azuread_application_password: deprecate application_id in favour of a…

…pplication_object_id (#107) fixes #106
hashicorp · Jun 12, 2019 · 6ebea62 · 6ebea62
1 parent 2198152
commit 6ebea62
Show file tree

Hide file tree

Showing 11 changed files with 140 additions and 33 deletions.
diff --git a/azuread/data_service_principal.go b/azuread/data_service_principal.go
@@ -3,12 +3,12 @@ package azuread
 import (
 	"fmt"
 
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/validate"
-
-	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
-	"github.com/hashicorp/terraform/helper/schema"
 )
 
 func dataServicePrincipal() *schema.Resource {

diff --git a/azuread/data_user_test.go b/azuread/data_user_test.go
@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/acctest"
-
 	"github.com/hashicorp/terraform/helper/resource"
 )
 

diff --git a/azuread/resource_application.go b/azuread/resource_application.go
@@ -8,6 +8,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
+
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/p"

diff --git a/azuread/resource_application_password.go b/azuread/resource_application_password.go
@@ -7,10 +7,12 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/validate"
 )
 
 func resourceApplicationPassword() *schema.Resource {
@@ -23,15 +25,82 @@ func resourceApplicationPassword() *schema.Resource {
 			State: schema.ImportStatePassthrough,
 		},
 
-		Schema: graph.PasswordResourceSchema("application"),
+		// Schema: graph.PasswordResourceSchema("application_object"), //todo switch back to this in 1.0
+		Schema: map[string]*schema.Schema{
+			"application_id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				ForceNew:      true,
+				Computed:      true,
+				ValidateFunc:  validate.UUID,
+				Deprecated:    "Deprecated in favour of `application_object_id` to prevent confusion",
+				ConflictsWith: []string{"application_id"},
+			},
+
+			"application_object_id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ForceNew:      true,
+				ValidateFunc:  validate.UUID,
+				ConflictsWith: []string{"application_object_id"},
+			},
+
+			"key_id": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.UUID,
+			},
+
+			"value": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				Sensitive:    true,
+				ValidateFunc: validate.NoEmptyStrings,
+			},
+
+			"start_date": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.ValidateRFC3339TimeString,
+			},
+
+			"end_date": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"end_date_relative"},
+				ValidateFunc:  validation.ValidateRFC3339TimeString,
+			},
+
+			"end_date_relative": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"end_date"},
+				ValidateFunc:  validate.NoEmptyStrings,
+			},
+		},
 	}
 }
 
 func resourceApplicationPasswordCreate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*ArmClient).applicationsClient
 	ctx := meta.(*ArmClient).StopContext
 
-	objectId := d.Get("application_id").(string)
+	objectId := d.Get("application_object_id").(string)
+	if objectId == "" { // todo remove in 1.0
+		objectId = d.Get("application_id").(string)
+	}
+	if objectId == "" {
+		return fmt.Errorf("one of `application_object_id` or `application_id` must be specified")
+	}
 
 	cred, err := graph.PasswordCredentialForResource(d)
 	if err != nil {
@@ -95,7 +164,8 @@ func resourceApplicationPasswordRead(d *schema.ResourceData, meta interface{}) e
 	}
 
 	// todo, move this into a graph helper function?
-	d.Set("application_id", id.ObjectId)
+	d.Set("application_object_id", id.ObjectId)
+	d.Set("application_id", id.ObjectId) //todo remove in 2.0
 	d.Set("key_id", id.KeyId)
 
 	if endDate := credential.EndDate; endDate != nil {

diff --git a/azuread/resource_application_password_test.go b/azuread/resource_application_password_test.go
@@ -4,12 +4,12 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
-	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
-
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 )
 
 func testCheckADApplicationPasswordExists(name string) resource.TestCheckFunc { //nolint unparam
@@ -101,6 +101,30 @@ func TestAccAzureADApplicationPassword_basic(t *testing.T) {
 	})
 }
 
+func TestAccAzureADApplicationPassword_basicOld(t *testing.T) {
+	resourceName := "azuread_application_password.test"
+	applicationId := uuid.New().String()
+	value := uuid.New().String()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckADApplicationPasswordCheckDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccADObjectPasswordApplication_basicOld(applicationId, value),
+				Check: resource.ComposeTestCheckFunc(
+					// can't assert on Value since it's not returned
+					testCheckADApplicationPasswordExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "start_date"),
+					resource.TestCheckResourceAttrSet(resourceName, "key_id"),
+					resource.TestCheckResourceAttr(resourceName, "end_date", "2020-01-01T01:02:03Z"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAzureADApplicationPassword_requiresImport(t *testing.T) {
 	if !requireResourcesToBeImported {
 		t.Skip("Skipping since resources aren't required to be imported")
@@ -191,9 +215,21 @@ func testAccADObjectPasswordApplication_basic(applicationId, value string) strin
 %s
 
 resource "azuread_application_password" "test" {
-  application_id       = "${azuread_application.test.id}"
-  value                = "%s"
-  end_date             = "2020-01-01T01:02:03Z"
+  application_object_id = "${azuread_application.test.id}"
+  value                 = "%s"
+  end_date              = "2020-01-01T01:02:03Z"
+}
+`, testAccADApplicationPassword_template(applicationId), value)
+}
+
+func testAccADObjectPasswordApplication_basicOld(applicationId, value string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azuread_application_password" "test" {
+  application_id = "${azuread_application.test.id}"
+  value          = "%s"
+  end_date       = "2020-01-01T01:02:03Z"
 }
 `, testAccADApplicationPassword_template(applicationId), value)
 }
@@ -204,10 +240,10 @@ func testAccADApplicationPassword_requiresImport(applicationId, value string) st
 %s
 
 resource "azuread_application_password" "import" {
-  application_id       = "${azuread_application_password.test.application_id}"
-  key_id               = "${azuread_application_password.test.key_id}"
-  value                = "${azuread_application_password.test.value}"
-  end_date             = "${azuread_application_password.test.end_date}"
+  application_object_id = "${azuread_application_password.test.application_id}"
+  key_id                = "${azuread_application_password.test.key_id}"
+  value                 = "${azuread_application_password.test.value}"
+  end_date              = "${azuread_application_password.test.end_date}"
 }
 `, template)
 }
@@ -217,10 +253,10 @@ func testAccADApplicationPassword_customKeyId(applicationId, keyId, value string
 %s
 
 resource "azuread_application_password" "test" {
-  application_id       = "${azuread_application.test.id}"
-  key_id               = "%s"
-  value                = "%s"
-  end_date             = "2020-01-01T01:02:03Z"
+  application_object_id = "${azuread_application.test.id}"
+  key_id                = "%s"
+  value                 = "%s"
+  end_date              = "2020-01-01T01:02:03Z"
 }
 `, testAccADApplicationPassword_template(applicationId), keyId, value)
 }
@@ -230,9 +266,9 @@ func testAccADApplicationPassword_relativeEndDate(applicationId, value string) s
 %s
 
 resource "azuread_application_password" "test" {
-  application_id       = "${azuread_application.test.id}"
-  value                = "%s"
-  end_date_relative    = "8760h"
+  application_object_id = "${azuread_application.test.id}"
+  value                 = "%s"
+  end_date_relative     = "8760h"
 }
 `, testAccADApplicationPassword_template(applicationId), value)
 }
diff --git a/azuread/resource_application_test.go b/azuread/resource_application_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
+
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 )
 

diff --git a/azuread/resource_service_principal.go b/azuread/resource_service_principal.go
@@ -39,13 +39,13 @@ func resourceServicePrincipal() *schema.Resource {
 				Computed: true,
 			},
 
-			"oauth2_permissions": graph.SchemaOauth2Permissions(),
-
 			"object_id": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
 
+			"oauth2_permissions": graph.SchemaOauth2Permissions(),
+
 			"tags": {
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -113,6 +113,7 @@ func resourceServicePrincipalRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("application_id", app.AppID)
 	d.Set("display_name", app.DisplayName)
 	d.Set("object_id", app.ObjectID)
+
 	// tags doesn't exist as a property, so extract it
 	if err := d.Set("tags", app.Tags); err != nil {
 		return fmt.Errorf("Error setting `tags`: %+v", err)

diff --git a/azuread/resource_service_principal_password_test.go b/azuread/resource_service_principal_password_test.go
@@ -4,12 +4,12 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
-	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
-
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/graph"
 )
 
 func testCheckADServicePrincipalPasswordExists(name string) resource.TestCheckFunc { //nolint unparam

diff --git a/azuread/resource_service_principal_test.go b/azuread/resource_service_principal_test.go
@@ -4,11 +4,11 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
-
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 )
 
 func TestAccAzureADServicePrincipal_basic(t *testing.T) {

diff --git a/azuread/resource_user_test.go b/azuread/resource_user_test.go
@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/acctest"
-
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 

diff --git a/website/docs/r/application_password.html.markdown b/website/docs/r/application_password.html.markdown
@@ -36,7 +36,7 @@ resource "azuread_application_password" "example" {
 
 The following arguments are supported:
 
-* `object_id` - (Required) The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.
+* `application_object_id` - (Required) The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.
 
 * `value` - (Required) The Password for this Application .