Im trying to create/register application in Azure AD with oauth2_permissions / scopes. Im following this documentatino page to do so: https://www.terraform.io/docs/providers/azuread/r/application.html And I have reduced it to that simple .tf file:
provider "azuread" {
version = "=0.7.0"
subscription_id = "*******************************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
// oauth2_permissions {
// admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
// admin_consent_display_name = "Access example"
// is_enabled = true
// type = "User"
// user_consent_description = "Allow the application to access example on your behalf."
// user_consent_display_name = "Access example"
// value = "user_impersonation"
// }
}
Running script like this with terraform plan says:
C:\source\ITAN\terraform (master -> origin) λ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create
Terraform will perform the following actions:
azuread_application.example will be created + resource azuread_application" "example" {
+ application_id = (known after apply) + homepage = (known after apply) + id = (known after apply) + identifier_uris = (known after apply) + name = "example" + object_id = (known after apply) + owners = (known after apply) + public_client = (known after apply) + reply_urls = (known after apply) + type = "webapp/api" + oauth2_permissions { + admin_consent_description = (known after apply) + admin_consent_display_name = (known after apply) + id = (known after apply) + is_enabled = (known after apply) + type = (known after apply) + user_consent_description = (known after apply) + user_consent_display_name = (known after apply) + value = (known after apply) } }Plan: 1 to add, 0 to change, 0 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
But when I uncomment the oauth2_permissions
provider "azuread" {
version = "=0.7.0"
subscription_id = "******************"
tenant_id = var.tenant-id
}
resource "azuread_application" "example" {
name = "example"
oauth2_permissions {
admin_consent_description = "Allow the application to access example on behalf of the signed-in user."
admin_consent_display_name = "Access example"
is_enabled = true
type = "User"
user_consent_description = "Allow the application to access example on your behalf."
user_consent_display_name = "Access example"
value = "user_impersonation"
}
}
Problem occurs and it states like this:
Error: "oauth2_permissions.0.user_consent_display_name": this field cannot be set
on itan-azure-ad.tf line 7, in resource "azuread_application" "example": 7: resource "azuread_application" "example" {
Any idea what am I doing wrong? Im logged in, I have selected proper subscription and switched to it. I own the azure account. I have created application via azure portal successully, yet I want to have it done automatically. Running on terraform:
terraform -v
Terraform v0.12.28
+ provider.azuread v0.7.0
