From c5c07c41bb6e62a3f6cce0a942406f4d2cbbddfb Mon Sep 17 00:00:00 2001
From: Aris van Ommeren <avommeren@vxcompany.com>
Date: Tue, 11 Apr 2023 21:51:03 +0200
Subject: [PATCH] `azurerm_[linux|windows]_[function|web]_app[_slot]` - Fix
 nilpointer `auth_v2` again including test

Fixes #21375
---
 .../services/appservice/helpers/auth_v2_schema.go    |  7 ++++++-
 .../linux_function_app_resource_authv2_test.go       | 12 +++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/internal/services/appservice/helpers/auth_v2_schema.go b/internal/services/appservice/helpers/auth_v2_schema.go
index 52510e1d7e666..45fe5fcecc007 100644
--- a/internal/services/appservice/helpers/auth_v2_schema.go
+++ b/internal/services/appservice/helpers/auth_v2_schema.go
@@ -978,9 +978,14 @@ func expandAadAuthV2Settings(input []AadAuthV2Settings) *web.AzureActiveDirector
 			}
 			result.Validation.DefaultAuthorizationPolicy = &web.DefaultAuthorizationPolicy{}
 			if len(aad.AllowedGroups) > 0 {
-				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals.Groups = pointer.To(aad.AllowedGroups)
+				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals = &web.AllowedPrincipals{
+					Groups: pointer.To(aad.AllowedGroups),
+				}
 			}
 			if len(aad.AllowedIdentities) > 0 {
+				if result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals == nil {
+					result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals = &web.AllowedPrincipals{}
+				}
 				result.Validation.DefaultAuthorizationPolicy.AllowedPrincipals.Identities = pointer.To(aad.AllowedIdentities)
 			}
 		}
diff --git a/internal/services/appservice/linux_function_app_resource_authv2_test.go b/internal/services/appservice/linux_function_app_resource_authv2_test.go
index 74673ddf2ac1b..a5a8c43fadc2e 100644
--- a/internal/services/appservice/linux_function_app_resource_authv2_test.go
+++ b/internal/services/appservice/linux_function_app_resource_authv2_test.go
@@ -248,12 +248,19 @@ provider "azurerm" {
   features {}
 }
 
+provider "azuread" {}
+
 %s
 
 data "azurerm_client_config" "current" {}
 
+resource "azuread_group" "test" {
+	display_name     = "acctestspa-%d"
+	security_enabled = true
+}
+
 resource "azurerm_linux_function_app" "test" {
-  name                = "acctest-LFA-%d"
+  name                = "acctest-LFA-%[2]d"
   location            = azurerm_resource_group.test.location
   resource_group_name = azurerm_resource_group.test.name
   service_plan_id     = azurerm_service_plan.test.id
@@ -271,6 +278,8 @@ resource "azurerm_linux_function_app" "test" {
     app_setting_names = ["%[3]s"]
   }
 
+
+
   auth_settings_v2 {
     auth_enabled           = true
     unauthenticated_action = "Return401"
@@ -278,6 +287,7 @@ resource "azurerm_linux_function_app" "test" {
       client_id                  = data.azurerm_client_config.current.client_id
       client_secret_setting_name = "%[3]s"
       tenant_auth_endpoint       = "https://sts.windows.net/%[5]s/v2.0"
+      allowed_groups             = [azuread_group.test.object_id]
     }
 
     login {