Closed penenkel closed 3 months ago
The correct answer is: you don't, use azuread_app_role_assignment
instead.
resource "azuread_app_role_assignment" "example_app_may_acsess_msgraph_to_send_mail" {
app_role_id = data.azuread_service_principal.msgraph.app_role_ids["Mail.Send"]
principal_object_id = azuread_service_principal.example_app.object_id
resource_object_id = data.azuread_service_principal.msgraph.object_id
}
As an explanation:
azuread_service_principal_delegated_permission_grant
azuread_app_role_assignment
azuread_application_pre_authorized
With the
application_object_id
argument being deprecated and the newapplication_id
argument expecting a resource id (i.e. a terraform application id?), how can I specify MicrosoftGraph?I have tried
data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
which should be an Azure application id aka client_iddata.azuread_service_principal.msgraph.object_id
which should be an Azure object_id and is defined via
neither of which is of the format expected by the
application_id
argument which is apparently something likeapplications/<uuid>
which seems to be a terraform specific resource id.