3.0 Preparation: Remove deprecations

internal/services/applications/application_api_access_resource.go

@@ -51,7 +51,7 @@ func (r ApplicationApiAccessResource) Arguments() map[string]*pluginsdk.Schema {
 			Type:         pluginsdk.TypeString,
 			Required:     true,
 			ForceNew:     true,
-			ValidateFunc: parse.ValidateApplicationID,
+			ValidateFunc: stable.ValidateApplicationID,
 		},
 
 		"api_client_id": {

internal/services/applications/application_app_role_resource.go

@@ -54,7 +54,7 @@ func (r ApplicationAppRoleResource) Arguments() map[string]*pluginsdk.Schema {
 			Type:         pluginsdk.TypeString,
 			Required:     true,
 			ForceNew:     true,
-			ValidateFunc: parse.ValidateApplicationID,
+			ValidateFunc: stable.ValidateApplicationID,
 		},
 
 		"role_id": {

internal/services/applications/application_certificate_resource.go

@@ -13,7 +13,6 @@ import (
 	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-sdk/microsoft-graph/applications/stable/application"
 	"github.com/hashicorp/go-azure-sdk/microsoft-graph/common-types/stable"
-	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/terraform-provider-azuread/internal/clients"
 	"github.com/hashicorp/terraform-provider-azuread/internal/helpers/consistency"
 	"github.com/hashicorp/terraform-provider-azuread/internal/helpers/credentials"
@@ -45,36 +44,9 @@ func applicationCertificateResource() *pluginsdk.Resource {
 			"application_id": {
 				Description:  "The resource ID of the application for which this certificate should be created",
 				Type:         pluginsdk.TypeString,
-				Optional:     true,
-				Computed:     true, // TODO remove Computed in v3.0
-				ForceNew:     true,
-				ExactlyOneOf: []string{"application_id", "application_object_id"},
-				ValidateFunc: parse.ValidateApplicationID,
-			},
-
-			"application_object_id": {
-				Description:  "The object ID of the application for which this certificate should be created",
-				Type:         pluginsdk.TypeString,
-				Optional:     true,
-				Computed:     true,
+				Required:     true,
 				ForceNew:     true,
-				ExactlyOneOf: []string{"application_id", "application_object_id"},
-				Deprecated:   "The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider",
-				ValidateFunc: validation.Any(validation.IsUUID, parse.ValidateApplicationID),
-				DiffSuppressFunc: func(_, oldValue, newValue string, _ *pluginsdk.ResourceData) bool {
-					// Where oldValue is a UUID (i.e. the bare object ID), and newValue is a properly formed application
-					// resource ID, we'll ignore a diff where these point to the same application resource.
-					// This maintains compatibility with configurations mixing the ID attributes, e.g.
-					//     application_object_id = azuread_application.example.id
-					if _, err := uuid.ParseUUID(oldValue); err == nil {
-						if applicationId, err := parse.ParseApplicationID(newValue); err == nil {
-							if applicationId.ApplicationId == oldValue {
-								return true
-							}
-						}
-					}
-					return false
-				},
+				ValidateFunc: stable.ValidateApplicationID,
 			},
 
 			"encoding": {
@@ -125,6 +97,7 @@ func applicationCertificateResource() *pluginsdk.Resource {
 				ForceNew:      true,
 				ConflictsWith: []string{"end_date"},
 				ValidateFunc:  validation.StringIsNotEmpty,
+				Deprecated:    "The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.",
 			},
 
 			"type": {
@@ -152,24 +125,9 @@ func applicationCertificateResource() *pluginsdk.Resource {
 func applicationCertificateResourceCreate(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) pluginsdk.Diagnostics {
 	client := meta.(*clients.Client).Applications.ApplicationClient
 
-	var applicationId *stable.ApplicationId
-	var err error
-	if v := d.Get("application_id").(string); v != "" {
-		if applicationId, err = stable.ParseApplicationID(v); err != nil {
-			return tf.ErrorDiagPathF(err, "application_id", "Parsing `application_id`: %q", v)
-		}
-	} else {
-		// TODO: this permits parsing the application_object_id as either a structured ID or a bare UUID, to avoid
-		// breaking users who might have `application_object_id = azuread_application.foo.id` in their config, and
-		// should be removed in version 3.0 along with the application_object_id property
-		v = d.Get("application_object_id").(string)
-		if _, err = uuid.ParseUUID(v); err == nil {
-			applicationId = pointer.To(stable.NewApplicationID(v))
-		} else {
-			if applicationId, err = stable.ParseApplicationID(v); err != nil {
-				return tf.ErrorDiagPathF(err, "application_id", "Parsing `application_object_id`: %q", v)
-			}
-		}
+	applicationId, err := stable.ParseApplicationID(d.Get("application_id").(string))
+	if err != nil {
+		return tf.ErrorDiagPathF(err, "application_id", "Parsing `application_id`")
 	}
 
 	credential, err := credentials.KeyCredentialForResource(d)
@@ -191,7 +149,7 @@ func applicationCertificateResourceCreate(ctx context.Context, d *pluginsdk.Reso
 
 	resp, err := client.GetApplication(ctx, *applicationId, application.DefaultGetApplicationOperationOptions())
 	if err != nil {
-		return tf.ErrorDiagPathF(err, "application_object_id", "Retrieving %s", applicationId)
+		return tf.ErrorDiagPathF(err, "application_id", "Retrieving %s", applicationId)
 	}
 
 	app := resp.Model
@@ -272,7 +230,7 @@ func applicationCertificateResourceRead(ctx context.Context, d *pluginsdk.Resour
 
 	resp, err := client.GetApplication(ctx, applicationId, application.DefaultGetApplicationOperationOptions())
 	if err != nil {
-		return tf.ErrorDiagPathF(err, "application_object_id", "Retrieving %s", applicationId)
+		return tf.ErrorDiagPathF(err, "application_id", "Retrieving %s", applicationId)
 	}
 
 	app := resp.Model
@@ -293,12 +251,6 @@ func applicationCertificateResourceRead(ctx context.Context, d *pluginsdk.Resour
 	tf.Set(d, "start_date", credential.StartDateTime.GetOrZero())
 	tf.Set(d, "end_date", credential.EndDateTime.GetOrZero())
 
-	if v := d.Get("application_object_id").(string); v != "" {
-		tf.Set(d, "application_object_id", v)
-	} else {
-		tf.Set(d, "application_object_id", id.ObjectId)
-	}
-
 	return nil
 }
 
@@ -317,7 +269,7 @@ func applicationCertificateResourceDelete(ctx context.Context, d *pluginsdk.Reso
 
 	resp, err := client.GetApplication(ctx, applicationId, application.DefaultGetApplicationOperationOptions())
 	if err != nil {
-		return tf.ErrorDiagPathF(err, "application_object_id", "Retrieving %s", applicationId)
+		return tf.ErrorDiagPathF(err, "application_id", "Retrieving %s", applicationId)
 	}
 
 	app := resp.Model

internal/services/applications/application_certificate_resource_test.go

@@ -172,40 +172,6 @@ func TestAccApplicationCertificate_requiresImport(t *testing.T) {
 	})
 }
 
-func TestAccApplicationCertificate_deprecatedId(t *testing.T) {
-	data := acceptance.BuildTestData(t, "azuread_application_certificate", "test")
-	endDate := time.Now().AddDate(0, 3, 27).UTC().Format(time.RFC3339)
-	r := ApplicationCertificateResource{}
-
-	data.ResourceTest(t, r, []acceptance.TestStep{
-		{
-			Config: r.deprecatedId(data, endDate),
-			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).ExistsInAzure(r),
-				check.That(data.ResourceName).Key("key_id").Exists(),
-			),
-		},
-		data.ImportStep("encoding", "end_date_relative", "value"),
-	})
-}
-
-func TestAccApplicationCertificate_deprecatedId2(t *testing.T) {
-	data := acceptance.BuildTestData(t, "azuread_application_certificate", "test")
-	endDate := time.Now().AddDate(0, 3, 27).UTC().Format(time.RFC3339)
-	r := ApplicationCertificateResource{}
-
-	data.ResourceTest(t, r, []acceptance.TestStep{
-		{
-			Config: r.deprecatedId2(data, endDate),
-			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).ExistsInAzure(r),
-				check.That(data.ResourceName).Key("key_id").Exists(),
-			),
-		},
-		data.ImportStep("application_object_id", "encoding", "end_date_relative", "value"),
-	})
-}
-
 func (ApplicationCertificateResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.Applications.ApplicationClient
 
@@ -341,33 +307,3 @@ resource "azuread_application_certificate" "import" {
 }
 `, r.basic(data, endDate))
 }
-
-func (r ApplicationCertificateResource) deprecatedId(data acceptance.TestData, endDate string) string {
-	return fmt.Sprintf(`
-%[1]s
-
-resource "azuread_application_certificate" "test" {
-  application_object_id = azuread_application.test.object_id
-  type                  = "AsymmetricX509Cert"
-  end_date              = "%[2]s"
-  value                 = <<EOT
-%[3]s
-EOT
-}
-`, r.template(data), endDate, applicationCertificatePem)
-}
-
-func (r ApplicationCertificateResource) deprecatedId2(data acceptance.TestData, endDate string) string {
-	return fmt.Sprintf(`
-%[1]s
-
-resource "azuread_application_certificate" "test" {
-  application_object_id = azuread_application.test.id
-  type                  = "AsymmetricX509Cert"
-  end_date              = "%[2]s"
-  value                 = <<EOT
-%[3]s
-EOT
-}
-`, r.template(data), endDate, applicationCertificatePem)
-}

internal/services/applications/application_data_source.go

@@ -38,26 +38,16 @@ func applicationDataSource() *pluginsdk.Resource {
 				Type:             pluginsdk.TypeString,
 				Optional:         true,
 				Computed:         true,
-				ExactlyOneOf:     []string{"application_id", "client_id", "display_name", "object_id", "identifier_uri"},
+				ExactlyOneOf:     []string{"client_id", "display_name", "object_id", "identifier_uri"},
 				ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
 			},
 
-			"application_id": {
-				Description:      "The Application ID (also called Client ID)",
-				Type:             pluginsdk.TypeString,
-				Optional:         true,
-				Computed:         true,
-				ExactlyOneOf:     []string{"application_id", "client_id", "display_name", "object_id", "identifier_uri"},
-				ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
-				Deprecated:       "The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider",
-			},
-
 			"client_id": {
 				Description:      "The Client ID (also called Application ID)",
 				Type:             pluginsdk.TypeString,
 				Optional:         true,
 				Computed:         true,
-				ExactlyOneOf:     []string{"application_id", "client_id", "display_name", "object_id", "identifier_uri"},
+				ExactlyOneOf:     []string{"client_id", "display_name", "object_id", "identifier_uri"},
 				ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
 			},
 
@@ -66,7 +56,7 @@ func applicationDataSource() *pluginsdk.Resource {
 				Type:             pluginsdk.TypeString,
 				Optional:         true,
 				Computed:         true,
-				ExactlyOneOf:     []string{"application_id", "client_id", "display_name", "object_id", "identifier_uri"},
+				ExactlyOneOf:     []string{"client_id", "display_name", "object_id", "identifier_uri"},
 				ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
 			},
 
@@ -81,7 +71,7 @@ func applicationDataSource() *pluginsdk.Resource {
 				Type:             pluginsdk.TypeString,
 				Optional:         true,
 				Computed:         true,
-				ExactlyOneOf:     []string{"application_id", "client_id", "display_name", "object_id", "identifier_uri"},
+				ExactlyOneOf:     []string{"client_id", "display_name", "object_id", "identifier_uri"},
 				ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
 			},
 
@@ -539,11 +529,7 @@ func applicationDataSourceRead(ctx context.Context, d *pluginsdk.ResourceData, m
 
 	} else {
 		var filter, fieldName, fieldValue string
-		if applicationId, ok := d.GetOk("application_id"); ok && applicationId.(string) != "" {
-			fieldName = "appId"
-			fieldValue = applicationId.(string)
-			filter = fmt.Sprintf("appId eq '%s'", applicationId)
-		} else if clientId, ok := d.GetOk("client_id"); ok && clientId.(string) != "" {
+		if clientId, ok := d.GetOk("client_id"); ok && clientId.(string) != "" {
 			fieldName = "appId"
 			fieldValue = clientId.(string)
 			filter = fmt.Sprintf("appId eq '%s'", clientId)
@@ -556,7 +542,7 @@ func applicationDataSourceRead(ctx context.Context, d *pluginsdk.ResourceData, m
 			fieldValue = identifierUri.(string)
 			filter = fmt.Sprintf("identifierUris/any(uri:uri eq '%s')", identifierUri)
 		} else {
-			return tf.ErrorDiagF(nil, "One of `object_id`, `application_id`, `client_id`, `displayName`, or `identifier_uri` must be specified")
+			return tf.ErrorDiagF(nil, "One of `object_id`, `client_id`, `displayName`, or `identifier_uri` must be specified")
 		}
 
 		options := application.ListApplicationsOperationOptions{
@@ -602,7 +588,6 @@ func applicationDataSourceRead(ctx context.Context, d *pluginsdk.ResourceData, m
 	tf.Set(d, "api", flattenApplicationApi(app.Api, true))
 	tf.Set(d, "app_roles", applications.FlattenAppRoles(app.AppRoles))
 	tf.Set(d, "app_role_ids", applications.FlattenAppRoleIDs(app.AppRoles))
-	tf.Set(d, "application_id", app.AppId.GetOrZero())
 	tf.Set(d, "client_id", app.AppId.GetOrZero())
 	tf.Set(d, "device_only_auth_enabled", app.IsDeviceOnlyAuthSupported.GetOrZero())
 	tf.Set(d, "disabled_by_microsoft", app.DisabledByMicrosoftStatus.GetOrZero())

internal/services/applications/application_data_source_test.go

@@ -25,18 +25,6 @@ func TestAccApplicationDataSource_byObjectId(t *testing.T) {
 	})
 }
 
-func TestAccApplicationDataSource_byApplicationIdDeprecated(t *testing.T) {
-	data := acceptance.BuildTestData(t, "data.azuread_application", "test")
-	r := ApplicationDataSource{}
-
-	data.DataSourceTest(t, []acceptance.TestStep{
-		{
-			Config: r.applicationIdDeprecated(data),
-			Check:  r.testCheck(data),
-		},
-	})
-}
-
 func TestAccApplicationDataSource_byClientId(t *testing.T) {
 	data := acceptance.BuildTestData(t, "data.azuread_application", "test")
 	r := ApplicationDataSource{}
@@ -75,7 +63,6 @@ func TestAccApplicationDataSource_byIdentifierUri(t *testing.T) {
 
 func (ApplicationDataSource) testCheck(data acceptance.TestData) acceptance.TestCheckFunc {
 	return acceptance.ComposeTestCheckFunc(
-		check.That(data.ResourceName).Key("application_id").IsUuid(),
 		check.That(data.ResourceName).Key("client_id").IsUuid(),
 		check.That(data.ResourceName).Key("object_id").IsUuid(),
 		check.That(data.ResourceName).Key("api.0.oauth2_permission_scopes.#").HasValue("2"),
@@ -113,16 +100,6 @@ data "azuread_application" "test" {
 `, ApplicationResource{}.complete(data))
 }
 
-func (ApplicationDataSource) applicationIdDeprecated(data acceptance.TestData) string {
-	return fmt.Sprintf(`
-%[1]s
-
-data "azuread_application" "test" {
-  application_id = upper(azuread_application.test.application_id)
-}
-`, ApplicationResource{}.complete(data))
-}
-
 func (ApplicationDataSource) clientId(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %[1]s

internal/services/applications/application_fallback_public_client_resource.go

@@ -46,7 +46,7 @@ func (r ApplicationFallbackPublicClientResource) Arguments() map[string]*plugins
 			Type:         pluginsdk.TypeString,
 			Required:     true,
 			ForceNew:     true,
-			ValidateFunc: parse.ValidateApplicationID,
+			ValidateFunc: stable.ValidateApplicationID,
 		},
 
 		"enabled": {