Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Active Directory Service Principals #1564

Merged
merged 4 commits into from
Jul 19, 2018

Conversation

tombuildsstuff
Copy link
Contributor

@tombuildsstuff tombuildsstuff commented Jul 13, 2018

This PR adds support for creating Service Principals associated with an Azure Active Directory Application.

  • Resource for Service Principal
  • Data Source for Service Principal
  • Resource for a Service Principal Key

There's an eventual consistency issue in the Active Directory Application resource, but I can't immediately see a way around that - so that'll be fixed in a follow up PR

Fixes #16

* **New Data Source:** `azurerm_service_principal` [GH-1564]
* **New Resource:** `azurerm_service_principal` [GH-1564]
* **New Resource:** `azurerm_service_principal_password` [GH-1564]

@tiwood
Copy link
Contributor

tiwood commented Jul 14, 2018

Hi @tombuildsstuff, I've just created a similar PR (#1570 ). Just want to check how we go ahead?

Additionally I want to discuss what you think is the best way to add access credentials to the service principal object. Initially I've added a access_credential block to my implementation, but maybe a separate resource (azurerm_azuread_service_principal_access_credential) would be more fitting?

Tests pass:

```
$ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipal_

=== RUN   TestAccAzureRMActiveDirectoryServicePrincipal_importBasic
--- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_importBasic (24.04s)
=== RUN   TestAccAzureRMActiveDirectoryServicePrincipal_basic
--- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_basic (17.61s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	41.701s
```
Tests pass:

```
$ acctests azurerm TestAccDataSourceAzureRMAzureADServicePrincipal_
=== RUN   TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId
--- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId (34.96s)
=== RUN   TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName
--- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName (23.48s)
=== RUN   TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId
--- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId (62.43s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	120.900s

```
Tests pass:

```
$ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipalPassword_

=== RUN   TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic
--- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic (36.08s)
=== RUN   TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId
--- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId (26.22s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	62.335s
```
@tombuildsstuff
Copy link
Contributor Author

hey @tiwood

Hi @tombuildsstuff, I've just created a similar PR (#1570 ). Just want to check how we go ahead?

Thanks for the PR #1570 :)

Taking a look through both PR's, it appears this one's slightly further along - as such I'm going to close #1570 in favour of this PR for the moment - I hope you don't mind!

Additionally I want to discuss what you think is the best way to add access credentials to the service principal object. Initially I've added a access_credential block to my implementation, but maybe a separate resource (azurerm_azuread_service_principal_access_credential) would be more fitting?

I've spent a while prototyping both approaches and have come to a similar conclusion that this is better as a separate resource (since this allows for them to be more easily generated using the count syntax, for one thing); as such I've pushed a commit to this PR which adds the separate resource. I also wondered if it'd be worth integrating the azurerm_azurerad_service_principal resource into the azurerm_azuread_application resource, but on reflection I feel that's probably the wrong approach (and ended up leaving it as a separate resource).

One thing that's not included in either of our PR's is support for Service Principal Certificates (although yours contains a "credential_type" field, from what I can see this needs to be a separate resource specifically for Credentials). Since you've been looking into this area anyway - would you be interested in adding support for that instead?

Thanks!

@tombuildsstuff tombuildsstuff changed the title [WIP] Azure Active Directory Service Principals Azure Active Directory Service Principals Jul 16, 2018
@tombuildsstuff tombuildsstuff requested a review from a team July 16, 2018 10:39
@tombuildsstuff tombuildsstuff requested review from katbyte and mbfrahry and removed request for a team July 17, 2018 11:41
Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tombuildsstuff
Copy link
Contributor Author

Need to fix up one of the tests prior to merging this

```
$ acctests azurerm TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete
=== RUN   TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete
--- PASS: TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete (33.13s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	33.179s
```
@tombuildsstuff
Copy link
Contributor Author

tombuildsstuff commented Jul 19, 2018

Ignoring a transitory failure (the eventual consistency issue referred to above) - the Data Source tests pass:

screenshot 2018-07-19 at 13 38 43

@tombuildsstuff
Copy link
Contributor Author

Resource tests pass:

screenshot 2018-07-19 at 13 42 22

@tombuildsstuff tombuildsstuff merged commit e963ed6 into master Jul 19, 2018
@tombuildsstuff tombuildsstuff deleted the azuread-serviceprincipal branch July 19, 2018 11:43
tombuildsstuff added a commit that referenced this pull request Jul 19, 2018
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Feature Request: azurerm_service_principal
3 participants