From fdf951ff6b2cf77b65747af495cdb936275ff3be Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Thu, 21 Jan 2021 13:44:51 +0000 Subject: [PATCH] Refactor documentation for Terraform Registry --- .../{website-test.yml => docs-lint.yml} | 8 +- .github/workflows/website-lint.yml | 22 --- GNUmakefile | 26 +--- .../data-sources/application.md | 92 ++++-------- .../data-sources/client_config.md | 6 +- .../data-sources/domains.md | 10 +- .../data-sources/group.md | 10 +- .../data-sources/groups.md | 8 +- .../data-sources/service_principal.md | 48 ++---- .../data-sources/user.md | 39 ++--- .../data-sources/users.md | 30 ++-- .../guides/azure_cli.md | 6 +- .../guides/managed_service_identity.md | 6 +- .../service_principal_client_certificate.md | 6 +- .../guides/service_principal_client_secret.md | 6 +- .../guides/service_principal_configuration.md | 6 +- .../docs/index.html.markdown => docs/index.md | 8 - .../resources/application.md | 104 +++++-------- .../resources/application_app_role.md | 20 +-- .../resources/application_certificate.md | 21 +-- .../application_oauth2_permission.md | 22 +-- .../resources/application_password.md | 18 +-- .../group.markdown => docs/resources/group.md | 25 ++-- .../resources/group_member.md | 13 +- .../resources/service_principal.md | 34 +---- .../service_principal_certificate.md | 21 +-- .../resources/service_principal_password.md | 18 +-- .../resources/user.md | 39 +++-- .../{terrafmt-website.sh => terrafmt-docs.sh} | 12 +- website/allowed-subcategories | 6 - website/azuread.erb | 141 ------------------ 31 files changed, 198 insertions(+), 633 deletions(-) rename .github/workflows/{website-test.yml => docs-lint.yml} (80%) delete mode 100644 .github/workflows/website-lint.yml rename website/docs/d/application.html.markdown => docs/data-sources/application.md (94%) rename website/docs/d/client_config.html.markdown => docs/data-sources/client_config.md (77%) rename website/docs/d/domains.html.markdown => docs/data-sources/domains.md (85%) rename website/docs/d/group.html.markdown => docs/data-sources/group.md (87%) rename website/docs/d/groups.html.markdown => docs/data-sources/groups.md (86%) rename website/docs/d/service_principal.html.markdown => docs/data-sources/service_principal.md (92%) rename website/docs/d/user.html.markdown => docs/data-sources/user.md (94%) rename website/docs/d/users.html.markdown => docs/data-sources/users.md (80%) rename website/docs/guides/azure_cli.html.markdown => docs/guides/azure_cli.md (97%) rename website/docs/guides/managed_service_identity.html.markdown => docs/guides/managed_service_identity.md (98%) rename website/docs/guides/service_principal_client_certificate.html.markdown => docs/guides/service_principal_client_certificate.md (97%) rename website/docs/guides/service_principal_client_secret.html.markdown => docs/guides/service_principal_client_secret.md (97%) rename website/docs/guides/service_principal_configuration.html.markdown => docs/guides/service_principal_configuration.md (96%) rename website/docs/index.html.markdown => docs/index.md (97%) rename website/docs/r/application.html.markdown => docs/resources/application.md (90%) rename website/docs/r/application_app_role.html.markdown => docs/resources/application_app_role.md (89%) rename website/docs/r/application_certificate.html.markdown => docs/resources/application_certificate.md (89%) rename website/docs/r/application_oauth2_permission.html.markdown => docs/resources/application_oauth2_permission.md (89%) rename website/docs/r/application_password.html.markdown => docs/resources/application_password.md (90%) rename website/docs/r/group.markdown => docs/resources/group.md (74%) rename website/docs/r/group_member.markdown => docs/resources/group_member.md (81%) rename website/docs/r/service_principal.html.markdown => docs/resources/service_principal.md (91%) rename website/docs/r/service_principal_certificate.html.markdown => docs/resources/service_principal_certificate.md (90%) rename website/docs/r/service_principal_password.html.markdown => docs/resources/service_principal_password.md (91%) rename website/docs/r/user.html.markdown => docs/resources/user.md (91%) rename scripts/{terrafmt-website.sh => terrafmt-docs.sh} (60%) delete mode 100644 website/allowed-subcategories delete mode 100644 website/azuread.erb diff --git a/.github/workflows/website-test.yml b/.github/workflows/docs-lint.yml similarity index 80% rename from .github/workflows/website-test.yml rename to .github/workflows/docs-lint.yml index 07c65f09c..83a6a7614 100644 --- a/.github/workflows/website-test.yml +++ b/.github/workflows/docs-lint.yml @@ -1,14 +1,14 @@ --- -name: Website Checks +name: Documentation Linting on: pull_request: types: ['opened', 'synchronize'] paths: - - 'website/**' + - 'docs/**' - '.github/workflows/**' jobs: - website-test: + docs-lint: runs-on: ubuntu-latest strategy: fail-fast: true @@ -19,4 +19,4 @@ jobs: go-version: '1.14.5' - run: bash scripts/gogetcookie.sh - run: make tools - - run: make website-test + - run: make docs-lint diff --git a/.github/workflows/website-lint.yml b/.github/workflows/website-lint.yml deleted file mode 100644 index f357257c1..000000000 --- a/.github/workflows/website-lint.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Website Linting -on: - pull_request: - types: ['opened', 'synchronize'] - paths: - - 'website/**' - - '.github/workflows/**' - -jobs: - website-lint: - runs-on: ubuntu-latest - strategy: - fail-fast: true - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '1.14.5' - - run: bash scripts/gogetcookie.sh - - run: make tools - - run: make website-lint diff --git a/GNUmakefile b/GNUmakefile index 9e6fcb29e..d4015a34d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -1,5 +1,4 @@ TEST?=$$(go list ./... |grep -v 'vendor') -WEBSITE_REPO=github.com/hashicorp/terraform-website PKG_NAME=internal PROVIDER=azuread @@ -98,30 +97,15 @@ test-compile: todo: grep --color=always --exclude=GNUmakefile --exclude-dir=.git --exclude-dir=vendor --line-number --recursive TODO "$(CURDIR)" -website-lint: +docs-lint: @echo "==> Checking documentation spelling..." - @misspell -error -source=text -i hdinsight -locale UK website/ + @misspell -error -source=text -i hdinsight -locale UK docs/ @echo "==> Checking documentation for errors..." - @tfproviderdocs check -provider-name=azuread -require-resource-subcategory \ - -allowed-resource-subcategories-file website/allowed-subcategories - @sh -c "'$(CURDIR)/scripts/terrafmt-website.sh'" - -website: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) - -website-test: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $$(go env GOPATH || $$GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $$(go env GOPATH || $$GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PROVIDER) + @tfproviderdocs check -provider-name=azuread -allowed-guide-subcategories=Authentication -enable-contents-check -require-schema-ordering -require-guide-subcategory -require-resource-subcategory + @sh -c "'$(CURDIR)/scripts/terrafmt-docs.sh'" teamcity-test: @$(MAKE) -C .teamcity tools @$(MAKE) -C .teamcity test -.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile website website-test +.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile diff --git a/website/docs/d/application.html.markdown b/docs/data-sources/application.md similarity index 94% rename from website/docs/d/application.html.markdown rename to docs/data-sources/application.md index 31d3405a6..a9f281319 100644 --- a/website/docs/d/application.html.markdown +++ b/docs/data-sources/application.md @@ -1,9 +1,5 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application" -description: |- - Gets information about an existing Application within Azure Active Directory. +subcategory: "Applications" --- # Data Source: azuread_application @@ -26,11 +22,9 @@ output "azure_ad_object_id" { ## Argument Reference -* `object_id` - (Optional) Specifies the Object ID of the Application within Azure Active Directory. - * `application_id` - (Optional) Specifies the Application ID of the Azure Active Directory Application. - * `display_name` - (Optional) Specifies the display name of the Application within Azure Active Directory. +* `object_id` - (Optional) Specifies the Object ID of the Application within Azure Active Directory. ~> **NOTE:** One of `object_id`, `application_id` or `display_name` must be specified. @@ -38,93 +32,65 @@ output "azure_ad_object_id" { The following attributes are exported: -* `id` - the Object ID of the Azure Active Directory Application. - +* `app_roles` - A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles * `application_id` - the Application ID of the Azure Active Directory Application. - * `available_to_other_tenants` - Is this Azure AD Application available to other tenants? - +* `group_membership_claims` - The `groups` claim issued in a user or OAuth 2.0 access token that the app expects. +* `id` - the Object ID of the Azure Active Directory Application. * `identifier_uris` - A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant. - * `logout_url` - The URL of the logout page. - * `oauth2_allow_implicit_flow` - Does this Azure AD Application allow OAuth2.0 implicit flow tokens? - +* `oauth2_permissions` - A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a `oauth2_permission` block as documented below. * `object_id` - the Object ID of the Azure Active Directory Application. - -* `reply_urls` - A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. - -* `group_membership_claims` - The `groups` claim issued in a user or OAuth 2.0 access token that the app expects. - * `optional_claims` - A collection of `access_token` or `id_token` blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims - * `owners` - A list of User Object IDs that are assigned ownership of the application registration. - -* `required_resource_access` - A collection of `required_resource_access` blocks as documented below. - -* `oauth2_permissions` - A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a `oauth2_permission` block as documented below. - -* `app_roles` - A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles - * `public_client` - Is this Azure AD Application available publicly? +* `reply_urls` - A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. +* `required_resource_access` - A collection of `required_resource_access` blocks as documented below. --- -`required_resource_access` block exports the following: - -* `resource_app_id` - The unique identifier for the resource that the application requires access to. - -* `resource_access` - A collection of `resource_access` blocks as documented below - ---- - -`resource_access` block exports the following: +`access_token` and `id_token` blocks export the following: -* `id` - The unique identifier for one of the `OAuth2Permission` or `AppRole` instances that the resource application exposes. - -* `type` - Specifies whether the id property references an `OAuth2Permission` or an `AppRole`. +* `additional_properties` - List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. +* `essential` - Whether the claim specified by the client is necessary to ensure a smooth authorization experience. +* `name` - The name of the optional claim. +* `source` - The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object. --- -`access_token` and/or `id_token` blocks export the following: +`app_role` block exports the following: -* `name` - The name of the optional claim. -* `source` - The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object. -* `essential` - Whether the claim specified by the client is necessary to ensure a smooth authorization experience. -* `additional_properties` - List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. +* `allowed_member_types` - Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: `User` and `Application`, or both. +* `description` - Permission help text that appears in the admin app assignment and consent experiences. +* `display_name` - Display name for the permission that appears in the admin consent and app assignment experiences. +* `id` - The unique identifier of the `app_role`. +* `is_enabled` - Determines if the app role is enabled. +* `value` - Specifies the value of the roles claim that the application should expect in the authentication and access tokens. --- `oauth2_permission` block exports the following: -* `id` - The unique identifier for one of the `OAuth2Permission` - -* `type` - The type of the permission - * `admin_consent_description` - The description of the admin consent - * `admin_consent_display_name` - The display name of the admin consent - +* `id` - The unique identifier for one of the `OAuth2Permission` * `is_enabled` - Is this permission enabled? - +* `type` - The type of the permission * `user_consent_description` - The description of the user consent - * `user_consent_display_name` - The display name of the user consent - * `value` - The name of this permission --- -`app_role` block exports the following: - -* `id` - The unique identifier of the `app_role`. - -* `allowed_member_types` - Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: `User` and `Application`, or both. +`required_resource_access` block exports the following: -* `description` - Permission help text that appears in the admin app assignment and consent experiences. +* `resource_access` - A collection of `resource_access` blocks as documented below +* `resource_app_id` - The unique identifier for the resource that the application requires access to. -* `display_name` - Display name for the permission that appears in the admin consent and app assignment experiences. +--- -* `is_enabled` - Determines if the app role is enabled. +`resource_access` block exports the following: -* `value` - Specifies the value of the roles claim that the application should expect in the authentication and access tokens. +* `id` - The unique identifier for one of the `OAuth2Permission` or `AppRole` instances that the resource application exposes. +* `type` - Specifies whether the id property references an `OAuth2Permission` or an `AppRole`. diff --git a/website/docs/d/client_config.html.markdown b/docs/data-sources/client_config.md similarity index 77% rename from website/docs/d/client_config.html.markdown rename to docs/data-sources/client_config.md index 0df9bce8f..16616c8b9 100644 --- a/website/docs/d/client_config.html.markdown +++ b/docs/data-sources/client_config.md @@ -1,9 +1,5 @@ --- subcategory: "Base" -layout: "azuread" -page_title: "Azure Active Directory: azuread_client_config" -description: |- - Gets information about the configuration of the AzureAD provider. --- # Data Source: azuread_client_config @@ -28,5 +24,5 @@ There are no arguments available for this data source. ## Attributes Reference * `client_id` is set to the Client ID (Application ID). -* `tenant_id` is set to the Tenant ID. * `object_id` is set to the Object ID of the authenticated principal. +* `tenant_id` is set to the Tenant ID. diff --git a/website/docs/d/domains.html.markdown b/docs/data-sources/domains.md similarity index 85% rename from website/docs/d/domains.html.markdown rename to docs/data-sources/domains.md index ef377c780..52477abc2 100644 --- a/website/docs/d/domains.html.markdown +++ b/docs/data-sources/domains.md @@ -1,9 +1,5 @@ --- subcategory: "Domains" -layout: "azuread" -page_title: "Azure Active Directory: azuread_domains" -description: |- - Gets information about existing Domains within Azure Active Directory. --- # Data Source: azuread_domains @@ -32,12 +28,12 @@ output "domains" { ## Attributes Reference -* `domains` - One or more `domain` blocks as defined below. +* `domains` - A list of domains. Each `domain` object provides the attributes documented below. -The `domain` block contains: +`domain` object exports the following: -* `domain_name` - The name of the domain. * `authentication_type` - The authentication type of the domain (Managed or Federated). +* `domain_name` - The name of the domain. * `is_default` - `True` if this is the default domain that is used for user creation. * `is_initial` - `True` if this is the initial domain created by Azure Active Directory. * `is_verified` - `True` if the domain has completed domain ownership verification. diff --git a/website/docs/d/group.html.markdown b/docs/data-sources/group.md similarity index 87% rename from website/docs/d/group.html.markdown rename to docs/data-sources/group.md index fd741e9af..35461fcc0 100644 --- a/website/docs/d/group.html.markdown +++ b/docs/data-sources/group.md @@ -1,10 +1,5 @@ --- subcategory: "Groups" -layout: "azuread" -page_title: "Azure Active Directory: azuread_group" -description: |- - Gets information about an Azure Active Directory group. - --- # Data Source: azuread_group @@ -26,7 +21,6 @@ data "azuread_group" "example" { The following arguments are supported: * `display_name` - (Optional) The splay name of the Group within Azure Active Directory. - * `object_id` - (Optional) Specifies the Object ID of the Group within Azure Active Directory. ~> **NOTE:** One of `display_name` or `object_id` must be specified. @@ -35,9 +29,9 @@ The following arguments are supported: The following attributes are exported: -* `id` - The Object ID of the Azure AD Group. * `description` - The description of the AD Group. * `display_name` - The name of the Azure AD Group. -* `owners` - The Object IDs of the Azure AD Group owners. +* `id` - The Object ID of the Azure AD Group. * `members` - The Object IDs of the Azure AD Group members. +* `owners` - The Object IDs of the Azure AD Group owners. diff --git a/website/docs/d/groups.html.markdown b/docs/data-sources/groups.md similarity index 86% rename from website/docs/d/groups.html.markdown rename to docs/data-sources/groups.md index 0be1ee4c0..f56cb73f5 100644 --- a/website/docs/d/groups.html.markdown +++ b/docs/data-sources/groups.md @@ -1,10 +1,5 @@ --- subcategory: "Groups" -layout: "azuread" -page_title: "Azure Active Directory: azuread_groups" -description: |- - Gets information about Azure Active Directory groups. - --- # Data Source: azuread_groups @@ -26,7 +21,6 @@ data "azuread_groups" "groups" { The following arguments are supported: * `names` - (Optional) The Display Names of the Azure AD Groups. - * `object_ids` - (Optional) The Object IDs of the Azure AD Groups. ~> **NOTE:** Either `names` or `object_ids` should be specified. Either of these _may_ be specified as an empty list, in which case no results will be returned. @@ -35,5 +29,5 @@ The following arguments are supported: The following attributes are exported: -* `object_ids` - The Object IDs of the Azure AD Groups. * `names` - The Display Names of the Azure AD Groups. +* `object_ids` - The Object IDs of the Azure AD Groups. diff --git a/website/docs/d/service_principal.html.markdown b/docs/data-sources/service_principal.md similarity index 92% rename from website/docs/d/service_principal.html.markdown rename to docs/data-sources/service_principal.md index d262688b4..b0e4041e8 100644 --- a/website/docs/d/service_principal.html.markdown +++ b/docs/data-sources/service_principal.md @@ -1,10 +1,5 @@ --- subcategory: "Service Principals" -layout: "azuread" -page_title: "Azure Active Directory: azuread_service_principal" -description: |- - Gets information about an existing Service Principal associated with an Application within Azure Active Directory. - --- # Data Source: azuread_service_principal @@ -41,16 +36,13 @@ data "azuread_service_principal" "example" { The following arguments are supported: +* `app_roles` - A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles * `application_id` - (Optional) The ID of the Azure AD Application. - -* `object_id` - (Optional) The ID of the Azure AD Service Principal. - * `display_name` - (Optional) The Display Name of the Azure AD Application associated with this Service Principal. +* `object_id` - (Optional) The ID of the Azure AD Service Principal. ~> **NOTE:** At least one of `application_id`, `display_name` or `object_id` must be specified. -* `app_roles` - A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles - * `oauth2_permissions` - A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a `oauth2_permission` block as documented below. ## Attributes Reference @@ -61,36 +53,24 @@ The following attributes are exported: --- -`oauth2_permission` block exports the following: +`app_role` block exports the following: -* `id` - The unique identifier for one of the `OAuth2Permission` +* `allowed_member_types` - Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: `User` and `Application`, or both. +* `description` - Permission help text that appears in the admin app assignment and consent experiences. +* `display_name` - Display name for the permission that appears in the admin consent and app assignment experiences. +* `id` - The unique identifier of the `app_role`. +* `is_enabled` - Determines if the app role is enabled. +* `value` - Specifies the value of the roles claim that the application should expect in the authentication and access tokens. -* `type` - The type of the permission +--- -* `admin_consent_description` - The description of the admin consent +`oauth2_permission` block exports the following: +* `admin_consent_description` - The description of the admin consent * `admin_consent_display_name` - The display name of the admin consent - +* `id` - The unique identifier for one of the `OAuth2Permission` * `is_enabled` - Is this permission enabled? - +* `type` - The type of the permission * `user_consent_description` - The description of the user consent - * `user_consent_display_name` - The display name of the user consent - * `value` - The name of this permission - ---- - -`app_role` block exports the following: - -* `id` - The unique identifier of the `app_role`. - -* `allowed_member_types` - Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: `User` and `Application`, or both. - -* `description` - Permission help text that appears in the admin app assignment and consent experiences. - -* `display_name` - Display name for the permission that appears in the admin consent and app assignment experiences. - -* `is_enabled` - Determines if the app role is enabled. - -* `value` - Specifies the value of the roles claim that the application should expect in the authentication and access tokens. diff --git a/website/docs/d/user.html.markdown b/docs/data-sources/user.md similarity index 94% rename from website/docs/d/user.html.markdown rename to docs/data-sources/user.md index 94f2b9bdc..781dd9317 100644 --- a/website/docs/d/user.html.markdown +++ b/docs/data-sources/user.md @@ -1,10 +1,5 @@ --- subcategory: "Users" -layout: "azuread" -page_title: "Azure Active Directory: azuread_user" -description: |- - Gets information about an Azure Active Directory user. - --- # Data Source: azuread_user @@ -25,11 +20,9 @@ data "azuread_user" "example" { The following arguments are supported: -* `user_principal_name` - (Optional) The User Principal Name of the Azure AD User. - -* `object_id` - (Optional) Specifies the Object ID of the User within Azure Active Directory. - * `mail_nickname` - (Optional) The email alias of the Azure AD User. +* `object_id` - (Optional) Specifies the Object ID of the User within Azure Active Directory. +* `user_principal_name` - (Optional) The User Principal Name of the Azure AD User. ~> **NOTE:** One of `user_principal_name`, `object_id` or `mail_nickname` must be specified. @@ -37,26 +30,26 @@ The following arguments are supported: The following attributes are exported: -* `id` - The Object ID of the Azure AD User. -* `user_principal_name` - The User Principal Name of the Azure AD User. * `account_enabled` - `True` if the account is enabled; otherwise `False`. +* `city` - The city in which the user is located. +* `company_name` - The company name which the user is associated. This property can be useful for describing the company that an external user comes from. +* `country` - The country/region in which the user is located; for example, “US” or “UK”. +* `department` - The name for the department in which the user works. * `display_name` - The Display Name of the Azure AD User. * `given_name` - The given name (first name) of the user. -* `surname` - The user's surname (family name or last name). -* `mail` - The primary email address of the Azure AD User. +* `id` - The Object ID of the Azure AD User. +* `immutable_id` - The value used to associate an on-premise Active Directory user account with their Azure AD user object. +* `job_title` - The user’s job title. * `mail_nickname` - The email alias of the Azure AD User. * `mail_nickname` - The email alias of the Azure AD User. +* `mail` - The primary email address of the Azure AD User. +* `mobile` - The primary cellular telephone number for the user. * `onpremises_sam_account_name` - The on-premise SAM account name of the Azure AD User. * `onpremises_user_principal_name` - The on-premise user principal name of the Azure AD User. -* `usage_location` - The usage location of the Azure AD User. -* `immutable_id` - The value used to associate an on-premise Active Directory user account with their Azure AD user object. -* `job_title` - The user’s job title. -* `department` - The name for the department in which the user works. -* `company_name` - The company name which the user is associated. This property can be useful for describing the company that an external user comes from. * `physical_delivery_office_name` - The office location in the user's place of business. -* `street_address` - The street address of the user's place of business. -* `city` - The city in which the user is located. -* `state` - The state or province in the user's address. -* `country` - The country/region in which the user is located; for example, “US” or “UK”. * `postal_code` - The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. -* `mobile` - The primary cellular telephone number for the user. +* `state` - The state or province in the user's address. +* `street_address` - The street address of the user's place of business. +* `surname` - The user's surname (family name or last name). +* `usage_location` - The usage location of the Azure AD User. +* `user_principal_name` - The User Principal Name of the Azure AD User. diff --git a/website/docs/d/users.html.markdown b/docs/data-sources/users.md similarity index 80% rename from website/docs/d/users.html.markdown rename to docs/data-sources/users.md index b921f1533..a4d154f21 100644 --- a/website/docs/d/users.html.markdown +++ b/docs/data-sources/users.md @@ -1,10 +1,5 @@ --- subcategory: "Users" -layout: "azuread" -page_title: "Azure Active Directory: azuread_users" -description: |- - Gets information about Azure Active Directory users. - --- # Data Source: azuread_users @@ -25,36 +20,33 @@ data "azuread_users" "users" { The following arguments are supported: -* `user_principal_names` - (Optional) The User Principal Names of the Azure AD Users. - -* `object_ids` - (Optional) The Object IDs of the Azure AD Users. - * `mail_nicknames` - (Optional) The email aliases of the Azure AD Users. - -~> **NOTE:** Either `user_principal_names`, `object_ids` or `mail_nicknames` should be specified. These _may_ be specified as an empty list, in which case no results will be returned. - * `ignore_missing` - (Optional) Ignore missing users and return users that were found. The data source will still fail if no users are found. Defaults to false. +* `object_ids` - (Optional) The Object IDs of the Azure AD Users. +* `user_principal_names` - (Optional) The User Principal Names of the Azure AD Users. + +~> **NOTE:** One of `user_principal_names`, `object_ids` or `mail_nicknames` must be specified. These _may_ be specified as an empty list, in which case no results will be returned. ## Attributes Reference The following attributes are exported: +* `mail_nicknames` - The email aliases of the Azure AD Users. * `object_ids` - The Object IDs of the Azure AD Users. * `user_principal_names` - The User Principal Names of the Azure AD Users. -* `mail_nicknames` - The email aliases of the Azure AD Users. -* `users` - An Array of Azure AD Users. Each `user` object consists of the fields documented below. +* `users` - A list of Azure AD Users. Each `user` object provides the attributes documented below. ___ -The `user` object consists of: +`user` object exports the following: -* `object_id` - The Object ID of the Azure AD User. -* `user_principal_name` - The User Principal Name of the Azure AD User. * `account_enabled` - `True` if the account is enabled; otherwise `False`. * `display_name` - The Display Name of the Azure AD User. -* `mail` - The primary email address of the Azure AD User. +* `immutable_id` - The value used to associate an on-premises Active Directory user account with their Azure AD user object. * `mail_nickname` - The email alias of the Azure AD User. +* `mail` - The primary email address of the Azure AD User. +* `object_id` - The Object ID of the Azure AD User. * `onpremises_sam_account_name` - The on-premise SAM account name of the Azure AD User. * `onpremises_user_principal_name` - The on-premise user principal name of the Azure AD User. * `usage_location` - The usage location of the Azure AD User. -* `immutable_id` - The value used to associate an on-premises Active Directory user account with their Azure AD user object. +* `user_principal_name` - The User Principal Name of the Azure AD User. diff --git a/website/docs/guides/azure_cli.html.markdown b/docs/guides/azure_cli.md similarity index 97% rename from website/docs/guides/azure_cli.html.markdown rename to docs/guides/azure_cli.md index 17b37c29f..153918243 100644 --- a/website/docs/guides/azure_cli.html.markdown +++ b/docs/guides/azure_cli.md @@ -1,10 +1,6 @@ --- -subcategory: "Authentication" -layout: "azuread" page_title: "Authenticating via the Azure CLI" -description: |- - This guide will cover how to use the Azure CLI as authentication for the Azure Active Directory Provider. - +subcategory: "Authentication" --- # Azure Active Directory Provider: Authenticating using the Azure CLI diff --git a/website/docs/guides/managed_service_identity.html.markdown b/docs/guides/managed_service_identity.md similarity index 98% rename from website/docs/guides/managed_service_identity.html.markdown rename to docs/guides/managed_service_identity.md index 6d455ae5f..98931b9bd 100644 --- a/website/docs/guides/managed_service_identity.html.markdown +++ b/docs/guides/managed_service_identity.md @@ -1,10 +1,6 @@ --- -subcategory: "Authentication" -layout: "azuread" page_title: "Authenticating via Managed Service Identity" -description: |- - This guide will cover how to use Managed Service Identity as authentication for the Azure Active Directory Provider. - +subcategory: "Authentication" --- # Azure Active Directory Provider: Authenticating using Managed Service Identity diff --git a/website/docs/guides/service_principal_client_certificate.html.markdown b/docs/guides/service_principal_client_certificate.md similarity index 97% rename from website/docs/guides/service_principal_client_certificate.html.markdown rename to docs/guides/service_principal_client_certificate.md index c585460e9..38e031971 100644 --- a/website/docs/guides/service_principal_client_certificate.html.markdown +++ b/docs/guides/service_principal_client_certificate.md @@ -1,10 +1,6 @@ --- -subcategory: "Authentication" -layout: "azuread" page_title: "Authenticating via a Service Principal and a Client Certificate" -description: |- - This guide will cover how to use a Service Principal (Shared Account) with a Client Certificate as authentication for the Azure Active Directory Provider. - +subcategory: "Authentication" --- # Azure Active Directory Provider: Authenticating using a Service Principal with a Client Certificate diff --git a/website/docs/guides/service_principal_client_secret.html.markdown b/docs/guides/service_principal_client_secret.md similarity index 97% rename from website/docs/guides/service_principal_client_secret.html.markdown rename to docs/guides/service_principal_client_secret.md index 4d780a2fb..90dae8cbc 100644 --- a/website/docs/guides/service_principal_client_secret.html.markdown +++ b/docs/guides/service_principal_client_secret.md @@ -1,10 +1,6 @@ --- -subcategory: "Authentication" -layout: "azuread" page_title: "Authenticating via a Service Principal and a Client Secret" -description: |- - This guide will cover how to use a Service Principal (Shared Account) with a Client Secret as authentication for the Azure Active Directory Provider. - +subcategory: "Authentication" --- # Azure Active Directory Provider: Authenticating using a Service Principal with a Client Secret diff --git a/website/docs/guides/service_principal_configuration.html.markdown b/docs/guides/service_principal_configuration.md similarity index 96% rename from website/docs/guides/service_principal_configuration.html.markdown rename to docs/guides/service_principal_configuration.md index 07173845d..ab7140412 100644 --- a/website/docs/guides/service_principal_configuration.html.markdown +++ b/docs/guides/service_principal_configuration.md @@ -1,10 +1,6 @@ --- -subcategory: "Authentication" -layout: "azuread" page_title: "Configuring a Service Principal to manage an Azure Active Directory" -description: |- - This guide will cover how to use grant permissions to a Service Principal (Shared Account) to manage objects within an Azure Active Directory . - +subcategory: "Authentication" --- # Azure Active Directory Provider: Configuring a Service Principal for managing Azure Active Directory diff --git a/website/docs/index.html.markdown b/docs/index.md similarity index 97% rename from website/docs/index.html.markdown rename to docs/index.md index 02fd79ce4..4fd4a1ffe 100644 --- a/website/docs/index.html.markdown +++ b/docs/index.md @@ -1,11 +1,3 @@ ---- -layout: "azuread" -page_title: "Provider: Azure Active Directory" -description: |- - The AzureAD Provider is used to interact with the many resources supported by Azure Active Directory. - ---- - # Azure Active Directory Provider The Azure Provider can be used to configure infrastructure in [Azure Active Directory](https://azure.microsoft.com/en-us/services/active-directory/) using the Azure Resource Manager API's. Documentation regarding the [Data Sources](/docs/configuration/data-sources.html) and [Resources](/docs/configuration/resources.html) supported by the Azure Active Directory Provider can be found in the navigation to the left. diff --git a/website/docs/r/application.html.markdown b/docs/resources/application.md similarity index 90% rename from website/docs/r/application.html.markdown rename to docs/resources/application.md index 2e76d8a1d..2a5c33c3a 100644 --- a/website/docs/r/application.html.markdown +++ b/docs/resources/application.md @@ -1,13 +1,8 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application" -description: |- - Manages an Application within Azure Active Directory. - +subcategory: "Applications" --- -# azuread_application +# Resource: azuread_application Manages an Application within Azure Active Directory. @@ -107,111 +102,82 @@ resource "azuread_application" "example" { The following arguments are supported: +* `app_role` - (Optional) A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles +* `available_to_other_tenants` - (Optional) Is this Azure AD Application available to other tenants? Defaults to `false`. * `display_name` - (Required) The display name for the application. - +* `group_membership_claims` - (Optional) Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to `SecurityGroup`. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * `homepage` - (optional) The URL to the application's home page. - * `identifier_uris` - (Optional) A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant. - -* `reply_urls` - (Optional) A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. - * `logout_url` - (Optional) The URL of the logout page. - -* `available_to_other_tenants` - (Optional) Is this Azure AD Application available to other tenants? Defaults to `false`. - -* `public_client` - (Optional) Is this Azure AD Application a public client? Defaults to `false`. - * `oauth2_allow_implicit_flow` - (Optional) Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to `false`. - -* `group_membership_claims` - (Optional) Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to `SecurityGroup`. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. - -* `optional_claims` - A collection of `access_token` or `id_token` blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims - -* `owners` - (Optional) A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list. - -* `required_resource_access` - (Optional) A collection of `required_resource_access` blocks as documented below. - -* `type` - (Optional) Type of an application: `webapp/api` or `native`. Defaults to `webapp/api`. For `native` apps type `identifier_uris` property can not not be set. - --> **Note:** The `type` attribute is deprecated and will be removed in version 2.0 of the provider, along with the associated constraints of this attribute's values. - -* `app_role` - (Optional) A collection of `app_role` blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles - * `oauth2_permissions` - (Optional) A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by `oauth2_permissions` blocks as documented below. -> **Note on roles and scopes/permissions:** In Azure Active Directory, roles (`app_role`) and scopes/permissions (`oauth2_permissions`) exported by an Application share the same namespace and cannot contain duplicate values. Terraform will attempt to detect this at plan time. +* `optional_claims` - (Optional) A collection of `access_token` or `id_token` blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims +* `owners` - (Optional) A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list. * `prevent_duplicate_names` - (Optional) If `true`, will return an error when an existing Application is found with the same name. Defaults to `false`. +* `public_client` - (Optional) Is this Azure AD Application a public client? Defaults to `false`. +* `reply_urls` - (Optional) A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. +* `required_resource_access` - (Optional) A collection of `required_resource_access` blocks as documented below. +* `type` - (Optional) Type of an application: `webapp/api` or `native`. Defaults to `webapp/api`. For `native` apps type `identifier_uris` property can not not be set. ---- - -`required_resource_access` supports the following: - -* `resource_app_id` - (Required) The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application. - -* `resource_access` - (Required) A collection of `resource_access` blocks as documented below. - ---- - -`resource_access` supports the following: - -* `id` - (Required) The unique identifier for one of the `OAuth2Permission` or `AppRole` instances that the resource application exposes. - -* `type` - (Required) Specifies whether the id property references an `OAuth2Permission` or an `AppRole`. Possible values are `Scope` or `Role`. +~> **Note:** The `type` attribute is deprecated and will be removed in version 2.0 of the provider, along with the associated constraints of this attribute's values. Applications in Azure Active Directory are no longer differentiated by their type, instead you will be able to set native client specific attributes. --- `access_token` and/or `id_token` blocks support the following: +* `additional_properties` - List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. +* `essential` - Whether the claim specified by the client is necessary to ensure a smooth authorization experience. * `name` - The name of the optional claim. * `source` - The source of the claim. If `source` is absent, the claim is a predefined optional claim. If `source` is `user`, the value of `name` is the extension property from the user object. -* `essential` - Whether the claim specified by the client is necessary to ensure a smooth authorization experience. -* `additional_properties` - List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. --- -`app_role` supports the following: - -* `id` - The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom `id`, it's recommended to use the [azuread_application_app_role](application_app_role.html) resource. +`app_role` block supports the following: * `allowed_member_types` - (Required) Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in daemon service scenarios) by setting to `Application`, or to both. - * `description` - (Required) Permission help text that appears in the admin app assignment and consent experiences. - * `display_name` - (Required) Display name for the permission that appears in the admin consent and app assignment experiences. - +* `id` - The unique identifier of the app role. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom `id`, it's recommended to use the [azuread_application_app_role](application_app_role.html) resource. * `is_enabled` - (Optional) Determines if the app role is enabled: Defaults to `true`. - * `value` - (Optional) Specifies the value of the roles claim that the application should expect in the authentication and access tokens. --- -`oauth2_permissions` supports the following: - -* `id` - The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom `id`, it's recommended to use the [azuread_application_oauth2_permission](application_oauth2_permission.html) resource. +`oauth2_permissions` block supports the following: * `admin_consent_description` - (Required) Permission help text that appears in the admin consent and app assignment experiences. - * `admin_consent_display_name` - (Required) Display name for the permission that appears in the admin consent and app assignment experiences. - +* `id` - The unique identifier of the permision. This attribute is computed and cannot be specified manually in this block. If you need to specify a custom `id`, it's recommended to use the [azuread_application_oauth2_permission](application_oauth2_permission.html) resource. +* `is_enabled` - (Optional) Determines if the permission is enabled: defaults to `true`. +* `type` - (Required) Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by a Company Administrator. Possible values are "User" or "Admin". +* `user_consent_description` - (Optional) Permission help text that appears in the end user consent experience. +* `user_consent_display_name` - (Optional) Display name for the permission that appears in the end user consent experience. * `value` - (Required) The value of the scope claim that the resource application should expect in the OAuth 2.0 access token. -* `type` - (Required) Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by a Company Administrator. Possible values are "User" or "Admin". +If you don't specify any `oauth2_permissions` blocks, your Application will be assigned the default `user_impersonation` scope by Azure Active Directory. However, due to the declarative nature of Terraform configuration, if you do specify any `oauth2_permissions` blocks, you will need to include a block for the `user_impersonation` scope if you need it, or it will be removed (see the example above). To ensure that no OAuth 2.0 permission scopes are present for your Application, specify `oauth2_permissions = []` in your Application resource. -* `is_enabled` - (Optional) Determines if the permission is enabled: defaults to `true`. +--- -* `user_consent_description` - (Optional) Permission help text that appears in the end user consent experience. +`required_resource_access` block supports the following: -* `user_consent_display_name` - (Optional) Display name for the permission that appears in the end user consent experience. +* `resource_access` - (Required) A collection of `resource_access` blocks as documented below. +* `resource_app_id` - (Required) The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application. -If you don't specify any `oauth2_permissions` blocks, your Application will be assigned the default `user_impersonation` scope by Azure Active Directory. However, due to the declarative nature of Terraform configuration, if you do specify any `oauth2_permissions` blocks, you will need to include a block for the `user_impersonation` scope if you need it, or it will be removed (see the example above). To ensure that no OAuth 2.0 permission scopes are present for your Application, specify `oauth2_permissions = []` in your Application resource. +--- -## Attributes Reference +`resource_access` block supports the following: -The following attributes are exported: +* `id` - (Required) The unique identifier for one of the `OAuth2Permission` or `AppRole` instances that the resource application exposes. +* `type` - (Required) Specifies whether the id property references an `OAuth2Permission` or an `AppRole`. Possible values are `Scope` or `Role`. + +## Attributes Reference -* `application_id` - The Application ID. +In addition to all arguments above, the following attributes are exported: +* `application_id` - The Application ID (Client ID). * `object_id` - The Application's Object ID. ## Import diff --git a/website/docs/r/application_app_role.html.markdown b/docs/resources/application_app_role.md similarity index 89% rename from website/docs/r/application_app_role.html.markdown rename to docs/resources/application_app_role.md index 2c00c5512..dbaae2adf 100644 --- a/website/docs/r/application_app_role.html.markdown +++ b/docs/resources/application_app_role.md @@ -1,13 +1,8 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application_app_role" -description: |- - Manages an App Role associated with an Application within Azure Active Directory. - +subcategory: "Applications" --- -# azuread_application_app_role +# Resource: azuread_application_app_role Manages an App Role associated with an Application within Azure Active Directory. @@ -34,24 +29,17 @@ resource "azuread_application_app_role" "example" { The following arguments are supported: -* `application_object_id` - (Required) The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created. - * `allowed_member_types` - (Required) Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in daemon service scenarios) by setting to `Application`, or to both. - +* `application_object_id` - (Required) The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created. * `description` - (Required) Permission help text that appears in the admin app assignment and consent experiences. - * `display_name` - (Required) Display name for the permission that appears in the admin consent and app assignment experiences. - * `is_enabled` - (Optional) Determines if the app role is enabled. Defaults to `true`. - * `role_id` - (Optional) Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created. - * `value` - (Optional) Specifies the value of the roles claim that the application should expect in the authentication and access tokens. - ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The identifier for the App Role. diff --git a/website/docs/r/application_certificate.html.markdown b/docs/resources/application_certificate.md similarity index 89% rename from website/docs/r/application_certificate.html.markdown rename to docs/resources/application_certificate.md index 5f890f813..a11e8ddbe 100644 --- a/website/docs/r/application_certificate.html.markdown +++ b/docs/resources/application_certificate.md @@ -1,13 +1,8 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application_certificate" -description: |- - Manages a Certificate associated with an Application within Azure Active Directory. - +subcategory: "Applications" --- -# azuread_application_certificate +# Resource: azuread_application_certificate Manages a Certificate associated with an Application within Azure Active Directory. @@ -33,25 +28,19 @@ resource "azuread_application_certificate" "example" { The following arguments are supported: * `application_object_id` - (Required) The Object ID of the Application for which this Certificate should be created. Changing this field forces a new resource to be created. - -* `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. - -* `value` - (Required) The Certificate for this Service Principal. - * `end_date` - (Optional) The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. - * `end_date_relative` - (Optional) A relative duration for which the Certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created. ~> **NOTE:** One of `end_date` or `end_date_relative` must be set. The maximum duration is one year. * `key_id` - (Optional) A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created. - * `start_date` - (Optional) The Start Date which the Certificate is valid from, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - +* `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. +* `value` - (Required) The Certificate for this Service Principal. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Key ID for the Certificate. diff --git a/website/docs/r/application_oauth2_permission.html.markdown b/docs/resources/application_oauth2_permission.md similarity index 89% rename from website/docs/r/application_oauth2_permission.html.markdown rename to docs/resources/application_oauth2_permission.md index 740b6dfe0..8fb513c3e 100644 --- a/website/docs/r/application_oauth2_permission.html.markdown +++ b/docs/resources/application_oauth2_permission.md @@ -1,13 +1,8 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application_oauth2_permission" -description: |- - Manages an OAuth2 Permission associated with an Application within Azure Active Directory. - +subcategory: "Applications" --- -# azuread_application_oauth2_permission +# Resource: azuread_application_oauth2_permission Manages an OAuth2 Permission (also known as a Scope) associated with an Application within Azure Active Directory. @@ -36,28 +31,19 @@ resource "azuread_application_oauth2_permission" "example" { The following arguments are supported: -* `application_object_id` - (Required) The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created. - * `admin_consent_description` - (Required) Permission help text that appears in the admin consent and app assignment experiences. - * `admin_consent_display_name` - (Required) Display name for the permission that appears in the admin consent and app assignment experiences. - +* `application_object_id` - (Required) The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created. * `is_enabled` - (Optional) Determines if the Permission is enabled. Defaults to `true`. - * `permission_id` - (Optional) Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created. - * `type` - (Required) Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are "User" or "Admin". - * `user_consent_description` - (Optional) Permission help text that appears in the end user consent experience. - * `user_consent_display_name` - (Optional) Display name for the permission that appears in the end user consent experience. - * `value` - (Required) The value of the scope claim that the resource application should expect in the OAuth 2.0 access token. - ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The identifier for the OAuth2 Permission. diff --git a/website/docs/r/application_password.html.markdown b/docs/resources/application_password.md similarity index 90% rename from website/docs/r/application_password.html.markdown rename to docs/resources/application_password.md index 252b892ff..693f245c0 100644 --- a/website/docs/r/application_password.html.markdown +++ b/docs/resources/application_password.md @@ -1,13 +1,8 @@ --- -subcategory: "Application" -layout: "azuread" -page_title: "Azure Active Directory: azuread_application_password" -description: |- - Manages a Password associated with an Application within Azure Active Directory. - +subcategory: "Applications" --- -# azuread_application_password +# Resource: azuread_application_password Manages a Password associated with an Application within Azure Active Directory. Also can be referred to as Client secrets. @@ -33,27 +28,22 @@ resource "azuread_application_password" "example" { The following arguments are supported: * `application_object_id` - (Required) The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created. - -* `value` - (Required) The Password for this Application. - * `description` - (Optional) A description for the Password. -> **NOTE:** `description` maps to the `CustomKeyIdentifier` property of the `PasswordCredentials` API resource. * `end_date` - (Optional) The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. - * `end_date_relative` - (Optional) A relative duration for which the Password is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created. ~> **NOTE:** One of `end_date` or `end_date_relative` must be set. * `key_id` - (Optional) A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created. - * `start_date` - (Optional) The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - +* `value` - (Required) The Password for this Application. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Key ID for the Password. diff --git a/website/docs/r/group.markdown b/docs/resources/group.md similarity index 74% rename from website/docs/r/group.markdown rename to docs/resources/group.md index 75d1392c7..250ae34f9 100644 --- a/website/docs/r/group.markdown +++ b/docs/resources/group.md @@ -1,13 +1,8 @@ --- subcategory: "Groups" -layout: "azuread" -page_title: "Azure Active Directory: azuread_group" -description: |- - Manages a Group within Azure Active Directory. - --- -# azuread_group +# Resource: azuread_group Manages a Group within Azure Active Directory. @@ -27,9 +22,9 @@ resource "azuread_group" "example" { ```hcl resource "azuread_user" "example" { - display_name = "J Doe" - password = "notSecure123" - user_principal_name = "jdoe@hashicorp.com" + display_name = "J Doe" + password = "notSecure123" + user_principal_name = "jdoe@hashicorp.com" } resource "azuread_group" "example" { @@ -45,19 +40,19 @@ resource "azuread_group" "example" { The following arguments are supported: -* `display_name` - (Required) The display name for the Group. Changing this forces a new resource to be created. * `description` - (Optional) The description for the Group. Changing this forces a new resource to be created. -* `members` (Optional) A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals. -* `owners` (Optional) A set of owners who own this Group. Supported Object types are Users or Service Principals. +* `display_name` - (Required) The display name for the Group. Changing this forces a new resource to be created. +* `members` - (Optional) A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals. +* `owners` - (Optional) A set of owners who own this Group. Supported Object types are Users or Service Principals. * `prevent_duplicate_names` - (Optional) If `true`, will return an error when an existing Group is found with the same name. Defaults to `false`. --> **NOTE:** Group names are not unique within Azure Active Directory. +-> **NOTE:** Group names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing groups. -~> **NOTE:** Do not use the `azuread_group_member` resource at the same time as the `members` argument. +!> **NOTE:** Do not use the `azuread_group_member` resource at the same time as the `members` argument. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Object ID of the Group. diff --git a/website/docs/r/group_member.markdown b/docs/resources/group_member.md similarity index 81% rename from website/docs/r/group_member.markdown rename to docs/resources/group_member.md index bd24c0e59..524e3851f 100644 --- a/website/docs/r/group_member.markdown +++ b/docs/resources/group_member.md @@ -1,13 +1,8 @@ --- subcategory: "Groups" -layout: "azuread" -page_title: "Azure Active Directory: azuread_group_member" -description: |- - Manages a single Group Membership within Azure Active Directory. - --- -# azuread_group_member +# Resource: azuread_group_member Manages a single Group Membership within Azure Active Directory. @@ -26,8 +21,8 @@ resource "azuread_group" "example" { } resource "azuread_group_member" "example" { - group_object_id = azuread_group.example.id - member_object_id = data.azuread_user.example.id + group_object_id = azuread_group.example.id + member_object_id = data.azuread_user.example.id } ``` @@ -42,7 +37,7 @@ The following arguments are supported: ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The ID of the Azure AD Group Member. diff --git a/website/docs/r/service_principal.html.markdown b/docs/resources/service_principal.md similarity index 91% rename from website/docs/r/service_principal.html.markdown rename to docs/resources/service_principal.md index b2e28b4f6..91fdac6d0 100644 --- a/website/docs/r/service_principal.html.markdown +++ b/docs/resources/service_principal.md @@ -1,12 +1,8 @@ --- subcategory: "Service Principals" -layout: "azuread" -page_title: "Azure Active Directory: azuread_service_principal" -description: |- - Manages a Service Principal associated with an Application within Azure Active Directory. --- -# azuread_service_principal +# Resource: azuread_service_principal Manages a Service Principal associated with an Application within Azure Active Directory. @@ -36,46 +32,32 @@ resource "azuread_service_principal" "example" { The following arguments are supported: -* `application_id` - (Required) The ID of the Azure AD Application for which to create a Service Principal. - * `app_role_assignment_required` - (Optional) Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to `false`. - +* `application_id` - (Required) The ID of the Azure AD Application for which to create a Service Principal. * `tags` - (Optional) A list of tags to apply to the Service Principal. ## Attributes Reference -The following attributes are exported: - -* `id` - The Object ID (internal ID) for the Service Principal. +In addition to all arguments above, the following attributes are exported: +* `app_role_assignment_required` - Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. * `application_id` - The Application ID (appId) for the Service Principal. - -* `object_id` - The Service Principal's Object ID. - * `display_name` - The Display Name of the Azure Active Directory Application associated with this Service Principal. - -* `app_role_assignment_required` - Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. - +* `id` - The Object ID (internal ID) for the Service Principal. * `oauth2_permissions` - A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a `oauth2_permission` block as documented below. +* `object_id` - The Service Principal's Object ID. --- `oauth2_permission` block exports the following: -* `id` - The unique identifier for one of the `OAuth2Permission`. - -* `type` - The type of the permission. - * `admin_consent_description` - The description of the admin consent. - * `admin_consent_display_name` - The display name of the admin consent. - +* `id` - The unique identifier for one of the `OAuth2Permission`. * `is_enabled` - Is this permission enabled? - +* `type` - The type of the permission. * `user_consent_description` - The description of the user consent. - * `user_consent_display_name` - The display name of the user consent. - * `value` - The name of this permission. ## Import diff --git a/website/docs/r/service_principal_certificate.html.markdown b/docs/resources/service_principal_certificate.md similarity index 90% rename from website/docs/r/service_principal_certificate.html.markdown rename to docs/resources/service_principal_certificate.md index ce076991c..9d006e40e 100644 --- a/website/docs/r/service_principal_certificate.html.markdown +++ b/docs/resources/service_principal_certificate.md @@ -1,13 +1,8 @@ --- subcategory: "Service Principals" -layout: "azuread" -page_title: "Azure Active Directory: azuread_service_principal_certificate" -description: |- - Manages a Certificate associated with a Service Principal within Azure Active Directory. - --- -# azuread_service_principal_certificate +# Resource: azuread_service_principal_certificate Manages a Certificate associated with a Service Principal within Azure Active Directory. @@ -36,26 +31,20 @@ resource "azuread_service_principal_certificate" "example" { The following arguments are supported: -* `service_principal_id` - (Required) The ID of the Service Principal for which this certificate should be created. Changing this field forces a new resource to be created. - -* `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. - -* `value` - (Required) The Certificate for this Service Principal. - * `end_date` - (Optional) The End Date which the Certificate is valid until, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. - * `end_date_relative` - (Optional) A relative duration for which the Certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. ~> **NOTE:** One of `end_date` or `end_date_relative` must be set. The maximum duration is one year. * `key_id` - (Optional) A GUID used to uniquely identify this Certificate. If not specified a GUID will be created. Changing this field forces a new resource to be created. - +* `service_principal_id` - (Required) The ID of the Service Principal for which this certificate should be created. Changing this field forces a new resource to be created. * `start_date` - (Optional) The Start Date which the Certificate is valid from, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - +* `type` - (Required) The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. +* `value` - (Required) The Certificate for this Service Principal. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Key ID for the Service Principal Certificate. diff --git a/website/docs/r/service_principal_password.html.markdown b/docs/resources/service_principal_password.md similarity index 91% rename from website/docs/r/service_principal_password.html.markdown rename to docs/resources/service_principal_password.md index 5c90fbace..4a35139d4 100644 --- a/website/docs/r/service_principal_password.html.markdown +++ b/docs/resources/service_principal_password.md @@ -1,13 +1,8 @@ --- subcategory: "Service Principals" -layout: "azuread" -page_title: "Azure Active Directory: azuread_service_principal_password" -description: |- - Manages a Password associated with a Service Principal within Azure Active Directory. - --- -# azuread_service_principal_password +# Resource: azuread_service_principal_password Manages a Password associated with a Service Principal within Azure Active Directory. @@ -36,28 +31,23 @@ resource "azuread_service_principal_password" "example" { The following arguments are supported: -* `service_principal_id` - (Required) The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created. - -* `value` - (Required) The Password for this Service Principal. - * `description` - (Optional) A description for the Password. -> **NOTE:** `description` maps to the `CustomKeyIdentifier` property of the `PasswordCredentials` API resource. * `end_date` - (Optional) The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. - * `end_date_relative` - (Optional) A relative duration for which the Password is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. ~> **NOTE:** One of `end_date` or `end_date_relative` must be set. * `key_id` - (Optional) A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created. - +* `service_principal_id` - (Required) The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created. * `start_date` - (Optional) The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used. Changing this field forces a new resource to be created. - +* `value` - (Required) The Password for this Service Principal. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Key ID for the Service Principal Password. diff --git a/website/docs/r/user.html.markdown b/docs/resources/user.md similarity index 91% rename from website/docs/r/user.html.markdown rename to docs/resources/user.md index c538a5431..b0fb54b13 100644 --- a/website/docs/r/user.html.markdown +++ b/docs/resources/user.md @@ -1,13 +1,8 @@ --- subcategory: "Users" -layout: "azuread" -page_title: "Azure Active Directory: azuread_user" -description: |- - Manages a User within Azure Active Directory. - --- -# azuread_user +# Resource: azuread_user Manages a User within Azure Active Directory. @@ -28,36 +23,36 @@ resource "azuread_user" "example" { The following arguments are supported: -* `user_principal_name` - (Required) The User Principal Name of the Azure AD User. -* `display_name` - (Required) The name to display in the address book for the user. -* `given_name` - (Optional) The given name (first name) of the user. -* `surname` - (Optional) The user's surname (family name or last name). * `account_enabled` - (Optional) `true` if the account should be enabled, otherwise `false`. Defaults to `true`. -* `mail_nickname`- (Optional) The mail alias for the user. Defaults to the user name part of the User Principal Name. -* `password` - (Required) The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. +* `city` - (Optional) The city in which the user is located. +* `company_name` - (Optional) The company name which the user is associated. This property can be useful for describing the company that an external user comes from. +* `country` - (Optional) The country/region in which the user is located; for example, “US” or “UK”. +* `department` - (Optional) The name for the department in which the user works. +* `display_name` - (Required) The name to display in the address book for the user. * `force_password_change` - (Optional) `true` if the User is forced to change the password during the next sign-in. Defaults to `false`. +* `given_name` - (Optional) The given name (first name) of the user. * `immutable_id` - (Optional) The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's userPrincipalName (UPN) property when creating a new user account. -* `usage_location` - (Optional) The usage location of the User. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set. * `job_title` - (Optional) The user’s job title. -* `department` - (Optional) The name for the department in which the user works. -* `company_name` - (Optional) The company name which the user is associated. This property can be useful for describing the company that an external user comes from. +* `mail_nickname` - (Optional) The mail alias for the user. Defaults to the user name part of the User Principal Name. +* `mobile` - (Optional) The primary cellular telephone number for the user. +* `password` - (Required) The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. * `physical_delivery_office_name` - (Optional) The office location in the user's place of business. -* `street_address` - (Optional) The street address of the user's place of business. -* `city` - (Optional) The city in which the user is located. -* `state` - (Optional) The state or province in the user's address. -* `country` - (Optional) The country/region in which the user is located; for example, “US” or “UK”. * `postal_code` - (Optional) The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. -* `mobile` - (Optional) The primary cellular telephone number for the user. +* `state` - (Optional) The state or province in the user's address. +* `street_address` - (Optional) The street address of the user's place of business. +* `surname` - (Optional) The user's surname (family name or last name). +* `usage_location` - (Optional) The usage location of the User. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set. +* `user_principal_name` - (Required) The User Principal Name of the Azure AD User. ## Attributes Reference -The following attributes are exported: +In addition to all arguments above, the following attributes are exported: * `id` - The Object ID of the Azure AD User. * `mail` - The primary email address of the Azure AD User. +* `object_id` - The Object ID of the Azure AD User. * `onpremises_sam_account_name` - The on-premise SAM account name of the Azure AD User. * `onpremises_user_principal_name` - The on-premise user principal name of the Azure AD User. -* `object_id` - The Object ID of the Azure AD User. ## Import diff --git a/scripts/terrafmt-website.sh b/scripts/terrafmt-docs.sh similarity index 60% rename from scripts/terrafmt-website.sh rename to scripts/terrafmt-docs.sh index 9738863b8..cba4ad7ef 100755 --- a/scripts/terrafmt-website.sh +++ b/scripts/terrafmt-docs.sh @@ -1,8 +1,10 @@ #!/usr/bin/env bash +DIR="$(cd "$(dirname "$0")"/.. && pwd)" + echo "==> Checking documentation terraform blocks are formatted..." -files=$(find ./website -type f -name "*.html.markdown") +files=$(find "${DIR}"/docs -type f -name "*.md") error=false for f in $files; do @@ -16,13 +18,13 @@ if ${error}; then echo "You can fix this by running make tools and then terrafmt on them." echo "" echo "format a single file:" - echo "$ terrafmt fmt ./website/path/to/file.html.markdown" + echo "$ terrafmt fmt ./docs/resources/name.md" echo "" - echo "format all website files:" - echo "$ find . | egrep html.markdown | sort | while read f; do terrafmt fmt \$f; done" + echo "format all documentation files:" + echo "$ find docs | egrep '\.md$' | sort | while read f; do terrafmt fmt \$f; done" echo "" echo "on windows:" - echo "$ Get-ChildItem -Path . -Recurse -Filter \"*html.markdown\" | foreach {terrafmt fmt $_.fullName}" + echo "$ Get-ChildItem -Path docs -Recurse -Filter \"*.md\" | foreach {terrafmt fmt $_.fullName}" echo "" exit 1 fi diff --git a/website/allowed-subcategories b/website/allowed-subcategories deleted file mode 100644 index 6e7bb19d1..000000000 --- a/website/allowed-subcategories +++ /dev/null @@ -1,6 +0,0 @@ -Application -Base -Domains -Groups -Users -Service Principals \ No newline at end of file diff --git a/website/azuread.erb b/website/azuread.erb deleted file mode 100644 index 278978974..000000000 --- a/website/azuread.erb +++ /dev/null @@ -1,141 +0,0 @@ - -<% wrap_layout :inner do %> - <% content_for :sidebar do %> - - <% end %> - - <%= yield %> -<% end %>