generated from crossplane/upjet-provider-template
-
Notifications
You must be signed in to change notification settings - Fork 14
/
zz_application_types.go
executable file
·1216 lines (922 loc) · 78.5 KB
/
zz_application_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
//
// SPDX-License-Identifier: Apache-2.0
// Code generated by upjet. DO NOT EDIT.
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type APIInitParameters struct {
// A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
// Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app
// +listType=set
KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"`
// Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
// Allows an application to use claims mapping without specifying a custom signing key
MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"`
// One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
// One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application
Oauth2PermissionScope []Oauth2PermissionScopeInitParameters `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"`
// The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
// The access token version expected by this resource
RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"`
}
type APIObservation struct {
// A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
// Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app
// +listType=set
KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"`
// Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
// Allows an application to use claims mapping without specifying a custom signing key
MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"`
// One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
// One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application
Oauth2PermissionScope []Oauth2PermissionScopeObservation `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"`
// The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
// The access token version expected by this resource
RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"`
}
type APIParameters struct {
// A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
// Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app
// +kubebuilder:validation:Optional
// +listType=set
KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"`
// Allows an application to use claims mapping without specifying a custom signing key. Defaults to false.
// Allows an application to use claims mapping without specifying a custom signing key
// +kubebuilder:validation:Optional
MappedClaimsEnabled *bool `json:"mappedClaimsEnabled,omitempty" tf:"mapped_claims_enabled,omitempty"`
// One or more oauth2_permission_scope blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
// One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application
// +kubebuilder:validation:Optional
Oauth2PermissionScope []Oauth2PermissionScopeParameters `json:"oauth2PermissionScope,omitempty" tf:"oauth2_permission_scope,omitempty"`
// The access token version expected by this resource. Must be one of 1 or 2, and must be 2 when sign_in_audience is either AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount Defaults to 1.
// The access token version expected by this resource
// +kubebuilder:validation:Optional
RequestedAccessTokenVersion *float64 `json:"requestedAccessTokenVersion,omitempty" tf:"requested_access_token_version,omitempty"`
}
type AccessTokenInitParameters struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type AccessTokenObservation struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type AccessTokenParameters struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
// +kubebuilder:validation:Optional
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
// +kubebuilder:validation:Optional
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
// +kubebuilder:validation:Optional
Name *string `json:"name" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
// +kubebuilder:validation:Optional
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type AppRoleInitParameters struct {
// Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
// Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both
// +listType=set
AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"`
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Display name for the app role that appears during app role assignment and in consent experiences.
// Display name for the app role that appears during app role assignment and in consent experiences
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// Determines if the app role is enabled. Defaults to true.
// Determines if the app role is enabled
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the app role. Must be a valid UUID.
// The unique identifier of the app role
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.
// The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type AppRoleObservation struct {
// Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
// Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both
// +listType=set
AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"`
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Display name for the app role that appears during app role assignment and in consent experiences.
// Display name for the app role that appears during app role assignment and in consent experiences
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// Determines if the app role is enabled. Defaults to true.
// Determines if the app role is enabled
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the app role. Must be a valid UUID.
// The unique identifier of the app role
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.
// The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type AppRoleParameters struct {
// Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both.
// Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both
// +kubebuilder:validation:Optional
// +listType=set
AllowedMemberTypes []*string `json:"allowedMemberTypes" tf:"allowed_member_types,omitempty"`
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.
// Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences
// +kubebuilder:validation:Optional
Description *string `json:"description" tf:"description,omitempty"`
// Display name for the app role that appears during app role assignment and in consent experiences.
// Display name for the app role that appears during app role assignment and in consent experiences
// +kubebuilder:validation:Optional
DisplayName *string `json:"displayName" tf:"display_name,omitempty"`
// Determines if the app role is enabled. Defaults to true.
// Determines if the app role is enabled
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the app role. Must be a valid UUID.
// The unique identifier of the app role
// +kubebuilder:validation:Optional
ID *string `json:"id" tf:"id,omitempty"`
// The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.
// The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal
// +kubebuilder:validation:Optional
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type ApplicationInitParameters struct {
// An api block as documented below, which configures API related settings for this application.
API []APIInitParameters `json:"api,omitempty" tf:"api,omitempty"`
// A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
AppRole []AppRoleInitParameters `json:"appRole,omitempty" tf:"app_role,omitempty"`
// A description of the application, as shown to end users.
// Description of the application as shown to end users
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Specifies whether this application supports device authentication without a user. Defaults to false.
// Specifies whether this application supports device authentication without a user.
DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"`
// The display name for the application.
// The display name for the application
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI
FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"`
// A feature_tags block as described below. Cannot be used together with the tags property.
// Block of features to configure for this application using tags
FeatureTags []FeatureTagsInitParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"`
// Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects
// +listType=set
GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"`
// A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
// The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant
// +listType=set
IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"`
// A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
// Base64 encoded logo image in gif, png or jpeg format
LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"`
// URL of the application's marketing page.
// URL of the application's marketing page
MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"`
// User-specified notes relevant for the management of the application.
// User-specified notes relevant for the management of the application
Notes *string `json:"notes,omitempty" tf:"notes,omitempty"`
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.
Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"`
// An optional_claims block as documented below.
OptionalClaims []OptionalClaimsInitParameters `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"`
// A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.
// A list of object IDs of principals that will be granted ownership of the application
// +listType=set
Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"`
// If true, will return an error if an existing application is found with the same name. Defaults to false.
// If `true`, will return an error if an existing application is found with the same name
PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"`
// URL of the application's privacy statement.
// URL of the application's privacy statement
PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"`
// A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
PublicClient []PublicClientInitParameters `json:"publicClient,omitempty" tf:"public_client,omitempty"`
// A collection of required_resource_access blocks as documented below.
RequiredResourceAccess []RequiredResourceAccessInitParameters `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"`
// References application context information from a Service or Asset Management database.
// References application or service contact information from a Service or Asset Management database
ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"`
// The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.
// The Microsoft account types that are supported for the current application
SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"`
// A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
SinglePageApplication []SinglePageApplicationInitParameters `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"`
// URL of the application's support page.
// URL of the application's support page
SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"`
// A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.
// A set of tags to apply to the application
// +listType=set
Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"`
// Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
// Unique ID of the application template from which this application is created
TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"`
// URL of the application's terms of service statement.
// URL of the application's terms of service statement
TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"`
// A web block as documented below, which configures web related settings for this application.
Web []WebInitParameters `json:"web,omitempty" tf:"web,omitempty"`
}
type ApplicationObservation struct {
// An api block as documented below, which configures API related settings for this application.
API []APIObservation `json:"api,omitempty" tf:"api,omitempty"`
// A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
AppRole []AppRoleObservation `json:"appRole,omitempty" tf:"app_role,omitempty"`
// A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
// Mapping of app role names to UUIDs
// +mapType=granular
AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"`
// The Application ID (also called Client ID)
ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"`
// The Client ID for the application.
// The Client ID (also called Application ID)
ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"`
// A description of the application, as shown to end users.
// Description of the application as shown to end users
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Specifies whether this application supports device authentication without a user. Defaults to false.
// Specifies whether this application supports device authentication without a user.
DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"`
// Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement
// Whether Microsoft has disabled the registered application
DisabledByMicrosoft *string `json:"disabledByMicrosoft,omitempty" tf:"disabled_by_microsoft,omitempty"`
// The display name for the application.
// The display name for the application
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI
FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"`
// A feature_tags block as described below. Cannot be used together with the tags property.
// Block of features to configure for this application using tags
FeatureTags []FeatureTagsObservation `json:"featureTags,omitempty" tf:"feature_tags,omitempty"`
// Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects
// +listType=set
GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"`
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
// The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant
// +listType=set
IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"`
// A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
// Base64 encoded logo image in gif, png or jpeg format
LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"`
// CDN URL to the application's logo, as uploaded with the logo_image property.
// CDN URL to the application's logo
LogoURL *string `json:"logoUrl,omitempty" tf:"logo_url,omitempty"`
// URL of the application's marketing page.
// URL of the application's marketing page
MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"`
// User-specified notes relevant for the management of the application.
// User-specified notes relevant for the management of the application
Notes *string `json:"notes,omitempty" tf:"notes,omitempty"`
// A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
// Mapping of OAuth2.0 permission scope names to UUIDs
// +mapType=granular
Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"`
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.
Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"`
// The application's object ID.
// The application's object ID
ObjectID *string `json:"objectId,omitempty" tf:"object_id,omitempty"`
// An optional_claims block as documented below.
OptionalClaims []OptionalClaimsObservation `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"`
// A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.
// A list of object IDs of principals that will be granted ownership of the application
// +listType=set
Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"`
// If true, will return an error if an existing application is found with the same name. Defaults to false.
// If `true`, will return an error if an existing application is found with the same name
PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"`
// URL of the application's privacy statement.
// URL of the application's privacy statement
PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"`
// A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
PublicClient []PublicClientObservation `json:"publicClient,omitempty" tf:"public_client,omitempty"`
// The verified publisher domain for the application.
// The verified publisher domain for the application
PublisherDomain *string `json:"publisherDomain,omitempty" tf:"publisher_domain,omitempty"`
// A collection of required_resource_access blocks as documented below.
RequiredResourceAccess []RequiredResourceAccessObservation `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"`
// References application context information from a Service or Asset Management database.
// References application or service contact information from a Service or Asset Management database
ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"`
// The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.
// The Microsoft account types that are supported for the current application
SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"`
// A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
SinglePageApplication []SinglePageApplicationObservation `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"`
// URL of the application's support page.
// URL of the application's support page
SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"`
// A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.
// A set of tags to apply to the application
// +listType=set
Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"`
// Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
// Unique ID of the application template from which this application is created
TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"`
// URL of the application's terms of service statement.
// URL of the application's terms of service statement
TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"`
// A web block as documented below, which configures web related settings for this application.
Web []WebObservation `json:"web,omitempty" tf:"web,omitempty"`
}
type ApplicationParameters struct {
// An api block as documented below, which configures API related settings for this application.
// +kubebuilder:validation:Optional
API []APIParameters `json:"api,omitempty" tf:"api,omitempty"`
// A collection of app_role blocks as documented below. For more information see official documentation on Application Roles.
// +kubebuilder:validation:Optional
AppRole []AppRoleParameters `json:"appRole,omitempty" tf:"app_role,omitempty"`
// A description of the application, as shown to end users.
// Description of the application as shown to end users
// +kubebuilder:validation:Optional
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Specifies whether this application supports device authentication without a user. Defaults to false.
// Specifies whether this application supports device authentication without a user.
// +kubebuilder:validation:Optional
DeviceOnlyAuthEnabled *bool `json:"deviceOnlyAuthEnabled,omitempty" tf:"device_only_auth_enabled,omitempty"`
// The display name for the application.
// The display name for the application
// +kubebuilder:validation:Optional
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to false.
// Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI
// +kubebuilder:validation:Optional
FallbackPublicClientEnabled *bool `json:"fallbackPublicClientEnabled,omitempty" tf:"fallback_public_client_enabled,omitempty"`
// A feature_tags block as described below. Cannot be used together with the tags property.
// Block of features to configure for this application using tags
// +kubebuilder:validation:Optional
FeatureTags []FeatureTagsParameters `json:"featureTags,omitempty" tf:"feature_tags,omitempty"`
// Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects
// +kubebuilder:validation:Optional
// +listType=set
GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"`
// A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
// The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant
// +kubebuilder:validation:Optional
// +listType=set
IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"`
// A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
// Base64 encoded logo image in gif, png or jpeg format
// +kubebuilder:validation:Optional
LogoImage *string `json:"logoImage,omitempty" tf:"logo_image,omitempty"`
// URL of the application's marketing page.
// URL of the application's marketing page
// +kubebuilder:validation:Optional
MarketingURL *string `json:"marketingUrl,omitempty" tf:"marketing_url,omitempty"`
// User-specified notes relevant for the management of the application.
// User-specified notes relevant for the management of the application
// +kubebuilder:validation:Optional
Notes *string `json:"notes,omitempty" tf:"notes,omitempty"`
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed.
// Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.
// +kubebuilder:validation:Optional
Oauth2PostResponseRequired *bool `json:"oauth2PostResponseRequired,omitempty" tf:"oauth2_post_response_required,omitempty"`
// An optional_claims block as documented below.
// +kubebuilder:validation:Optional
OptionalClaims []OptionalClaimsParameters `json:"optionalClaims,omitempty" tf:"optional_claims,omitempty"`
// A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.
// A list of object IDs of principals that will be granted ownership of the application
// +kubebuilder:validation:Optional
// +listType=set
Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"`
// If true, will return an error if an existing application is found with the same name. Defaults to false.
// If `true`, will return an error if an existing application is found with the same name
// +kubebuilder:validation:Optional
PreventDuplicateNames *bool `json:"preventDuplicateNames,omitempty" tf:"prevent_duplicate_names,omitempty"`
// URL of the application's privacy statement.
// URL of the application's privacy statement
// +kubebuilder:validation:Optional
PrivacyStatementURL *string `json:"privacyStatementUrl,omitempty" tf:"privacy_statement_url,omitempty"`
// A public_client block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
// +kubebuilder:validation:Optional
PublicClient []PublicClientParameters `json:"publicClient,omitempty" tf:"public_client,omitempty"`
// A collection of required_resource_access blocks as documented below.
// +kubebuilder:validation:Optional
RequiredResourceAccess []RequiredResourceAccessParameters `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"`
// References application context information from a Service or Asset Management database.
// References application or service contact information from a Service or Asset Management database
// +kubebuilder:validation:Optional
ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"`
// The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.
// The Microsoft account types that are supported for the current application
// +kubebuilder:validation:Optional
SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"`
// A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.
// +kubebuilder:validation:Optional
SinglePageApplication []SinglePageApplicationParameters `json:"singlePageApplication,omitempty" tf:"single_page_application,omitempty"`
// URL of the application's support page.
// URL of the application's support page
// +kubebuilder:validation:Optional
SupportURL *string `json:"supportUrl,omitempty" tf:"support_url,omitempty"`
// A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.
// A set of tags to apply to the application
// +kubebuilder:validation:Optional
// +listType=set
Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"`
// Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
// Unique ID of the application template from which this application is created
// +kubebuilder:validation:Optional
TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"`
// URL of the application's terms of service statement.
// URL of the application's terms of service statement
// +kubebuilder:validation:Optional
TermsOfServiceURL *string `json:"termsOfServiceUrl,omitempty" tf:"terms_of_service_url,omitempty"`
// A web block as documented below, which configures web related settings for this application.
// +kubebuilder:validation:Optional
Web []WebParameters `json:"web,omitempty" tf:"web,omitempty"`
}
type FeatureTagsInitParameters struct {
// Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
// Whether this application represents a custom SAML application for linked service principals
CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"`
// Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
// Whether this application represents an Enterprise Application for linked service principals
Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"`
// Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
// Whether this application represents a gallery application for linked service principals
Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"`
// Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
// Whether this application is invisible to users in My Apps and Office 365 Launcher
Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"`
}
type FeatureTagsObservation struct {
// Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
// Whether this application represents a custom SAML application for linked service principals
CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"`
// Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
// Whether this application represents an Enterprise Application for linked service principals
Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"`
// Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
// Whether this application represents a gallery application for linked service principals
Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"`
// Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
// Whether this application is invisible to users in My Apps and Office 365 Launcher
Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"`
}
type FeatureTagsParameters struct {
// Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
// Whether this application represents a custom SAML application for linked service principals
// +kubebuilder:validation:Optional
CustomSingleSignOn *bool `json:"customSingleSignOn,omitempty" tf:"custom_single_sign_on,omitempty"`
// Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
// Whether this application represents an Enterprise Application for linked service principals
// +kubebuilder:validation:Optional
Enterprise *bool `json:"enterprise,omitempty" tf:"enterprise,omitempty"`
// Whether this application represents a gallery application for linked service principals. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
// Whether this application represents a gallery application for linked service principals
// +kubebuilder:validation:Optional
Gallery *bool `json:"gallery,omitempty" tf:"gallery,omitempty"`
// Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.
// Whether this application is invisible to users in My Apps and Office 365 Launcher
// +kubebuilder:validation:Optional
Hide *bool `json:"hide,omitempty" tf:"hide,omitempty"`
}
type IDTokenInitParameters struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type IDTokenObservation struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type IDTokenParameters struct {
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: cloud_displayname, dns_domain_and_sam_account_name, emit_as_roles, include_externally_authenticated_upn_without_hash, include_externally_authenticated_upn, max_size_limit, netbios_domain_and_sam_account_name, on_premise_security_identifier, sam_account_name, and use_guid.
// List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim
// +kubebuilder:validation:Optional
AdditionalProperties []*string `json:"additionalProperties,omitempty" tf:"additional_properties,omitempty"`
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
// Whether the claim specified by the client is necessary to ensure a smooth authorization experience
// +kubebuilder:validation:Optional
Essential *bool `json:"essential,omitempty" tf:"essential,omitempty"`
// The name of the optional claim.
// The name of the optional claim
// +kubebuilder:validation:Optional
Name *string `json:"name" tf:"name,omitempty"`
// The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.
// The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object
// +kubebuilder:validation:Optional
Source *string `json:"source,omitempty" tf:"source,omitempty"`
}
type ImplicitGrantInitParameters struct {
// Whether this web application can request an access token using OAuth 2.0 implicit flow.
// Whether this web application can request an access token using OAuth 2.0 implicit flow
AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"`
// Whether this web application can request an ID token using OAuth 2.0 implicit flow.
// Whether this web application can request an ID token using OAuth 2.0 implicit flow
IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"`
}
type ImplicitGrantObservation struct {
// Whether this web application can request an access token using OAuth 2.0 implicit flow.
// Whether this web application can request an access token using OAuth 2.0 implicit flow
AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"`
// Whether this web application can request an ID token using OAuth 2.0 implicit flow.
// Whether this web application can request an ID token using OAuth 2.0 implicit flow
IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"`
}
type ImplicitGrantParameters struct {
// Whether this web application can request an access token using OAuth 2.0 implicit flow.
// Whether this web application can request an access token using OAuth 2.0 implicit flow
// +kubebuilder:validation:Optional
AccessTokenIssuanceEnabled *bool `json:"accessTokenIssuanceEnabled,omitempty" tf:"access_token_issuance_enabled,omitempty"`
// Whether this web application can request an ID token using OAuth 2.0 implicit flow.
// Whether this web application can request an ID token using OAuth 2.0 implicit flow
// +kubebuilder:validation:Optional
IDTokenIssuanceEnabled *bool `json:"idTokenIssuanceEnabled,omitempty" tf:"id_token_issuance_enabled,omitempty"`
}
type Oauth2PermissionScopeInitParameters struct {
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users
AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"`
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users
AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"`
// Determines if the permission scope is enabled. Defaults to true.
// Determines if the permission scope is enabled
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the delegated permission. Must be a valid UUID.
// The unique identifier of the delegated permission
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions
Type *string `json:"type,omitempty" tf:"type,omitempty"`
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf
UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"`
// Display name for the delegated permission that appears in the end user consent experience.
// Display name for the delegated permission that appears in the end user consent experience
UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"`
// The value that is used for the scp claim in OAuth 2.0 access tokens.
// The value that is used for the `scp` claim in OAuth 2.0 access tokens
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type Oauth2PermissionScopeObservation struct {
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users
AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"`
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users
AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"`
// Determines if the permission scope is enabled. Defaults to true.
// Determines if the permission scope is enabled
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the delegated permission. Must be a valid UUID.
// The unique identifier of the delegated permission
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions
Type *string `json:"type,omitempty" tf:"type,omitempty"`
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf
UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"`
// Display name for the delegated permission that appears in the end user consent experience.
// Display name for the delegated permission that appears in the end user consent experience
UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"`
// The value that is used for the scp claim in OAuth 2.0 access tokens.
// The value that is used for the `scp` claim in OAuth 2.0 access tokens
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type Oauth2PermissionScopeParameters struct {
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
// Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users
// +kubebuilder:validation:Optional
AdminConsentDescription *string `json:"adminConsentDescription,omitempty" tf:"admin_consent_description,omitempty"`
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
// Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users
// +kubebuilder:validation:Optional
AdminConsentDisplayName *string `json:"adminConsentDisplayName,omitempty" tf:"admin_consent_display_name,omitempty"`
// Determines if the permission scope is enabled. Defaults to true.
// Determines if the permission scope is enabled
// +kubebuilder:validation:Optional
Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"`
// The unique identifier of the delegated permission. Must be a valid UUID.
// The unique identifier of the delegated permission
// +kubebuilder:validation:Optional
ID *string `json:"id" tf:"id,omitempty"`
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to User. Possible values are User or Admin.
// Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions
// +kubebuilder:validation:Optional
Type *string `json:"type,omitempty" tf:"type,omitempty"`
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
// Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf
// +kubebuilder:validation:Optional
UserConsentDescription *string `json:"userConsentDescription,omitempty" tf:"user_consent_description,omitempty"`
// Display name for the delegated permission that appears in the end user consent experience.
// Display name for the delegated permission that appears in the end user consent experience
// +kubebuilder:validation:Optional
UserConsentDisplayName *string `json:"userConsentDisplayName,omitempty" tf:"user_consent_display_name,omitempty"`
// The value that is used for the scp claim in OAuth 2.0 access tokens.
// The value that is used for the `scp` claim in OAuth 2.0 access tokens
// +kubebuilder:validation:Optional
Value *string `json:"value,omitempty" tf:"value,omitempty"`
}
type OptionalClaimsInitParameters struct {
// One or more access_token blocks as documented below.
AccessToken []AccessTokenInitParameters `json:"accessToken,omitempty" tf:"access_token,omitempty"`
// One or more id_token blocks as documented below.
IDToken []IDTokenInitParameters `json:"idToken,omitempty" tf:"id_token,omitempty"`
// One or more saml2_token blocks as documented below.
Saml2Token []Saml2TokenInitParameters `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"`
}
type OptionalClaimsObservation struct {
// One or more access_token blocks as documented below.
AccessToken []AccessTokenObservation `json:"accessToken,omitempty" tf:"access_token,omitempty"`
// One or more id_token blocks as documented below.
IDToken []IDTokenObservation `json:"idToken,omitempty" tf:"id_token,omitempty"`
// One or more saml2_token blocks as documented below.
Saml2Token []Saml2TokenObservation `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"`
}
type OptionalClaimsParameters struct {
// One or more access_token blocks as documented below.
// +kubebuilder:validation:Optional
AccessToken []AccessTokenParameters `json:"accessToken,omitempty" tf:"access_token,omitempty"`
// One or more id_token blocks as documented below.
// +kubebuilder:validation:Optional
IDToken []IDTokenParameters `json:"idToken,omitempty" tf:"id_token,omitempty"`
// One or more saml2_token blocks as documented below.
// +kubebuilder:validation:Optional
Saml2Token []Saml2TokenParameters `json:"saml2Token,omitempty" tf:"saml2_token,omitempty"`
}
type PublicClientInitParameters struct {
// A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
// The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent
// +listType=set
RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"`
}
type PublicClientObservation struct {
// A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
// The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent
// +listType=set
RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"`
}
type PublicClientParameters struct {
// A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL.
// The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent
// +kubebuilder:validation:Optional
// +listType=set
RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"`
}
type RequiredResourceAccessInitParameters struct {
// A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
ResourceAccess []ResourceAccessInitParameters `json:"resourceAccess,omitempty" tf:"resource_access,omitempty"`
// The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
ResourceAppID *string `json:"resourceAppId,omitempty" tf:"resource_app_id,omitempty"`
}
type RequiredResourceAccessObservation struct {
// A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
ResourceAccess []ResourceAccessObservation `json:"resourceAccess,omitempty" tf:"resource_access,omitempty"`
// The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
ResourceAppID *string `json:"resourceAppId,omitempty" tf:"resource_app_id,omitempty"`
}
type RequiredResourceAccessParameters struct {
// A collection of resource_access blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
// +kubebuilder:validation:Optional
ResourceAccess []ResourceAccessParameters `json:"resourceAccess" tf:"resource_access,omitempty"`
// The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.
// +kubebuilder:validation:Optional
ResourceAppID *string `json:"resourceAppId" tf:"resource_app_id,omitempty"`
}
type ResourceAccessInitParameters struct {
// The unique identifier for an app role or OAuth2 permission scope published by the resource application.
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
Type *string `json:"type,omitempty" tf:"type,omitempty"`
}
type ResourceAccessObservation struct {
// The unique identifier for an app role or OAuth2 permission scope published by the resource application.
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.
Type *string `json:"type,omitempty" tf:"type,omitempty"`
}
type ResourceAccessParameters struct {
// The unique identifier for an app role or OAuth2 permission scope published by the resource application.