-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resources: azuread_application_registration
, azuread_application_from_template
and others
#1214
Conversation
009b180
to
9b0213c
Compare
azuread_application_registration
, azuread_application_app_role
, azuread_application_permission_scope
azuread_application_registration
, azuread_application_from_template
and others
a6fa83e
to
c908ede
Compare
…rincipal`, `data.azure_ad_service_principals`
2b6545a
to
2c0407d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aside from some minor comments LGTM 🌵
docs/data-sources/application.md
Outdated
@@ -43,7 +44,8 @@ The following attributes are exported: | |||
* `api` - An `api` block as documented below. | |||
* `app_role_ids` - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. | |||
* `app_roles` - A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles). | |||
* `application_id` - The Application ID (also called Client ID). | |||
* `application_id` - (Deprecated) The Client ID for the application. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we just remove this like we do in rm as its deprecated? / should be deprecated in favour of X
* `alternative_names` - A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. | ||
* `application_id` - The application ID (client ID) of the application associated with this service principal. | ||
* `application_id` - (Deprecated) The client ID of the application associated with this service principal. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here
* `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. | ||
* `app_role_ids` - A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. | ||
* `app_roles` - A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles). | ||
* `application_tenant_id` - The tenant ID where the associated application is registered. | ||
* `client_id` - (Deprecated) The client ID of the application associated with this service principal. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here
* `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. | ||
* `application_id` - The application ID (client ID) of the application associated with this service principal. | ||
* `application_id` - (Deprecated) The client ID of the application associated with this service principal. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here
docs/resources/application.md
Outdated
@@ -324,7 +331,8 @@ The following arguments are supported: | |||
In addition to all arguments above, the following attributes are exported: | |||
|
|||
* `app_role_ids` - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. | |||
* `application_id` - The Application ID (also called Client ID). | |||
* `application_id` - (Deprecated) The Client ID for the application. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here
docs/resources/service_principal.md
Outdated
* `application_id` - (Optional, Deprecated) The client ID of the application for which to create a service principal. | ||
* `client_id` - (Optional) The client ID of the application for which to create a service principal. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here etc,
i'd lean towards removal, but at least should indicate client id is replacement
<Actions> <action id="c2aadc6326b4b0bc58df11ee286b0f67ccdb5888bd77f391e6473570113337ec"> <h3>Bump Terraform `azuread` provider version</h3> <details id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24"> <summary>Update Terraform lock file</summary> <p>"hashicorp/azuread" updated from "2.43.0" to "2.44.0" in file ".terraform.lock.hcl"</p> <details> <summary>2.44.0</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.44.0
* Developer Note: the Typed Resource SDK, as also used in the AzureRM provider, is now the preferred way of introducing new resources ([#1188](https://github.com/hashicorp/terraform-provider-azuread/issues/1188))

FEATURES:

* **New Resource:** `azuread_application_api_access` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_app_role` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_fallback_public_client` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_from_template` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_identifier_uri` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_known_clients` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_owner` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_permission_scope ([#1214](https://github.com/hashicorp/terraform-provider-azuread/issues/1214))`
* **New Resource:** `azuread_application_redirect_uris` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_application_registration` ([#1214](hashicorp/terraform-provider-azuread#1214 **New Resource:** `azuread_authentication_strength_policy` ([#1171](https://github.com/hashicorp/terraform-provider-azuread/issues/1171))

ENHANCEMENTS:

* `data.azuread_application` - export the `client_id` attribute, deprecate the `application_id` attribute ([#1214](hashicorp/terraform-provider-azuread#1214 `data.azuread_service_principal` - support for the `client_id` property, deprecate the `application_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `data.azuread_service_principals` - support for the `client_ids` property, deprecate the `application_ids` property ([#1214](hashicorp/terraform-provider-azuread#1214 `data.azuread_service_principals` - export the `client_id` attribute in the `service_principals` block, deprecate the `application_id` attribute ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_application` - export the `client_id` attribute, deprecate the `application_id` attribute ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_application_federated_identity_credential` - support for the `application_id` property, deprecate the `application_object_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_application_certificate` - support for the `application_id` property, deprecate the `application_object_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_application_password` - support for the `application_id` property, deprecate the `application_object_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_application_pre_authorized` - support for the `application_id` property, deprecate the `application_object_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_service_principal` - support for the `client_id` property, deprecate the `application_id` property ([#1214](hashicorp/terraform-provider-azuread#1214 `azuread_conditional_access_policy` - support for the `authentication_strength_policy_id` property in the `grant_controls` block [GH_1171]

BUG FIXES:

* `azuread_group_member` - resolve a bug when refreshing state if the group is missing ([#1198](https://github.com/hashicorp/terraform-provider-azuread/issues/1198))


</pre> </details> <details> <summary>2.44.1</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.44.1
BUG FIXES:

* `azuread_application_certificate` - work around an unexpected diff with the `application_object_id` property ([#1221](hashicorp/terraform-provider-azuread#1221 `azuread_application_federated_identity_credential` - work around an unexpected diff with the `application_object_id` property ([#1221](hashicorp/terraform-provider-azuread#1221 `azuread_application_password` - work around an unexpected diff with the `application_object_id` property ([#1221](hashicorp/terraform-provider-azuread#1221 `azuread_application_pre_authorized` - work around an unexpected diff with the `application_object_id` property ([#1221](https://github.com/hashicorp/terraform-provider-azuread/issues/1221))


</pre> </details> </details> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> --------- Co-authored-by: Jenkins Infra Bot (updatecli) <[email protected]>
Hi @Israphel, unfortunately I missed these but @PseudoCoding caught them and fixed in #1220. The docs will be updated this week when the release goes out. |
Rationale and Practitioner Benefits
We're adding these resources to complement the existing
azuread_application
resource. Whilst the existing monolithic resource is useful for declaring and managing the whole application manifest at once, these new resources offer a more composable approach and only manage a small set of properties each. They are intended for use both in simpler configurations, and in more advanced configs, the latter of which which might include:azuread_application
resource removes them or otherwise updates themazuread_application
resource isn't able to detect this correctly, perhaps due to lack of API permissionsInternal work
This includes some refactoring to accommodate these new resources and also to aid in moving over to new structured resource IDs
utils
package which contained legacy helper funcsazuread_application_*
resources as stopgap until v3.0More ID parser upgrades and state migrations to follow in separate PRs.
TODO
Changelog
FEATURES:
azuread_application_api_access
azuread_application_app_role
azuread_application_fallback_public_client
azuread_application_from_template
azuread_application_identifier_uri
azuread_application_known_clients
azuread_application_owner
azuread_application_permission_scope
azuread_application_redirect_uris
azuread_application_registration
ENHANCEMENTS:
data.azuread_application
- export theclient_id
attribute, deprecate theapplication_id
attributedata.azuread_service_principal
- support for theclient_id
property, deprecate theapplication_id
propertydata.azuread_service_principals
- support for theclient_ids
property, deprecate theapplication_ids
propertydata.azuread_service_principals
- export theclient_id
attribute in theservice_principals
block, deprecate theapplication_id
attributeazuread_application
- export theclient_id
attribute, deprecate theapplication_id
attributeazuread_application_federated_identity_credential
- support for theapplication_id
property, deprecate theapplication_object_id
propertyazuread_application_certificate
- support for theapplication_id
property, deprecate theapplication_object_id
propertyazuread_application_password
- support for theapplication_id
property, deprecate theapplication_object_id
propertyazuread_application_pre_authorized
- support for theapplication_id
property, deprecate theapplication_object_id
propertyazuread_service_principal
- support for theclient_id
property, deprecate theapplication_id
propertyIssues
Closes: #428
Closes: #501
Closes: #703
Closes: #773
Closes: #778
Closes: #797
Closes: #800
Closes: #834
Closes: #836
Closes: #852
Closes: #919
Closes: #924
Closes: #950
Closes: #1001
Closes: #1002
Closes: #1093