Home > Blockchain >  Getting Error related to Azure App Registration using Terraform
Getting Error related to Azure App Registration using Terraform

Time:05-19

I am trying to do Azure AD app registration using Terraform

My code is given below

locals {
  app_roles = {
    application-administrator = {
      display_name         = "Application administrator"
      description          = "Application administrators have the ability to administer the application."
      allowed_member_types = ["User", "Application"]
    }
    BusinessAdmin = {
      display_name         = "BusinessAdmin"
      description          = "Business Administrator"
      allowed_member_types = ["User"]
    }
    mulesoft-integration = {
      display_name         = "Mulesoft Integration"
      description          = "Allows MuleSoft Integration to talk to the APIs."
      allowed_member_types = ["Application"]
    }
  }
  oauth2_permissions = {
    read-and-write = {
      user_consent_description   = "read-and-write"
      admin_consent_display_name = "Read and write data"
      admin_consent_description  = "Allows the app to read and write data"
      user_consent_display_name  = "Allows the app to read and write data"
      type                       = "User"
    }
  }
}

data "azuread_application_published_app_ids" "well_known" {}

data "azuread_service_principal" "msgraph" {
  application_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
}


resource "random_uuid" "prodstats" {}

resource "azuread_application" "app_prodstats" {
  display_name    = format("app-%s-%s", var.project.name, var.project.environment.name)
  owners          = [data.azuread_client_config.default.object_id]
  identifier_uris = [format("https://contoso.onmicrosoft.com/%s-%s", var.project.name, var.project.environment.name)]
  api {
    oauth2_permission_scope {
      admin_consent_description  = "Allows the app to read and write data"
      admin_consent_display_name = local.oauth2_permissions.read-and-write.admin_consent_display_name
      enabled                    = true
      id                         = random_uuid.prodstats.result
      type                       = "User"
      value                      = "read-and-write"
    }
  }

  dynamic "app_role" {
    for_each = local.app_roles
    content {
      allowed_member_types = app_role.value.allowed_member_types
      description          = app_role.value.description
      display_name         = app_role.value.display_name
      enabled              = true
      id                   = app_role.value.id
      value                = app_role.key
    }
  }

  web {
    logout_url    = format("https://app-%s-%s", var.project.name, var.project.environment.name)
    redirect_uris = []

    implicit_grant {
      access_token_issuance_enabled = true
      id_token_issuance_enabled     = true
    }
  }

  required_resource_access {
    resource_app_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph

    resource_access {
      id   = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]
      type = "Role"
    }
  }
}

I get this error related to id :

Error: Unsupported attribute
│ 
│   on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│   27:       id                   = app_role.value.id
│     ├────────────────
│     │ app_role.value is object with 3 attributes
│ 
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│ 
│   on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│   27:       id                   = app_role.value.id
│     ├────────────────
│     │ app_role.value is object with 3 attributes
│ 
│ This object does not have an attribute named "id".
╵
╷
│ Error: Unsupported attribute
│ 
│   on resources.appreg.tf line 27, in resource "azuread_application" "app_prodstats":
│   27:       id                   = app_role.value.id
│     ├────────────────
│     │ app_role.value is object with 3 attributes
│ 
│ This object does not have an attribute named "id".
╵

Even if i give id = app_role.value.app_role_ids, i get the error that app_role_ids is not the correct attribute. Any idea what i shall put in id in the app_role ?

If i put id = random_uuid.prod.result i get the error that it is duplicate ID

│ Error: checking for duplicate app roles / OAuth2.0 permission scopes: validation failed: duplicate ID found: "635bfe4c-29a5-4497-925b-2a9af3bf84a3" │ │ with azuread_application.app_prodstats, │ on resources.appreg.tf line 5, in resource "azuread_application" "app_prodstats": │ 5: resource "azuread_application" "app_prodstats" {

CodePudding user response:

From the TF docs, the random_uuid ID can be random_uuid:

resource "random_uuid" "id" {
   for_each = local.app_roles
}

Then

  dynamic "app_role" {
    for_each = local.app_roles
    content {
      allowed_member_types = app_role.value.allowed_member_types
      description          = app_role.value.description
      display_name         = app_role.value.display_name
      enabled              = true
      id                   = random_uuid.id[each.key].result
      value                = app_role.key
    }
  }

Page link:https//www.codepudding.com/Blockchain/411693.html

Prev:Azure Cosmos DB: Cross-Partition Queries v's In-Partition Queries
Next:How to make a transparent button with borders and ripple effect?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding