azuread_application_password.end_date_relative is ignored

[mhyllander]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v1.8.5 on linux_amd64

• provider registry.terraform.io/hashicorp/azuread v2.53.1
• provider registry.terraform.io/hashicorp/azurerm v3.110.0
• provider registry.terraform.io/hashicorp/time v0.11.2
• provider registry.terraform.io/microsoft/azuredevops v1.1.1

Affected Resource(s)

• azuread_application_password

Terraform Configuration Files

resource "azuread_application_password" "app" {
  application_id    = azuread_application.app.id
  display_name      = "service connection"
  end_date_relative = "9504h" # 13 months
  rotate_when_changed = {
    rotation = time_rotating.rotation_period.id
  }
}

Debug Output

Panic Output

Expected Behavior

The rotated password should have been created with an expiration date of 13 months.

Actual Behavior

The rotated password was created with an expiration date of 24 months.

Steps to Reproduce

1. terraform apply

Important Factoids

References

applicationPasswordResourceCreate calls PasswordCredentialForResource, which parses end_date_relative, then calls PasswordCredential, which doesn't use end_date_relative, resulting in a default end_date of 24 months.

Compare with the end date calculations done in KeyCredentialForResource.

• 0000

[mhyllander]

This appears to be a regression caused by https://github.com/hashicorp/terraform-provider-azuread/pull/1389.