Closed JSeluga closed 3 months ago
Hi @JSeluga, thanks for raising this. We do have the following info box in both documentation pages for azuread_application
and azuread_service_principal
.
This won't become a required property for either resource, since as this isn't a required property in the API, users can elect to specify or omit owners to suit their particular circumstances.
It's worth noting that there are now additional resources for applications available in the provider, starting with azuread_application_registration
- which does not have an owners property and always inherits the owner assigned by the API. For this reason and others, you may prefer to use these resources instead of the more monolithic azuread_application
resources and I'd encourage you to try them out. Note that you would still need to explicitly manage owners for linked service principals at this time.
Since I don't believe there is anything else for us to do here, since, as noted above we did in fact document the requirement to carefully specify the owners
when working with the Application.OwnedBy.ReadWrite
app role, I'll go ahead and close this issue.
To clarify, owners must be set for both the application and the service principal, e.g.
As such I'm going to close this issue as resolved. Terraform appears to be doing the right thing given the correct configuration. If anyone is still experiencing this after double checking their configuration, please feel free to post a further comment with your exact configuration and debug logs, and I will be happy to help investigate.
Thanks!
Originally posted by @manicminer in https://github.com/hashicorp/terraform-provider-azuread/issues/535#issuecomment-916394802
This is still not documented or a required input in azuread_application https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application#owners