Stop requiring subscription_id and update configuration guides #271
Conversation
manicminer
force-pushed
the
docs/update-guides
branch
4 times, most recently
from
4e9bb5b to
ee35a73
Compare
manicminer
force-pushed
the
docs/update-guides
branch
from
ee35a73 to
39078c7
Compare
manicminer
force-pushed
the
docs/update-guides
branch
from
39078c7 to
2eee5c9
Compare
manicminer
changed the title
manicminer
changed the title
manicminer
force-pushed
the
docs/update-guides
branch
3 times, most recently
from
be29138 to
f439921
Compare
|
OK I think that's ready now! 😊 |
manicminer
force-pushed
the
docs/update-guides
branch
from
f439921 to
b683c96
Compare
|
One more rebase to split a commit 😅 |
There was a problem hiding this comment.
thanks @manicminer! overall this is good but i think we should keep the subscription property in the data source until 1.0 - can deprecate it for now and remove it then.
manicminer
force-pushed
the
docs/update-guides
branch
from
d52352f to
dfd68da
Compare
Configuring a subscription ID is a vestige from the provider split. We don't use subscription_id anywhere and have no plans to. Any resource that operates on a subscription or its dependents should belong in the azurerm provider. We'll keep the configuration property around for now so that users have time to remove it from their configurations, and to avoid having to remove the corresponding property from the `azuread_client_config` data source. This will be dropped in v1.0. Although it's never used because we only use SDK clients that are configured with a tenant ID, go-azure-helper requires it for sensible reasons and it doesn't make sense to push this concern upstream for now. So for configurations where a subscription ID is not specified, we adopt the tenant ID for the subscription ID. This mimics the Azure CLI which does something similar when `--allow-no-subscriptions` is specified (although we don't intend to expose this to users).
- Walkthroughs reflect current portal experience - Amend guidance on AAD permissions * Document some common AAD roles and API scopes * Note on subscription ID - Remove irrelevant subscription references
manicminer
force-pushed
the
docs/update-guides
branch
from
dfd68da to
a3a9aba
Compare
@katbyte Sounds good. I've reworked it so that for existing configurations, where a subscription ID is configured for the provider, it's returned by data.azuread_client_config. For newer configurations where it's omitted, the data source attribute is a blank string. Do you see any problems with doing it this way? |
|
Tests pass
|
|
This has been released in version 0.11.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azuread" {
version = "~> 0.11.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
Stop requiring a subscription ID to be configured (though still allow it for compatibility)
Configuration guide updates
Also fix up certificate related tests by shortening validity period to 6 months
DEPRECATION WARNING
The
subscription_idattribute will be removed from theazuread_client_configdata source in v1.0. The subscription ID here is only an echo of the subscription ID supplied by the user and there is no possible way to use it currently elsewhere in the provider. Configurations can switch over to theazurerm_client_configdata source.Closes: #232