Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: add application filter to azuread_conditional_access_policy #1357

Open
wants to merge 61 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
cbe697b
feat: add filter to applications in schema
BrendanThompson Apr 10, 2024
7fb5a79
feat: add expansion for applications filter
BrendanThompson Apr 10, 2024
7212c53
feat: make flatten filter generic and use for device and app
BrendanThompson Apr 10, 2024
2b43824
chore: ensure only one inclusion option is used
BrendanThompson Apr 10, 2024
afaba7f
[COMPLIANCE] Add Copyright and License Headers
hashicorp-copywrite[bot] May 8, 2024
c57f5ef
azuread_application_pre_authorized: fix for concurrency bug during de…
KenSpur Jan 26, 2024
1d4e727
Changelog for #1299
manicminer May 8, 2024
4d9a2c9
azuread_group: support `SkipExchangeInstantOn` for `behaviors`. Fixes…
manicminer May 8, 2024
f9e9566
Changelog for #1370
manicminer May 9, 2024
8ce9ce1
bugfix: synchronization package registration oopsie
manicminer May 9, 2024
d155c15
make generate
manicminer May 9, 2024
b9f693e
fixed #1031 adds provision on demand
iwarapter Feb 22, 2023
17d51db
add triggers arguement to allow re-triggering use cases
iwarapter May 9, 2024
32d994b
linting, tidying
manicminer May 9, 2024
cc2677f
Changlog for #1032
manicminer May 9, 2024
09a2c7f
v2.49.0
manicminer May 9, 2024
36d2903
Fix example code for azuread_group_role_management_policy
audunsolemdal May 10, 2024
e46fa44
Fix typo
audunsolemdal May 10, 2024
8f8026c
Add example for required_conditional_access_authentication_context
audunsolemdal May 10, 2024
4203bef
bugfix: resolve several potential crashes in new PIM resources
manicminer May 10, 2024
1a106b3
another crash fix
manicminer May 10, 2024
09c6130
Changelog for #1375
manicminer May 13, 2024
945e385
v2.49.1
manicminer May 13, 2024
a0c02f3
Result of tsccr-helper -log-level=info gha update .
hashicorp-tsccr[bot] May 13, 2024
37b8c97
[COMPLIANCE] Add Copyright and License Headers
hashicorp-copywrite[bot] May 13, 2024
70faa30
feat: allow data.azuread_application lookup using identifier_uris
JonasBak Feb 2, 2024
bdc62fb
fix: use identifier_uri instead of identifier_uris for lookup
JonasBak May 13, 2024
12f268a
Update docs/data-sources/application.md
manicminer May 15, 2024
8ee0a45
CHangelog for #1303
manicminer May 15, 2024
572b7f4
data.azuread_service_principal: display name comparison should be cas…
manicminer May 16, 2024
e501a91
Changelog for #1381
manicminer May 16, 2024
5847f21
bugfix: run d.Partial() to avoid setting invalid password to state wh…
manicminer May 15, 2024
2a6284a
Changelog for #1308
manicminer May 16, 2024
32004a7
use single runner label for custom-linux-large
dlaguerta May 16, 2024
b87b756
dependencies: updating to `v0.68.0` of `github.com/manicminer/hamilton`
manicminer May 16, 2024
fdfb81b
azuread_conditional_access_policy: improve handling of the `session_c…
manicminer May 16, 2024
707e868
Changelog for #1382
manicminer May 16, 2024
34506ce
typo fix
manicminer May 16, 2024
759e56b
v2.50.0
manicminer May 16, 2024
6a868fa
feat: add runtime provider debugging capability
iwarapter Mar 8, 2024
b87dda4
tooling: updating version of hashicorp/ghaction-terraform-provider-re…
manicminer May 17, 2024
4616934
Result of tsccr-helper -log-level=info gha update .
hashicorp-tsccr[bot] May 27, 2024
f30882b
docs: add note on using `ignore_changes` on `administrative_unit_ids`…
manicminer May 30, 2024
ec6faa5
test fixes for administrative units
manicminer May 30, 2024
65d81d2
dependencies: updating to `v0.70.0` of `github.com/manicminer/hamilton`
manicminer May 30, 2024
4fb9a80
bugfix: allow disabling review settings for `azuread_access_package_a…
manicminer May 30, 2024
efce4d3
Changelog for #1394
manicminer Jun 6, 2024
cb67bb7
azuread_user: acceptance test for setting an invalid password
manicminer May 15, 2024
c3e4f41
tooling: enable running a release from a branch instead of `main`
manicminer May 22, 2024
f37968a
data.azuread_users: support for the `mails` property
manicminer Jun 6, 2024
fd91657
Changelog for #1400
manicminer Jun 6, 2024
b71f01a
v2.51.0
manicminer Jun 6, 2024
2a5ca7f
azuread_application: support `ignore_changes` lifecycle argument for …
manicminer Jun 10, 2024
c851aad
azuread_application: basicFromTemplate test fix
manicminer Jun 10, 2024
ff46b8e
azuread_application: basicFromTemplate more test fix
manicminer Jun 10, 2024
d4d12a0
Changelog for #1403
manicminer Jun 13, 2024
fbf8e78
internal concurrency lock when updating azuread_application / azuread…
manicminer Jun 11, 2024
692ae75
azuread_application: work around very buggy API when instantiating fr…
manicminer Jun 11, 2024
7d012f4
REBASE! dependencies: updating to `REBASE ME!` of `github.com/manicmi…
manicminer Jun 11, 2024
c5d1603
Changelog for #1406
manicminer Jun 13, 2024
c8e29ad
v2.52.0
manicminer Jun 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func conditionalAccessPolicyResource() *pluginsdk.Resource {
"included_applications": {
Type: pluginsdk.TypeList,
Optional: true,
ExactlyOneOf: []string{"conditions.0.applications.0.included_applications", "conditions.0.applications.0.included_user_actions"},
ExactlyOneOf: []string{"conditions.0.applications.0.included_applications", "conditions.0.applications.0.included_user_actions", "conditions.0.applications.0.filter"},
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Expand All @@ -96,12 +96,37 @@ func conditionalAccessPolicyResource() *pluginsdk.Resource {
"included_user_actions": {
Type: pluginsdk.TypeList,
Optional: true,
ExactlyOneOf: []string{"conditions.0.applications.0.included_applications", "conditions.0.applications.0.included_user_actions"},
ExactlyOneOf: []string{"conditions.0.applications.0.included_applications", "conditions.0.applications.0.included_user_actions", "conditions.0.applications.0.filter"},
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
},
},

"filter": {
Type: pluginsdk.TypeList,
Optional: true,
ExactlyOneOf: []string{"conditions.0.applications.0.included_applications", "conditions.0.applications.0.included_user_actions", "conditions.0.applications.0.filter"},
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"mode": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
msgraph.ConditionalAccessFilterModeExclude,
msgraph.ConditionalAccessFilterModeInclude,
}, false),
},

"rule": {
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
},
},
},
},
},
},
},
Expand Down
17 changes: 15 additions & 2 deletions internal/services/conditionalaccess/conditionalaccess.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
package conditionalaccess

import (
"log"

"github.com/hashicorp/go-azure-helpers/lang/pointer"
"github.com/hashicorp/terraform-provider-azuread/internal/tf"
"github.com/manicminer/hamilton/msgraph"
Expand Down Expand Up @@ -40,6 +42,7 @@ func flattenConditionalAccessApplications(in *msgraph.ConditionalAccessApplicati
"included_applications": tf.FlattenStringSlicePtr(in.IncludeApplications),
"excluded_applications": tf.FlattenStringSlicePtr(in.ExcludeApplications),
"included_user_actions": tf.FlattenStringSlicePtr(in.IncludeUserActions),
"filter": flattenConditionalAccessFilter(in.ApplicationFilter),
},
}
}
Expand Down Expand Up @@ -83,7 +86,7 @@ func flattenConditionalAccessDevices(in *msgraph.ConditionalAccessDevices) []int

return []interface{}{
map[string]interface{}{
"filter": flattenConditionalAccessDeviceFilter(in.DeviceFilter),
"filter": flattenConditionalAccessFilter(in.DeviceFilter),
},
}
}
Expand Down Expand Up @@ -188,11 +191,14 @@ func flattenConditionalAccessSessionControls(in *msgraph.ConditionalAccessSessio
}
}

func flattenConditionalAccessDeviceFilter(in *msgraph.ConditionalAccessFilter) []interface{} {
func flattenConditionalAccessFilter(in *msgraph.ConditionalAccessFilter) []interface{} {
if in == nil {
log.Print("=== no access filters to flatten")
return []interface{}{}
}

log.Printf("=== access filters are being flattened: %s", *in.Rule)

return []interface{}{
map[string]interface{}{
"mode": in.Mode,
Expand Down Expand Up @@ -339,10 +345,17 @@ func expandConditionalAccessApplications(in []interface{}) *msgraph.ConditionalA
includeApplications := config["included_applications"].([]interface{})
excludeApplications := config["excluded_applications"].([]interface{})
includeUserActions := config["included_user_actions"].([]interface{})
filter := config["filter"].([]interface{})

result.IncludeApplications = tf.ExpandStringSlicePtr(includeApplications)
result.ExcludeApplications = tf.ExpandStringSlicePtr(excludeApplications)
result.IncludeUserActions = tf.ExpandStringSlicePtr(includeUserActions)
if len(filter) > 0 {
log.Printf("=== appliction filter being expanded %+v \n", filter...)
result.ApplicationFilter = expandConditionalAccessFilter(filter)
} else {
log.Println("=== no application filter to expand")
}

return &result
}
Expand Down
Loading