apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go

// SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
//
// SPDX-License-Identifier: Apache-2.0

// Code generated by upjet. DO NOT EDIT.

package v1beta1

import (
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/runtime/schema"

	v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)

type AccessPolicyInitParameters struct {

	// A conditions block as documented below, which specifies the rules that must be met for the policy to apply.
	Conditions []ConditionsInitParameters `json:"conditions,omitempty" tf:"conditions,omitempty"`

	// The friendly name for this Conditional Access Policy.
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
	GrantControls []GrantControlsInitParameters `json:"grantControls,omitempty" tf:"grant_controls,omitempty"`

	// A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.
	SessionControls []SessionControlsInitParameters `json:"sessionControls,omitempty" tf:"session_controls,omitempty"`

	// Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced
	State *string `json:"state,omitempty" tf:"state,omitempty"`
}

type AccessPolicyObservation struct {

	// A conditions block as documented below, which specifies the rules that must be met for the policy to apply.
	Conditions []ConditionsObservation `json:"conditions,omitempty" tf:"conditions,omitempty"`

	// The friendly name for this Conditional Access Policy.
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
	GrantControls []GrantControlsObservation `json:"grantControls,omitempty" tf:"grant_controls,omitempty"`

	// The ID of the Conditional Access Policy.
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.
	SessionControls []SessionControlsObservation `json:"sessionControls,omitempty" tf:"session_controls,omitempty"`

	// Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced
	State *string `json:"state,omitempty" tf:"state,omitempty"`
}

type AccessPolicyParameters struct {

	// A conditions block as documented below, which specifies the rules that must be met for the policy to apply.
	// +kubebuilder:validation:Optional
	Conditions []ConditionsParameters `json:"conditions,omitempty" tf:"conditions,omitempty"`

	// The friendly name for this Conditional Access Policy.
	// +kubebuilder:validation:Optional
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
	// +kubebuilder:validation:Optional
	GrantControls []GrantControlsParameters `json:"grantControls,omitempty" tf:"grant_controls,omitempty"`

	// A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.
	// +kubebuilder:validation:Optional
	SessionControls []SessionControlsParameters `json:"sessionControls,omitempty" tf:"session_controls,omitempty"`

	// Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced
	// +kubebuilder:validation:Optional
	State *string `json:"state,omitempty" tf:"state,omitempty"`
}

type ApplicationsInitParameters struct {

	// A list of application IDs explicitly excluded from the policy. Can also be set to Office365.
	ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"`

	// A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.
	IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"`

	// A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.
	IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"`
}

type ApplicationsObservation struct {

	// A list of application IDs explicitly excluded from the policy. Can also be set to Office365.
	ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"`

	// A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.
	IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"`

	// A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.
	IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"`
}

type ApplicationsParameters struct {

	// A list of application IDs explicitly excluded from the policy. Can also be set to Office365.
	// +kubebuilder:validation:Optional
	ExcludedApplications []*string `json:"excludedApplications,omitempty" tf:"excluded_applications,omitempty"`

	// A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.
	// +kubebuilder:validation:Optional
	IncludedApplications []*string `json:"includedApplications,omitempty" tf:"included_applications,omitempty"`

	// A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.
	// +kubebuilder:validation:Optional
	IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"`
}

type ClientApplicationsInitParameters struct {

	// A list of service principal IDs explicitly excluded in the policy.
	ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"`

	// A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.
	IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"`
}

type ClientApplicationsObservation struct {

	// A list of service principal IDs explicitly excluded in the policy.
	ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"`

	// A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.
	IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"`
}

type ClientApplicationsParameters struct {

	// A list of service principal IDs explicitly excluded in the policy.
	// +kubebuilder:validation:Optional
	ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"`

	// A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.
	// +kubebuilder:validation:Optional
	IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"`
}

type ConditionsInitParameters struct {

	// An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.
	Applications []ApplicationsInitParameters `json:"applications,omitempty" tf:"applications,omitempty"`

	// A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.
	ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"`

	// An client_applications block as documented below, which specifies service principals included in and excluded from the policy.
	ClientApplications []ClientApplicationsInitParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"`

	// A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.
	Devices []DevicesInitParameters `json:"devices,omitempty" tf:"devices,omitempty"`

	// A locations block as documented below, which specifies locations included in and excluded from the policy.
	Locations []LocationsInitParameters `json:"locations,omitempty" tf:"locations,omitempty"`

	// A platforms block as documented below, which specifies platforms included in and excluded from the policy.
	Platforms []PlatformsInitParameters `json:"platforms,omitempty" tf:"platforms,omitempty"`

	// A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.
	ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"`

	// A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"`

	// A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"`

	// A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.
	Users []UsersInitParameters `json:"users,omitempty" tf:"users,omitempty"`
}

type ConditionsObservation struct {

	// An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.
	Applications []ApplicationsObservation `json:"applications,omitempty" tf:"applications,omitempty"`

	// A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.
	ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"`

	// An client_applications block as documented below, which specifies service principals included in and excluded from the policy.
	ClientApplications []ClientApplicationsObservation `json:"clientApplications,omitempty" tf:"client_applications,omitempty"`

	// A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.
	Devices []DevicesObservation `json:"devices,omitempty" tf:"devices,omitempty"`

	// A locations block as documented below, which specifies locations included in and excluded from the policy.
	Locations []LocationsObservation `json:"locations,omitempty" tf:"locations,omitempty"`

	// A platforms block as documented below, which specifies platforms included in and excluded from the policy.
	Platforms []PlatformsObservation `json:"platforms,omitempty" tf:"platforms,omitempty"`

	// A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.
	ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"`

	// A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"`

	// A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"`

	// A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.
	Users []UsersObservation `json:"users,omitempty" tf:"users,omitempty"`
}

type ConditionsParameters struct {

	// An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.
	// +kubebuilder:validation:Optional
	Applications []ApplicationsParameters `json:"applications" tf:"applications,omitempty"`

	// A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.
	// +kubebuilder:validation:Optional
	ClientAppTypes []*string `json:"clientAppTypes" tf:"client_app_types,omitempty"`

	// An client_applications block as documented below, which specifies service principals included in and excluded from the policy.
	// +kubebuilder:validation:Optional
	ClientApplications []ClientApplicationsParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"`

	// A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.
	// +kubebuilder:validation:Optional
	Devices []DevicesParameters `json:"devices,omitempty" tf:"devices,omitempty"`

	// A locations block as documented below, which specifies locations included in and excluded from the policy.
	// +kubebuilder:validation:Optional
	Locations []LocationsParameters `json:"locations,omitempty" tf:"locations,omitempty"`

	// A platforms block as documented below, which specifies platforms included in and excluded from the policy.
	// +kubebuilder:validation:Optional
	Platforms []PlatformsParameters `json:"platforms,omitempty" tf:"platforms,omitempty"`

	// A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.
	// +kubebuilder:validation:Optional
	ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"`

	// A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	// +kubebuilder:validation:Optional
	SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"`

	// A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.
	// +kubebuilder:validation:Optional
	UserRiskLevels []*string `json:"userRiskLevels,omitempty" tf:"user_risk_levels,omitempty"`

	// A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.
	// +kubebuilder:validation:Optional
	Users []UsersParameters `json:"users" tf:"users,omitempty"`
}

type DevicesInitParameters struct {

	// A filter block as described below.
	Filter []FilterInitParameters `json:"filter,omitempty" tf:"filter,omitempty"`
}

type DevicesObservation struct {

	// A filter block as described below.
	Filter []FilterObservation `json:"filter,omitempty" tf:"filter,omitempty"`
}

type DevicesParameters struct {

	// A filter block as described below.
	// +kubebuilder:validation:Optional
	Filter []FilterParameters `json:"filter,omitempty" tf:"filter,omitempty"`
}

type ExcludedGuestsOrExternalUsersInitParameters struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	ExternalTenants []ExternalTenantsInitParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"`
}

type ExcludedGuestsOrExternalUsersObservation struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	ExternalTenants []ExternalTenantsObservation `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"`
}

type ExcludedGuestsOrExternalUsersParameters struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	// +kubebuilder:validation:Optional
	ExternalTenants []ExternalTenantsParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	// +kubebuilder:validation:Optional
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes" tf:"guest_or_external_user_types,omitempty"`
}

type ExternalTenantsInitParameters struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"`
}

type ExternalTenantsObservation struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"`
}

type ExternalTenantsParameters struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	// +kubebuilder:validation:Optional
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	// +kubebuilder:validation:Optional
	MembershipKind *string `json:"membershipKind" tf:"membership_kind,omitempty"`
}

type FilterInitParameters struct {

	// Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude.
	Mode *string `json:"mode,omitempty" tf:"mode,omitempty"`

	// Condition filter to match devices. For more information, see official documentation.
	Rule *string `json:"rule,omitempty" tf:"rule,omitempty"`
}

type FilterObservation struct {

	// Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude.
	Mode *string `json:"mode,omitempty" tf:"mode,omitempty"`

	// Condition filter to match devices. For more information, see official documentation.
	Rule *string `json:"rule,omitempty" tf:"rule,omitempty"`
}

type FilterParameters struct {

	// Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude.
	// +kubebuilder:validation:Optional
	Mode *string `json:"mode" tf:"mode,omitempty"`

	// Condition filter to match devices. For more information, see official documentation.
	// +kubebuilder:validation:Optional
	Rule *string `json:"rule" tf:"rule,omitempty"`
}

type GrantControlsInitParameters struct {

	// ID of an Authentication Strength Policy to use in this policy.
	AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"`

	// List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.
	BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"`

	// List of custom controls IDs required by the policy.
	CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"`

	// Defines the relationship of the grant controls. Possible values are: AND, OR.
	Operator *string `json:"operator,omitempty" tf:"operator,omitempty"`

	// List of terms of use IDs required by the policy.
	TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"`
}

type GrantControlsObservation struct {

	// ID of an Authentication Strength Policy to use in this policy.
	AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"`

	// List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.
	BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"`

	// List of custom controls IDs required by the policy.
	CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"`

	// Defines the relationship of the grant controls. Possible values are: AND, OR.
	Operator *string `json:"operator,omitempty" tf:"operator,omitempty"`

	// List of terms of use IDs required by the policy.
	TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"`
}

type GrantControlsParameters struct {

	// ID of an Authentication Strength Policy to use in this policy.
	// +kubebuilder:validation:Optional
	AuthenticationStrengthPolicyID *string `json:"authenticationStrengthPolicyId,omitempty" tf:"authentication_strength_policy_id,omitempty"`

	// List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.
	// +kubebuilder:validation:Optional
	BuiltInControls []*string `json:"builtInControls,omitempty" tf:"built_in_controls,omitempty"`

	// List of custom controls IDs required by the policy.
	// +kubebuilder:validation:Optional
	CustomAuthenticationFactors []*string `json:"customAuthenticationFactors,omitempty" tf:"custom_authentication_factors,omitempty"`

	// Defines the relationship of the grant controls. Possible values are: AND, OR.
	// +kubebuilder:validation:Optional
	Operator *string `json:"operator" tf:"operator,omitempty"`

	// List of terms of use IDs required by the policy.
	// +kubebuilder:validation:Optional
	TermsOfUse []*string `json:"termsOfUse,omitempty" tf:"terms_of_use,omitempty"`
}

type IncludedGuestsOrExternalUsersExternalTenantsInitParameters struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"`
}

type IncludedGuestsOrExternalUsersExternalTenantsObservation struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	MembershipKind *string `json:"membershipKind,omitempty" tf:"membership_kind,omitempty"`
}

type IncludedGuestsOrExternalUsersExternalTenantsParameters struct {

	// A list tenant IDs. Can only be specified if membership_kind is enumerated.
	// +kubebuilder:validation:Optional
	Members []*string `json:"members,omitempty" tf:"members,omitempty"`

	// The external tenant membership kind. Possible values are: all, enumerated, unknownFutureValue.
	// +kubebuilder:validation:Optional
	MembershipKind *string `json:"membershipKind" tf:"membership_kind,omitempty"`
}

type IncludedGuestsOrExternalUsersInitParameters struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsInitParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"`
}

type IncludedGuestsOrExternalUsersObservation struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsObservation `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes,omitempty" tf:"guest_or_external_user_types,omitempty"`
}

type IncludedGuestsOrExternalUsersParameters struct {

	// An external_tenants block as documented below, which specifies external tenants in a policy scope.
	// +kubebuilder:validation:Optional
	ExternalTenants []IncludedGuestsOrExternalUsersExternalTenantsParameters `json:"externalTenants,omitempty" tf:"external_tenants,omitempty"`

	// A list of guest or external user types. Possible values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, none, otherExternalUser, serviceProvider, unknownFutureValue.
	// +kubebuilder:validation:Optional
	GuestOrExternalUserTypes []*string `json:"guestOrExternalUserTypes" tf:"guest_or_external_user_types,omitempty"`
}

type LocationsInitParameters struct {

	// A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.
	ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"`

	// A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.
	IncludedLocations []*string `json:"includedLocations,omitempty" tf:"included_locations,omitempty"`
}

type LocationsObservation struct {

	// A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.
	ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"`

	// A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.
	IncludedLocations []*string `json:"includedLocations,omitempty" tf:"included_locations,omitempty"`
}

type LocationsParameters struct {

	// A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.
	// +kubebuilder:validation:Optional
	ExcludedLocations []*string `json:"excludedLocations,omitempty" tf:"excluded_locations,omitempty"`

	// A list of location IDs in scope of policy unless explicitly excluded. Can also be set to All, or AllTrusted.
	// +kubebuilder:validation:Optional
	IncludedLocations []*string `json:"includedLocations" tf:"included_locations,omitempty"`
}

type PlatformsInitParameters struct {

	// A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"`

	// A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	IncludedPlatforms []*string `json:"includedPlatforms,omitempty" tf:"included_platforms,omitempty"`
}

type PlatformsObservation struct {

	// A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"`

	// A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	IncludedPlatforms []*string `json:"includedPlatforms,omitempty" tf:"included_platforms,omitempty"`
}

type PlatformsParameters struct {

	// A list of platforms explicitly excluded from the policy. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	// +kubebuilder:validation:Optional
	ExcludedPlatforms []*string `json:"excludedPlatforms,omitempty" tf:"excluded_platforms,omitempty"`

	// A list of platforms the policy applies to, unless explicitly excluded. Possible values are: all, android, iOS, linux, macOS, windows, windowsPhone or unknownFutureValue.
	// +kubebuilder:validation:Optional
	IncludedPlatforms []*string `json:"includedPlatforms" tf:"included_platforms,omitempty"`
}

type SessionControlsInitParameters struct {

	// Whether application enforced restrictions are enabled. Defaults to false.
	ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"`

	// Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.
	CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"`

	// Disables resilience defaults. Defaults to false.
	DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"`

	// Session control to define whether to persist cookies. Possible values are: always or never.
	PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"`

	// Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified.
	SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"`

	// Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.
	SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"`

	// The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased.
	SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"`

	// The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified.
	SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"`
}

type SessionControlsObservation struct {

	// Whether application enforced restrictions are enabled. Defaults to false.
	ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"`

	// Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.
	CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"`

	// Disables resilience defaults. Defaults to false.
	DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"`

	// Session control to define whether to persist cookies. Possible values are: always or never.
	PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"`

	// Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified.
	SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"`

	// Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.
	SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"`

	// The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased.
	SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"`

	// The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified.
	SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"`
}

type SessionControlsParameters struct {

	// Whether application enforced restrictions are enabled. Defaults to false.
	// +kubebuilder:validation:Optional
	ApplicationEnforcedRestrictionsEnabled *bool `json:"applicationEnforcedRestrictionsEnabled,omitempty" tf:"application_enforced_restrictions_enabled,omitempty"`

	// Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.
	// +kubebuilder:validation:Optional
	CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"`

	// Disables resilience defaults. Defaults to false.
	// +kubebuilder:validation:Optional
	DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"`

	// Session control to define whether to persist cookies. Possible values are: always or never.
	// +kubebuilder:validation:Optional
	PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"`

	// Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified.
	// +kubebuilder:validation:Optional
	SignInFrequency *float64 `json:"signInFrequency,omitempty" tf:"sign_in_frequency,omitempty"`

	// Authentication type for enforcing sign-in frequency. Possible values are: primaryAndSecondaryAuthentication or secondaryAuthentication. Defaults to primaryAndSecondaryAuthentication.
	// +kubebuilder:validation:Optional
	SignInFrequencyAuthenticationType *string `json:"signInFrequencyAuthenticationType,omitempty" tf:"sign_in_frequency_authentication_type,omitempty"`

	// The interval to apply to sign-in frequency control. Possible values are: timeBased or everyTime. Defaults to timeBased.
	// +kubebuilder:validation:Optional
	SignInFrequencyInterval *string `json:"signInFrequencyInterval,omitempty" tf:"sign_in_frequency_interval,omitempty"`

	// The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified.
	// +kubebuilder:validation:Optional
	SignInFrequencyPeriod *string `json:"signInFrequencyPeriod,omitempty" tf:"sign_in_frequency_period,omitempty"`
}

type UsersInitParameters struct {

	// A list of group IDs excluded from scope of policy.
	ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.
	ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersInitParameters `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"`

	// A list of role IDs excluded from scope of policy.
	ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"`

	// A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.
	ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"`

	// A list of group IDs in scope of policy unless explicitly excluded.
	IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.
	IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersInitParameters `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"`

	// A list of role IDs in scope of policy unless explicitly excluded.
	IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"`

	// A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.
	IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"`
}

type UsersObservation struct {

	// A list of group IDs excluded from scope of policy.
	ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.
	ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersObservation `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"`

	// A list of role IDs excluded from scope of policy.
	ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"`

	// A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.
	ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"`

	// A list of group IDs in scope of policy unless explicitly excluded.
	IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.
	IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersObservation `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"`

	// A list of role IDs in scope of policy unless explicitly excluded.
	IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"`

	// A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.
	IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"`
}

type UsersParameters struct {

	// A list of group IDs excluded from scope of policy.
	// +kubebuilder:validation:Optional
	ExcludedGroups []*string `json:"excludedGroups,omitempty" tf:"excluded_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users excluded from scope of policy.
	// +kubebuilder:validation:Optional
	ExcludedGuestsOrExternalUsers []ExcludedGuestsOrExternalUsersParameters `json:"excludedGuestsOrExternalUsers,omitempty" tf:"excluded_guests_or_external_users,omitempty"`

	// A list of role IDs excluded from scope of policy.
	// +kubebuilder:validation:Optional
	ExcludedRoles []*string `json:"excludedRoles,omitempty" tf:"excluded_roles,omitempty"`

	// A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.
	// +kubebuilder:validation:Optional
	ExcludedUsers []*string `json:"excludedUsers,omitempty" tf:"excluded_users,omitempty"`

	// A list of group IDs in scope of policy unless explicitly excluded.
	// +kubebuilder:validation:Optional
	IncludedGroups []*string `json:"includedGroups,omitempty" tf:"included_groups,omitempty"`

	// A guests_or_external_users block as documented below, which specifies internal guests and external users in scope of policy.
	// +kubebuilder:validation:Optional
	IncludedGuestsOrExternalUsers []IncludedGuestsOrExternalUsersParameters `json:"includedGuestsOrExternalUsers,omitempty" tf:"included_guests_or_external_users,omitempty"`

	// A list of role IDs in scope of policy unless explicitly excluded.
	// +kubebuilder:validation:Optional
	IncludedRoles []*string `json:"includedRoles,omitempty" tf:"included_roles,omitempty"`

	// A list of user IDs in scope of policy unless explicitly excluded, or None or All or GuestsOrExternalUsers.
	// +kubebuilder:validation:Optional
	IncludedUsers []*string `json:"includedUsers,omitempty" tf:"included_users,omitempty"`
}

// AccessPolicySpec defines the desired state of AccessPolicy
type AccessPolicySpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AccessPolicyParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider AccessPolicyInitParameters `json:"initProvider,omitempty"`
}

// AccessPolicyStatus defines the observed state of AccessPolicy.
type AccessPolicyStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AccessPolicyObservation `json:"atProvider,omitempty"`
}

// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:storageversion

// AccessPolicy is the Schema for the AccessPolicys API.
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azuread}
type AccessPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.conditions) || (has(self.initProvider) && has(self.initProvider.conditions))",message="spec.forProvider.conditions is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.state) || (has(self.initProvider) && has(self.initProvider.state))",message="spec.forProvider.state is a required parameter"
	Spec   AccessPolicySpec   `json:"spec"`
	Status AccessPolicyStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// AccessPolicyList contains a list of AccessPolicys
type AccessPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessPolicy `json:"items"`
}

// Repository type metadata.
var (
	AccessPolicy_Kind             = "AccessPolicy"
	AccessPolicy_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: AccessPolicy_Kind}.String()
	AccessPolicy_KindAPIVersion   = AccessPolicy_Kind + "." + CRDGroupVersion.String()
	AccessPolicy_GroupVersionKind = CRDGroupVersion.WithKind(AccessPolicy_Kind)
)

func init() {
	SchemeBuilder.Register(&AccessPolicy{}, &AccessPolicyList{})
}