search

hashicorp / terraform-provider-azuread

Terraform provider for Azure Active Directory
https://registry.terraform.io/providers/hashicorp/azuread/latest/docs
Mozilla Public License 2.0
419 stars 288 forks source link

azuread_application_federated_identity_credential & azurerm_federated_identity_credential are inconsistent with audience parameter #1442

Open webstean opened 1 month ago

webstean commented 1 month ago

Community Note

Terraform (and AzureAD Provider) Version

latest

Affected Resource(s)

Terraform Configuration Files

resource "azurerm_federated_identity_credential" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  parent_id           = azurerm_user_assigned_identity.example.id
  **audience**            = ["api://AzureADTokenExchange"]
  issuer              = "https://token.actions.githubusercontent.com"
  subject             = "repo:owner/name:ref:refs/heads/main"
}

resource "azuread_application_federated_identity_credential" "example" {
  application_id = azuread_application.example.id
  display_name   = "example"
  description    = "example"
  **audiences**      = ["api://AzureADTokenExchange"]
  issuer              = "https://token.actions.githubusercontent.com"
  subject             = "repo:owner/name:ref:refs/heads/main"
}

Debug Output

Panic Output

Expected Behavior

azurerm_federated_identity_credential uses audience (singular) azuread_application_federated_identity_credential uses audiences (plural)

Probably make the most sense for both to use the plural (audiences)

Actual Behavior

Steps to Reproduce

  1. terraform apply

Important Factoids

References

manicminer commented 1 month ago

It's quite difficult to choose here, since the API is clearly designed for multiple values but so far there's a limitation of one audience 🤔