries and/or regions in two-letter format specified by ISO 3166-2. + :param str country_lookup_method: Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. :param bool include_unknown_countries_and_regions: Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to `false`. """ pulumi.set(__self__, "countries_and_regions", countries_and_regions) + if country_lookup_method is not None: + pulumi.set(__self__, "country_lookup_method", country_lookup_method) if include_unknown_countries_and_regions is not None: pulumi.set(__self__, "include_unknown_countries_and_regions", include_unknown_countries_and_regions) @@ -4377,6 +4397,14 @@ def countries_and_regions(self) -> Sequence[str]: """ return pulumi.get(self, "countries_and_regions") + @property + @pulumi.getter(name="countryLookupMethod") + def country_lookup_method(self) -> Optional[str]: + """ + Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location. Defaults to `clientIpAddress`. + """ + return pulumi.get(self, "country_lookup_method") + @property @pulumi.getter(name="includeUnknownCountriesAndRegions") def include_unknown_countries_and_regions(self) -> Optional[bool]: @@ -5881,8 +5909,10 @@ def rule(self) -> str: class GetNamedLocationCountryResult(dict): def __init__(__self__, *, countries_and_regions: Sequence[str], + country_lookup_method: str, include_unknown_countries_and_regions: bool): pulumi.set(__self__, "countries_and_regions", countries_and_regions) + pulumi.set(__self__, "country_lookup_method", country_lookup_method) pulumi.set(__self__, "include_unknown_countries_and_regions", include_unknown_countries_and_regions) @property @@ -5890,6 +5920,11 @@ def __init__(__self__, *, def countries_and_regions(self) -> Sequence[str]: return pulumi.get(self, "countries_and_regions") + @property + @pulumi.getter(name="countryLookupMethod") + def country_lookup_method(self) -> str: + return pulumi.get(self, "country_lookup_method") + @property @pulumi.getter(name="includeUnknownCountriesAndRegions") def include_unknown_countries_and_regions(self) -> bool: diff --git a/sdk/python/pulumi_azuread/service_principal.py b/sdk/python/pulumi_azuread/service_principal.py index 3cc972c62..0a5b2088d 100644 --- a/sdk/python/pulumi_azuread/service_principal.py +++ b/sdk/python/pulumi_azuread/service_principal.py @@ -853,7 +853,7 @@ def __init__(__self__, Service principals can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -955,7 +955,7 @@ def __init__(__self__, Service principals can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. diff --git a/sdk/python/pulumi_azuread/user.py b/sdk/python/pulumi_azuread/user.py index 03da26761..595b1ebad 100644 --- a/sdk/python/pulumi_azuread/user.py +++ b/sdk/python/pulumi_azuread/user.py @@ -33,6 +33,7 @@ def __init__(__self__, *, disable_password_expiration: Optional[pulumi.Input[bool]] = None, disable_strong_password: Optional[pulumi.Input[bool]] = None, division: Optional[pulumi.Input[str]] = None, + employee_hire_date: Optional[pulumi.Input[str]] = None, employee_id: Optional[pulumi.Input[str]] = None, employee_type: Optional[pulumi.Input[str]] = None, fax_number: Optional[pulumi.Input[str]] = None, @@ -70,6 +71,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] disable_password_expiration: Whether the user's password is exempt from expiring. Defaults to `false`. :param pulumi.Input[bool] disable_strong_password: Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to `false`. :param pulumi.Input[str] division: The name of the division in which the user works. + :param pulumi.Input[str] employee_hire_date: The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). :param pulumi.Input[str] employee_id: The employee identifier assigned to the user by the organisation. :param pulumi.Input[str] employee_type: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. :param pulumi.Input[str] fax_number: The fax number of the user. @@ -119,6 +121,8 @@ def __init__(__self__, *, pulumi.set(__self__, "disable_strong_password", disable_strong_password) if division is not None: pulumi.set(__self__, "division", division) + if employee_hire_date is not None: + pulumi.set(__self__, "employee_hire_date", employee_hire_date) if employee_id is not None: pulumi.set(__self__, "employee_id", employee_id) if employee_type is not None: @@ -330,6 +334,18 @@ def division(self) -> Optional[pulumi.Input[str]]: def division(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "division", value) + @property + @pulumi.getter(name="employeeHireDate") + def employee_hire_date(self) -> Optional[pulumi.Input[str]]: + """ + The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "employee_hire_date") + + @employee_hire_date.setter + def employee_hire_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "employee_hire_date", value) + @property @pulumi.getter(name="employeeId") def employee_id(self) -> Optional[pulumi.Input[str]]: @@ -602,6 +618,7 @@ def __init__(__self__, *, disable_strong_password: Optional[pulumi.Input[bool]] = None, display_name: Optional[pulumi.Input[str]] = None, division: Optional[pulumi.Input[str]] = None, + employee_hire_date: Optional[pulumi.Input[str]] = None, employee_id: Optional[pulumi.Input[str]] = None, employee_type: Optional[pulumi.Input[str]] = None, external_user_state: Optional[pulumi.Input[str]] = None, @@ -652,6 +669,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] disable_strong_password: Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to `false`. :param pulumi.Input[str] display_name: The name to display in the address book for the user. :param pulumi.Input[str] division: The name of the division in which the user works. + :param pulumi.Input[str] employee_hire_date: The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). :param pulumi.Input[str] employee_id: The employee identifier assigned to the user by the organisation. :param pulumi.Input[str] employee_type: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. :param pulumi.Input[str] external_user_state: For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`. @@ -717,6 +735,8 @@ def __init__(__self__, *, pulumi.set(__self__, "display_name", display_name) if division is not None: pulumi.set(__self__, "division", division) + if employee_hire_date is not None: + pulumi.set(__self__, "employee_hire_date", employee_hire_date) if employee_id is not None: pulumi.set(__self__, "employee_id", employee_id) if employee_type is not None: @@ -964,6 +984,18 @@ def division(self) -> Optional[pulumi.Input[str]]: def division(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "division", value) + @property + @pulumi.getter(name="employeeHireDate") + def employee_hire_date(self) -> Optional[pulumi.Input[str]]: + """ + The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "employee_hire_date") + + @employee_hire_date.setter + def employee_hire_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "employee_hire_date", value) + @property @pulumi.getter(name="employeeId") def employee_id(self) -> Optional[pulumi.Input[str]]: @@ -1380,6 +1412,7 @@ def __init__(__self__, disable_strong_password: Optional[pulumi.Input[bool]] = None, display_name: Optional[pulumi.Input[str]] = None, division: Optional[pulumi.Input[str]] = None, + employee_hire_date: Optional[pulumi.Input[str]] = None, employee_id: Optional[pulumi.Input[str]] = None, employee_type: Optional[pulumi.Input[str]] = None, fax_number: Optional[pulumi.Input[str]] = None, @@ -1432,7 +1465,7 @@ def __init__(__self__, Users can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -1450,6 +1483,7 @@ def __init__(__self__, :param pulumi.Input[bool] disable_strong_password: Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to `false`. :param pulumi.Input[str] display_name: The name to display in the address book for the user. :param pulumi.Input[str] division: The name of the division in which the user works. + :param pulumi.Input[str] employee_hire_date: The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). :param pulumi.Input[str] employee_id: The employee identifier assigned to the user by the organisation. :param pulumi.Input[str] employee_type: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. :param pulumi.Input[str] fax_number: The fax number of the user. @@ -1509,7 +1543,7 @@ def __init__(__self__, Users can be imported using their object ID, e.g. ```sh - $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000 + $ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000 ``` :param str resource_name: The name of the resource. @@ -1540,6 +1574,7 @@ def _internal_init(__self__, disable_strong_password: Optional[pulumi.Input[bool]] = None, display_name: Optional[pulumi.Input[str]] = None, division: Optional[pulumi.Input[str]] = None, + employee_hire_date: Optional[pulumi.Input[str]] = None, employee_id: Optional[pulumi.Input[str]] = None, employee_type: Optional[pulumi.Input[str]] = None, fax_number: Optional[pulumi.Input[str]] = None, @@ -1586,6 +1621,7 @@ def _internal_init(__self__, raise TypeError("Missing required property 'display_name'") __props__.__dict__["display_name"] = display_name __props__.__dict__["division"] = division + __props__.__dict__["employee_hire_date"] = employee_hire_date __props__.__dict__["employee_id"] = employee_id __props__.__dict__["employee_type"] = employee_type __props__.__dict__["fax_number"] = fax_number @@ -1650,6 +1686,7 @@ def get(resource_name: str, disable_strong_password: Optional[pulumi.Input[bool]] = None, display_name: Optional[pulumi.Input[str]] = None, division: Optional[pulumi.Input[str]] = None, + employee_hire_date: Optional[pulumi.Input[str]] = None, employee_id: Optional[pulumi.Input[str]] = None, employee_type: Optional[pulumi.Input[str]] = None, external_user_state: Optional[pulumi.Input[str]] = None, @@ -1705,6 +1742,7 @@ def get(resource_name: str, :param pulumi.Input[bool] disable_strong_password: Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to `false`. :param pulumi.Input[str] display_name: The name to display in the address book for the user. :param pulumi.Input[str] division: The name of the division in which the user works. + :param pulumi.Input[str] employee_hire_date: The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). :param pulumi.Input[str] employee_id: The employee identifier assigned to the user by the organisation. :param pulumi.Input[str] employee_type: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. :param pulumi.Input[str] external_user_state: For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`. @@ -1759,6 +1797,7 @@ def get(resource_name: str, __props__.__dict__["disable_strong_password"] = disable_strong_password __props__.__dict__["display_name"] = display_name __props__.__dict__["division"] = division + __props__.__dict__["employee_hire_date"] = employee_hire_date __props__.__dict__["employee_id"] = employee_id __props__.__dict__["employee_type"] = employee_type __props__.__dict__["external_user_state"] = external_user_state @@ -1914,6 +1953,14 @@ def division(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "division") + @property + @pulumi.getter(name="employeeHireDate") + def employee_hire_date(self) -> pulumi.Output[Optional[str]]: + """ + The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "employee_hire_date") + @property @pulumi.getter(name="employeeId") def employee_id(self) -> pulumi.Output[Optional[str]]: