-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XDR-3403: Update Terraform's Azuread provider to 2.x #5
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, I only have some minor changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the variable names changing this is a breaking change.
Please amend the commit that changes the vars to include either (major)
or (breaking)
instead of (feat)
.
https://github.com/quantum-sec/meta/blob/master/standards/versioning/README.md#incrementing-versions
The default value has also been changed.
07da8b4
to
399b142
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if the uuid()
changes for each terraform apply
.
Merely using uuid() would generate a new value each time we apply the resource. We can avoid this by generating a random_uuid resource per oauth2_permission_scopes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, I think you can merge this but do a tf plan first to make sure changes are reflected.
2 modules are upgraded to use azuread provider 2.22:
There wasn't any example code for azuread-service-principal, so we add that.
Many of the changes are simply
api
andweb
blocks)However there are some more significant changes:
azuread-application: available_to_other_tenants
This argument
available_to_other_tenants
is changed tosign_in_audience
. And while it was previously a boolean, it is now a string, with the following possible values:azuread-service-principal-password: password
We used to take in an optional input
password
. Ifpassword
isn't specified, we would generate one (using therandom_password
resource).From v 2.0 onwards, this is no longer possible. The password will be generated; it cannot be specified.