Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azuread_conditional_access_policy: support includeAuthenticationContextClassReferences and applicationFilter of conditions #1534

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kenchan0130
Copy link
Contributor

@kenchan0130 kenchan0130 commented Oct 17, 2024

FIX: #882 #1318

Related to #1357

…lter of azuread_conditional_access_policy.conditions resource
* `included_user_actions` - (Optional) A list of user actions to include. Supported values are `urn:user:registerdevice` and `urn:user:registersecurityinfo`. Cannot be specified with `included_applications`. One of `included_applications` or `included_user_actions` must be specified.
* `filter` - (Optional) A `filter` block as described below.
* `included_applications` - (Optional) A list of application IDs the policy applies to, unless explicitly excluded (in `excluded_applications`). Can also be set to `All`, `None` or `Office365`. Cannot be specified with `included_user_actions`. One of `included_applications`, `included_user_actions` or `included_authentication_context_class_references` must be specified.
* `included_authentication_context_class_references` - (Optional) A list of authentication context class reference to include. Supported values are `c1` through `c99`.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see in the API docs that it only supports IDs up to c25,
In fact, the official doc states that IDs can be used up to c99.

@kenchan0130
Copy link
Contributor Author

@katbyte @mbfrahry

Is it possible to be reviewed or get an advice about this please?

Copy link
Member

@jackofallops jackofallops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kenchan0130 - before we do a full review, can you add acceptance test coverage for the new properties and validation conditions?

Thanks

@kenchan0130
Copy link
Contributor Author

@jackofallops

Hi @kenchan0130 - before we do a full review, can you add acceptance test coverage for the new properties and validation conditions?

Thanks

This provider does not yet have a terraform resource to create an authentication context. So unfortunately I am unable to add a test on the attributes.
Should I create implementations (in another PR of course) of the authentication context resource?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

azuread_conditional_access_policy: Option to define authentication context in policy
2 participants