Merge pull request #1499 from hashicorp/bugfix/id-fixes

bugfixes for ID parsing
hashicorp · Sep 27, 2024 · cfe1d91 · cfe1d91
2 parents 8b482b2 + 2dcbb43
commit cfe1d91
Show file tree

Hide file tree

Showing 33 changed files with 248 additions and 190 deletions.
diff --git a/docs/data-sources/service_principals.md b/docs/data-sources/service_principals.md
@@ -67,7 +67,6 @@ The following arguments are supported:
 
 The following attributes are exported:
 
-* `application_ids` - A list of client IDs of the applications associated with the service principals.
 * `client_ids` - A list of client IDs of the applications associated with the service principals.
 * `display_names` - A list of display names of the applications associated with the service principals.
 * `object_ids` - The object IDs of the service principals.

diff --git a/docs/index.md b/docs/index.md
@@ -32,13 +32,13 @@ data "azuread_domains" "example" {
 }
 
 # Create an application
-resource "azuread_application" "example" {
+resource "azuread_application_registration" "example" {
   display_name = "ExampleApp"
 }
 
 # Create a service principal
 resource "azuread_service_principal" "example" {
-  application_id = azuread_application.example.application_id
+  client_id = azuread_application_registration.example.client_id
 }
 
 # Create a user

diff --git a/docs/resources/app_role_assignment.md b/docs/resources/app_role_assignment.md
@@ -45,7 +45,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_app_role_assignment" "example" {
@@ -72,14 +72,14 @@ resource "azuread_application" "internal" {
 }
 
 resource "azuread_service_principal" "internal" {
-  client_id = azuread_application.internal.application_id
+  client_id = azuread_application.internal.client_id
 }
 
 resource "azuread_application" "example" {
   display_name = "example"
 
   required_resource_access {
-    resource_app_id = azuread_application.internal.application_id
+    resource_app_id = azuread_application.internal.client_id
 
     resource_access {
       id   = azuread_service_principal.internal.app_role_ids["Query.All"]
@@ -89,7 +89,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_app_role_assignment" "example" {
@@ -120,7 +120,7 @@ resource "azuread_application" "internal" {
 }
 
 resource "azuread_service_principal" "internal" {
-  client_id = azuread_application.internal.application_id
+  client_id = azuread_application.internal.client_id
 }
 
 resource "azuread_group" "example" {
@@ -155,7 +155,7 @@ resource "azuread_application" "internal" {
 }
 
 resource "azuread_service_principal" "internal" {
-  client_id = azuread_application.internal.application_id
+  client_id = azuread_application.internal.client_id
 }
 
 resource "azuread_group" "example" {

diff --git a/docs/resources/application.md b/docs/resources/application.md
@@ -39,8 +39,8 @@ resource "azuread_application" "example" {
     requested_access_token_version = 2
 
     known_client_applications = [
-      azuread_application.known1.application_id,
-      azuread_application.known2.application_id,
+      azuread_application.known1.client_id,
+      azuread_application.known2.client_id,
     ]
 
     oauth2_permission_scope {
@@ -246,7 +246,7 @@ The following arguments are supported:
 
 `api` block supports the following:
 
-* `known_client_applications` - (Optional) A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
+* `known_client_applications` - (Optional) A set of client IDs, used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.
 * `mapped_claims_enabled` - (Optional) Allows an application to use claims mapping without specifying a custom signing key. Defaults to `false`.
 * `oauth2_permission_scope` - (Optional) One or more `oauth2_permission_scope` blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.
 * `requested_access_token_version` - (Optional) The access token version expected by this resource. Must be one of `1` or `2`, and must be `2` when `sign_in_audience` is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to `1`.

diff --git a/docs/resources/service_principal_certificate.md b/docs/resources/service_principal_certificate.md
@@ -26,7 +26,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  application_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_service_principal_certificate" "example" {
@@ -45,7 +45,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  application_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_service_principal_certificate" "example" {
@@ -71,7 +71,7 @@ The following arguments are supported:
 ~> One of `end_date` or `end_date_relative` must be set. The maximum duration is determined by Azure AD.
 
 * `key_id` - (Optional) A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
-* `service_principal_id` - (Required) The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
+* `service_principal_id` - (Required) The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
 * `start_date` - (Optional) The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
 * `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
 * `value` - (Required) The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.

diff --git a/docs/resources/service_principal_claims_mapping_policy_assignment.md b/docs/resources/service_principal_claims_mapping_policy_assignment.md
@@ -28,7 +28,7 @@ resource "azuread_service_principal_claims_mapping_policy_assignment" "app" {
 The following arguments are supported:
 
 * `claims_mapping_policy_id` - (Required) The ID of the claims mapping policy to assign.
-* `service_principal_id` - (Required) The object ID of the service principal for the policy assignment.
+* `service_principal_id` - (Required) The ID of the service principal for the policy assignment.
 
 ## Attributes Reference
 

diff --git a/docs/resources/service_principal_delegated_permission_grant.md b/docs/resources/service_principal_delegated_permission_grant.md
@@ -45,7 +45,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_service_principal_delegated_permission_grant" "example" {
@@ -84,7 +84,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_user" "example" {

diff --git a/docs/resources/service_principal_password.md b/docs/resources/service_principal_password.md
@@ -30,7 +30,7 @@ resource "azuread_service_principal" "example" {
 }
 
 resource "azuread_service_principal_password" "example" {
-  service_principal_id = azuread_service_principal.example.object_id
+  service_principal_id = azuread_service_principal.example.id
 }
 ```
 
@@ -50,7 +50,7 @@ resource "time_rotating" "example" {
 }
 
 resource "azuread_service_principal_password" "example" {
-  service_principal_id = azuread_service_principal.example.object_id
+  service_principal_id = azuread_service_principal.example.id
   rotate_when_changed = {
     rotation = time_rotating.example.id
   }
@@ -66,7 +66,7 @@ The following arguments are supported:
 * `end_date` - (Optional) The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
 * `end_date_relative` - (Optional) A relative duration for which the password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
 * `rotate_when_changed` - (Optional) A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
-* `service_principal_id` - (Required) The object ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.
+* `service_principal_id` - (Required) The ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.
 * `start_date` - (Optional) The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.
 
 ## Attributes Reference

diff --git a/docs/resources/service_principal_token_signing_certificate.md b/docs/resources/service_principal_token_signing_certificate.md
@@ -26,7 +26,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_service_principal_token_signing_certificate" "example" {
@@ -42,7 +42,7 @@ resource "azuread_application" "example" {
 }
 
 resource "azuread_service_principal" "example" {
-  client_id = azuread_application.example.application_id
+  client_id = azuread_application.example.client_id
 }
 
 resource "azuread_service_principal_token_signing_certificate" "example" {
@@ -61,7 +61,7 @@ The following arguments are supported:
 ~> If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.
 
 * `end_date` - (Optional) The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
-* `service_principal_id` - (Required) The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
+* `service_principal_id` - (Required) The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
 
 ## Attributes Reference
 

diff --git a/docs/resources/synchronization_job.md b/docs/resources/synchronization_job.md
@@ -21,22 +21,17 @@ data "azuread_application_template" "example" {
   display_name = "Azure Databricks SCIM Provisioning Connector"
 }
 
-resource "azuread_application" "example" {
+resource "azuread_application_from_template" "example" {
   display_name = "example"
   template_id  = data.azuread_application_template.example.template_id
-  feature_tags {
-    enterprise = true
-    gallery    = true
-  }
 }
 
-resource "azuread_service_principal" "example" {
-  client_id    = azuread_application.example.application_id
-  use_existing = true
+data "azuread_service_principal" "example" {
+  object_id = azuread_application_from_template.example.service_principal_object_id
 }
 
 resource "azuread_synchronization_secret" "example" {
-  service_principal_id = azuread_service_principal.example.id
+  service_principal_id = data.azuread_service_principal.example.id
 
   credential {
     key   = "BaseAddress"
@@ -49,7 +44,7 @@ resource "azuread_synchronization_secret" "example" {
 }
 
 resource "azuread_synchronization_job" "example" {
-  service_principal_id = azuread_service_principal.example.id
+  service_principal_id = data.azuread_service_principal.example.id
   template_id          = "dataBricks"
   enabled              = true
 }
@@ -60,8 +55,8 @@ resource "azuread_synchronization_job" "example" {
 
 The following arguments are supported:
 
-* `enabled` - (Optional) Whether or not the provisioning job is enabled. Default state is `true`.
-* `service_principal_id` - (Required) The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.
+* `enabled` - (Optional) Whether the provisioning job is enabled. Default state is `true`.
+* `service_principal_id` - (Required) The ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.
 * `template_id` - (Required) Identifier of the synchronization template this job is based on.
 
 ## Attributes Reference

diff --git a/docs/resources/synchronization_job_provision_on_demand.md b/docs/resources/synchronization_job_provision_on_demand.md
@@ -29,22 +29,17 @@ data "azuread_application_template" "example" {
   display_name = "Azure Databricks SCIM Provisioning Connector"
 }
 
-resource "azuread_application" "example" {
+resource "azuread_application_from_template" "example" {
   display_name = "example"
   template_id  = data.azuread_application_template.example.template_id
-  feature_tags {
-    enterprise = true
-    gallery    = true
-  }
 }
 
-resource "azuread_service_principal" "example" {
-  client_id    = azuread_application.example.client_id
-  use_existing = true
+data "azuread_service_principal" "example" {
+  object_id = azuread_application_from_template.example.service_principal_object_id
 }
 
 resource "azuread_synchronization_secret" "example" {
-  service_principal_id = azuread_service_principal.example.id
+  service_principal_id = data.azuread_service_principal.example.id
 
   credential {
     key   = "BaseAddress"
@@ -57,13 +52,13 @@ resource "azuread_synchronization_secret" "example" {
 }
 
 resource "azuread_synchronization_job" "example" {
-  service_principal_id = azuread_service_principal.example.id
+  service_principal_id = data.azuread_service_principal.example.id
   template_id          = "dataBricks"
   enabled              = true
 }
 
 resource "azuread_synchronization_job_provision_on_demand" "example" {
-  service_principal_id   = azuread_service_principal.example.id
+  service_principal_id   = azuread_synchronization_job.example.service_principal_id
   synchronization_job_id = azuread_synchronization_job.example.id
   parameter {
     # see specific synchronization schema for rule id https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationschema-get?view=graph-rest-beta
@@ -82,9 +77,9 @@ resource "azuread_synchronization_job_provision_on_demand" "example" {
 The following arguments are supported:
 
 
-* `synchronization_job_id` (Required) Identifier of the synchronization template this job is based on.
+* `synchronization_job_id` (Required) The ID of the synchronization job.
 * `parameter` (Required) One or more `parameter` blocks as documented below.
-* `service_principal_id` (Required) The object ID of the service principal for the synchronization job.
+* `service_principal_id` (Required) The ID of the service principal for the synchronization job.
 * `triggers` (Optional) Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the [`terraform taint` command](https://www.terraform.io/docs/commands/taint.html). 
 
 ---

diff --git a/docs/resources/synchronization_secret.md b/docs/resources/synchronization_secret.md
@@ -21,22 +21,17 @@ data "azuread_application_template" "example" {
   display_name = "Azure Databricks SCIM Provisioning Connector"
 }
 
-resource "azuread_application" "example" {
+resource "azuread_application_from_template" "example" {
   display_name = "example"
   template_id  = data.azuread_application_template.example.template_id
-  feature_tags {
-    enterprise = true
-    gallery    = true
-  }
 }
 
-resource "azuread_service_principal" "example" {
-  client_id    = azuread_application.example.application_id
-  use_existing = true
+data "azuread_service_principal" "example" {
+  object_id = azuread_application_from_template.example.service_principal_object_id
 }
 
 resource "azuread_synchronization_secret" "example" {
-  service_principal_id = azuread_service_principal.example.id
+  service_principal_id = data.azuread_service_principal.example.id
 
   credential {
     key   = "BaseAddress"
@@ -55,7 +50,7 @@ resource "azuread_synchronization_secret" "example" {
 The following arguments are supported:
 
 * `credential` - (Optional) One or more `credential` blocks as documented below.
-* `service_principal_id` - (Required) The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.
+* `service_principal_id` - (Required) The ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.
 
 ---