PyPI - pulumi-azuread - Versions diffs - 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl - Mend

pulumi-azuread 5.48.0a1706744699py3-none-any.whl → 6.8.0a1766208344py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-azuread might be problematic. Click here for more details.

Files changed (87) hide show

pulumi_azuread/__init__.py +48 -1
pulumi_azuread/_inputs.py +3803 -919
pulumi_azuread/_utilities.py +52 -12
pulumi_azuread/access_package.py +84 -78
pulumi_azuread/access_package_assignment_policy.py +202 -196
pulumi_azuread/access_package_catalog.py +82 -76
pulumi_azuread/access_package_catalog_role_assignment.py +73 -67
pulumi_azuread/access_package_resource_catalog_association.py +73 -67
pulumi_azuread/access_package_resource_package_association.py +79 -73
pulumi_azuread/administrative_unit.py +120 -100
pulumi_azuread/administrative_unit_member.py +66 -50
pulumi_azuread/administrative_unit_role_member.py +75 -69
pulumi_azuread/app_role_assignment.py +164 -264
pulumi_azuread/application.py +766 -692
pulumi_azuread/application_api_access.py +84 -80
pulumi_azuread/application_app_role.py +120 -116
pulumi_azuread/application_certificate.py +349 -211
pulumi_azuread/application_fallback_public_client.py +50 -44
pulumi_azuread/application_federated_identity_credential.py +142 -197
pulumi_azuread/application_from_template.py +90 -84
pulumi_azuread/application_identifier_uri.py +56 -52
pulumi_azuread/application_known_clients.py +50 -44
pulumi_azuread/application_optional_claims.py +87 -81
pulumi_azuread/application_owner.py +76 -42
pulumi_azuread/application_password.py +159 -205
pulumi_azuread/application_permission_scope.py +160 -156
pulumi_azuread/application_pre_authorized.py +120 -236
pulumi_azuread/application_redirect_uris.py +75 -69
pulumi_azuread/application_registration.py +315 -309
pulumi_azuread/authentication_strength_policy.py +73 -67
pulumi_azuread/claims_mapping_policy.py +48 -42
pulumi_azuread/conditional_access_policy.py +248 -232
pulumi_azuread/config/__init__.py +2 -1
pulumi_azuread/config/__init__.pyi +23 -17
pulumi_azuread/config/vars.py +47 -37
pulumi_azuread/custom_directory_role.py +128 -122
pulumi_azuread/directory_role.py +60 -54
pulumi_azuread/directory_role_assignment.py +194 -181
pulumi_azuread/directory_role_eligibility_schedule_request.py +86 -80
pulumi_azuread/directory_role_member.py +54 -48
pulumi_azuread/get_access_package.py +45 -31
pulumi_azuread/get_access_package_catalog.py +40 -27
pulumi_azuread/get_access_package_catalog_role.py +39 -25
pulumi_azuread/get_administrative_unit.py +42 -27
pulumi_azuread/get_application.py +135 -94
pulumi_azuread/get_application_published_app_ids.py +42 -47
pulumi_azuread/get_application_template.py +49 -33
pulumi_azuread/get_client_config.py +24 -15
pulumi_azuread/get_directory_object.py +32 -21
pulumi_azuread/get_directory_role_templates.py +20 -12
pulumi_azuread/get_directory_roles.py +23 -14
pulumi_azuread/get_domains.py +65 -46
pulumi_azuread/get_group.py +147 -88
pulumi_azuread/get_group_role_management_policy.py +178 -0
pulumi_azuread/get_groups.py +71 -51
pulumi_azuread/get_named_location.py +47 -22
pulumi_azuread/get_service_principal.py +108 -90
pulumi_azuread/get_service_principals.py +60 -64
pulumi_azuread/get_user.py +186 -118
pulumi_azuread/get_users.py +96 -53
pulumi_azuread/group.py +622 -464
pulumi_azuread/group_member.py +56 -50
pulumi_azuread/group_role_management_policy.py +544 -0
pulumi_azuread/group_without_members.py +1610 -0
pulumi_azuread/invitation.py +126 -120
pulumi_azuread/named_location.py +90 -76
pulumi_azuread/outputs.py +2844 -1308
pulumi_azuread/privileged_access_group_assignment_schedule.py +695 -0
pulumi_azuread/privileged_access_group_eligibility_schedule.py +695 -0
pulumi_azuread/provider.py +292 -246
pulumi_azuread/pulumi-plugin.json +2 -1
pulumi_azuread/service_principal.py +400 -461
pulumi_azuread/service_principal_certificate.py +230 -145
pulumi_azuread/service_principal_claims_mapping_policy_assignment.py +53 -47
pulumi_azuread/service_principal_delegated_permission_grant.py +146 -140
pulumi_azuread/service_principal_password.py +156 -141
pulumi_azuread/service_principal_token_signing_certificate.py +119 -124
pulumi_azuread/synchronization_job.py +105 -111
pulumi_azuread/synchronization_job_provision_on_demand.py +396 -0
pulumi_azuread/synchronization_secret.py +64 -70
pulumi_azuread/user.py +776 -730
pulumi_azuread/user_flow_attribute.py +76 -70
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/METADATA +21 -20
pulumi_azuread-6.8.0a1766208344.dist-info/RECORD +87 -0
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/WHEEL +1 -1
pulumi_azuread-5.48.0a1706744699.dist-info/RECORD +0 -81
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/top_level.txt +0 -0

pulumi_azuread/conditional_access_policy.py CHANGED Viewed

@@ -1,12 +1,17 @@
 # coding=utf-8
-# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
-import copy
+import builtins as _builtins
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
 from ._inputs import *
@@ -17,15 +22,15 @@ __all__ = ['ConditionalAccessPolicyArgs', 'ConditionalAccessPolicy']
 class ConditionalAccessPolicyArgs:
     def __init__(__self__, *,
                  conditions: pulumi.Input['ConditionalAccessPolicyConditionsArgs'],
-                 display_name: pulumi.Input[str],
-                 state: pulumi.Input[str],
+                 display_name: pulumi.Input[_builtins.str],
+                 state: pulumi.Input[_builtins.str],
                  grant_controls: Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']] = None,
                  session_controls: Optional[pulumi.Input['ConditionalAccessPolicySessionControlsArgs']] = None):
         """
         The set of arguments for constructing a ConditionalAccessPolicy resource.
         :param pulumi.Input['ConditionalAccessPolicyConditionsArgs'] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
-        :param pulumi.Input[str] display_name: The friendly name for this Conditional Access Policy.
-        :param pulumi.Input[str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
+        :param pulumi.Input[_builtins.str] display_name: The friendly name for this Conditional Access Policy.
+        :param pulumi.Input[_builtins.str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         :param pulumi.Input['ConditionalAccessPolicyGrantControlsArgs'] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
         :param pulumi.Input['ConditionalAccessPolicySessionControlsArgs'] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
@@ -39,7 +44,7 @@ class ConditionalAccessPolicyArgs:
         if session_controls is not None:
             pulumi.set(__self__, "session_controls", session_controls)
-    @property
+    @_builtins.property
     @pulumi.getter
     def conditions(self) -> pulumi.Input['ConditionalAccessPolicyConditionsArgs']:
         """
@@ -51,31 +56,31 @@ class ConditionalAccessPolicyArgs:
     def conditions(self, value: pulumi.Input['ConditionalAccessPolicyConditionsArgs']):
         pulumi.set(self, "conditions", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Input[str]:
+    def display_name(self) -> pulumi.Input[_builtins.str]:
         """
         The friendly name for this Conditional Access Policy.
         """
         return pulumi.get(self, "display_name")
     @display_name.setter
-    def display_name(self, value: pulumi.Input[str]):
+    def display_name(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "display_name", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def state(self) -> pulumi.Input[str]:
+    def state(self) -> pulumi.Input[_builtins.str]:
         """
         Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """
         return pulumi.get(self, "state")
     @state.setter
-    def state(self, value: pulumi.Input[str]):
+    def state(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "state", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantControls")
     def grant_controls(self) -> Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']]:
         """
@@ -87,7 +92,7 @@ class ConditionalAccessPolicyArgs:
     def grant_controls(self, value: Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']]):
         pulumi.set(self, "grant_controls", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="sessionControls")
     def session_controls(self) -> Optional[pulumi.Input['ConditionalAccessPolicySessionControlsArgs']]:
         """
@@ -106,19 +111,21 @@ class ConditionalAccessPolicyArgs:
 class _ConditionalAccessPolicyState:
     def __init__(__self__, *,
                  conditions: Optional[pulumi.Input['ConditionalAccessPolicyConditionsArgs']] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
                  grant_controls: Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']] = None,
+                 object_id: Optional[pulumi.Input[_builtins.str]] = None,
                  session_controls: Optional[pulumi.Input['ConditionalAccessPolicySessionControlsArgs']] = None,
-                 state: Optional[pulumi.Input[str]] = None):
+                 state: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering ConditionalAccessPolicy resources.
         :param pulumi.Input['ConditionalAccessPolicyConditionsArgs'] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
-        :param pulumi.Input[str] display_name: The friendly name for this Conditional Access Policy.
+        :param pulumi.Input[_builtins.str] display_name: The friendly name for this Conditional Access Policy.
         :param pulumi.Input['ConditionalAccessPolicyGrantControlsArgs'] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
+        :param pulumi.Input[_builtins.str] object_id: The object ID of the policy
         :param pulumi.Input['ConditionalAccessPolicySessionControlsArgs'] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
                > Note: At least one of `grant_controls` and/or `session_controls` blocks must be specified.
-        :param pulumi.Input[str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
+        :param pulumi.Input[_builtins.str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """
         if conditions is not None:
             pulumi.set(__self__, "conditions", conditions)
@@ -126,12 +133,14 @@ class _ConditionalAccessPolicyState:
             pulumi.set(__self__, "display_name", display_name)
         if grant_controls is not None:
             pulumi.set(__self__, "grant_controls", grant_controls)
+        if object_id is not None:
+            pulumi.set(__self__, "object_id", object_id)
         if session_controls is not None:
             pulumi.set(__self__, "session_controls", session_controls)
         if state is not None:
             pulumi.set(__self__, "state", state)
-    @property
+    @_builtins.property
     @pulumi.getter
     def conditions(self) -> Optional[pulumi.Input['ConditionalAccessPolicyConditionsArgs']]:
         """
@@ -143,19 +152,19 @@ class _ConditionalAccessPolicyState:
     def conditions(self, value: Optional[pulumi.Input['ConditionalAccessPolicyConditionsArgs']]):
         pulumi.set(self, "conditions", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> Optional[pulumi.Input[str]]:
+    def display_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The friendly name for this Conditional Access Policy.
         """
         return pulumi.get(self, "display_name")
     @display_name.setter
-    def display_name(self, value: Optional[pulumi.Input[str]]):
+    def display_name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "display_name", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantControls")
     def grant_controls(self) -> Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']]:
         """
@@ -167,7 +176,19 @@ class _ConditionalAccessPolicyState:
     def grant_controls(self, value: Optional[pulumi.Input['ConditionalAccessPolicyGrantControlsArgs']]):
         pulumi.set(self, "grant_controls", value)
-    @property
+    @_builtins.property
+    @pulumi.getter(name="objectId")
+    def object_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The object ID of the policy
+        """
+        return pulumi.get(self, "object_id")
+    @object_id.setter
+    def object_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "object_id", value)
+    @_builtins.property
     @pulumi.getter(name="sessionControls")
     def session_controls(self) -> Optional[pulumi.Input['ConditionalAccessPolicySessionControlsArgs']]:
         """
@@ -181,44 +202,34 @@ class _ConditionalAccessPolicyState:
     def session_controls(self, value: Optional[pulumi.Input['ConditionalAccessPolicySessionControlsArgs']]):
         pulumi.set(self, "session_controls", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def state(self) -> Optional[pulumi.Input[str]]:
+    def state(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """
         return pulumi.get(self, "state")
     @state.setter
-    def state(self, value: Optional[pulumi.Input[str]]):
+    def state(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "state", value)
+@pulumi.type_token("azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy")
 class ConditionalAccessPolicy(pulumi.CustomResource):
     @overload
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 conditions: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyConditionsArgs']]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
-                 grant_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyGrantControlsArgs']]] = None,
-                 session_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicySessionControlsArgs']]] = None,
-                 state: Optional[pulumi.Input[str]] = None,
+                 conditions: Optional[pulumi.Input[Union['ConditionalAccessPolicyConditionsArgs', 'ConditionalAccessPolicyConditionsArgsDict']]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 grant_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicyGrantControlsArgs', 'ConditionalAccessPolicyGrantControlsArgsDict']]] = None,
+                 session_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicySessionControlsArgs', 'ConditionalAccessPolicySessionControlsArgsDict']]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
-        Manages a Conditional Access Policy within Azure Active Directory.
-        > **Licensing Requirements** Specifying `client_applications` property requires the activation of Microsoft Entra on your tenant and the availability of sufficient Workload Identities Premium licences (one per service principal managed by a conditional access).
-        ## API Permissions
-        The following API permissions are required in order to use this resource.
-        When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`
-        When authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`
         ## Example Usage
         ### All users except guests or external users
         ```python
@@ -226,47 +237,48 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         import pulumi_azuread as azuread
         example = azuread.ConditionalAccessPolicy("example",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    excluded_applications=[],
-                    included_applications=["All"],
-                ),
-                client_app_types=["all"],
-                devices=azuread.ConditionalAccessPolicyConditionsDevicesArgs(
-                    filter=azuread.ConditionalAccessPolicyConditionsDevicesFilterArgs(
-                        mode="exclude",
-                        rule="device.operatingSystem eq \\"Doors\\"",
-                    ),
-                ),
-                locations=azuread.ConditionalAccessPolicyConditionsLocationsArgs(
-                    excluded_locations=["AllTrusted"],
-                    included_locations=["All"],
-                ),
-                platforms=azuread.ConditionalAccessPolicyConditionsPlatformsArgs(
-                    excluded_platforms=["iOS"],
-                    included_platforms=["android"],
-                ),
-                sign_in_risk_levels=["medium"],
-                user_risk_levels=["medium"],
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    excluded_users=["GuestsOrExternalUsers"],
-                    included_users=["All"],
-                ),
-            ),
             display_name="example policy",
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                built_in_controls=["mfa"],
-                operator="OR",
-            ),
-            session_controls=azuread.ConditionalAccessPolicySessionControlsArgs(
-                application_enforced_restrictions_enabled=True,
-                cloud_app_security_policy="monitorOnly",
-                disable_resilience_defaults=False,
-                sign_in_frequency=10,
-                sign_in_frequency_period="hours",
-            ),
-            state="disabled")
+            state="disabled",
+            conditions={
+                "client_app_types": ["all"],
+                "sign_in_risk_levels": ["medium"],
+                "user_risk_levels": ["medium"],
+                "applications": {
+                    "included_applications": ["All"],
+                    "excluded_applications": [],
+                },
+                "devices": {
+                    "filter": {
+                        "mode": "exclude",
+                        "rule": "device.operatingSystem eq \\"Doors\\"",
+                    },
+                },
+                "locations": {
+                    "included_locations": ["All"],
+                    "excluded_locations": ["AllTrusted"],
+                },
+                "platforms": {
+                    "included_platforms": ["android"],
+                    "excluded_platforms": ["iOS"],
+                },
+                "users": {
+                    "included_users": ["All"],
+                    "excluded_users": ["GuestsOrExternalUsers"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["mfa"],
+            },
+            session_controls={
+                "application_enforced_restrictions_enabled": True,
+                "disable_resilience_defaults": False,
+                "sign_in_frequency": 10,
+                "sign_in_frequency_period": "hours",
+                "cloud_app_security_policy": "monitorOnly",
+            })
         ```
         ### Included client applications / service principals
         ```python
@@ -277,24 +289,25 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         example = azuread.ConditionalAccessPolicy("example",
             display_name="example policy",
             state="disabled",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                client_app_types=["all"],
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    included_applications=["All"],
-                ),
-                client_applications=azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs(
-                    included_service_principals=[current.object_id],
-                    excluded_service_principals=[],
-                ),
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    included_users=["None"],
-                ),
-            ),
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                operator="OR",
-                built_in_controls=["block"],
-            ))
+            conditions={
+                "client_app_types": ["all"],
+                "applications": {
+                    "included_applications": ["All"],
+                },
+                "client_applications": {
+                    "included_service_principals": [current.object_id],
+                    "excluded_service_principals": [],
+                },
+                "users": {
+                    "included_users": ["None"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["block"],
+            })
         ```
         ### Excluded client applications / service principals
         ```python
@@ -305,23 +318,23 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         example = azuread.ConditionalAccessPolicy("example",
             display_name="example policy",
             state="disabled",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                client_app_types=["all"],
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    included_applications=["All"],
-                ),
-                client_applications=azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs(
-                    included_service_principals=["ServicePrincipalsInMyTenant"],
-                    excluded_service_principals=[current.object_id],
-                ),
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    included_users=["None"],
-                ),
-            ),
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                operator="OR",
-                built_in_controls=["block"],
-            ))
+            conditions={
+                "client_app_types": ["all"],
+                "applications": {
+                    "included_applications": ["All"],
+                },
+                "client_applications": {
+                    "included_service_principals": ["ServicePrincipalsInMyTenant"],
+                    "excluded_service_principals": [current.object_id],
+                },
+                "users": {
+                    "included_users": ["None"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["block"],
+            })
         ```
         ## Import
@@ -329,18 +342,18 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         Conditional Access Policies can be imported using the `id`, e.g.
         ```sh
-         $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000
         ```
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicyConditionsArgs']] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
-        :param pulumi.Input[str] display_name: The friendly name for this Conditional Access Policy.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicyGrantControlsArgs']] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicySessionControlsArgs']] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
+        :param pulumi.Input[Union['ConditionalAccessPolicyConditionsArgs', 'ConditionalAccessPolicyConditionsArgsDict']] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
+        :param pulumi.Input[_builtins.str] display_name: The friendly name for this Conditional Access Policy.
+        :param pulumi.Input[Union['ConditionalAccessPolicyGrantControlsArgs', 'ConditionalAccessPolicyGrantControlsArgsDict']] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
+        :param pulumi.Input[Union['ConditionalAccessPolicySessionControlsArgs', 'ConditionalAccessPolicySessionControlsArgsDict']] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
                > Note: At least one of `grant_controls` and/or `session_controls` blocks must be specified.
-        :param pulumi.Input[str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
+        :param pulumi.Input[_builtins.str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """
         ...
     @overload
@@ -349,19 +362,8 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
                  args: ConditionalAccessPolicyArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Manages a Conditional Access Policy within Azure Active Directory.
-        > **Licensing Requirements** Specifying `client_applications` property requires the activation of Microsoft Entra on your tenant and the availability of sufficient Workload Identities Premium licences (one per service principal managed by a conditional access).
-        ## API Permissions
-        The following API permissions are required in order to use this resource.
-        When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`
-        When authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`
         ## Example Usage
         ### All users except guests or external users
         ```python
@@ -369,47 +371,48 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         import pulumi_azuread as azuread
         example = azuread.ConditionalAccessPolicy("example",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    excluded_applications=[],
-                    included_applications=["All"],
-                ),
-                client_app_types=["all"],
-                devices=azuread.ConditionalAccessPolicyConditionsDevicesArgs(
-                    filter=azuread.ConditionalAccessPolicyConditionsDevicesFilterArgs(
-                        mode="exclude",
-                        rule="device.operatingSystem eq \\"Doors\\"",
-                    ),
-                ),
-                locations=azuread.ConditionalAccessPolicyConditionsLocationsArgs(
-                    excluded_locations=["AllTrusted"],
-                    included_locations=["All"],
-                ),
-                platforms=azuread.ConditionalAccessPolicyConditionsPlatformsArgs(
-                    excluded_platforms=["iOS"],
-                    included_platforms=["android"],
-                ),
-                sign_in_risk_levels=["medium"],
-                user_risk_levels=["medium"],
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    excluded_users=["GuestsOrExternalUsers"],
-                    included_users=["All"],
-                ),
-            ),
             display_name="example policy",
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                built_in_controls=["mfa"],
-                operator="OR",
-            ),
-            session_controls=azuread.ConditionalAccessPolicySessionControlsArgs(
-                application_enforced_restrictions_enabled=True,
-                cloud_app_security_policy="monitorOnly",
-                disable_resilience_defaults=False,
-                sign_in_frequency=10,
-                sign_in_frequency_period="hours",
-            ),
-            state="disabled")
+            state="disabled",
+            conditions={
+                "client_app_types": ["all"],
+                "sign_in_risk_levels": ["medium"],
+                "user_risk_levels": ["medium"],
+                "applications": {
+                    "included_applications": ["All"],
+                    "excluded_applications": [],
+                },
+                "devices": {
+                    "filter": {
+                        "mode": "exclude",
+                        "rule": "device.operatingSystem eq \\"Doors\\"",
+                    },
+                },
+                "locations": {
+                    "included_locations": ["All"],
+                    "excluded_locations": ["AllTrusted"],
+                },
+                "platforms": {
+                    "included_platforms": ["android"],
+                    "excluded_platforms": ["iOS"],
+                },
+                "users": {
+                    "included_users": ["All"],
+                    "excluded_users": ["GuestsOrExternalUsers"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["mfa"],
+            },
+            session_controls={
+                "application_enforced_restrictions_enabled": True,
+                "disable_resilience_defaults": False,
+                "sign_in_frequency": 10,
+                "sign_in_frequency_period": "hours",
+                "cloud_app_security_policy": "monitorOnly",
+            })
         ```
         ### Included client applications / service principals
         ```python
@@ -420,24 +423,25 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         example = azuread.ConditionalAccessPolicy("example",
             display_name="example policy",
             state="disabled",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                client_app_types=["all"],
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    included_applications=["All"],
-                ),
-                client_applications=azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs(
-                    included_service_principals=[current.object_id],
-                    excluded_service_principals=[],
-                ),
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    included_users=["None"],
-                ),
-            ),
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                operator="OR",
-                built_in_controls=["block"],
-            ))
+            conditions={
+                "client_app_types": ["all"],
+                "applications": {
+                    "included_applications": ["All"],
+                },
+                "client_applications": {
+                    "included_service_principals": [current.object_id],
+                    "excluded_service_principals": [],
+                },
+                "users": {
+                    "included_users": ["None"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["block"],
+            })
         ```
         ### Excluded client applications / service principals
         ```python
@@ -448,23 +452,23 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         example = azuread.ConditionalAccessPolicy("example",
             display_name="example policy",
             state="disabled",
-            conditions=azuread.ConditionalAccessPolicyConditionsArgs(
-                client_app_types=["all"],
-                applications=azuread.ConditionalAccessPolicyConditionsApplicationsArgs(
-                    included_applications=["All"],
-                ),
-                client_applications=azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs(
-                    included_service_principals=["ServicePrincipalsInMyTenant"],
-                    excluded_service_principals=[current.object_id],
-                ),
-                users=azuread.ConditionalAccessPolicyConditionsUsersArgs(
-                    included_users=["None"],
-                ),
-            ),
-            grant_controls=azuread.ConditionalAccessPolicyGrantControlsArgs(
-                operator="OR",
-                built_in_controls=["block"],
-            ))
+            conditions={
+                "client_app_types": ["all"],
+                "applications": {
+                    "included_applications": ["All"],
+                },
+                "client_applications": {
+                    "included_service_principals": ["ServicePrincipalsInMyTenant"],
+                    "excluded_service_principals": [current.object_id],
+                },
+                "users": {
+                    "included_users": ["None"],
+                },
+            },
+            grant_controls={
+                "operator": "OR",
+                "built_in_controls": ["block"],
+            })
         ```
         ## Import
@@ -472,7 +476,7 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         Conditional Access Policies can be imported using the `id`, e.g.
         ```sh
-         $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location 00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000
         ```
         :param str resource_name: The name of the resource.
@@ -490,11 +494,11 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 conditions: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyConditionsArgs']]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
-                 grant_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyGrantControlsArgs']]] = None,
-                 session_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicySessionControlsArgs']]] = None,
-                 state: Optional[pulumi.Input[str]] = None,
+                 conditions: Optional[pulumi.Input[Union['ConditionalAccessPolicyConditionsArgs', 'ConditionalAccessPolicyConditionsArgsDict']]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 grant_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicyGrantControlsArgs', 'ConditionalAccessPolicyGrantControlsArgsDict']]] = None,
+                 session_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicySessionControlsArgs', 'ConditionalAccessPolicySessionControlsArgsDict']]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -515,6 +519,7 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
             if state is None and not opts.urn:
                 raise TypeError("Missing required property 'state'")
             __props__.__dict__["state"] = state
+            __props__.__dict__["object_id"] = None
         super(ConditionalAccessPolicy, __self__).__init__(
             'azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy',
             resource_name,
@@ -525,11 +530,12 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            conditions: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyConditionsArgs']]] = None,
-            display_name: Optional[pulumi.Input[str]] = None,
-            grant_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicyGrantControlsArgs']]] = None,
-            session_controls: Optional[pulumi.Input[pulumi.InputType['ConditionalAccessPolicySessionControlsArgs']]] = None,
-            state: Optional[pulumi.Input[str]] = None) -> 'ConditionalAccessPolicy':
+            conditions: Optional[pulumi.Input[Union['ConditionalAccessPolicyConditionsArgs', 'ConditionalAccessPolicyConditionsArgsDict']]] = None,
+            display_name: Optional[pulumi.Input[_builtins.str]] = None,
+            grant_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicyGrantControlsArgs', 'ConditionalAccessPolicyGrantControlsArgsDict']]] = None,
+            object_id: Optional[pulumi.Input[_builtins.str]] = None,
+            session_controls: Optional[pulumi.Input[Union['ConditionalAccessPolicySessionControlsArgs', 'ConditionalAccessPolicySessionControlsArgsDict']]] = None,
+            state: Optional[pulumi.Input[_builtins.str]] = None) -> 'ConditionalAccessPolicy':
         """
         Get an existing ConditionalAccessPolicy resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -537,13 +543,14 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicyConditionsArgs']] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
-        :param pulumi.Input[str] display_name: The friendly name for this Conditional Access Policy.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicyGrantControlsArgs']] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
-        :param pulumi.Input[pulumi.InputType['ConditionalAccessPolicySessionControlsArgs']] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
+        :param pulumi.Input[Union['ConditionalAccessPolicyConditionsArgs', 'ConditionalAccessPolicyConditionsArgsDict']] conditions: A `conditions` block as documented below, which specifies the rules that must be met for the policy to apply.
+        :param pulumi.Input[_builtins.str] display_name: The friendly name for this Conditional Access Policy.
+        :param pulumi.Input[Union['ConditionalAccessPolicyGrantControlsArgs', 'ConditionalAccessPolicyGrantControlsArgsDict']] grant_controls: A `grant_controls` block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.
+        :param pulumi.Input[_builtins.str] object_id: The object ID of the policy
+        :param pulumi.Input[Union['ConditionalAccessPolicySessionControlsArgs', 'ConditionalAccessPolicySessionControlsArgsDict']] session_controls: A `session_controls` block as documented below, which specifies the session controls that are enforced after sign-in.
                > Note: At least one of `grant_controls` and/or `session_controls` blocks must be specified.
-        :param pulumi.Input[str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
+        :param pulumi.Input[_builtins.str] state: Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -552,11 +559,12 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         __props__.__dict__["conditions"] = conditions
         __props__.__dict__["display_name"] = display_name
         __props__.__dict__["grant_controls"] = grant_controls
+        __props__.__dict__["object_id"] = object_id
         __props__.__dict__["session_controls"] = session_controls
         __props__.__dict__["state"] = state
         return ConditionalAccessPolicy(resource_name, opts=opts, __props__=__props__)
-    @property
+    @_builtins.property
     @pulumi.getter
     def conditions(self) -> pulumi.Output['outputs.ConditionalAccessPolicyConditions']:
         """
@@ -564,15 +572,15 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         """
         return pulumi.get(self, "conditions")
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Output[str]:
+    def display_name(self) -> pulumi.Output[_builtins.str]:
         """
         The friendly name for this Conditional Access Policy.
         """
         return pulumi.get(self, "display_name")
-    @property
+    @_builtins.property
     @pulumi.getter(name="grantControls")
     def grant_controls(self) -> pulumi.Output[Optional['outputs.ConditionalAccessPolicyGrantControls']]:
         """
@@ -580,7 +588,15 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         """
         return pulumi.get(self, "grant_controls")
-    @property
+    @_builtins.property
+    @pulumi.getter(name="objectId")
+    def object_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The object ID of the policy
+        """
+        return pulumi.get(self, "object_id")
+    @_builtins.property
     @pulumi.getter(name="sessionControls")
     def session_controls(self) -> pulumi.Output[Optional['outputs.ConditionalAccessPolicySessionControls']]:
         """
@@ -590,9 +606,9 @@ class ConditionalAccessPolicy(pulumi.CustomResource):
         """
         return pulumi.get(self, "session_controls")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def state(self) -> pulumi.Output[str]:
+    def state(self) -> pulumi.Output[_builtins.str]:
         """
         Specifies the state of the policy object. Possible values are: `enabled`, `disabled` and `enabledForReportingButNotEnforced`
         """

pulumi-azuread 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl

Potentially problematic release.

pulumi-azuread 5.48.0a1706744699py3-none-any.whl → 6.8.0a1766208344py3-none-any.whl