Update terraform-provider-azuread to v2.23.0 (#279)

provider/go.mod

@@ -94,7 +94,7 @@ require (
 	github.com/hashicorp/terraform-plugin-log v0.4.0 // indirect
 	github.com/hashicorp/terraform-plugin-sdk v1.7.0 // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.13.0 // indirect
-	github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1 // indirect
+	github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c // indirect
 	github.com/hashicorp/terraform-registry-address v0.0.0-20220131103327-5c1c5e123275 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/vault/api v1.1.0 // indirect

provider/go.sum

@@ -553,8 +553,8 @@ github.com/hashicorp/terraform-plugin-sdk v1.7.0 h1:B//oq0ZORG+EkVrIJy0uPGSonvmX
 github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+YqKm0KNvV3QqU4hkqHqPCY=
 github.com/hashicorp/terraform-plugin-test v1.2.0 h1:AWFdqyfnOj04sxTdaAF57QqvW7XXrT8PseUHkbKsE8I=
 github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs=
-github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1 h1:I0iWKGSLM3vYZpvFjNAPWQKoRySENSXA2UHIS+eAeQo=
-github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1/go.mod h1:Hd7l5g0G9OMjk3/gtJXfwYipPcTEdsxZk/awH3d5fNk=
+github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c h1:N6WMlFOet0EX3yPvjLrkPdvwvYVvkMbAZFcvsWWfaY0=
+github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c/go.mod h1:Hd7l5g0G9OMjk3/gtJXfwYipPcTEdsxZk/awH3d5fNk=
 github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896/go.mod h1:bzBPnUIkI0RxauU8Dqo+2KrZZ28Cf48s8V6IHt3p4co=
 github.com/hashicorp/terraform-registry-address v0.0.0-20220131103327-5c1c5e123275 h1:x/8cnK295F9NK18FXxsJxU1bz2PusWH52DDDsuao+88=
 github.com/hashicorp/terraform-registry-address v0.0.0-20220131103327-5c1c5e123275/go.mod h1:bdLC+qQlJIBHKbCMA6GipcuaKjmjcvZlnVdpU583z3Y=

provider/shim/go.mod

@@ -4,7 +4,7 @@ go 1.15
 
 require (
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.13.0
-	github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1
+	github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c
 )
 
 replace github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20211230170131-3a7c83bfab87

provider/shim/go.sum

@@ -229,8 +229,8 @@ github.com/hashicorp/terraform-plugin-go v0.8.0/go.mod h1:E3GuvfX0Pz2Azcl6BegD6t
 github.com/hashicorp/terraform-plugin-log v0.2.0/go.mod h1:E1kJmapEHzqu1x6M++gjvhzM2yMQNXPVWZRCB8sgYjg=
 github.com/hashicorp/terraform-plugin-log v0.3.0 h1:NPENNOjaJSVX0f7JJTl4f/2JKRPQ7S2ZN9B4NSqq5kA=
 github.com/hashicorp/terraform-plugin-log v0.3.0/go.mod h1:EjueSP/HjlyFAsDqt+okpCPjkT4NDynAe32AeDC4vps=
-github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1 h1:I0iWKGSLM3vYZpvFjNAPWQKoRySENSXA2UHIS+eAeQo=
-github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220428202731-e2c57af04dd1/go.mod h1:Hd7l5g0G9OMjk3/gtJXfwYipPcTEdsxZk/awH3d5fNk=
+github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c h1:N6WMlFOet0EX3yPvjLrkPdvwvYVvkMbAZFcvsWWfaY0=
+github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220610072126-28b840bedd5c/go.mod h1:Hd7l5g0G9OMjk3/gtJXfwYipPcTEdsxZk/awH3d5fNk=
 github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896/go.mod h1:bzBPnUIkI0RxauU8Dqo+2KrZZ28Cf48s8V6IHt3p4co=
 github.com/hashicorp/terraform-registry-address v0.0.0-20220131103327-5c1c5e123275 h1:x/8cnK295F9NK18FXxsJxU1bz2PusWH52DDDsuao+88=
 github.com/hashicorp/terraform-registry-address v0.0.0-20220131103327-5c1c5e123275/go.mod h1:bdLC+qQlJIBHKbCMA6GipcuaKjmjcvZlnVdpU583z3Y=

sdk/dotnet/ClaimsMappingPolicy.cs

@@ -16,7 +16,7 @@ namespace Pulumi.AzureAD
     /// 
     /// The following API permissions are required in order to use this resource.
     /// 
-    /// When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration`
+    /// When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration` and `Policy.Read.All`
     /// 
     /// When authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`
     /// 

sdk/dotnet/ConditionalAccessPolicy.cs

@@ -36,10 +36,7 @@ namespace Pulumi.AzureAD
     ///             {
     ///                 Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs
     ///                 {
-    ///                     ExcludedApplications = 
-    ///                     {
-    ///                         "00000004-0000-0ff1-ce00-000000000000",
-    ///                     },
+    ///                     ExcludedApplications = {},
     ///                     IncludedApplications = 
     ///                     {
     ///                         "All",
@@ -110,30 +107,10 @@ namespace Pulumi.AzureAD
     ///             },
     ///             SessionControls = new AzureAD.Inputs.ConditionalAccessPolicySessionControlsArgs
     ///             {
-    ///                 ApplicationEnforcedRestrictions = 
-    ///                 {
-    ///                     
-    ///                     {
-    ///                         { "enabled", true },
-    ///                     },
-    ///                 },
-    ///                 CloudAppSecurity = 
-    ///                 {
-    ///                     
-    ///                     {
-    ///                         { "cloudAppSecurityType", "monitorOnly" },
-    ///                         { "enabled", true },
-    ///                     },
-    ///                 },
-    ///                 SignInFrequency = 
-    ///                 {
-    ///                     
-    ///                     {
-    ///                         { "enabled", true },
-    ///                         { "type", "hours" },
-    ///                         { "value", 10 },
-    ///                     },
-    ///                 },
+    ///                 ApplicationEnforcedRestrictionsEnabled = true,
+    ///                 CloudAppSecurityPolicy = "monitorOnly",
+    ///                 SignInFrequency = 10,
+    ///                 SignInFrequencyPeriod = "hours",
     ///             },
     ///             State = "disabled",
     ///         });

sdk/dotnet/Config/Config.cs

@@ -115,6 +115,28 @@ public static string? MsiEndpoint
             set => _msiEndpoint.Set(value);
         }
 
+        private static readonly __Value<string?> _oidcRequestToken = new __Value<string?>(() => __config.Get("oidcRequestToken"));
+        /// <summary>
+        /// The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID
+        /// Connect.
+        /// </summary>
+        public static string? OidcRequestToken
+        {
+            get => _oidcRequestToken.Get();
+            set => _oidcRequestToken.Set(value);
+        }
+
+        private static readonly __Value<string?> _oidcRequestUrl = new __Value<string?>(() => __config.Get("oidcRequestUrl"));
+        /// <summary>
+        /// The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal
+        /// using OpenID Connect.
+        /// </summary>
+        public static string? OidcRequestUrl
+        {
+            get => _oidcRequestUrl.Get();
+            set => _oidcRequestUrl.Set(value);
+        }
+
         private static readonly __Value<string?> _partnerId = new __Value<string?>(() => __config.Get("partnerId"));
         /// <summary>
         /// A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
@@ -155,5 +177,15 @@ public static bool? UseMsi
             set => _useMsi.Set(value);
         }
 
+        private static readonly __Value<bool?> _useOidc = new __Value<bool?>(() => __config.GetBoolean("useOidc"));
+        /// <summary>
+        /// Allow OpenID Connect to be used for authentication
+        /// </summary>
+        public static bool? UseOidc
+        {
+            get => _useOidc.Get();
+            set => _useOidc.Set(value);
+        }
+
     }
 }

sdk/dotnet/Provider.cs

@@ -63,6 +63,20 @@ public partial class Provider : Pulumi.ProviderResource
         [Output("msiEndpoint")]
         public Output<string?> MsiEndpoint { get; private set; } = null!;
 
+        /// <summary>
+        /// The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID
+        /// Connect.
+        /// </summary>
+        [Output("oidcRequestToken")]
+        public Output<string?> OidcRequestToken { get; private set; } = null!;
+
+        /// <summary>
+        /// The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal
+        /// using OpenID Connect.
+        /// </summary>
+        [Output("oidcRequestUrl")]
+        public Output<string?> OidcRequestUrl { get; private set; } = null!;
+
         /// <summary>
         /// A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
         /// </summary>
@@ -154,6 +168,20 @@ public sealed class ProviderArgs : Pulumi.ResourceArgs
         [Input("msiEndpoint")]
         public Input<string>? MsiEndpoint { get; set; }
 
+        /// <summary>
+        /// The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID
+        /// Connect.
+        /// </summary>
+        [Input("oidcRequestToken")]
+        public Input<string>? OidcRequestToken { get; set; }
+
+        /// <summary>
+        /// The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal
+        /// using OpenID Connect.
+        /// </summary>
+        [Input("oidcRequestUrl")]
+        public Input<string>? OidcRequestUrl { get; set; }
+
         /// <summary>
         /// A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution
         /// </summary>
@@ -178,6 +206,12 @@ public sealed class ProviderArgs : Pulumi.ResourceArgs
         [Input("useMsi", json: true)]
         public Input<bool>? UseMsi { get; set; }
 
+        /// <summary>
+        /// Allow OpenID Connect to be used for authentication
+        /// </summary>
+        [Input("useOidc", json: true)]
+        public Input<bool>? UseOidc { get; set; }
+
         public ProviderArgs()
         {
             Environment = Utilities.GetEnv("ARM_ENVIRONMENT") ?? "public";

sdk/dotnet/go.mod

@@ -0,0 +1,3 @@
+module fake_dotnet_module // Exclude this directory from Go tools
+
+go 1.16

sdk/nodejs/claimsMappingPolicy.ts

@@ -11,7 +11,7 @@ import * as utilities from "./utilities";
  *
  * The following API permissions are required in order to use this resource.
  *
- * When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration`
+ * When authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration` and `Policy.Read.All`
  *
  * When authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`
  *

sdk/nodejs/conditionalAccessPolicy.ts

@@ -25,7 +25,7 @@ import * as utilities from "./utilities";
  * const example = new azuread.ConditionalAccessPolicy("example", {
  *     conditions: {
  *         applications: {
- *             excludedApplications: ["00000004-0000-0ff1-ce00-000000000000"],
+ *             excludedApplications: [],
  *             includedApplications: ["All"],
  *         },
  *         clientAppTypes: ["all"],
@@ -56,18 +56,10 @@ import * as utilities from "./utilities";
  *         operator: "OR",
  *     },
  *     sessionControls: {
- *         applicationEnforcedRestrictions: [{
- *             enabled: true,
- *         }],
- *         cloudAppSecurity: [{
- *             cloudAppSecurityType: "monitorOnly",
- *             enabled: true,
- *         }],
- *         signInFrequency: [{
- *             enabled: true,
- *             type: "hours",
- *             value: 10,
- *         }],
+ *         applicationEnforcedRestrictionsEnabled: true,
+ *         cloudAppSecurityPolicy: "monitorOnly",
+ *         signInFrequency: 10,
+ *         signInFrequencyPeriod: "hours",
  *     },
  *     state: "disabled",
  * });