From 62d45a15c965ff11d0817561c3257983d4c11eb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fatih=20T=C3=BCrken?= Date: Fri, 4 Aug 2023 12:17:40 +0300 Subject: [PATCH] Bump Terraform provider version to v2.41.0 --- Makefile | 2 +- .../v1beta1/zz_unit_types.go | 3 + .../v1beta1/zz_accesspolicy_types.go | 66 ++++++- .../v1beta1/zz_generated.deepcopy.go | 180 ++++++++++++++++++ apis/users/v1beta1/zz_user_types.go | 6 +- config/provider-metadata.yaml | 112 ++++++++++- config/schema.json | 2 +- .../administrativeunits/unit.yaml | 2 +- .../conditionalaccess/accesspolicy.yaml | 1 + ...trativeunits.azuread.upbound.io_units.yaml | 12 +- ...ess.azuread.upbound.io_accesspolicies.yaml | 121 ++++++++++-- .../crds/users.azuread.upbound.io_users.yaml | 18 +- 12 files changed, 481 insertions(+), 44 deletions(-) diff --git a/Makefile b/Makefile index 6a5206e6..68158d8a 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ export TERRAFORM_VERSION := 1.2.1 export TERRAFORM_PROVIDER_SOURCE := hashicorp/azuread export TERRAFORM_PROVIDER_REPO := https://github.com/hashicorp/terraform-provider-azuread -export TERRAFORM_PROVIDER_VERSION := 2.39.0 +export TERRAFORM_PROVIDER_VERSION := 2.41.0 export TERRAFORM_PROVIDER_DOWNLOAD_NAME := terraform-provider-azuread export TERRAFORM_NATIVE_PROVIDER_BINARY := terraform-provider-azuread_v$(TERRAFORM_PROVIDER_VERSION)_x5 export TERRAFORM_DOCS_PATH := docs/resources diff --git a/apis/administrativeunits/v1beta1/zz_unit_types.go b/apis/administrativeunits/v1beta1/zz_unit_types.go index 9160f1ee..763d1898 100755 --- a/apis/administrativeunits/v1beta1/zz_unit_types.go +++ b/apis/administrativeunits/v1beta1/zz_unit_types.go @@ -23,6 +23,7 @@ type UnitInitParameters struct { // The display name for the administrative unit DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Whether the administrative unit and its members are hidden or publicly viewable in the directory. // Whether the administrative unit and its members are hidden or publicly viewable in the directory HiddenMembershipEnabled *bool `json:"hiddenMembershipEnabled,omitempty" tf:"hidden_membership_enabled,omitempty"` @@ -44,6 +45,7 @@ type UnitObservation struct { // The display name for the administrative unit DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Whether the administrative unit and its members are hidden or publicly viewable in the directory. // Whether the administrative unit and its members are hidden or publicly viewable in the directory HiddenMembershipEnabled *bool `json:"hiddenMembershipEnabled,omitempty" tf:"hidden_membership_enabled,omitempty"` @@ -73,6 +75,7 @@ type UnitParameters struct { // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Whether the administrative unit and its members are hidden or publicly viewable in the directory. // Whether the administrative unit and its members are hidden or publicly viewable in the directory // +kubebuilder:validation:Optional HiddenMembershipEnabled *bool `json:"hiddenMembershipEnabled,omitempty" tf:"hidden_membership_enabled,omitempty"` diff --git a/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go b/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go index 8f99a479..1fab3033 100755 --- a/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go +++ b/apis/conditionalaccess/v1beta1/zz_accesspolicy_types.go @@ -114,6 +114,35 @@ type ApplicationsParameters struct { IncludedUserActions []*string `json:"includedUserActions,omitempty" tf:"included_user_actions,omitempty"` } +type ClientApplicationsInitParameters struct { + + // A list of service principal IDs explicitly excluded in the policy. + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + +type ClientApplicationsObservation struct { + + // A list of service principal IDs explicitly excluded in the policy. + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + +type ClientApplicationsParameters struct { + + // A list of service principal IDs explicitly excluded in the policy. + // +kubebuilder:validation:Optional + ExcludedServicePrincipals []*string `json:"excludedServicePrincipals,omitempty" tf:"excluded_service_principals,omitempty"` + + // A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set. + // +kubebuilder:validation:Optional + IncludedServicePrincipals []*string `json:"includedServicePrincipals,omitempty" tf:"included_service_principals,omitempty"` +} + type ConditionsInitParameters struct { // An applications block as documented below, which specifies applications and user actions included in and excluded from the policy. @@ -122,6 +151,9 @@ type ConditionsInitParameters struct { // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + ClientApplications []ClientApplicationsInitParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. Devices []DevicesInitParameters `json:"devices,omitempty" tf:"devices,omitempty"` @@ -131,7 +163,10 @@ type ConditionsInitParameters struct { // A platforms block as documented below, which specifies platforms included in and excluded from the policy. Platforms []PlatformsInitParameters `json:"platforms,omitempty" tf:"platforms,omitempty"` - // A list of sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. @@ -149,6 +184,9 @@ type ConditionsObservation struct { // A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other. ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + ClientApplications []ClientApplicationsObservation `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. Devices []DevicesObservation `json:"devices,omitempty" tf:"devices,omitempty"` @@ -158,7 +196,10 @@ type ConditionsObservation struct { // A platforms block as documented below, which specifies platforms included in and excluded from the policy. Platforms []PlatformsObservation `json:"platforms,omitempty" tf:"platforms,omitempty"` - // A list of sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` // A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. @@ -178,6 +219,10 @@ type ConditionsParameters struct { // +kubebuilder:validation:Optional ClientAppTypes []*string `json:"clientAppTypes,omitempty" tf:"client_app_types,omitempty"` + // An client_applications block as documented below, which specifies service principals included in and excluded from the policy. + // +kubebuilder:validation:Optional + ClientApplications []ClientApplicationsParameters `json:"clientApplications,omitempty" tf:"client_applications,omitempty"` + // A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created. // +kubebuilder:validation:Optional Devices []DevicesParameters `json:"devices,omitempty" tf:"devices,omitempty"` @@ -190,7 +235,11 @@ type ConditionsParameters struct { // +kubebuilder:validation:Optional Platforms []PlatformsParameters `json:"platforms,omitempty" tf:"platforms,omitempty"` - // A list of sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. + // A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue. + // +kubebuilder:validation:Optional + ServicePrincipalRiskLevels []*string `json:"servicePrincipalRiskLevels,omitempty" tf:"service_principal_risk_levels,omitempty"` + + // A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue. // +kubebuilder:validation:Optional SignInRiskLevels []*string `json:"signInRiskLevels,omitempty" tf:"sign_in_risk_levels,omitempty"` @@ -366,6 +415,9 @@ type SessionControlsInitParameters struct { // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + // Disables resilience defaults. Defaults to false. + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + // Session control to define whether to persist cookies or not. Possible values are: always or never. PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` @@ -384,6 +436,9 @@ type SessionControlsObservation struct { // Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue. CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + // Disables resilience defaults. Defaults to false. + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + // Session control to define whether to persist cookies or not. Possible values are: always or never. PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` @@ -404,6 +459,10 @@ type SessionControlsParameters struct { // +kubebuilder:validation:Optional CloudAppSecurityPolicy *string `json:"cloudAppSecurityPolicy,omitempty" tf:"cloud_app_security_policy,omitempty"` + // Disables resilience defaults. Defaults to false. + // +kubebuilder:validation:Optional + DisableResilienceDefaults *bool `json:"disableResilienceDefaults,omitempty" tf:"disable_resilience_defaults,omitempty"` + // Session control to define whether to persist cookies or not. Possible values are: always or never. // +kubebuilder:validation:Optional PersistentBrowserMode *string `json:"persistentBrowserMode,omitempty" tf:"persistent_browser_mode,omitempty"` @@ -524,7 +583,6 @@ type AccessPolicy struct { metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.conditions) || has(self.initProvider.conditions)",message="conditions is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || has(self.initProvider.displayName)",message="displayName is a required parameter" - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.grantControls) || has(self.initProvider.grantControls)",message="grantControls is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.state) || has(self.initProvider.state)",message="state is a required parameter" Spec AccessPolicySpec `json:"spec"` Status AccessPolicyStatus `json:"status,omitempty"` diff --git a/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go b/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go index c6324e98..c0fbec83 100644 --- a/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go +++ b/apis/conditionalaccess/v1beta1/zz_generated.deepcopy.go @@ -394,6 +394,117 @@ func (in *ApplicationsParameters) DeepCopy() *ApplicationsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsInitParameters) DeepCopyInto(out *ClientApplicationsInitParameters) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsInitParameters. +func (in *ClientApplicationsInitParameters) DeepCopy() *ClientApplicationsInitParameters { + if in == nil { + return nil + } + out := new(ClientApplicationsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsObservation) DeepCopyInto(out *ClientApplicationsObservation) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsObservation. +func (in *ClientApplicationsObservation) DeepCopy() *ClientApplicationsObservation { + if in == nil { + return nil + } + out := new(ClientApplicationsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientApplicationsParameters) DeepCopyInto(out *ClientApplicationsParameters) { + *out = *in + if in.ExcludedServicePrincipals != nil { + in, out := &in.ExcludedServicePrincipals, &out.ExcludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludedServicePrincipals != nil { + in, out := &in.IncludedServicePrincipals, &out.IncludedServicePrincipals + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientApplicationsParameters. +func (in *ClientApplicationsParameters) DeepCopy() *ClientApplicationsParameters { + if in == nil { + return nil + } + out := new(ClientApplicationsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionsInitParameters) DeepCopyInto(out *ConditionsInitParameters) { *out = *in @@ -415,6 +526,13 @@ func (in *ConditionsInitParameters) DeepCopyInto(out *ConditionsInitParameters) } } } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = make([]ClientApplicationsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Devices != nil { in, out := &in.Devices, &out.Devices *out = make([]DevicesInitParameters, len(*in)) @@ -436,6 +554,17 @@ func (in *ConditionsInitParameters) DeepCopyInto(out *ConditionsInitParameters) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SignInRiskLevels != nil { in, out := &in.SignInRiskLevels, &out.SignInRiskLevels *out = make([]*string, len(*in)) @@ -498,6 +627,13 @@ func (in *ConditionsObservation) DeepCopyInto(out *ConditionsObservation) { } } } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = make([]ClientApplicationsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Devices != nil { in, out := &in.Devices, &out.Devices *out = make([]DevicesObservation, len(*in)) @@ -519,6 +655,17 @@ func (in *ConditionsObservation) DeepCopyInto(out *ConditionsObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SignInRiskLevels != nil { in, out := &in.SignInRiskLevels, &out.SignInRiskLevels *out = make([]*string, len(*in)) @@ -581,6 +728,13 @@ func (in *ConditionsParameters) DeepCopyInto(out *ConditionsParameters) { } } } + if in.ClientApplications != nil { + in, out := &in.ClientApplications, &out.ClientApplications + *out = make([]ClientApplicationsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Devices != nil { in, out := &in.Devices, &out.Devices *out = make([]DevicesParameters, len(*in)) @@ -602,6 +756,17 @@ func (in *ConditionsParameters) DeepCopyInto(out *ConditionsParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServicePrincipalRiskLevels != nil { + in, out := &in.ServicePrincipalRiskLevels, &out.ServicePrincipalRiskLevels + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SignInRiskLevels != nil { in, out := &in.SignInRiskLevels, &out.SignInRiskLevels *out = make([]*string, len(*in)) @@ -1565,6 +1730,11 @@ func (in *SessionControlsInitParameters) DeepCopyInto(out *SessionControlsInitPa *out = new(string) **out = **in } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } if in.PersistentBrowserMode != nil { in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode *out = new(string) @@ -1605,6 +1775,11 @@ func (in *SessionControlsObservation) DeepCopyInto(out *SessionControlsObservati *out = new(string) **out = **in } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } if in.PersistentBrowserMode != nil { in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode *out = new(string) @@ -1645,6 +1820,11 @@ func (in *SessionControlsParameters) DeepCopyInto(out *SessionControlsParameters *out = new(string) **out = **in } + if in.DisableResilienceDefaults != nil { + in, out := &in.DisableResilienceDefaults, &out.DisableResilienceDefaults + *out = new(bool) + **out = **in + } if in.PersistentBrowserMode != nil { in, out := &in.PersistentBrowserMode, &out.PersistentBrowserMode *out = new(string) diff --git a/apis/users/v1beta1/zz_user_types.go b/apis/users/v1beta1/zz_user_types.go index 97f11cb0..f97b2707 100755 --- a/apis/users/v1beta1/zz_user_types.go +++ b/apis/users/v1beta1/zz_user_types.go @@ -43,7 +43,7 @@ type UserInitParameters struct { // The cost center associated with the user. CostCenter *string `json:"costCenter,omitempty" tf:"cost_center,omitempty"` - // The country/region in which the user is located, e.g. US or UK. + // The country/region in which the user is located. Examples include: NO, JP, and GB. // The country/region in which the user is located, e.g. `US` or `UK` Country *string `json:"country,omitempty" tf:"country,omitempty"` @@ -185,7 +185,7 @@ type UserObservation struct { // The cost center associated with the user. CostCenter *string `json:"costCenter,omitempty" tf:"cost_center,omitempty"` - // The country/region in which the user is located, e.g. US or UK. + // The country/region in which the user is located. Examples include: NO, JP, and GB. // The country/region in which the user is located, e.g. `US` or `UK` Country *string `json:"country,omitempty" tf:"country,omitempty"` @@ -381,7 +381,7 @@ type UserParameters struct { // +kubebuilder:validation:Optional CostCenter *string `json:"costCenter,omitempty" tf:"cost_center,omitempty"` - // The country/region in which the user is located, e.g. US or UK. + // The country/region in which the user is located. Examples include: NO, JP, and GB. // The country/region in which the user is located, e.g. `US` or `UK` // +kubebuilder:validation:Optional Country *string `json:"country,omitempty" tf:"country,omitempty"` diff --git a/config/provider-metadata.yaml b/config/provider-metadata.yaml index 6074febc..c4d77fe8 100644 --- a/config/provider-metadata.yaml +++ b/config/provider-metadata.yaml @@ -95,7 +95,7 @@ resources: assignment_review_settings.duration_in_days: (Number) How many days each occurrence of the access review series will run. assignment_review_settings.enabled: (Optional) Whether to enable assignment review. assignment_review_settings.review_frequency: (Optional) This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual. - assignment_review_settings.review_type: (Optional) Self review or specific reviewers. Valid values are Self, or Reviewers. + assignment_review_settings.review_type: (Optional) Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self. assignment_review_settings.reviewer: (Optional) One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below. assignment_review_settings.reviewer.backup: (Optional) For a user in an approval stage, this property indicates whether the user is a backup approver. assignment_review_settings.reviewer.object_id: (Optional) The ID of the subject. @@ -261,14 +261,14 @@ resources: { "description": "Just an example", "display_name": "Example-AU", - "visibility": "Public" + "hidden_membership_enabled": false } argumentDocs: description: '- (Optional) The description of the administrative unit.' display_name: '- (Required) The display name of the administrative unit.' + hidden_membership_enabled: '- (Optional) Whether the administrative unit and its members are hidden or publicly viewable in the directory.' members: '- (Optional) A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups.' object_id: '- The object ID of the administrative unit.' - visibility: '- (Optional) Whether the administrative unit and its members are hidden or publicly viewable in the directory. Must be one of: Hiddenmembership or Public. Defaults to Public.' importStatements: - terraform import azuread_administrative_unit.example 00000000-0000-0000-0000-000000000000 azuread_administrative_unit_member: @@ -1147,33 +1147,127 @@ resources: { "application_enforced_restrictions_enabled": true, "cloud_app_security_policy": "monitorOnly", + "disable_resilience_defaults": false, "sign_in_frequency": 10, "sign_in_frequency_period": "hours" } ], "state": "disabled" } + - name: example + manifest: |- + { + "conditions": [ + { + "applications": [ + { + "included_applications": [ + "All" + ] + } + ], + "client_app_types": [ + "all" + ], + "client_applications": [ + { + "excluded_service_principals": [], + "included_service_principals": [ + "${data.azuread_client_config.current.object_id}" + ] + } + ], + "users": [ + { + "included_users": [ + "None" + ] + } + ] + } + ], + "display_name": "example policy", + "grant_controls": [ + { + "built_in_controls": [ + "block" + ], + "operator": "OR" + } + ], + "state": "disabled" + } + - name: example + manifest: |- + { + "conditions": [ + { + "applications": [ + { + "included_applications": [ + "All" + ] + } + ], + "client_app_types": [ + "all" + ], + "client_applications": [ + { + "excluded_service_principals": [ + "${data.azuread_client_config.current.object_id}" + ], + "included_service_principals": [ + "ServicePrincipalsInMyTenant" + ] + } + ], + "users": [ + { + "included_users": [ + "None" + ] + } + ] + } + ], + "display_name": "example policy", + "grant_controls": [ + { + "built_in_controls": [ + "block" + ], + "operator": "OR" + } + ], + "state": "disabled" + } argumentDocs: + client_applications.excluded_service_principals: '- (Optional) A list of service principal IDs explicitly excluded in the policy.' + client_applications.included_service_principals: '- (Optional) A list of service principal IDs explicitly included in the policy. Can be set to ServicePrincipalsInMyTenant to include all service principals. This is mandatory value when at least one excluded_service_principals is set.' conditions: '- (Required) A conditions block as documented below, which specifies the rules that must be met for the policy to apply.' conditions.applications: '- (Required) An applications block as documented below, which specifies applications and user actions included in and excluded from the policy.' conditions.applications.excluded_applications: '- (Optional) A list of application IDs explicitly excluded from the policy. Can also be set to Office365.' conditions.applications.included_applications: '- (Optional) A list of application IDs the policy applies to, unless explicitly excluded (in excluded_applications). Can also be set to All, None or Office365. Cannot be specified with included_user_actions. One of included_applications or included_user_actions must be specified.' conditions.applications.included_user_actions: '- (Optional) A list of user actions to include. Supported values are urn:user:registerdevice and urn:user:registersecurityinfo. Cannot be specified with included_applications. One of included_applications or included_user_actions must be specified.' conditions.client_app_types: '- (Required) A list of client application types included in the policy. Possible values are: all, browser, mobileAppsAndDesktopClients, exchangeActiveSync, easSupported and other.' + conditions.client_applications: '- (Optional) An client_applications block as documented below, which specifies service principals included in and excluded from the policy.' conditions.devices: '- (Optional) A devices block as documented below, which describes devices to be included in and excluded from the policy. A devices block can be added to an existing policy, but removing the devices block forces a new resource to be created.' - conditions.locations: '- (Required) A locations block as documented below, which specifies locations included in and excluded from the policy.' - conditions.platforms: '- (Required) A platforms block as documented below, which specifies platforms included in and excluded from the policy.' - conditions.sign_in_risk_levels: '- (Optional) A list of sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.' + conditions.locations: '- (Optional) A locations block as documented below, which specifies locations included in and excluded from the policy.' + conditions.platforms: '- (Optional) A platforms block as documented below, which specifies platforms included in and excluded from the policy.' + conditions.service_principal_risk_levels: '- (Optional) A list of service principal sign-in risk levels included in the policy. Possible values are: low, medium, high, none, unknownFutureValue.' + conditions.sign_in_risk_levels: '- (Optional) A list of user sign-in risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.' conditions.user_risk_levels: '- (Optional) A list of user risk levels included in the policy. Possible values are: low, medium, high, hidden, none, unknownFutureValue.' conditions.users: '- (Required) A users block as documented below, which specifies users, groups, and roles included in and excluded from the policy.' devices.filter: '- (Optional) A filter block as described below. A filter block can be added to an existing policy, but removing the filter block forces a new resource to be created.' devices.filter.mode: '- (Required) Whether to include in, or exclude from, matching devices from the policy. Supported values are include or exclude.' devices.filter.rule: '- (Required) Condition filter to match devices. For more information, see official documentation.' display_name: '- (Required) The friendly name for this Conditional Access Policy.' - grant_controls: '- (Required) A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.' + grant_controls: '- (Optional) A grant_controls block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.' grant_controls.built_in_controls: '- (Required) List of built-in controls required by the policy. Possible values are: block, mfa, approvedApplication, compliantApplication, compliantDevice, domainJoinedDevice, passwordChange or unknownFutureValue.' grant_controls.custom_authentication_factors: '- (Optional) List of custom controls IDs required by the policy.' grant_controls.operator: '- (Required) Defines the relationship of the grant controls. Possible values are: AND, OR.' + grant_controls.state: '- (Required) Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced' grant_controls.terms_of_use: '- (Optional) List of terms of use IDs required by the policy.' id: '- The ID of the Conditional Access Policy.' locations.excluded_locations: '- (Optional) A list of location IDs excluded from scope of policy. Can also be set to AllTrusted.' @@ -1183,10 +1277,10 @@ resources: session_controls: '- (Optional) A session_controls block as documented below, which specifies the session controls that are enforced after sign-in.' session_controls.application_enforced_restrictions_enabled: '- (Optional) Whether or not application enforced restrictions are enabled. Defaults to false.' session_controls.cloud_app_security_policy: '- (Optional) Enables cloud app security and specifies the cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.' + session_controls.disable_resilience_defaults: '- (Optional) Disables resilience defaults. Defaults to false.' session_controls.persistent_browser_mode: '- (Optional) Session control to define whether to persist cookies or not. Possible values are: always or never.' session_controls.sign_in_frequency: '- (Optional) Number of days or hours to enforce sign-in frequency. Required when sign_in_frequency_period is specified. Due to an API issue, removing this property forces a new resource to be created.' session_controls.sign_in_frequency_period: '- (Optional) The time period to enforce sign-in frequency. Possible values are: hours or days. Required when sign_in_frequency_period is specified. Due to an API issue, removing this property forces a new resource to be created.' - state: '- (Required) Specifies the state of the policy object. Possible values are: enabled, disabled and enabledForReportingButNotEnforced' users.excluded_groups: '- (Optional) A list of group IDs excluded from scope of policy.' users.excluded_roles: '- (Optional) A list of role IDs excluded from scope of policy.' users.excluded_users: '- (Optional) A list of user IDs excluded from scope of policy and/or GuestsOrExternalUsers.' @@ -2107,7 +2201,7 @@ resources: company_name: '- (Optional) The company name which the user is associated. This property can be useful for describing the company that an external user comes from.' consent_provided_for_minor: '- (Optional) Whether consent has been obtained for minors. Supported values are Granted, Denied and NotRequired. Omit this property or specify a blank string to unset.' cost_center: '- (Optional) The cost center associated with the user.' - country: '- (Optional) The country/region in which the user is located, e.g. US or UK.' + country: '- (Optional) The country/region in which the user is located. Examples include: NO, JP, and GB.' creation_type: '- Indicates whether the user account was created as a regular school or work account (null), an external account (Invitation), a local account for an Azure Active Directory B2C tenant (LocalAccount) or self-service sign-up using email verification (EmailVerified).' department: '- (Optional) The name for the department in which the user works.' disable_password_expiration: '- (Optional) Whether the user''s password is exempt from expiring. Defaults to false.' diff --git a/config/schema.json b/config/schema.json index d1917643..1ec9b54f 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/azuread":{"provider":{"version":0,"block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_password":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_path":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID which should be used for service principal authentication","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","description_kind":"plain","optional":true},"disable_terraform_partner_id":{"type":"bool","description":"Disable the Terraform Partner ID, which is used if a custom `partner_id` isn't specified","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`","description_kind":"plain","optional":true},"metadata_host":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service.","description_kind":"plain","optional":true},"msi_endpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","description_kind":"plain","optional":true},"oidc_request_token":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_request_url":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token_file_path":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"partner_id":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity","description_kind":"plain","optional":true},"use_cli":{"type":"bool","description":"Allow Azure CLI to be used for Authentication","description_kind":"plain","optional":true},"use_msi":{"type":"bool","description":"Allow Managed Identity to be used for Authentication","description_kind":"plain","optional":true},"use_oidc":{"type":"bool","description":"Allow OpenID Connect to be used for authentication","description_kind":"plain","optional":true}},"description_kind":"plain"}},"resource_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package will be created in","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","required":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_assignment_policy":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of the access package that will contain the policy","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the policy","description_kind":"plain","required":true},"duration_in_days":{"type":"number","description":"How many days this assignment is valid for","description_kind":"plain","optional":true},"expiration_date":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC (e.g. 2018-01-01T01:02:03Z)","description_kind":"plain","optional":true},"extension_enabled":{"type":"bool","description":"When enabled, users will be able to request extension of their access to this package before their access expires","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"approval_settings":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether an approval is required","description_kind":"plain","optional":true},"approval_required_for_extension":{"type":"bool","description":"Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply","description_kind":"plain","optional":true},"requestor_justification_required":{"type":"bool","description":"Whether requestor are required to provide a justification to request an access package. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true}},"block_types":{"approval_stage":{"nesting_mode":"list","block":{"attributes":{"alternative_approval_enabled":{"type":"bool","description":"If no action taken, forward to alternate approvers?","description_kind":"plain","optional":true},"approval_timeout_in_days":{"type":"number","description":"Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected","description_kind":"plain","required":true},"approver_justification_required":{"type":"bool","description":"Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true},"enable_alternative_approval_in_days":{"type":"number","description":"Forward to alternate approver(s) after how many days?","description_kind":"plain","optional":true}},"block_types":{"alternative_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection","description_kind":"plain"}},"primary_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection","description_kind":"plain"}}},"description":"The process to obtain an approval","description_kind":"plain"}}},"description":"Settings of whether approvals are required and how they are obtained","description_kind":"plain"},"max_items":1},"assignment_review_settings":{"nesting_mode":"list","block":{"attributes":{"access_recommendation_enabled":{"type":"bool","description":"Whether to show Show reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days","description_kind":"plain","optional":true},"access_review_timeout_behavior":{"type":"string","description":"What actions the system takes if reviewers don't respond in time","description_kind":"plain","optional":true},"approver_justification_required":{"type":"bool","description":"Whether a reviewer need provide a justification for their decision. Justification is visible to other reviewers and the requestor","description_kind":"plain","optional":true},"duration_in_days":{"type":"number","description":"How many days each occurrence of the access review series will run","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether to enable assignment review","description_kind":"plain","optional":true},"review_frequency":{"type":"string","description":"This will determine how often the access review campaign runs","description_kind":"plain","optional":true},"review_type":{"type":"string","description":"Self review or specific reviewers","description_kind":"plain","optional":true},"starting_on":{"type":"string","description":"This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date","description_kind":"plain","optional":true}},"block_types":{"reviewer":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers","description_kind":"plain"}}},"description":"The settings of whether assignment review is needed and how it's conducted","description_kind":"plain"},"max_items":1},"question":{"nesting_mode":"list","block":{"attributes":{"required":{"type":"bool","description":"Whether this question is required","description_kind":"plain","optional":true},"sequence":{"type":"number","description":"The sequence number of this question","description_kind":"plain","optional":true}},"block_types":{"choice":{"nesting_mode":"list","block":{"attributes":{"actual_value":{"type":"string","description":"The actual value of this choice","description_kind":"plain","required":true}},"block_types":{"display_value":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The display text of this choice","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of a choice to the question","description_kind":"plain"}},"text":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The content of this question","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"One or more questions to the requestor","description_kind":"plain"}},"requestor_settings":{"nesting_mode":"list","block":{"attributes":{"requests_accepted":{"type":"bool","description":"Whether to accept requests now, when disabled, no new requests can be made using this policy","description_kind":"plain","optional":true},"scope_type":{"type":"string","description":"Specify the scopes of the requestors","description_kind":"plain","optional":true}},"block_types":{"requestor":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers","description_kind":"plain"}}},"description":"This block configures the users who can request access","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","required":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role_assignment":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the catalog role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_catalog_association":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_origin_id":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group","description_kind":"plain","required":true},"resource_origin_system":{"type":"string","description":"The type of the resource in the origin system, such as SharePointOnline, AadApplication or AadGroup","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_package_association":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of access package this resource association is configured to","description_kind":"plain","required":true},"access_type":{"type":"string","description":"The role of access type to the specified resource, valid values are `Member` and `Owner`","description_kind":"plain","optional":true},"catalog_resource_association_id":{"type":"string","description":"The ID of the access package catalog association","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","required":true},"hidden_membership_enabled":{"type":"bool","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing administrative unit is found with the same name","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_role_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","required":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_app_role_assignment":{"version":0,"block":{"attributes":{"app_role_id":{"type":"string","description":"The ID of the app role to be assigned","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_display_name":{"type":"string","description":"The display name of the principal to which the app role is assigned","description_kind":"plain","computed":true},"principal_object_id":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role","description_kind":"plain","required":true},"principal_type":{"type":"string","description":"The object type of the principal to which the app role is assigned","description_kind":"plain","computed":true},"resource_display_name":{"type":"string","description":"The display name of the application representing the resource","description_kind":"plain","computed":true},"resource_object_id":{"type":"string","description":"The object ID of the service principal representing the resource","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","optional":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","optional":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","required":true},"fallback_public_client_enabled":{"type":"bool","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI","description_kind":"plain","optional":true},"group_membership_claims":{"type":["set","string"],"description":"Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["set","string"],"description":"The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","optional":true},"logo_image":{"type":"string","description":"Base64 encoded logo image in gif, png or jpeg format","description_kind":"plain","optional":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","optional":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the application","description_kind":"plain","optional":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing application is found with the same name","description_kind":"plain","optional":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","optional":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","optional":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","optional":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the application","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"Unique ID of the application template from which this application is created","description_kind":"plain","optional":true,"computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","optional":true}},"block_types":{"api":{"nesting_mode":"list","block":{"attributes":{"known_client_applications":{"type":["set","string"],"description":"Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app","description_kind":"plain","optional":true},"mapped_claims_enabled":{"type":"bool","description":"Allows an application to use claims mapping without specifying a custom signing key","description_kind":"plain","optional":true},"requested_access_token_version":{"type":"number","description":"The access token version expected by this resource","description_kind":"plain","optional":true}},"block_types":{"oauth2_permission_scope":{"nesting_mode":"set","block":{"attributes":{"admin_consent_description":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"admin_consent_display_name":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Determines if the permission scope is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the delegated permission","description_kind":"plain","required":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions","description_kind":"plain","optional":true},"user_consent_description":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf","description_kind":"plain","optional":true},"user_consent_display_name":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value that is used for the `scp` claim in OAuth 2.0 access tokens","description_kind":"plain","optional":true}},"description":"One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"app_role":{"nesting_mode":"set","block":{"attributes":{"allowed_member_types":{"type":["set","string"],"description":"Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Determines if the app role is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the app role","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal","description_kind":"plain","optional":true}},"description_kind":"plain"}},"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this application represents a custom SAML application for linked service principals","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this application represents an Enterprise Application for linked service principals","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this application represents a gallery application for linked service principals","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this application is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this application using tags","description_kind":"plain"}},"optional_claims":{"nesting_mode":"list","block":{"block_types":{"access_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"id_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"saml2_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"public_client":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"required_resource_access":{"nesting_mode":"set","block":{"attributes":{"resource_app_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"resource_access":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"single_page_application":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"web":{"nesting_mode":"list","block":{"attributes":{"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"block_types":{"implicit_grant":{"nesting_mode":"list","block":{"attributes":{"access_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true},"id_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"azuread_application_certificate":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this certificate should be created","description_kind":"plain","required":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date and time are use","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argumen","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_federated_identity_credential":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this federated identity credential should be created","description_kind":"plain","required":true},"audiences":{"type":["list","string"],"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens.","description_kind":"plain","required":true},"credential_id":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description for the federated identity credential","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A unique display name for the federated identity credential","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.","description_kind":"plain","required":true},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_password":{"version":1,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this password should be created","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_pre_authorized":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application to which this pre-authorized application should be added","description_kind":"plain","required":true},"authorized_app_id":{"type":"string","description":"The application ID of the pre-authorized application","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permission_ids":{"type":["set","string"],"description":"The IDs of the permission scopes required by the pre-authorized application","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_claims_mapping_policy":{"version":0,"block":{"attributes":{"definition":{"type":["list","string"],"description":"A string collection containing a JSON string that defines the rules and settings for this policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for this policy","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"azuread_conditional_access_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description_kind":"plain","required":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"client_app_types":{"type":["list","string"],"description_kind":"plain","required":true},"sign_in_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true},"user_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"applications":{"nesting_mode":"list","block":{"attributes":{"excluded_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_user_actions":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"devices":{"nesting_mode":"list","block":{"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description_kind":"plain","required":true},"rule":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"locations":{"nesting_mode":"list","block":{"attributes":{"excluded_locations":{"type":["list","string"],"description_kind":"plain","optional":true},"included_locations":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"platforms":{"nesting_mode":"list","block":{"attributes":{"excluded_platforms":{"type":["list","string"],"description_kind":"plain","optional":true},"included_platforms":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"users":{"nesting_mode":"list","block":{"attributes":{"excluded_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_users":{"type":["list","string"],"description_kind":"plain","optional":true},"included_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"included_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"included_users":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"},"min_items":1,"max_items":1},"grant_controls":{"nesting_mode":"list","block":{"attributes":{"built_in_controls":{"type":["list","string"],"description_kind":"plain","required":true},"custom_authentication_factors":{"type":["list","string"],"description_kind":"plain","optional":true},"operator":{"type":"string","description_kind":"plain","required":true},"terms_of_use":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"session_controls":{"nesting_mode":"list","block":{"attributes":{"application_enforced_restrictions_enabled":{"type":"bool","description_kind":"plain","optional":true},"cloud_app_security_policy":{"type":"string","description_kind":"plain","optional":true},"persistent_browser_mode":{"type":"string","description_kind":"plain","optional":true},"sign_in_frequency":{"type":"number","description_kind":"plain","optional":true},"sign_in_frequency_period":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_custom_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the custom directory role","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the custom directory role","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Indicates whether the role is enabled for assignment","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The version of the role definition.","description_kind":"plain","required":true}},"block_types":{"permissions":{"nesting_mode":"set","block":{"attributes":{"allowed_resource_actions":{"type":["set","string"],"description":"Set of tasks that can be performed on a resource","description_kind":"plain","required":true}},"description":"List of permissions that are included in the custom directory role","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the directory role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the directory role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the directory role","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_assignment":{"version":0,"block":{"attributes":{"app_scope_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","optional":true,"computed":true},"app_scope_object_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"directory_scope_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"directory_scope_object_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the directory role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_member":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"azuread_group":{"version":0,"block":{"attributes":{"administrative_unit_ids":{"type":["set","string"],"description":"The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level.","description_kind":"plain","optional":true},"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups.","description_kind":"plain","optional":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","optional":true,"computed":true},"behaviors":{"type":["set","string"],"description":"The group behaviours for a Microsoft 365 group","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description for the group","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","required":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","optional":true,"computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","optional":true,"computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled","description_kind":"plain","optional":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","optional":true,"computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A set of owners who own this group. Supported object types are Users or Service Principals","description_kind":"plain","optional":true,"computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing group is found with the same name","description_kind":"plain","optional":true},"provisioning_options":{"type":["set","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled","description_kind":"plain","optional":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","optional":true},"types":{"type":["set","string"],"description":"A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true","description_kind":"plain","optional":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","optional":true,"computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","optional":true}},"block_types":{"dynamic_membership":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true},"rule":{"type":"string","description":"Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership'","description_kind":"plain","required":true}},"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group_member":{"version":0,"block":{"attributes":{"group_object_id":{"type":"string","description":"The object ID of the group you want to add the member to","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_invitation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redeem_url":{"type":"string","description":"The URL the user can use to redeem their invitation","description_kind":"plain","computed":true},"redirect_url":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed","description_kind":"plain","required":true},"user_display_name":{"type":"string","description":"The display name of the user being invited","description_kind":"plain","optional":true},"user_email_address":{"type":"string","description":"The email address of the user being invited","description_kind":"plain","required":true},"user_id":{"type":"string","description":"Object ID of the invited user","description_kind":"plain","computed":true},"user_type":{"type":"string","description":"The user type of the user being invited","description_kind":"plain","optional":true}},"block_types":{"message":{"nesting_mode":"list","block":{"attributes":{"additional_recipients":{"type":["list","string"],"description":"Email addresses of additional recipients the invitation message should be sent to","description_kind":"plain","optional":true},"body":{"type":"string","description":"Customized message body you want to send if you don't want to send the default message","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language you want to send the default message in","description_kind":"plain","optional":true}},"description":"Customize the message sent to the invited user","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_named_location":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"country":{"nesting_mode":"list","block":{"attributes":{"countries_and_regions":{"type":["list","string"],"description_kind":"plain","required":true},"include_unknown_countries_and_regions":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"ip":{"nesting_mode":"list","block":{"attributes":{"ip_ranges":{"type":["list","string"],"description_kind":"plain","required":true},"trusted":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","optional":true},"alternative_names":{"type":["set","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","optional":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","optional":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application for which to create a service principal","description_kind":"plain","required":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","optional":true},"notification_email_addresses":{"type":["set","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the service principal","description_kind":"plain","optional":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","optional":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true},"use_existing":{"type":"bool","description":"When true, the resource will return an existing service principal instead of failing with an error","description_kind":"plain","optional":true}},"block_types":{"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain"}},"features":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on_app":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise_application":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery_application":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"visible_to_users":{"type":"bool","description":"Whether this app is visible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain","deprecated":true}},"saml_single_sign_on":{"nesting_mode":"list","block":{"attributes":{"relay_state":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow","description_kind":"plain","optional":true}},"description":"Settings related to SAML single sign-on","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_certificate":{"version":0,"block":{"attributes":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_claims_mapping_policy_assignment":{"version":0,"block":{"attributes":{"claims_mapping_policy_id":{"type":"string","description":"ID of the claims mapping policy to assign","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"Object ID of the service principal for which to assign the policy","description_kind":"plain","required":true}},"description_kind":"plain"}},"azuread_service_principal_delegated_permission_grant":{"version":0,"block":{"attributes":{"claim_values":{"type":["set","string"],"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_service_principal_object_id":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed","description_kind":"plain","required":true},"service_principal_object_id":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created","description_kind":"plain","required":true},"user_object_id":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_password":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this password should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_token_signing_certificate":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A friendly name for the certificate","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.","description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).","description_kind":"plain","computed":true},"thumbprint":{"type":"string","description":"The thumbprint of the certificate.","description_kind":"plain","computed":true},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header/footer","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_job":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the synchronization job is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":["list",["object",{"expiration":"string","interval":"string","state":"string"}]],"description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization job should be created","description_kind":"plain","required":true},"template_id":{"type":"string","description":"Identifier of the synchronization template this job is based on.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_secret":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization secret should be created","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name for this key-value pair.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for this key-value pair.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"about_me":{"type":"string","description":"A freeform field for the user to describe themselves","description_kind":"plain","computed":true},"account_enabled":{"type":"bool","description":"Whether or not the account should be enabled","description_kind":"plain","optional":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","optional":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect","description_kind":"plain","optional":true,"computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","optional":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","optional":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","optional":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","optional":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","optional":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","optional":true},"disable_password_expiration":{"type":"bool","description":"Whether the users password is exempt from expiring","description_kind":"plain","optional":true},"disable_strong_password":{"type":"bool","description":"Whether the user is allowed weaker passwords than the default policy to be specified.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name to display in the address book for the user","description_kind":"plain","required":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","optional":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","optional":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","optional":true},"force_password_change":{"type":"bool","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password","description_kind":"plain","optional":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","optional":true},"mail":{"type":"string","description":"The SMTP address for the user. Cannot be unset.","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN)","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","optional":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","optional":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account","description_kind":"plain","optional":true,"computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["set","string"],"description":"Additional email addresses for the user","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","optional":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","optional":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","optional":true},"usage_location":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set","description_kind":"plain","optional":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user_flow_attribute":{"version":0,"block":{"attributes":{"attribute_type":{"type":"string","description":"The type of the user flow attribute","description_kind":"plain","computed":true},"data_type":{"type":"string","description":"The data type of the user flow attribute","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the user flow attribute.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package is in","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","optional":true,"computed":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","optional":true,"computed":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package catalog","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the catalog role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the catalog role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the catalog role","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the catalog role","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["list","string"],"description":"A list of object IDs of members who are be present in this administrative unit.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true,"computed":true},"visibility":{"type":"string","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"api":{"type":["list",["object",{"known_client_applications":["list","string"],"mapped_claims_enabled":"bool","oauth2_permission_scopes":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"requested_access_token_version":"number"}]],"description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description":"List of app roles published by the application","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","computed":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","computed":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","optional":true,"computed":true},"fallback_public_client_enabled":{"type":"bool","description":"The fallback application type as public client, such as an installed application running on a mobile device","description_kind":"plain","computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this application using tags","description_kind":"plain","computed":true},"group_membership_claims":{"type":["list","string"],"description":"The `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["list","string"],"description":"A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","computed":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","computed":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","optional":true,"computed":true},"optional_claims":{"type":["list",["object",{"access_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"id_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"saml2_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]]}]],"description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"A list of object IDs of principals that are assigned ownership of the application","description_kind":"plain","computed":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","computed":true},"public_client":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"required_resource_access":{"type":["list",["object",{"resource_access":["list",["object",{"id":"string","type":"string"}]],"resource_app_id":"string"}]],"description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","computed":true},"single_page_application":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags applied to the application","description_kind":"plain","computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","computed":true},"web":{"type":["list",["object",{"homepage_url":"string","implicit_grant":["list",["object",{"access_token_issuance_enabled":"bool","id_token_issuance_enabled":"bool"}]],"logout_url":"string","redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_published_app_ids":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"result":{"type":["map","string"],"description":"A mapping of application names and application IDs","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_template":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"List of categories for this templated application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application template","description_kind":"plain","optional":true,"computed":true},"homepage_url":{"type":"string","description":"Home page URL of the templated application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"logo_url":{"type":"string","description":"URL to retrieve the logo for this templated application","description_kind":"plain","computed":true},"publisher":{"type":"string","description":"Name of the publisher for this templated application","description_kind":"plain","computed":true},"supported_provisioning_types":{"type":["list","string"],"description":"The provisioning modes supported by this templated application","description_kind":"plain","computed":true},"supported_single_sign_on_modes":{"type":["list","string"],"description":"The single sign on modes supported by this templated application","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The application template's ID","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_client_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client ID (application ID) linked to the authenticated principal, or the application used for delegated authentication","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the authenticated principal","description_kind":"plain","computed":true},"tenant_id":{"type":"string","description":"The tenant ID of the authenticated principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_object":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the principal","description_kind":"plain","required":true},"type":{"type":"string","description":"The OData type of the principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_roles":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the roles","description_kind":"plain","computed":true},"roles":{"type":["list",["object",{"description":"string","display_name":"string","object_id":"string","template_id":"string"}]],"description":"A list of roles","description_kind":"plain","computed":true},"template_ids":{"type":["list","string"],"description":"The template IDs of the roles","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_domains":{"version":0,"block":{"attributes":{"admin_managed":{"type":"bool","description":"Set to `true` to only return domains whose DNS is managed by Microsoft 365","description_kind":"plain","optional":true},"domains":{"type":["list",["object",{"admin_managed":"bool","authentication_type":"string","default":"bool","domain_name":"string","initial":"bool","root":"bool","supported_services":["list","string"],"verified":"bool"}]],"description":"A list of tenant domains","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_unverified":{"type":"bool","description":"Set to `true` if unverified Azure AD domains should be included","description_kind":"plain","optional":true},"only_default":{"type":"bool","description":"Set to `true` to only return the default domain","description_kind":"plain","optional":true},"only_initial":{"type":"bool","description":"Set to `true` to only return the initial domain, which is your primary Azure Active Directory tenant domain","description_kind":"plain","optional":true},"only_root":{"type":"bool","description":"Set to `true` to only return verified root domains. Excludes subdomains and unverified domains","description_kind":"plain","optional":true},"supports_services":{"type":["list","string"],"description":"A list of supported services that must be supported by a domain","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group":{"version":0,"block":{"attributes":{"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role","description_kind":"plain","computed":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","computed":true},"behaviors":{"type":["list","string"],"description":"The group behaviors for a Microsoft 365 group","description_kind":"plain","computed":true},"description":{"type":"string","description":"The optional description of the group","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","optional":true,"computed":true},"dynamic_membership":{"type":["list",["object",{"enabled":"bool","rule":"string"}]],"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain","computed":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is mail-enabled","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","computed":true},"members":{"type":["list","string"],"description":"The object IDs of the group members","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","optional":true,"computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"The object IDs of the group owners","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"provisioning_options":{"type":["list","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group","description_kind":"plain","optional":true,"computed":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","computed":true},"types":{"type":["list","string"],"description":"A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group is synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_groups":{"version":0,"block":{"attributes":{"display_name_prefix":{"type":"string","description":"Common display name prefix of the groups","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the groups","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing groups and return groups that were found. The data source will still fail if no groups are found","description_kind":"plain","optional":true},"mail_enabled":{"type":"bool","description":"Whether the groups are mail-enabled","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the groups","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Retrieve all groups with no filter","description_kind":"plain","optional":true},"security_enabled":{"type":"bool","description":"Whether the groups are security-enabled","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","computed":true},"alternative_names":{"type":["list","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","computed":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","computed":true},"features":{"type":["list",["object",{"custom_single_sign_on_app":"bool","enterprise_application":"bool","gallery_application":"bool","visible_to_users":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","deprecated":true,"computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","computed":true},"notification_email_addresses":{"type":["list","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","optional":true,"computed":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"saml_single_sign_on":{"type":["list",["object",{"relay_state":"string"}]],"description":"Settings related to SAML single sign-on","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principals":{"version":0,"block":{"attributes":{"application_ids":{"type":["list","string"],"description":"The application IDs (client IDs) of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing service principals and return the service principals that were found. The data source will still fail if no service principals are found","description_kind":"plain","optional":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the service principals","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all service principals with no filter and return all that were found. The data source will still fail if no service principals are found.","description_kind":"plain","optional":true},"service_principals":{"type":["list",["object",{"account_enabled":"bool","app_role_assignment_required":"bool","application_id":"string","application_tenant_id":"string","display_name":"string","object_id":"string","preferred_single_sign_on_mode":"string","saml_metadata_url":"string","service_principal_names":["list","string"],"sign_in_audience":"string","tags":["list","string"],"type":"string"}]],"description":"A list of service_principals","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the account is enabled","description_kind":"plain","computed":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","computed":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user","description_kind":"plain","computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","computed":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","computed":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","computed":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","computed":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","computed":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the user","description_kind":"plain","computed":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","computed":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","computed":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","computed":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","computed":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","computed":true},"mail":{"type":"string","description":"The SMTP address for the user","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The email alias of the user","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","computed":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","optional":true,"computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","computed":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["list","string"],"description":"Additional email addresses for the user","description_kind":"plain","computed":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","computed":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","computed":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","computed":true},"usage_location":{"type":"string","description":"The usage location of the user","description_kind":"plain","computed":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","optional":true,"computed":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_users":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing users and return users that were found. The data source will still fail if no users are found","description_kind":"plain","optional":true},"mail_nicknames":{"type":["list","string"],"description":"The email aliases of the users","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the users","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all users with no filter and return all that were found. The data source will still fail if no users are found.","description_kind":"plain","optional":true},"user_principal_names":{"type":["list","string"],"description":"The user principal names (UPNs) of the users","description_kind":"plain","optional":true,"computed":true},"users":{"type":["list",["object",{"account_enabled":"bool","display_name":"string","mail":"string","mail_nickname":"string","object_id":"string","onpremises_immutable_id":"string","onpremises_sam_account_name":"string","onpremises_user_principal_name":"string","usage_location":"string","user_principal_name":"string"}]],"description":"A list of users","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/azuread":{"provider":{"version":0,"block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_password":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_certificate_path":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID which should be used for service principal authentication","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","description_kind":"plain","optional":true},"disable_terraform_partner_id":{"type":"bool","description":"Disable the Terraform Partner ID, which is used if a custom `partner_id` isn't specified","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: `global` (also `public`), `usgovernmentl4` (also `usgovernment`), `usgovernmentl5` (also `dod`), and `china`. Defaults to `global`","description_kind":"plain","optional":true},"metadata_host":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service.","description_kind":"plain","optional":true},"msi_endpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","description_kind":"plain","optional":true},"oidc_request_token":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_request_url":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"oidc_token_file_path":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect.","description_kind":"plain","optional":true},"partner_id":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity","description_kind":"plain","optional":true},"use_cli":{"type":"bool","description":"Allow Azure CLI to be used for Authentication","description_kind":"plain","optional":true},"use_msi":{"type":"bool","description":"Allow Managed Identity to be used for Authentication","description_kind":"plain","optional":true},"use_oidc":{"type":"bool","description":"Allow OpenID Connect to be used for authentication","description_kind":"plain","optional":true}},"description_kind":"plain"}},"resource_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package will be created in","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","required":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_assignment_policy":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of the access package that will contain the policy","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the policy","description_kind":"plain","required":true},"duration_in_days":{"type":"number","description":"How many days this assignment is valid for","description_kind":"plain","optional":true},"expiration_date":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC (e.g. 2018-01-01T01:02:03Z)","description_kind":"plain","optional":true},"extension_enabled":{"type":"bool","description":"When enabled, users will be able to request extension of their access to this package before their access expires","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"approval_settings":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether an approval is required","description_kind":"plain","optional":true},"approval_required_for_extension":{"type":"bool","description":"Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply","description_kind":"plain","optional":true},"requestor_justification_required":{"type":"bool","description":"Whether requestor are required to provide a justification to request an access package. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true}},"block_types":{"approval_stage":{"nesting_mode":"list","block":{"attributes":{"alternative_approval_enabled":{"type":"bool","description":"If no action taken, forward to alternate approvers?","description_kind":"plain","optional":true},"approval_timeout_in_days":{"type":"number","description":"Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected","description_kind":"plain","required":true},"approver_justification_required":{"type":"bool","description":"Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor","description_kind":"plain","optional":true},"enable_alternative_approval_in_days":{"type":"number","description":"Forward to alternate approver(s) after how many days?","description_kind":"plain","optional":true}},"block_types":{"alternative_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection","description_kind":"plain"}},"primary_approver":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection","description_kind":"plain"}}},"description":"The process to obtain an approval","description_kind":"plain"}}},"description":"Settings of whether approvals are required and how they are obtained","description_kind":"plain"},"max_items":1},"assignment_review_settings":{"nesting_mode":"list","block":{"attributes":{"access_recommendation_enabled":{"type":"bool","description":"Whether to show Show reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days","description_kind":"plain","optional":true},"access_review_timeout_behavior":{"type":"string","description":"What actions the system takes if reviewers don't respond in time","description_kind":"plain","optional":true},"approver_justification_required":{"type":"bool","description":"Whether a reviewer need provide a justification for their decision. Justification is visible to other reviewers and the requestor","description_kind":"plain","optional":true},"duration_in_days":{"type":"number","description":"How many days each occurrence of the access review series will run","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether to enable assignment review","description_kind":"plain","optional":true},"review_frequency":{"type":"string","description":"This will determine how often the access review campaign runs","description_kind":"plain","optional":true},"review_type":{"type":"string","description":"Self review or specific reviewers","description_kind":"plain","optional":true},"starting_on":{"type":"string","description":"This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date","description_kind":"plain","optional":true}},"block_types":{"reviewer":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers","description_kind":"plain"}}},"description":"The settings of whether assignment review is needed and how it's conducted","description_kind":"plain"},"max_items":1},"question":{"nesting_mode":"list","block":{"attributes":{"required":{"type":"bool","description":"Whether this question is required","description_kind":"plain","optional":true},"sequence":{"type":"number","description":"The sequence number of this question","description_kind":"plain","optional":true}},"block_types":{"choice":{"nesting_mode":"list","block":{"attributes":{"actual_value":{"type":"string","description":"The actual value of this choice","description_kind":"plain","required":true}},"block_types":{"display_value":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The display text of this choice","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of a choice to the question","description_kind":"plain"}},"text":{"nesting_mode":"list","block":{"attributes":{"default_text":{"type":"string","description":"The default text of this question","description_kind":"plain","required":true}},"block_types":{"localized_text":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The localized content of this question","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language code of this question content","description_kind":"plain","required":true}},"description":"The localized text of this question","description_kind":"plain"}}},"description":"The content of this question","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"One or more questions to the requestor","description_kind":"plain"}},"requestor_settings":{"nesting_mode":"list","block":{"attributes":{"requests_accepted":{"type":"bool","description":"Whether to accept requests now, when disabled, no new requests can be made using this policy","description_kind":"plain","optional":true},"scope_type":{"type":"string","description":"Specify the scopes of the requestors","description_kind":"plain","optional":true}},"block_types":{"requestor":{"nesting_mode":"list","block":{"attributes":{"backup":{"type":"bool","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the subject","description_kind":"plain","optional":true},"subject_type":{"type":"string","description":"Type of users","description_kind":"plain","required":true}},"description":"The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers","description_kind":"plain"}}},"description":"This block configures the users who can request access","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","required":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role_assignment":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the catalog role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_catalog_association":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The unique ID of the access package catalog","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_origin_id":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group","description_kind":"plain","required":true},"resource_origin_system":{"type":"string","description":"The type of the resource in the origin system, such as SharePointOnline, AadApplication or AadGroup","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_resource_package_association":{"version":0,"block":{"attributes":{"access_package_id":{"type":"string","description":"The ID of access package this resource association is configured to","description_kind":"plain","required":true},"access_type":{"type":"string","description":"The role of access type to the specified resource, valid values are `Member` and `Owner`","description_kind":"plain","optional":true},"catalog_resource_association_id":{"type":"string","description":"The ID of the access package catalog association","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","required":true},"hidden_membership_enabled":{"type":"bool","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing administrative unit is found with the same name","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit_role_member":{"version":0,"block":{"attributes":{"administrative_unit_object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","required":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_app_role_assignment":{"version":0,"block":{"attributes":{"app_role_id":{"type":"string","description":"The ID of the app role to be assigned","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_display_name":{"type":"string","description":"The display name of the principal to which the app role is assigned","description_kind":"plain","computed":true},"principal_object_id":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role","description_kind":"plain","required":true},"principal_type":{"type":"string","description":"The object type of the principal to which the app role is assigned","description_kind":"plain","computed":true},"resource_display_name":{"type":"string","description":"The display name of the application representing the resource","description_kind":"plain","computed":true},"resource_object_id":{"type":"string","description":"The object ID of the service principal representing the resource","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","optional":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","optional":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","required":true},"fallback_public_client_enabled":{"type":"bool","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI","description_kind":"plain","optional":true},"group_membership_claims":{"type":["set","string"],"description":"Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["set","string"],"description":"The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","optional":true},"logo_image":{"type":"string","description":"Base64 encoded logo image in gif, png or jpeg format","description_kind":"plain","optional":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","optional":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the application","description_kind":"plain","optional":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing application is found with the same name","description_kind":"plain","optional":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","optional":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","optional":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","optional":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the application","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"Unique ID of the application template from which this application is created","description_kind":"plain","optional":true,"computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","optional":true}},"block_types":{"api":{"nesting_mode":"list","block":{"attributes":{"known_client_applications":{"type":["set","string"],"description":"Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app","description_kind":"plain","optional":true},"mapped_claims_enabled":{"type":"bool","description":"Allows an application to use claims mapping without specifying a custom signing key","description_kind":"plain","optional":true},"requested_access_token_version":{"type":"number","description":"The access token version expected by this resource","description_kind":"plain","optional":true}},"block_types":{"oauth2_permission_scope":{"nesting_mode":"set","block":{"attributes":{"admin_consent_description":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"admin_consent_display_name":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Determines if the permission scope is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the delegated permission","description_kind":"plain","required":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions","description_kind":"plain","optional":true},"user_consent_description":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf","description_kind":"plain","optional":true},"user_consent_display_name":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value that is used for the `scp` claim in OAuth 2.0 access tokens","description_kind":"plain","optional":true}},"description":"One or more `oauth2_permission_scope` blocks to describe delegated permissions exposed by the web API represented by this application","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"app_role":{"nesting_mode":"set","block":{"attributes":{"allowed_member_types":{"type":["set","string"],"description":"Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Determines if the app role is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description":"The unique identifier of the app role","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal","description_kind":"plain","optional":true}},"description_kind":"plain"}},"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this application represents a custom SAML application for linked service principals","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this application represents an Enterprise Application for linked service principals","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this application represents a gallery application for linked service principals","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this application is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this application using tags","description_kind":"plain"}},"optional_claims":{"nesting_mode":"list","block":{"block_types":{"access_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"id_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}},"saml2_token":{"nesting_mode":"list","block":{"attributes":{"additional_properties":{"type":["list","string"],"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim","description_kind":"plain","optional":true},"essential":{"type":"bool","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the optional claim","description_kind":"plain","required":true},"source":{"type":"string","description":"The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"public_client":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"required_resource_access":{"nesting_mode":"set","block":{"attributes":{"resource_app_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"resource_access":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"single_page_application":{"nesting_mode":"list","block":{"attributes":{"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"web":{"nesting_mode":"list","block":{"attributes":{"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent","description_kind":"plain","optional":true}},"block_types":{"implicit_grant":{"nesting_mode":"list","block":{"attributes":{"access_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true},"id_token_issuance_enabled":{"type":"bool","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"azuread_application_certificate":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this certificate should be created","description_kind":"plain","required":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date and time are use","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argumen","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_federated_identity_credential":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this federated identity credential should be created","description_kind":"plain","required":true},"audiences":{"type":["list","string"],"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens.","description_kind":"plain","required":true},"credential_id":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description for the federated identity credential","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A unique display name for the federated identity credential","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.","description_kind":"plain","required":true},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_password":{"version":1,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application for which this password should be created","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_pre_authorized":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"The object ID of the application to which this pre-authorized application should be added","description_kind":"plain","required":true},"authorized_app_id":{"type":"string","description":"The application ID of the pre-authorized application","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permission_ids":{"type":["set","string"],"description":"The IDs of the permission scopes required by the pre-authorized application","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_claims_mapping_policy":{"version":0,"block":{"attributes":{"definition":{"type":["list","string"],"description":"A string collection containing a JSON string that defines the rules and settings for this policy","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name for this policy","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"azuread_conditional_access_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description_kind":"plain","required":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"client_app_types":{"type":["list","string"],"description_kind":"plain","required":true},"service_principal_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true},"sign_in_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true},"user_risk_levels":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"applications":{"nesting_mode":"list","block":{"attributes":{"excluded_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_applications":{"type":["list","string"],"description_kind":"plain","optional":true},"included_user_actions":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1},"client_applications":{"nesting_mode":"list","block":{"attributes":{"excluded_service_principals":{"type":["list","string"],"description_kind":"plain","optional":true},"included_service_principals":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"devices":{"nesting_mode":"list","block":{"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description_kind":"plain","required":true},"rule":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"locations":{"nesting_mode":"list","block":{"attributes":{"excluded_locations":{"type":["list","string"],"description_kind":"plain","optional":true},"included_locations":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"platforms":{"nesting_mode":"list","block":{"attributes":{"excluded_platforms":{"type":["list","string"],"description_kind":"plain","optional":true},"included_platforms":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"users":{"nesting_mode":"list","block":{"attributes":{"excluded_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"excluded_users":{"type":["list","string"],"description_kind":"plain","optional":true},"included_groups":{"type":["list","string"],"description_kind":"plain","optional":true},"included_roles":{"type":["list","string"],"description_kind":"plain","optional":true},"included_users":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"},"min_items":1,"max_items":1},"grant_controls":{"nesting_mode":"list","block":{"attributes":{"built_in_controls":{"type":["list","string"],"description_kind":"plain","required":true},"custom_authentication_factors":{"type":["list","string"],"description_kind":"plain","optional":true},"operator":{"type":"string","description_kind":"plain","required":true},"terms_of_use":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"session_controls":{"nesting_mode":"list","block":{"attributes":{"application_enforced_restrictions_enabled":{"type":"bool","description_kind":"plain","optional":true},"cloud_app_security_policy":{"type":"string","description_kind":"plain","optional":true},"disable_resilience_defaults":{"type":"bool","description_kind":"plain","optional":true},"persistent_browser_mode":{"type":"string","description_kind":"plain","optional":true},"sign_in_frequency":{"type":"number","description_kind":"plain","optional":true},"sign_in_frequency_period":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_custom_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the custom directory role","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the custom directory role","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Indicates whether the role is enabled for assignment","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The version of the role definition.","description_kind":"plain","required":true}},"block_types":{"permissions":{"nesting_mode":"set","block":{"attributes":{"allowed_resource_actions":{"type":["set","string"],"description":"Set of tasks that can be performed on a resource","description_kind":"plain","required":true}},"description":"List of permissions that are included in the custom directory role","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the directory role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the directory role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the directory role","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_assignment":{"version":0,"block":{"attributes":{"app_scope_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","optional":true,"computed":true},"app_scope_object_id":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"directory_scope_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"directory_scope_object_id":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"principal_object_id":{"type":"string","description":"The object ID of the member principal","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The object ID of the directory role for this assignment","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_member":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the member","description_kind":"plain","optional":true},"role_object_id":{"type":"string","description":"The object ID of the directory role","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"azuread_group":{"version":0,"block":{"attributes":{"administrative_unit_ids":{"type":["set","string"],"description":"The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level.","description_kind":"plain","optional":true},"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role. This property can only be `true` for security-enabled groups.","description_kind":"plain","optional":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","optional":true,"computed":true},"behaviors":{"type":["set","string"],"description":"The group behaviours for a Microsoft 365 group","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description for the group","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","required":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","optional":true,"computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","optional":true,"computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled","description_kind":"plain","optional":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","optional":true,"computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A set of owners who own this group. Supported object types are Users or Service Principals","description_kind":"plain","optional":true,"computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"prevent_duplicate_names":{"type":"bool","description":"If `true`, will return an error if an existing group is found with the same name","description_kind":"plain","optional":true},"provisioning_options":{"type":["set","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled","description_kind":"plain","optional":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","optional":true},"types":{"type":["set","string"],"description":"A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true","description_kind":"plain","optional":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","optional":true,"computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group should be synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","optional":true}},"block_types":{"dynamic_membership":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true},"rule":{"type":"string","description":"Rule to determine members for a dynamic group. Required when `group_types` contains 'DynamicMembership'","description_kind":"plain","required":true}},"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group_member":{"version":0,"block":{"attributes":{"group_object_id":{"type":"string","description":"The object ID of the group you want to add the member to","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_object_id":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_invitation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redeem_url":{"type":"string","description":"The URL the user can use to redeem their invitation","description_kind":"plain","computed":true},"redirect_url":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed","description_kind":"plain","required":true},"user_display_name":{"type":"string","description":"The display name of the user being invited","description_kind":"plain","optional":true},"user_email_address":{"type":"string","description":"The email address of the user being invited","description_kind":"plain","required":true},"user_id":{"type":"string","description":"Object ID of the invited user","description_kind":"plain","computed":true},"user_type":{"type":"string","description":"The user type of the user being invited","description_kind":"plain","optional":true}},"block_types":{"message":{"nesting_mode":"list","block":{"attributes":{"additional_recipients":{"type":["list","string"],"description":"Email addresses of additional recipients the invitation message should be sent to","description_kind":"plain","optional":true},"body":{"type":"string","description":"Customized message body you want to send if you don't want to send the default message","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language you want to send the default message in","description_kind":"plain","optional":true}},"description":"Customize the message sent to the invited user","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_named_location":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"country":{"nesting_mode":"list","block":{"attributes":{"countries_and_regions":{"type":["list","string"],"description_kind":"plain","required":true},"include_unknown_countries_and_regions":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"ip":{"nesting_mode":"list","block":{"attributes":{"ip_ranges":{"type":["list","string"],"description_kind":"plain","required":true},"trusted":{"type":"bool","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","optional":true},"alternative_names":{"type":["set","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","optional":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","optional":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application for which to create a service principal","description_kind":"plain","required":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on","description_kind":"plain","optional":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","optional":true},"notification_email_addresses":{"type":["set","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","optional":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","computed":true},"owners":{"type":["set","string"],"description":"A list of object IDs of principals that will be granted ownership of the service principal","description_kind":"plain","optional":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","optional":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true},"use_existing":{"type":"bool","description":"When true, the resource will return an existing service principal instead of failing with an error","description_kind":"plain","optional":true}},"block_types":{"feature_tags":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"hide":{"type":"bool","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain"}},"features":{"nesting_mode":"list","block":{"attributes":{"custom_single_sign_on_app":{"type":"bool","description":"Whether this service principal represents a custom SAML application","description_kind":"plain","optional":true},"enterprise_application":{"type":"bool","description":"Whether this service principal represents an Enterprise Application","description_kind":"plain","optional":true},"gallery_application":{"type":"bool","description":"Whether this service principal represents a gallery application","description_kind":"plain","optional":true},"visible_to_users":{"type":"bool","description":"Whether this app is visible to users in My Apps and Office 365 Launcher","description_kind":"plain","optional":true}},"description":"Block of features to configure for this service principal using tags","description_kind":"plain","deprecated":true}},"saml_single_sign_on":{"nesting_mode":"list","block":{"attributes":{"relay_state":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow","description_kind":"plain","optional":true}},"description":"Settings related to SAML single sign-on","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_certificate":{"version":0,"block":{"attributes":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data","description_kind":"plain","optional":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of key/certificate","description_kind":"plain","optional":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_claims_mapping_policy_assignment":{"version":0,"block":{"attributes":{"claims_mapping_policy_id":{"type":"string","description":"ID of the claims mapping policy to assign","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"Object ID of the service principal for which to assign the policy","description_kind":"plain","required":true}},"description_kind":"plain"}},"azuread_service_principal_delegated_permission_grant":{"version":0,"block":{"attributes":{"claim_values":{"type":["set","string"],"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_service_principal_object_id":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed","description_kind":"plain","required":true},"service_principal_object_id":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created","description_kind":"plain","required":true},"user_object_id":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_password":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"A display name for the password","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`)","description_kind":"plain","optional":true,"computed":true},"end_date_relative":{"type":"string","description":"A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify this password credential","description_kind":"plain","computed":true},"rotate_when_changed":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger rotation of the password","description_kind":"plain","optional":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this password should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal_token_signing_certificate":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A friendly name for the certificate","description_kind":"plain","optional":true,"computed":true},"end_date":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.","description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this certificate should be created","description_kind":"plain","required":true},"start_date":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).","description_kind":"plain","computed":true},"thumbprint":{"type":"string","description":"The thumbprint of the certificate.","description_kind":"plain","computed":true},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header/footer","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_job":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the synchronization job is enabled","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":["list",["object",{"expiration":"string","interval":"string","state":"string"}]],"description_kind":"plain","computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization job should be created","description_kind":"plain","required":true},"template_id":{"type":"string","description":"Identifier of the synchronization template this job is based on.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_synchronization_secret":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_principal_id":{"type":"string","description":"The object ID of the service principal for which this synchronization secret should be created","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name for this key-value pair.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for this key-value pair.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"about_me":{"type":"string","description":"A freeform field for the user to describe themselves","description_kind":"plain","computed":true},"account_enabled":{"type":"bool","description":"Whether or not the account should be enabled","description_kind":"plain","optional":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","optional":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect","description_kind":"plain","optional":true,"computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","optional":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","optional":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","optional":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","optional":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","optional":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","optional":true},"disable_password_expiration":{"type":"bool","description":"Whether the users password is exempt from expiring","description_kind":"plain","optional":true},"disable_strong_password":{"type":"bool","description":"Whether the user is allowed weaker passwords than the default policy to be specified.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name to display in the address book for the user","description_kind":"plain","required":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","optional":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","optional":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","optional":true},"force_password_change":{"type":"bool","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password","description_kind":"plain","optional":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","optional":true},"mail":{"type":"string","description":"The SMTP address for the user. Cannot be unset.","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN)","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","optional":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","optional":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","optional":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's `user_principal_name` property when creating a new user account","description_kind":"plain","optional":true,"computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["set","string"],"description":"Additional email addresses for the user","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","optional":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","optional":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","optional":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","optional":true},"usage_location":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set","description_kind":"plain","optional":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user_flow_attribute":{"version":0,"block":{"attributes":{"attribute_type":{"type":"string","description":"The type of the user flow attribute","description_kind":"plain","computed":true},"data_type":{"type":"string","description":"The data type of the user flow attribute","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the user flow attribute.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"azuread_access_package":{"version":0,"block":{"attributes":{"catalog_id":{"type":"string","description":"The ID of the Catalog this access package is in","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the access package","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package","description_kind":"plain","optional":true,"computed":true},"hidden":{"type":"bool","description":"Whether the access package is hidden from the requestor","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the access package catalog","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the access package catalog","description_kind":"plain","optional":true,"computed":true},"externally_visible":{"type":"bool","description":"Whether the access packages in this catalog can be requested by users outside the tenant","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The ID of this access package catalog","description_kind":"plain","optional":true,"computed":true},"published":{"type":"bool","description":"Whether the access packages in this catalog are available for management","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_access_package_catalog_role":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the catalog role","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the catalog role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the catalog role","description_kind":"plain","optional":true,"computed":true},"template_id":{"type":"string","description":"The object ID of the template associated with the catalog role","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_administrative_unit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description for the administrative unit","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the administrative unit","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["list","string"],"description":"A list of object IDs of members who are be present in this administrative unit.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the administrative unit","description_kind":"plain","optional":true,"computed":true},"visibility":{"type":"string","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application":{"version":1,"block":{"attributes":{"api":{"type":["list",["object",{"known_client_applications":["list","string"],"mapped_claims_enabled":"bool","oauth2_permission_scopes":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"requested_access_token_version":"number"}]],"description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description":"List of app roles published by the application","description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The Application ID (also called Client ID)","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the application as shown to end users","description_kind":"plain","computed":true},"device_only_auth_enabled":{"type":"bool","description":"Specifies whether this application supports device authentication without a user.","description_kind":"plain","computed":true},"disabled_by_microsoft":{"type":"string","description":"Whether Microsoft has disabled the registered application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application","description_kind":"plain","optional":true,"computed":true},"fallback_public_client_enabled":{"type":"bool","description":"The fallback application type as public client, such as an installed application running on a mobile device","description_kind":"plain","computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this application using tags","description_kind":"plain","computed":true},"group_membership_claims":{"type":["list","string"],"description":"The `groups` claim issued in a user or OAuth 2.0 access token that the app expects","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier_uris":{"type":["list","string"],"description":"A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant","description_kind":"plain","computed":true},"logo_url":{"type":"string","description":"CDN URL to the application's logo","description_kind":"plain","computed":true},"marketing_url":{"type":"string","description":"URL of the application's marketing page","description_kind":"plain","computed":true},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_post_response_required":{"type":"bool","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The application's object ID","description_kind":"plain","optional":true,"computed":true},"optional_claims":{"type":["list",["object",{"access_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"id_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]],"saml2_token":["list",["object",{"additional_properties":["list","string"],"essential":"bool","name":"string","source":"string"}]]}]],"description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"A list of object IDs of principals that are assigned ownership of the application","description_kind":"plain","computed":true},"privacy_statement_url":{"type":"string","description":"URL of the application's privacy statement","description_kind":"plain","computed":true},"public_client":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"publisher_domain":{"type":"string","description":"The verified publisher domain for the application","description_kind":"plain","computed":true},"required_resource_access":{"type":["list",["object",{"resource_access":["list",["object",{"id":"string","type":"string"}]],"resource_app_id":"string"}]],"description_kind":"plain","computed":true},"service_management_reference":{"type":"string","description":"References application or service contact information from a Service or Asset Management database","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the current application","description_kind":"plain","computed":true},"single_page_application":{"type":["list",["object",{"redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true},"support_url":{"type":"string","description":"URL of the application's support page","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A set of tags applied to the application","description_kind":"plain","computed":true},"terms_of_service_url":{"type":"string","description":"URL of the application's terms of service statement","description_kind":"plain","computed":true},"web":{"type":["list",["object",{"homepage_url":"string","implicit_grant":["list",["object",{"access_token_issuance_enabled":"bool","id_token_issuance_enabled":"bool"}]],"logout_url":"string","redirect_uris":["list","string"]}]],"description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_published_app_ids":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"result":{"type":["map","string"],"description":"A mapping of application names and application IDs","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_application_template":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"List of categories for this templated application","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the application template","description_kind":"plain","optional":true,"computed":true},"homepage_url":{"type":"string","description":"Home page URL of the templated application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"logo_url":{"type":"string","description":"URL to retrieve the logo for this templated application","description_kind":"plain","computed":true},"publisher":{"type":"string","description":"Name of the publisher for this templated application","description_kind":"plain","computed":true},"supported_provisioning_types":{"type":["list","string"],"description":"The provisioning modes supported by this templated application","description_kind":"plain","computed":true},"supported_single_sign_on_modes":{"type":["list","string"],"description":"The single sign on modes supported by this templated application","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"The application template's ID","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_client_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client ID (application ID) linked to the authenticated principal, or the application used for delegated authentication","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the authenticated principal","description_kind":"plain","computed":true},"tenant_id":{"type":"string","description":"The tenant ID of the authenticated principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_object":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_id":{"type":"string","description":"The object ID of the principal","description_kind":"plain","required":true},"type":{"type":"string","description":"The OData type of the principal","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_role_templates":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the role templates","description_kind":"plain","computed":true},"role_templates":{"type":["list",["object",{"description":"string","display_name":"string","object_id":"string"}]],"description":"A list of role templates","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_directory_roles":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the roles","description_kind":"plain","computed":true},"roles":{"type":["list",["object",{"description":"string","display_name":"string","object_id":"string","template_id":"string"}]],"description":"A list of roles","description_kind":"plain","computed":true},"template_ids":{"type":["list","string"],"description":"The template IDs of the roles","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_domains":{"version":0,"block":{"attributes":{"admin_managed":{"type":"bool","description":"Set to `true` to only return domains whose DNS is managed by Microsoft 365","description_kind":"plain","optional":true},"domains":{"type":["list",["object",{"admin_managed":"bool","authentication_type":"string","default":"bool","domain_name":"string","initial":"bool","root":"bool","supported_services":["list","string"],"verified":"bool"}]],"description":"A list of tenant domains","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_unverified":{"type":"bool","description":"Set to `true` if unverified Azure AD domains should be included","description_kind":"plain","optional":true},"only_default":{"type":"bool","description":"Set to `true` to only return the default domain","description_kind":"plain","optional":true},"only_initial":{"type":"bool","description":"Set to `true` to only return the initial domain, which is your primary Azure Active Directory tenant domain","description_kind":"plain","optional":true},"only_root":{"type":"bool","description":"Set to `true` to only return verified root domains. Excludes subdomains and unverified domains","description_kind":"plain","optional":true},"supports_services":{"type":["list","string"],"description":"A list of supported services that must be supported by a domain","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_group":{"version":0,"block":{"attributes":{"assignable_to_role":{"type":"bool","description":"Indicates whether this group can be assigned to an Azure Active Directory role","description_kind":"plain","computed":true},"auto_subscribe_new_members":{"type":"bool","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications.","description_kind":"plain","computed":true},"behaviors":{"type":["list","string"],"description":"The group behaviors for a Microsoft 365 group","description_kind":"plain","computed":true},"description":{"type":"string","description":"The optional description of the group","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the group","description_kind":"plain","optional":true,"computed":true},"dynamic_membership":{"type":["list",["object",{"enabled":"bool","rule":"string"}]],"description":"An optional block to configure dynamic membership for the group. Cannot be used with `members`","description_kind":"plain","computed":true},"external_senders_allowed":{"type":"bool","description":"Indicates whether people external to the organization can send messages to the group.","description_kind":"plain","computed":true},"hide_from_address_lists":{"type":"bool","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups.","description_kind":"plain","computed":true},"hide_from_outlook_clients":{"type":"bool","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mail":{"type":"string","description":"The SMTP address for the group","description_kind":"plain","computed":true},"mail_enabled":{"type":"bool","description":"Whether the group is mail-enabled","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The mail alias for the group, unique in the organisation","description_kind":"plain","computed":true},"members":{"type":["list","string"],"description":"The object IDs of the group members","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the group","description_kind":"plain","optional":true,"computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_group_type":{"type":"string","description":"Indicates the target on-premise group type the group will be written back as","description_kind":"plain","computed":true},"onpremises_netbios_name":{"type":"string","description":"The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"owners":{"type":["list","string"],"description":"The object IDs of the group owners","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation","description_kind":"plain","computed":true},"provisioning_options":{"type":["list","string"],"description":"The group provisioning options for a Microsoft 365 group","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the group that direct to the same group mailbox","description_kind":"plain","computed":true},"security_enabled":{"type":"bool","description":"Whether the group is a security group","description_kind":"plain","optional":true,"computed":true},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group","description_kind":"plain","computed":true},"types":{"type":["list","string"],"description":"A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"Specifies the group join policy and group content visibility","description_kind":"plain","computed":true},"writeback_enabled":{"type":"bool","description":"Whether this group is synced from Azure AD to the on-premises directory when Azure AD Connect is used","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_groups":{"version":0,"block":{"attributes":{"display_name_prefix":{"type":"string","description":"Common display name prefix of the groups","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the groups","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing groups and return groups that were found. The data source will still fail if no groups are found","description_kind":"plain","optional":true},"mail_enabled":{"type":"bool","description":"Whether the groups are mail-enabled","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the groups","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Retrieve all groups with no filter","description_kind":"plain","optional":true},"security_enabled":{"type":"bool","description":"Whether the groups are security-enabled","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_named_location":{"version":0,"block":{"attributes":{"country":{"type":["list",["object",{"countries_and_regions":["list","string"],"include_unknown_countries_and_regions":"bool"}]],"description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip":{"type":["list",["object",{"ip_ranges":["list","string"],"trusted":"bool"}]],"description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principal":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the service principal account is enabled","description_kind":"plain","computed":true},"alternative_names":{"type":["list","string"],"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities","description_kind":"plain","computed":true},"app_role_assignment_required":{"type":"bool","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application","description_kind":"plain","computed":true},"app_role_ids":{"type":["map","string"],"description":"Mapping of app role names to UUIDs","description_kind":"plain","computed":true},"app_roles":{"type":["list",["object",{"allowed_member_types":["list","string"],"description":"string","display_name":"string","enabled":"bool","id":"string","value":"string"}]],"description_kind":"plain","computed":true},"application_id":{"type":"string","description":"The application ID (client ID) of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"application_tenant_id":{"type":"string","description":"The tenant ID where the associated application is registered","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the service principal provided for internal end-users","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the application associated with this service principal","description_kind":"plain","optional":true,"computed":true},"feature_tags":{"type":["list",["object",{"custom_single_sign_on":"bool","enterprise":"bool","gallery":"bool","hide":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","computed":true},"features":{"type":["list",["object",{"custom_single_sign_on_app":"bool","enterprise_application":"bool","gallery_application":"bool","visible_to_users":"bool"}]],"description":"Block of features configured for this service principal using tags","description_kind":"plain","deprecated":true,"computed":true},"homepage_url":{"type":"string","description":"Home page or landing page of the application","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"login_url":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"logout_url":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Free text field to capture information about the service principal, typically used for operational purposes","description_kind":"plain","computed":true},"notification_email_addresses":{"type":["list","string"],"description":"List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications","description_kind":"plain","computed":true},"oauth2_permission_scope_ids":{"type":["map","string"],"description":"Mapping of OAuth2.0 permission scope names to UUIDs","description_kind":"plain","computed":true},"oauth2_permission_scopes":{"type":["list",["object",{"admin_consent_description":"string","admin_consent_display_name":"string","enabled":"bool","id":"string","type":"string","user_consent_description":"string","user_consent_display_name":"string","value":"string"}]],"description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the service principal","description_kind":"plain","optional":true,"computed":true},"preferred_single_sign_on_mode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps","description_kind":"plain","computed":true},"redirect_uris":{"type":["list","string"],"description":"The URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application","description_kind":"plain","computed":true},"saml_metadata_url":{"type":"string","description":"The URL where the service exposes SAML metadata for federation","description_kind":"plain","computed":true},"saml_single_sign_on":{"type":["list",["object",{"relay_state":"string"}]],"description":"Settings related to SAML single sign-on","description_kind":"plain","computed":true},"service_principal_names":{"type":["list","string"],"description":"A list of identifier URI(s), copied over from the associated application","description_kind":"plain","computed":true},"sign_in_audience":{"type":"string","description":"The Microsoft account types that are supported for the associated application","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"A set of tags to apply to the service principal","description_kind":"plain","computed":true},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_service_principals":{"version":0,"block":{"attributes":{"application_ids":{"type":["list","string"],"description":"The application IDs (client IDs) of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"display_names":{"type":["list","string"],"description":"The display names of the applications associated with the service principals","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing service principals and return the service principals that were found. The data source will still fail if no service principals are found","description_kind":"plain","optional":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the service principals","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all service principals with no filter and return all that were found. The data source will still fail if no service principals are found.","description_kind":"plain","optional":true},"service_principals":{"type":["list",["object",{"account_enabled":"bool","app_role_assignment_required":"bool","application_id":"string","application_tenant_id":"string","display_name":"string","object_id":"string","preferred_single_sign_on_mode":"string","saml_metadata_url":"string","service_principal_names":["list","string"],"sign_in_audience":"string","tags":["list","string"],"type":"string"}]],"description":"A list of service_principals","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_user":{"version":0,"block":{"attributes":{"account_enabled":{"type":"bool","description":"Whether or not the account is enabled","description_kind":"plain","computed":true},"age_group":{"type":"string","description":"The age group of the user","description_kind":"plain","computed":true},"business_phones":{"type":["list","string"],"description":"The telephone numbers for the user","description_kind":"plain","computed":true},"city":{"type":"string","description":"The city in which the user is located","description_kind":"plain","computed":true},"company_name":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from","description_kind":"plain","computed":true},"consent_provided_for_minor":{"type":"string","description":"Whether consent has been obtained for minors","description_kind":"plain","computed":true},"cost_center":{"type":"string","description":"The cost center associated with the user.","description_kind":"plain","computed":true},"country":{"type":"string","description":"The country/region in which the user is located, e.g. `US` or `UK`","description_kind":"plain","computed":true},"creation_type":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (`null`), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`)","description_kind":"plain","computed":true},"department":{"type":"string","description":"The name for the department in which the user works","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the user","description_kind":"plain","computed":true},"division":{"type":"string","description":"The name of the division in which the user works.","description_kind":"plain","computed":true},"employee_id":{"type":"string","description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true,"computed":true},"employee_type":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.","description_kind":"plain","computed":true},"external_user_state":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status","description_kind":"plain","computed":true},"fax_number":{"type":"string","description":"The fax number of the user","description_kind":"plain","computed":true},"given_name":{"type":"string","description":"The given name (first name) of the user","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"im_addresses":{"type":["list","string"],"description":"The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user","description_kind":"plain","computed":true},"job_title":{"type":"string","description":"The user’s job title","description_kind":"plain","computed":true},"mail":{"type":"string","description":"The SMTP address for the user","description_kind":"plain","optional":true,"computed":true},"mail_nickname":{"type":"string","description":"The email alias of the user","description_kind":"plain","optional":true,"computed":true},"manager_id":{"type":"string","description":"The object ID of the user's manager","description_kind":"plain","computed":true},"mobile_phone":{"type":"string","description":"The primary cellular telephone number for the user","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object ID of the user","description_kind":"plain","optional":true,"computed":true},"office_location":{"type":"string","description":"The office location in the user's place of business","description_kind":"plain","computed":true},"onpremises_distinguished_name":{"type":"string","description":"The on-premise Active Directory distinguished name (DN) of the user","description_kind":"plain","computed":true},"onpremises_domain_name":{"type":"string","description":"The on-premise FQDN (i.e. dnsDomainName) of the user","description_kind":"plain","computed":true},"onpremises_immutable_id":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object","description_kind":"plain","computed":true},"onpremises_sam_account_name":{"type":"string","description":"The on-premise SAM account name of the user","description_kind":"plain","computed":true},"onpremises_security_identifier":{"type":"string","description":"The on-premise security identifier (SID) of the user","description_kind":"plain","computed":true},"onpremises_sync_enabled":{"type":"bool","description":"Whether this user is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)","description_kind":"plain","computed":true},"onpremises_user_principal_name":{"type":"string","description":"The on-premise user principal name of the user","description_kind":"plain","computed":true},"other_mails":{"type":["list","string"],"description":"Additional email addresses for the user","description_kind":"plain","computed":true},"postal_code":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code","description_kind":"plain","computed":true},"preferred_language":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation","description_kind":"plain","computed":true},"proxy_addresses":{"type":["list","string"],"description":"Email addresses for the user that direct to the same mailbox","description_kind":"plain","computed":true},"show_in_address_list":{"type":"bool","description":"Whether or not the Outlook global address list should include this user","description_kind":"plain","computed":true},"state":{"type":"string","description":"The state or province in the user's address","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address of the user's place of business","description_kind":"plain","computed":true},"surname":{"type":"string","description":"The user's surname (family name or last name)","description_kind":"plain","computed":true},"usage_location":{"type":"string","description":"The usage location of the user","description_kind":"plain","computed":true},"user_principal_name":{"type":"string","description":"The user principal name (UPN) of the user","description_kind":"plain","optional":true,"computed":true},"user_type":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"azuread_users":{"version":0,"block":{"attributes":{"employee_ids":{"type":["list","string"],"description":"The employee identifier assigned to the user by the organisation","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_missing":{"type":"bool","description":"Ignore missing users and return users that were found. The data source will still fail if no users are found","description_kind":"plain","optional":true},"mail_nicknames":{"type":["list","string"],"description":"The email aliases of the users","description_kind":"plain","optional":true,"computed":true},"object_ids":{"type":["list","string"],"description":"The object IDs of the users","description_kind":"plain","optional":true,"computed":true},"return_all":{"type":"bool","description":"Fetch all users with no filter and return all that were found. The data source will still fail if no users are found.","description_kind":"plain","optional":true},"user_principal_names":{"type":["list","string"],"description":"The user principal names (UPNs) of the users","description_kind":"plain","optional":true,"computed":true},"users":{"type":["list",["object",{"account_enabled":"bool","display_name":"string","employee_id":"string","mail":"string","mail_nickname":"string","object_id":"string","onpremises_immutable_id":"string","onpremises_sam_account_name":"string","onpremises_user_principal_name":"string","usage_location":"string","user_principal_name":"string"}]],"description":"A list of users","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}}}}} diff --git a/examples-generated/administrativeunits/unit.yaml b/examples-generated/administrativeunits/unit.yaml index 880816c8..50f0f9b7 100644 --- a/examples-generated/administrativeunits/unit.yaml +++ b/examples-generated/administrativeunits/unit.yaml @@ -10,4 +10,4 @@ spec: forProvider: description: Just an example displayName: Example-AU - visibility: Public + hiddenMembershipEnabled: false diff --git a/examples-generated/conditionalaccess/accesspolicy.yaml b/examples-generated/conditionalaccess/accesspolicy.yaml index 53983448..c55e2e04 100644 --- a/examples-generated/conditionalaccess/accesspolicy.yaml +++ b/examples-generated/conditionalaccess/accesspolicy.yaml @@ -46,6 +46,7 @@ spec: sessionControls: - applicationEnforcedRestrictionsEnabled: true cloudAppSecurityPolicy: monitorOnly + disableResilienceDefaults: false signInFrequency: 10 signInFrequencyPeriod: hours state: disabled diff --git a/package/crds/administrativeunits.azuread.upbound.io_units.yaml b/package/crds/administrativeunits.azuread.upbound.io_units.yaml index ac3afc72..74fc9dce 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_units.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_units.yaml @@ -76,7 +76,9 @@ spec: type: string hiddenMembershipEnabled: description: Whether the administrative unit and its members are - hidden or publicly viewable in the directory + hidden or publicly viewable in the directory. Whether the administrative + unit and its members are hidden or publicly viewable in the + directory type: boolean members: description: A set of object IDs of members who should be present @@ -115,7 +117,9 @@ spec: type: string hiddenMembershipEnabled: description: Whether the administrative unit and its members are - hidden or publicly viewable in the directory + hidden or publicly viewable in the directory. Whether the administrative + unit and its members are hidden or publicly viewable in the + directory type: boolean members: description: A set of object IDs of members who should be present @@ -348,7 +352,9 @@ spec: type: string hiddenMembershipEnabled: description: Whether the administrative unit and its members are - hidden or publicly viewable in the directory + hidden or publicly viewable in the directory. Whether the administrative + unit and its members are hidden or publicly viewable in the + directory type: boolean id: type: string diff --git a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml index 1b4b5bd0..e1e38aa9 100644 --- a/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml +++ b/package/crds/conditionalaccess.azuread.upbound.io_accesspolicies.yaml @@ -111,6 +111,29 @@ spec: items: type: string type: array + clientApplications: + description: An client_applications block as documented + below, which specifies service principals included in + and excluded from the policy. + items: + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + type: array devices: description: A devices block as documented below, which describes devices to be included in and excluded from @@ -183,10 +206,17 @@ spec: type: array type: object type: array + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array signInRiskLevels: - description: 'A list of sign-in risk levels included in - the policy. Possible values are: low, medium, high, hidden, - none, unknownFutureValue.' + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, + hidden, none, unknownFutureValue.' items: type: string type: array @@ -291,6 +321,9 @@ spec: cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.' type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean persistentBrowserMode: description: 'Session control to define whether to persist cookies or not. Possible values are: always or never.' @@ -372,6 +405,29 @@ spec: items: type: string type: array + clientApplications: + description: An client_applications block as documented + below, which specifies service principals included in + and excluded from the policy. + items: + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + type: array devices: description: A devices block as documented below, which describes devices to be included in and excluded from @@ -444,10 +500,17 @@ spec: type: array type: object type: array + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array signInRiskLevels: - description: 'A list of sign-in risk levels included in - the policy. Possible values are: low, medium, high, hidden, - none, unknownFutureValue.' + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, + hidden, none, unknownFutureValue.' items: type: string type: array @@ -552,6 +615,9 @@ spec: cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.' type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean persistentBrowserMode: description: 'Session control to define whether to persist cookies or not. Possible values are: always or never.' @@ -781,10 +847,6 @@ spec: rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) || has(self.initProvider.displayName)' - - message: grantControls is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.grantControls) - || has(self.initProvider.grantControls)' - message: state is a required parameter rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.state) @@ -839,6 +901,29 @@ spec: items: type: string type: array + clientApplications: + description: An client_applications block as documented + below, which specifies service principals included in + and excluded from the policy. + items: + properties: + excludedServicePrincipals: + description: A list of service principal IDs explicitly + excluded in the policy. + items: + type: string + type: array + includedServicePrincipals: + description: A list of service principal IDs explicitly + included in the policy. Can be set to ServicePrincipalsInMyTenant + to include all service principals. This is mandatory + value when at least one excluded_service_principals + is set. + items: + type: string + type: array + type: object + type: array devices: description: A devices block as documented below, which describes devices to be included in and excluded from @@ -911,10 +996,17 @@ spec: type: array type: object type: array + servicePrincipalRiskLevels: + description: 'A list of service principal sign-in risk levels + included in the policy. Possible values are: low, medium, + high, none, unknownFutureValue.' + items: + type: string + type: array signInRiskLevels: - description: 'A list of sign-in risk levels included in - the policy. Possible values are: low, medium, high, hidden, - none, unknownFutureValue.' + description: 'A list of user sign-in risk levels included + in the policy. Possible values are: low, medium, high, + hidden, none, unknownFutureValue.' items: type: string type: array @@ -1022,6 +1114,9 @@ spec: cloud app security policy to use. Possible values are: blockDownloads, mcasConfigured, monitorOnly or unknownFutureValue.' type: string + disableResilienceDefaults: + description: Disables resilience defaults. Defaults to false. + type: boolean persistentBrowserMode: description: 'Session control to define whether to persist cookies or not. Possible values are: always or never.' diff --git a/package/crds/users.azuread.upbound.io_users.yaml b/package/crds/users.azuread.upbound.io_users.yaml index 59ce89b3..d4f3bbbf 100644 --- a/package/crds/users.azuread.upbound.io_users.yaml +++ b/package/crds/users.azuread.upbound.io_users.yaml @@ -106,9 +106,9 @@ spec: center associated with the user. type: string country: - description: The country/region in which the user is located, - e.g. US or UK. The country/region in which the user is located, - e.g. `US` or `UK` + description: 'The country/region in which the user is located. + Examples include: NO, JP, and GB. The country/region in which + the user is located, e.g. `US` or `UK`' type: string department: description: The name for the department in which the user works. @@ -322,9 +322,9 @@ spec: center associated with the user. type: string country: - description: The country/region in which the user is located, - e.g. US or UK. The country/region in which the user is located, - e.g. `US` or `UK` + description: 'The country/region in which the user is located. + Examples include: NO, JP, and GB. The country/region in which + the user is located, e.g. `US` or `UK`' type: string department: description: The name for the department in which the user works. @@ -716,9 +716,9 @@ spec: center associated with the user. type: string country: - description: The country/region in which the user is located, - e.g. US or UK. The country/region in which the user is located, - e.g. `US` or `UK` + description: 'The country/region in which the user is located. + Examples include: NO, JP, and GB. The country/region in which + the user is located, e.g. `US` or `UK`' type: string creationType: description: Indicates whether the user account was created as