@pulumi/azuread
Version:
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
189 lines • 7.11 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.ConditionalAccessPolicy = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* ## Example Usage
*
* ### All users except guests or external users
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const example = new azuread.ConditionalAccessPolicy("example", {
* displayName: "example policy",
* state: "disabled",
* conditions: {
* clientAppTypes: ["all"],
* signInRiskLevels: ["medium"],
* userRiskLevels: ["medium"],
* applications: {
* includedApplications: ["All"],
* excludedApplications: [],
* },
* devices: {
* filter: {
* mode: "exclude",
* rule: "device.operatingSystem eq \"Doors\"",
* },
* },
* locations: {
* includedLocations: ["All"],
* excludedLocations: ["AllTrusted"],
* },
* platforms: {
* includedPlatforms: ["android"],
* excludedPlatforms: ["iOS"],
* },
* users: {
* includedUsers: ["All"],
* excludedUsers: ["GuestsOrExternalUsers"],
* },
* },
* grantControls: {
* operator: "OR",
* builtInControls: ["mfa"],
* },
* sessionControls: {
* applicationEnforcedRestrictionsEnabled: true,
* disableResilienceDefaults: false,
* signInFrequency: 10,
* signInFrequencyPeriod: "hours",
* cloudAppSecurityPolicy: "monitorOnly",
* },
* });
* ```
*
* ### Included client applications / service principals
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.ConditionalAccessPolicy("example", {
* displayName: "example policy",
* state: "disabled",
* conditions: {
* clientAppTypes: ["all"],
* applications: {
* includedApplications: ["All"],
* },
* clientApplications: {
* includedServicePrincipals: [current.then(current => current.objectId)],
* excludedServicePrincipals: [],
* },
* users: {
* includedUsers: ["None"],
* },
* },
* grantControls: {
* operator: "OR",
* builtInControls: ["block"],
* },
* });
* ```
*
* ### Excluded client applications / service principals
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.ConditionalAccessPolicy("example", {
* displayName: "example policy",
* state: "disabled",
* conditions: {
* clientAppTypes: ["all"],
* applications: {
* includedApplications: ["All"],
* },
* clientApplications: {
* includedServicePrincipals: ["ServicePrincipalsInMyTenant"],
* excludedServicePrincipals: [current.then(current => current.objectId)],
* },
* users: {
* includedUsers: ["None"],
* },
* },
* grantControls: {
* operator: "OR",
* builtInControls: ["block"],
* },
* });
* ```
*
* ## Import
*
* Conditional Access Policies can be imported using the `id`, e.g.
*
* ```sh
* $ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000
* ```
*/
class ConditionalAccessPolicy extends pulumi.CustomResource {
/**
* Get an existing ConditionalAccessPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new ConditionalAccessPolicy(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of ConditionalAccessPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === ConditionalAccessPolicy.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["conditions"] = state ? state.conditions : undefined;
resourceInputs["displayName"] = state ? state.displayName : undefined;
resourceInputs["grantControls"] = state ? state.grantControls : undefined;
resourceInputs["objectId"] = state ? state.objectId : undefined;
resourceInputs["sessionControls"] = state ? state.sessionControls : undefined;
resourceInputs["state"] = state ? state.state : undefined;
}
else {
const args = argsOrState;
if ((!args || args.conditions === undefined) && !opts.urn) {
throw new Error("Missing required property 'conditions'");
}
if ((!args || args.displayName === undefined) && !opts.urn) {
throw new Error("Missing required property 'displayName'");
}
if ((!args || args.state === undefined) && !opts.urn) {
throw new Error("Missing required property 'state'");
}
resourceInputs["conditions"] = args ? args.conditions : undefined;
resourceInputs["displayName"] = args ? args.displayName : undefined;
resourceInputs["grantControls"] = args ? args.grantControls : undefined;
resourceInputs["sessionControls"] = args ? args.sessionControls : undefined;
resourceInputs["state"] = args ? args.state : undefined;
resourceInputs["objectId"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(ConditionalAccessPolicy.__pulumiType, name, resourceInputs, opts);
}
}
exports.ConditionalAccessPolicy = ConditionalAccessPolicy;
/** @internal */
ConditionalAccessPolicy.__pulumiType = 'azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy';
//# sourceMappingURL=conditionalAccessPolicy.js.map