Open nbaju1 opened 1 month ago
Just realized that the first workaround is basically the same as the second. Creating the URI resource after the service principal is created will allow the unverified domain. Which is most likely due to identifierUris
being used for both application registration identifier and SAML SSO config, where there is much more freedom in the syntax of the identifier compared to the identifier on the application registration.
So I assume this won't work at all for bare application registrations.
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.8.1 AzureAD Provider: 2.49.0
Affected Resource(s)
azuread_application_identifier_uri
Terraform Configuration Files
(Note that I use the CDKTF for Python, so the example is a manually written mock-up of the actual configuration)
Debug Output
Expected Behavior
Applies identifier URI after application creation.
Actual Behavior
Creates application, but fails on applying the identifier URI.
Steps to Reproduce
terraform plan
terraform apply
Workarounds
terraform apply
with same configuration applies the identifier URI without error.depends_on = azuread_service_principal.example_sp
is added to theazuread_application_identifier_uri
resource, the identifier URI is applied without error.