diff --git a/docs/data-sources/service_principal.md b/docs/data-sources/service_principal.md index f42ee42734..4afef5fefa 100644 --- a/docs/data-sources/service_principal.md +++ b/docs/data-sources/service_principal.md @@ -48,6 +48,7 @@ The following attributes are exported: * `account_enabled` - - Whether or not the service principal account is enabled. * `alternative_names` - A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. +* `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. * `app_role_ids` - A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. * `app_roles` - A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles). * `application_tenant_id` - The tenant ID where the associated application is registered. diff --git a/internal/services/applications/application_data_source_test.go b/internal/services/applications/application_data_source_test.go index 2ba7e3b728..8bdf1ceb6c 100644 --- a/internal/services/applications/application_data_source_test.go +++ b/internal/services/applications/application_data_source_test.go @@ -58,8 +58,7 @@ func (ApplicationDataSource) testCheck(data acceptance.TestData) resource.TestCh check.That(data.ResourceName).Key("display_name").HasValue(fmt.Sprintf("acctest-APP-complete-%d", data.RandomInteger)), check.That(data.ResourceName).Key("group_membership_claims.#").HasValue("1"), check.That(data.ResourceName).Key("group_membership_claims.0").HasValue("All"), - check.That(data.ResourceName).Key("identifier_uris.#").HasValue("1"), - check.That(data.ResourceName).Key("identifier_uris.0").HasValue(fmt.Sprintf("api://hashicorptestapp-%d", data.RandomInteger)), + check.That(data.ResourceName).Key("identifier_uris.#").HasValue("2"), check.That(data.ResourceName).Key("oauth2_permission_scope_ids.%").HasValue("2"), check.That(data.ResourceName).Key("optional_claims.#").HasValue("1"), check.That(data.ResourceName).Key("optional_claims.0.access_token.#").HasValue("2"), diff --git a/internal/services/serviceprincipals/service_principal_data_source.go b/internal/services/serviceprincipals/service_principal_data_source.go index 19cd7a5332..55ac4d6fe2 100644 --- a/internal/services/serviceprincipals/service_principal_data_source.go +++ b/internal/services/serviceprincipals/service_principal_data_source.go @@ -69,6 +69,12 @@ func servicePrincipalData() *schema.Resource { }, }, + "app_role_assignment_required": { + Description: "Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application", + Type: schema.TypeBool, + Computed: true, + }, + "application_tenant_id": { Description: "The tenant ID where the associated application is registered", Type: schema.TypeString, @@ -283,6 +289,7 @@ func servicePrincipalDataSourceRead(ctx context.Context, d *schema.ResourceData, tf.Set(d, "account_enabled", servicePrincipal.AccountEnabled) tf.Set(d, "alternative_names", tf.FlattenStringSlicePtr(servicePrincipal.AlternativeNames)) + tf.Set(d, "app_role_assignment_required", servicePrincipal.AppRoleAssignmentRequired) tf.Set(d, "app_role_ids", helpers.ApplicationFlattenAppRoleIDs(servicePrincipal.AppRoles)) tf.Set(d, "app_roles", helpers.ApplicationFlattenAppRoles(servicePrincipal.AppRoles)) tf.Set(d, "application_id", servicePrincipal.AppId) diff --git a/internal/services/serviceprincipals/service_principal_data_source_test.go b/internal/services/serviceprincipals/service_principal_data_source_test.go index d305d174c7..0c7b2b7a12 100644 --- a/internal/services/serviceprincipals/service_principal_data_source_test.go +++ b/internal/services/serviceprincipals/service_principal_data_source_test.go @@ -57,18 +57,18 @@ func (ServicePrincipalDataSource) testCheckFunc(data acceptance.TestData) resour check.That(data.ResourceName).Key("app_role_assignment_required").HasValue("true"), check.That(data.ResourceName).Key("app_role_ids.%").HasValue("2"), check.That(data.ResourceName).Key("app_roles.#").HasValue("2"), - check.That(data.ResourceName).Key("application_id").Exists(), + check.That(data.ResourceName).Key("application_id").IsUuid(), check.That(data.ResourceName).Key("application_tenant_id").HasValue(tenantId), check.That(data.ResourceName).Key("description").HasValue("An internal app for testing"), check.That(data.ResourceName).Key("display_name").Exists(), check.That(data.ResourceName).Key("homepage_url").HasValue(fmt.Sprintf("https://test-%d.internal", data.RandomInteger)), - check.That(data.ResourceName).Key("login").HasValue(fmt.Sprintf("https://test-%d.internal/login", data.RandomInteger)), + check.That(data.ResourceName).Key("login_url").HasValue(fmt.Sprintf("https://test-%d.internal/login", data.RandomInteger)), check.That(data.ResourceName).Key("logout_url").HasValue(fmt.Sprintf("https://test-%d.internal/logout", data.RandomInteger)), check.That(data.ResourceName).Key("notes").HasValue("Just testing something"), check.That(data.ResourceName).Key("notification_email_addresses.#").HasValue("2"), check.That(data.ResourceName).Key("oauth2_permission_scope_ids.%").HasValue("2"), check.That(data.ResourceName).Key("oauth2_permission_scopes.#").HasValue("2"), - check.That(data.ResourceName).Key("object_id").Exists(), + check.That(data.ResourceName).Key("object_id").IsUuid(), check.That(data.ResourceName).Key("redirect_uris.#").HasValue("2"), check.That(data.ResourceName).Key("service_principal_names.#").HasValue("2"), check.That(data.ResourceName).Key("sign_in_audience").HasValue("AzureADMyOrg"),