Closed Nabatsar closed 2 months ago
I believe you should use azuread_app_role_assignment
when assigning app roles to applications. azuread_service_principal_delegated_permission_grant
is for granting OAuth 2 scopes.
resource "azuread_application" "template" {
display_name = "shouldwork"
lifecycle {
ignore_changes = [
required_resource_access,
app_role
]
}
}
resource "azuread_service_principal" "template" {
account_enabled = true
alternative_names = []
app_role_assignment_required = false
client_id = azuread_application.template.client_id
feature_tags {
enterprise = true
hide = true
}
timeouts {}
}
resource "azuread_application_app_role" "timber" {
application_id = azuread_application_registration.example.id
role_id = random_uuid.example_administrator.id
allowed_member_types = ["User"]
description = "My role description"
display_name = "Administer"
value = "admin"
}
resource "azuread_application_api_access" "timber" {
application_id = azuread_application.template.id
api_client_id = azuread_application.template.client_id
role_ids = [ azuread_application_app_role.timber.id ]
}
resource "azuread_app_role_assignment" "timber" {
app_role_id = azuread_application_app_role.timber.id
principal_object_id = azuread_service_principal.template.object_id
resource_object_id = azuread_service_principal.template.object_id
}
Hello,
Indeed it's working very well .... i did tried the azuread_app_role_assignement but with azuread_service_principal_delegated_permission_grant in the same time and i guess this is where my mistake was ...
Thank you
Thanks for opening this issue @Nabatsar and reporting back. Appreciate the help @nbaju1, thank you! Since this appears to be resolved with some configuration changes, I'll close this one out.
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.7.4 on linux_amd64
Affected Resource(s)
azuread_service_principal_delegated_permission_grant
azuread_XXXXX
Terraform Configuration Files
Here a quick sample used for poc the issue
Apply say that all will be fine
Debug Output
Panic Output
Expected Behavior
I expected the permission to be granted ( i use this ressource for grap permission and this is working fine so far )
Actual Behavior
Permission is still not granted
Steps to Reproduce
I could easily reproduce this
Important Factoids
References
0000