-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Active Directory Service Principals #1564
Conversation
Hi @tombuildsstuff, I've just created a similar PR (#1570 ). Just want to check how we go ahead? Additionally I want to discuss what you think is the best way to add access credentials to the service principal object. Initially I've added a access_credential block to my implementation, but maybe a separate resource (azurerm_azuread_service_principal_access_credential) would be more fitting? |
Tests pass: ``` $ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipal_ === RUN TestAccAzureRMActiveDirectoryServicePrincipal_importBasic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_importBasic (24.04s) === RUN TestAccAzureRMActiveDirectoryServicePrincipal_basic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipal_basic (17.61s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 41.701s ```
Tests pass: ``` $ acctests azurerm TestAccDataSourceAzureRMAzureADServicePrincipal_ === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byApplicationId (34.96s) === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byDisplayName (23.48s) === RUN TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId --- PASS: TestAccDataSourceAzureRMAzureADServicePrincipal_byObjectId (62.43s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 120.900s ```
Tests pass: ``` $ acctests azurerm TestAccAzureRMActiveDirectoryServicePrincipalPassword_ === RUN TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic --- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_basic (36.08s) === RUN TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId --- PASS: TestAccAzureRMActiveDirectoryServicePrincipalPassword_customKeyId (26.22s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 62.335s ```
19a01f9
to
0e8c24e
Compare
hey @tiwood
Thanks for the PR #1570 :) Taking a look through both PR's, it appears this one's slightly further along - as such I'm going to close #1570 in favour of this PR for the moment - I hope you don't mind!
I've spent a while prototyping both approaches and have come to a similar conclusion that this is better as a separate resource (since this allows for them to be more easily generated using the One thing that's not included in either of our PR's is support for Service Principal Certificates (although yours contains a "credential_type" field, from what I can see this needs to be a separate resource specifically for Credentials). Since you've been looking into this area anyway - would you be interested in adding support for that instead? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Need to fix up one of the tests prior to merging this |
``` $ acctests azurerm TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete === RUN TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete --- PASS: TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete (33.13s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 33.179s ```
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
This PR adds support for creating Service Principals associated with an Azure Active Directory Application.
There's an eventual consistency issue in the Active Directory Application resource, but I can't immediately see a way around that - so that'll be fixed in a follow up PR
Fixes #16