Add missing attribute, fix tests

hashicorp · Jul 21, 2021 · 6b43716 · 6b43716
1 parent d9ebb86
commit 6b43716
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/docs/data-sources/service_principal.md b/docs/data-sources/service_principal.md
@@ -48,6 +48,7 @@ The following attributes are exported:
 
 * `account_enabled` - - Whether or not the service principal account is enabled.
 * `alternative_names` - A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
+* `app_role_assignment_required` - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
 * `app_role_ids` - A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
 * `app_roles` - A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
 * `application_tenant_id` - The tenant ID where the associated application is registered.

diff --git a/internal/services/applications/application_data_source_test.go b/internal/services/applications/application_data_source_test.go
@@ -58,8 +58,7 @@ func (ApplicationDataSource) testCheck(data acceptance.TestData) resource.TestCh
 		check.That(data.ResourceName).Key("display_name").HasValue(fmt.Sprintf("acctest-APP-complete-%d", data.RandomInteger)),
 		check.That(data.ResourceName).Key("group_membership_claims.#").HasValue("1"),
 		check.That(data.ResourceName).Key("group_membership_claims.0").HasValue("All"),
-		check.That(data.ResourceName).Key("identifier_uris.#").HasValue("1"),
-		check.That(data.ResourceName).Key("identifier_uris.0").HasValue(fmt.Sprintf("api://hashicorptestapp-%d", data.RandomInteger)),
+		check.That(data.ResourceName).Key("identifier_uris.#").HasValue("2"),
 		check.That(data.ResourceName).Key("oauth2_permission_scope_ids.%").HasValue("2"),
 		check.That(data.ResourceName).Key("optional_claims.#").HasValue("1"),
 		check.That(data.ResourceName).Key("optional_claims.0.access_token.#").HasValue("2"),

diff --git a/internal/services/serviceprincipals/service_principal_data_source.go b/internal/services/serviceprincipals/service_principal_data_source.go
@@ -69,6 +69,12 @@ func servicePrincipalData() *schema.Resource {
 				},
 			},
 
+			"app_role_assignment_required": {
+				Description: "Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application",
+				Type:        schema.TypeBool,
+				Computed:    true,
+			},
+
 			"application_tenant_id": {
 				Description: "The tenant ID where the associated application is registered",
 				Type:        schema.TypeString,
@@ -283,6 +289,7 @@ func servicePrincipalDataSourceRead(ctx context.Context, d *schema.ResourceData,
 
 	tf.Set(d, "account_enabled", servicePrincipal.AccountEnabled)
 	tf.Set(d, "alternative_names", tf.FlattenStringSlicePtr(servicePrincipal.AlternativeNames))
+	tf.Set(d, "app_role_assignment_required", servicePrincipal.AppRoleAssignmentRequired)
 	tf.Set(d, "app_role_ids", helpers.ApplicationFlattenAppRoleIDs(servicePrincipal.AppRoles))
 	tf.Set(d, "app_roles", helpers.ApplicationFlattenAppRoles(servicePrincipal.AppRoles))
 	tf.Set(d, "application_id", servicePrincipal.AppId)

diff --git a/internal/services/serviceprincipals/service_principal_data_source_test.go b/internal/services/serviceprincipals/service_principal_data_source_test.go
@@ -57,18 +57,18 @@ func (ServicePrincipalDataSource) testCheckFunc(data acceptance.TestData) resour
 		check.That(data.ResourceName).Key("app_role_assignment_required").HasValue("true"),
 		check.That(data.ResourceName).Key("app_role_ids.%").HasValue("2"),
 		check.That(data.ResourceName).Key("app_roles.#").HasValue("2"),
-		check.That(data.ResourceName).Key("application_id").Exists(),
+		check.That(data.ResourceName).Key("application_id").IsUuid(),
 		check.That(data.ResourceName).Key("application_tenant_id").HasValue(tenantId),
 		check.That(data.ResourceName).Key("description").HasValue("An internal app for testing"),
 		check.That(data.ResourceName).Key("display_name").Exists(),
 		check.That(data.ResourceName).Key("homepage_url").HasValue(fmt.Sprintf("https://test-%d.internal", data.RandomInteger)),
-		check.That(data.ResourceName).Key("login").HasValue(fmt.Sprintf("https://test-%d.internal/login", data.RandomInteger)),
+		check.That(data.ResourceName).Key("login_url").HasValue(fmt.Sprintf("https://test-%d.internal/login", data.RandomInteger)),
 		check.That(data.ResourceName).Key("logout_url").HasValue(fmt.Sprintf("https://test-%d.internal/logout", data.RandomInteger)),
 		check.That(data.ResourceName).Key("notes").HasValue("Just testing something"),
 		check.That(data.ResourceName).Key("notification_email_addresses.#").HasValue("2"),
 		check.That(data.ResourceName).Key("oauth2_permission_scope_ids.%").HasValue("2"),
 		check.That(data.ResourceName).Key("oauth2_permission_scopes.#").HasValue("2"),
-		check.That(data.ResourceName).Key("object_id").Exists(),
+		check.That(data.ResourceName).Key("object_id").IsUuid(),
 		check.That(data.ResourceName).Key("redirect_uris.#").HasValue("2"),
 		check.That(data.ResourceName).Key("service_principal_names.#").HasValue("2"),
 		check.That(data.ResourceName).Key("sign_in_audience").HasValue("AzureADMyOrg"),