new resource azurerm_graph_account
#22334
Conversation
|
|
||
| resource "azurerm_graph_account" "test" { | ||
| name = "acctesta-%[2]d" | ||
| app_id = azuread_application.test.application_id |
There was a problem hiding this comment.
this resource is depend on an azuread_application, however through my local test the resource creation may fail occationally with error even after the ad app is created: performing AccountsCreateAndUpdate: unexpected status 400 with error: BadRequest: The application was not found in this tenant.. The service team told that this is hard to change and advices to use a predefined azure ad app, can we do this?
There was a problem hiding this comment.
This is a common issue particularly when crossing service boundaries such as this. We can use the calling principal to work around this for now - you can grab this from the environment variable ARM_CLIENT_ID in the test function, see the following suggestion.
| Type: pluginsdk.TypeString, | ||
| }, | ||
| "resource_group_name": commonschema.ResourceGroupName(), | ||
| "app_id": { |
There was a problem hiding this comment.
Can we rename this to application_id to align with AzureAD resources
|
|
||
| resource "azurerm_graph_account" "test" { | ||
| name = "acctesta-%[2]d" | ||
| app_id = azuread_application.test.application_id |
There was a problem hiding this comment.
This is a common issue particularly when crossing service boundaries such as this. We can use the calling principal to work around this for now - you can grab this from the environment variable ARM_CLIENT_ID in the test function, see the following suggestion.
|
|
||
| resource "azurerm_graph_account" "test" { | ||
| name = "acctesta-%[2]d" | ||
| app_id = azuread_application.test.application_id |
There was a problem hiding this comment.
| app_id = azuread_application.test.application_id | |
| application_id = "%[3]s" |
| app_id = azuread_application.test.application_id | ||
| resource_group_name = azurerm_resource_group.test.name | ||
| } | ||
| `, r.template(data), data.RandomInteger) |
There was a problem hiding this comment.
| `, r.template(data), data.RandomInteger) | |
| `, r.template(data), data.RandomInteger, clientId) |
…zurerm into graph_account
|
Hi @manicminer , thanks for reviewing this. I have modified the testcases, but we cannot create two graph account for single ad application, so I have made the test running in serial. |
|
Hi @manicminer, kindly ping. The service team is asking for this. |
|
Apologies @teowa, will look at this today |
There was a problem hiding this comment.
Thanks @teowa, this mostly LGTM. If you can take a look at the comments below, then this should be good to merge.
Tests look good for me:
| "name": { | ||
| ForceNew: true, | ||
| Required: true, | ||
| Type: pluginsdk.TypeString, |
There was a problem hiding this comment.
We should validate this property
| Location: pointer.To(location.Normalize("global")), | ||
| Properties: graphservicesprods.AccountResourceProperties{ | ||
| AppId: config.ApplicationId, | ||
| }, | ||
| Tags: tags.Expand(config.Tags), |
There was a problem hiding this comment.
Can we tidy this up? i.e. move Properties to the end and align the others
| ApplicationId: model.Properties.AppId, | ||
| Name: id.AccountName, ResourceGroupName: id.ResourceGroupName, | ||
| Tags: tags.Flatten(model.Tags), |
There was a problem hiding this comment.
As above, can this be tidied up (one field per line, all aligned for readability)
…m into graph_account
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
reference: