Outlook_Addin_LLM/node_modules/@microsoft/dev-tunnels-contracts/tunnelAccessControlEntry.d.ts

import { TunnelAccessControlEntryType } from './tunnelAccessControlEntryType';
/**
 * Data contract for an access control entry on a {@link Tunnel} or {@link TunnelPort}.
 *
 * An access control entry (ACE) grants or denies one or more access scopes to one or more
 * subjects. Tunnel ports inherit access control entries from their tunnel, and they may
 * have additional port-specific entries that augment or override those access rules.
 */
export interface TunnelAccessControlEntry {
    /**
     * Gets or sets the access control entry type.
     */
    type: TunnelAccessControlEntryType;
    /**
     * Gets or sets the provider of the subjects in this access control entry. The
     * provider impacts how the subject identifiers are resolved and displayed. The
     * provider may be an identity provider such as AAD, or a system or standard such as
     * "ssh" or "ipv4".
     *
     * For user, group, or org ACEs, this value is the name of the identity provider of
     * the user/group/org IDs. It may be one of the well-known provider names in {@link
     * TunnelAccessControlEntry.providers}, or (in the future) a custom identity provider.
     *  For public key ACEs, this value is the type of public key, e.g. "ssh".  For IP
     * address range ACEs, this value is the IP address version, "ipv4" or "ipv6", or
     * "service-tag" if the range is defined by an Azure service tag.  For anonymous ACEs,
     * this value is null.
     */
    provider?: string;
    /**
     * Gets or sets a value indicating whether this is an access control entry on a tunnel
     * port that is inherited from the tunnel's access control list.
     */
    isInherited?: boolean;
    /**
     * Gets or sets a value indicating whether this entry is a deny rule that blocks
     * access to the specified users. Otherwise it is an allow rule.
     *
     * All deny rules (including inherited rules) are processed after all allow rules.
     * Therefore a deny ACE cannot be overridden by an allow ACE that is later in the list
     * or on a more-specific resource. In other words, inherited deny ACEs cannot be
     * overridden.
     */
    isDeny?: boolean;
    /**
     * Gets or sets a value indicating whether this entry applies to all subjects that are
     * NOT in the {@link TunnelAccessControlEntry.subjects} list.
     *
     * Examples: an inverse organizations ACE applies to all users who are not members of
     * the listed organization(s); an inverse anonymous ACE applies to all authenticated
     * users; an inverse IP address ranges ACE applies to all clients that are not within
     * any of the listed IP address ranges. The inverse option is often useful in policies
     * in combination with {@link TunnelAccessControlEntry.isDeny}, for example a policy
     * could deny access to users who are not members of an organization or are outside of
     * an IP address range, effectively blocking any tunnels from allowing outside access
     * (because inherited deny ACEs cannot be overridden).
     */
    isInverse?: boolean;
    /**
     * Gets or sets an optional organization context for all subjects of this entry. The
     * use and meaning of this value depends on the {@link TunnelAccessControlEntry.type}
     * and {@link TunnelAccessControlEntry.provider} of this entry.
     *
     * For AAD users and group ACEs, this value is the AAD tenant ID. It is not currently
     * used with any other types of ACEs.
     */
    organization?: string;
    /**
     * Gets or sets the subjects for the entry, such as user or group IDs. The format of
     * the values depends on the {@link TunnelAccessControlEntry.type} and {@link
     * TunnelAccessControlEntry.provider} of this entry.
     */
    subjects: string[];
    /**
     * Gets or sets the access scopes that this entry grants or denies to the subjects.
     *
     * These must be one or more values from {@link TunnelAccessScopes}.
     */
    scopes: string[];
    /**
     * Gets or sets the expiration for an access control entry.
     *
     * If no value is set then this value is null.
     */
    expiration?: Date;
}
export declare namespace TunnelAccessControlEntry {
    /**
     * Constants for well-known identity providers.
     */
    enum Providers {
        /**
         * Microsoft (AAD) identity provider.
         */
        Microsoft = "microsoft",
        /**
         * GitHub identity provider.
         */
        GitHub = "github",
        /**
         * SSH public keys.
         */
        Ssh = "ssh",
        /**
         * IPv4 addresses.
         */
        IPv4 = "ipv4",
        /**
         * IPv6 addresses.
         */
        IPv6 = "ipv6",
        /**
         * Service tags.
         */
        ServiceTag = "service-tag"
    }
}
//# sourceMappingURL=tunnelAccessControlEntry.d.ts.map
First version with simple frontend and Compose Email by AI 2024-11-29 21:36:41 +01:00			`import { TunnelAccessControlEntryType } from './tunnelAccessControlEntryType';`
			`/**`
			`* Data contract for an access control entry on a {@link Tunnel} or {@link TunnelPort}.`
			`*`
			`* An access control entry (ACE) grants or denies one or more access scopes to one or more`
			`* subjects. Tunnel ports inherit access control entries from their tunnel, and they may`
			`* have additional port-specific entries that augment or override those access rules.`
			`*/`
			`export interface TunnelAccessControlEntry {`
			`/**`
			`* Gets or sets the access control entry type.`
			`*/`
			`type: TunnelAccessControlEntryType;`
			`/**`
			`* Gets or sets the provider of the subjects in this access control entry. The`
			`* provider impacts how the subject identifiers are resolved and displayed. The`
			`* provider may be an identity provider such as AAD, or a system or standard such as`
			`* "ssh" or "ipv4".`
			`*`
			`* For user, group, or org ACEs, this value is the name of the identity provider of`
			`* the user/group/org IDs. It may be one of the well-known provider names in {@link`
			`* TunnelAccessControlEntry.providers}, or (in the future) a custom identity provider.`
			`* For public key ACEs, this value is the type of public key, e.g. "ssh". For IP`
			`* address range ACEs, this value is the IP address version, "ipv4" or "ipv6", or`
			`* "service-tag" if the range is defined by an Azure service tag. For anonymous ACEs,`
			`* this value is null.`
			`*/`
			`provider?: string;`
			`/**`
			`* Gets or sets a value indicating whether this is an access control entry on a tunnel`
			`* port that is inherited from the tunnel's access control list.`
			`*/`
			`isInherited?: boolean;`
			`/**`
			`* Gets or sets a value indicating whether this entry is a deny rule that blocks`
			`* access to the specified users. Otherwise it is an allow rule.`
			`*`
			`* All deny rules (including inherited rules) are processed after all allow rules.`
			`* Therefore a deny ACE cannot be overridden by an allow ACE that is later in the list`
			`* or on a more-specific resource. In other words, inherited deny ACEs cannot be`
			`* overridden.`
			`*/`
			`isDeny?: boolean;`
			`/**`
			`* Gets or sets a value indicating whether this entry applies to all subjects that are`
			`* NOT in the {@link TunnelAccessControlEntry.subjects} list.`
			`*`
			`* Examples: an inverse organizations ACE applies to all users who are not members of`
			`* the listed organization(s); an inverse anonymous ACE applies to all authenticated`
			`* users; an inverse IP address ranges ACE applies to all clients that are not within`
			`* any of the listed IP address ranges. The inverse option is often useful in policies`
			`* in combination with {@link TunnelAccessControlEntry.isDeny}, for example a policy`
			`* could deny access to users who are not members of an organization or are outside of`
			`* an IP address range, effectively blocking any tunnels from allowing outside access`
			`* (because inherited deny ACEs cannot be overridden).`
			`*/`
			`isInverse?: boolean;`
			`/**`
			`* Gets or sets an optional organization context for all subjects of this entry. The`
			`* use and meaning of this value depends on the {@link TunnelAccessControlEntry.type}`
			`* and {@link TunnelAccessControlEntry.provider} of this entry.`
			`*`
			`* For AAD users and group ACEs, this value is the AAD tenant ID. It is not currently`
			`* used with any other types of ACEs.`
			`*/`
			`organization?: string;`
			`/**`
			`* Gets or sets the subjects for the entry, such as user or group IDs. The format of`
			`* the values depends on the {@link TunnelAccessControlEntry.type} and {@link`
			`* TunnelAccessControlEntry.provider} of this entry.`
			`*/`
			`subjects: string[];`
			`/**`
			`* Gets or sets the access scopes that this entry grants or denies to the subjects.`
			`*`
			`* These must be one or more values from {@link TunnelAccessScopes}.`
			`*/`
			`scopes: string[];`
			`/**`
			`* Gets or sets the expiration for an access control entry.`
			`*`
			`* If no value is set then this value is null.`
			`*/`
			`expiration?: Date;`
			`}`
			`export declare namespace TunnelAccessControlEntry {`
			`/**`
			`* Constants for well-known identity providers.`
			`*/`
			`enum Providers {`
			`/**`
			`* Microsoft (AAD) identity provider.`
			`*/`
			`Microsoft = "microsoft",`
			`/**`
			`* GitHub identity provider.`
			`*/`
			`GitHub = "github",`
			`/**`
			`* SSH public keys.`
			`*/`
			`Ssh = "ssh",`
			`/**`
			`* IPv4 addresses.`
			`*/`
			`IPv4 = "ipv4",`
			`/**`
			`* IPv6 addresses.`
			`*/`
			`IPv6 = "ipv6",`
			`/**`
			`* Service tags.`
			`*/`
			`ServiceTag = "service-tag"`
			`}`
			`}`
			`//# sourceMappingURL=tunnelAccessControlEntry.d.ts.map`