azuread_application: oauth2_permissions id can't be specified manually

[magne]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v0.12.26

• provider.azuread v0.10.0

Affected Resource(s)

• azuread_application

Terraform Configuration Files

resource "azuread_application" "api" {
  name = "My API"

  oauth2_permissions {
    id                         = "60ab57eb-2773-4f17-8ed6-e6cab69951b9"
    type                       = "Admin"
    value                      = "API.All"
    admin_consent_description  = "Complete access to the API."
    admin_consent_display_name = "Complete access to the API."
  }

Expected Behavior

The application registration should have been created with the specified id.

Actual Behavior

Terraform reports the following error:

Error: "oauth2_permissions.0.id": this field cannot be set

References

This is essentially the same issue as #150

[manicminer]

Hi @magne, thanks for raising this! In the recent change to enable setting oauth2_permissions, we didn't include the ability to specify scope IDs. However, we plan on adding this in an upcoming release and I will post back here when that is available.

[edjwhho]

Hi @magne, thanks for raising this! In the recent change to enable setting oauth2_permissions, we didn't include the ability to specify scope IDs. However, we plan on adding this in an upcoming release and I will post back here when that is available.

@manicminer is there plans for specifying "Role" IDs as well?

app_role {
    allowed_member_types = [
      "User",
      "Application",
    ]
    description  = "User"
    display_name = "User"
    is_enabled   = true
    value        = "User"
    id = "acae5bc1-3e57-4418-8e33-553a96fdd607"
  }

Error: "app_role.1.id": this field cannot be set
  on adapp.tf line 65, in resource "azuread_application" "app2":
  65: resource "azuread_application" "app2" 

[manicminer]

@edjwhho indeed there are - I've been working on that in #254 (issue: #150) but need to work through some testing issues

[magne]

Any ETA on this? (both oauth2_permissions and app_role).

[manicminer]

@magne We're currently blocked on SDK limitations for specifying manual ID attributes as set elements. There's no ETA right now but we're actively working on it.

[ghost]

This has been released in version 1.0.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azuread" {
    version = "~> 1.0.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!