azuread_conditional_access_policy resource with external_tenants is not accepted by Graph API
#1555
Comments
sdx-jkataja
changed the title
external_tenants results in 400 Bad Request from Graph APIexternal_tenants is not accepted by Graph API
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Community Note
Terraform (and AzureAD Provider) Version
Terraform version: 1.9.5
Terraform Azure AD provider version 3.0.2
Affected Resource(s)
azuread_conditional_access_policyTerraform Configuration Files
My intention is to create a Conditional Access Policy that excludes an external tenant
Debug Output
Part of request body which Terraform AzureAD sends to Microsoft Graph API
{ "@odata.type": "#microsoft.graph.conditionalAccessPolicy", ... "users": { "excludeGuestsOrExternalUsers": { "externalTenants": { "members": [ "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" ], "membershipKind": "enumerated" }, "guestOrExternalUserTypes": "serviceProvider" }, ...Response body which Terraform AzureAD receives from Microsoft Graph API
{ "error": { "code": "BadRequest", "message": "1007: Incoming ConditionalAccessPolicy object is null or does not match the schema of ConditionalAccessPolicy type. For examples, please see API documentation at https://docs.microsoft.com/en-us/graph/api/conditionalaccessroot-post-policies?view=graph-rest-1.0.", "innerError": { "date": "2024-10-29T16:10:00", "request-id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "client-request-id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" } } }Panic Output
Expected Behavior
Conditional Access Policy is created
Actual Behavior
Conditional Access Policy results in Microsoft Graph API returning HTTP 400 Bad Request
Steps to Reproduce
terraform applyImportant Factoids
References
The text was updated successfully, but these errors were encountered: