Azure Active Directory Service Principals (#1564)

* New Resource: `azurerm_azuread_service_principal` Tests pass: ``` $ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipal_ === RUN TestAccAzureRMActiveDirectoryServicePrincipal_importBasic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_importBasic (24.04s) === RUN TestAccAzureRMActiveDirectoryServicePrincipal_basic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_basic (17.61s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 41.701s ``` * New Data Source: `azurerm_azuread_service_principal` Tests pass: ``` $ acctests azurerm TestAccDataSourceAzureRMAzureADServicePrincipal_ === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId (34.96s) === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName (23.48s) === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId (62.43s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 120.900s ``` * New Resource: `azurerm_azuread_service_principal_password` Tests pass: ``` $ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipalPassword_ === RUN TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic (36.08s) === RUN TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId --- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId (26.22s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 62.335s ``` * Fixing the broken objectID test ``` $ acctests azurerm TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete === RUN TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete --- PASS: TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete (33.13s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 33.179s ```
hashicorp · Jul 19, 2018 · e963ed6 · e963ed6
1 parent c75b520
commit e963ed6
Show file tree

Hide file tree

Showing 18 changed files with 1,104 additions and 9 deletions.
diff --git a/azurerm/data_source_azuread_application.go b/azurerm/data_source_azuread_application.go
@@ -14,7 +14,6 @@ func dataSourceArmAzureADApplication() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
 		},
-		// TODO: customizeDiff for validation of either name or object_id.
 
 		Schema: map[string]*schema.Schema{
 			"object_id": {

diff --git a/azurerm/data_source_azuread_application_test.go b/azurerm/data_source_azuread_application_test.go
@@ -18,6 +18,9 @@ func TestAccDataSourceAzureRMAzureADApplication_byObjectId(t *testing.T) {
 		Providers:    testAccProviders,
 		CheckDestroy: testCheckAzureRMActiveDirectoryApplicationDestroy,
 		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMActiveDirectoryApplication_basic(id),
+			},
 			{
 				Config: config,
 				Check: resource.ComposeTestCheckFunc(
@@ -37,15 +40,16 @@ func TestAccDataSourceAzureRMAzureADApplication_byObjectId(t *testing.T) {
 func TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete(t *testing.T) {
 	dataSourceName := "data.azurerm_azuread_application.test"
 	id := uuid.New().String()
-	config := testAccDataSourceAzureRMAzureADApplication_objectIdComplete(id)
-
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testCheckAzureRMActiveDirectoryApplicationDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: config,
+				Config: testAccAzureRMActiveDirectoryApplication_complete(id),
+			},
+			{
+				Config: testAccDataSourceAzureRMAzureADApplication_objectIdComplete(id),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckAzureRMActiveDirectoryApplicationExists(dataSourceName),
 					resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)),

diff --git a/azurerm/data_source_azuread_service_principal.go b/azurerm/data_source_azuread_service_principal.go
@@ -0,0 +1,111 @@
+package azurerm
+
+import (
+	"fmt"
+
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmActiveDirectoryServicePrincipal() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmActiveDirectoryServicePrincipalRead,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"object_id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"display_name", "application_id"},
+			},
+
+			"display_name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"object_id", "application_id"},
+			},
+
+			"application_id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"object_id", "display_name"},
+			},
+		},
+	}
+}
+
+func dataSourceArmActiveDirectoryServicePrincipalRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).servicePrincipalsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	var servicePrincipal *graphrbac.ServicePrincipal
+
+	if v, ok := d.GetOk("object_id"); ok {
+		objectId := v.(string)
+		app, err := client.Get(ctx, objectId)
+		if err != nil {
+			if utils.ResponseWasNotFound(app.Response) {
+				return fmt.Errorf("Service Principal with Object ID %q was not found!", objectId)
+			}
+
+			return fmt.Errorf("Error retrieving Service Principal ID %q: %+v", objectId, err)
+		}
+
+		servicePrincipal = &app
+	} else {
+		apps, err := client.ListComplete(ctx, "")
+		if err != nil {
+			return fmt.Errorf("Error listing Service Principals: %+v", err)
+		}
+
+		if v, ok := d.GetOk("display_name"); ok {
+			displayName := v.(string)
+
+			for _, app := range *apps.Response().Value {
+				if app.DisplayName == nil {
+					continue
+				}
+
+				if *app.DisplayName == displayName {
+					servicePrincipal = &app
+					break
+				}
+			}
+
+			if servicePrincipal == nil {
+				return fmt.Errorf("A Service Principal with the Display Name %q was not found", displayName)
+			}
+		} else {
+			applicationId := d.Get("application_id").(string)
+
+			for _, app := range *apps.Response().Value {
+				if app.AppID == nil {
+					continue
+				}
+
+				if *app.AppID == applicationId {
+					servicePrincipal = &app
+					break
+				}
+			}
+
+			if servicePrincipal == nil {
+				return fmt.Errorf("A Service Principal for Application ID %q was not found", applicationId)
+			}
+		}
+	}
+
+	d.SetId(*servicePrincipal.ObjectID)
+
+	d.Set("application_id", servicePrincipal.AppID)
+	d.Set("display_name", servicePrincipal.DisplayName)
+	d.Set("object_id", servicePrincipal.ObjectID)
+
+	return nil
+}
diff --git a/azurerm/data_source_azuread_service_principal_test.go b/azurerm/data_source_azuread_service_principal_test.go
@@ -0,0 +1,111 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId(t *testing.T) {
+	dataSourceName := "data.azurerm_azuread_service_principal.test"
+	id := uuid.New().String()
+	config := testAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryServicePrincipalExists(dataSourceName),
+					resource.TestCheckResourceAttrSet(dataSourceName, "application_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "object_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "display_name"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName(t *testing.T) {
+	dataSourceName := "data.azurerm_azuread_service_principal.test"
+	id := uuid.New().String()
+	config := testAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryServicePrincipalExists(dataSourceName),
+					resource.TestCheckResourceAttrSet(dataSourceName, "application_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "object_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "display_name"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId(t *testing.T) {
+	dataSourceName := "data.azurerm_azuread_service_principal.test"
+	id := uuid.New().String()
+	config := testAccDataSourceAzureRMAzureADServicePrincipal_byObjectId(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryServicePrincipalExists(dataSourceName),
+					resource.TestCheckResourceAttrSet(dataSourceName, "application_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "object_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "display_name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId(id string) string {
+	template := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_azuread_service_principal" "test" {
+  application_id = "${azurerm_azuread_service_principal.test.application_id}"
+}
+`, template)
+}
+
+func testAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName(id string) string {
+	template := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_azuread_service_principal" "test" {
+  display_name = "${azurerm_azuread_service_principal.test.display_name}"
+}
+`, template)
+}
+
+func testAccDataSourceAzureRMAzureADServicePrincipal_byObjectId(id string) string {
+	template := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_azuread_service_principal" "test" {
+  object_id = "${azurerm_azuread_service_principal.test.id}"
+}
+`, template)
+}
diff --git a/azurerm/helpers/validate/uuid.go b/azurerm/helpers/validate/uuid.go
@@ -0,0 +1,21 @@
+package validate
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/go-uuid"
+)
+
+func UUID(i interface{}, k string) (_ []string, errors []error) {
+	v, ok := i.(string)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected type of %q to be string", k))
+		return
+	}
+
+	if _, err := uuid.ParseUUID(v); err != nil {
+		errors = append(errors, fmt.Errorf("%q isn't a valid UUID (%q): %+v", k, v, err))
+	}
+
+	return
+}
diff --git a/azurerm/helpers/validate/uuid_test.go b/azurerm/helpers/validate/uuid_test.go
@@ -0,0 +1,37 @@
+package validate
+
+import "testing"
+
+func TestUUID(t *testing.T) {
+	cases := []struct {
+		Input  string
+		Errors int
+	}{
+		{
+			Input:  "",
+			Errors: 1,
+		},
+		{
+			Input:  "hello-world",
+			Errors: 1,
+		},
+		{
+			Input:  "00000000-0000-111-0000-000000000000",
+			Errors: 1,
+		},
+		{
+			Input:  "00000000-0000-0000-0000-000000000000",
+			Errors: 0,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Input, func(t *testing.T) {
+			_, errors := UUID(tc.Input, "test")
+
+			if len(errors) != tc.Errors {
+				t.Fatalf("Expected UUID to have %d not %d errors for %q", tc.Errors, len(errors), tc.Input)
+			}
+		})
+	}
+}
diff --git a/azurerm/import_arm_azuread_service_principal_test.go b/azurerm/import_arm_azuread_service_principal_test.go
@@ -0,0 +1,31 @@
+package azurerm
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAzureRMActiveDirectoryServicePrincipal_importBasic(t *testing.T) {
+	resourceName := "azurerm_azuread_service_principal.test"
+
+	id := uuid.New().String()
+	config := testAccAzureRMActiveDirectoryServicePrincipal_basic(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryServicePrincipalDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -79,6 +79,7 @@ func Provider() terraform.ResourceProvider {
 
 		DataSourcesMap: map[string]*schema.Resource{
 			"azurerm_azuread_application":                   dataSourceArmAzureADApplication(),
+			"azurerm_azuread_service_principal":             dataSourceArmActiveDirectoryServicePrincipal(),
 			"azurerm_application_security_group":            dataSourceArmApplicationSecurityGroup(),
 			"azurerm_app_service":                           dataSourceArmAppService(),
 			"azurerm_app_service_plan":                      dataSourceAppServicePlan(),
@@ -121,6 +122,8 @@ func Provider() terraform.ResourceProvider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"azurerm_azuread_application":                     resourceArmActiveDirectoryApplication(),
+			"azurerm_azuread_service_principal":               resourceArmActiveDirectoryServicePrincipal(),
+			"azurerm_azuread_service_principal_password":      resourceArmActiveDirectoryServicePrincipalPassword(),
 			"azurerm_application_gateway":                     resourceArmApplicationGateway(),
 			"azurerm_application_insights":                    resourceArmApplicationInsights(),
 			"azurerm_application_security_group":              resourceArmApplicationSecurityGroup(),