From 68fa71d33f921e6a6a2435c7de6ecba8dea2d911 Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Mon, 23 Oct 2023 20:37:50 +0100 Subject: [PATCH] Applications: DiffSuppressFunc for `application_object_id` This works around some existing configurations where a diff may arise as a result of the recent state migration to update the resource ID for `azuread_application` to use a typed ID. Where an existing configuration mistakenly references the `id` attribute for an `azuread_application` resource, expecting it to contain a bare object ID, this avoids a subsequent diff where the existing bare UUID and the prospective ID point to the same application. --- .../application_certificate_resource.go | 14 ++++++++++++++ ...ation_federated_identity_credential_resource.go | 14 ++++++++++++++ .../applications/application_password_resource.go | 14 ++++++++++++++ .../application_pre_authorized_resource.go | 14 ++++++++++++++ 4 files changed, 56 insertions(+) diff --git a/internal/services/applications/application_certificate_resource.go b/internal/services/applications/application_certificate_resource.go index 8fe4133090..baf13cc18a 100644 --- a/internal/services/applications/application_certificate_resource.go +++ b/internal/services/applications/application_certificate_resource.go @@ -62,6 +62,20 @@ func applicationCertificateResource() *pluginsdk.Resource { ExactlyOneOf: []string{"application_id", "application_object_id"}, Deprecated: "The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider", ValidateFunc: validation.Any(validation.IsUUID, parse.ValidateApplicationID), + DiffSuppressFunc: func(_, oldValue, newValue string, _ *pluginsdk.ResourceData) bool { + // Where oldValue is a UUID (i.e. the bare object ID), and newValue is a properly formed application + // resource ID, we'll ignore a diff where these point to the same application resource. + // This maintains compatibility with configurations mixing the ID attributes, e.g. + // application_object_id = azuread_application.example.id + if _, err := uuid.ParseUUID(oldValue); err == nil { + if applicationId, err := parse.ParseApplicationID(newValue); err == nil { + if applicationId.ApplicationId == oldValue { + return true + } + } + } + return false + }, }, "encoding": { diff --git a/internal/services/applications/application_federated_identity_credential_resource.go b/internal/services/applications/application_federated_identity_credential_resource.go index 146e19723a..4d6dbeca93 100644 --- a/internal/services/applications/application_federated_identity_credential_resource.go +++ b/internal/services/applications/application_federated_identity_credential_resource.go @@ -62,6 +62,20 @@ func applicationFederatedIdentityCredentialResource() *pluginsdk.Resource { ExactlyOneOf: []string{"application_id", "application_object_id"}, Deprecated: "The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider", ValidateFunc: validation.Any(validation.IsUUID, parse.ValidateApplicationID), + DiffSuppressFunc: func(_, oldValue, newValue string, _ *pluginsdk.ResourceData) bool { + // Where oldValue is a UUID (i.e. the bare object ID), and newValue is a properly formed application + // resource ID, we'll ignore a diff where these point to the same application resource. + // This maintains compatibility with configurations mixing the ID attributes, e.g. + // application_object_id = azuread_application.example.id + if _, err := uuid.ParseUUID(oldValue); err == nil { + if applicationId, err := parse.ParseApplicationID(newValue); err == nil { + if applicationId.ApplicationId == oldValue { + return true + } + } + } + return false + }, }, "audiences": { diff --git a/internal/services/applications/application_password_resource.go b/internal/services/applications/application_password_resource.go index 4c0059889f..8399a86ae9 100644 --- a/internal/services/applications/application_password_resource.go +++ b/internal/services/applications/application_password_resource.go @@ -66,6 +66,20 @@ func applicationPasswordResource() *pluginsdk.Resource { ExactlyOneOf: []string{"application_id", "application_object_id"}, Deprecated: "The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider", ValidateFunc: validation.Any(validation.IsUUID, parse.ValidateApplicationID), + DiffSuppressFunc: func(_, oldValue, newValue string, _ *pluginsdk.ResourceData) bool { + // Where oldValue is a UUID (i.e. the bare object ID), and newValue is a properly formed application + // resource ID, we'll ignore a diff where these point to the same application resource. + // This maintains compatibility with configurations mixing the ID attributes, e.g. + // application_object_id = azuread_application.example.id + if _, err := uuid.ParseUUID(oldValue); err == nil { + if applicationId, err := parse.ParseApplicationID(newValue); err == nil { + if applicationId.ApplicationId == oldValue { + return true + } + } + } + return false + }, }, "display_name": { diff --git a/internal/services/applications/application_pre_authorized_resource.go b/internal/services/applications/application_pre_authorized_resource.go index 7c8080b2c1..016ae2e294 100644 --- a/internal/services/applications/application_pre_authorized_resource.go +++ b/internal/services/applications/application_pre_authorized_resource.go @@ -62,6 +62,20 @@ func applicationPreAuthorizedResource() *pluginsdk.Resource { ExactlyOneOf: []string{"application_id", "application_object_id"}, Deprecated: "The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider", ValidateFunc: validation.Any(validation.IsUUID, parse.ValidateApplicationID), + DiffSuppressFunc: func(_, oldValue, newValue string, _ *pluginsdk.ResourceData) bool { + // Where oldValue is a UUID (i.e. the bare object ID), and newValue is a properly formed application + // resource ID, we'll ignore a diff where these point to the same application resource. + // This maintains compatibility with configurations mixing the ID attributes, e.g. + // application_object_id = azuread_application.example.id + if _, err := uuid.ParseUUID(oldValue); err == nil { + if applicationId, err := parse.ParseApplicationID(newValue); err == nil { + if applicationId.ApplicationId == oldValue { + return true + } + } + } + return false + }, }, "authorized_app_id": {