azurerm_[linux|windows]_[function|web]_app[_slot] - Fix nilpointer …

…`auth_v2` again including test Fixes #21375
hashicorp · Apr 11, 2023 · c5c07c4 · c5c07c4
1 parent dac253e
commit c5c07c4
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/internal/services/appservice/helpers/auth_v2_schema.go b/internal/services/appservice/helpers/auth_v2_schema.go
@@ -978,9 +978,14 @@ func expandAadAuthV2Settings(input []AadAuthV2Settings) *web.AzureActiveDirector
 			}
 			result.Validation.DefaultAuthorizationPolicy = &web.DefaultAuthorizationPolicy{}
 			if len(aad.AllowedGroups) > 0 {
-				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals.Groups = pointer.To(aad.AllowedGroups)
+				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals = &web.AllowedPrincipals{
+					Groups: pointer.To(aad.AllowedGroups),
+				}
 			}
 			if len(aad.AllowedIdentities) > 0 {
+				if result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals == nil {
+					result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals = &web.AllowedPrincipals{}
+				}
 				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals.Identities = pointer.To(aad.AllowedIdentities)
 			}
 		}

diff --git a/internal/services/appservice/linux_function_app_resource_authv2_test.go b/internal/services/appservice/linux_function_app_resource_authv2_test.go
@@ -248,12 +248,19 @@ provider "azurerm" {
   features {}
 }
 
+provider "azuread" {}
+
 %s
 
 data "azurerm_client_config" "current" {}
 
+resource "azuread_group" "test" {
+	display_name     = "acctestspa-%d"
+	security_enabled = true
+}
+
 resource "azurerm_linux_function_app" "test" {
-  name                = "acctest-LFA-%d"
+  name                = "acctest-LFA-%[2]d"
   location            = azurerm_resource_group.test.location
   resource_group_name = azurerm_resource_group.test.name
   service_plan_id     = azurerm_service_plan.test.id
@@ -271,13 +278,16 @@ resource "azurerm_linux_function_app" "test" {
     app_setting_names = ["%[3]s"]
   }
 
+
+
   auth_settings_v2 {
     auth_enabled           = true
     unauthenticated_action = "Return401"
     active_directory_v2 {
       client_id                  = data.azurerm_client_config.current.client_id
       client_secret_setting_name = "%[3]s"
       tenant_auth_endpoint       = "https://sts.windows.net/%[5]s/v2.0"
+      allowed_groups             = [azuread_group.test.object_id]
     }
 
     login {