Skip to content

azuread_conditional_access_policy: support includeAuthenticationContextClassReferences and applicationFilter of conditions #1534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

azuread_conditional_access_policy: support includeAuthenticationContextClassReferences and applicationFilter of conditions #1534

wants to merge 1 commit into from

Conversation

kenchan0130
Copy link
Contributor

@kenchan0130 kenchan0130 commented Oct 17, 2024
edited
Loading

FIX: #882 #1318

Related to #1357

support includeAuthenticationContextClassReferences and applicationFi…
68b2904 
…lter of azuread_conditional_access_policy.conditions resource
kenchan0130
kenchan0130 commented Oct 17, 2024
View reviewed changes
docs/resources/conditional_access_policy.md
* `included_user_actions` - (Optional) A list of user actions to include. Supported values are `urn:user:registerdevice` and `urn:user:registersecurityinfo`. Cannot be specified with `included_applications`. One of `included_applications` or `included_user_actions` must be specified.
* `filter` - (Optional) A `filter` block as described below.
* `included_applications` - (Optional) A list of application IDs the policy applies to, unless explicitly excluded (in `excluded_applications`). Can also be set to `All`, `None` or `Office365`. Cannot be specified with `included_user_actions`. One of `included_applications`, `included_user_actions` or `included_authentication_context_class_references` must be specified.
* `included_authentication_context_class_references` - (Optional) A list of authentication context class reference to include. Supported values are `c1` through `c99`.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see in the API docs that it only supports IDs up to c25,
In fact, the official doc states that IDs can be used up to c99.

@kenchan0130
Copy link
Contributor Author

@katbyte @mbfrahry

Is it possible to be reviewed or get an advice about this please?

jackofallops
jackofallops requested changes Nov 4, 2024
View reviewed changes
Copy link
Member

@jackofallops jackofallops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kenchan0130 - before we do a full review, can you add acceptance test coverage for the new properties and validation conditions?

Thanks

@kenchan0130
Copy link
Contributor Author

@jackofallops

Hi @kenchan0130 - before we do a full review, can you add acceptance test coverage for the new properties and validation conditions?

Thanks

This provider does not yet have a terraform resource to create an authentication context. So unfortunately I am unable to add a test on the attributes.
Should I create implementations (in another PR of course) of the authentication context resource?

@jwelker9
Copy link

I have nothing valuable to add... but I just wanted to cheer you guys on as I'm hoping to leverage this appFilter as well lol thanks for your work on it!

@SuryenduB
Copy link

Hi Team, can you please review this PR. We will need support for : included_authentication_context_class_references

@mjendza
Copy link

mjendza commented Jan 31, 2025

hi, @kenchan0130 @jackofallops do you need any support to finish the PR and merge the feature?

@kenchan0130
Copy link
Contributor Author

@jackofallops

Hi @kenchan0130 - before we do a full review, can you add acceptance test coverage for the new properties and validation conditions?
Thanks

This provider does not yet have a terraform resource to create an authentication context. So unfortunately I am unable to add a test on the attributes. Should I create implementations (in another PR of course) of the authentication context resource?

@jackofallops

Could you please give me your opinion on this?
I intend to follow the policy of the maintainers.

@kenchan0130
Copy link
Contributor Author

@jackofallops

Could you please give me your opinion on this?
I intend to follow the policy of the maintainers.

Please let me know if you need more information concerning this matter.

@kenchan0130
Copy link
Contributor Author

The filter is supported by #1744.
I will change this PR only includeAuthenticationContextClassReferences scope.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackofallops jackofallops jackofallops requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

documentation feature/conditional-access size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

azuread_conditional_access_policy: Option to define authentication context in policy

5 participants

@kenchan0130 @jwelker9 @SuryenduB @mjendza @jackofallops