Skip to content

Commit

Permalink
Merge pull request #1499 from hashicorp/bugfix/id-fixes
Browse files Browse the repository at this point in the history
bugfixes for ID parsing
  • Loading branch information
manicminer authored Sep 27, 2024
2 parents 8b482b2 + 2dcbb43 commit cfe1d91
Show file tree
Hide file tree
Showing 33 changed files with 248 additions and 190 deletions.
1 change: 0 additions & 1 deletion docs/data-sources/service_principals.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ The following arguments are supported:

The following attributes are exported:

* `application_ids` - A list of client IDs of the applications associated with the service principals.
* `client_ids` - A list of client IDs of the applications associated with the service principals.
* `display_names` - A list of display names of the applications associated with the service principals.
* `object_ids` - The object IDs of the service principals.
Expand Down
4 changes: 2 additions & 2 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,13 @@ data "azuread_domains" "example" {
}
# Create an application
resource "azuread_application" "example" {
resource "azuread_application_registration" "example" {
display_name = "ExampleApp"
}
# Create a service principal
resource "azuread_service_principal" "example" {
application_id = azuread_application.example.application_id
client_id = azuread_application_registration.example.client_id
}
# Create a user
Expand Down
12 changes: 6 additions & 6 deletions docs/resources/app_role_assignment.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_app_role_assignment" "example" {
Expand All @@ -72,14 +72,14 @@ resource "azuread_application" "internal" {
}
resource "azuread_service_principal" "internal" {
client_id = azuread_application.internal.application_id
client_id = azuread_application.internal.client_id
}
resource "azuread_application" "example" {
display_name = "example"
required_resource_access {
resource_app_id = azuread_application.internal.application_id
resource_app_id = azuread_application.internal.client_id
resource_access {
id = azuread_service_principal.internal.app_role_ids["Query.All"]
Expand All @@ -89,7 +89,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_app_role_assignment" "example" {
Expand Down Expand Up @@ -120,7 +120,7 @@ resource "azuread_application" "internal" {
}
resource "azuread_service_principal" "internal" {
client_id = azuread_application.internal.application_id
client_id = azuread_application.internal.client_id
}
resource "azuread_group" "example" {
Expand Down Expand Up @@ -155,7 +155,7 @@ resource "azuread_application" "internal" {
}
resource "azuread_service_principal" "internal" {
client_id = azuread_application.internal.application_id
client_id = azuread_application.internal.client_id
}
resource "azuread_group" "example" {
Expand Down
6 changes: 3 additions & 3 deletions docs/resources/application.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ resource "azuread_application" "example" {
requested_access_token_version = 2
known_client_applications = [
azuread_application.known1.application_id,
azuread_application.known2.application_id,
azuread_application.known1.client_id,
azuread_application.known2.client_id,
]
oauth2_permission_scope {
Expand Down Expand Up @@ -246,7 +246,7 @@ The following arguments are supported:

`api` block supports the following:

* `known_client_applications` - (Optional) A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
* `known_client_applications` - (Optional) A set of client IDs, used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
* `mapped_claims_enabled` - (Optional) Allows an application to use claims mapping without specifying a custom signing key. Defaults to `false`.
* `oauth2_permission_scope` - (Optional) One or more `oauth2_permission_scope` blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
* `requested_access_token_version` - (Optional) The access token version expected by this resource. Must be one of `1` or `2`, and must be `2` when `sign_in_audience` is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to `1`.
Expand Down
6 changes: 3 additions & 3 deletions docs/resources/service_principal_certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
application_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_service_principal_certificate" "example" {
Expand All @@ -45,7 +45,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
application_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_service_principal_certificate" "example" {
Expand All @@ -71,7 +71,7 @@ The following arguments are supported:
~> One of `end_date` or `end_date_relative` must be set. The maximum duration is determined by Azure AD.

* `key_id` - (Optional) A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
* `start_date` - (Optional) The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
* `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
* `value` - (Required) The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ resource "azuread_service_principal_claims_mapping_policy_assignment" "app" {
The following arguments are supported:

* `claims_mapping_policy_id` - (Required) The ID of the claims mapping policy to assign.
* `service_principal_id` - (Required) The object ID of the service principal for the policy assignment.
* `service_principal_id` - (Required) The ID of the service principal for the policy assignment.

## Attributes Reference

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_service_principal_delegated_permission_grant" "example" {
Expand Down Expand Up @@ -84,7 +84,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_user" "example" {
Expand Down
6 changes: 3 additions & 3 deletions docs/resources/service_principal_password.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ resource "azuread_service_principal" "example" {
}
resource "azuread_service_principal_password" "example" {
service_principal_id = azuread_service_principal.example.object_id
service_principal_id = azuread_service_principal.example.id
}
```

Expand All @@ -50,7 +50,7 @@ resource "time_rotating" "example" {
}
resource "azuread_service_principal_password" "example" {
service_principal_id = azuread_service_principal.example.object_id
service_principal_id = azuread_service_principal.example.id
rotate_when_changed = {
rotation = time_rotating.example.id
}
Expand All @@ -66,7 +66,7 @@ The following arguments are supported:
* `end_date` - (Optional) The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
* `end_date_relative` - (Optional) A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
* `rotate_when_changed` - (Optional) A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
* `service_principal_id` - (Required) The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.
* `start_date` - (Optional) The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used. Changing this field forces a new resource to be created.

## Attributes Reference
Expand Down
6 changes: 3 additions & 3 deletions docs/resources/service_principal_token_signing_certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_service_principal_token_signing_certificate" "example" {
Expand All @@ -42,7 +42,7 @@ resource "azuread_application" "example" {
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
client_id = azuread_application.example.client_id
}
resource "azuread_service_principal_token_signing_certificate" "example" {
Expand All @@ -61,7 +61,7 @@ The following arguments are supported:
~> If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.

* `end_date` - (Optional) The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.

## Attributes Reference

Expand Down
19 changes: 7 additions & 12 deletions docs/resources/synchronization_job.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,22 +21,17 @@ data "azuread_application_template" "example" {
display_name = "Azure Databricks SCIM Provisioning Connector"
}
resource "azuread_application" "example" {
resource "azuread_application_from_template" "example" {
display_name = "example"
template_id = data.azuread_application_template.example.template_id
feature_tags {
enterprise = true
gallery = true
}
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
use_existing = true
data "azuread_service_principal" "example" {
object_id = azuread_application_from_template.example.service_principal_object_id
}
resource "azuread_synchronization_secret" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = data.azuread_service_principal.example.id
credential {
key = "BaseAddress"
Expand All @@ -49,7 +44,7 @@ resource "azuread_synchronization_secret" "example" {
}
resource "azuread_synchronization_job" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = data.azuread_service_principal.example.id
template_id = "dataBricks"
enabled = true
}
Expand All @@ -60,8 +55,8 @@ resource "azuread_synchronization_job" "example" {

The following arguments are supported:

* `enabled` - (Optional) Whether or not the provisioning job is enabled. Default state is `true`.
* `service_principal_id` - (Required) The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.
* `enabled` - (Optional) Whether the provisioning job is enabled. Default state is `true`.
* `service_principal_id` - (Required) The ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.
* `template_id` - (Required) Identifier of the synchronization template this job is based on.

## Attributes Reference
Expand Down
21 changes: 8 additions & 13 deletions docs/resources/synchronization_job_provision_on_demand.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,22 +29,17 @@ data "azuread_application_template" "example" {
display_name = "Azure Databricks SCIM Provisioning Connector"
}
resource "azuread_application" "example" {
resource "azuread_application_from_template" "example" {
display_name = "example"
template_id = data.azuread_application_template.example.template_id
feature_tags {
enterprise = true
gallery = true
}
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.client_id
use_existing = true
data "azuread_service_principal" "example" {
object_id = azuread_application_from_template.example.service_principal_object_id
}
resource "azuread_synchronization_secret" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = data.azuread_service_principal.example.id
credential {
key = "BaseAddress"
Expand All @@ -57,13 +52,13 @@ resource "azuread_synchronization_secret" "example" {
}
resource "azuread_synchronization_job" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = data.azuread_service_principal.example.id
template_id = "dataBricks"
enabled = true
}
resource "azuread_synchronization_job_provision_on_demand" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = azuread_synchronization_job.example.service_principal_id
synchronization_job_id = azuread_synchronization_job.example.id
parameter {
# see specific synchronization schema for rule id https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationschema-get?view=graph-rest-beta
Expand All @@ -82,9 +77,9 @@ resource "azuread_synchronization_job_provision_on_demand" "example" {
The following arguments are supported:


* `synchronization_job_id` (Required) Identifier of the synchronization template this job is based on.
* `synchronization_job_id` (Required) The ID of the synchronization job.
* `parameter` (Required) One or more `parameter` blocks as documented below.
* `service_principal_id` (Required) The object ID of the service principal for the synchronization job.
* `service_principal_id` (Required) The ID of the service principal for the synchronization job.
* `triggers` (Optional) Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the [`terraform taint` command](https://www.terraform.io/docs/commands/taint.html).

---
Expand Down
15 changes: 5 additions & 10 deletions docs/resources/synchronization_secret.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,22 +21,17 @@ data "azuread_application_template" "example" {
display_name = "Azure Databricks SCIM Provisioning Connector"
}
resource "azuread_application" "example" {
resource "azuread_application_from_template" "example" {
display_name = "example"
template_id = data.azuread_application_template.example.template_id
feature_tags {
enterprise = true
gallery = true
}
}
resource "azuread_service_principal" "example" {
client_id = azuread_application.example.application_id
use_existing = true
data "azuread_service_principal" "example" {
object_id = azuread_application_from_template.example.service_principal_object_id
}
resource "azuread_synchronization_secret" "example" {
service_principal_id = azuread_service_principal.example.id
service_principal_id = data.azuread_service_principal.example.id
credential {
key = "BaseAddress"
Expand All @@ -55,7 +50,7 @@ resource "azuread_synchronization_secret" "example" {
The following arguments are supported:

* `credential` - (Optional) One or more `credential` blocks as documented below.
* `service_principal_id` - (Required) The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.
* `service_principal_id` - (Required) The ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.

---

Expand Down
Loading

0 comments on commit cfe1d91

Please sign in to comment.