Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application improvements #474

Merged
merged 20 commits into from
Jul 21, 2021
Merged

Application improvements #474

merged 20 commits into from
Jul 21, 2021

Conversation

manicminer
Copy link
Member

@manicminer manicminer commented Jun 30, 2021
edited
Loading

  • Case insensitive matching on UUIDs for passwords and certificates
  • Role/scope validation also checks IDs now that users must set it themselves
  • Extensive whole-resource validation when sign_in_audience is changed to include personal accounts, to avoid breakage
  • Updates Hamilton to v0.20.0 for fixes, features and improved odata query support

New Applications Features

  • Support additional properties in the api block
    • accept_mapped_claims
    • known_client_applications
    • requested_access_token_version
  • Export the disabled_by_microsoft attribute
  • Support the logo_url, marketing_url, privacy_statement_url, support_url and terms_of_service_url properties
  • Support the device_only_auth_enabled property
  • Support the oauth2_post_response_required property
  • Export the publisher_domain attribute (this is readonly, awaiting feedback on how we can set this)
  • Support the public_client block
  • Support the single_page_application block
  • Export two computed typemap attributes: app_role_ids and oauth2_permission_scope_ids to alleviate typeset handling with config boilerplate

Closes: #188
Closes: #244
Closes: #286
Closes: #320
Closes: #436
Closes: #462
Closes: #469
Closes: #477

@manicminer manicminer added this to the v2.0.0 milestone Jun 30, 2021
@manicminer manicminer changed the base branch from main to v2 June 30, 2021 14:34
This was linked to issues Jun 30, 2021
Support accessTokenAcceptedVersion in azuread_application #188
Closed
Support reply_url type Spa on azuread_application #244
Closed
Add support for SPA based application clients using PKCE flow #286
Closed
Add support for publicClient #436
Closed
@manicminer manicminer marked this pull request as ready for review June 30, 2021 23:24
@manicminer manicminer mentioned this pull request Jun 30, 2021
Closed
@manicminer manicminer requested a review from a team July 1, 2021 00:00
katbyte
katbyte approved these changes Jul 1, 2021
View reviewed changes
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aside from a few comments on schema this looks good!

internal/services/applications/application_data_source.go Outdated Show resolved Hide resolved
internal/services/applications/application_data_source.go Outdated Show resolved Hide resolved
internal/services/applications/application_resource.go Outdated Show resolved Hide resolved
internal/services/applications/application_resource.go
},

"oauth2_post_response_required": {
Description: "Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this says "post allowed" vs the property name "response_required"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a tricky one since the docs are ambiguous on the behaviour. I'll try to dig up the actual meaning and make it clearer one way or the other.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like this description, which was pulled from application manifest docs, is the only documentation available on this one. Will follow up separately and try to find out more.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any update on this one?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not as yet, have reached out to get some clarity on this field

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've raised this separately as #491 against the 2.0.0 milestone in order to unblock the PR stack :)

internal/services/applications/application_resource.go Show resolved Hide resolved
internal/services/applications/application_resource.go Show resolved Hide resolved
Base automatically changed from v2 to main July 2, 2021 08:40
@manicminer
Copy link
Member Author

@katbyte I've added some additional validation to try and avoid applying bad application configurations; could you take another look before merging? Thanks! :)

@manicminer manicminer requested a review from katbyte July 2, 2021 13:47
@manicminer manicminer modified the milestones: v2.0.0, Blocked Jul 4, 2021
@manicminer
Copy link
Member Author

manicminer commented Jul 4, 2021
edited
Loading

This is unfortunately blocked due to a plugin SDK issue around block handling Resolved with diff suppress func

@manicminer manicminer modified the milestones: Blocked, v2.0.0 Jul 4, 2021
@manicminer
Copy link
Member Author

Test results

Screenshot 2021-07-04 at 19 20 08

katbyte
katbyte approved these changes Jul 6, 2021
View reviewed changes
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aside from a couple comments LGTM 🍰

internal/services/applications/application_data_source.go
@@ -252,6 +349,35 @@ func applicationDataSource() *schema.Resource {
Computed: true,
},

"single_page_application": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if this is a list shouldn't it be plural?

Suggested change
"single_page_application": {
"single_page_applications": {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This block is intended to contain the settings for the application when it's functioning as a single page app (the API container is just spa but I felt it needed expanding)

internal/services/applications/application_resource.go
},

"oauth2_post_response_required": {
Description: "Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests.",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any update on this one?

@manicminer manicminer mentioned this pull request Jul 6, 2021
Closed
@simaotwx simaotwx mentioned this pull request Jul 19, 2021
Closed
manicminer and others added 15 commits July 21, 2021 22:03
@manicminer
Applications: support the oauth2_post_response_required property
94a2faf
@manicminer
Applications: export the publisher_domain attribute
5f19506
@manicminer
Upgrade hamilton to v0.20.0 which includes improved odata query support
edf5808
@manicminer
Applications: support the public_client and single_page_application b…
956944a 
…locks
@manicminer
Applications: support "on_premise_security_identifier" optional claim
dc5588d
@manicminer
Applications: move informational URL properties to the top level
c5e5590
@manicminer
Applications: rename accept_mapped_claims for consistency
d0105cd
@manicminer
Clarify the difference between the old public_client property and t…
7b35795 
…he new `public_client` block
@manicminer
Rename disabled_by_microsoft_status
7824fac
@manicminer
Applications: identifier_uris validation for URNs
e9d83bd
@manicminer
Additional validation for applications
2a1e295
@manicminer
Remove unused resource ID parser
ff5fe2d
@manicminer
Fix attribute typo
a2c57d5
@manicminer
Applications: export the app_role_ids and `oauth2_permission_scope_…
a2ea1f9 
…ids` attributes. Resolve unwanted diffs with a big DiffSuppressFunc instead of selecting setting attributes in state
@manicminer
Doc cleanup
cdf4f18
@manicminer manicminer merged commit 48f63a6 into main Jul 21, 2021
@manicminer manicminer deleted the f/application-improvements branch July 21, 2021 22:15
manicminer added a commit that referenced this pull request Jul 21, 2021
@manicminer
Changelog for #474
8920f02
@manicminer manicminer mentioned this pull request Jul 21, 2021
Open
@JonasKop JonasKop mentioned this pull request Jul 28, 2021
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@katbyte katbyte katbyte approved these changes

Assignees
No one assigned
Labels
api/microsoft-graph dependencies enhancement feature/applications size/XL
Projects
None yet
Milestone
v2.0.0
2 participants
@manicminer @katbyte