git merge master -S

.golangci.yml

@@ -28,6 +28,8 @@ linters:
 linters-settings:
   errcheck:
     ignore: github.com/hashicorp/terraform/helper/schema:ForceNew|Set,fmt:.*,io:Close
+  misspell:
+    locale: UK
 
 run:
   modules-download-mode: vendor

.hashibot.hcl

@@ -0,0 +1,26 @@
+queued_behavior "release_commenter" "releases" {
+  repo_prefix = "terraform-provider-"
+
+  message = <<-EOF
+    This has been released in [version ${var.release_version} of the provider](${var.changelog_link}). Please see the [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions) or reach out if you need any assistance upgrading. As an example:
+    ```hcl
+    provider "${var.project_name}" {
+        version = "~> ${var.release_version}"
+    }
+    # ... other configuration ...
+    ```
+  EOF
+}
+
+poll "closed_issue_locker" "locker" {
+  schedule             = "0 50 16 * * *"
+  closed_for           = "720h" # 30 days
+  max_issues           = 500
+  sleep_between_issues = "5s"
+
+  message = <<-EOF
+    I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
+
+    If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉  [email protected]. Thanks!
+  EOF
+}

.travis.yml

@@ -1,10 +1,19 @@
 dist: trusty
 sudo: required
 services:
-- docker
+  - docker
 language: go
 go:
-- "1.11.x"
+  - "1.12.x"
+
+branches:
+  only:
+    - master
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - go: tip
 
 install:
 # This script is used by the Travis build to install a cookie for
@@ -14,15 +23,13 @@ install:
 - bash scripts/gogetcookie.sh
 - make tools
 
-script:
-- make test
-- make lint
-- make website-test
+env:
+  matrix:
+    - MODE=unit-tests
+    - MODE=linters
+    - MODE=website
 
-branches:
-  only:
-  - master
-matrix:
-  fast_finish: true
-  allow_failures:
-  - go: tip
+script:
+  - if [[ $MODE == 'unit-tests' ]]; then make test; fi
+  - if [[ $MODE == 'linters' ]]; then make lint; fi
+  - if [[ $MODE == 'website' ]]; then make website-test; fi

CHANGELOG.md

@@ -1,4 +1,34 @@
-## 0.4.0 (Unreleased)
+## 0.5.0 (Unreleased)
+
+FEATURES:
+
+* **New Data Source:** `azuread_users` [GH-109]
+* **New Resource:** `azuread_group_member` [GH-100]
+
+IMPROVEMENTS:
+
+* Data Source `azuread_application` - support for the `app_roles` property [GH-110]
+* Data Source `azuread_service_principal` - export the `app_roles` property [GH-110]
+* `azuread_application` - support for the `app_roles` property [GH-98]
+* `azuread_application` - the `identifier_uris` property now allows `api`,`urn`, and `ms-appx` URI schemas [GH-115]
+* `azuread_application_password` - deprecation of `application_id` in favour of `application_object_id` [GH-107]
+* `azuread_group` - support for the `members` property [GH-100]
+* `azuread_service_principal` - export the `oauth2_permissions` property [GH-103]
+
+BUG FIXES:
+
+* `azuread_application_password` - will now wait for replication on resource creation [GH-118]
+* `azuread_service_principal_password` - will now wait for replication on resource creation [GH-117]
+
+## 0.4.0 (June 06, 2019)
+
+NOTES:
+
+* Resource creation potentially could take longer after this release as the provider will now attempt to wait for replication like the az cli tool. 
+
+FEATURES:
+
+* **New Resource:** `azuread_application_password` ([#71](https://github.com/terraform-providers/terraform-provider-azuread/issues/71))
 
 
 FEATURES:
@@ -7,13 +37,21 @@ FEATURES:
 
 IMPROVEMENTS:
 
-* dependencies: upgrading to `v0.12.0` of `github.com/hashicorp/terraform` [GH-82]
-* Data Source `azuread_application` - now exports the `group_membership_claims` property [GH-78]
-* Data Source `azuread_application` - now exports the `oauth2_permissions` property [GH-79]
-* `azuread_application` - support for the `group_membership_claims` property [GH-78]
-* `azuread_application` - now exports the `oauth2_permissions` property [GH-79]
-* `azuread_application` - support for the `type` property enabling the creation of `native` applications [GH-74]
-* `azuread_user` - increase the maximum allowed lengh of `password` to 256 [GH-81]
+* dependencies: upgrading to `v0.12.0` of `github.com/hashicorp/terraform` ([#82](https://github.com/terraform-providers/terraform-provider-azuread/issues/82))
+* Data Source `azuread_application` - now exports the `group_membership_claims` property ([#78](https://github.com/terraform-providers/terraform-provider-azuread/issues/78))
+* Data Source `azuread_application` - now exports the `oauth2_permissions` property ([#79](https://github.com/terraform-providers/terraform-provider-azuread/issues/79))
+* `azuread_application` - support for the `group_membership_claims` property ([#78](https://github.com/terraform-providers/terraform-provider-azuread/issues/78))
+* `azuread_application` - now exports the `oauth2_permissions` property ([#79](https://github.com/terraform-providers/terraform-provider-azuread/issues/79))
+* `azuread_application` - now exports the `object_id` property ([#99](https://github.com/terraform-providers/terraform-provider-azuread/issues/99))
+* `azuread_application` - support for the `type` property enabling the creation of `native` applications ([#74](https://github.com/terraform-providers/terraform-provider-azuread/issues/74))
+* `azuread_application` - will now wait for replication by waiting for 10 successful reads after creation ([#93](https://github.com/terraform-providers/terraform-provider-azuread/issues/93))
+* `azuread_group` - will now wait for replication by waiting for 10 successful reads after creation ([#91](https://github.com/terraform-providers/terraform-provider-azuread/issues/91))
+* `azuread_group` - now exports the `object_id` property ([#99](https://github.com/terraform-providers/terraform-provider-azuread/issues/99))
+* `azuread_service_principal` - will now wait for replication by waiting for 10 successful reads after creation ([#93](https://github.com/terraform-providers/terraform-provider-azuread/issues/93))
+* `azuread_service_principal` - now exports the `object_id` property ([#99](https://github.com/terraform-providers/terraform-provider-azuread/issues/99))
+* `azuread_user` - will now wait for replication by waiting for 10 successful reads after creation ([#91](https://github.com/terraform-providers/terraform-provider-azuread/issues/91))
+* `azuread_user` - increase the maximum allowed lengh of `password` to 256 ([#81](https://github.com/terraform-providers/terraform-provider-azuread/issues/81))
+* `azuread_user` - now exports the `object_id` property ([#99](https://github.com/terraform-providers/terraform-provider-azuread/issues/99))
 
 ## 0.3.1 (April 18, 2019)
 

GNUmakefile

@@ -31,9 +31,9 @@ fmt:
 fmtcheck:
 	@sh "$(CURDIR)/scripts/gofmtcheck.sh"
 
-goimport:
+goimports:
 	@echo "==> Fixing imports code with goimports..."
-	goimports -w $(PKG_NAME)/
+	goimports -local "github.com/terraform-providers/terraform-provider-azuread/azuread" -w $(PKG_NAME)/
 
 lint:
 	@echo "==> Checking source code against linters..."

azuread/config.go

@@ -16,6 +16,8 @@ import (
 	"github.com/hashicorp/go-azure-helpers/sender"
 	"github.com/hashicorp/terraform/httpclient"
 	"github.com/terraform-providers/terraform-provider-azuread/version"
+
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 )
 
 // ArmClient contains the handles to all the specific Azure ADger resource classes' respective clients.
@@ -50,6 +52,8 @@ func getArmClient(authCfg *authentication.Config) (*ArmClient, error) {
 		environment:    *env,
 	}
 
+	sender := ar.BuildSender()
+
 	oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, client.tenantID)
 	if err != nil {
 		return nil, err
@@ -62,7 +66,7 @@ func getArmClient(authCfg *authentication.Config) (*ArmClient, error) {
 
 	// Graph Endpoints
 	graphEndpoint := env.GraphEndpoint
-	graphAuthorizer, err := authCfg.GetAuthorizationToken(oauthConfig, graphEndpoint)
+	graphAuthorizer, err := authCfg.GetAuthorizationToken(sender, oauthConfig, graphEndpoint)
 	if err != nil {
 		return nil, err
 	}

azuread/data_application.go

@@ -3,12 +3,13 @@ package azuread
 import (
 	"fmt"
 
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/validate"
-
-	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
-	"github.com/hashicorp/terraform/helper/schema"
 )
 
 func dataApplication() *schema.Resource {
@@ -78,6 +79,8 @@ func dataApplication() *schema.Resource {
 				Computed: true,
 			},
 
+			"app_roles": graph.SchemaAppRoles(),
+
 			"required_resource_access": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -109,54 +112,7 @@ func dataApplication() *schema.Resource {
 				},
 			},
 
-			"oauth2_permissions": {
-				Type:     schema.TypeList,
-				Optional: true,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"admin_consent_description": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"admin_consent_display_name": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"id": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"is_enabled": {
-							Type:     schema.TypeBool,
-							Computed: true,
-						},
-
-						"type": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"user_consent_description": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"user_consent_display_name": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-
-						"value": {
-							Type:     schema.TypeString,
-							Computed: true,
-						},
-					},
-				},
-			},
+			"oauth2_permissions": graph.SchemaOauth2Permissions(),
 		},
 	}
 }
@@ -167,45 +123,46 @@ func dataApplicationRead(d *schema.ResourceData, meta interface{}) error {
 
 	var app graphrbac.Application
 
-	if oId, ok := d.GetOk("object_id"); ok {
-
+	if oId, ok := d.Get("object_id").(string); ok && oId != "" {
 		// use the object_id to find the Azure AD application
-		objectId := oId.(string)
-		resp, err := client.Get(ctx, objectId)
+		resp, err := client.Get(ctx, oId)
 		if err != nil {
 			if ar.ResponseWasNotFound(resp.Response) {
-				return fmt.Errorf("Error: AzureAD Application with ID %q was not found", objectId)
+				return fmt.Errorf("Error: AzureAD Application with ID %q was not found", oId)
 			}
 
-			return fmt.Errorf("Error making Read request on AzureAD Application with ID %q: %+v", objectId, err)
+			return fmt.Errorf("Error making Read request on AzureAD Application with ID %q: %+v", oId, err)
 		}
 
 		app = resp
-	} else {
-
-		// use the name to find the Azure AD application
-		name := d.Get("name").(string)
+	} else if name, ok := d.Get("name").(string); ok {
 		filter := fmt.Sprintf("displayName eq '%s'", name)
 
 		resp, err := client.ListComplete(ctx, filter)
 		if err != nil {
-			return fmt.Errorf("Error listing Azure AD Applications: %+v", err)
+			return fmt.Errorf("Error listing Azure AD Applications for filter %q: %+v", filter, err)
 		}
 
-		var a *graphrbac.Application
-		for _, v := range *resp.Response().Value {
-			if v.DisplayName != nil {
-				if *v.DisplayName == name {
-					a = &v
-					break
-				}
-			}
+		values := resp.Response().Value
+		if values == nil {
+			return fmt.Errorf("nil values for AD Applications matching %q", filter)
+		}
+		if len(*values) == 0 {
+			return fmt.Errorf("Found no AD Applications matching %q", filter)
+		}
+		if len(*values) > 2 {
+			return fmt.Errorf("Found multiple AD Applications matching %q", filter)
 		}
 
-		if a == nil {
-			return fmt.Errorf("Couldn't locate an Azure AD Application with a name of %q", name)
+		app = (*values)[0]
+		if app.DisplayName == nil {
+			return fmt.Errorf("nil DisplayName for AD Applications matching %q", filter)
+		}
+		if *app.DisplayName != name {
+			return fmt.Errorf("displayname for AD Applications matching %q does is does not match(%q!=%q)", filter, *app.DisplayName, name)
 		}
-		app = *a
+	} else {
+		return fmt.Errorf("one of `object_id` or `name` must be supplied")
 	}
 
 	if app.ObjectID == nil {
@@ -232,19 +189,22 @@ func dataApplicationRead(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("Error setting `required_resource_access`: %+v", err)
 	}
 
-	switch appType := app.AdditionalProperties["publicClient"]; appType {
-	case true:
+	if v := app.PublicClient; v != nil && *v {
 		d.Set("type", "native")
-	default:
+	} else {
 		d.Set("type", "webapp/api")
 	}
 
-	if groupMembershipClaims, ok := app.AdditionalProperties["groupMembershipClaims"]; ok {
-		d.Set("group_membership_claims", groupMembershipClaims)
+	if err := d.Set("app_roles", graph.FlattenAppRoles(app.AppRoles)); err != nil {
+		return fmt.Errorf("Error setting `app_roles`: %+v", err)
+	}
+
+	if err := d.Set("group_membership_claims", app.GroupMembershipClaims); err != nil {
+		return fmt.Errorf("Error setting `group_membership_claims`: %+v", err)
 	}
 
-	if oauth2Permissions, ok := app.AdditionalProperties["oauth2Permissions"].([]interface{}); ok {
-		d.Set("oauth2_permissions", flattenADApplicationOauth2Permissions(oauth2Permissions))
+	if err := d.Set("oauth2_permissions", graph.FlattenOauth2Permissions(app.Oauth2Permissions)); err != nil {
+		return fmt.Errorf("Error setting `oauth2_permissions`: %+v", err)
 	}
 
 	return nil