Upgrade azure-sdk-for-go to v29.0.0

azuread/config.go

@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/authentication"
 	"github.com/hashicorp/go-azure-helpers/sender"
 	"github.com/hashicorp/terraform/httpclient"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 	"github.com/terraform-providers/terraform-provider-azuread/version"
 )
 
@@ -50,6 +51,8 @@ func getArmClient(authCfg *authentication.Config) (*ArmClient, error) {
 		environment:    *env,
 	}
 
+	sender := ar.BuildSender()
+
 	oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, client.tenantID)
 	if err != nil {
 		return nil, err
@@ -62,7 +65,7 @@ func getArmClient(authCfg *authentication.Config) (*ArmClient, error) {
 
 	// Graph Endpoints
 	graphEndpoint := env.GraphEndpoint
-	graphAuthorizer, err := authCfg.GetAuthorizationToken(oauthConfig, graphEndpoint)
+	graphAuthorizer, err := authCfg.GetAuthorizationToken(sender, oauthConfig, graphEndpoint)
 	if err != nil {
 		return nil, err
 	}

azuread/data_application.go

@@ -233,19 +233,18 @@ func dataApplicationRead(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("Error setting `required_resource_access`: %+v", err)
 	}
 
-	switch appType := app.AdditionalProperties["publicClient"]; appType {
-	case true:
+	if v := app.PublicClient; v != nil && *v {
 		d.Set("type", "native")
-	default:
+	} else {
 		d.Set("type", "webapp/api")
 	}
 
-	if groupMembershipClaims, ok := app.AdditionalProperties["groupMembershipClaims"]; ok {
-		d.Set("group_membership_claims", groupMembershipClaims)
+	if err := d.Set("group_membership_claims", app.GroupMembershipClaims); err != nil {
+		return fmt.Errorf("Error setting `group_membership_claims`: %+v", err)
 	}
 
-	if oauth2Permissions, ok := app.AdditionalProperties["oauth2Permissions"].([]interface{}); ok {
-		d.Set("oauth2_permissions", flattenADApplicationOauth2Permissions(oauth2Permissions))
+	if err := d.Set("oauth2_permissions", flattenADApplicationOauth2Permissions(app.Oauth2Permissions)); err != nil {
+		return fmt.Errorf("Error setting `oauth2_permissions`: %+v", err)
 	}
 
 	return nil

azuread/data_application_test.go

@@ -32,7 +32,7 @@ func TestAccAzureADApplicationDataSource_byObjectId(t *testing.T) {
 					resource.TestCheckResourceAttr(dataSourceName, "type", "webapp/api"),
 					resource.TestCheckResourceAttr(dataSourceName, "oauth2_allow_implicit_flow", "false"),
 					resource.TestCheckResourceAttr(dataSourceName, "oauth2_permissions.#", "1"),
-					resource.TestCheckResourceAttr(dataSourceName, "oauth2_permissions.0.admin_consent_description", fmt.Sprintf("Access %s", fmt.Sprintf("acctest%s", id))),
+					resource.TestCheckResourceAttr(dataSourceName, "oauth2_permissions.0.admin_consent_description", fmt.Sprintf("Allow the application to access %s on behalf of the signed-in user.", fmt.Sprintf("acctest%s", id))),
 					resource.TestCheckResourceAttrSet(dataSourceName, "application_id"),
 				),
 			},

azuread/helpers/ar/sender.go

@@ -0,0 +1,57 @@
+package ar
+
+import (
+	"log"
+	"net/http"
+	"net/http/httputil"
+
+	"github.com/Azure/go-autorest/autorest"
+)
+
+func BuildSender() autorest.Sender {
+	return autorest.DecorateSender(&http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+		},
+	}, withRequestLogging())
+}
+
+func withRequestLogging() autorest.SendDecorator {
+	return func(s autorest.Sender) autorest.Sender {
+		return autorest.SenderFunc(func(r *http.Request) (*http.Response, error) {
+			// strip the authorization header prior to printing
+			authHeaderName := "Authorization"
+			auth := r.Header.Get(authHeaderName)
+			if auth != "" {
+				r.Header.Del(authHeaderName)
+			}
+
+			// dump request to wire format
+			if dump, err := httputil.DumpRequestOut(r, true); err == nil {
+				log.Printf("[DEBUG] AzureAD Request: \n%s\n", dump)
+			} else {
+				// fallback to basic message
+				log.Printf("[DEBUG] AzureAD Request: %s to %s\n", r.Method, r.URL)
+			}
+
+			// add the auth header back
+			if auth != "" {
+				r.Header.Add(authHeaderName, auth)
+			}
+
+			resp, err := s.Do(r)
+			if resp != nil {
+				// dump response to wire format
+				if dump, err2 := httputil.DumpResponse(resp, true); err2 == nil {
+					log.Printf("[DEBUG] AzureAD Response for %s: \n%s\n", r.URL, dump)
+				} else {
+					// fallback to basic message
+					log.Printf("[DEBUG] AzureAD Response: %s for %s\n", resp.Status, r.URL)
+				}
+			} else {
+				log.Printf("[DEBUG] Request to %s completed with no response", r.URL)
+			}
+			return resp, err
+		})
+	}
+}

azuread/resource_application.go

@@ -81,7 +81,7 @@ func resourceApplication() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				ValidateFunc: validation.StringInSlice(
-					[]string{"None", "SecurityGroup", "All"},
+					[]string{"All", "None", "SecurityGroup", "DirectoryRole", "DistributionGroup"},
 					false,
 				),
 			},
@@ -199,7 +199,6 @@ func resourceApplicationCreate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	properties := graphrbac.ApplicationCreateParameters{
-		AdditionalProperties:    make(map[string]interface{}),
 		DisplayName:             &name,
 		IdentifierUris:          tf.ExpandStringSlicePtr(identUrls.([]interface{})),
 		ReplyUrls:               tf.ExpandStringSlicePtr(d.Get("reply_urls").(*schema.Set).List()),
@@ -222,7 +221,7 @@ func resourceApplicationCreate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	if v, ok := d.GetOk("group_membership_claims"); ok {
-		properties.AdditionalProperties["groupMembershipClaims"] = v
+		properties.GroupMembershipClaims = v
 	}
 
 	app, err := client.Create(ctx, properties)
@@ -249,9 +248,7 @@ func resourceApplicationCreate(d *schema.ResourceData, meta interface{}) error {
 		properties := graphrbac.ApplicationUpdateParameters{
 			Homepage:       nil,
 			IdentifierUris: &[]string{},
-			AdditionalProperties: map[string]interface{}{
-				"publicClient": true,
-			},
+			PublicClient:   p.Bool(true),
 		}
 		if _, err := client.Patch(ctx, *app.ObjectID, properties); err != nil {
 			return err
@@ -268,7 +265,6 @@ func resourceApplicationUpdate(d *schema.ResourceData, meta interface{}) error {
 	name := d.Get("name").(string)
 
 	var properties graphrbac.ApplicationUpdateParameters
-	properties.AdditionalProperties = make(map[string]interface{})
 
 	if d.HasChange("name") {
 		properties.DisplayName = &name
@@ -301,22 +297,16 @@ func resourceApplicationUpdate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	if d.HasChange("group_membership_claims") {
-		groupMembershipClaims := d.Get("group_membership_claims").(string)
-
-		if len(groupMembershipClaims) == 0 {
-			properties.AdditionalProperties["groupMembershipClaims"] = nil
-		} else {
-			properties.AdditionalProperties["groupMembershipClaims"] = groupMembershipClaims
-		}
+		properties.GroupMembershipClaims = d.Get("group_membership_claims")
 	}
 
 	if d.HasChange("type") {
 		switch appType := d.Get("type"); appType {
 		case "webapp/api":
-			properties.AdditionalProperties["publicClient"] = false
+			properties.PublicClient = p.Bool(false)
 			properties.IdentifierUris = tf.ExpandStringSlicePtr(d.Get("identifier_uris").([]interface{}))
 		case "native":
-			properties.AdditionalProperties["publicClient"] = true
+			properties.PublicClient = p.Bool(true)
 			properties.IdentifierUris = &[]string{}
 		default:
 			return fmt.Errorf("Error paching Azure AD Application with ID %q: Unknow application type %v. Supported types are [webapp/api, native]", d.Id(), appType)
@@ -335,9 +325,9 @@ func resourceApplicationRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*ArmClient).applicationsClient
 	ctx := meta.(*ArmClient).StopContext
 
-	resp, err := client.Get(ctx, d.Id())
+	app, err := client.Get(ctx, d.Id())
 	if err != nil {
-		if ar.ResponseWasNotFound(resp.Response) {
+		if ar.ResponseWasNotFound(app.Response) {
 			log.Printf("[DEBUG] Azure AD Application with ID %q was not found - removing from state", d.Id())
 			d.SetId("")
 			return nil
@@ -346,38 +336,37 @@ func resourceApplicationRead(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("Error retrieving Azure AD Application with ID %q: %+v", d.Id(), err)
 	}
 
-	d.Set("name", resp.DisplayName)
-	d.Set("application_id", resp.AppID)
-	d.Set("homepage", resp.Homepage)
-	d.Set("available_to_other_tenants", resp.AvailableToOtherTenants)
-	d.Set("oauth2_allow_implicit_flow", resp.Oauth2AllowImplicitFlow)
-	d.Set("object_id", resp.ObjectID)
-
-	if groupMembershipClaims, ok := resp.AdditionalProperties["groupMembershipClaims"]; ok {
-		d.Set("group_membership_claims", groupMembershipClaims)
-	}
+	d.Set("name", app.DisplayName)
+	d.Set("application_id", app.AppID)
+	d.Set("homepage", app.Homepage)
+	d.Set("available_to_other_tenants", app.AvailableToOtherTenants)
+	d.Set("oauth2_allow_implicit_flow", app.Oauth2AllowImplicitFlow)
+	d.Set("object_id", app.ObjectID)
 
-	switch appType := resp.AdditionalProperties["publicClient"]; appType {
-	case true:
+	if v := app.PublicClient; v != nil && *v {
 		d.Set("type", "native")
-	default:
+	} else {
 		d.Set("type", "webapp/api")
 	}
 
-	if err := d.Set("identifier_uris", tf.FlattenStringSlicePtr(resp.IdentifierUris)); err != nil {
+	if err := d.Set("group_membership_claims", app.GroupMembershipClaims); err != nil {
+		return fmt.Errorf("Error setting `group_membership_claims`: %+v", err)
+	}
+
+	if err := d.Set("identifier_uris", tf.FlattenStringSlicePtr(app.IdentifierUris)); err != nil {
 		return fmt.Errorf("Error setting `identifier_uris`: %+v", err)
 	}
 
-	if err := d.Set("reply_urls", tf.FlattenStringSlicePtr(resp.ReplyUrls)); err != nil {
+	if err := d.Set("reply_urls", tf.FlattenStringSlicePtr(app.ReplyUrls)); err != nil {
 		return fmt.Errorf("Error setting `reply_urls`: %+v", err)
 	}
 
-	if err := d.Set("required_resource_access", flattenADApplicationRequiredResourceAccess(resp.RequiredResourceAccess)); err != nil {
+	if err := d.Set("required_resource_access", flattenADApplicationRequiredResourceAccess(app.RequiredResourceAccess)); err != nil {
 		return fmt.Errorf("Error setting `required_resource_access`: %+v", err)
 	}
 
-	if oauth2Permissions, ok := resp.AdditionalProperties["oauth2Permissions"].([]interface{}); ok {
-		d.Set("oauth2_permissions", flattenADApplicationOauth2Permissions(oauth2Permissions))
+	if err := d.Set("oauth2_permissions", flattenADApplicationOauth2Permissions(app.Oauth2Permissions)); err != nil {
+		return fmt.Errorf("Error setting `oauth2_permissions`: %+v", err)
 	}
 
 	return nil
@@ -489,37 +478,36 @@ func flattenADApplicationResourceAccess(in *[]graphrbac.ResourceAccess) []interf
 	return accesses
 }
 
-func flattenADApplicationOauth2Permissions(in []interface{}) []map[string]interface{} {
+func flattenADApplicationOauth2Permissions(in *[]graphrbac.OAuth2Permission) []map[string]interface{} {
 	if in == nil {
 		return []map[string]interface{}{}
 	}
 
-	result := make([]map[string]interface{}, 0, len(in))
-	for _, oauth2Permissions := range in {
-		rawPermission := oauth2Permissions.(map[string]interface{})
+	result := make([]map[string]interface{}, 0)
+	for _, p := range *in {
 		permission := make(map[string]interface{})
-		if v := rawPermission["adminConsentDescription"]; v != nil {
+		if v := p.AdminConsentDescription; v != nil {
 			permission["admin_consent_description"] = v
 		}
-		if v := rawPermission["adminConsentDisplayName"]; v != nil {
-			permission["admin_consent_description"] = v
+		if v := p.AdminConsentDisplayName; v != nil {
+			permission["admin_consent_display_name"] = v
 		}
-		if v := rawPermission["id"]; v != nil {
+		if v := p.ID; v != nil {
 			permission["id"] = v
 		}
-		if v := rawPermission["isEnabled"]; v != nil {
-			permission["is_enabled"] = v.(bool)
+		if v := p.IsEnabled; v != nil {
+			permission["is_enabled"] = *v
 		}
-		if v := rawPermission["type"]; v != nil {
+		if v := p.Type; v != nil {
 			permission["type"] = v
 		}
-		if v := rawPermission["userConsentDescription"]; v != nil {
+		if v := p.UserConsentDescription; v != nil {
 			permission["user_consent_description"] = v
 		}
-		if v := rawPermission["userConsentDisplayName"]; v != nil {
+		if v := p.UserConsentDisplayName; v != nil {
 			permission["user_consent_display_name"] = v
 		}
-		if v := rawPermission["value"]; v != nil {
+		if v := p.Value; v != nil {
 			permission["value"] = v
 		}
 

azuread/resource_application_test.go

@@ -28,7 +28,7 @@ func TestAccAzureADApplication_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "homepage", fmt.Sprintf("https://acctest%s", id)),
 					resource.TestCheckResourceAttr(resourceName, "type", "webapp/api"),
 					resource.TestCheckResourceAttr(resourceName, "oauth2_permissions.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "oauth2_permissions.0.admin_consent_description", fmt.Sprintf("Access %s", fmt.Sprintf("acctest%s", id))),
+					resource.TestCheckResourceAttr(resourceName, "oauth2_permissions.0.admin_consent_description", fmt.Sprintf("Allow the application to access %s on behalf of the signed-in user.", fmt.Sprintf("acctest%s", id))),
 					resource.TestCheckResourceAttrSet(resourceName, "application_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "object_id"),
 				),
@@ -153,10 +153,10 @@ func TestAccAzureADApplication_groupMembershipClaimsUpdate(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccADApplication_withGroupMembershipClaimsAll(id),
+				Config: testAccADApplication_withGroupMembershipClaimsDirectoryRole(id),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckADApplicationExists(resourceName),
-					resource.TestCheckResourceAttr(resourceName, "group_membership_claims", "All"),
+					resource.TestCheckResourceAttr(resourceName, "group_membership_claims", "DirectoryRole"),
 				),
 			},
 			{
@@ -376,11 +376,11 @@ resource "azuread_application" "test" {
 `, id, id)
 }
 
-func testAccADApplication_withGroupMembershipClaimsAll(id string) string {
+func testAccADApplication_withGroupMembershipClaimsDirectoryRole(id string) string {
 	return fmt.Sprintf(`
 resource "azuread_application" "test" {
   name                       = "acctest%s"
-  group_membership_claims    = "All"
+  group_membership_claims    = "DirectoryRole"
 }
 `, id)
 }

azuread/resource_service_principal.go

@@ -36,16 +36,6 @@ func resourceServicePrincipal() *schema.Resource {
 				ValidateFunc: validate.UUID,
 			},
 
-			"tags": {
-				Type:     schema.TypeSet,
-				Optional: true,
-				Set:      schema.HashString,
-				ForceNew: true,
-				Elem: &schema.Schema{
-					Type: schema.TypeString,
-				},
-			},
-
 			"display_name": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -55,6 +45,16 @@ func resourceServicePrincipal() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"tags": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Set:      schema.HashString,
+				ForceNew: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 		},
 	}
 }
@@ -113,14 +113,9 @@ func resourceServicePrincipalRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("application_id", app.AppID)
 	d.Set("display_name", app.DisplayName)
 	d.Set("object_id", app.ObjectID)
-
 	// tags doesn't exist as a property, so extract it
-	if iTags, ok := app.AdditionalProperties["tags"]; ok {
-		if tags, ok := iTags.([]interface{}); ok {
-			if err := d.Set("tags", tf.ExpandStringSlicePtr(tags)); err != nil {
-				return fmt.Errorf("Error setting `tags`: %+v", err)
-			}
-		}
+	if err := d.Set("tags", app.Tags); err != nil {
+		return fmt.Errorf("Error setting `tags`: %+v", err)
 	}
 
 	return nil