From b31281382c749234acf9b5ddd7a51ef17bf25da7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fatih=20T=C3=BCrken?= Date: Thu, 28 Dec 2023 15:31:57 +0300 Subject: [PATCH] Bump upjet to the commit 4cb45f9104ac MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fatih Türken --- .../v1beta1/zz_generated.deepcopy.go | 15 ++ .../v1beta1/zz_generated.resolvers.go | 16 ++ .../v1beta1/zz_member_types.go | 13 + .../v1beta1/zz_unit_types.go | 3 + apis/app/v1beta1/zz_generated.deepcopy.go | 30 +++ apis/app/v1beta1/zz_generated.resolvers.go | 32 +++ apis/app/v1beta1/zz_roleassignment_types.go | 26 ++ .../v1beta1/zz_application_types.go | 29 ++ .../v1beta1/zz_certificate_types.go | 13 + .../zz_federatedidentitycredential_types.go | 13 + .../v1beta1/zz_generated.deepcopy.go | 75 ++++++ .../v1beta1/zz_generated.resolvers.go | 80 ++++++ .../applications/v1beta1/zz_password_types.go | 16 ++ .../v1beta1/zz_preauthorized_types.go | 29 ++ .../v1beta1/zz_customdirectoryrole_types.go | 3 + .../v1beta1/zz_generated.deepcopy.go | 30 +++ .../v1beta1/zz_generated.resolvers.go | 32 +++ .../v1beta1/zz_roleassignment_types.go | 27 ++ apis/groups/v1beta1/zz_generated.deepcopy.go | 32 ++- apis/groups/v1beta1/zz_generated.resolvers.go | 32 +++ apis/groups/v1beta1/zz_group_types.go | 18 ++ apis/groups/v1beta1/zz_member_types.go | 26 ++ .../v1beta1/zz_generated.deepcopy.go | 45 ++++ .../v1beta1/zz_generated.resolvers.go | 48 ++++ .../v1beta1/zz_permissiongrant_types.go | 43 +++ .../v1beta1/zz_certificate_types.go | 13 + .../zz_claimsmappingpolicyassignment_types.go | 26 ++ .../v1beta1/zz_generated.deepcopy.go | 92 ++++++- .../v1beta1/zz_generated.resolvers.go | 96 +++++++ .../v1beta1/zz_password_types.go | 16 ++ .../v1beta1/zz_principal_types.go | 28 ++ .../zz_tokensigningcertificate_types.go | 13 + .../v1beta1/zz_generated.deepcopy.go | 30 +++ .../v1beta1/zz_generated.resolvers.go | 32 +++ apis/synchronization/v1beta1/zz_job_types.go | 13 + .../v1beta1/zz_secret_types.go | 13 + apis/users/v1beta1/zz_user_types.go | 3 + go.mod | 2 +- go.sum | 4 +- ...ativeunits.azuread.upbound.io_members.yaml | 78 ++++++ ...trativeunits.azuread.upbound.io_units.yaml | 3 + ...pp.azuread.upbound.io_roleassignments.yaml | 162 ++++++++++++ ...tions.azuread.upbound.io_applications.yaml | 29 ++ ...tions.azuread.upbound.io_certificates.yaml | 79 ++++++ ...bound.io_federatedidentitycredentials.yaml | 79 ++++++ ...ications.azuread.upbound.io_passwords.yaml | 82 ++++++ ...ons.azuread.upbound.io_preauthorizeds.yaml | 158 +++++++++++ ...uread.upbound.io_customdirectoryroles.yaml | 3 + ...es.azuread.upbound.io_roleassignments.yaml | 158 +++++++++++ .../groups.azuread.upbound.io_groups.yaml | 18 ++ .../groups.azuread.upbound.io_members.yaml | 160 ++++++++++++ ...d.azuread.upbound.io_permissiongrants.yaml | 247 ++++++++++++++++++ ...ipals.azuread.upbound.io_certificates.yaml | 79 ++++++ ...und.io_claimsmappingpolicyassignments.yaml | 158 +++++++++++ ...incipals.azuread.upbound.io_passwords.yaml | 82 ++++++ ...ncipals.azuread.upbound.io_principals.yaml | 95 +++++++ ...d.upbound.io_tokensigningcertificates.yaml | 81 ++++++ ...nchronization.azuread.upbound.io_jobs.yaml | 81 ++++++ ...ronization.azuread.upbound.io_secrets.yaml | 82 ++++++ .../crds/users.azuread.upbound.io_users.yaml | 3 + 60 files changed, 3019 insertions(+), 5 deletions(-) diff --git a/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go b/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go index cf9e1a73..e50166ce 100644 --- a/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go +++ b/apis/administrativeunits/v1beta1/zz_generated.deepcopy.go @@ -43,6 +43,21 @@ func (in *Member) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MemberInitParameters) DeepCopyInto(out *MemberInitParameters) { *out = *in + if in.AdministrativeUnitObjectID != nil { + in, out := &in.AdministrativeUnitObjectID, &out.AdministrativeUnitObjectID + *out = new(string) + **out = **in + } + if in.AdministrativeUnitObjectIDRef != nil { + in, out := &in.AdministrativeUnitObjectIDRef, &out.AdministrativeUnitObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AdministrativeUnitObjectIDSelector != nil { + in, out := &in.AdministrativeUnitObjectIDSelector, &out.AdministrativeUnitObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.MemberObjectID != nil { in, out := &in.MemberObjectID, &out.MemberObjectID *out = new(string) diff --git a/apis/administrativeunits/v1beta1/zz_generated.resolvers.go b/apis/administrativeunits/v1beta1/zz_generated.resolvers.go index 227b1c28..f2917227 100644 --- a/apis/administrativeunits/v1beta1/zz_generated.resolvers.go +++ b/apis/administrativeunits/v1beta1/zz_generated.resolvers.go @@ -35,5 +35,21 @@ func (mg *Member) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.AdministrativeUnitObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.AdministrativeUnitObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AdministrativeUnitObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.AdministrativeUnitObjectIDRef, + Selector: mg.Spec.InitProvider.AdministrativeUnitObjectIDSelector, + To: reference.To{ + List: &UnitList{}, + Managed: &Unit{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.AdministrativeUnitObjectID") + } + mg.Spec.InitProvider.AdministrativeUnitObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.AdministrativeUnitObjectIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/administrativeunits/v1beta1/zz_member_types.go b/apis/administrativeunits/v1beta1/zz_member_types.go index dff82131..b920ab05 100755 --- a/apis/administrativeunits/v1beta1/zz_member_types.go +++ b/apis/administrativeunits/v1beta1/zz_member_types.go @@ -19,6 +19,19 @@ import ( type MemberInitParameters struct { + // The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. + // The object ID of the administrative unit + // +crossplane:generate:reference:type=Unit + AdministrativeUnitObjectID *string `json:"administrativeUnitObjectId,omitempty" tf:"administrative_unit_object_id,omitempty"` + + // Reference to a Unit to populate administrativeUnitObjectId. + // +kubebuilder:validation:Optional + AdministrativeUnitObjectIDRef *v1.Reference `json:"administrativeUnitObjectIdRef,omitempty" tf:"-"` + + // Selector for a Unit to populate administrativeUnitObjectId. + // +kubebuilder:validation:Optional + AdministrativeUnitObjectIDSelector *v1.Selector `json:"administrativeUnitObjectIdSelector,omitempty" tf:"-"` + // The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created. // The object ID of the member MemberObjectID *string `json:"memberObjectId,omitempty" tf:"member_object_id,omitempty"` diff --git a/apis/administrativeunits/v1beta1/zz_unit_types.go b/apis/administrativeunits/v1beta1/zz_unit_types.go index f0d3f39d..128203e5 100755 --- a/apis/administrativeunits/v1beta1/zz_unit_types.go +++ b/apis/administrativeunits/v1beta1/zz_unit_types.go @@ -33,6 +33,7 @@ type UnitInitParameters struct { // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // If `true`, will return an error if an existing administrative unit is found with the same name @@ -57,6 +58,7 @@ type UnitObservation struct { // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // The object ID of the administrative unit. @@ -87,6 +89,7 @@ type UnitParameters struct { // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. // A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups // +kubebuilder:validation:Optional + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // If `true`, will return an error if an existing administrative unit is found with the same name diff --git a/apis/app/v1beta1/zz_generated.deepcopy.go b/apis/app/v1beta1/zz_generated.deepcopy.go index 266676c8..29e49d3f 100644 --- a/apis/app/v1beta1/zz_generated.deepcopy.go +++ b/apis/app/v1beta1/zz_generated.deepcopy.go @@ -48,6 +48,36 @@ func (in *RoleAssignmentInitParameters) DeepCopyInto(out *RoleAssignmentInitPara *out = new(string) **out = **in } + if in.PrincipalObjectID != nil { + in, out := &in.PrincipalObjectID, &out.PrincipalObjectID + *out = new(string) + **out = **in + } + if in.PrincipalObjectIDRef != nil { + in, out := &in.PrincipalObjectIDRef, &out.PrincipalObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalObjectIDSelector != nil { + in, out := &in.PrincipalObjectIDSelector, &out.PrincipalObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ResourceObjectID != nil { + in, out := &in.ResourceObjectID, &out.ResourceObjectID + *out = new(string) + **out = **in + } + if in.ResourceObjectIDRef != nil { + in, out := &in.ResourceObjectIDRef, &out.ResourceObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ResourceObjectIDSelector != nil { + in, out := &in.ResourceObjectIDSelector, &out.ResourceObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleAssignmentInitParameters. diff --git a/apis/app/v1beta1/zz_generated.resolvers.go b/apis/app/v1beta1/zz_generated.resolvers.go index 83d958ed..6e11325d 100644 --- a/apis/app/v1beta1/zz_generated.resolvers.go +++ b/apis/app/v1beta1/zz_generated.resolvers.go @@ -52,5 +52,37 @@ func (mg *RoleAssignment) ResolveReferences(ctx context.Context, c client.Reader mg.Spec.ForProvider.ResourceObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ResourceObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.PrincipalObjectID") + } + mg.Spec.InitProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.PrincipalObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ResourceObjectIDRef, + Selector: mg.Spec.InitProvider.ResourceObjectIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ResourceObjectID") + } + mg.Spec.InitProvider.ResourceObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ResourceObjectIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/app/v1beta1/zz_roleassignment_types.go b/apis/app/v1beta1/zz_roleassignment_types.go index c7a0b407..bd858aa2 100755 --- a/apis/app/v1beta1/zz_roleassignment_types.go +++ b/apis/app/v1beta1/zz_roleassignment_types.go @@ -22,6 +22,32 @@ type RoleAssignmentInitParameters struct { // The ID of the app role to be assigned, or the default role ID 00000000-0000-0000-0000-000000000000. Changing this forces a new resource to be created. // The ID of the app role to be assigned AppRoleID *string `json:"appRoleId,omitempty" tf:"app_role_id,omitempty"` + + // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the user, group or service principal to be assigned this app role + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate principalObjectId. + // +kubebuilder:validation:Optional + PrincipalObjectIDRef *v1.Reference `json:"principalObjectIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate principalObjectId. + // +kubebuilder:validation:Optional + PrincipalObjectIDSelector *v1.Selector `json:"principalObjectIdSelector,omitempty" tf:"-"` + + // The object ID of the service principal representing the resource. Changing this forces a new resource to be created. + // The object ID of the service principal representing the resource + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ResourceObjectID *string `json:"resourceObjectId,omitempty" tf:"resource_object_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate resourceObjectId. + // +kubebuilder:validation:Optional + ResourceObjectIDRef *v1.Reference `json:"resourceObjectIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate resourceObjectId. + // +kubebuilder:validation:Optional + ResourceObjectIDSelector *v1.Selector `json:"resourceObjectIdSelector,omitempty" tf:"-"` } type RoleAssignmentObservation struct { diff --git a/apis/applications/v1beta1/zz_application_types.go b/apis/applications/v1beta1/zz_application_types.go index 2fbc9cfa..5ff2f46e 100755 --- a/apis/applications/v1beta1/zz_application_types.go +++ b/apis/applications/v1beta1/zz_application_types.go @@ -21,6 +21,7 @@ type APIInitParameters struct { // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + // +listType=set KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -40,6 +41,7 @@ type APIObservation struct { // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app + // +listType=set KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -60,6 +62,7 @@ type APIParameters struct { // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app // +kubebuilder:validation:Optional + // +listType=set KnownClientApplications []*string `json:"knownClientApplications,omitempty" tf:"known_client_applications,omitempty"` // Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -143,6 +146,7 @@ type AppRoleInitParameters struct { // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + // +listType=set AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. @@ -170,6 +174,7 @@ type AppRoleObservation struct { // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both + // +listType=set AllowedMemberTypes []*string `json:"allowedMemberTypes,omitempty" tf:"allowed_member_types,omitempty"` // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. @@ -198,6 +203,7 @@ type AppRoleParameters struct { // Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in a standalone scenario) by setting to Application, or to both. // Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both // +kubebuilder:validation:Optional + // +listType=set AllowedMemberTypes []*string `json:"allowedMemberTypes" tf:"allowed_member_types,omitempty"` // Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences. @@ -256,10 +262,12 @@ type ApplicationInitParameters struct { // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + // +listType=set GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + // +listType=set IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. @@ -283,6 +291,7 @@ type ApplicationInitParameters struct { // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the application + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // If true, will return an error if an existing application is found with the same name. Defaults to false. @@ -316,6 +325,7 @@ type ApplicationInitParameters struct { // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the application + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. @@ -340,6 +350,7 @@ type ApplicationObservation struct { // A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. // Mapping of app role names to UUIDs + // +mapType=granular AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` // The Application ID (also called Client ID). @@ -372,6 +383,7 @@ type ApplicationObservation struct { // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects + // +listType=set GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` // The unique identifier for an app role or OAuth2 permission scope published by the resource application. @@ -379,6 +391,7 @@ type ApplicationObservation struct { // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant + // +listType=set IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. @@ -399,6 +412,7 @@ type ApplicationObservation struct { // A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration. // Mapping of OAuth2.0 permission scope names to UUIDs + // +mapType=granular Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to false, which specifies that only GET requests are allowed. @@ -414,6 +428,7 @@ type ApplicationObservation struct { // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the application + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // If true, will return an error if an existing application is found with the same name. Defaults to false. @@ -451,6 +466,7 @@ type ApplicationObservation struct { // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the application + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. @@ -503,11 +519,13 @@ type ApplicationParameters struct { // Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All. // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects // +kubebuilder:validation:Optional + // +listType=set GroupMembershipClaims []*string `json:"groupMembershipClaims,omitempty" tf:"group_membership_claims,omitempty"` // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. // The user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant // +kubebuilder:validation:Optional + // +listType=set IdentifierUris []*string `json:"identifierUris,omitempty" tf:"identifier_uris,omitempty"` // A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. @@ -537,6 +555,7 @@ type ApplicationParameters struct { // A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the application // +kubebuilder:validation:Optional + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // If true, will return an error if an existing application is found with the same name. Defaults to false. @@ -579,6 +598,7 @@ type ApplicationParameters struct { // A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the application // +kubebuilder:validation:Optional + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created. @@ -909,6 +929,7 @@ type PublicClientInitParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -916,6 +937,7 @@ type PublicClientObservation struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -924,6 +946,7 @@ type PublicClientParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https or ms-appx-web URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent // +kubebuilder:validation:Optional + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1050,6 +1073,7 @@ type SinglePageApplicationInitParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1057,6 +1081,7 @@ type SinglePageApplicationObservation struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1065,6 +1090,7 @@ type SinglePageApplicationParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid https URL. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent // +kubebuilder:validation:Optional + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1083,6 +1109,7 @@ type WebInitParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1101,6 +1128,7 @@ type WebObservation struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } @@ -1123,6 +1151,7 @@ type WebParameters struct { // A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid http URL or a URN. // The URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent // +kubebuilder:validation:Optional + // +listType=set RedirectUris []*string `json:"redirectUris,omitempty" tf:"redirect_uris,omitempty"` } diff --git a/apis/applications/v1beta1/zz_certificate_types.go b/apis/applications/v1beta1/zz_certificate_types.go index e9cf93b9..38caf779 100755 --- a/apis/applications/v1beta1/zz_certificate_types.go +++ b/apis/applications/v1beta1/zz_certificate_types.go @@ -19,6 +19,19 @@ import ( type CertificateInitParameters struct { + // The object ID of the application for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this certificate should be created + // +crossplane:generate:reference:type=Application + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // Reference to a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` + + // Selector for a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` + // Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem. // Specifies the encoding used for the supplied certificate data Encoding *string `json:"encoding,omitempty" tf:"encoding,omitempty"` diff --git a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go index 8a62c2bf..18a26585 100755 --- a/apis/applications/v1beta1/zz_federatedidentitycredential_types.go +++ b/apis/applications/v1beta1/zz_federatedidentitycredential_types.go @@ -19,6 +19,19 @@ import ( type FederatedIdentityCredentialInitParameters struct { + // The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this federated identity credential should be created + // +crossplane:generate:reference:type=Application + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // Reference to a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` + + // Selector for a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` + // List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim of incoming tokens. // List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens. Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"` diff --git a/apis/applications/v1beta1/zz_generated.deepcopy.go b/apis/applications/v1beta1/zz_generated.deepcopy.go index c38f993f..1b454569 100644 --- a/apis/applications/v1beta1/zz_generated.deepcopy.go +++ b/apis/applications/v1beta1/zz_generated.deepcopy.go @@ -1174,6 +1174,21 @@ func (in *Certificate) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertificateInitParameters) DeepCopyInto(out *CertificateInitParameters) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.ApplicationObjectIDRef != nil { + in, out := &in.ApplicationObjectIDRef, &out.ApplicationObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationObjectIDSelector != nil { + in, out := &in.ApplicationObjectIDSelector, &out.ApplicationObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Encoding != nil { in, out := &in.Encoding, &out.Encoding *out = new(string) @@ -1534,6 +1549,21 @@ func (in *FederatedIdentityCredential) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FederatedIdentityCredentialInitParameters) DeepCopyInto(out *FederatedIdentityCredentialInitParameters) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.ApplicationObjectIDRef != nil { + in, out := &in.ApplicationObjectIDRef, &out.ApplicationObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationObjectIDSelector != nil { + in, out := &in.ApplicationObjectIDSelector, &out.ApplicationObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Audiences != nil { in, out := &in.Audiences, &out.Audiences *out = make([]*string, len(*in)) @@ -2267,6 +2297,21 @@ func (in *Password) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PasswordInitParameters) DeepCopyInto(out *PasswordInitParameters) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.ApplicationObjectIDRef != nil { + in, out := &in.ApplicationObjectIDRef, &out.ApplicationObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationObjectIDSelector != nil { + in, out := &in.ApplicationObjectIDSelector, &out.ApplicationObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -2544,6 +2589,36 @@ func (in *PreAuthorized) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PreAuthorizedInitParameters) DeepCopyInto(out *PreAuthorizedInitParameters) { *out = *in + if in.ApplicationObjectID != nil { + in, out := &in.ApplicationObjectID, &out.ApplicationObjectID + *out = new(string) + **out = **in + } + if in.ApplicationObjectIDRef != nil { + in, out := &in.ApplicationObjectIDRef, &out.ApplicationObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationObjectIDSelector != nil { + in, out := &in.ApplicationObjectIDSelector, &out.ApplicationObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.AuthorizedAppID != nil { + in, out := &in.AuthorizedAppID, &out.AuthorizedAppID + *out = new(string) + **out = **in + } + if in.AuthorizedAppIDRef != nil { + in, out := &in.AuthorizedAppIDRef, &out.AuthorizedAppIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.AuthorizedAppIDSelector != nil { + in, out := &in.AuthorizedAppIDSelector, &out.AuthorizedAppIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PermissionIds != nil { in, out := &in.PermissionIds, &out.PermissionIds *out = make([]*string, len(*in)) diff --git a/apis/applications/v1beta1/zz_generated.resolvers.go b/apis/applications/v1beta1/zz_generated.resolvers.go index 1fd2329b..9a60b99c 100644 --- a/apis/applications/v1beta1/zz_generated.resolvers.go +++ b/apis/applications/v1beta1/zz_generated.resolvers.go @@ -36,6 +36,22 @@ func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) e mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{ + List: &ApplicationList{}, + Managed: &Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") + } + mg.Spec.InitProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationObjectIDRef = rsp.ResolvedReference + return nil } @@ -62,6 +78,22 @@ func (mg *FederatedIdentityCredential) ResolveReferences(ctx context.Context, c mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{ + List: &ApplicationList{}, + Managed: &Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") + } + mg.Spec.InitProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationObjectIDRef = rsp.ResolvedReference + return nil } @@ -88,6 +120,22 @@ func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) erro mg.Spec.ForProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{ + List: &ApplicationList{}, + Managed: &Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") + } + mg.Spec.InitProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationObjectIDRef = rsp.ResolvedReference + return nil } @@ -130,5 +178,37 @@ func (mg *PreAuthorized) ResolveReferences(ctx context.Context, c client.Reader) mg.Spec.ForProvider.AuthorizedAppID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.AuthorizedAppIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ApplicationObjectIDRef, + Selector: mg.Spec.InitProvider.ApplicationObjectIDSelector, + To: reference.To{ + List: &ApplicationList{}, + Managed: &Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationObjectID") + } + mg.Spec.InitProvider.ApplicationObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthorizedAppID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.InitProvider.AuthorizedAppIDRef, + Selector: mg.Spec.InitProvider.AuthorizedAppIDSelector, + To: reference.To{ + List: &ApplicationList{}, + Managed: &Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.AuthorizedAppID") + } + mg.Spec.InitProvider.AuthorizedAppID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.AuthorizedAppIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/applications/v1beta1/zz_password_types.go b/apis/applications/v1beta1/zz_password_types.go index 83f6ceb8..ddbb0a29 100755 --- a/apis/applications/v1beta1/zz_password_types.go +++ b/apis/applications/v1beta1/zz_password_types.go @@ -19,6 +19,19 @@ import ( type PasswordInitParameters struct { + // The object ID of the application for which this password should be created. Changing this field forces a new resource to be created. + // The object ID of the application for which this password should be created + // +crossplane:generate:reference:type=Application + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // Reference to a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` + + // Selector for a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` + // A display name for the password. Changing this field forces a new resource to be created. // A display name for the password DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -33,6 +46,7 @@ type PasswordInitParameters struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. @@ -66,6 +80,7 @@ type PasswordObservation struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. @@ -107,6 +122,7 @@ type PasswordParameters struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password // +kubebuilder:validation:Optional + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. diff --git a/apis/applications/v1beta1/zz_preauthorized_types.go b/apis/applications/v1beta1/zz_preauthorized_types.go index 0fe6a571..849651a0 100755 --- a/apis/applications/v1beta1/zz_preauthorized_types.go +++ b/apis/applications/v1beta1/zz_preauthorized_types.go @@ -19,8 +19,35 @@ import ( type PreAuthorizedInitParameters struct { + // The object ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created. + // The object ID of the application to which this pre-authorized application should be added + // +crossplane:generate:reference:type=Application + ApplicationObjectID *string `json:"applicationObjectId,omitempty" tf:"application_object_id,omitempty"` + + // Reference to a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDRef *v1.Reference `json:"applicationObjectIdRef,omitempty" tf:"-"` + + // Selector for a Application to populate applicationObjectId. + // +kubebuilder:validation:Optional + ApplicationObjectIDSelector *v1.Selector `json:"applicationObjectIdSelector,omitempty" tf:"-"` + + // The application ID of the pre-authorized application + // +crossplane:generate:reference:type=Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) + AuthorizedAppID *string `json:"authorizedAppId,omitempty" tf:"authorized_app_id,omitempty"` + + // Reference to a Application to populate authorizedAppId. + // +kubebuilder:validation:Optional + AuthorizedAppIDRef *v1.Reference `json:"authorizedAppIdRef,omitempty" tf:"-"` + + // Selector for a Application to populate authorizedAppId. + // +kubebuilder:validation:Optional + AuthorizedAppIDSelector *v1.Selector `json:"authorizedAppIdSelector,omitempty" tf:"-"` + // A set of permission scope IDs required by the authorized application. // The IDs of the permission scopes required by the pre-authorized application + // +listType=set PermissionIds []*string `json:"permissionIds,omitempty" tf:"permission_ids,omitempty"` } @@ -37,6 +64,7 @@ type PreAuthorizedObservation struct { // A set of permission scope IDs required by the authorized application. // The IDs of the permission scopes required by the pre-authorized application + // +listType=set PermissionIds []*string `json:"permissionIds,omitempty" tf:"permission_ids,omitempty"` } @@ -73,6 +101,7 @@ type PreAuthorizedParameters struct { // A set of permission scope IDs required by the authorized application. // The IDs of the permission scopes required by the pre-authorized application // +kubebuilder:validation:Optional + // +listType=set PermissionIds []*string `json:"permissionIds,omitempty" tf:"permission_ids,omitempty"` } diff --git a/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go b/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go index 63e9ec24..c48c5c75 100755 --- a/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go +++ b/apis/directoryroles/v1beta1/zz_customdirectoryrole_types.go @@ -114,6 +114,7 @@ type PermissionsInitParameters struct { // A set of tasks that can be performed on a resource. For more information, see the Permissions Reference documentation. // Set of tasks that can be performed on a resource + // +listType=set AllowedResourceActions []*string `json:"allowedResourceActions,omitempty" tf:"allowed_resource_actions,omitempty"` } @@ -121,6 +122,7 @@ type PermissionsObservation struct { // A set of tasks that can be performed on a resource. For more information, see the Permissions Reference documentation. // Set of tasks that can be performed on a resource + // +listType=set AllowedResourceActions []*string `json:"allowedResourceActions,omitempty" tf:"allowed_resource_actions,omitempty"` } @@ -129,6 +131,7 @@ type PermissionsParameters struct { // A set of tasks that can be performed on a resource. For more information, see the Permissions Reference documentation. // Set of tasks that can be performed on a resource // +kubebuilder:validation:Optional + // +listType=set AllowedResourceActions []*string `json:"allowedResourceActions" tf:"allowed_resource_actions,omitempty"` } diff --git a/apis/directoryroles/v1beta1/zz_generated.deepcopy.go b/apis/directoryroles/v1beta1/zz_generated.deepcopy.go index a22809e1..2ffb08b4 100644 --- a/apis/directoryroles/v1beta1/zz_generated.deepcopy.go +++ b/apis/directoryroles/v1beta1/zz_generated.deepcopy.go @@ -413,6 +413,36 @@ func (in *RoleAssignmentInitParameters) DeepCopyInto(out *RoleAssignmentInitPara *out = new(string) **out = **in } + if in.PrincipalObjectID != nil { + in, out := &in.PrincipalObjectID, &out.PrincipalObjectID + *out = new(string) + **out = **in + } + if in.PrincipalObjectIDRef != nil { + in, out := &in.PrincipalObjectIDRef, &out.PrincipalObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalObjectIDSelector != nil { + in, out := &in.PrincipalObjectIDSelector, &out.PrincipalObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.RoleID != nil { + in, out := &in.RoleID, &out.RoleID + *out = new(string) + **out = **in + } + if in.RoleIDRef != nil { + in, out := &in.RoleIDRef, &out.RoleIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.RoleIDSelector != nil { + in, out := &in.RoleIDSelector, &out.RoleIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleAssignmentInitParameters. diff --git a/apis/directoryroles/v1beta1/zz_generated.resolvers.go b/apis/directoryroles/v1beta1/zz_generated.resolvers.go index c4b937ba..0e624cce 100644 --- a/apis/directoryroles/v1beta1/zz_generated.resolvers.go +++ b/apis/directoryroles/v1beta1/zz_generated.resolvers.go @@ -53,5 +53,37 @@ func (mg *RoleAssignment) ResolveReferences(ctx context.Context, c client.Reader mg.Spec.ForProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RoleIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.PrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.PrincipalObjectIDSelector, + To: reference.To{ + List: &v1beta1.UserList{}, + Managed: &v1beta1.User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.PrincipalObjectID") + } + mg.Spec.InitProvider.PrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.PrincipalObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RoleID), + Extract: resource.ExtractParamPath("template_id", true), + Reference: mg.Spec.InitProvider.RoleIDRef, + Selector: mg.Spec.InitProvider.RoleIDSelector, + To: reference.To{ + List: &RoleList{}, + Managed: &Role{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RoleID") + } + mg.Spec.InitProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RoleIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/directoryroles/v1beta1/zz_roleassignment_types.go b/apis/directoryroles/v1beta1/zz_roleassignment_types.go index 00d50ce5..022e8abf 100755 --- a/apis/directoryroles/v1beta1/zz_roleassignment_types.go +++ b/apis/directoryroles/v1beta1/zz_roleassignment_types.go @@ -32,6 +32,33 @@ type RoleAssignmentInitParameters struct { // Identifier of the directory object representing the scope of the assignment DirectoryScopeObjectID *string `json:"directoryScopeObjectId,omitempty" tf:"directory_scope_object_id,omitempty"` + + // The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the member principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/users/v1beta1.User + PrincipalObjectID *string `json:"principalObjectId,omitempty" tf:"principal_object_id,omitempty"` + + // Reference to a User in users to populate principalObjectId. + // +kubebuilder:validation:Optional + PrincipalObjectIDRef *v1.Reference `json:"principalObjectIdRef,omitempty" tf:"-"` + + // Selector for a User in users to populate principalObjectId. + // +kubebuilder:validation:Optional + PrincipalObjectIDSelector *v1.Selector `json:"principalObjectIdSelector,omitempty" tf:"-"` + + // The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. + // The object ID of the directory role for this assignment + // +crossplane:generate:reference:type=Role + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("template_id",true) + RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` + + // Reference to a Role to populate roleId. + // +kubebuilder:validation:Optional + RoleIDRef *v1.Reference `json:"roleIdRef,omitempty" tf:"-"` + + // Selector for a Role to populate roleId. + // +kubebuilder:validation:Optional + RoleIDSelector *v1.Selector `json:"roleIdSelector,omitempty" tf:"-"` } type RoleAssignmentObservation struct { diff --git a/apis/groups/v1beta1/zz_generated.deepcopy.go b/apis/groups/v1beta1/zz_generated.deepcopy.go index 9ca7da9c..f0ab819c 100644 --- a/apis/groups/v1beta1/zz_generated.deepcopy.go +++ b/apis/groups/v1beta1/zz_generated.deepcopy.go @@ -757,6 +757,36 @@ func (in *Member) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MemberInitParameters) DeepCopyInto(out *MemberInitParameters) { *out = *in + if in.GroupObjectID != nil { + in, out := &in.GroupObjectID, &out.GroupObjectID + *out = new(string) + **out = **in + } + if in.GroupObjectIDRef != nil { + in, out := &in.GroupObjectIDRef, &out.GroupObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.GroupObjectIDSelector != nil { + in, out := &in.GroupObjectIDSelector, &out.GroupObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.MemberObjectID != nil { + in, out := &in.MemberObjectID, &out.MemberObjectID + *out = new(string) + **out = **in + } + if in.MemberObjectIDRef != nil { + in, out := &in.MemberObjectIDRef, &out.MemberObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.MemberObjectIDSelector != nil { + in, out := &in.MemberObjectIDSelector, &out.MemberObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberInitParameters. @@ -881,7 +911,7 @@ func (in *MemberSpec) DeepCopyInto(out *MemberSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) - out.InitProvider = in.InitProvider + in.InitProvider.DeepCopyInto(&out.InitProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberSpec. diff --git a/apis/groups/v1beta1/zz_generated.resolvers.go b/apis/groups/v1beta1/zz_generated.resolvers.go index 4b2a8c01..0ab6851d 100644 --- a/apis/groups/v1beta1/zz_generated.resolvers.go +++ b/apis/groups/v1beta1/zz_generated.resolvers.go @@ -52,5 +52,37 @@ func (mg *Member) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.MemberObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.MemberObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.GroupObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.GroupObjectIDRef, + Selector: mg.Spec.InitProvider.GroupObjectIDSelector, + To: reference.To{ + List: &GroupList{}, + Managed: &Group{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.GroupObjectID") + } + mg.Spec.InitProvider.GroupObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.GroupObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.MemberObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.MemberObjectIDRef, + Selector: mg.Spec.InitProvider.MemberObjectIDSelector, + To: reference.To{ + List: &v1beta1.UserList{}, + Managed: &v1beta1.User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.MemberObjectID") + } + mg.Spec.InitProvider.MemberObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.MemberObjectIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/groups/v1beta1/zz_group_types.go b/apis/groups/v1beta1/zz_group_types.go index 829a82f0..6a31beb1 100755 --- a/apis/groups/v1beta1/zz_group_types.go +++ b/apis/groups/v1beta1/zz_group_types.go @@ -53,6 +53,7 @@ type GroupInitParameters struct { // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + // +listType=set AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. @@ -65,6 +66,7 @@ type GroupInitParameters struct { // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. // The group behaviours for a Microsoft 365 group + // +listType=set Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` // The description for the group. @@ -101,6 +103,7 @@ type GroupInitParameters struct { // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. @@ -109,6 +112,7 @@ type GroupInitParameters struct { // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. // A set of owners who own this group. Supported object types are Users or Service Principals + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // If true, will return an error if an existing group is found with the same name. Defaults to false. @@ -117,6 +121,7 @@ type GroupInitParameters struct { // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. // The group provisioning options for a Microsoft 365 group + // +listType=set ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). @@ -129,6 +134,7 @@ type GroupInitParameters struct { // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + // +listType=set Types []*string `json:"types,omitempty" tf:"types,omitempty"` // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. @@ -144,6 +150,7 @@ type GroupObservation struct { // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. + // +listType=set AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. @@ -156,6 +163,7 @@ type GroupObservation struct { // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. // The group behaviours for a Microsoft 365 group + // +listType=set Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` // The description for the group. @@ -198,6 +206,7 @@ type GroupObservation struct { // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // The object ID of the group. @@ -230,6 +239,7 @@ type GroupObservation struct { // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. // A set of owners who own this group. Supported object types are Users or Service Principals + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // The preferred language for a Microsoft 365 group, in ISO 639-1 notation. @@ -242,6 +252,7 @@ type GroupObservation struct { // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. // The group provisioning options for a Microsoft 365 group + // +listType=set ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` // List of email addresses for the group that direct to the same group mailbox. @@ -258,6 +269,7 @@ type GroupObservation struct { // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true + // +listType=set Types []*string `json:"types,omitempty" tf:"types,omitempty"` // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. @@ -274,6 +286,7 @@ type GroupParameters struct { // The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level. // The administrative unit IDs in which the group should be. If empty, the group will be created at the tenant level. // +kubebuilder:validation:Optional + // +listType=set AdministrativeUnitIds []*string `json:"administrativeUnitIds,omitempty" tf:"administrative_unit_ids,omitempty"` // Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be set to true for security-enabled groups. Changing this forces a new resource to be created. @@ -289,6 +302,7 @@ type GroupParameters struct { // A set of behaviors for a Microsoft 365 group. Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, SubscribeNewGroupMembers and WelcomeEmailDisabled. See official documentation for more details. Changing this forces a new resource to be created. // The group behaviours for a Microsoft 365 group // +kubebuilder:validation:Optional + // +listType=set Behaviors []*string `json:"behaviors,omitempty" tf:"behaviors,omitempty"` // The description for the group. @@ -334,6 +348,7 @@ type GroupParameters struct { // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the dynamic_membership block. // A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals // +kubebuilder:validation:Optional + // +listType=set Members []*string `json:"members,omitempty" tf:"members,omitempty"` // The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are UniversalDistributionGroup, UniversalMailEnabledSecurityGroup, or UniversalSecurityGroup. @@ -344,6 +359,7 @@ type GroupParameters struct { // A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. Groups cannot be created with no owners or have all their owners removed. // A set of owners who own this group. Supported object types are Users or Service Principals // +kubebuilder:validation:Optional + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // If true, will return an error if an existing group is found with the same name. Defaults to false. @@ -354,6 +370,7 @@ type GroupParameters struct { // A set of provisioning options for a Microsoft 365 group. The only supported value is Team. See official documentation for details. Changing this forces a new resource to be created. // The group provisioning options for a Microsoft 365 group // +kubebuilder:validation:Optional + // +listType=set ProvisioningOptions []*string `json:"provisioningOptions,omitempty" tf:"provisioning_options,omitempty"` // Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled or mail_enabled must be specified. A Microsoft 365 group can be security enabled and mail enabled (see the types property). @@ -369,6 +386,7 @@ type GroupParameters struct { // A set of group types to configure for the group. Supported values are DynamicMembership, which denotes a group with dynamic membership, and Unified, which specifies a Microsoft 365 group. Required when mail_enabled is true. Changing this forces a new resource to be created. // A set of group types to configure for the group. `Unified` specifies a Microsoft 365 group. Required when `mail_enabled` is true // +kubebuilder:validation:Optional + // +listType=set Types []*string `json:"types,omitempty" tf:"types,omitempty"` // The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only Microsoft 365 groups can have Hiddenmembership visibility and this value must be set when the group is created. By default, security groups will receive Private visibility and Microsoft 365 groups will receive Public visibility. diff --git a/apis/groups/v1beta1/zz_member_types.go b/apis/groups/v1beta1/zz_member_types.go index d0c90bc7..cec26bf6 100755 --- a/apis/groups/v1beta1/zz_member_types.go +++ b/apis/groups/v1beta1/zz_member_types.go @@ -18,6 +18,32 @@ import ( ) type MemberInitParameters struct { + + // The object ID of the group you want to add the member to. Changing this forces a new resource to be created. + // The object ID of the group you want to add the member to + // +crossplane:generate:reference:type=Group + GroupObjectID *string `json:"groupObjectId,omitempty" tf:"group_object_id,omitempty"` + + // Reference to a Group to populate groupObjectId. + // +kubebuilder:validation:Optional + GroupObjectIDRef *v1.Reference `json:"groupObjectIdRef,omitempty" tf:"-"` + + // Selector for a Group to populate groupObjectId. + // +kubebuilder:validation:Optional + GroupObjectIDSelector *v1.Selector `json:"groupObjectIdSelector,omitempty" tf:"-"` + + // The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. + // The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/users/v1beta1.User + MemberObjectID *string `json:"memberObjectId,omitempty" tf:"member_object_id,omitempty"` + + // Reference to a User in users to populate memberObjectId. + // +kubebuilder:validation:Optional + MemberObjectIDRef *v1.Reference `json:"memberObjectIdRef,omitempty" tf:"-"` + + // Selector for a User in users to populate memberObjectId. + // +kubebuilder:validation:Optional + MemberObjectIDSelector *v1.Selector `json:"memberObjectIdSelector,omitempty" tf:"-"` } type MemberObservation struct { diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go b/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go index f84b5548..f44b8b23 100644 --- a/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_generated.deepcopy.go @@ -54,6 +54,51 @@ func (in *PermissionGrantInitParameters) DeepCopyInto(out *PermissionGrantInitPa } } } + if in.ResourceServicePrincipalObjectID != nil { + in, out := &in.ResourceServicePrincipalObjectID, &out.ResourceServicePrincipalObjectID + *out = new(string) + **out = **in + } + if in.ResourceServicePrincipalObjectIDRef != nil { + in, out := &in.ResourceServicePrincipalObjectIDRef, &out.ResourceServicePrincipalObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ResourceServicePrincipalObjectIDSelector != nil { + in, out := &in.ResourceServicePrincipalObjectIDSelector, &out.ResourceServicePrincipalObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalObjectID != nil { + in, out := &in.ServicePrincipalObjectID, &out.ServicePrincipalObjectID + *out = new(string) + **out = **in + } + if in.ServicePrincipalObjectIDRef != nil { + in, out := &in.ServicePrincipalObjectIDRef, &out.ServicePrincipalObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalObjectIDSelector != nil { + in, out := &in.ServicePrincipalObjectIDSelector, &out.ServicePrincipalObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.UserObjectID != nil { + in, out := &in.UserObjectID, &out.UserObjectID + *out = new(string) + **out = **in + } + if in.UserObjectIDRef != nil { + in, out := &in.UserObjectIDRef, &out.UserObjectIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.UserObjectIDSelector != nil { + in, out := &in.UserObjectIDSelector, &out.UserObjectIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionGrantInitParameters. diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go b/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go index 7e242a0f..9aebd9f6 100644 --- a/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_generated.resolvers.go @@ -70,5 +70,53 @@ func (mg *PermissionGrant) ResolveReferences(ctx context.Context, c client.Reade mg.Spec.ForProvider.UserObjectID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.UserObjectIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ResourceServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.ResourceServicePrincipalObjectIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ResourceServicePrincipalObjectID") + } + mg.Spec.InitProvider.ResourceServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ResourceServicePrincipalObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalObjectID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalObjectIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalObjectIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalObjectID") + } + mg.Spec.InitProvider.ServicePrincipalObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalObjectIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.UserObjectID), + Extract: resource.ExtractParamPath("object_id", true), + Reference: mg.Spec.InitProvider.UserObjectIDRef, + Selector: mg.Spec.InitProvider.UserObjectIDSelector, + To: reference.To{ + List: &v1beta11.UserList{}, + Managed: &v1beta11.User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.UserObjectID") + } + mg.Spec.InitProvider.UserObjectID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.UserObjectIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go index 7bb75376..db837449 100755 --- a/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go +++ b/apis/serviceprincipaldelegated/v1beta1/zz_permissiongrant_types.go @@ -21,13 +21,55 @@ type PermissionGrantInitParameters struct { // - A set of claim values for delegated permission scopes which should be included in access tokens for the resource. // A set of claim values for delegated permission scopes which should be included in access tokens for the resource + // +listType=set ClaimValues []*string `json:"claimValues,omitempty" tf:"claim_values,omitempty"` + + // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. + // The object ID of the service principal representing the resource to be accessed + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ResourceServicePrincipalObjectID *string `json:"resourceServicePrincipalObjectId,omitempty" tf:"resource_service_principal_object_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate resourceServicePrincipalObjectId. + // +kubebuilder:validation:Optional + ResourceServicePrincipalObjectIDRef *v1.Reference `json:"resourceServicePrincipalObjectIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate resourceServicePrincipalObjectId. + // +kubebuilder:validation:Optional + ResourceServicePrincipalObjectIDSelector *v1.Selector `json:"resourceServicePrincipalObjectIdSelector,omitempty" tf:"-"` + + // The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created. + // The object ID of the service principal for which this delegated permission grant should be created + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ServicePrincipalObjectID *string `json:"servicePrincipalObjectId,omitempty" tf:"service_principal_object_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate servicePrincipalObjectId. + // +kubebuilder:validation:Optional + ServicePrincipalObjectIDRef *v1.Reference `json:"servicePrincipalObjectIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate servicePrincipalObjectId. + // +kubebuilder:validation:Optional + ServicePrincipalObjectIDSelector *v1.Selector `json:"servicePrincipalObjectIdSelector,omitempty" tf:"-"` + + // - The object ID of the user on behalf of whom the service principal is authorized to access the resource. When omitted, the delegated permission grant will be consented for all users. Changing this forces a new resource to be created. + // The object ID of the user on behalf of whom the service principal is authorized to access the resource + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/users/v1beta1.User + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("object_id",true) + UserObjectID *string `json:"userObjectId,omitempty" tf:"user_object_id,omitempty"` + + // Reference to a User in users to populate userObjectId. + // +kubebuilder:validation:Optional + UserObjectIDRef *v1.Reference `json:"userObjectIdRef,omitempty" tf:"-"` + + // Selector for a User in users to populate userObjectId. + // +kubebuilder:validation:Optional + UserObjectIDSelector *v1.Selector `json:"userObjectIdSelector,omitempty" tf:"-"` } type PermissionGrantObservation struct { // - A set of claim values for delegated permission scopes which should be included in access tokens for the resource. // A set of claim values for delegated permission scopes which should be included in access tokens for the resource + // +listType=set ClaimValues []*string `json:"claimValues,omitempty" tf:"claim_values,omitempty"` // The ID of the delegated permission grant. @@ -51,6 +93,7 @@ type PermissionGrantParameters struct { // - A set of claim values for delegated permission scopes which should be included in access tokens for the resource. // A set of claim values for delegated permission scopes which should be included in access tokens for the resource // +kubebuilder:validation:Optional + // +listType=set ClaimValues []*string `json:"claimValues,omitempty" tf:"claim_values,omitempty"` // The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created. diff --git a/apis/serviceprincipals/v1beta1/zz_certificate_types.go b/apis/serviceprincipals/v1beta1/zz_certificate_types.go index eb45a18b..9a4eff50 100755 --- a/apis/serviceprincipals/v1beta1/zz_certificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_certificate_types.go @@ -35,6 +35,19 @@ type CertificateInitParameters struct { // A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` + // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this certificate should be created + // +crossplane:generate:reference:type=Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` + // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. // The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` diff --git a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go index 00dc5024..9da451e5 100755 --- a/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go +++ b/apis/serviceprincipals/v1beta1/zz_claimsmappingpolicyassignment_types.go @@ -18,6 +18,32 @@ import ( ) type ClaimsMappingPolicyAssignmentInitParameters struct { + + // The ID of the claims mapping policy to assign. + // ID of the claims mapping policy to assign + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/policies/v1beta1.ClaimsMappingPolicy + ClaimsMappingPolicyID *string `json:"claimsMappingPolicyId,omitempty" tf:"claims_mapping_policy_id,omitempty"` + + // Reference to a ClaimsMappingPolicy in policies to populate claimsMappingPolicyId. + // +kubebuilder:validation:Optional + ClaimsMappingPolicyIDRef *v1.Reference `json:"claimsMappingPolicyIdRef,omitempty" tf:"-"` + + // Selector for a ClaimsMappingPolicy in policies to populate claimsMappingPolicyId. + // +kubebuilder:validation:Optional + ClaimsMappingPolicyIDSelector *v1.Selector `json:"claimsMappingPolicyIdSelector,omitempty" tf:"-"` + + // The object ID of the service principal for the policy assignment. + // Object ID of the service principal for which to assign the policy + // +crossplane:generate:reference:type=Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` } type ClaimsMappingPolicyAssignmentObservation struct { diff --git a/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go b/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go index bb35f831..feff5a84 100644 --- a/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.deepcopy.go @@ -144,6 +144,21 @@ func (in *CertificateInitParameters) DeepCopyInto(out *CertificateInitParameters *out = new(string) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.StartDate != nil { in, out := &in.StartDate, &out.StartDate *out = new(string) @@ -379,6 +394,36 @@ func (in *ClaimsMappingPolicyAssignment) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClaimsMappingPolicyAssignmentInitParameters) DeepCopyInto(out *ClaimsMappingPolicyAssignmentInitParameters) { *out = *in + if in.ClaimsMappingPolicyID != nil { + in, out := &in.ClaimsMappingPolicyID, &out.ClaimsMappingPolicyID + *out = new(string) + **out = **in + } + if in.ClaimsMappingPolicyIDRef != nil { + in, out := &in.ClaimsMappingPolicyIDRef, &out.ClaimsMappingPolicyIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClaimsMappingPolicyIDSelector != nil { + in, out := &in.ClaimsMappingPolicyIDSelector, &out.ClaimsMappingPolicyIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimsMappingPolicyAssignmentInitParameters. @@ -503,7 +548,7 @@ func (in *ClaimsMappingPolicyAssignmentSpec) DeepCopyInto(out *ClaimsMappingPoli *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) - out.InitProvider = in.InitProvider + in.InitProvider.DeepCopyInto(&out.InitProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimsMappingPolicyAssignmentSpec. @@ -784,6 +829,21 @@ func (in *PasswordInitParameters) DeepCopyInto(out *PasswordInitParameters) { (*out)[key] = outVal } } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.StartDate != nil { in, out := &in.StartDate, &out.StartDate *out = new(string) @@ -1051,6 +1111,21 @@ func (in *PrincipalInitParameters) DeepCopyInto(out *PrincipalInitParameters) { *out = new(bool) **out = **in } + if in.ApplicationID != nil { + in, out := &in.ApplicationID, &out.ApplicationID + *out = new(string) + **out = **in + } + if in.ApplicationIDRef != nil { + in, out := &in.ApplicationIDRef, &out.ApplicationIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ApplicationIDSelector != nil { + in, out := &in.ApplicationIDSelector, &out.ApplicationIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -1651,6 +1726,21 @@ func (in *TokenSigningCertificateInitParameters) DeepCopyInto(out *TokenSigningC *out = new(string) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenSigningCertificateInitParameters. diff --git a/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go b/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go index ab372f94..53f2980d 100644 --- a/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go +++ b/apis/serviceprincipals/v1beta1/zz_generated.resolvers.go @@ -38,6 +38,22 @@ func (mg *Certificate) ResolveReferences(ctx context.Context, c client.Reader) e mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &PrincipalList{}, + Managed: &Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } @@ -80,6 +96,38 @@ func (mg *ClaimsMappingPolicyAssignment) ResolveReferences(ctx context.Context, mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClaimsMappingPolicyID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ClaimsMappingPolicyIDRef, + Selector: mg.Spec.InitProvider.ClaimsMappingPolicyIDSelector, + To: reference.To{ + List: &v1beta1.ClaimsMappingPolicyList{}, + Managed: &v1beta1.ClaimsMappingPolicy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ClaimsMappingPolicyID") + } + mg.Spec.InitProvider.ClaimsMappingPolicyID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ClaimsMappingPolicyIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &PrincipalList{}, + Managed: &Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } @@ -106,6 +154,22 @@ func (mg *Password) ResolveReferences(ctx context.Context, c client.Reader) erro mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &PrincipalList{}, + Managed: &Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } @@ -132,6 +196,22 @@ func (mg *Principal) ResolveReferences(ctx context.Context, c client.Reader) err mg.Spec.ForProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ApplicationIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ApplicationID), + Extract: resource.ExtractParamPath("application_id", true), + Reference: mg.Spec.InitProvider.ApplicationIDRef, + Selector: mg.Spec.InitProvider.ApplicationIDSelector, + To: reference.To{ + List: &v1beta11.ApplicationList{}, + Managed: &v1beta11.Application{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ApplicationID") + } + mg.Spec.InitProvider.ApplicationID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ApplicationIDRef = rsp.ResolvedReference + return nil } @@ -158,5 +238,21 @@ func (mg *TokenSigningCertificate) ResolveReferences(ctx context.Context, c clie mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &PrincipalList{}, + Managed: &Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/serviceprincipals/v1beta1/zz_password_types.go b/apis/serviceprincipals/v1beta1/zz_password_types.go index ff48d572..6675462f 100755 --- a/apis/serviceprincipals/v1beta1/zz_password_types.go +++ b/apis/serviceprincipals/v1beta1/zz_password_types.go @@ -33,8 +33,22 @@ type PasswordInitParameters struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` + // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this password should be created + // +crossplane:generate:reference:type=Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` + // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. // The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used StartDate *string `json:"startDate,omitempty" tf:"start_date,omitempty"` @@ -62,6 +76,7 @@ type PasswordObservation struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. @@ -93,6 +108,7 @@ type PasswordParameters struct { // A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. // Arbitrary map of values that, when changed, will trigger rotation of the password // +kubebuilder:validation:Optional + // +mapType=granular RotateWhenChanged map[string]*string `json:"rotateWhenChanged,omitempty" tf:"rotate_when_changed,omitempty"` // The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created. diff --git a/apis/serviceprincipals/v1beta1/zz_principal_types.go b/apis/serviceprincipals/v1beta1/zz_principal_types.go index da210c58..a04c8354 100755 --- a/apis/serviceprincipals/v1beta1/zz_principal_types.go +++ b/apis/serviceprincipals/v1beta1/zz_principal_types.go @@ -146,12 +146,27 @@ type PrincipalInitParameters struct { // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + // +listType=set AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application AppRoleAssignmentRequired *bool `json:"appRoleAssignmentRequired,omitempty" tf:"app_role_assignment_required,omitempty"` + // The application ID (client ID) of the application for which to create a service principal. + // The application ID (client ID) of the application for which to create a service principal + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/applications/v1beta1.Application + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("application_id",true) + ApplicationID *string `json:"applicationId,omitempty" tf:"application_id,omitempty"` + + // Reference to a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDRef *v1.Reference `json:"applicationIdRef,omitempty" tf:"-"` + + // Selector for a Application in applications to populate applicationId. + // +kubebuilder:validation:Optional + ApplicationIDSelector *v1.Selector `json:"applicationIdSelector,omitempty" tf:"-"` + // A description of the service principal provided for internal end-users. // Description of the service principal provided for internal end-users Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -170,10 +185,12 @@ type PrincipalInitParameters struct { // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + // +listType=set NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the service principal + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. @@ -186,6 +203,7 @@ type PrincipalInitParameters struct { // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the service principal + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. @@ -201,6 +219,7 @@ type PrincipalObservation struct { // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities + // +listType=set AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. @@ -209,6 +228,7 @@ type PrincipalObservation struct { // A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. // Mapping of app role names to UUIDs + // +mapType=granular AppRoleIds map[string]*string `json:"appRoleIds,omitempty" tf:"app_role_ids,omitempty"` // A list of app roles published by the associated application, as documented below. For more information official documentation. @@ -255,10 +275,12 @@ type PrincipalObservation struct { // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications + // +listType=set NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` // A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration. // Mapping of OAuth2.0 permission scope names to UUIDs + // +mapType=granular Oauth2PermissionScopeIds map[string]*string `json:"oauth2PermissionScopeIds,omitempty" tf:"oauth2_permission_scope_ids,omitempty"` // A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below. @@ -270,6 +292,7 @@ type PrincipalObservation struct { // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the service principal + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. @@ -298,6 +321,7 @@ type PrincipalObservation struct { // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the service principal + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity. @@ -319,6 +343,7 @@ type PrincipalParameters struct { // A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. // A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities // +kubebuilder:validation:Optional + // +listType=set AlternativeNames []*string `json:"alternativeNames,omitempty" tf:"alternative_names,omitempty"` // Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false. @@ -364,11 +389,13 @@ type PrincipalParameters struct { // A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. // List of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications // +kubebuilder:validation:Optional + // +listType=set NotificationEmailAddresses []*string `json:"notificationEmailAddresses,omitempty" tf:"notification_email_addresses,omitempty"` // A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned. // A list of object IDs of principals that will be granted ownership of the service principal // +kubebuilder:validation:Optional + // +listType=set Owners []*string `json:"owners,omitempty" tf:"owners,omitempty"` // The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset. @@ -384,6 +411,7 @@ type PrincipalParameters struct { // A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block. // A set of tags to apply to the service principal // +kubebuilder:validation:Optional + // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal. diff --git a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go index 09a9a21e..56e4280f 100755 --- a/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go +++ b/apis/serviceprincipals/v1beta1/zz_tokensigningcertificate_types.go @@ -27,6 +27,19 @@ type TokenSigningCertificateInitParameters struct { // The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. // The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date. EndDate *string `json:"endDate,omitempty" tf:"end_date,omitempty"` + + // The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this certificate should be created + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` } type TokenSigningCertificateObservation struct { diff --git a/apis/synchronization/v1beta1/zz_generated.deepcopy.go b/apis/synchronization/v1beta1/zz_generated.deepcopy.go index fa618b3a..675498f7 100644 --- a/apis/synchronization/v1beta1/zz_generated.deepcopy.go +++ b/apis/synchronization/v1beta1/zz_generated.deepcopy.go @@ -109,6 +109,21 @@ func (in *JobInitParameters) DeepCopyInto(out *JobInitParameters) { *out = new(bool) **out = **in } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.TemplateID != nil { in, out := &in.TemplateID, &out.TemplateID *out = new(string) @@ -372,6 +387,21 @@ func (in *SecretInitParameters) DeepCopyInto(out *SecretInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServicePrincipalID != nil { + in, out := &in.ServicePrincipalID, &out.ServicePrincipalID + *out = new(string) + **out = **in + } + if in.ServicePrincipalIDRef != nil { + in, out := &in.ServicePrincipalIDRef, &out.ServicePrincipalIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServicePrincipalIDSelector != nil { + in, out := &in.ServicePrincipalIDSelector, &out.ServicePrincipalIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretInitParameters. diff --git a/apis/synchronization/v1beta1/zz_generated.resolvers.go b/apis/synchronization/v1beta1/zz_generated.resolvers.go index dae37a00..a9e87de0 100644 --- a/apis/synchronization/v1beta1/zz_generated.resolvers.go +++ b/apis/synchronization/v1beta1/zz_generated.resolvers.go @@ -36,6 +36,22 @@ func (mg *Job) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } @@ -62,5 +78,21 @@ func (mg *Secret) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ServicePrincipalIDRef = rsp.ResolvedReference + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ServicePrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.ServicePrincipalIDRef, + Selector: mg.Spec.InitProvider.ServicePrincipalIDSelector, + To: reference.To{ + List: &v1beta1.PrincipalList{}, + Managed: &v1beta1.Principal{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ServicePrincipalID") + } + mg.Spec.InitProvider.ServicePrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ServicePrincipalIDRef = rsp.ResolvedReference + return nil } diff --git a/apis/synchronization/v1beta1/zz_job_types.go b/apis/synchronization/v1beta1/zz_job_types.go index 13c79819..aa2d21d7 100755 --- a/apis/synchronization/v1beta1/zz_job_types.go +++ b/apis/synchronization/v1beta1/zz_job_types.go @@ -23,6 +23,19 @@ type JobInitParameters struct { // Whether or not the synchronization job is enabled Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this synchronization job should be created + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` + // Identifier of the synchronization template this job is based on. // Identifier of the synchronization template this job is based on. TemplateID *string `json:"templateId,omitempty" tf:"template_id,omitempty"` diff --git a/apis/synchronization/v1beta1/zz_secret_types.go b/apis/synchronization/v1beta1/zz_secret_types.go index 3559d9e1..1515c802 100755 --- a/apis/synchronization/v1beta1/zz_secret_types.go +++ b/apis/synchronization/v1beta1/zz_secret_types.go @@ -48,6 +48,19 @@ type SecretInitParameters struct { // One or more credential blocks as documented below. Credential []CredentialInitParameters `json:"credential,omitempty" tf:"credential,omitempty"` + + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + // The object ID of the service principal for which this synchronization secret should be created + // +crossplane:generate:reference:type=github.com/upbound/provider-azuread/apis/serviceprincipals/v1beta1.Principal + ServicePrincipalID *string `json:"servicePrincipalId,omitempty" tf:"service_principal_id,omitempty"` + + // Reference to a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDRef *v1.Reference `json:"servicePrincipalIdRef,omitempty" tf:"-"` + + // Selector for a Principal in serviceprincipals to populate servicePrincipalId. + // +kubebuilder:validation:Optional + ServicePrincipalIDSelector *v1.Selector `json:"servicePrincipalIdSelector,omitempty" tf:"-"` } type SecretObservation struct { diff --git a/apis/users/v1beta1/zz_user_types.go b/apis/users/v1beta1/zz_user_types.go index c85a3c12..5f6d0d53 100755 --- a/apis/users/v1beta1/zz_user_types.go +++ b/apis/users/v1beta1/zz_user_types.go @@ -121,6 +121,7 @@ type UserInitParameters struct { // A list of additional email addresses for the user. // Additional email addresses for the user + // +listType=set OtherMails []*string `json:"otherMails,omitempty" tf:"other_mails,omitempty"` // The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. @@ -305,6 +306,7 @@ type UserObservation struct { // A list of additional email addresses for the user. // Additional email addresses for the user + // +listType=set OtherMails []*string `json:"otherMails,omitempty" tf:"other_mails,omitempty"` // The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. @@ -478,6 +480,7 @@ type UserParameters struct { // A list of additional email addresses for the user. // Additional email addresses for the user // +kubebuilder:validation:Optional + // +listType=set OtherMails []*string `json:"otherMails,omitempty" tf:"other_mails,omitempty"` // The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user. diff --git a/go.mod b/go.mod index 574cd8cb..2753c377 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( dario.cat/mergo v1.0.0 github.com/crossplane/crossplane-runtime v1.14.1 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 - github.com/crossplane/upjet v1.0.0 + github.com/crossplane/upjet v1.1.0-rc.0.0.20231227120826-4cb45f9104ac github.com/hashicorp/terraform-json v0.16.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20230727144955-0adfe586f500 diff --git a/go.sum b/go.sum index b6848ce7..4f3bfc84 100644 --- a/go.sum +++ b/go.sum @@ -113,8 +113,8 @@ github.com/crossplane/crossplane-runtime v1.14.1 h1:TCa7R1N4bDGHjsLhiRxR/mUhwmis github.com/crossplane/crossplane-runtime v1.14.1/go.mod h1:aOP+5W2wKpvthVs3pFNbVOe1jwrKYbJho0ThGNCVz9o= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= -github.com/crossplane/upjet v1.0.0 h1:/R509m+c5XTLsd9oXTEaLj2yIbM/EUmG34XOou1dugM= -github.com/crossplane/upjet v1.0.0/go.mod h1:t9etxIdYaxgyvFPBToikm5zBHi8RIpX8N4mTH77lQFM= +github.com/crossplane/upjet v1.1.0-rc.0.0.20231227120826-4cb45f9104ac h1:T1MTxsPAE/Cs0/EAGjeC29H9O/rO81yol2/5qGsf888= +github.com/crossplane/upjet v1.1.0-rc.0.0.20231227120826-4cb45f9104ac/go.mod h1:t9etxIdYaxgyvFPBToikm5zBHi8RIpX8N4mTH77lQFM= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/package/crds/administrativeunits.azuread.upbound.io_members.yaml b/package/crds/administrativeunits.azuread.upbound.io_members.yaml index 37c8bd6a..7146cfea 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_members.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_members.yaml @@ -162,6 +162,84 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + administrativeUnitObjectId: + description: The object ID of the administrative unit you want + to add the member to. Changing this forces a new resource to + be created. The object ID of the administrative unit + type: string + administrativeUnitObjectIdRef: + description: Reference to a Unit to populate administrativeUnitObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + administrativeUnitObjectIdSelector: + description: Selector for a Unit to populate administrativeUnitObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object memberObjectId: description: The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces diff --git a/package/crds/administrativeunits.azuread.upbound.io_units.yaml b/package/crds/administrativeunits.azuread.upbound.io_units.yaml index a1c45253..027ae90f 100644 --- a/package/crds/administrativeunits.azuread.upbound.io_units.yaml +++ b/package/crds/administrativeunits.azuread.upbound.io_units.yaml @@ -89,6 +89,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If `true`, will return an error if an existing administrative unit is found with the same name @@ -129,6 +130,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If `true`, will return an error if an existing administrative unit is found with the same name @@ -329,6 +331,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set objectId: description: The object ID of the administrative unit. The object ID of the administrative unit diff --git a/package/crds/app.azuread.upbound.io_roleassignments.yaml b/package/crds/app.azuread.upbound.io_roleassignments.yaml index ba2d9610..731afeab 100644 --- a/package/crds/app.azuread.upbound.io_roleassignments.yaml +++ b/package/crds/app.azuread.upbound.io_roleassignments.yaml @@ -253,6 +253,168 @@ spec: forces a new resource to be created. The ID of the app role to be assigned type: string + principalObjectId: + description: The object ID of the user, group or service principal + to be assigned this app role. Supported object types are Users, + Groups or Service Principals. Changing this forces a new resource + to be created. The object ID of the user, group or service principal + to be assigned this app role + type: string + principalObjectIdRef: + description: Reference to a Principal in serviceprincipals to + populate principalObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalObjectIdSelector: + description: Selector for a Principal in serviceprincipals to + populate principalObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + resourceObjectId: + description: The object ID of the service principal representing + the resource. Changing this forces a new resource to be created. + The object ID of the service principal representing the resource + type: string + resourceObjectIdRef: + description: Reference to a Principal in serviceprincipals to + populate resourceObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceObjectIdSelector: + description: Selector for a Principal in serviceprincipals to + populate resourceObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/applications.azuread.upbound.io_applications.yaml b/package/crds/applications.azuread.upbound.io_applications.yaml index f1574529..af103c98 100644 --- a/package/crds/applications.azuread.upbound.io_applications.yaml +++ b/package/crds/applications.azuread.upbound.io_applications.yaml @@ -80,6 +80,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set mappedClaimsEnabled: description: Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -183,6 +184,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: Description of the app role that appears when the role is being assigned and, if the role functions @@ -280,6 +282,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identifierUris: description: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified @@ -290,6 +293,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set logoImage: description: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg @@ -438,6 +442,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If true, will return an error if an existing application is found with the same name. Defaults to false. If `true`, will @@ -465,6 +470,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array requiredResourceAccess: @@ -526,6 +532,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array supportUrl: @@ -541,6 +548,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set templateId: description: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing @@ -595,6 +603,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -624,6 +633,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set mappedClaimsEnabled: description: Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -727,6 +737,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: Description of the app role that appears when the role is being assigned and, if the role functions @@ -824,6 +835,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set identifierUris: description: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified @@ -834,6 +846,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set logoImage: description: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg @@ -982,6 +995,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If true, will return an error if an existing application is found with the same name. Defaults to false. If `true`, will @@ -1009,6 +1023,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array requiredResourceAccess: @@ -1070,6 +1085,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array supportUrl: @@ -1085,6 +1101,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set templateId: description: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing @@ -1139,6 +1156,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object @@ -1326,6 +1344,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set mappedClaimsEnabled: description: Allows an application to use claims mapping without specifying a custom signing key. Defaults to false. @@ -1429,6 +1448,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: Description of the app role that appears when the role is being assigned and, if the role functions @@ -1468,6 +1488,7 @@ spec: to be useful when referencing app roles in other resources in your configuration. Mapping of app role names to UUIDs type: object + x-kubernetes-map-type: granular applicationId: description: The Application ID (also called Client ID). The Application ID (also called Client ID) @@ -1543,6 +1564,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set id: description: The unique identifier for an app role or OAuth2 permission scope published by the resource application. @@ -1557,6 +1579,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set logoImage: description: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg @@ -1585,6 +1608,7 @@ spec: scopes in other resources in your configuration. Mapping of OAuth2.0 permission scope names to UUIDs type: object + x-kubernetes-map-type: granular oauth2PostResponseRequired: description: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults @@ -1721,6 +1745,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If true, will return an error if an existing application is found with the same name. Defaults to false. If `true`, will @@ -1748,6 +1773,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array publisherDomain: @@ -1813,6 +1839,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array supportUrl: @@ -1828,6 +1855,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set templateId: description: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing @@ -1882,6 +1910,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array type: object diff --git a/package/crds/applications.azuread.upbound.io_certificates.yaml b/package/crds/applications.azuread.upbound.io_certificates.yaml index c4e83675..6e19b576 100644 --- a/package/crds/applications.azuread.upbound.io_certificates.yaml +++ b/package/crds/applications.azuread.upbound.io_certificates.yaml @@ -225,6 +225,85 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + applicationObjectId: + description: The object ID of the application for which this certificate + should be created. Changing this field forces a new resource + to be created. The object ID of the application for which this + certificate should be created + type: string + applicationObjectIdRef: + description: Reference to a Application to populate applicationObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationObjectIdSelector: + description: Selector for a Application to populate applicationObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object encoding: description: Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem. Specifies diff --git a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml index 9f4c0e51..64b9af16 100644 --- a/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml +++ b/package/crds/applications.azuread.upbound.io_federatedidentitycredentials.yaml @@ -195,6 +195,85 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + applicationObjectId: + description: The object ID of the application for which this federated + identity credential should be created. Changing this field forces + a new resource to be created. The object ID of the application + for which this federated identity credential should be created + type: string + applicationObjectIdRef: + description: Reference to a Application to populate applicationObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationObjectIdSelector: + description: Selector for a Application to populate applicationObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object audiences: description: List of audiences that can appear in the external token. This specifies what should be accepted in the aud claim diff --git a/package/crds/applications.azuread.upbound.io_passwords.yaml b/package/crds/applications.azuread.upbound.io_passwords.yaml index c7497d8c..5c1cd245 100644 --- a/package/crds/applications.azuread.upbound.io_passwords.yaml +++ b/package/crds/applications.azuread.upbound.io_passwords.yaml @@ -175,6 +175,7 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular startDate: description: The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). @@ -197,6 +198,85 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + applicationObjectId: + description: The object ID of the application for which this password + should be created. Changing this field forces a new resource + to be created. The object ID of the application for which this + password should be created + type: string + applicationObjectIdRef: + description: Reference to a Application to populate applicationObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationObjectIdSelector: + description: Selector for a Application to populate applicationObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object displayName: description: A display name for the password. Changing this field forces a new resource to be created. A display name for the @@ -227,6 +307,7 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular startDate: description: The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). @@ -444,6 +525,7 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular startDate: description: The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). diff --git a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml index 65d25ab8..1fe7f780 100644 --- a/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml +++ b/package/crds/applications.azuread.upbound.io_preauthorizeds.yaml @@ -228,6 +228,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object initProvider: description: THIS IS A BETA FIELD. It will be honored unless the Management @@ -241,6 +242,161 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + applicationObjectId: + description: The object ID of the application for which permissions + are being authorized. Changing this field forces a new resource + to be created. The object ID of the application to which this + pre-authorized application should be added + type: string + applicationObjectIdRef: + description: Reference to a Application to populate applicationObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationObjectIdSelector: + description: Selector for a Application to populate applicationObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + authorizedAppId: + description: The application ID of the pre-authorized application + type: string + authorizedAppIdRef: + description: Reference to a Application to populate authorizedAppId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + authorizedAppIdSelector: + description: Selector for a Application to populate authorizedAppId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object permissionIds: description: A set of permission scope IDs required by the authorized application. The IDs of the permission scopes required by the @@ -248,6 +404,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object managementPolicies: default: @@ -437,6 +594,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object conditions: description: Conditions of the resource. diff --git a/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml b/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml index c96583aa..74491c93 100644 --- a/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_customdirectoryroles.yaml @@ -92,6 +92,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array templateId: @@ -144,6 +145,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array templateId: @@ -372,6 +374,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: object type: array templateId: diff --git a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml index 85f8ad37..564288db 100644 --- a/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml +++ b/package/crds/directoryroles.azuread.upbound.io_roleassignments.yaml @@ -281,6 +281,164 @@ spec: description: Identifier of the directory object representing the scope of the assignment type: string + principalObjectId: + description: The object ID of the principal for you want to create + a role assignment. Supported object types are Users, Groups + or Service Principals. Changing this forces a new resource to + be created. The object ID of the member principal + type: string + principalObjectIdRef: + description: Reference to a User in users to populate principalObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalObjectIdSelector: + description: Selector for a User in users to populate principalObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + roleId: + description: The template ID (in the case of built-in roles) or + object ID (in the case of custom roles) of the directory role + you want to assign. Changing this forces a new resource to be + created. The object ID of the directory role for this assignment + type: string + roleIdRef: + description: Reference to a Role to populate roleId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + roleIdSelector: + description: Selector for a Role to populate roleId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/groups.azuread.upbound.io_groups.yaml b/package/crds/groups.azuread.upbound.io_groups.yaml index b6085839..1b129e0b 100644 --- a/package/crds/groups.azuread.upbound.io_groups.yaml +++ b/package/crds/groups.azuread.upbound.io_groups.yaml @@ -76,6 +76,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set assignableToRole: description: Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be @@ -100,6 +101,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: The description for the group. The description for the group @@ -175,6 +177,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set onpremisesGroupType: description: The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are @@ -191,6 +194,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If true, will return an error if an existing group is found with the same name. Defaults to false. If `true`, will @@ -205,6 +209,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityEnabled: description: Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled @@ -232,6 +237,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set visibility: description: The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only @@ -270,6 +276,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set assignableToRole: description: Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be @@ -294,6 +301,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: The description for the group. The description for the group @@ -369,6 +377,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set onpremisesGroupType: description: The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are @@ -385,6 +394,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preventDuplicateNames: description: If true, will return an error if an existing group is found with the same name. Defaults to false. If `true`, will @@ -399,6 +409,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityEnabled: description: Whether the group is a security group for controlling access to in-app resources. At least one of security_enabled @@ -426,6 +437,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set visibility: description: The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only @@ -622,6 +634,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set assignableToRole: description: Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to false. Can only be @@ -646,6 +659,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set description: description: The description for the group. The description for the group @@ -727,6 +741,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set objectId: description: The object ID of the group. The object ID of the group @@ -778,6 +793,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preferredLanguage: description: The preferred language for a Microsoft 365 group, in ISO 639-1 notation. The preferred language for a Microsoft @@ -797,6 +813,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set proxyAddresses: description: List of email addresses for the group that direct to the same group mailbox. Email addresses for the group that @@ -831,6 +848,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set visibility: description: The group join policy and group content visibility. Possible values are Private, Public, or Hiddenmembership. Only diff --git a/package/crds/groups.azuread.upbound.io_members.yaml b/package/crds/groups.azuread.upbound.io_members.yaml index 3fccf489..c9f68551 100644 --- a/package/crds/groups.azuread.upbound.io_members.yaml +++ b/package/crds/groups.azuread.upbound.io_members.yaml @@ -237,6 +237,166 @@ spec: on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler. + properties: + groupObjectId: + description: The object ID of the group you want to add the member + to. Changing this forces a new resource to be created. The object + ID of the group you want to add the member to + type: string + groupObjectIdRef: + description: Reference to a Group to populate groupObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + groupObjectIdSelector: + description: Selector for a Group to populate groupObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + memberObjectId: + description: The object ID of the principal you want to add as + a member to the group. Supported object types are Users, Groups + or Service Principals. Changing this forces a new resource to + be created. The object ID of the principal you want to add as + a member to the group. Supported object types are Users, Groups + or Service Principals + type: string + memberObjectIdRef: + description: Reference to a User in users to populate memberObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + memberObjectIdSelector: + description: Selector for a User in users to populate memberObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml b/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml index c94c23ba..4cddfd27 100644 --- a/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml +++ b/package/crds/serviceprincipaldelegated.azuread.upbound.io_permissiongrants.yaml @@ -74,6 +74,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set resourceServicePrincipalObjectId: description: The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource @@ -339,6 +340,251 @@ spec: items: type: string type: array + x-kubernetes-list-type: set + resourceServicePrincipalObjectId: + description: The object ID of the service principal representing + the resource to be accessed. Changing this forces a new resource + to be created. The object ID of the service principal representing + the resource to be accessed + type: string + resourceServicePrincipalObjectIdRef: + description: Reference to a Principal in serviceprincipals to + populate resourceServicePrincipalObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceServicePrincipalObjectIdSelector: + description: Selector for a Principal in serviceprincipals to + populate resourceServicePrincipalObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePrincipalObjectId: + description: The object ID of the service principal for which + this delegated permission grant should be created. Changing + this forces a new resource to be created. The object ID of the + service principal for which this delegated permission grant + should be created + type: string + servicePrincipalObjectIdRef: + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalObjectIdSelector: + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + userObjectId: + description: '- The object ID of the user on behalf of whom the + service principal is authorized to access the resource. When + omitted, the delegated permission grant will be consented for + all users. Changing this forces a new resource to be created. + The object ID of the user on behalf of whom the service principal + is authorized to access the resource' + type: string + userObjectIdRef: + description: Reference to a User in users to populate userObjectId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + userObjectIdSelector: + description: Selector for a User in users to populate userObjectId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: @@ -518,6 +764,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set id: description: The ID of the delegated permission grant. type: string diff --git a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml index 15437347..e55e297c 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_certificates.yaml @@ -250,6 +250,85 @@ spec: to uniquely identify this certificate. If not specified a UUID will be automatically generated type: string + servicePrincipalId: + description: The object ID of the service principal for which + this certificate should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this certificate should be created + type: string + servicePrincipalIdRef: + description: Reference to a Principal to populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal to populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object startDate: description: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). diff --git a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml index 59d9dea4..93f2ee78 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_claimsmappingpolicyassignments.yaml @@ -237,6 +237,164 @@ spec: on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler. + properties: + claimsMappingPolicyId: + description: The ID of the claims mapping policy to assign. ID + of the claims mapping policy to assign + type: string + claimsMappingPolicyIdRef: + description: Reference to a ClaimsMappingPolicy in policies to + populate claimsMappingPolicyId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + claimsMappingPolicyIdSelector: + description: Selector for a ClaimsMappingPolicy in policies to + populate claimsMappingPolicyId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePrincipalId: + description: The object ID of the service principal for the policy + assignment. Object ID of the service principal for which to + assign the policy + type: string + servicePrincipalIdRef: + description: Reference to a Principal to populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal to populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml index 57e126b4..7d5fa101 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_passwords.yaml @@ -95,6 +95,7 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular servicePrincipalId: description: The object ID of the service principal for which this password should be created. Changing this field forces @@ -225,6 +226,86 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular + servicePrincipalId: + description: The object ID of the service principal for which + this password should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this password should be created + type: string + servicePrincipalIdRef: + description: Reference to a Principal to populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal to populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object startDate: description: The start date from which the password is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). @@ -435,6 +516,7 @@ spec: map of values that, when changed, will trigger rotation of the password type: object + x-kubernetes-map-type: granular servicePrincipalId: description: The object ID of the service principal for which this password should be created. Changing this field forces diff --git a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml index 36ca190f..1a25bf21 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_principals.yaml @@ -80,6 +80,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set appRoleAssignmentRequired: description: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user @@ -236,6 +237,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set owners: description: A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are @@ -245,6 +247,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preferredSingleSignOnMode: description: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the @@ -277,6 +280,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set useExisting: description: When true, any existing service principal linked to the same application will be automatically imported. When @@ -311,6 +315,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set appRoleAssignmentRequired: description: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user @@ -319,6 +324,87 @@ spec: user or group before Azure AD will issue a user or access token to the application type: boolean + applicationId: + description: The application ID (client ID) of the application + for which to create a service principal. The application ID + (client ID) of the application for which to create a service + principal + type: string + applicationIdRef: + description: Reference to a Application in applications to populate + applicationId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + applicationIdSelector: + description: Selector for a Application in applications to populate + applicationId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object description: description: A description of the service principal provided for internal end-users. Description of the service principal provided @@ -386,6 +472,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set owners: description: A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are @@ -395,6 +482,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preferredSingleSignOnMode: description: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the @@ -427,6 +515,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set useExisting: description: When true, any existing service principal linked to the same application will be automatically imported. When @@ -614,6 +703,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set appRoleAssignmentRequired: description: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user @@ -630,6 +720,7 @@ spec: when referencing app roles in other resources in your configuration. Mapping of app role names to UUIDs type: object + x-kubernetes-map-type: granular appRoles: description: A list of app roles published by the associated application, as documented below. For more information official documentation. @@ -762,6 +853,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set oauth2PermissionScopeIds: additionalProperties: type: string @@ -771,6 +863,7 @@ spec: in your configuration. Mapping of OAuth2.0 permission scope names to UUIDs type: object + x-kubernetes-map-type: granular oauth2PermissionScopes: description: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below. @@ -827,6 +920,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set preferredSingleSignOnMode: description: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the @@ -889,6 +983,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set type: description: Identifies whether the service principal represents an application or a managed identity. Possible values include diff --git a/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml b/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml index 8f63839e..b8cc9fe5 100644 --- a/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml +++ b/package/crds/serviceprincipals.azuread.upbound.io_tokensigningcertificates.yaml @@ -188,6 +188,87 @@ spec: an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Default is 3 years from current date. type: string + servicePrincipalId: + description: The object ID of the service principal for which + this certificate should be created. Changing this field forces + a new resource to be created. The object ID of the service principal + for which this certificate should be created + type: string + servicePrincipalIdRef: + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/synchronization.azuread.upbound.io_jobs.yaml b/package/crds/synchronization.azuread.upbound.io_jobs.yaml index c347c3b9..368a4b35 100644 --- a/package/crds/synchronization.azuread.upbound.io_jobs.yaml +++ b/package/crds/synchronization.azuread.upbound.io_jobs.yaml @@ -173,6 +173,87 @@ spec: description: Whether or not the provisioning job is enabled. Default state is true. Whether or not the synchronization job is enabled type: boolean + servicePrincipalId: + description: The object ID of the service principal for which + this synchronization job should be created. Changing this field + forces a new resource to be created. The object ID of the service + principal for which this synchronization job should be created + type: string + servicePrincipalIdRef: + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object templateId: description: Identifier of the synchronization template this job is based on. Identifier of the synchronization template this diff --git a/package/crds/synchronization.azuread.upbound.io_secrets.yaml b/package/crds/synchronization.azuread.upbound.io_secrets.yaml index 14fa3d23..8d296120 100644 --- a/package/crds/synchronization.azuread.upbound.io_secrets.yaml +++ b/package/crds/synchronization.azuread.upbound.io_secrets.yaml @@ -201,6 +201,88 @@ spec: type: string type: object type: array + servicePrincipalId: + description: The object ID of the service principal for which + this synchronization secrets should be stored. Changing this + field forces a new resource to be created. The object ID of + the service principal for which this synchronization secret + should be created + type: string + servicePrincipalIdRef: + description: Reference to a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePrincipalIdSelector: + description: Selector for a Principal in serviceprincipals to + populate servicePrincipalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: diff --git a/package/crds/users.azuread.upbound.io_users.yaml b/package/crds/users.azuread.upbound.io_users.yaml index aa7cc9a0..be0c8d86 100644 --- a/package/crds/users.azuread.upbound.io_users.yaml +++ b/package/crds/users.azuread.upbound.io_users.yaml @@ -200,6 +200,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set passwordSecretRef: description: The password for the user. The password must satisfy minimum requirements as specified by the password policy. The @@ -415,6 +416,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set postalCode: description: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the @@ -834,6 +836,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set postalCode: description: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the