New Resource: azurerm_azuread_service_principal

Tests pass: ``` $ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipal_ === RUN TestAccAzureRMActiveDirectoryServicePrincipal_importBasic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_importBasic (24.04s) === RUN TestAccAzureRMActiveDirectoryServicePrincipal_basic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_basic (17.61s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 41.701s ```
hashicorp · Jul 13, 2018 · c9b21a1 · c9b21a1
1 parent fe4e024
commit c9b21a1
Show file tree

Hide file tree

Showing 7 changed files with 279 additions and 1 deletion.
diff --git a/azurerm/import_arm_azuread_service_principal_test.go b/azurerm/import_arm_azuread_service_principal_test.go
@@ -0,0 +1,31 @@
+package azurerm
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAzureRMActiveDirectoryServicePrincipal_importBasic(t *testing.T) {
+	resourceName := "azurerm_azuread_service_principal.test"
+
+	id := uuid.New().String()
+	config := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -118,6 +118,7 @@ func Provider() terraform.ResourceProvider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"azurerm_azuread_application":                     resourceArmActiveDirectoryApplication(),
+			"azurerm_azuread_service_principal":               resourceArmActiveDirectoryServicePrincipal(),
 			"azurerm_application_gateway":                     resourceArmApplicationGateway(),
 			"azurerm_application_insights":                    resourceArmApplicationInsights(),
 			"azurerm_application_security_group":              resourceArmApplicationSecurityGroup(),

diff --git a/azurerm/resource_arm_azuread_service_principal.go b/azurerm/resource_arm_azuread_service_principal.go
@@ -0,0 +1,99 @@
+package azurerm
+
+import (
+	"fmt"
+
+	"log"
+
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmActiveDirectoryServicePrincipal() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmActiveDirectoryServicePrincipalCreate,
+		Read:   resourceArmActiveDirectoryServicePrincipalRead,
+		Delete: resourceArmActiveDirectoryServicePrincipalDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"application_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"display_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceArmActiveDirectoryServicePrincipalCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).servicePrincipalsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	applicationId := d.Get("application_id").(string)
+
+	properties := graphrbac.ServicePrincipalCreateParameters{
+		AppID: utils.String(applicationId),
+		// there's no way of retrieving this, and there's no way of changing it
+		// given there's no way to change it - we'll just default this to true
+		AccountEnabled: utils.Bool(true),
+	}
+
+	app, err := client.Create(ctx, properties)
+	if err != nil {
+		return fmt.Errorf("Error creating Service Principal %q: %+v", applicationId, err)
+	}
+
+	objectId := *app.ObjectID
+	resp, err := client.Get(ctx, objectId)
+	if err != nil {
+		return fmt.Errorf("Error retrieving Service Principal ID %q: %+v", objectId, err)
+	}
+
+	d.SetId(*resp.ObjectID)
+
+	return resourceArmActiveDirectoryServicePrincipalRead(d, meta)
+}
+
+func resourceArmActiveDirectoryServicePrincipalRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).servicePrincipalsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	objectId := d.Id()
+	app, err := client.Get(ctx, objectId)
+	if err != nil {
+		if utils.ResponseWasNotFound(app.Response) {
+			log.Printf("[DEBUG] Service Principal with Object ID %q was not found - removing from state!", objectId)
+			return nil
+		}
+		return fmt.Errorf("Error retrieving Service Principal ID %q: %+v", objectId, err)
+	}
+
+	d.Set("application_id", app.AppID)
+	d.Set("display_name", app.DisplayName)
+
+	return nil
+}
+
+func resourceArmActiveDirectoryServicePrincipalDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).servicePrincipalsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	applicationId := d.Id()
+	app, err := client.Delete(ctx, applicationId)
+	if err != nil {
+		if !response.WasNotFound(app.Response) {
+			return fmt.Errorf("Error deleting Service Principal ID %q: %+v", applicationId, err)
+		}
+	}
+
+	return nil
+}
diff --git a/azurerm/resource_arm_azuread_service_principal_test.go b/azurerm/resource_arm_azuread_service_principal_test.go
@@ -0,0 +1,91 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func TestAccAzureRMActiveDirectoryServicePrincipal_basic(t *testing.T) {
+	resourceName := "azurerm_azuread_service_principal.test"
+	id := uuid.New().String()
+	config := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryServicePrincipalExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "display_name"),
+					resource.TestCheckResourceAttrSet(resourceName, "application_id"),
+				),
+			},
+		},
+	})
+}
+
+func testCheckAzureRMActiveDirectoryServicePrincipalExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %q", name)
+		}
+
+		client := testAccProvider.Meta().(*ArmClient).servicePrincipalsClient
+		ctx := testAccProvider.Meta().(*ArmClient).StopContext
+		resp, err := client.Get(ctx, rs.Primary.ID)
+
+		if err != nil {
+			if utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("Bad: Azure AD Service Principal %q does not exist", rs.Primary.ID)
+			}
+			return fmt.Errorf("Bad: Get on Azure AD servicePrincipalsClient: %+v", err)
+		}
+
+		return nil
+	}
+}
+
+func testCheckAzureRMActiveDirectoryServicePrincipalDestroy(s *terraform.State) error {
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "azurerm_azuread_service_principal" {
+			continue
+		}
+
+		client := testAccProvider.Meta().(*ArmClient).servicePrincipalsClient
+		ctx := testAccProvider.Meta().(*ArmClient).StopContext
+		resp, err := client.Get(ctx, rs.Primary.ID)
+
+		if err != nil {
+			if utils.ResponseWasNotFound(resp.Response) {
+				return nil
+			}
+
+			return err
+		}
+
+		return fmt.Errorf("Azure AD Service Principal still exists:\n%#v", resp)
+	}
+
+	return nil
+}
+
+func testAccAzureRMActiveDirectoryServicePrincipal_basic(id string) string {
+	return fmt.Sprintf(`
+resource "azurerm_azuread_application" "test" {
+  name = "acctestspa%s"
+}
+
+resource "azurerm_azuread_service_principal" "test" {
+  application_id = "${azurerm_azuread_application.test.application_id}"
+}
+`, id)
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
@@ -232,6 +232,9 @@
                 <li<%= sidebar_current("docs-azurerm-resource-azuread-application") %>>
                   <a href="/docs/providers/azurerm/r/azuread_application.html">azurerm_azuread_application</a>
                 </li>
+                <li<%= sidebar_current("docs-azurerm-resource-azuread-service-principal") %>>
+                  <a href="/docs/providers/azurerm/r/azuread_service_principal.html">azurerm_azuread_service_principal</a>
+                </li>
               </ul>
             </li>
 

diff --git a/website/docs/r/azuread_application.html.markdown b/website/docs/r/azuread_application.html.markdown
@@ -16,7 +16,7 @@ Manages an Application within Azure Active Directory.
 ## Example Usage
 
 ```hcl
-resource "azurerm_azuread_application" "example" {
+resource "azurerm_azuread_application" "test" {
   name                       = "example"
   homepage                   = "http://homepage"
   identifier_uris            = ["http://uri"]

diff --git a/website/docs/r/azuread_service_principal.html.markdown b/website/docs/r/azuread_service_principal.html.markdown
@@ -0,0 +1,53 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_azuread_service_principal"
+sidebar_current: "docs-azurerm-resource-azuread-service-principal"
+description: |-
+  Manages a Service Principal associated with an Application within Azure Active Directory.
+
+---
+
+# azurerm_azuread_service_principal
+
+Manages a Service Principal associated with an Application within Azure Active Directory.
+
+-> **NOTE:** If you're authenticating using a Service Principal then it must have permissions to both `Read and write all applications` and `Sign in and read user profile` within the `Windows Azure Active Directory` API.
+
+## Example Usage
+
+```hcl
+resource "azurerm_azuread_application" "test" {
+  name                       = "example"
+  homepage                   = "http://homepage"
+  identifier_uris            = ["http://uri"]
+  reply_urls                 = ["http://replyurl"]
+  available_to_other_tenants = false
+  oauth2_allow_implicit_flow = true
+}
+
+resource "azurerm_azuread_service_principal" "test" {
+  application_id = "${azurerm_azuread_application.test.application_id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `application_id` - (Required) The ID of the Azure AD Application for which to create a Service Principal.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The Object ID for the Service Principal.
+
+* `display_name` - The Display Name of the Azure Active Directory Application associated with this Service Principal.
+
+## Import
+
+Azure Active Directory Service Principals can be imported using the `object id`, e.g.
+
+```shell
+terraform import azurerm_azuread_service_principal.test 00000000-0000-0000-0000-000000000000
+```