upbound
diff --git a/‎README.md‎
Lines changed: 48 additions & 0 deletions b/‎README.md‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎example/README.md‎
Lines changed: 56 additions & 0 deletions b/‎example/README.md‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎example/definition.yaml‎
Lines changed: 50 additions & 5 deletions b/‎example/definition.yaml‎
Lines changed: 50 additions & 5 deletions
diff --git a/‎example/envconfig.yaml‎
Lines changed: 13 additions & 0 deletions b/‎example/envconfig.yaml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎example/functions.yaml‎
Lines changed: 7 additions & 0 deletions b/‎example/functions.yaml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎example/group-membership-example-context-ref.yaml‎
Lines changed: 39 additions & 0 deletions b/‎example/group-membership-example-context-ref.yaml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎example/group-membership-example-spec-ref.yaml‎
Lines changed: 35 additions & 0 deletions b/‎example/group-membership-example-spec-ref.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎example/group-membership-example-status-ref.yaml‎
Lines changed: 28 additions & 0 deletions b/‎example/group-membership-example-status-ref.yaml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎example/group-membership-example.yaml‎
Lines changed: 1 addition & 1 deletion b/‎example/group-membership-example.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/group-objectids-example-context-ref.yaml‎
Lines changed: 37 additions & 0 deletions b/‎example/group-objectids-example-context-ref.yaml‎
Lines changed: 37 additions & 0 deletions
@@ -189,9 +189,13 @@ spec:
 |-------|------|-------------|
 | `queryType` | string | Required. Type of query to perform. Valid values: `UserValidation`, `GroupMembership`, `GroupObjectIDs`, `ServicePrincipalDetails` |
 | `users` | []string | List of user principal names (email IDs) for user validation |
+| `usersRef` | string | Reference to resolve a list of user names from `spec`, `status` or `context` (e.g., `spec.userAccess.emails`) |
 | `group` | string | Single group name for group membership queries |
+| `groupRef` | string | Reference to resolve a single group name from `spec`, `status` or `context` (e.g., `spec.groupConfig.name`) |
 | `groups` | []string | List of group names for group object ID queries |
+| `groupsRef` | string | Reference to resolve a list of group names from `spec`, `status` or `context` (e.g., `spec.groupConfig.names`) |
 | `servicePrincipals` | []string | List of service principal names |
+| `servicePrincipalsRef` | string | Reference to resolve a list of service principal names from `spec`, `status` or `context` (e.g., `spec.servicePrincipalConfig.names`) |
 | `target` | string | Required. Where to store the query results. Can be `status.<field>` or `context.<field>` |
 | `skipQueryWhenTargetHasData` | bool | Optional. When true, will skip the query if the target already has data |
 
@@ -213,6 +217,50 @@ target: "context.results"
 target: "context.[apiextensions.crossplane.io/environment].results"
 ```
 
+## Using Reference Fields
+
+You can reference values from XR spec, status, or context instead of hardcoding them:
+
+### Using groupRef from spec
+
+```yaml
+apiVersion: msgraph.fn.crossplane.io/v1alpha1
+kind: Input
+queryType: GroupMembership
+groupRef: "spec.groupConfig.name"  # Get group name from XR spec
+target: "status.groupMembers"
+```
+
+### Using groupsRef from spec
+
+```yaml
+apiVersion: msgraph.fn.crossplane.io/v1alpha1
+kind: Input
+queryType: GroupObjectIDs
+groupsRef: "spec.groupConfig.names"  # Get group names from XR spec
+target: "status.groupObjectIDs"
+```
+
+### Using usersRef from spec
+
+```yaml
+apiVersion: msgraph.fn.crossplane.io/v1alpha1
+kind: Input
+queryType: UserValidation
+usersRef: "spec.userAccess.emails"  # Get user emails from XR spec
+target: "status.validatedUsers"
+```
+
+### Using servicePrincipalsRef from spec
+
+```yaml
+apiVersion: msgraph.fn.crossplane.io/v1alpha1
+kind: Input
+queryType: ServicePrincipalDetails
+servicePrincipalsRef: "spec.servicePrincipalConfig.names"  # Get service principal names from XR spec
+target: "status.servicePrincipals"
+```
+
 ## References
 
 - [Microsoft Graph API Overview](https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0)
 
@@ -42,6 +42,20 @@ Validate if specified Azure AD users exist:
 crossplane render xr.yaml user-validation-example.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
 ```
 
+Dynamic `usersRef` variations:
+
+```shell
+crossplane render xr.yaml user-validation-example-status-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
+```shell
+crossplane render xr.yaml user-validation-example-context-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc --extra-resources=envconfig.yaml
+```
+
+```shell
+crossplane render xr.yaml user-validation-example-spec-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
 ### 2. Group Membership
 
 Get all members of a specified Azure AD group:
@@ -50,6 +64,20 @@ Get all members of a specified Azure AD group:
 crossplane render xr.yaml group-membership-example.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
 ```
 
+Dynamic `groupRef` variations:
+
+```shell
+crossplane render xr.yaml group-membership-example-status-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
+```shell
+crossplane render xr.yaml group-membership-example-context-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc --extra-resources=envconfig.yaml
+```
+
+```shell
+crossplane render xr.yaml group-membership-example-spec-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
 ### 3. Group Object IDs
 
 Get object IDs for specified Azure AD groups:
@@ -58,10 +86,38 @@ Get object IDs for specified Azure AD groups:
 crossplane render xr.yaml group-objectids-example.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
 ```
 
+Dynamic `groupsRef` variations:
+
+```shell
+crossplane render xr.yaml group-objectids-example-status-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
+```shell
+crossplane render xr.yaml group-objectids-example-context-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc --extra-resources=envconfig.yaml
+```
+
+```shell
+crossplane render xr.yaml group-objectids-example-spec-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
 ### 4. Service Principal Details
 
 Get details of specified service principals:
 
 ```shell
 crossplane render xr.yaml service-principal-example.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
 ```
+
+Dynamic `servicePrinicpalsRef` variations:
+
+```shell
+crossplane render xr.yaml service-principal-example-status-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
+
+```shell
+crossplane render xr.yaml service-principal-example-context-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc --extra-resources=envconfig.yaml
+```
+
+```shell
+crossplane render xr.yaml service-principal-example-spec-ref.yaml functions.yaml --function-credentials=./secrets/azure-creds.yaml -rc
+```
@@ -23,19 +23,64 @@ spec:
               queryResourceType:
                 description: resource type for az resource query construction
                 type: string
+              groupConfig:
+                description: Configuration for group references
+                type: object
+                properties:
+                  name:
+                    description: Name of a single group to reference with groupRef
+                    type: string
+                  names:
+                    description: List of group names to reference with groupsRef
+                    type: array
+                    items:
+                      type: string
+              userAccess:
+                description: Configuration for user references
+                type: object
+                properties:
+                  emails:
+                    description: List of user emails to reference with usersRef
+                    type: array
+                    items:
+                      type: string
+              servicePrincipalConfig:
+                description: Configuration for service principal references
+                type: object
+                properties:
+                  names:
+                    description: List of service principal names to reference with servicePrincipalsRef
+                    type: array
+                    items:
+                      type: string
           status:
             description: XRStatus defines the observed state of XR.
             type: object
             properties:
-              azResourceGraphQueryResult:
-                description: Freeform field containing query results from function-azresourcegraph
+              groupMembers:
+                description: Freeform field containing query results from function-msgraph
+                type: array
+                items:
+                  type: object
+                x-kubernetes-preserve-unknown-fields: true
+              validatedUsers:
+                description: Freeform field containing query results from function-msgraph
+                type: array
+                items:
+                  type: object
+                x-kubernetes-preserve-unknown-fields: true
+              groupObjectIDs:
+                description: Freeform field containing query results from function-msgraph
+                type: array
+                items:
+                  type: object
+                x-kubernetes-preserve-unknown-fields: true
+              servicePrincipals:
+                description: Freeform field containing query results from function-msgraph
                 type: array
                 items:
                   type: object
                 x-kubernetes-preserve-unknown-fields: true
-              azResourceGraphQuery:
-                description: Freeform field containing query results from function-azresourcegraph
-                type: string
         required:
         - spec
         type: object
 
@@ -0,0 +1,13 @@
+apiVersion: apiextensions.crossplane.io/v1alpha1
+kind: EnvironmentConfig
+metadata:
+  name: example-config
+data:
+  group:
+    name: test-fn-msgraph
+  groups:
+    - test-fn-msgraph
+  users:
+    - [email protected]
+  servicePrincipalNames:
+    - yury-upbound-oidc-provider
@@ -8,3 +8,10 @@ metadata:
     render.crossplane.io/runtime: Development
 spec:
   package: xpkg.upbound.io/upbound/function-msgraph:v0.1.0
+---
+apiVersion: pkg.crossplane.io/v1beta1
+kind: Function
+metadata:
+  name: crossplane-contrib-function-environment-configs
+spec:
+  package: xpkg.upbound.io/crossplane-contrib/function-environment-configs:v0.2.0
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: group-membership-example-context-ref
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+    - step: environmentConfigs
+      functionRef:
+        name: crossplane-contrib-function-environment-configs
+      input:
+        apiVersion: environmentconfigs.fn.crossplane.io/v1beta1
+        kind: Input
+        spec:
+          environmentConfigs:
+            - type: Reference
+              ref:
+                name: example-config
+    - step: get-group-members
+      functionRef:
+        name: function-msgraph
+      input:
+        apiVersion: msgraph.fn.crossplane.io/v1alpha1
+        kind: Input
+        queryType: GroupMembership
+        groupRef: context.[apiextensions.crossplane.io/environment].group.name
+        # The function will automatically select standard fields:
+        # - id, displayName, mail, userPrincipalName, appId, description
+        target: "status.groupMembers"
+        skipQueryWhenTargetHasData: true
+      credentials:
+        - name: azure-creds
+          source: Secret
+          secretRef:
+            namespace: upbound-system
+            name: azure-account-creds
@@ -0,0 +1,35 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: group-membership-example-spec-ref
+  annotations:
+    # Important: This function requires an Azure AD app registration with Microsoft Graph API permissions:
+    # - Group.Read.All
+    # - Directory.Read.All
+    # - User.Read.All (if groups contain users)
+    # - Application.Read.All (if groups contain service principals)
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+    - step: get-group-members
+      functionRef:
+        name: function-msgraph
+      input:
+        apiVersion: msgraph.fn.crossplane.io/v1alpha1
+        kind: Input
+        queryType: GroupMembership
+        # Using spec reference to get group name
+        groupRef: "spec.groupConfig.name"
+        # The function will automatically select standard fields:
+        # - id, displayName, mail, userPrincipalName, appId, description
+        target: "status.groupMembers"
+        skipQueryWhenTargetHasData: true
+      credentials:
+        - name: azure-creds
+          source: Secret
+          secretRef:
+            namespace: upbound-system
+            name: azure-account-creds
@@ -0,0 +1,28 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: group-membership-example-status-ref
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+    - step: get-group-members
+      functionRef:
+        name: function-msgraph
+      input:
+        apiVersion: msgraph.fn.crossplane.io/v1alpha1
+        kind: Input
+        queryType: GroupMembership
+        groupRef: status.group.name
+        # The function will automatically select standard fields:
+        # - id, displayName, mail, userPrincipalName, appId, description
+        target: "status.groupMembers"
+        skipQueryWhenTargetHasData: true
+      credentials:
+        - name: azure-creds
+          source: Secret
+          secretRef:
+            namespace: upbound-system
+            name: azure-account-creds
@@ -21,7 +21,7 @@ spec:
         apiVersion: msgraph.fn.crossplane.io/v1alpha1
         kind: Input
         queryType: GroupMembership
-        group: "All Company"
+        group: test-fn-msgraph
         # The function will automatically select standard fields:
         # - id, displayName, mail, userPrincipalName, appId, description
         target: "status.groupMembers"
 
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: group-objectids-example-context-ref
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+    - step: environmentConfigs
+      functionRef:
+        name: crossplane-contrib-function-environment-configs
+      input:
+        apiVersion: environmentconfigs.fn.crossplane.io/v1beta1
+        kind: Input
+        spec:
+          environmentConfigs:
+            - type: Reference
+              ref:
+                name: example-config
+    - step: get-group-objectids
+      functionRef:
+        name: function-msgraph
+      input:
+        apiVersion: msgraph.fn.crossplane.io/v1alpha1
+        kind: Input
+        queryType: GroupObjectIDs
+        groupsRef: context.[apiextensions.crossplane.io/environment].groups
+        target: "status.groupObjectIDs"
+        skipQueryWhenTargetHasData: true
+      credentials:
+        - name: azure-creds
+          source: Secret
+          secretRef:
+            namespace: upbound-system
+            name: azure-account-creds