manicminer
commented
1 month ago Hi @HappyTobi, thanks for submitting this PR. I agree that it would be nice for it to be quicker when adding a password credential to an application, however there are several platform limitations that necessitate the extensive checks we have put in place. Due to internal architectural and eventual consistency constraints, it can actually take up to 20 minutes for a newly created application and its password credential(s) to be usable for authentication.
Adding these properties to the azuread_application resource would not alleviate these issues, in fact we'd need to add extra checks which would be likely to take longer than it currently does. Additionally, if we were to add these, we'd need to support substituting any number of azuread_application_password resources in a declarative manner (i.e. be able to manage all password for an application). Due to the complexity involved, it's unlikely we'll add this to the azuread_application resource, particularly as the direction in which we are leaning is more towards composing the application into further separate resources.
As such, whilst I'd like to thank you again for looking at this, I'm going to close this for now since, as mentioned above, this is not the general direction we're heading in, and if we were to add this, there would be substantially more checks and tests required in order to avoid breaking existing configurations, and to ensure that the new block worked for multiple passwords in multiple scenarios.
HappyTobi
Add new inline property "app_password"
The app_password generate a application credential with the first request where the application is created. The improvement here is that ist a bit faster than the external "application_password_resource" creation because there is no wait time until the credential can be used.
The feature set of the "app_password" is equal to "application_password_resource"
Regards