Skip to content

Add powerplatform_environment_application_admin resource #786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Add powerplatform_environment_application_admin resource #786

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented May 20, 2025
edited
Loading

This PR implements the powerplatform_environment_application_admin resource that ensures a service principal exists as an application user with the System Administrator role in a Dataverse environment.

Key Features

  • Ensures Application User Exists: Adds the specified service principal to a Dataverse environment as an application user with System Administrator privileges
  • Idempotent Operation: Create operation will succeed even if the application user already exists
  • Drift Detection: If the application user is removed outside of Terraform, the resource will be marked for recreation
  • Import Support: Resource can be imported with the format {environment_id}/{application_id}
  • Delete is a No-Op: Since Dataverse doesn't support removing application users via API, resource deletion does not remove the app user

Technical Implementation

  • Uses the BAP Admin API POST /providers/Microsoft.BusinessAppPlatform/scopes/admin/enroll to add the application user
  • Uses the Dataverse Web API to query for the application user's existence during Read operations
  • Stores a composite ID in the format {environment_id}/{application_id}

Example Usage

resource "powerplatform_environment_application_admin" "import_fix" {
  environment_id = var.environment_id        # GUID of environment
  application_id = var.spn_application_id    # GUID (client ID) of the SP
}

This resource is especially useful for imported environments where service principals don't already have Dataverse access.

Fixes #782.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

  • checkpoint-api.hashicorp.com
    • Triggering command: /tmp/go-build2494529128/b001/environment_application_admin.test -test.testlogfile=/tmp/go-build2494529128/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true (dns block)
    • Triggering command: tfplugindocs generate --provider-name powerplatform --rendered-provider-name Power Platform (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Copilot @mawasile
Implement powerplatform_environment_application_admin resource
3927f7d 
Co-authored-by: mawasile <50197777+mawasile@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] powerplatform_environment_application_admin resource Add powerplatform_environment_application_admin resource May 20, 2025
@Copilot Copilot AI requested a review from mawasile May 20, 2025 08:56
Copilot finished work on behalf of mawasile May 20, 2025 08:56
github-advanced-security[bot]
github-advanced-security bot found potential problems May 20, 2025
View reviewed changes
@mawasile mawasile added the copilot fixed using GitHub copilot autonomous agent label May 20, 2025
mawasile
mawasile reviewed May 20, 2025
View reviewed changes
internal/services/environment_application_admin/resource_environment_application_admin.go Outdated
"github.com/microsoft/terraform-provider-power-platform/internal/helpers"
)

// NewEnvironmentApplicationAdminResource creates a new instance of the resource
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment should end in a period (godot)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added period to comment in d1989f9

internal/services/environment_application_admin/resource_environment_application_admin.go Outdated
return
}

// If the application user doesn't exist, remove resource from state
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment should end in a period (godot)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added period to comment in d1989f9

@Copilot @mawasile
Fix code review feedback for environment_application_admin resource
d1989f9 
Co-authored-by: mawasile <50197777+mawasile@users.noreply.github.com>
Copilot finished work on behalf of mawasile May 20, 2025 09:45
@mawasile mawasile closed this May 21, 2025
@mawasile mawasile deleted the copilot/fix-782 branch May 21, 2025 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mawasile mawasile

Assignees

@mawasile mawasile

Copilot code review Copilot

Labels
copilot fixed using GitHub copilot autonomous agent
Projects
None yet
Milestone
No milestone
Development

Error loading sessions

Retrying...

Successfully merging this pull request may close these issues.

powerplatform_environment_application_admin resource
2 participants
@Copilot @mawasile