DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.schema.mof
|
[ClassVersion("1.0.0.1")]
class MSFT_AADServicePrincipalRoleAssignment { [Required, Description("Type of principal. Accepted values are User or Group"), ValueMap{"Group","User"}, Values{"Group","User"}] String PrincipalType; [Required, Description("Unique identity representing the principal.")] String Identity; }; [ClassVersion("1.0.0.1")] class MSFT_AADServicePrincipalDelegatedPermissionClassification { [Write, Description("Classification of the delegated permission"), ValueMap{"low", "medium", "high"}, Values{"low", "medium", "high"}] String Classification; [Required, Description("Name of the permission")] String PermissionName; }; [ClassVersion("1.0.0.1")] class MSFT_AADServicePrincipalAttributeValue { [Required, Description("Name of the Attribute")] String AttributeName; [Write, Description("If the attribute has a string array value")] String StringArrayValue[]; [Write, Description("If the attribute has a int array value")] UInt32 IntArrayValue[]; [Write, Description("If the attribute has a string value")] String StringValue; [Write, Description("If the attribute has a int value")] UInt32 IntValue; [Write, Description("If the attribute has a boolean value")] Boolean BoolValue; }; [ClassVersion("1.0.0.1")] class MSFT_AADServicePrincipalAttributeSet { [Required, Description("Attribute Set Name.")] String AttributeSetName; [Write, Description("List of attribute values."), EmbeddedInstance("MSFT_AADServicePrincipalAttributeValue")] String AttributeValues[]; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalTransformationAttribute { [Write, Description("This flag is only relevant in the case where the attribute is multivalued. By default, transformations are only applied to the first element in a multi-valued claim, however setting this flag to true ensures the transformation is applied to all values, resulting in a multivalued output.")] Boolean treatAsMultiValue; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalCustomClaimTransformation { [Write, Description("The input attribute that provides the source for the transformation. This parameter is required if it's the first or only transformation in the list of transformations to be applied. Subsequent transformations use the output of the prior transformation as input."), EmbeddedInstance("MSFT_AADServicePrincipalTransformationAttribute")] String input; }; [ClassVersion("1.0.0.1")] class MSFT_AADServicePrincipalCustomClaimCondition { [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.customClaimCondition"}, Values{"#microsoft.graph.customClaimCondition"}] String odataType; [Write, Description("A list of groups (GUIDs) to which the user/application must be a member for this condition to be applied.")] String memberOf[]; [Write, Description("The type of user this condition applies to. The possible values are: any, members, allGuests, aadGuests, externalGuests."), ValueMap{"any","members","allGuests","aadGuests","externalGuests"}, Values{"any","members","allGuests","aadGuests","externalGuests"}] String userType; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalCustomClaimAttribute { [Required, Description("The type of the entity."), ValueMap{"#microsoft.graph.sourcedAttribute","#microsoft.graph.valueBasedAttribute"}, Values{"#microsoft.graph.sourcedAttribute","#microsoft.graph.valueBasedAttribute"}] String odataType; [Write, Description("The identifier of the attribute on the specified source. Only applicable for sourcedAttribute.")] String id; [Write, Description("A flag that indicates if the name specified is that of an extension attribute. Only applicable for sourcedAttribute.")] Boolean isExtensionAttribute; [Write, Description("The source where the claim is going to retrieve its value. Valid sources include user, application, resource, audience and company. Only applicable for sourcedAttribute.")] String source; [Write, Description("The static value to be used an the attribute. Only applicable for valueBasedAttribute.")] String value; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalCustomClaimConfiguration { [Write, Description("The attribute on which we source this property."), EmbeddedInstance("MSFT_AADServicePrincipalCustomClaimAttribute")] String attribute; [Write, Description("The condition, if any, associated with this configuration."), EmbeddedInstance("MSFT_AADServicePrincipalCustomClaimCondition")] String condition; [Write, Description("An ordered list of transformations that are applied in sequence."), EmbeddedInstance("MSFT_AADServicePrincipalCustomClaimTransformation")] String transformations[]; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalCustomClaim { [Required, Description("The type of the entity."), ValueMap{"#microsoft.graph.customClaim","#microsoft.graph.samlNameIdClaim"}, Values{"#microsoft.graph.customClaim","#microsoft.graph.samlNameIdClaim"}] String odataType; [Write, Description("One or more configurations that describe how the claim is sourced and under what conditions."), EmbeddedInstance("MSFT_AADServicePrincipalCustomClaimConfiguration")] String configurations[]; [Write, Description("The name of the claim to be emitted.")] String name; [Write, Description("An optional namespace to be included as part of the claim name.")] String namespace; [Write, Description("If specified, it sets the nameFormat attribute associated with the claim in the SAML response. The possible values are: unspecified, uri, basic."), ValueMap{"unspecified","uri","basic"}, Values{"unspecified","uri","basic"}] String samlAttributeNameFormat; [Write, Description("List of token formats for which this claim should be emitted. The possible values are: saml,jwt."), ValueMap{"saml","jwt"}, Values{"saml","jwt"}] String tokenFormat[]; [Write, Description("Allows to specify the format of the saml nameID claim value. The possible values are: default, unspecified, emailAddress, windowsDomainQualifiedName, persistent, unknownFutureValue. Only applicable to samlNameIdClaim."), ValueMap{"default","unspecified","emailAddress","windowsDomainQualifiedName","persistent"}, Values{"default","unspecified","emailAddress","windowsDomainQualifiedName","persistent"}] String nameIdFormat; [Write, Description("Allows the specification of a service provider name qualifier reflected in the sAML response. The value provided must match one of the service provider names configured for the application and is only applicable for IdP-initiated applications (the sign-on URL should be empty for the IdP-initiated applications), in all other cases this value is ignored. Only applicable to samlNameIdClaim.")] String serviceProviderNameQualifier; }; [ClassVersion("1.0.0.0")] class MSFT_AADServicePrincipalClaimsPolicy { [Write, Description("If specified, it overrides the content of the audience claim for WS-Federation and SAML2 protocols. A custom signing key must be used for audienceOverride to be applied, otherwise, the audienceOverride value is ignored. The value provided must be in the format of an absolute URI.")] String audienceOverride; [Write, Description("Defines which claims are present in the tokens affected by the policy, in addition to the basic claim and the core claim set."), EmbeddedInstance("MSFT_AADServicePrincipalCustomClaim")] String Claims[]; [Write, Description("Indicates whether the application ID is added to the claim. It is relevant only for SAML2.0 and if a custom signing key is used. the default value is true. Optional.")] Boolean includeApplicationIdInIssuer; [Write, Description("Determines whether the basic claim set is included in tokens affected by this policy. If set to true, all claims in the basic claim set are emitted in tokens affected by the policy. By default the basic claim set isn't in the tokens unless they're explicitly configured in this policy.")] Boolean includeBasicClaimSet; }; [ClassVersion("1.0.0.1"), FriendlyName("AADServicePrincipal")] class MSFT_AADServicePrincipal : OMI_BaseResource { [Key, Description("The unique identifier for the associated application.")] String AppId; [Write, Description("App role assignments for this app or service, granted to users, groups, and other service principals."), EmbeddedInstance("MSFT_AADServicePrincipalRoleAssignment")] String AppRoleAssignedTo[]; [Write, Description("The ObjectID of the ServicePrincipal")] String ObjectID; [Write, Description("Displayname of the ServicePrincipal.")] String DisplayName; [Write, Description("The alternative names for this service principal")] String AlternativeNames[]; [Write, Description("True if the service principal account is enabled; otherwise, false.")] Boolean AccountEnabled; [Write, Description("Indicates whether an application role assignment is required.")] Boolean AppRoleAssignmentRequired; [Write, Description("Represents a claims policy that allows application admins to customize the claims emitted in tokens affected by this policy."), EmbeddedInstance("MSFT_AADServicePrincipalClaimsPolicy")] String ClaimsPolicy; [Write, Description("Specifies the error URL of the ServicePrincipal.")] String ErrorUrl; [Write, Description("Specifies the homepage of the ServicePrincipal.")] String Homepage; [Write, Description("Specifies the LogoutURL of the ServicePrincipal.")] String LogoutUrl; [Write, Description("Notes associated with the ServicePrincipal.")] String Notes; [Write, Description("Specifies the PublisherName of the ServicePrincipal.")] String PublisherName; [Write, Description("List of the owners of the service principal.")] String Owners[]; [Write, Description("Specifies the signle sign-on mode configured for this application.")] String PreferredSingleSignOnMode; [Write, Description("The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.")] String ReplyUrls[]; [Write, Description("The URL for the SAML metadata of the ServicePrincipal.")] String SamlMetadataUrl; [Write, Description("Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal.")] String ServicePrincipalNames[]; [Write, Description("The type of the service principal.")] String ServicePrincipalType; [Write, Description("Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}")] String Tags[]; [Write, Description("The permission classifications for delegated permissions exposed by the app that this service principal represents."), EmbeddedInstance("MSFT_AADServicePrincipalDelegatedPermissionClassification")] String DelegatedPermissionClassifications[]; [Write, Description("The list of custom security attributes attached to this SPN"), EmbeddedInstance("MSFT_AADServicePrincipalAttributeSet")] String CustomSecurityAttributes[]; [Write, Description("Specify if the Azure AD App should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Credentials of the Azure AD Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; [Write, Description("The collection of password credentials associated with the service principal. Not nullable."), EmbeddedInstance("MSFT_MicrosoftGraphpasswordCredential")] String PasswordCredentials[]; [Write, Description("The collection of key credentials associated with the service principal. Not nullable. Supports $filter (eq, NOT, ge, le)."), EmbeddedInstance("MSFT_MicrosoftGraphkeyCredential")] String KeyCredentials[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphKeyCredential { [Write, Description("A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.")] String CustomKeyIdentifier; [Write, Description("Friendly name for the key. Optional.")] String DisplayName; [Write, Description("The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String EndDateTime; [Write, Description("The unique identifier (GUID) for the key.")] String KeyId; [Write, Description("The certificate's raw data in byte array converted to Base64 string.")] String Key; [Write, Description("The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String StartDateTime; [Write, Description("The type of key credential for example, Symmetric, AsymmetricX509Cert.")] String Type; [Write, Description("A string that describes the purpose for which the key can be used for example, Verify.")] String Usage; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphPasswordCredential { [Write, Description("Friendly name for the password. Optional.")] String DisplayName; [Write, Description("The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String EndDateTime; [Write, Description("Contains the first three characters of the password. Read-only.")] String Hint; [Write, Description("The unique identifier for the password.")] String KeyId; [Write, Description("The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String StartDateTime; }; |