Change available to other tenants type (#1401)

* Change the value type of parameter available_to_other_tenants * small change * Add sign_in_audience, This parameter was not supported after the migration to Microsoft Graph and was replaced by sign_in_audience. * Modify available_to_other_tenants description * small change * Highlight descriptions * update version to v3.0.0
ansible-collections · Jan 12, 2024 · e4b6d2b · e4b6d2b
1 parent bb7fd85
commit e4b6d2b
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 10 deletions.
diff --git a/plugins/modules/azure_rm_adapplication.py b/plugins/modules/azure_rm_adapplication.py
@@ -69,11 +69,24 @@
                     - Any other character, including the space character, are not allowed.
                 type: str
 
-    available_to_other_tenants:
+    sign_in_audience:
         description:
             - The application can be used from any Azure AD tenants.
-        type: bool
+            - Microsoft Graph SDK deprecate I(available_to_other_tenants), replace by I(sign_in_audience).
+            - Refer to link U(https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-property-differences#application-property-differences)
+        type: str
+        choices:
+            - AzureADMyOrg
+            - AzureADMultipleOrgs
+            - AzureADandPersonalMicrosoftAccount
+            - PersonalMicrosoftAccount
 
+    available_to_other_tenants:
+        description:
+            - (Deprecated) The application can be used from any Azure AD tenants.
+            - This parameter was not supported after the migration to Microsoft Graph and was replaced by I(sign_in_audience).
+            - It will deprecated in next version(V3.0.0).
+        type: bool
     credential_description:
         description:
             - The description of the password.
@@ -236,7 +249,7 @@
 - name: Create application with more parameter
   azure_rm_adapplication:
     display_name: "{{ display_name }}"
-    available_to_other_tenants: false
+    sign_in_audience: AzureADandPersonalMicrosoftAccount
     credential_description: "for test"
     end_date: 2021-10-01
     start_date: 2021-05-18
@@ -273,12 +286,18 @@
             returned: always
             type: str
             sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+        sign_in_audience:
+            description:
+                - The application can be used from any Azure AD tenants.
+            returned: always
+            type: str
+            sample: AzureADandPersonalMicrosoftAccount
         available_to_other_tenants:
             description:
                 - The application can be used from any Azure AD tenants.
             returned: always
-            type: bool
-            sample: false
+            type: str
+            sample: AzureADandPersonalMicrosoftAccount
         homepage:
             description:
                 - The url where users can sign in and use your app.
@@ -394,7 +413,15 @@ def __init__(self):
             app_id=dict(type='str'),
             display_name=dict(type='str', required=True),
             app_roles=dict(type='list', elements='dict', options=app_role_spec),
-            available_to_other_tenants=dict(type='bool'),
+            sign_in_audience=dict(
+                type='str',
+                choices=['AzureADMyOrg', 'AzureADMultipleOrgs', 'AzureADandPersonalMicrosoftAccount', 'PersonalMicrosoftAccount']
+            ),
+            available_to_other_tenants=dict(
+                type='bool',
+                removed_in_version='3.0.0',
+                removed_from_collection='azure.azcollection'
+            ),
             credential_description=dict(type='str'),
             end_date=dict(type='str'),
             homepage=dict(type='str'),
@@ -436,6 +463,7 @@ def __init__(self):
         self.allow_guests_sign_in = None
         self.results = dict(changed=False)
         self._client = None
+        self.sign_in_audience = None
 
         super(AzureRMADApplication, self).__init__(derived_arg_spec=self.module_arg_spec,
                                                    supports_check_mode=False,
@@ -480,7 +508,7 @@ def create_resource(self):
                 app_roles = self.build_app_roles(self.app_roles)
 
             create_app = Application(
-                sign_in_audience=self.available_to_other_tenants,
+                sign_in_audience=self.sign_in_audience,
                 web=WebApplication(
                     home_page_url=self.homepage,
                     redirect_uris=self.reply_urls,
@@ -522,7 +550,7 @@ def update_resource(self, old_response):
                 app_roles = self.build_app_roles(self.app_roles)
 
             app_update_param = Application(
-                sign_in_audience=self.available_to_other_tenants,
+                sign_in_audience=self.sign_in_audience,
                 web=WebApplication(
                     home_page_url=self.homepage,
                     redirect_uris=self.reply_urls,
@@ -595,6 +623,7 @@ def to_dict(self, object):
             display_name=object.display_name,
             app_roles=app_roles,
             available_to_other_tenants=object.sign_in_audience,
+            sign_in_audience=object.sign_in_audience,
             homepage=object.web.home_page_url,
             identifier_uris=object.identifier_uris,
             oauth2_allow_implicit_flow=object.web.implicit_grant_settings.enable_access_token_issuance,

diff --git a/plugins/modules/azure_rm_adapplication_info.py b/plugins/modules/azure_rm_adapplication_info.py
@@ -88,6 +88,18 @@
             returned: always
             type: str
             sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+        sign_in_audience:
+            description:
+                - The application can be used from any Azure AD tenants
+            type: str
+            returned: always
+            sample: AzureADandPersonalMicrosoftAccount
+        available_to_other_tenants:
+            description:
+                - The application can be used from any Azure AD tenants
+            type: str
+            returned: always
+            sample: AzureADandPersonalMicrosoftAccount
 '''
 
 from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase
@@ -152,7 +164,9 @@ def to_dict(self, object):
             app_id=object.app_id,
             object_id=object.id,
             app_display_name=object.display_name,
-            identifier_uris=object.identifier_uris
+            identifier_uris=object.identifier_uris,
+            available_to_other_tenants=object.sign_in_audience,
+            sign_in_audience=object.sign_in_audience
         )
 
     async def get_application(self, obj_id):

diff --git a/tests/integration/targets/azure_rm_adapplication/tasks/main.yml b/tests/integration/targets/azure_rm_adapplication/tasks/main.yml
@@ -24,7 +24,7 @@
 - name: Create application with more parameter
   azure_rm_adapplication:
     display_name: "{{ display_name }}-01"
-    available_to_other_tenants: false
+    sign_in_audience: AzureADandPersonalMicrosoftAccount
     credential_description: "for test"
     end_date: 2021-10-01
     start_date: 2021-05-18