Fix an inconsistency between the GetApplication function's behavior and that of its callers.
All callers to the function pass in an application's Object ID. However, the function expected the Client ID.
This led to inconsistent behaviors when configuring a role with application_object_id:
You had to pass in the Client ID for the role to be configured successfully in the first place, but...
Then you couldn't create secrets for that application because the function handling secret creation expects the Object ID.
Design of Change
Detected this bug while implementing a separate feature. To reproduce, try configuring an Azure role with application_object_id. You shouldn't be able to configure the role using the Object ID. If you use the Client ID instead, you can configure the role but then you can't create secrets for that application.
Contributor Checklist
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR LinkExample
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[ ] Backwards compatible
Overview
Fix an inconsistency between the
GetApplication
function's behavior and that of its callers.All callers to the function pass in an application's Object ID. However, the function expected the Client ID.
This led to inconsistent behaviors when configuring a role with
application_object_id
:Design of Change
Detected this bug while implementing a separate feature. To reproduce, try configuring an Azure role with
application_object_id
. You shouldn't be able to configure the role using the Object ID. If you use the Client ID instead, you can configure the role but then you can't create secrets for that application.Contributor Checklist
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet My Docs PR Link Example [ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests) [ ] Backwards compatible