diff --git a/Makefile b/Makefile index 43a21a2d..4e6b7131 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ export TERRAFORM_VERSION := 1.2.1 export TERRAFORM_PROVIDER_SOURCE := hashicorp/azuread export TERRAFORM_PROVIDER_REPO := https://github.com/hashicorp/terraform-provider-azuread -export TERRAFORM_PROVIDER_VERSION := 2.36.0 +export TERRAFORM_PROVIDER_VERSION := 2.38.0 export TERRAFORM_PROVIDER_DOWNLOAD_NAME := terraform-provider-azuread export TERRAFORM_NATIVE_PROVIDER_BINARY := terraform-provider-azuread_v$(TERRAFORM_PROVIDER_VERSION)_x5 export TERRAFORM_DOCS_PATH := docs/resources @@ -136,6 +136,11 @@ generate.init: $(TERRAFORM_PROVIDER_SCHEMA) pull-docs go.cachedir: @go env GOCACHE +go.mod.cachedir: + @go env GOMODCACHE + +.PHONY: go.mod.cachedir go.cachedir + # Generate a coverage report for cobertura applying exclusions on # - generated file cobertura: diff --git a/apis/applications/v1beta1/zz_application_types.go b/apis/applications/v1beta1/zz_application_types.go index 1ee1cd64..b37e3385 100755 --- a/apis/applications/v1beta1/zz_application_types.go +++ b/apis/applications/v1beta1/zz_application_types.go @@ -261,6 +261,10 @@ type ApplicationObservation struct { // A collection of required_resource_access blocks as documented below. RequiredResourceAccess []RequiredResourceAccessObservation `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + // References application context information from a Service or Asset Management database. + // References application or service contact information from a Service or Asset Management database + ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"` + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. // The Microsoft account types that are supported for the current application SignInAudience *string `json:"signInAudience,omitempty" tf:"sign_in_audience,omitempty"` @@ -380,6 +384,11 @@ type ApplicationParameters struct { // +kubebuilder:validation:Optional RequiredResourceAccess []RequiredResourceAccessParameters `json:"requiredResourceAccess,omitempty" tf:"required_resource_access,omitempty"` + // References application context information from a Service or Asset Management database. + // References application or service contact information from a Service or Asset Management database + // +kubebuilder:validation:Optional + ServiceManagementReference *string `json:"serviceManagementReference,omitempty" tf:"service_management_reference,omitempty"` + // The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg. // The Microsoft account types that are supported for the current application // +kubebuilder:validation:Optional diff --git a/apis/applications/v1beta1/zz_generated.deepcopy.go b/apis/applications/v1beta1/zz_generated.deepcopy.go index 3268a98d..91da2774 100644 --- a/apis/applications/v1beta1/zz_generated.deepcopy.go +++ b/apis/applications/v1beta1/zz_generated.deepcopy.go @@ -531,6 +531,11 @@ func (in *ApplicationObservation) DeepCopyInto(out *ApplicationObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServiceManagementReference != nil { + in, out := &in.ServiceManagementReference, &out.ServiceManagementReference + *out = new(string) + **out = **in + } if in.SignInAudience != nil { in, out := &in.SignInAudience, &out.SignInAudience *out = new(string) @@ -716,6 +721,11 @@ func (in *ApplicationParameters) DeepCopyInto(out *ApplicationParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServiceManagementReference != nil { + in, out := &in.ServiceManagementReference, &out.ServiceManagementReference + *out = new(string) + **out = **in + } if in.SignInAudience != nil { in, out := &in.SignInAudience, &out.SignInAudience *out = new(string) diff --git a/apis/groups/v1beta1/zz_generated.deepcopy.go b/apis/groups/v1beta1/zz_generated.deepcopy.go index 1ac1917c..67ab1903 100644 --- a/apis/groups/v1beta1/zz_generated.deepcopy.go +++ b/apis/groups/v1beta1/zz_generated.deepcopy.go @@ -231,6 +231,11 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = new(string) **out = **in } + if in.OnpremisesGroupType != nil { + in, out := &in.OnpremisesGroupType, &out.OnpremisesGroupType + *out = new(string) + **out = **in + } if in.OnpremisesNetbiosName != nil { in, out := &in.OnpremisesNetbiosName, &out.OnpremisesNetbiosName *out = new(string) @@ -320,6 +325,11 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = new(string) **out = **in } + if in.WritebackEnabled != nil { + in, out := &in.WritebackEnabled, &out.WritebackEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupObservation. @@ -420,6 +430,11 @@ func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { } } } + if in.OnpremisesGroupType != nil { + in, out := &in.OnpremisesGroupType, &out.OnpremisesGroupType + *out = new(string) + **out = **in + } if in.Owners != nil { in, out := &in.Owners, &out.Owners *out = make([]*string, len(*in)) @@ -473,6 +488,11 @@ func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { *out = new(string) **out = **in } + if in.WritebackEnabled != nil { + in, out := &in.WritebackEnabled, &out.WritebackEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupParameters. diff --git a/apis/groups/v1beta1/zz_group_types.go b/apis/groups/v1beta1/zz_group_types.go index 7bb6072c..348f1a41 100755 --- a/apis/groups/v1beta1/zz_group_types.go +++ b/apis/groups/v1beta1/zz_group_types.go @@ -41,7 +41,7 @@ type GroupObservation struct { // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` - // Indicates whether this group can be assigned to an Azure Active Directory role. Can only be true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` @@ -103,6 +103,10 @@ type GroupObservation struct { // The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used OnpremisesDomainName *string `json:"onpremisesDomainName,omitempty" tf:"onpremises_domain_name,omitempty"` + // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + // Indicates the target on-premise group type the group will be written back as + OnpremisesGroupType *string `json:"onpremisesGroupType,omitempty" tf:"onpremises_group_type,omitempty"` + // The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used. // The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used OnpremisesNetbiosName *string `json:"onpremisesNetbiosName,omitempty" tf:"onpremises_netbios_name,omitempty"` @@ -154,6 +158,10 @@ type GroupObservation struct { // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. // Specifies the group join policy and group content visibility Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` + + // Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + // Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + WritebackEnabled *bool `json:"writebackEnabled,omitempty" tf:"writeback_enabled,omitempty"` } type GroupParameters struct { @@ -163,7 +171,7 @@ type GroupParameters struct { // +kubebuilder:validation:Optional AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` - // Indicates whether this group can be assigned to an Azure Active Directory role. Can only be true for security-enabled groups. Changing this forces a new resource to be created. + // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. // Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups. // +kubebuilder:validation:Optional AssignableToRole *bool `json:"assignableToRole,omitempty" tf:"assignable_to_role,omitempty"` @@ -223,6 +231,11 @@ type GroupParameters struct { // +kubebuilder:validation:Optional Members []*string `json:"members,omitempty" tf:"members,omitempty"` + // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. + // Indicates the target on-premise group type the group will be written back as + // +kubebuilder:validation:Optional + OnpremisesGroupType *string `json:"onpremisesGroupType,omitempty" tf:"onpremises_group_type,omitempty"` + // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. // A set of owners who own this group. Supported object types are Users or Service Principals // +kubebuilder:validation:Optional @@ -257,6 +270,11 @@ type GroupParameters struct { // Specifies the group join policy and group content visibility // +kubebuilder:validation:Optional Visibility *string `json:"visibility,omitempty" tf:"visibility,omitempty"` + + // Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used. + // Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used + // +kubebuilder:validation:Optional + WritebackEnabled *bool `json:"writebackEnabled,omitempty" tf:"writeback_enabled,omitempty"` } // GroupSpec defines the desired state of Group diff --git a/config/provider-metadata.yaml b/config/provider-metadata.yaml index 09e6cf68..6074febc 100644 --- a/config/provider-metadata.yaml +++ b/config/provider-metadata.yaml @@ -1,5 +1,256 @@ name: hashicorp/azuread resources: + azuread_access_package_assignment_policy: + subCategory: Identity Governance + name: azuread_access_package_assignment_policy + title: "" + examples: + - name: test + manifest: |- + { + "access_package_id": "${azuread_access_package.test.id}", + "approval_settings": [ + { + "approval_required": true, + "approval_stage": [ + { + "approval_timeout_in_days": 14, + "primary_approver": [ + { + "object_id": "${azuread_group.test.object_id}", + "subject_type": "groupMembers" + } + ] + } + ] + } + ], + "assignment_review_settings": [ + { + "access_review_timeout_behavior": "keepAccess", + "duration_in_days": 3, + "enabled": true, + "review_frequency": "weekly", + "review_type": "Self" + } + ], + "description": "My assignment policy", + "display_name": "assignment-policy", + "duration_in_days": 90, + "question": [ + { + "text": [ + { + "default_text": "hello, how are you?" + } + ] + } + ], + "requestor_settings": [ + { + "scope_type": "AllExistingDirectoryMemberUsers" + } + ] + } + references: + access_package_id: azuread_access_package.test.id + approval_settings.approval_stage.primary_approver.object_id: azuread_group.test.object_id + dependencies: + azuread_access_package.example: |- + { + "catalog_id": "${azuread_access_package_catalog.example.id}", + "description": "Access Package", + "display_name": "access-package" + } + azuread_access_package_catalog.example: |- + { + "description": "Example catalog", + "display_name": "example-catalog" + } + azuread_group.example: |- + { + "display_name": "group-name", + "security_enabled": true + } + argumentDocs: + access_package_id: (Required) The ID of the access package that will contain the policy. + approval_settings: (Optional) An approval_settings block to specify whether approvals are required and how they are obtained, as documented below. + approval_settings.approval_required: (Optional) Whether an approval is required. + approval_settings.approval_required_for_extension: (Optional) Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply. + approval_settings.approval_stage: (Optional) An approval_stage block specifying the process to obtain an approval, as documented below. + approval_settings.approval_stage.alternative_approval_enabled: (Optional) Whether alternative approvers are enabled. + approval_settings.approval_stage.alternative_approver: (Optional) A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below. + approval_settings.approval_stage.approval_timeout_in_days: (Required) Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected. + approval_settings.approval_stage.approver_justification_required: (Optional) Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor. + approval_settings.approval_stage.enable_alternative_approval_in_days: (Optional) Number of days before the request is forwarded to alternative approvers. + approval_settings.approval_stage.primary_approver: (Optional) A block specifying the users who will be asked to approve requests, as documented below. + approval_settings.approval_stage.primary_approver.backup: (Optional) For a user in an approval stage, this property indicates whether the user is a backup fallback approver. + approval_settings.approval_stage.primary_approver.object_id: (Optional) The ID of the subject. + approval_settings.approval_stage.primary_approver.subject_type: (Required) Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors. + approval_settings.requestor_justification_required: (Optional) Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor. + assignment_review_settings: (Optional) An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below. + assignment_review_settings.access_recommendation_enabled: (Optional) Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days. + assignment_review_settings.access_review_timeout_behavior: (Optional) Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation. + assignment_review_settings.approver_justification_required: (Optional) Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor. + assignment_review_settings.duration_in_days: (Number) How many days each occurrence of the access review series will run. + assignment_review_settings.enabled: (Optional) Whether to enable assignment review. + assignment_review_settings.review_frequency: (Optional) This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual. + assignment_review_settings.review_type: (Optional) Self review or specific reviewers. Valid values are Self, or Reviewers. + assignment_review_settings.reviewer: (Optional) One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below. + assignment_review_settings.reviewer.backup: (Optional) For a user in an approval stage, this property indicates whether the user is a backup approver. + assignment_review_settings.reviewer.object_id: (Optional) The ID of the subject. + assignment_review_settings.reviewer.subject_type: (Required) Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors. + assignment_review_settings.starting_on: (Optional) This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date + description: (Required) The description of the policy. + display_name: (Required) The display name of the policy. + duration_in_days: (Optional) How many days this assignment is valid for. + expiration_date: (Optional) The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z). + extension_enabled: (Optional) Whether users will be able to request extension of their access to this package before their access expires. + id: (String) The ID of this resource. + question: (Optional) One or more question blocks for the requestor, as documented below. + question.choice: (Optional) One or more blocks configuring a choice to the question, as documented below. + question.choice.actual_value: (Required) The actual value of this choice. + question.choice.display_value: (Required) A block describing the display text of this choice, as documented below. + question.choice.display_value.default_text: (Required) The default text of this question choice. + question.choice.display_value.localized_text: (Optional) One or more blocks describing localized text of this question choice, as documented below. + question.choice.display_value.localized_text.content: (Required) The localized content of this question choice. + question.choice.display_value.localized_text.language_code: (Required) The ISO 639 language code for this question choice content. + question.required: (Optional) Whether this question is required. + question.sequence: (Optional) The sequence number of this question. + question.text: (Required) A block describing the content of this question, as documented below. + question.text.default_text: (Required) The default text of this question. + question.text.localized_text: (Optional) One or more blocks describing localized text of this question, as documented below. + question.text.localized_text.content: (Required) The localized content of this question. + question.text.localized_text.language_code: (Required) The ISO 639 language code for this question content. + requestor_settings: (Optional) A requestor_settings block to configure the users who can request access, as documented below. + requestor_settings.requestor: (Optional) A block specifying the users who are allowed to request on this policy, as documented below. + requestor_settings.requestor.object_id: (Optional) The ID of the subject. + requestor_settings.requestor.subject_type: (Required) Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors. + requestor_settings.requests_accepted: (Optional) Whether to accept requests using this policy. When false, no new requests can be made using this policy. + requestor_settings.scope_type: (Optional) Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects. + importStatements: + - terraform import azuread_access_package_assignment_policy.example 00000000-0000-0000-0000-000000000000 + azuread_access_package_catalog: + subCategory: Identity Governance + name: azuread_access_package_catalog + title: "" + examples: + - name: example + manifest: |- + { + "description": "Example access package catalog", + "display_name": "example-access-package-catalog" + } + argumentDocs: + description: '- (Required) The description of the access package catalog.' + display_name: '- (Required) The display name of the access package catalog.' + externally_visible: '- (Optional) Whether the access packages in this catalog can be requested by users outside the tenant.' + id: '- The ID of this resource.' + published: '- (Optional) Whether the access packages in this catalog are available for management.' + importStatements: [] + azuread_access_package_catalog_role_assignment: + subCategory: Identity Governance + name: azuread_access_package_catalog_role_assignment + title: "" + examples: + - name: example + manifest: |- + { + "catalog_id": "${azuread_access_package_catalog.example.id}", + "principal_object_id": "${data.azuread_user.example.object_id}", + "role_id": "${data.azuread_access_package_catalog_role.example.object_id}" + } + references: + catalog_id: azuread_access_package_catalog.example.id + principal_object_id: data.azuread_user.example.object_id + role_id: data.azuread_access_package_catalog_role.example.object_id + dependencies: + azuread_access_package_catalog.example: |- + { + "description": "Example access package catalog", + "display_name": "example-access-package-catalog" + } + argumentDocs: + catalog_id: '- (Required) The ID of the Catalog this role assignment will be scoped to. Changing this forces a new resource to be created.' + principal_object_id: '- (Required) The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.' + role_id: '- (Required) The object ID of the catalog role you want to assign. Changing this forces a new resource to be created.' + importStatements: + - terraform import azuread_access_package_catalog_role_assignment.test 00000000-0000-0000-0000-000000000000 + azuread_access_package_resource_catalog_association: + subCategory: Identity Governance + name: azuread_access_package_resource_catalog_association + title: "" + examples: + - name: example + manifest: |- + { + "catalog_id": "${azuread_access_package_catalog.example_catalog.id}", + "resource_origin_id": "${azuread_group.example_group.object_id}", + "resource_origin_system": "AadGroup" + } + references: + catalog_id: azuread_access_package_catalog.example_catalog.id + resource_origin_id: azuread_group.example_group.object_id + dependencies: + azuread_access_package_catalog.example: |- + { + "description": "Example catalog", + "display_name": "example-catalog" + } + azuread_group.example: |- + { + "display_name": "example-group", + "security_enabled": true + } + argumentDocs: + catalog_id: '- (Required) The unique ID of the access package catalog. Changing this forces a new resource to be created.' + id: '- The ID of this resource, the ID is the concatenation of catalog_id and resource_origin_id with colon in between.' + resource_origin_id: '- (Required) The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group. Changing this forces a new resource to be created.' + resource_origin_system: '- (Required) The type of the resource in the origin system, such as SharePointOnline, AadApplication or AadGroup. Changing this forces a new resource to be created.' + importStatements: [] + azuread_access_package_resource_package_association: + subCategory: Identity Governance + name: azuread_access_package_resource_package_association + title: "" + examples: + - name: example + manifest: |- + { + "access_package_id": "${azuread_access_package.example.id}", + "catalog_resource_association_id": "${azuread_access_package_resource_catalog_association.example.id}" + } + references: + access_package_id: azuread_access_package.example.id + catalog_resource_association_id: azuread_access_package_resource_catalog_association.example.id + dependencies: + azuread_access_package.example: |- + { + "catalog_id": "${azuread_access_package_catalog.example_catalog.id}", + "description": "Example Package", + "display_name": "example-package" + } + azuread_access_package_catalog.example: |- + { + "description": "Example catalog", + "display_name": "example-catalog" + } + azuread_access_package_resource_catalog_association.example: |- + { + "catalog_id": "${azuread_access_package_catalog.example_catalog.id}", + "resource_origin_id": "${azuread_group.example_group.object_id}", + "resource_origin_system": "AadGroup" + } + azuread_group.example: |- + { + "display_name": "example-group", + "security_enabled": true + } + argumentDocs: + access_package_id: '- (Required) The ID of access package this resource association is configured to. Changing this forces a new resource to be created.' + access_type: '- (Optional) The role of access type to the specified resource. Valid values are Member, or Owner The default is Member. Changing this forces a new resource to be created.' + catalog_resource_association_id: '- (Required) The ID of the catalog association from the azuread_access_package_resource_catalog_association resource. Changing this forces a new resource to be created.' + id: '- The ID of this resource. The ID is combined by four fields with colon in between, the four fields are access_package_id, this package association id, resource_origin_id and access_type.' + importStatements: [] azuread_administrative_unit: subCategory: Administrative Units name: azuread_administrative_unit @@ -44,6 +295,37 @@ resources: member_object_id: '- (Required) The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created.' importStatements: - terraform import azuread_administrative_unit_member.test 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111 + azuread_administrative_unit_role_member: + subCategory: Administrative Units + name: azuread_administrative_unit_role_member + title: "" + examples: + - name: example + manifest: |- + { + "administrative_unit_object_id": "${azuread_administrative_unit.example.id}", + "member_object_id": "${data.azuread_user.example.id}", + "role_object_id": "${azuread_directory_role.example.object_id}" + } + references: + administrative_unit_object_id: azuread_administrative_unit.example.id + member_object_id: data.azuread_user.example.id + role_object_id: azuread_directory_role.example.object_id + dependencies: + azuread_administrative_unit.example: |- + { + "display_name": "Example-AU" + } + azuread_directory_role.example: |- + { + "display_name": "Security administrator" + } + argumentDocs: + administrative_unit_object_id: '- (Required) The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.' + member_object_id: '- (Required) The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created.' + role_object_id: '- (Required) The object ID of the directory role you want to assign. Changing this forces a new resource to be created.' + importStatements: + - terraform import azuread_administrative_unit_role_member.test 00000000-0000-0000-0000-000000000000/roleMember/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS azuread_app_role_assignment: subCategory: App Role Assignments name: azuread_app_role_assignment @@ -479,6 +761,7 @@ resources: required_resource_access.resource_access.id: '- (Required) The unique identifier for an app role or OAuth2 permission scope published by the resource application.' required_resource_access.resource_access.type: '- (Required) Specifies whether the id property references an app role or an OAuth2 permission scope. Possible values are Role or Scope.' required_resource_access.resource_app_id: '- (Required) The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.' + service_management_reference: '- (Optional) References application context information from a Service or Asset Management database.' sign_in_audience: '- (Optional) The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. Defaults to AzureADMyOrg.' single_page_application: '- (Optional) A single_page_application block as documented below, which configures single-page application (SPA) related settings for this application.' single_page_application.redirect_uris: '- (Optional) A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL.' @@ -1146,7 +1429,7 @@ resources: } argumentDocs: administrative_unit_ids: '- (Optional) The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.' - assignable_to_role: '- (Optional) Indicates whether this group can be assigned to an Azure Active Directory role. Can only be true for security-enabled groups. Changing this forces a new resource to be created.' + assignable_to_role: '- (Optional) Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created.' auto_subscribe_new_members: '- (Optional) Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.' behaviors: '- (Optional) A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created.' description: '- (Optional) The description for the group.' @@ -1163,6 +1446,7 @@ resources: members: '- (Optional) A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block.' object_id: '- The object ID of the group.' onpremises_domain_name: '- The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.' + onpremises_group_type: '- (Optional) The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup.' onpremises_netbios_name: '- The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.' onpremises_sam_account_name: '- The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.' onpremises_security_identifier: '- The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.' @@ -1176,6 +1460,7 @@ resources: theme: '- (Optional) The colour theme for a Microsoft 365 group. Possible values are Blue, Green, Orange, Pink, Purple, Red or Teal. By default, no theme is set.' types: '- (Optional) A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created.' visibility: '- (Optional) The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility.' + writeback_enabled: '- (Optional) Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.' importStatements: - terraform import azuread_group.my_group 00000000-0000-0000-0000-000000000000 azuread_group_member: @@ -1864,3 +2149,23 @@ resources: user_type: '- The user type in the directory. Possible values are Guest or Member.' importStatements: - terraform import azuread_user.my_user 00000000-0000-0000-0000-000000000000 + azuread_user_flow_attribute: + subCategory: User Flows + name: azuread_user_flow_attribute + title: "" + examples: + - name: example + manifest: |- + { + "data_type": "string", + "description": "Your hobby", + "display_name": "Hobby" + } + argumentDocs: + attribute_type: '- The type of the user flow attribute. Values include builtIn, custom or required.' + data_type: '- (Required) The data type of the user flow attribute. Possible values are boolean, dateTime, int64, string or stringCollection. Changing this forces a new resource to be created.' + description: '- (Required) The description of the user flow attribute that is shown to the user at the time of sign-up.' + display_name: '- (Required) The display name of the user flow attribute. Changing this forces a new resource to be created.' + id: '- An ID used to uniquely identify this user flow attribute.' + importStatements: + - terraform import azuread_user_flow_attribute.example extension_ecc9f88db2924942b8a96f44873616fe_Hobbyjkorv diff --git a/config/schema.json b/config/schema.json index 4b7a5e96..d1917643 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/azuread":{"provider":{"version":0,"block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_password":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_path":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID which should be used for service principal authentication","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","description_kind":"plain","optional":true},"disable_terraform_partner_id":{"type":"bool","description":"Disable the Terraform Partner ID, which is used if a custom `partner_id` isn't specified","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`","description_kind":"plain","optional":true},"metadata_host":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service.","description_kind":"plain","optional":true},"msi_endpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","description_kind":"plain","optional":true},"oidc_request_token":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_request_url":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token_file_path":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"partner_id":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity","description_kind":"plain","optional":true},"use_cli":{"type":"bool","description":"Allow Azure CLI to be used for Authentication","description_kind":"plain","optional":true},"use_msi":{"type":"bool","description":"Allow Managed Identity to be used for Authentication","description_kind":"plain","optional":true},"use_oidc":{"type":"bool","description":"Allow OpenID Connect to be used for authentication","description_kind":"plain","optional":true}},"description_kind":"plain"}},"resource_schemas":{"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","required":true},"hidden_membership_enabled":{"type":"bool","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing administrative unit is found with the same name","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_app_role_assignment":{"version":0,"block":{"attributes":{"app_role_id":{"type":"string","description":"The ID of the app role to be assigned","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_display_name":{"type":"string","description":"The display name of the principal to which the app role is assigned","description_kind":"plain","computed":true},"principal_object_id":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role","description_kind":"plain","required":true},"principal_type":{"type":"string","description":"The object type of the principal to which the app role is assigned","description_kind":"plain","computed":true},"resource_display_name":{"type":"string","description":"The display name of the application representing the resource","description_kind":"plain","computed":true},"resource_object_id":{"type":"string","description":"The object ID of the service principal representing the resource","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","optional":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","optional":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","required":true},"fallback_public_client_enabled":{"type":"bool","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI","description_kind":"plain","optional":true},"group_membership_claims":{"type":["set","string"],"description":"Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["set","string"],"description":"The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","optional":true},"logo_image":{"type":"string","description":"Base64 encoded logo image in gif, png or jpeg format","description_kind":"plain","optional":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","optional":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the application","description_kind":"plain","optional":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing application is found with the same name","description_kind":"plain","optional":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","optional":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","optional":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the application","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"Unique ID of the application template from which this application is created","description_kind":"plain","optional":true,"computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","optional":true}},"block_types":{"api":{"nesting_mode":"list","block":{"attributes":{"known_client_applications":{"type":["set","string"],"description":"Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app","description_kind":"plain","optional":true},"mapped_claims_enabled":{"type":"bool","description":"Allows an application to use claims mapping without specifying a custom signing key","description_kind":"plain","optional":true},"requested_access_token_version":{"type":"number","description":"The access token version expected by this resource","description_kind":"plain","optional":true}},"block_types":{"oauth2_permission_scope":{"nesting_mode":"set","block":{"attributes":{"admin_consent_description":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"admin_consent_display_name":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Determines if the permission scope is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the delegated permission","description_kind":"plain","required":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions","description_kind":"plain","optional":true},"user_consent_description":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf","description_kind":"plain","optional":true},"user_consent_display_name":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value that is used for the `scp` claim in OAuth 2.0 access tokens","description_kind":"plain","optional":true}},"description":"One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"app_role":{"nesting_mode":"set","block":{"attributes":{"allowed_member_types":{"type":["set","string"],"description":"Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Determines if the app role is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the app role","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal","description_kind":"plain","optional":true}},"description_kind":"plain"}},"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this application represents a custom SAML application for linked service principals","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this application represents an Enterprise Application for linked service principals","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this application represents a gallery application for linked service principals","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this application is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this application using tags","description_kind":"plain"}},"optional_claims":{"nesting_mode":"list","block":{"block_types":{"access_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"id_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"saml2_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"public_client":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"required_resource_access":{"nesting_mode":"set","block":{"attributes":{"resource_app_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"resource_access":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"single_page_application":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"web":{"nesting_mode":"list","block":{"attributes":{"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"block_types":{"implicit_grant":{"nesting_mode":"list","block":{"attributes":{"access_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true},"id_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"azuread_application_certificate":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this certificate should be created","description_kind":"plain","required":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date and time are use","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argumen","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_federated_identity_credential":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this federated identity credential should be created","description_kind":"plain","required":true},"audiences":{"type":["list","string"],"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens.","description_kind":"plain","required":true},"credential_id":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description for the federated identity credential","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A unique display name for the federated identity credential","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.","description_kind":"plain","required":true},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_password":{"version":1,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this password should be created","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_pre_authorized":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application to which this pre-authorized application should be added","description_kind":"plain","required":true},"authorized_app_id":{"type":"string","description":"The application ID of the pre-authorized application","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permission_ids":{"type":["set","string"],"description":"The IDs of the permission scopes required by the pre-authorized application","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_claims_mapping_policy":{"version":0,"block":{"attributes":{"definition":{"type":["list","string"],"description":"A string collection containing a JSON string that defines the rules and settings for this policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for this policy","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"azuread_conditional_access_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description_kind":"plain","required":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"client_app_types":{"type":["list","string"],"description_kind":"plain","required":true},"sign_in_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true},"user_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"applications":{"nesting_mode":"list","block":{"attributes":{"excluded_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_user_actions":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"devices":{"nesting_mode":"list","block":{"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description_kind":"plain","required":true},"rule":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"locations":{"nesting_mode":"list","block":{"attributes":{"excluded_locations":{"type":["list","string"],"description_kind":"plain","optional":true},"included_locations":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"platforms":{"nesting_mode":"list","block":{"attributes":{"excluded_platforms":{"type":["list","string"],"description_kind":"plain","optional":true},"included_platforms":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"users":{"nesting_mode":"list","block":{"attributes":{"excluded_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_users":{"type":["list","string"],"description_kind":"plain","optional":true},"included_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"included_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"included_users":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"},"min_items":1,"max_items":1},"grant_controls":{"nesting_mode":"list","block":{"attributes":{"built_in_controls":{"type":["list","string"],"description_kind":"plain","required":true},"custom_authentication_factors":{"type":["list","string"],"description_kind":"plain","optional":true},"operator":{"type":"string","description_kind":"plain","required":true},"terms_of_use":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"session_controls":{"nesting_mode":"list","block":{"attributes":{"application_enforced_restrictions_enabled":{"type":"bool","description_kind":"plain","optional":true},"cloud_app_security_policy":{"type":"string","description_kind":"plain","optional":true},"persistent_browser_mode":{"type":"string","description_kind":"plain","optional":true},"sign_in_frequency":{"type":"number","description_kind":"plain","optional":true},"sign_in_frequency_period":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_custom_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the custom directory role","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the custom directory role","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Indicates whether the role is enabled for assignment","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The version of the role definition.","description_kind":"plain","required":true}},"block_types":{"permissions":{"nesting_mode":"set","block":{"attributes":{"allowed_resource_actions":{"type":["set","string"],"description":"Set of tasks that can be performed on a resource","description_kind":"plain","required":true}},"description":"List of permissions that are included in the custom directory role","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the directory role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the directory role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the directory role","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_assignment":{"version":0,"block":{"attributes":{"app_scope_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","optional":true,"computed":true},"app_scope_object_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"directory_scope_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"directory_scope_object_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the directory role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_member":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"azuread_group":{"version":0,"block":{"attributes":{"administrative_unit_ids":{"type":["set","string"],"description":"The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level.","description_kind":"plain","optional":true},"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups.","description_kind":"plain","optional":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","optional":true,"computed":true},"behaviors":{"type":["set","string"],"description":"The group behaviours for a Microsoft 365 group","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description for the group","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","required":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","optional":true,"computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","optional":true,"computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled","description_kind":"plain","optional":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A set of owners who own this group. Supported object types are Users or Service Principals","description_kind":"plain","optional":true,"computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing group is found with the same name","description_kind":"plain","optional":true},"provisioning_options":{"type":["set","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled","description_kind":"plain","optional":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","optional":true},"types":{"type":["set","string"],"description":"A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true","description_kind":"plain","optional":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dynamic_membership":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true},"rule":{"type":"string","description":"Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership'","description_kind":"plain","required":true}},"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group_member":{"version":0,"block":{"attributes":{"group_object_id":{"type":"string","description":"The object ID of the group you want to add the member to","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_invitation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redeem_url":{"type":"string","description":"The URL the user can use to redeem their invitation","description_kind":"plain","computed":true},"redirect_url":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed","description_kind":"plain","required":true},"user_display_name":{"type":"string","description":"The display name of the user being invited","description_kind":"plain","optional":true},"user_email_address":{"type":"string","description":"The email address of the user being invited","description_kind":"plain","required":true},"user_id":{"type":"string","description":"Object ID of the invited user","description_kind":"plain","computed":true},"user_type":{"type":"string","description":"The user type of the user being invited","description_kind":"plain","optional":true}},"block_types":{"message":{"nesting_mode":"list","block":{"attributes":{"additional_recipients":{"type":["list","string"],"description":"Email addresses of additional recipients the invitation message should be sent to","description_kind":"plain","optional":true},"body":{"type":"string","description":"Customized message body you want to send if you don't want to send the default message","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language you want to send the default message in","description_kind":"plain","optional":true}},"description":"Customize the message sent to the invited user","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_named_location":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"country":{"nesting_mode":"list","block":{"attributes":{"countries_and_regions":{"type":["list","string"],"description_kind":"plain","required":true},"include_unknown_countries_and_regions":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"ip":{"nesting_mode":"list","block":{"attributes":{"ip_ranges":{"type":["list","string"],"description_kind":"plain","required":true},"trusted":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","optional":true},"alternative_names":{"type":["set","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","optional":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","optional":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application for which to create a service principal","description_kind":"plain","required":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","optional":true},"notification_email_addresses":{"type":["set","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the service principal","description_kind":"plain","optional":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","optional":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true},"use_existing":{"type":"bool","description":"When true, the resource will return an existing service principal instead of failing with an error","description_kind":"plain","optional":true}},"block_types":{"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain"}},"features":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on_app":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise_application":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery_application":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"visible_to_users":{"type":"bool","description":"Whether this app is visible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain","deprecated":true}},"saml_single_sign_on":{"nesting_mode":"list","block":{"attributes":{"relay_state":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow","description_kind":"plain","optional":true}},"description":"Settings related to SAML single sign-on","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_certificate":{"version":0,"block":{"attributes":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_claims_mapping_policy_assignment":{"version":0,"block":{"attributes":{"claims_mapping_policy_id":{"type":"string","description":"ID of the claims mapping policy to assign","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"Object ID of the service principal for which to assign the policy","description_kind":"plain","required":true}},"description_kind":"plain"}},"azuread_service_principal_delegated_permission_grant":{"version":0,"block":{"attributes":{"claim_values":{"type":["set","string"],"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_service_principal_object_id":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed","description_kind":"plain","required":true},"service_principal_object_id":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created","description_kind":"plain","required":true},"user_object_id":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_password":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this password should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_token_signing_certificate":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A friendly name for the certificate","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.","description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).","description_kind":"plain","computed":true},"thumbprint":{"type":"string","description":"The thumbprint of the certificate.","description_kind":"plain","computed":true},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header/footer","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_job":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the synchronization job is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":["list",["object",{"expiration":"string","interval":"string","state":"string"}]],"description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization job should be created","description_kind":"plain","required":true},"template_id":{"type":"string","description":"Identifier of the synchronization template this job is based on.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_secret":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization secret should be created","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name for this key-value pair.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for this key-value pair.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"about_me":{"type":"string","description":"A freeform field for the user to describe themselves","description_kind":"plain","computed":true},"account_enabled":{"type":"bool","description":"Whether or not the account should be enabled","description_kind":"plain","optional":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","optional":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect","description_kind":"plain","optional":true,"computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","optional":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","optional":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","optional":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","optional":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","optional":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","optional":true},"disable_password_expiration":{"type":"bool","description":"Whether the users password is exempt from expiring","description_kind":"plain","optional":true},"disable_strong_password":{"type":"bool","description":"Whether the user is allowed weaker passwords than the default policy to be specified.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name to display in the address book for the user","description_kind":"plain","required":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","optional":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","optional":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","optional":true},"force_password_change":{"type":"bool","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password","description_kind":"plain","optional":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","optional":true},"mail":{"type":"string","description":"The SMTP address for the user. Cannot be unset.","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN)","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","optional":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","optional":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account","description_kind":"plain","optional":true,"computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["set","string"],"description":"Additional email addresses for the user","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","optional":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","optional":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","optional":true},"usage_location":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set","description_kind":"plain","optional":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["list","string"],"description":"A list of object IDs of members who are be present in this administrative unit.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true,"computed":true},"visibility":{"type":"string","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"api":{"type":["list",["object",{"known_client_applications":["list","string"],"mapped_claims_enabled":"bool","oauth2_permission_scopes":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"requested_access_token_version":"number"}]],"description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description":"List of app roles published by the application","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","computed":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","computed":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","optional":true,"computed":true},"fallback_public_client_enabled":{"type":"bool","description":"The fallback application type as public client, such as an installed application running on a mobile device","description_kind":"plain","computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this application using tags","description_kind":"plain","computed":true},"group_membership_claims":{"type":["list","string"],"description":"The `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["list","string"],"description":"A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","computed":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","computed":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","optional":true,"computed":true},"optional_claims":{"type":["list",["object",{"access_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"id_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"saml2_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]]}]],"description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"A list of object IDs of principals that are assigned ownership of the application","description_kind":"plain","computed":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","computed":true},"public_client":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"required_resource_access":{"type":["list",["object",{"resource_access":["list",["object",{"id":"string","type":"string"}]],"resource_app_id":"string"}]],"description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","computed":true},"single_page_application":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags applied to the application","description_kind":"plain","computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","computed":true},"web":{"type":["list",["object",{"homepage_url":"string","implicit_grant":["list",["object",{"access_token_issuance_enabled":"bool","id_token_issuance_enabled":"bool"}]],"logout_url":"string","redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_published_app_ids":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"result":{"type":["map","string"],"description":"A mapping of application names and application IDs","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_template":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"List of categories for this templated application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application template","description_kind":"plain","optional":true,"computed":true},"homepage_url":{"type":"string","description":"Home page URL of the templated application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"logo_url":{"type":"string","description":"URL to retrieve the logo for this templated application","description_kind":"plain","computed":true},"publisher":{"type":"string","description":"Name of the publisher for this templated application","description_kind":"plain","computed":true},"supported_provisioning_types":{"type":["list","string"],"description":"The provisioning modes supported by this templated application","description_kind":"plain","computed":true},"supported_single_sign_on_modes":{"type":["list","string"],"description":"The single sign on modes supported by this templated application","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The application template's ID","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_client_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client ID (application ID) linked to the authenticated principal, or the application used for delegated authentication","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the authenticated principal","description_kind":"plain","computed":true},"tenant_id":{"type":"string","description":"The tenant ID of the authenticated principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_object":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the principal","description_kind":"plain","required":true},"type":{"type":"string","description":"The OData type of the principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_roles":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the roles","description_kind":"plain","computed":true},"roles":{"type":["list",["object",{"description":"string","display_name":"string","object_id":"string","template_id":"string"}]],"description":"A list of roles","description_kind":"plain","computed":true},"template_ids":{"type":["list","string"],"description":"The template IDs of the roles","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_domains":{"version":0,"block":{"attributes":{"admin_managed":{"type":"bool","description":"Set to `true` to only return domains whose DNS is managed by Microsoft 365","description_kind":"plain","optional":true},"domains":{"type":["list",["object",{"admin_managed":"bool","authentication_type":"string","default":"bool","domain_name":"string","initial":"bool","root":"bool","supported_services":["list","string"],"verified":"bool"}]],"description":"A list of tenant domains","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_unverified":{"type":"bool","description":"Set to `true` if unverified Azure AD domains should be included","description_kind":"plain","optional":true},"only_default":{"type":"bool","description":"Set to `true` to only return the default domain","description_kind":"plain","optional":true},"only_initial":{"type":"bool","description":"Set to `true` to only return the initial domain, which is your primary Azure Active Directory tenant domain","description_kind":"plain","optional":true},"only_root":{"type":"bool","description":"Set to `true` to only return verified root domains. Excludes subdomains and unverified domains","description_kind":"plain","optional":true},"supports_services":{"type":["list","string"],"description":"A list of supported services that must be supported by a domain","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group":{"version":0,"block":{"attributes":{"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role","description_kind":"plain","computed":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","computed":true},"behaviors":{"type":["list","string"],"description":"The group behaviors for a Microsoft 365 group","description_kind":"plain","computed":true},"description":{"type":"string","description":"The optional description of the group","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","optional":true,"computed":true},"dynamic_membership":{"type":["list",["object",{"enabled":"bool","rule":"string"}]],"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain","computed":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is mail-enabled","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","computed":true},"members":{"type":["list","string"],"description":"The object IDs of the group members","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","optional":true,"computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"The object IDs of the group owners","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"provisioning_options":{"type":["list","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group","description_kind":"plain","optional":true,"computed":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","computed":true},"types":{"type":["list","string"],"description":"A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_groups":{"version":0,"block":{"attributes":{"display_name_prefix":{"type":"string","description":"Common display name prefix of the groups","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the groups","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing groups and return groups that were found. The data source will still fail if no groups are found","description_kind":"plain","optional":true},"mail_enabled":{"type":"bool","description":"Whether the groups are mail-enabled","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the groups","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Retrieve all groups with no filter","description_kind":"plain","optional":true},"security_enabled":{"type":"bool","description":"Whether the groups are security-enabled","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","computed":true},"alternative_names":{"type":["list","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","computed":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","computed":true},"features":{"type":["list",["object",{"custom_single_sign_on_app":"bool","enterprise_application":"bool","gallery_application":"bool","visible_to_users":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","deprecated":true,"computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","computed":true},"notification_email_addresses":{"type":["list","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","optional":true,"computed":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"saml_single_sign_on":{"type":["list",["object",{"relay_state":"string"}]],"description":"Settings related to SAML single sign-on","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principals":{"version":0,"block":{"attributes":{"application_ids":{"type":["list","string"],"description":"The application IDs (client IDs) of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing service principals and return the service principals that were found. The data source will still fail if no service principals are found","description_kind":"plain","optional":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the service principals","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all service principals with no filter and return all that were found. The data source will still fail if no service principals are found.","description_kind":"plain","optional":true},"service_principals":{"type":["list",["object",{"account_enabled":"bool","app_role_assignment_required":"bool","application_id":"string","application_tenant_id":"string","display_name":"string","object_id":"string","preferred_single_sign_on_mode":"string","saml_metadata_url":"string","service_principal_names":["list","string"],"sign_in_audience":"string","tags":["list","string"],"type":"string"}]],"description":"A list of service_principals","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the account is enabled","description_kind":"plain","computed":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","computed":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user","description_kind":"plain","computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","computed":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","computed":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","computed":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","computed":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","computed":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the user","description_kind":"plain","computed":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","computed":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","computed":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","computed":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","computed":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","computed":true},"mail":{"type":"string","description":"The SMTP address for the user","description_kind":"plain","computed":true},"mail_nickname":{"type":"string","description":"The email alias of the user","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","computed":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","optional":true,"computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","computed":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["list","string"],"description":"Additional email addresses for the user","description_kind":"plain","computed":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","computed":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","computed":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","computed":true},"usage_location":{"type":"string","description":"The usage location of the user","description_kind":"plain","computed":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","optional":true,"computed":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_users":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing users and return users that were found. The data source will still fail if no users are found","description_kind":"plain","optional":true},"mail_nicknames":{"type":["list","string"],"description":"The email aliases of the users","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the users","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all users with no filter and return all that were found. The data source will still fail if no users are found.","description_kind":"plain","optional":true},"user_principal_names":{"type":["list","string"],"description":"The user principal names (UPNs) of the users","description_kind":"plain","optional":true,"computed":true},"users":{"type":["list",["object",{"account_enabled":"bool","display_name":"string","mail":"string","mail_nickname":"string","object_id":"string","onpremises_immutable_id":"string","onpremises_sam_account_name":"string","onpremises_user_principal_name":"string","usage_location":"string","user_principal_name":"string"}]],"description":"A list of users","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/azuread":{"provider":{"version":0,"block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_password":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_path":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID which should be used for service principal authentication","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","description_kind":"plain","optional":true},"disable_terraform_partner_id":{"type":"bool","description":"Disable the Terraform Partner ID, which is used if a custom `partner_id` isn't specified","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`","description_kind":"plain","optional":true},"metadata_host":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service.","description_kind":"plain","optional":true},"msi_endpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","description_kind":"plain","optional":true},"oidc_request_token":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_request_url":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token_file_path":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"partner_id":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity","description_kind":"plain","optional":true},"use_cli":{"type":"bool","description":"Allow Azure CLI to be used for Authentication","description_kind":"plain","optional":true},"use_msi":{"type":"bool","description":"Allow Managed Identity to be used for Authentication","description_kind":"plain","optional":true},"use_oidc":{"type":"bool","description":"Allow OpenID Connect to be used for authentication","description_kind":"plain","optional":true}},"description_kind":"plain"}},"resource_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package will be created in","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","required":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_assignment_policy":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of the access package that will contain the policy","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the policy","description_kind":"plain","required":true},"duration_in_days":{"type":"number","description":"How many days this assignment is valid for","description_kind":"plain","optional":true},"expiration_date":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC (e.g. 2018-01-01T01:02:03Z)","description_kind":"plain","optional":true},"extension_enabled":{"type":"bool","description":"When enabled, users will be able to request extension of their access to this package before their access expires","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"approval_settings":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether an approval is required","description_kind":"plain","optional":true},"approval_required_for_extension":{"type":"bool","description":"Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply","description_kind":"plain","optional":true},"requestor_justification_required":{"type":"bool","description":"Whether requestor are required to provide a justification to request an access package. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true}},"block_types":{"approval_stage":{"nesting_mode":"list","block":{"attributes":{"alternative_approval_enabled":{"type":"bool","description":"If no action taken, forward to alternate approvers?","description_kind":"plain","optional":true},"approval_timeout_in_days":{"type":"number","description":"Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected","description_kind":"plain","required":true},"approver_justification_required":{"type":"bool","description":"Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true},"enable_alternative_approval_in_days":{"type":"number","description":"Forward to alternate approver(s) after how many days?","description_kind":"plain","optional":true}},"block_types":{"alternative_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection","description_kind":"plain"}},"primary_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection","description_kind":"plain"}}},"description":"The process to obtain an approval","description_kind":"plain"}}},"description":"Settings of whether approvals are required and how they are obtained","description_kind":"plain"},"max_items":1},"assignment_review_settings":{"nesting_mode":"list","block":{"attributes":{"access_recommendation_enabled":{"type":"bool","description":"Whether to show Show reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days","description_kind":"plain","optional":true},"access_review_timeout_behavior":{"type":"string","description":"What actions the system takes if reviewers don't respond in time","description_kind":"plain","optional":true},"approver_justification_required":{"type":"bool","description":"Whether a reviewer need provide a justification for their decision. Justification is visible to other reviewers and the requestor","description_kind":"plain","optional":true},"duration_in_days":{"type":"number","description":"How many days each occurrence of the access review series will run","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether to enable assignment review","description_kind":"plain","optional":true},"review_frequency":{"type":"string","description":"This will determine how often the access review campaign runs","description_kind":"plain","optional":true},"review_type":{"type":"string","description":"Self review or specific reviewers","description_kind":"plain","optional":true},"starting_on":{"type":"string","description":"This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date","description_kind":"plain","optional":true}},"block_types":{"reviewer":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers","description_kind":"plain"}}},"description":"The settings of whether assignment review is needed and how it's conducted","description_kind":"plain"},"max_items":1},"question":{"nesting_mode":"list","block":{"attributes":{"required":{"type":"bool","description":"Whether this question is required","description_kind":"plain","optional":true},"sequence":{"type":"number","description":"The sequence number of this question","description_kind":"plain","optional":true}},"block_types":{"choice":{"nesting_mode":"list","block":{"attributes":{"actual_value":{"type":"string","description":"The actual value of this choice","description_kind":"plain","required":true}},"block_types":{"display_value":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The display text of this choice","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of a choice to the question","description_kind":"plain"}},"text":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The content of this question","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"One or more questions to the requestor","description_kind":"plain"}},"requestor_settings":{"nesting_mode":"list","block":{"attributes":{"requests_accepted":{"type":"bool","description":"Whether to accept requests now, when disabled, no new requests can be made using this policy","description_kind":"plain","optional":true},"scope_type":{"type":"string","description":"Specify the scopes of the requestors","description_kind":"plain","optional":true}},"block_types":{"requestor":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers","description_kind":"plain"}}},"description":"This block configures the users who can request access","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","required":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role_assignment":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the catalog role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_catalog_association":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_origin_id":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group","description_kind":"plain","required":true},"resource_origin_system":{"type":"string","description":"The type of the resource in the origin system, such as SharePointOnline, AadApplication or AadGroup","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_package_association":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of access package this resource association is configured to","description_kind":"plain","required":true},"access_type":{"type":"string","description":"The role of access type to the specified resource, valid values are `Member` and `Owner`","description_kind":"plain","optional":true},"catalog_resource_association_id":{"type":"string","description":"The ID of the access package catalog association","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","required":true},"hidden_membership_enabled":{"type":"bool","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing administrative unit is found with the same name","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_role_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","required":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_app_role_assignment":{"version":0,"block":{"attributes":{"app_role_id":{"type":"string","description":"The ID of the app role to be assigned","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_display_name":{"type":"string","description":"The display name of the principal to which the app role is assigned","description_kind":"plain","computed":true},"principal_object_id":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role","description_kind":"plain","required":true},"principal_type":{"type":"string","description":"The object type of the principal to which the app role is assigned","description_kind":"plain","computed":true},"resource_display_name":{"type":"string","description":"The display name of the application representing the resource","description_kind":"plain","computed":true},"resource_object_id":{"type":"string","description":"The object ID of the service principal representing the resource","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","optional":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","optional":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","required":true},"fallback_public_client_enabled":{"type":"bool","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI","description_kind":"plain","optional":true},"group_membership_claims":{"type":["set","string"],"description":"Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["set","string"],"description":"The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","optional":true},"logo_image":{"type":"string","description":"Base64 encoded logo image in gif, png or jpeg format","description_kind":"plain","optional":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","optional":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the application","description_kind":"plain","optional":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing application is found with the same name","description_kind":"plain","optional":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","optional":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","optional":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","optional":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the application","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"Unique ID of the application template from which this application is created","description_kind":"plain","optional":true,"computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","optional":true}},"block_types":{"api":{"nesting_mode":"list","block":{"attributes":{"known_client_applications":{"type":["set","string"],"description":"Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app","description_kind":"plain","optional":true},"mapped_claims_enabled":{"type":"bool","description":"Allows an application to use claims mapping without specifying a custom signing key","description_kind":"plain","optional":true},"requested_access_token_version":{"type":"number","description":"The access token version expected by this resource","description_kind":"plain","optional":true}},"block_types":{"oauth2_permission_scope":{"nesting_mode":"set","block":{"attributes":{"admin_consent_description":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"admin_consent_display_name":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Determines if the permission scope is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the delegated permission","description_kind":"plain","required":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions","description_kind":"plain","optional":true},"user_consent_description":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf","description_kind":"plain","optional":true},"user_consent_display_name":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value that is used for the `scp` claim in OAuth 2.0 access tokens","description_kind":"plain","optional":true}},"description":"One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"app_role":{"nesting_mode":"set","block":{"attributes":{"allowed_member_types":{"type":["set","string"],"description":"Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Determines if the app role is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the app role","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal","description_kind":"plain","optional":true}},"description_kind":"plain"}},"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this application represents a custom SAML application for linked service principals","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this application represents an Enterprise Application for linked service principals","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this application represents a gallery application for linked service principals","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this application is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this application using tags","description_kind":"plain"}},"optional_claims":{"nesting_mode":"list","block":{"block_types":{"access_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"id_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"saml2_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"public_client":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"required_resource_access":{"nesting_mode":"set","block":{"attributes":{"resource_app_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"resource_access":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"single_page_application":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"web":{"nesting_mode":"list","block":{"attributes":{"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"block_types":{"implicit_grant":{"nesting_mode":"list","block":{"attributes":{"access_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true},"id_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"azuread_application_certificate":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this certificate should be created","description_kind":"plain","required":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date and time are use","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argumen","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_federated_identity_credential":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this federated identity credential should be created","description_kind":"plain","required":true},"audiences":{"type":["list","string"],"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens.","description_kind":"plain","required":true},"credential_id":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description for the federated identity credential","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A unique display name for the federated identity credential","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.","description_kind":"plain","required":true},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_password":{"version":1,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this password should be created","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_pre_authorized":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application to which this pre-authorized application should be added","description_kind":"plain","required":true},"authorized_app_id":{"type":"string","description":"The application ID of the pre-authorized application","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permission_ids":{"type":["set","string"],"description":"The IDs of the permission scopes required by the pre-authorized application","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_claims_mapping_policy":{"version":0,"block":{"attributes":{"definition":{"type":["list","string"],"description":"A string collection containing a JSON string that defines the rules and settings for this policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for this policy","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"azuread_conditional_access_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description_kind":"plain","required":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"client_app_types":{"type":["list","string"],"description_kind":"plain","required":true},"sign_in_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true},"user_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"applications":{"nesting_mode":"list","block":{"attributes":{"excluded_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_user_actions":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"devices":{"nesting_mode":"list","block":{"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description_kind":"plain","required":true},"rule":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"locations":{"nesting_mode":"list","block":{"attributes":{"excluded_locations":{"type":["list","string"],"description_kind":"plain","optional":true},"included_locations":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"platforms":{"nesting_mode":"list","block":{"attributes":{"excluded_platforms":{"type":["list","string"],"description_kind":"plain","optional":true},"included_platforms":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"users":{"nesting_mode":"list","block":{"attributes":{"excluded_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_users":{"type":["list","string"],"description_kind":"plain","optional":true},"included_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"included_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"included_users":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"},"min_items":1,"max_items":1},"grant_controls":{"nesting_mode":"list","block":{"attributes":{"built_in_controls":{"type":["list","string"],"description_kind":"plain","required":true},"custom_authentication_factors":{"type":["list","string"],"description_kind":"plain","optional":true},"operator":{"type":"string","description_kind":"plain","required":true},"terms_of_use":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"session_controls":{"nesting_mode":"list","block":{"attributes":{"application_enforced_restrictions_enabled":{"type":"bool","description_kind":"plain","optional":true},"cloud_app_security_policy":{"type":"string","description_kind":"plain","optional":true},"persistent_browser_mode":{"type":"string","description_kind":"plain","optional":true},"sign_in_frequency":{"type":"number","description_kind":"plain","optional":true},"sign_in_frequency_period":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_custom_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the custom directory role","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the custom directory role","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Indicates whether the role is enabled for assignment","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The version of the role definition.","description_kind":"plain","required":true}},"block_types":{"permissions":{"nesting_mode":"set","block":{"attributes":{"allowed_resource_actions":{"type":["set","string"],"description":"Set of tasks that can be performed on a resource","description_kind":"plain","required":true}},"description":"List of permissions that are included in the custom directory role","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the directory role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the directory role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the directory role","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_assignment":{"version":0,"block":{"attributes":{"app_scope_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","optional":true,"computed":true},"app_scope_object_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"directory_scope_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"directory_scope_object_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the directory role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_member":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"azuread_group":{"version":0,"block":{"attributes":{"administrative_unit_ids":{"type":["set","string"],"description":"The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level.","description_kind":"plain","optional":true},"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups.","description_kind":"plain","optional":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","optional":true,"computed":true},"behaviors":{"type":["set","string"],"description":"The group behaviours for a Microsoft 365 group","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description for the group","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","required":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","optional":true,"computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","optional":true,"computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled","description_kind":"plain","optional":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","optional":true,"computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A set of owners who own this group. Supported object types are Users or Service Principals","description_kind":"plain","optional":true,"computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing group is found with the same name","description_kind":"plain","optional":true},"provisioning_options":{"type":["set","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled","description_kind":"plain","optional":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","optional":true},"types":{"type":["set","string"],"description":"A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true","description_kind":"plain","optional":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","optional":true,"computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","optional":true}},"block_types":{"dynamic_membership":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true},"rule":{"type":"string","description":"Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership'","description_kind":"plain","required":true}},"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group_member":{"version":0,"block":{"attributes":{"group_object_id":{"type":"string","description":"The object ID of the group you want to add the member to","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_invitation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redeem_url":{"type":"string","description":"The URL the user can use to redeem their invitation","description_kind":"plain","computed":true},"redirect_url":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed","description_kind":"plain","required":true},"user_display_name":{"type":"string","description":"The display name of the user being invited","description_kind":"plain","optional":true},"user_email_address":{"type":"string","description":"The email address of the user being invited","description_kind":"plain","required":true},"user_id":{"type":"string","description":"Object ID of the invited user","description_kind":"plain","computed":true},"user_type":{"type":"string","description":"The user type of the user being invited","description_kind":"plain","optional":true}},"block_types":{"message":{"nesting_mode":"list","block":{"attributes":{"additional_recipients":{"type":["list","string"],"description":"Email addresses of additional recipients the invitation message should be sent to","description_kind":"plain","optional":true},"body":{"type":"string","description":"Customized message body you want to send if you don't want to send the default message","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language you want to send the default message in","description_kind":"plain","optional":true}},"description":"Customize the message sent to the invited user","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_named_location":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"country":{"nesting_mode":"list","block":{"attributes":{"countries_and_regions":{"type":["list","string"],"description_kind":"plain","required":true},"include_unknown_countries_and_regions":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"ip":{"nesting_mode":"list","block":{"attributes":{"ip_ranges":{"type":["list","string"],"description_kind":"plain","required":true},"trusted":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","optional":true},"alternative_names":{"type":["set","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","optional":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","optional":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application for which to create a service principal","description_kind":"plain","required":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","optional":true},"notification_email_addresses":{"type":["set","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the service principal","description_kind":"plain","optional":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","optional":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true},"use_existing":{"type":"bool","description":"When true, the resource will return an existing service principal instead of failing with an error","description_kind":"plain","optional":true}},"block_types":{"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain"}},"features":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on_app":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise_application":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery_application":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"visible_to_users":{"type":"bool","description":"Whether this app is visible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain","deprecated":true}},"saml_single_sign_on":{"nesting_mode":"list","block":{"attributes":{"relay_state":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow","description_kind":"plain","optional":true}},"description":"Settings related to SAML single sign-on","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_certificate":{"version":0,"block":{"attributes":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_claims_mapping_policy_assignment":{"version":0,"block":{"attributes":{"claims_mapping_policy_id":{"type":"string","description":"ID of the claims mapping policy to assign","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"Object ID of the service principal for which to assign the policy","description_kind":"plain","required":true}},"description_kind":"plain"}},"azuread_service_principal_delegated_permission_grant":{"version":0,"block":{"attributes":{"claim_values":{"type":["set","string"],"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_service_principal_object_id":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed","description_kind":"plain","required":true},"service_principal_object_id":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created","description_kind":"plain","required":true},"user_object_id":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_password":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this password should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_token_signing_certificate":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A friendly name for the certificate","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.","description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).","description_kind":"plain","computed":true},"thumbprint":{"type":"string","description":"The thumbprint of the certificate.","description_kind":"plain","computed":true},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header/footer","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_job":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the synchronization job is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":["list",["object",{"expiration":"string","interval":"string","state":"string"}]],"description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization job should be created","description_kind":"plain","required":true},"template_id":{"type":"string","description":"Identifier of the synchronization template this job is based on.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_secret":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization secret should be created","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name for this key-value pair.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for this key-value pair.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"about_me":{"type":"string","description":"A freeform field for the user to describe themselves","description_kind":"plain","computed":true},"account_enabled":{"type":"bool","description":"Whether or not the account should be enabled","description_kind":"plain","optional":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","optional":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect","description_kind":"plain","optional":true,"computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","optional":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","optional":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","optional":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","optional":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","optional":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","optional":true},"disable_password_expiration":{"type":"bool","description":"Whether the users password is exempt from expiring","description_kind":"plain","optional":true},"disable_strong_password":{"type":"bool","description":"Whether the user is allowed weaker passwords than the default policy to be specified.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name to display in the address book for the user","description_kind":"plain","required":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","optional":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","optional":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","optional":true},"force_password_change":{"type":"bool","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password","description_kind":"plain","optional":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","optional":true},"mail":{"type":"string","description":"The SMTP address for the user. Cannot be unset.","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN)","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","optional":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","optional":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account","description_kind":"plain","optional":true,"computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["set","string"],"description":"Additional email addresses for the user","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","optional":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","optional":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","optional":true},"usage_location":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set","description_kind":"plain","optional":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user_flow_attribute":{"version":0,"block":{"attributes":{"attribute_type":{"type":"string","description":"The type of the user flow attribute","description_kind":"plain","computed":true},"data_type":{"type":"string","description":"The data type of the user flow attribute","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the user flow attribute.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package is in","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","optional":true,"computed":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","optional":true,"computed":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package catalog","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the catalog role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the catalog role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the catalog role","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the catalog role","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["list","string"],"description":"A list of object IDs of members who are be present in this administrative unit.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true,"computed":true},"visibility":{"type":"string","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"api":{"type":["list",["object",{"known_client_applications":["list","string"],"mapped_claims_enabled":"bool","oauth2_permission_scopes":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"requested_access_token_version":"number"}]],"description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description":"List of app roles published by the application","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","computed":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","computed":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","optional":true,"computed":true},"fallback_public_client_enabled":{"type":"bool","description":"The fallback application type as public client, such as an installed application running on a mobile device","description_kind":"plain","computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this application using tags","description_kind":"plain","computed":true},"group_membership_claims":{"type":["list","string"],"description":"The `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["list","string"],"description":"A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","computed":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","computed":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","optional":true,"computed":true},"optional_claims":{"type":["list",["object",{"access_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"id_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"saml2_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]]}]],"description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"A list of object IDs of principals that are assigned ownership of the application","description_kind":"plain","computed":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","computed":true},"public_client":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"required_resource_access":{"type":["list",["object",{"resource_access":["list",["object",{"id":"string","type":"string"}]],"resource_app_id":"string"}]],"description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","computed":true},"single_page_application":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags applied to the application","description_kind":"plain","computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","computed":true},"web":{"type":["list",["object",{"homepage_url":"string","implicit_grant":["list",["object",{"access_token_issuance_enabled":"bool","id_token_issuance_enabled":"bool"}]],"logout_url":"string","redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_published_app_ids":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"result":{"type":["map","string"],"description":"A mapping of application names and application IDs","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_template":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"List of categories for this templated application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application template","description_kind":"plain","optional":true,"computed":true},"homepage_url":{"type":"string","description":"Home page URL of the templated application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"logo_url":{"type":"string","description":"URL to retrieve the logo for this templated application","description_kind":"plain","computed":true},"publisher":{"type":"string","description":"Name of the publisher for this templated application","description_kind":"plain","computed":true},"supported_provisioning_types":{"type":["list","string"],"description":"The provisioning modes supported by this templated application","description_kind":"plain","computed":true},"supported_single_sign_on_modes":{"type":["list","string"],"description":"The single sign on modes supported by this templated application","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The application template's ID","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_client_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client ID (application ID) linked to the authenticated principal, or the application used for delegated authentication","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the authenticated principal","description_kind":"plain","computed":true},"tenant_id":{"type":"string","description":"The tenant ID of the authenticated principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_object":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the principal","description_kind":"plain","required":true},"type":{"type":"string","description":"The OData type of the principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_roles":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the roles","description_kind":"plain","computed":true},"roles":{"type":["list",["object",{"description":"string","display_name":"string","object_id":"string","template_id":"string"}]],"description":"A list of roles","description_kind":"plain","computed":true},"template_ids":{"type":["list","string"],"description":"The template IDs of the roles","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_domains":{"version":0,"block":{"attributes":{"admin_managed":{"type":"bool","description":"Set to `true` to only return domains whose DNS is managed by Microsoft 365","description_kind":"plain","optional":true},"domains":{"type":["list",["object",{"admin_managed":"bool","authentication_type":"string","default":"bool","domain_name":"string","initial":"bool","root":"bool","supported_services":["list","string"],"verified":"bool"}]],"description":"A list of tenant domains","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_unverified":{"type":"bool","description":"Set to `true` if unverified Azure AD domains should be included","description_kind":"plain","optional":true},"only_default":{"type":"bool","description":"Set to `true` to only return the default domain","description_kind":"plain","optional":true},"only_initial":{"type":"bool","description":"Set to `true` to only return the initial domain, which is your primary Azure Active Directory tenant domain","description_kind":"plain","optional":true},"only_root":{"type":"bool","description":"Set to `true` to only return verified root domains. Excludes subdomains and unverified domains","description_kind":"plain","optional":true},"supports_services":{"type":["list","string"],"description":"A list of supported services that must be supported by a domain","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group":{"version":0,"block":{"attributes":{"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role","description_kind":"plain","computed":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","computed":true},"behaviors":{"type":["list","string"],"description":"The group behaviors for a Microsoft 365 group","description_kind":"plain","computed":true},"description":{"type":"string","description":"The optional description of the group","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","optional":true,"computed":true},"dynamic_membership":{"type":["list",["object",{"enabled":"bool","rule":"string"}]],"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain","computed":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is mail-enabled","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","computed":true},"members":{"type":["list","string"],"description":"The object IDs of the group members","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","optional":true,"computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"The object IDs of the group owners","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"provisioning_options":{"type":["list","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group","description_kind":"plain","optional":true,"computed":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","computed":true},"types":{"type":["list","string"],"description":"A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group is synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_groups":{"version":0,"block":{"attributes":{"display_name_prefix":{"type":"string","description":"Common display name prefix of the groups","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the groups","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing groups and return groups that were found. The data source will still fail if no groups are found","description_kind":"plain","optional":true},"mail_enabled":{"type":"bool","description":"Whether the groups are mail-enabled","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the groups","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Retrieve all groups with no filter","description_kind":"plain","optional":true},"security_enabled":{"type":"bool","description":"Whether the groups are security-enabled","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","computed":true},"alternative_names":{"type":["list","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","computed":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","computed":true},"features":{"type":["list",["object",{"custom_single_sign_on_app":"bool","enterprise_application":"bool","gallery_application":"bool","visible_to_users":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","deprecated":true,"computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","computed":true},"notification_email_addresses":{"type":["list","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","optional":true,"computed":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"saml_single_sign_on":{"type":["list",["object",{"relay_state":"string"}]],"description":"Settings related to SAML single sign-on","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principals":{"version":0,"block":{"attributes":{"application_ids":{"type":["list","string"],"description":"The application IDs (client IDs) of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing service principals and return the service principals that were found. The data source will still fail if no service principals are found","description_kind":"plain","optional":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the service principals","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all service principals with no filter and return all that were found. The data source will still fail if no service principals are found.","description_kind":"plain","optional":true},"service_principals":{"type":["list",["object",{"account_enabled":"bool","app_role_assignment_required":"bool","application_id":"string","application_tenant_id":"string","display_name":"string","object_id":"string","preferred_single_sign_on_mode":"string","saml_metadata_url":"string","service_principal_names":["list","string"],"sign_in_audience":"string","tags":["list","string"],"type":"string"}]],"description":"A list of service_principals","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the account is enabled","description_kind":"plain","computed":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","computed":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user","description_kind":"plain","computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","computed":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","computed":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","computed":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","computed":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","computed":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the user","description_kind":"plain","computed":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","computed":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","computed":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","computed":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","computed":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","computed":true},"mail":{"type":"string","description":"The SMTP address for the user","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The email alias of the user","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","computed":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","optional":true,"computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","computed":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["list","string"],"description":"Additional email addresses for the user","description_kind":"plain","computed":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","computed":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","computed":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","computed":true},"usage_location":{"type":"string","description":"The usage location of the user","description_kind":"plain","computed":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","optional":true,"computed":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_users":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing users and return users that were found. The data source will still fail if no users are found","description_kind":"plain","optional":true},"mail_nicknames":{"type":["list","string"],"description":"The email aliases of the users","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the users","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all users with no filter and return all that were found. The data source will still fail if no users are found.","description_kind":"plain","optional":true},"user_principal_names":{"type":["list","string"],"description":"The user principal names (UPNs) of the users","description_kind":"plain","optional":true,"computed":true},"users":{"type":["list",["object",{"account_enabled":"bool","display_name":"string","mail":"string","mail_nickname":"string","object_id":"string","onpremises_immutable_id":"string","onpremises_sam_account_name":"string","onpremises_user_principal_name":"string","usage_location":"string","user_principal_name":"string"}]],"description":"A list of users","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}}}}} diff --git a/package/crds/applications.azuread.upbound.io_applications.yaml b/package/crds/applications.azuread.upbound.io_applications.yaml index c004bd89..86d25714 100644 --- a/package/crds/applications.azuread.upbound.io_applications.yaml +++ b/package/crds/applications.azuread.upbound.io_applications.yaml @@ -517,6 +517,12 @@ spec: - resourceAppId type: object type: array + serviceManagementReference: + description: References application context information from a + Service or Asset Management database. References application + or service contact information from a Service or Asset Management + database + type: string signInAudience: description: The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, @@ -1278,6 +1284,12 @@ spec: type: string type: object type: array + serviceManagementReference: + description: References application context information from a + Service or Asset Management database. References application + or service contact information from a Service or Asset Management + database + type: string signInAudience: description: The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, diff --git a/package/crds/groups.azuread.upbound.io_groups.yaml b/package/crds/groups.azuread.upbound.io_groups.yaml index dbb40086..53741790 100644 --- a/package/crds/groups.azuread.upbound.io_groups.yaml +++ b/package/crds/groups.azuread.upbound.io_groups.yaml @@ -79,11 +79,11 @@ spec: type: array assignableToRole: description: Indicates whether this group can be assigned to an - Azure Active Directory role. Can only be true for security-enabled - groups. Changing this forces a new resource to be created. Indicates - whether this group can be assigned to an Azure Active Directory - role. This property can only be `true` for security-enabled - groups. + Azure Active Directory role. Defaults to false. Can only be + set to true for security-enabled groups. Changing this forces + a new resource to be created. Indicates whether this group can + be assigned to an Azure Active Directory role. This property + can only be `true` for security-enabled groups. type: boolean autoSubscribeNewMembers: description: Indicates whether new members added to the group @@ -179,6 +179,13 @@ spec: items: type: string type: array + onpremisesGroupType: + description: The on-premises group type that the AAD group will + be written as, when writeback is enabled. Possible values are + UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, + or UniversalSecurityGroup. Indicates the target on-premise group + type the group will be written back as + type: string owners: description: A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or @@ -238,6 +245,12 @@ spec: 365 groups will receive Public visibility. Specifies the group join policy and group content visibility type: string + writebackEnabled: + description: Whether the group will be written back to the configured + on-premises Active Directory when Azure AD Connect is used. + Whether this group should be synced from Azure AD to the on-premises + directory when Azure AD Connect is used + type: boolean type: object managementPolicy: default: FullControl @@ -445,11 +458,11 @@ spec: type: array assignableToRole: description: Indicates whether this group can be assigned to an - Azure Active Directory role. Can only be true for security-enabled - groups. Changing this forces a new resource to be created. Indicates - whether this group can be assigned to an Azure Active Directory - role. This property can only be `true` for security-enabled - groups. + Azure Active Directory role. Defaults to false. Can only be + set to true for security-enabled groups. Changing this forces + a new resource to be created. Indicates whether this group can + be assigned to an Azure Active Directory role. This property + can only be `true` for security-enabled groups. type: boolean autoSubscribeNewMembers: description: Indicates whether new members added to the group @@ -558,6 +571,13 @@ spec: is used. The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used type: string + onpremisesGroupType: + description: The on-premises group type that the AAD group will + be written as, when writeback is enabled. Possible values are + UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, + or UniversalSecurityGroup. Indicates the target on-premise group + type the group will be written back as + type: string onpremisesNetbiosName: description: The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used. The on-premises @@ -654,6 +674,12 @@ spec: 365 groups will receive Public visibility. Specifies the group join policy and group content visibility type: string + writebackEnabled: + description: Whether the group will be written back to the configured + on-premises Active Directory when Azure AD Connect is used. + Whether this group should be synced from Azure AD to the on-premises + directory when Azure AD Connect is used + type: boolean type: object conditions: description: Conditions of the resource.