diff --git a/docs/resources/application_redirect_uris.md b/docs/resources/application_redirect_uris.md new file mode 100644 index 0000000000..cbb292eca5 --- /dev/null +++ b/docs/resources/application_redirect_uris.md @@ -0,0 +1,82 @@ +--- +subcategory: "Applications" +--- + +# Resource: azuread_application_redirect_uris + +Manages the redirect URIs for an application registration. + +~> This resource is incompatible with the `azuread_application` resource, instead use this with the `azuread_application_registration` resource. + +## API Permissions + +The following API permissions are required in order to use this resource. + +When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All` + +-> When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application. + +When authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator` + +## Example Usage + +```terraform +resource "azuread_application_registration" "example" { + display_name = "example" +} + +resource "azuread_application_redirect_uris" "example_public" { + application_id = azuread_application_registration.example.id + type = "PublicClient" + + redirect_uris = [ + "myapp://auth", + "sample.mobile.app.bundie.id://auth", + "https://login.microsoftonline.com/common/oauth2/nativeclient", + "https://login.live.com/oauth20_desktop.srf", + "ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222", + "urn:ietf:wg:oauth:2.0:foo", + ] +} + +resource "azuread_application_redirect_uris" "example_spa" { + application_id = azuread_application_registration.example.id + type = "SPA" + + redirect_uris = [ + "https://mobile.hashitown.com/", + "https://beta.hashitown.com/", + ] +} + +resource "azuread_application_redirect_uris" "example_web" { + application_id = azuread_application_registration.example.id + type = "Web" + + redirect_uris = [ + "https://app.hashitown.com/", + "https://classic.hashitown.com/", + "urn:ietf:wg:oauth:2.0:oob", + ] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `application_id` - (Required) The resource ID of the application registration. Changing this forces a new resource to be created. +* `redirect_uris` - (Required) A set of redirect URIs to assign to the application. +* `type` - (Required) The type of redirect URIs to manage. Must be one of: `PublicClient`, `SPA`, or `Web`. Changing this forces a new resource to be created. + +## Attributes Reference + +No additional attributes are exported. + +## Import + +Application API Access can be imported using the object ID of the application and the URI type, in the following format. + +```shell +terraform import azuread_application_redirect_uris.example /applications/00000000-0000-0000-0000-000000000000/uriType/Web +``` diff --git a/internal/services/applications/application_redirect_uris_resource_test.go b/internal/services/applications/application_redirect_uris_resource_test.go index fba95dbd4b..a1bb789209 100644 --- a/internal/services/applications/application_redirect_uris_resource_test.go +++ b/internal/services/applications/application_redirect_uris_resource_test.go @@ -69,6 +69,30 @@ func TestAccApplicationRedirectUris_web(t *testing.T) { }) } +func TestAccApplicationRedirectUris_all(t *testing.T) { + data := acceptance.BuildTestData(t, "azuread_application_redirect_uris", "test_public") + data2 := acceptance.BuildTestData(t, "azuread_application_redirect_uris", "test_spa") + data3 := acceptance.BuildTestData(t, "azuread_application_redirect_uris", "test_web") + r := ApplicationRedirectUrisResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.all(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("application_id").Exists(), + check.That(data2.ResourceName).ExistsInAzure(r), + check.That(data2.ResourceName).Key("application_id").Exists(), + check.That(data3.ResourceName).ExistsInAzure(r), + check.That(data3.ResourceName).Key("application_id").Exists(), + ), + }, + data.ImportStep(), + data2.ImportStep(), + data3.ImportStep(), + }) +} + func TestAccApplicationRedirectUris_requiresImport(t *testing.T) { data := acceptance.BuildTestData(t, "azuread_application_redirect_uris", "test") r := ApplicationRedirectUrisResource{} @@ -189,6 +213,51 @@ resource "azuread_application_redirect_uris" "test" { `, data.RandomInteger) } +func (ApplicationRedirectUrisResource) all(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azuread" {} + +resource "azuread_application_registration" "test" { + display_name = "acctest-RedirectUris-%[1]d" +} + +resource "azuread_application_redirect_uris" "test_public" { + application_id = azuread_application_registration.test.id + type = "PublicClient" + + redirect_uris = [ + "myapp://auth", + "sample.mobile.app.bundie.id://auth", + "https://login.microsoftonline.com/common/oauth2/nativeclient", + "https://login.live.com/oauth20_desktop.srf", + "ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222", + "urn:ietf:wg:oauth:2.0:foo", + ] +} + +resource "azuread_application_redirect_uris" "test_spa" { + application_id = azuread_application_registration.test.id + type = "SPA" + + redirect_uris = [ + "https://mobile.hashitown-%[1]d.com/", + "https://beta.hashitown-%[1]d.com/", + ] +} + +resource "azuread_application_redirect_uris" "test_web" { + application_id = azuread_application_registration.test.id + type = "Web" + + redirect_uris = [ + "https://app.hashitown-%[1]d.com/", + "https://classic.hashitown-%[1]d.com/", + "urn:ietf:wg:oauth:2.0:oob", + ] +} +`, data.RandomInteger) +} + func (r ApplicationRedirectUrisResource) requiresImport(data acceptance.TestData) string { return fmt.Sprintf(` %[1]s diff --git a/internal/services/applications/parse/redirect_uri.go b/internal/services/applications/parse/redirect_uri.go index 9cb5e4215d..63bd1bd73f 100644 --- a/internal/services/applications/parse/redirect_uri.go +++ b/internal/services/applications/parse/redirect_uri.go @@ -68,7 +68,7 @@ func (id RedirectUrisId) Segments() []resourceids.Segment { resourceids.StaticSegment("applications", "applications", "applications"), resourceids.UserSpecifiedSegment("applicationId", "00000000-0000-0000-0000-000000000000"), resourceids.StaticSegment("redirectUris", "redirectUris", "redirectUris"), - resourceids.UserSpecifiedSegment("uriType", "web"), + resourceids.UserSpecifiedSegment("uriType", "Web"), } }