address review, undocument deprecated properties

docs/data-sources/application.md

@@ -30,12 +30,11 @@ output "application_object_id" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional, Deprecated) Specifies the Client ID of the application.
 * `client_id` - (Optional) Specifies the Client ID of the application.
 * `display_name` - (Optional) Specifies the display name of the application.
 * `object_id` - (Optional) Specifies the Object ID of the application.
 
-~> One of `client_id`, `application_id`, `display_name`, or `object_id` must be specified.
+~> One of `client_id`, `display_name`, or `object_id` must be specified.
 
 ## Attributes Reference
 
@@ -44,7 +43,6 @@ The following attributes are exported:
 * `api` - An `api` block as documented below.
 * `app_role_ids` - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
 * `app_roles` - A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-* `application_id` - (Deprecated) The Client ID for the application.
 * `client_id` - The Client ID for the application.
 * `description` - A description of the application, as shown to end users.
 * `device_only_auth_enabled` - Specifies whether this application supports device authentication without a user.

docs/data-sources/service_principal.md

@@ -44,25 +44,23 @@ data "azuread_service_principal" "example" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional, Deprecated) The client ID of the application associated with this service principal.
 * `client_id` - (Optional) The client ID of the application associated with this service principal.
 * `display_name` - (Optional) The display name of the application associated with this service principal.
 * `object_id` - (Optional) The object ID of the service principal.
 
-~> One of `client_id`, `application_id`, `display_name` or `object_id` must be specified.
+~> One of `client_id`, `display_name` or `object_id` must be specified.
 
 ## Attributes Reference
 
 The following attributes are exported:
 
 * `account_enabled` - Whether the service principal account is enabled.
 * `alternative_names` - A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
-* `application_id` - (Deprecated) The client ID of the application associated with this service principal.
 * `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
 * `app_role_ids` - A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
 * `app_roles` - A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
 * `application_tenant_id` - The tenant ID where the associated application is registered.
-* `client_id` - (Deprecated) The client ID of the application associated with this service principal.
+* `client_id` - The client ID of the application associated with this service principal.
 * `description` - A description of the service principal provided for internal end-users.
 * `display_name` - The display name of the application associated with this service principal.
 * `features` - A `features` block as described below.

docs/data-sources/service_principals.md

@@ -55,14 +55,13 @@ data "azuread_service_principals" "example" {
 
 The following arguments are supported:
 
-* `application_ids` - (Optional, Deprecated) A list of client IDs of the applications associated with the service principals.
 * `client_ids` - (Optional) A list of client IDs of the applications associated with the service principals.
 * `display_names` - (Optional) A list of display names of the applications associated with the service principals.
 * `ignore_missing` - (Optional) Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
 * `object_ids` - (Optional) The object IDs of the service principals.
 * `return_all` - (Optional) When `true`, the data source will return all service principals. Cannot be used with `ignore_missing`. Defaults to false.
 
-~> Either `return_all`, or one of `client_ids`, `application_ids`, `display_names` or `object_ids` must be specified. These _may_ be specified as an empty list, in which case no results will be returned.
+~> Either `return_all`, or one of `client_ids`, `display_names` or `object_ids` must be specified. These _may_ be specified as an empty list, in which case no results will be returned.
 
 ## Attributes Reference
 
@@ -80,7 +79,6 @@ The following attributes are exported:
 
 * `account_enabled` - Whether the service principal account is enabled.
 * `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
-* `application_id` - (Deprecated) The client ID of the application associated with this service principal.
 * `application_tenant_id` - The tenant ID where the associated application is registered.
 * `client_ids` - The client ID of the application associated with this service principal.
 * `display_name` - The display name of the application associated with this service principal.

docs/resources/application.md

@@ -331,7 +331,6 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 * `app_role_ids` - A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
-* `application_id` - (Deprecated) The Client ID for the application.
 * `client_id` - The Client ID for the application.
 * `disabled_by_microsoft` - Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
 * `logo_url` - CDN URL to the application's logo, as uploaded with the `logo_image` property.

docs/resources/application_certificate.md

@@ -120,11 +120,7 @@ resource "azuread_application_certificate" "example" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional) The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-* `application_object_id` - (Optional, Deprecated) The object ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-
-~> One of `application_id` or `application_object_id` must be specified.
-
+* `application_id` - (Required) The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
 * `encoding` - (Optional) Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
 
 -> **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the [azurerm_key_vault_certificate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate) resource.

docs/resources/application_federated_identity_credential.md

@@ -37,11 +37,7 @@ resource "azuread_application_federated_identity_credential" "example" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional) The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
-* `application_object_id` - (Optional, Deprecated) The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
-
-~> One of `application_id` or `application_object_id` must be specified.
-
+* `application_id` - (Required) The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
 * `audiences` - (Required) List of audiences that can appear in the external token. This specifies what should be accepted in the `aud` claim of incoming tokens.
 * `description` - (Optional) A description for the federated identity credential.
 * `display_name` - (Required) A unique display name for the federated identity credential. Changing this forces a new resource to be created.

docs/resources/application_password.md

@@ -53,11 +53,7 @@ resource "azuread_application_password" "example" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional) The resource ID of the application for which this password should be created. Changing this field forces a new resource to be created.
-* `application_object_id` - (Optional, Deprecated) The object ID of the application for which this password should be created. Changing this field forces a new resource to be created.
-
-~> One of `application_id` or `application_object_id` must be specified.
-
+* `application_id` - (Required) The resource ID of the application for which this password should be created. Changing this field forces a new resource to be created.
 * `display_name` - (Optional) A display name for the password. Changing this field forces a new resource to be created.
 * `end_date` - (Optional) The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
 * `end_date_relative` - (Optional) A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.

docs/resources/application_pre_authorized.md

@@ -64,16 +64,8 @@ resource "azuread_application_pre_authorized" "example" {
 
 The following arguments are supported:
 
-* `application_id` - (Optional) The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
-* `application_object_id` - (Optional, Deprecated) The object ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
-
-~> One of `application_id` or `application_object_id` must be specified.
-
-* `authorized_app_id` - (Optional, Deprecated) The client ID of the application being authorized. Changing this field forces a new resource to be created.
-* `authorized_client_id` - (Optional) The client ID of the application being authorized. Changing this field forces a new resource to be created.
-
-~> One of `authorized_client_id` or `authorized_app_id` must be specified.
-
+* `application_id` - (Required) The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
+* `authorized_client_id` - (Required) The client ID of the application being authorized. Changing this field forces a new resource to be created.
 * `permission_ids` - (Required) A set of permission scope IDs required by the authorized application.
 
 ## Attributes Reference

docs/resources/service_principal.md

@@ -93,11 +93,7 @@ The following arguments are supported:
 * `account_enabled` - (Optional) Whether or not the service principal account is enabled. Defaults to `true`.
 * `alternative_names` - (Optional) A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
 * `app_role_assignment_required` - (Optional) Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
-* `application_id` - (Optional, Deprecated) The client ID of the application for which to create a service principal.
-* `client_id` - (Optional) The client ID of the application for which to create a service principal.
-
-~. At least one of `client_id` or `application_id` must be specified.
-
+* `client_id` - (Required) The client ID of the application for which to create a service principal.
 * `description` - (Optional) A description of the service principal provided for internal end-users.
 * `feature_tags` - (Optional) A `feature_tags` block as described below. Cannot be used together with the `tags` property.