From 4ac7211000f8cc9d71a9ec30d699be8a5381a41a Mon Sep 17 00:00:00 2001 From: stephybun Date: Wed, 26 Jun 2024 08:39:45 +0100 Subject: [PATCH] `appservice` - set `allowed_applications` in the expand for `active_directory_v2` (#26462) * set allowed applications in the request payload * update tests for all resources affected --- internal/services/appservice/helpers/auth_v2_schema.go | 10 ++++++++++ .../linux_function_app_resource_authv2_test.go | 1 + .../linux_function_app_slot_resource_authv2_test.go | 1 + .../appservice/linux_web_app_resource_authv2_test.go | 1 + .../linux_web_app_slot_resource_authv2_test.go | 1 + .../windows_function_app_resource_authv2_test.go | 1 + .../windows_function_app_slot_resource_authv2_test.go | 1 + .../appservice/windows_web_app_resource_authv2_test.go | 1 + .../windows_web_app_slot_resource_authv2_test.go | 1 + 9 files changed, 18 insertions(+) diff --git a/internal/services/appservice/helpers/auth_v2_schema.go b/internal/services/appservice/helpers/auth_v2_schema.go index 8e922eaceae5..990adf27c3a1 100644 --- a/internal/services/appservice/helpers/auth_v2_schema.go +++ b/internal/services/appservice/helpers/auth_v2_schema.go @@ -994,6 +994,16 @@ func expandAadAuthV2Settings(input []AadAuthV2Settings) *webapps.AzureActiveDire } result.Validation.AllowedAudiences = pointer.To(aad.AllowedAudiences) } + + if len(aad.AllowedApplications) > 0 { + if result.Validation == nil { + result.Validation = &webapps.AzureActiveDirectoryValidation{} + } + if result.Validation.DefaultAuthorizationPolicy == nil { + result.Validation.DefaultAuthorizationPolicy = &webapps.DefaultAuthorizationPolicy{} + } + result.Validation.DefaultAuthorizationPolicy.AllowedApplications = pointer.To(aad.AllowedApplications) + } } return result diff --git a/internal/services/appservice/linux_function_app_resource_authv2_test.go b/internal/services/appservice/linux_function_app_resource_authv2_test.go index 891cd2218339..45c55dce1f17 100644 --- a/internal/services/appservice/linux_function_app_resource_authv2_test.go +++ b/internal/services/appservice/linux_function_app_resource_authv2_test.go @@ -305,6 +305,7 @@ resource "azurerm_linux_function_app" "test" { client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" allowed_groups = [azuread_group.test.object_id] + allowed_applications = ["WhoopsMissedThisOne"] } login { diff --git a/internal/services/appservice/linux_function_app_slot_resource_authv2_test.go b/internal/services/appservice/linux_function_app_slot_resource_authv2_test.go index 5a01c13c4cb0..6850fdb50e96 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_authv2_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_authv2_test.go @@ -267,6 +267,7 @@ resource "azurerm_linux_function_app_slot" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} } diff --git a/internal/services/appservice/linux_web_app_resource_authv2_test.go b/internal/services/appservice/linux_web_app_resource_authv2_test.go index 7947ae9a66af..dbcc6e14fd1e 100644 --- a/internal/services/appservice/linux_web_app_resource_authv2_test.go +++ b/internal/services/appservice/linux_web_app_resource_authv2_test.go @@ -274,6 +274,7 @@ resource "azurerm_linux_web_app" "test" { "activedirectorytokenaudiences", ] tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } diff --git a/internal/services/appservice/linux_web_app_slot_resource_authv2_test.go b/internal/services/appservice/linux_web_app_slot_resource_authv2_test.go index f1eab510674f..8070e540d7d9 100644 --- a/internal/services/appservice/linux_web_app_slot_resource_authv2_test.go +++ b/internal/services/appservice/linux_web_app_slot_resource_authv2_test.go @@ -191,6 +191,7 @@ resource "azurerm_linux_web_app_slot" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} } diff --git a/internal/services/appservice/windows_function_app_resource_authv2_test.go b/internal/services/appservice/windows_function_app_resource_authv2_test.go index 3e031a8fa5e9..280d522db5ef 100644 --- a/internal/services/appservice/windows_function_app_resource_authv2_test.go +++ b/internal/services/appservice/windows_function_app_resource_authv2_test.go @@ -258,6 +258,7 @@ resource "azurerm_windows_function_app" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} } diff --git a/internal/services/appservice/windows_function_app_slot_resource_authv2_test.go b/internal/services/appservice/windows_function_app_slot_resource_authv2_test.go index 33bbb09a0e09..19010e4ebb79 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_authv2_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_authv2_test.go @@ -251,6 +251,7 @@ resource "azurerm_windows_function_app_slot" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} } diff --git a/internal/services/appservice/windows_web_app_resource_authv2_test.go b/internal/services/appservice/windows_web_app_resource_authv2_test.go index c330f73fb0cb..f3155de91322 100644 --- a/internal/services/appservice/windows_web_app_resource_authv2_test.go +++ b/internal/services/appservice/windows_web_app_resource_authv2_test.go @@ -242,6 +242,7 @@ resource "azurerm_windows_web_app" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} } diff --git a/internal/services/appservice/windows_web_app_slot_resource_authv2_test.go b/internal/services/appservice/windows_web_app_slot_resource_authv2_test.go index 698b7be2a902..c9e6cfd8c72b 100644 --- a/internal/services/appservice/windows_web_app_slot_resource_authv2_test.go +++ b/internal/services/appservice/windows_web_app_slot_resource_authv2_test.go @@ -191,6 +191,7 @@ resource "azurerm_windows_web_app_slot" "test" { client_id = data.azurerm_client_config.current.client_id client_secret_setting_name = "%[3]s" tenant_auth_endpoint = "https://sts.windows.net/%[5]s/v2.0" + allowed_applications = ["WhoopsMissedThisOne"] } login {} }