search

microsoftgraph / msgraph-bicep-types

Repo contains Microsoft Graph resource types to integrate with bicep templates.
MIT License
46 stars 7 forks source link

Microsoft.Graph/applications@v1.0 fails to deploy oauth2PermissionScopes #130

Closed jannef closed 4 months ago

jannef commented 6 months ago

Bicep version Bicep CLI version 0.27.1 (4b41cb6d4b)

Resource and API version Microsoft.Graph/applications@v1.0

Auth flow interactive

Deployment details Graph client request id: 00908c39-2a1b-434c-919f-6556bfe13f41. Graph request timestamp: Thu, 30 May 2024 06:15:48 GMT.

When deploying a resource of type Microsoft.Graph/applications@v1.0 and supplying oauth2PermissionScopes with all the parameters supported by bicep the deployment fails with following error message:

Expected property 'origin' is not present on resource of type 'PermissionScope' Graph client request id: 00908c39-2a1b-434c-919f-6556bfe13f41.

The property ´origin´ is present in the bicep being deployed.

When deploying without "origin", deployment works.

I expect deployment to work when I supply all parameters supported by bicep. The parameter origin can be found from app manifest.

To Reproduce

provider microsoftGraph

targetScope = 'tenant'

var tenantName = 'mytenant'
var uniqueName = 'fhir'
var displayName = 'FHIR API'

resource app 'Microsoft.Graph/applications@v1.0' = {
  displayName: displayName
  uniqueName: uniqueName
  api: {
    oauth2PermissionScopes: [
      {
        adminConsentDescription: 'Read CareTeam based on user permision'
        adminConsentDisplayName: 'Read CareTeam'
        id: 'cfb83c10-0e4c-4c81-a9a3-fb1a0dfc7657'
        isEnabled: true
        origin: 'Application'
        type: 'User'
        userConsentDescription: 'Read CareTeam based on user permision'
        userConsentDisplayName: 'Read CareTeam'
        value: 'user.CareTeam.cs'
      }
    ]
  }
  identifierUris: [
    'https://${tenantName}.onmicrosoft.com/${uniqueName}'
  ]
}

output appId string = app.appId
az deployment tenant create --location westeurope --template-file="sample.bicep"

Additional context Found some issue related to this that was never resolved. Perhaps types are generated wrong the same way they are for the SDK? https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/1469

dkershaw10 commented 6 months ago

@jannef Thanks for filing this issue. It looks like this is an issue with the Microsoft Graph public schema including the origin property, when it shouldn't - although I'm trying to get confirmation on this. Our model and docs are generated from the schema, which is why you are seeing origin as a valid property.

So for now, please continue to remove the origin property from the resource declaration.

As an aside, the App Manifest doesn't use Microsoft Graph, although it is supposed to be switching to this, and that might account for differences you see between the App Manifest and the Microsoft Graph application API (and by extension the applications Bicep type).

Hope this helps.

dkershaw10 commented 5 months ago

@jason-dou please remove this from the Bicep type for now.

jason-dou commented 5 months ago

The change to remove origin from oauth2PermissionScopes has been merged. The Graph Bicep type is expected to be updated in the upcoming Bicep version.

jason-dou commented 4 months ago

Closing as the change has been released with the latest Bicep version. Feel free to reopen if there are further issues.