FEATURES:
- New Data Source:
azuread_directory_role_templates
(#1152) - New Data Source:
azuread_named_location
(#1156)
IMPROVEMENTS:
azuread_access_package_assignment_policy
- support theManager
value for thereview_type
property in theassignment_review_settings
block (#1159)azuread_conditional_access_policy
- support for theservice_principal_risk_levels
property in theconditions
block (#1145)azuread_conditional_access_policy
- thegrant_controls
block is now optional (#1155)
BUG FIXES:
azuread_access_package_resource_package_association
- support destruction of this resource (#1124)azuread_application
- set thedisplay_name
property correctly on creation to improve UX in the event of failure (#1160)
IMPROVEMENTS:
- dependencies: updating to
v0.62.0
ofgithub.com/manicminer/hamilton
data.azuread_user
- supporting looking up a user using theemployee_id
property (#1040)data.azuread_users
- supporting looking up users using theemployee_ids
property (#1040)azuread_conditional_access_policy
- support for theclient_applications
block in theconditions
block (#1047)azuread_conditional_access_policy
- support for thedisable_resilience_defaults
property in thesession_controls
block (#1135)azuread_group
- thebehaviors
property now supports theCalendarMemberReadOnly
andConnectorsDisabled
values (#1144)
IMPROVEMENTS:
- dependencies: updating to
v0.20230511.1094507
ofgithub.com/hashicorp/go-azure-sdk
(#1100)
BUG FIXES:
- provider: fix a token refresh bug that could cause authentication errors after initial token expiry (#1100)
FEATURES:
- New Data Source:
azuread_access_package_catalog_role
(#1033) - New Resource:
azuread_access_package_catalog_role_assignment
(#1033)
BUG FIXES:
- Provider: fix an issue where API requests might not be retried correctly (#1090)
azuread_service_principal_token_signing_certificate
- fix a crash when importing legacy certificates (#1082)
BUG FIXES:
azuread_group
- remove conditional ForceNew for theonpremises_group_type
property, resolve breaking change in v2.37.1 (#1076)azuread_group
- improve a workaround for reading Microsoft 365-only properties for groups in a non-M365 tenant (#1076)azuread_group
- improve a workaround for detecting unwanted changes to thedescription
property (#1074)
NOTES:
- This release contains a breaking change with the
azuread_group
resource, in order to fix a regression. Please see #1072 for workaround information.
BUG FIXES:
azuread_group
- fix a regression that causedonpremises_group_type
to be set when not configured, and unsetting this property now forces replacement of the resource (#1070)
FEATURES:
- New Data Source:
azuread_access_package
(#903) - New Data Source:
azuread_access_package_catalog
(#903) - New Resource:
azuread_access_package
(#903) - New Resource:
azuread_access_package_assignment_policy
(#903) - New Resource:
azuread_access_package_catalog
(#903) - New Resource:
azuread_access_package_resource_catalog_association
(#903) - New Resource:
azuread_access_package_resource_package_association
(#903) - New Resource:
azuread_administrative_unit_role_member
(#983) - New Resource:
azuread_user_flow_attribute
(#1063)
IMPROVEMENTS:
- dependencies: updating to
v0.60.0
ofgithub.com/manicminer/hamilton
(#1062) data.azuread_application
- support for theservice_management_reference
attribute (#1046)data.azuread_group
- support for theonpremises_group_type
andwriteback_enabled
attributes (#964)data.azuread_user
- support for themail
property (#996)azuread_application
- support for theservice_management_reference
property (#1046)azuread_group
- support for theonpremises_group_type
andwriteback_enabled
properties (#964)
IMPROVEMENTS:
- Provider: requests to Microsoft Graph no longer include the tenant ID as part of the URI path (#1039)
BUG FIXES:
azuread_group
- work around an API issue that prevented group creation for some configurations where the calling principal is specified as an owner (#1037)
BUG FIXES:
azuread_application_federated_identity_credential
- theaudiences
property now only supports a single value due to a breaking API change (#1027)azuread_group
- only try to set additional fields when explicitly configured, to work around an API bug when application-only permissions are used (#1028)azuread_service_principal
- resolve an issue where newly created service principals might not be found when specifyinguse_existing = true
(#1025)
IMPROVEMENTS:
- Provider: support for the
metadata_host
property (#1026) - Provider: authentication now uses the
github.com/hashicorp/go-azure-sdk/sdk/auth
package (#1026) - Provider: cloud configuration now uses the
github.com/hashicorp/go-azure-sdk/sdk/environments
package (#1026) data.azuread_application
- support for thenotes
attribute (#1027)data.azuread_directory_roles
- support for thetemplate_ids
attribute (#1011)azuread_application
- support for thenotes
property (#1027)azuread_group
- support for theadministrative_unit_ids
property (#984)azuread_synchronization_job
- fix a bug where the incorrect API version was used, preventing this resource from working properly (#1030)azuread_synchronization_secret
- fix a bug where the incorrect API version was used, preventing this resource from working properly (#1030)
BUG FIXES:
azuread_administrative_unit
- revert to the Microsoft Graph beta API version to resolve an API error when using this resource (#1023)azuread_application
- revert to the Microsoft Graph beta API version to resolve an issue preventing creation of new applications (#1023)azuread_application
- revert to the Microsoft Graph beta API version to resolve an issue preventing setting theoauth2_post_response_required
property (#1023)azuread_application_pre_authorized
- revert to the Microsoft Graph beta API version to resolve an issue creating this resource (#1023)azuread_group
- revert to the Microsoft Graph beta API version to resolve an issue when managing group members (#1023)azuread_group_member
- revert to the Microsoft Graph beta API version to resolve an issue when managing group members (#1023)azuread_user
- revert to the Microsoft Graph beta API version to resolve a persistent diff for theaccount_enabled
andshow_in_address_list
properties (#1023)
IMPROVEMENTS:
- Provider: All resources will now explicitly use the Microsoft Graph v1.0 API unless stated otherwise in the provider documentation (#990)
data.azuread_application
- support thedescription
attribute (#991)azuread_application
- support app role and scope values up to 249 characters (#1010)
BUG FIXES:
- Provider: Support authentication scenarios where the
oid
claim is missing from the access token (#1014) data.azuread_application_template
- revert a workaround from v2.31.0 and no longer use the beta API for this data source (#987)azuread_application
- work around an API bug wheremapped_claims_enabled
could be set on create when holding theApplication.ReadWrite.OwnedBy
role (#1008)
FEATURES:
- New Resource:
azuread_service_principal_token_signing_certificate
(#968)
IMPROVEMENTS:
azuread_application
- support thedescription
property (#977)
BUG FIXES:
azuread_service_principal_delegated_permission_grant
- fix a bug that caused state refreshes to fail if the resource is edited outside Terraform (#981)azuread_group
- fix a validation bug to allow periods (.) in themail_nickname
property (#979)azuread_group
- fix a bug that prevents replacing a group whenprevent_duplicate_names = true
(#980)azuread_group
- set thedisplay_name
property correctly on creation so that triggered notification emails are correct (#982)
FEATURES:
- New Data Source:
azuread_directory_roles
(#945)
IMPROVEMENTS:
azuread_application
- support thecloud_displayname
optional claim (#967)
BUG FIXES:
azuread_application
- improve validation when checking for duplicate app roles and permission scopes (#971)
IMPROVEMENTS:
azuread_application
- validation foridentifier_uris
to detect trailing slash with no path (#928)
BUG FIXES:
data.azuread_application_template
- work around an API bug in the US Government cloud, by using the beta API (#936)azuread_application
- fix a bug whereowners
where not correctly removed (#916)azuread_application
- work around an API bug in the US Government cloud, by using the beta API whentemplate_id
is specified (#936)
FEATURES:
- New Resource:
azuread_synchronization_job
(#830) - New Resource:
azuread_synchronization_secret
(#830)
IMPROVEMENTS:
- Provider: support for the
oidc_token_file_path
property &ARM_OIDC_TOKEN_FILE_PATH
environment variable (#897) data.azuread_service_principal
- this resource now makes use of the MS Graph v1.0 API instead of the beta API (#896)azuread_service_principal
- this resource now makes use of the MS Graph v1.0 API instead of the beta API (#896)
BUG FIXES:
- Provider: fix a bug that could cause GitHub OIDC authentication to fail (#876)
FEATURES
- Provider: support for generic OIDC authentication providers (#874)
- New Data Source:
azuread_directory_object
(#847)
IMPROVEMENTS:
azuread_application
- supportmax_size_limit
as a value for theadditional_properties
property in theoptional_claims
block (#864)
NOTES:
- This release contains a behavioral change for application/service principal passwords and certificates, when using a relative end date.
BUG FIXES:
data.azuread_group
- ensure security/mail enabled groups are excluded when explicitlyfalse
in config (#841)azuread_application_certificate
- calculateend_date_relative
from thestart_date
and not the current timestamp (#844)azuread_application_password
- calculateend_date_relative
from thestart_date
and not the current timestamp (#844)azuread_service_principal_certificate
- calculateend_date_relative
from thestart_date
and not the current timestamp (#844)azuread_service_principal_password
- calculateend_date_relative
from thestart_date
and not the current timestamp (#844)
BUG FIXES:
azuread_directory_role_assignment
- fix a bug that requireddirectory_scope_id
to be set for unscoped assignments (#840)
IMPROVEMENTS:
azuread_directory_role_assignment
- deprecate theapp_scope_object_id
property in favor of theapp_scope_id
property (#837)azuread_directory_role_assignment
- deprecate thedirectory_scope_object_id
property in favor of thedirectory_scope_id
property (#837)
BUG FIXES:
azuread_directory_role_assignment
- fix incorrect schema validation for scoped role assignments (#837)azuread_directory_role_assignment
- fix a bug that was preventing the creation of some scoped role assignments (#837)azuread_group
- fix a bug where new group creation can error out before the timeout due to API inconsistency (#838)azuread_user
- only setshow_in_address_list
when changed in config as it is a potentially read-only attribute (#831)
FEATURES:
- New Resource:
azuread_directory_role_assignment
(deprecates theazuread_directory_role_member
resource) (#826)
BUG FIXES:
- Provider: Fix a bug causing GitHub OIDC authentication to fail when consuming default environment variables (#822)
FEATURES:
- New Authentication Method: Support for authenticating via OIDC with GitHub Actions (#805)
IMPROVEMENTS:
azuread_user
- allow changing theuser_principal_name
property without recreating the user account (#815)
BUG FIXES:
- Provider: Fix an Azure CLI authentication issue that could fail to autodetect the current tenant ID (#819)
azuread_application_federated_identity_credential
- fix overly restrictive validation for theaudiences
property (#808)azuread_group
- fix a bug that could cause a crash when creating unified groups (#816)
IMPROVEMENTS:
data.azuread_groups
- support theignore_missing
property (#783)azuread_conditional_access_policy
- supportlinux
in theincluded_platforms
andexcluded_platforms
properties (#784)azuread_group
- support theSubscribeMembersToCalendarEventsDisabled
value in thebehaviors
property (#785)
BUG FIXES:
data.azuread_service_principal
- raise an error when multiple results are found for the samedisplay_name
(#781)azuread_group
- ensure that unified groups can be created without adescription
(#783)
BUG FIXES:
azuread_conditional_access_policy
- theincluded_applications
property in theconditions
block is now optional (#775)azuread_conditional_access_policy
- thelocations
andplatforms
blocks are now optional (#775)
FEATURES:
- New Resource:
azuread_claims_mapping_policy
(#733) (#766) - New Resource:
azuread_service_principal_claims_mapping_policy_assignment
(#733) (#766)
BUG FIXES:
azuread_application
- revert an earlier change for validation of role/scope values (#756)
IMPROVEMENTS:
data.azuread_service_principals
- export theobject_id
property in theservice_principals
list (#749)
BUG FIXES:
azuread_application
- add a missing validation check for role/scope values (#750)azuread_conditional_access_policy
- fix a crash during the plan phase whensession_controls
is empty (#747)
BUG FIXES:
azuread_group
- make theauto_subscribe_new_members
,external_senders_allowed
,hide_from_address_lists
andhide_from_outlook_clients
properties Computed to avoid setting them unnecessarily (#731)
FEATURES:
- New Resource:
azuread_custom_directory_role
(#728)
IMPROVEMENTS:
data.azuread_group
- support for theallow_external_senders
,auto_subscribe_new_members
,hide_from_address_lists
andhide_from_outlook_clients
attributes (#723)azuread_group
- support for theallow_external_senders
,auto_subscribe_new_members
,hide_from_address_lists
andhide_from_outlook_clients
properties (#723)
IMPROVEMENTS:
data.azuread_group
- support thedisplay_name_prefix
property (#716)
BUG FIXES:
azuread_application
- remove an unnecessary API call that may require additional permissions, when assigning owners (#713)azuread_service_principal
- remove an unnecessary API call that may require additional permissions, when assigning owners (#713)
FEATURES:
- New Resource:
azuread_application_federated_identity_credential
(#705)
IMPROVEMENTS:
azuread_service_principal_password
: re-add support fordisplay_name
,start_date
,end_date
andend_date_relative
properties (#706)
IMPROVEMENTS:
azuread_group
: support fordynamic_memberships
(#695)
IMPROVEMENTS:
azuread_conditional_access_policy
- support thepersistent_browser_mode
in thesession_controls
block (#677)
BUG FIXES:
azuread_application
- allow URNs to be used inredirect_uris
in thepublic_client
block (#684)azuread_service_principal_delegated_permission_grant
- add missing support for importing this resource (#685)
BREAKING CHANGES:
- Provider: support for the German national cloud, which was closed down as of October 29, 2021, has been removed in this release (#670)
FEATURES:
- New Data Source:
azuread_administrative_unit
(#672) - New Resource:
azuread_administrative_unit
(#672) - New Resource:
azuread_administrative_unit_member
(#672) - New Resource:
azuread_service_principal_delegated_permission_grant
(#676)
IMPROVEMENTS:
azuread_conditional_access_policy
- support thedevices
block (#673)
BUG FIXES:
azuread_conditional_access_policy
- fix a bug when removing thesession_controls
block from a policy (#673)
BUG FIXES:
azuread_group
- fix a bug that prevented removing allmembers
of a group (#666)
BUG FIXES:
- Provider: fix an authentication bug that prevented authorizing using a Managed Identity when running in Azure Cloud Shell (#660)
data.azuread_user
- ensure apostrophes are correctly quoted when matching bymail_nickname
oruser_principal_name
(#643)data.azuread_users
- ensure apostrophes are correctly quoted when matching bymail_nicknames
oruser_principal_names
(#643)azuread_application_certificate
- work around an API consistency issue when deleting resources (#659)azuread_application_password
- work around an API consistency issue when deleting resources (#659)azuread_application
- add mitigation for replication delay when creating new applications (#656)azuread_directory_role_member
- work around an API consistency issue when deleting resources (#659)azuread_group_member
- work around an API consistency issue when deleting resources (#659)azuread_group
- add mitigation for replication delay when creating new groups (#656)azuread_group
- work around an API consistency issue when creating and deleting resources (#659)azuread_invitation
- work around an API consistency issue when creating and deleting resources (#659)azuread_service_principal_certificate
- work around an API consistency issue when deleting resources (#659)azuread_service_principal_password
- work around an API consistency issue when deleting resources (#659)azuread_service_principal
- add mitigation for replication delay when creating new service principals (#656)azuread_service_principal
- work around an API consistency issue when creating and deleting resources (#659)azuread_user
- add mitigation for replication delay when creating new users (#656)azuread_user
- work around an API consistency issue when deleting resources (#659)
BUG FIXES:
azuread_application
- allow custom URI schemes for public client redirect URIs (#647)azuread_group
- ensuremail_nickname
is set for all groups when specified in configuration (#645)
IMPROVEMENTS:
- Provider: log the claims from access tokens for improved debugging ability (#623)
azuread_user
- support for themanager_id
property (#628)azuread_application
- support for thefeature_tags
block and thetags
property (#630)azuread_service_principal
- thefeatures
block has been deprecated in favour of thefeature_tags
for clarity (#630)
IMPROVEMENTS:
- Provider: Generate and log request/response correlation IDs for improved inspection ability in HTTP traces (#621)
BUG FIXES:
- Provider: Implement a workaround for a breaking API change affecting all resources having relationships such as
members
andowners
(#616) azuread_application_certificate
- fix an eventual consistency issue when creating new certificates (#618)azuread_application_password
- fix an eventual consistency issue when creating new passwords (#618)azuread_service_principal_certificate
- fix an eventual consistency issue when creating new certificates (#618)azuread_service_principal_password
- fix an eventual consistency issue when creating new passwords (#618)
IMPROVEMENTS:
data.azuread_groups
- support themail_enabled
andsecurity_enabled
properties (#603)data.azuread_user
- support thecost_center
,division
andemployee_type
attributes (#597)azuread_user
- support thecost_center
,division
andemployee_type
properties (#597)
BUG FIXES:
azuread_application
- support for "myapp://auth" as a public client redirect URI, to support B2C IEF applications (#607)azuread_application
- ensure thatprevent_duplicate_names
does not fail incorrectly whendisplay_name
is not known at plan time (#596)azuread_group
- ensure thatprevent_duplicate_names
does not fail incorrectly whendisplay_name
is not known at plan time (#596)azuread_service_principal
- fix a bug that preventedfeatures
from being empty or having all disabled properties (#602)
FEATURES:
- New Resource:
azuread_app_role_assignment
(#584)
IMPROVEMENTS:
azuread_application_password
- support therotate_when_changed
property (this was previously available as an undocumented propertykeepers
) (#572)azuread_service_principal_password
- support therotate_when_changed
property (this was previously available as an undocumented propertykeepers
) (#572)
FEATURES:
IMPROVEMENTS:
data.azuread_service_principal
- support thefeatures
block (#571)azuread_application
- support thelogo_image
property (#574)azuread_application
- allow URNs to be specified for web redirect URIs (#577)azuread_service_principal
- support thefeatures
block (#571)
BUG FIXES:
azuread_conditional_access_policy
- resolve a number of bugs related to updating an existing conditional access policy (#569)
BUG FIXES:
- Provider: fix a bug in handling retried requests that could cause errors when attempting to read a resource that no longer exists (#564)
FEATURES:
- New Data Source:
azuread_application_template
(#554) - New Data Source:
azuread_service_principals
(#555) - New Resource:
azuread_conditional_access_policy
(#466) - New Resource:
azuread_named_location
(#441)
IMPROVEMENTS:
azuread_application
- support for thetemplate_id
property for creating applications (and service principals) from a template (#554)azuread_service_principal
- support thesaml_single_sign_on
block containing therelay_state
property (#557)azuread_user
- support thedisable_password_expiration
anddisable_strong_password
properties (#550)
BUG FIXES:
- Provider: fix a decoding bug when parsing claims from an access token (#560)
- Provider: attempt to detect when using Azure CLI authentication in Azure Cloud Shell and avoid specifying the tenant ID (#560)
azuread_group
- fix an API error caused by duplicateowners
being mistakenly sent when creating new groups (#553)
FEATURES:
- New Resource:
azuread_invitation
(#445)
BUG FIXES:
data.azuread_client_config
- populate thetenant_id
andclient_id
attributes when authenticating via Azure CLI (#539)azuread_service_principal
- fix a bug that prevented creation of service principals in some cases due toowners
being applied incorrectly (#539)azuread_user
- fix a validation bug for thepassword
property (#543)
IMPROVEMENTS:
data.azuread_groups
- support thereturn_all
property (#520)data.azuread_users
- support thereturn_all
property (#513)azuread_application
- allowredirect_uris
with a scheme ofms-appx-web
(#540)
BUG FIXES:
azuread_application
- fix a bug where unknown IDs or values for roles/scopes were incorrectly flagged as duplicates (#528)
NOTES:
- Major Version: This is a major version upgrade which contains breaking changes. Please read the Upgrade Guide before upgrading, which details all the known breaking changes that practitioners should be aware of.
- Microsoft Graph: The upstream API for Azure Active Directory is now Microsoft Graph, and the deprecated Azure Active Directory Graph API is no longer supported.
FEATURES:
- Provider: Client Certificate authentication now supports specifying an inline certificate (#490)
- New Data Source:
azuread_application_published_app_ids
(#481) - New Resource:
application_pre_authorized
(#472)
IMPROVEMENTS:
data.azuread_application
- theapi
block now supports theaccept_mapped_claims
,known_client_applications
andrequested_access_token_version
attributes (#474)data.azuread_application
- theimplicit_grant
block now supports theid_token_issuance_enabled
attribute (#461)data.azuread_application
- theoptional_claims
block now supports thesaml2_token
attribute (#461)data.azuread_application
- export thedisabled_by_microsoft
attribute (#474)data.azuread_application
- export thedevice_only_auth_enabled
andoauth2_post_response_required
attributes (#474)data.azuread_application
- export thelogo_url
,marketing_url
,privacy_statement_url
andterms_of_service_url
attributes (#474)data.azuread_application
- export thepublisher_domain
attribute (#474)data.azuread_application
- export thepublic_client
block (#474)data.azuread_application
- export thesingle_page_application
block (#474)data.azuread_application
- export theapp_role_ids
andoauth2_permission_scope_ids
attributes (#474)data.azuread_domains
- export theadmin_managed
,root
andsupported_services
attributes for each domain (#461)data.azuread_domains
- support theadmin_managed
,only_root
andsupports_services
properties (#461)data.azuread_group
- export theassignable_to_role
,behaviors
,mail_nickname
,theme
andvisibility
attributes (#476)data.azuread_group
- export themail
,preferred_language
andproxy_addresses
attributes (#476)data.azuread_group
- export theonpremises_domain_name
,onpremises_netbios_name
,onpremises_sam_account_name
,onpremises_security_identifier
andonpremises_sync_enabled
attributes (#476)data.azuread_service_principal
- export theaccount_enabled
,login_url
andpreferred_single_sign_on_mode
attributes (#481)data.azuread_service_principal
- export thealternative_names
,description
,notes
andnotification_email_addresses
attributes (#481)data.azuread_service_principal
- export theapp_role_ids
andoauth2_permission_scope_ids
attributes (#481)data.azuread_service_principal
- export theapplication_tenant_id
,display_name
,service_principal_names
,sign_in_audience
andtype
attributes (#481)data.azuread_service_principal
- export thehomepage_url
,logout_url
,redirect_uris
andsaml_metadata_url
attributes (#481)data.azuread_user
- export theage_group
andconsent_provided_for_minor
attributes (#476)data.azuread_user
- export thebusiness_phones
,employee_id
,fax_number
andpreferred_language
attributes (#476)data.azuread_user
- export themail
,other_mails
andshow_in_address_list
attributes (#476)data.azuread_user
- export thecreation_type
,external_user_state
,im_addresses
andproxy_addresses
attributes (#476)data.azuread_user
- export theonpremises_distinguished_name
,onpremises_domain_name
,onpremises_security_identifier
andonpremises_sync_enabled
attributes (#476)azuread_application
- theapi
block now supports theaccept_mapped_claims
,known_client_applications
andrequested_access_token_version
properties (#474)azuread_application
- theimplicit_grant
block now supports theid_token_issuance_enabled
property (#461)azuread_application
- theoptional_claims
block now supports thesaml2_token
block (#461)azuread_application
- thesign_in_audience
property now supports theAzureADandPersonalMicrosoftAccount
andPersonalMicrosoftAccount
values (#461)azuread_application
- export thedisabled_by_microsoft
attribute (#474)azuread_application
- export thepublisher_domain
attribute (#474)azuread_application
- support thedevice_only_auth_enabled
andoauth2_post_response_required
properties (#474)azuread_application
- support thelogo_url
,marketing_url
,privacy_statement_url
andterms_of_service_url
properties (#474)azuread_application
- support for thepublic_client
block (#474)azuread_application
- support for thesingle_page_application
block (#474)azuread_application
- export theapp_role_ids
andoauth2_permission_scope_ids
attributes (#474)azuread_application_password
- support thekeepers
property (#481)azuread_group
- support for creating mail-enabled groups (#461)azuread_group
- support for creating Microsoft 365 groups (#461)azuread_group
- support for updating groups without recreating them (#461)azuread_group
- support theassignable_to_role
,behaviors
,mail_nickname
,theme
andvisibility
properties (#476)azuread_group
- export themail
,preferred_language
andproxy_addresses
attributes (#476)azuread_group
- export theonpremises_domain_name
,onpremises_netbios_name
,onpremises_sam_account_name
,onpremises_security_identifier
andonpremises_sync_enabled
attributes (#476)azuread_service_principal
- support theaccount_enabled
,login_url
andpreferred_single_sign_on_mode
properties (#481)azuread_service_principal
- support thealternative_names
,description
,notes
andnotification_email_addresses
properties (#481)azuread_service_principal
- support theowners
property (#519)azuread_service_principal
- support theuse_existing
property (#481)azuread_service_principal
- export theapp_role_ids
andoauth2_permission_scope_ids
attributes (#481)azuread_service_principal
- export theapplication_tenant_id
,display_name
,service_principal_names
,sign_in_audience
andtype
attributes (#481)azuread_service_principal
- export thehomepage_url
,logout_url
,redirect_uris
andsaml_metadata_url
attributes (#481)azuread_service_principal_password
- support thekeepers
property (#481)azuread_user
- support theage_group
andconsent_provided_for_minor
properties (#476)azuread_user
- support thebusiness_phones
,employee_id
,fax_number
andpreferred_language
properties (#476)azuread_user
- support themail
,other_mails
andshow_in_address_list
properties (#476)azuread_user
- export thecreation_type
,external_user_state
,im_addresses
andproxy_addresses
attributes (#476)azuread_user
- export theonpremises_distinguished_name
,onpremises_domain_name
,onpremises_security_identifier
andonpremises_sync_enabled
attributes (#476)
BUG FIXES:
azuread_application
- resolved an issue whereidentifier_uris
could be reordered and cause a persistent diff (#461)azuread_application
- theidentifier_uris
property can now be set for all applications regardless of target platform (#461)azuread_application
- fixed a bug where app roles could be duplicated or left in a disabled state (#461)azuread_application
- fixed a bug where app roles could not be removed from an application (#461)azuread_application
- fixed a bug where theenabled
property of app roles could be ignored (#461)azuread_application
- fixed a bug where theid
property of app roles could be undesirably changed (#461)azuread_application
- resolved an issue where the default scope could not be removed from an application (#461)azuread_application
- resolved an issue where multiplegroup_membership_claims
could not be specified (#461)azuread_application_password
- thedisplay_name
/description
properties are no longer stored using thecustomKeyIdentifier
API field, lifting the 32 byte limit (#461)azuread_group
- fix a bug whereowners
ormembers
would sometimes not be updated (#519)azuread_group
- fix some ownership-related bugs where groups could sometimes not be created or updated (#519)azuread_user
- resolved an issue where importing users would inadvertently reset their password (#461)
BREAKING CHANGES:
data.azuread_domains
- theis_
prefix has been dropped from all exported attributes (#461)data.azuread_application
- thedisplay_name
property is now matched case-insensitively which mirrors the behaviour of Azure Active Directory (#492)data.azuread_application
- the deprecated propertyname
has been removed (#461)data.azuread_application
- the deprecated attributeavailable_to_other_tenants
has been removed (#461)data.azuread_application
- thegroup_membership_claims
attribute has changed from a string to a list of strings (#461)data.azuread_application
- the deprecated attributehomepage
has been removed (#461)data.azuread_application
- the deprecated attributelogout_url
has been removed (#461)data.azuread_application
- the deprecated attributeoauth2_allow_implicit_flow
has been removed (#461)data.azuread_application
- the deprecated attributeoauth2_permissions
has been removed (#461)data.azuread_application
- thepublic_client
attribute is now a block containing public client settings (#461)data.azuread_application
- the deprecated attributereply_urls
has been removed (#461)data.azuread_application
- the deprecated attributetype
has been removed (#461)data.azuread_group
- the deprecated propertyname
has been removed (#461)data.azuread_groups
- the deprecated propertynames
has been removed (#461)data.azuread_service_principal
- the deprecated attributeoauth2_permissions
has been removed (#461)data.azuread_user
- the deprecated attributeimmutable_id
has been removed (#461)data.azuread_user
- the deprecated attributephysical_delivery_office_name
has been removed (#461)data.azuread_user
- the deprecated attributemobile
has been removed (#461)data.azuread_users
- the deprecated attributeimmutable_id
in theusers
block has been removed (#461)azuread_application
- the deprecated propertyname
has been removed (#461)azuread_application
- theapi
block is no longer Computed, omitting this block will cause it to be removed from your configuration (#461)azuread_application
- theapp_role
block is no longer Computed, omitting this block will cause it to be removed from your configuration (#461)azuread_application
- theid
property in theapp_role
block is now Required (#461)azuread_application
- the deprecated propertyavailable_to_other_tenants
has been removed (#461)azuread_application
- thefallback_public_client_enabled
property is no longer Computed, omitting this property will cause the default value to be applied (#461)azuread_application
- thegroup_membership_claims
property has changed from a string to a set of strings (#461)azuread_application
- the deprecated propertyhomepage
has been removed (#461)azuread_application
- theidentifier_uris
property is no longer Computed, omitting this property will cause it to be removed from your configuration (#461)azuread_application
- theidentifier_uris
property has changed from a List to a Set to resolve an API ordering issue (#481)azuread_application
- the deprecated propertylogout_url
has been removed (#461)azuread_application
- the deprecated propertyoauth2_allow_implicit_flow
has been removed (#461)azuread_application
- theoauth2_permission_scope
block is no longer Computed, omitting this block will cause it to be removed from your configuration (#461)azuread_application
- the deprecated blockoauth2_permissions
has been removed (#461)azuread_application
- theowners
property is no longer Computed, omitting this property will cause it to be removed from your configuration (#461)azuread_application
- thepublic_client
property is now a block containing public client settings (#461)azuread_application
- the deprecated propertyreply_urls
has been removed (#461)azuread_application
- thesign_in_audience
property is no longer Computed, omitting this property will cause the default value to be applied (#461)azuread_application
- the deprecated propertytype
has been removed (#461)azuread_application
- theweb
block is no longer Computed, omitting this block will cause it to be removed from your configuration (#461)azuread_application_password
- thekey_id
andvalue
properties are now Computed, due to API changes it is no longer possible to specify these values (#461)azuread_group
- the deprecated propertyname
has been removed (#461)azuread_group
- at least one of themail_enabled
orsecurity_enabled
properties are now Required (#461)azuread_service_principal
- the deprecated attributeoauth2_permissions
has been removed (#461)azuread_service_principal_password
- thekey_id
andvalue
properties are now Computed, due to API changes it is no longer possible to specify these values (#461)azuread_service_principal_password
- thestart_date
andend_date
properties are now Computed, due to an API issue it is no longer possible to specify these values (#461)azuread_user
- the deprecated propertyimmutable_id
has been removed (#461)azuread_user
- the deprecated propertyphysical_delivery_office_name
has been removed (#461)azuread_user
- the deprecated propertymobile
has been removed (#461)
DEPRECATIONS:
azuread_application_app_role
- this resource is deprecated and will be removed in version 2.0 (#465)azuread_application_oauth2_permission
- this resource is deprecated and will be removed in version 2.0 (#465)azuread_application_oauth2_permission_scope
- this resource is deprecated and will be removed in version 2.0 (#465)
BUG FIXES:
- Provider: Suppress a spurious deprecation notice for the
metadata_host
provider field (#439) azuread_application_password
- fix a bug that prevented specifying thedisplay_name
,start_date
,end_date
orend_date_relative
properties when using Microsoft Graph (#444)azuread_group
- fix a bug that prevented creating a group with more than 20 owners or members (#454)azuread_service_principal_password
- fix a bug that prevented specifying thedisplay_name
,start_date
,end_date
orend_date_relative
properties when using Microsoft Graph (#444)
NOTES:
-
Support for Microsoft Graph: This release introduces beta support for Microsoft Graph in a way that is forward (and backward) compatible with the current Azure Active Directory Graph API implementation. We do not recommend enabling this beta in production at this time, but encourage you to try it out in test environments where minimal impact can occur if something doesn't work as expected. See the Migration Guide for more details.
-
Deprecations: This release contains a number of additional deprecations to aid in future upgrades to version 2.0 of this provider. These will be flagged when running Terraform, and are documented in detail in the Migration Guide. Existing configurations will continue to work unchanged for any v1.x release, regardless of which API is used.
IMPROVEMENTS:
data.azuread_user
- export theuser_type
attribute (#406)azuread_user
- export theuser_type
attribute (#401] / [#413)
BUG FIXES:
azuread_application
- validation for theidentifier_uris
property now supports URNs (#426)
IMPROVEMENTS:
- dependencies: updating to build using Go 1.16 which adds support for
darwin/arm64
(Apple Silicon) (#403) - Data Source:
azuread_group
- support for themail_enabled
andsecurity_enabled
properties (#393) azuread_group
- support for themail_enabled
andsecurity_enabled
attributes (#393)
IMPROVEMENTS:
azuread_application_certificate
- support for base64 and hex encoded certificate values (#386)azuread_service_principal_certificate
- support for base64 and hex encoded certificate values (#386)
BUGFIXES:
azuread_application
- set the display name correctly when creating/updating applications using thedisplay_name
property
BUGFIXES:
data.azuread_application
- correctly set thedisplay_name
attribute in state.azuread_application
- correctly set thedisplay_name
attribute in state.
NOTES:
- Terraform Plugin SDK Upgrade: This version upgrades the Terraform Plugin SDK to v2.3.0. This does not provide any additional provider features or resources but is useful for developers and part of our development roadmap.
- Refactor into multiple packages: As part of our preparation for Microsoft Graph support, this release refactors resources and data sources into separate Go packages.
IMPROVEMENTS:
azuread_application
- support new valuesinclude_externally_authenticated_upn
,include_externally_authenticated_upn_without_hash
, anduse_guid
for theadditional_properties
property of theoptional_claims
block.
DEPRECATIONS:
data.azuread_application
- thename
property has been renamed todisplay_name
and will be removed in version 2.0.data.azuread_group
- thename
property has been renamed todisplay_name
and will be removed in version 2.0.data.azuread_groups
- thenames
property has been renamed todisplay_names
and will be removed in version 2.0.azuread_application
- thename
property has been renamed todisplay_name
and will be removed in version 2.0.azuread_application
- thetype
property is now deprecated and will be removed in version 2.0, as there is no longer any distinction between native and webapp/api applications.azuread_group
- thename
property has been renamed todisplay_name
and will be removed in version 2.0.
BUG FIXES:
azuread_application
- resolves an issue where settingprevent_duplicate_names = true
causes an error for new applications (#367)azuread_application
- fixes a bug where the default owner for a new application is removed (#366)
FEATURES:
- Added a flag to allow users to customize the Partner ID or opt-out of the default Terraform Partner ID (#350)
- This release includes updated support for working directly with tenants using Azure CLI authentication. We recommend the use of
az login --allow-no-subscription
to populate tenant-level accounts (which have no subscriptions).
IMPROVEMENTS:
data.azuread_user
- support thegiven_name
,surname
,job_title
,department
,company_name
,physical_delivery_office_name
,street_address
,city
,state
,country
,postal_code
andmobile
attribute (#351)azuread_user
- support thegiven_name
,surname
,job_title
,department
,company_name
,physical_delivery_office_name
,street_address
,city
,state
,country
,postal_code
andmobile
properties (#351)
BUG FIXES:
- Provider: Fixed an issue where CLI authentication produced a
parsing json result
error during provider initialization (#358) azuread_application
- enable removal of owners on existing applications, and creation of applications with no owners (#355)azuread_application
- fixed a bug where specifying theprevent_duplicate_names
property would report a false positive on update. (#338)
NOTES:
- Major Version: This is a major version upgrade which contains some breaking changes as detailed below.
- Terraform 0.10/0.11: This version of the provider requires Terraform 0.12.x or later and will not work with earlier versions.
FEATURES:
- New resource:
azuread_application_app_role
(#150] [#306) - New resource:
azuread_application_oauth2_permission
(#267)
BREAKING CHANGES:
azuread_application
- a default value for thehomepage
property is no longer derived when unspecified (#268)azuread_application_password
- the deprecatedapplication_id
property has been removeddata.azuread_group
- thename
property is now case-insensitive (#246)data.azuread_groups
anddata.azuread_users
will not error if no results found
IMPROVEMENTS:
- Provider: no longer require configuring
subscription_id
(configuration value) /ARM_SUBSCRIPTION_ID
(environment variable). (#271) data.azuread_client_config
- deprecate thesubscription_id
property. For compatibility, still populatessubscription_id
if the provider is configured with a subscription ID (#271)data.azuread_application
- support for theapplication_id
property (#274)data.azuread_users
- support theignore_missing
property (#256)data.azuread_users
- export theusers
attribute containing a list of users with additional properties (#256)azuread_application
- support theprevent_duplicate_names
property (#279)azuread_application
- validateapp_roles
andoauth2_permissions
to check for duplicatevalue
s (#287)azuread_group
- support theprevent_duplicate_names
property (#279)
BUG FIXES:
azuread_group
- remediate AAD replication delays when adding/removing group members (#283)azuread_group
- remediate AAD replication delays after group creation, before setting owners/members (#290)
BREAKING CHANGES:
-
azuread_application
- theoauth2_permissions
attribute has changed from a list to a set. If you are referencing this attribute with explicit list indexes, you will need to update your configuration to use afor
expression. For example:id = azuread_application.example.oauth2_permissions[0].id
becomes
id = [for permission in azuread_application.example.oauth2_permissions : permission.id][0]
FEATURES:
- New Resource:
azuread_application_certificate
(#262) - New Resource:
azuread_service_principal_certificate
(#262)
IMPROVEMENTS:
azuread_application
- support for theoptional_claims
property, for access tokens and ID tokens (#260)azuread_application
- support for theoauth2_permissions
property (#252)azuread_application_password
- support thedescription
property (#253)azuread_service_principal_password
- support thedescription
property (#253)data.azuread_users
- support empty lists foruser_principal_names
/object_ids
/mail_nicknames
properties (#258)data.azuread_groups
- support empty lists fornames
/object_ids
properties (#257)
BUG FIXES:
azuread_application_password
andazuread_service_principal_password
- Plan-time validation forend_date
/end_date_relative
(#261)azuread_application_password
andazuread_service_principal_password
- Change the resource ID format to mitigate potential UUID collision (#264)
DEPENDENCIES:
- upgrade
azure-sdk-for-go
tov42.1.0
(#247)
IMPROVEMENTS:
azuread_application
- thegroup_membership_claims
property now supportsApplicationGroup
(#238)azuread_service_principal
- changing thetags
property no longer forces a new resource (#245)
BUG FIXES:
data.azuread_user
- useequals
instead ofstartsWith
when looking uo users bymailNickname
(#251)data.azuread_users
- useequals
instead ofstartsWith
when looking uo users bymailNickname
(#251)
FEATURES:
- New Data Source:
azuread_client_config
(#229)
IMPROVEMENTS:
- dependencies: upgrade
azure-sdk-for-go
tov40.3.0
(#225) - dependencies: upgrade
go-autorest/autorest
tov0.10.0
(#225) - dependencies: upgrade
terraform-plugin-sdk
tov1.6.0
(#225) azuread_application
- support for thelogout_url
property (#226)azuread_group
- support for thedescription
property (#216)azuread_user
- support for theonpremises_sam_account_name
andonpremises_user_principal_name
properties (#222)azuread_user
- support for theimmutable_id
property (#207)
BUG FIXES:
azuread_application
- ensure all owners are added before removed (#226)azuread_application_password
- validate thelength
property is less then863
(#228)azuread_group
- theowners
property is now additive during creation allowing an existing owner to be provided (#211)azuread_group_member
- mark as missing when member cannot be found instead of erroring (#227)azuread_service_principal_password
- validate thelength
property is less then863
(#228)
IMPROVEMENTS:
- provider: migrate to standalone plugin SDK v1.1.0 (#154)
- provider: using the current (rather than the vendored) version of Terraform Core in user agents (#154)
azuread_application
- adds ability to build homepage with HTTP in addition to HTTPS (#155)azuread_application
- allow theapp_role
blockvalue
property to be nil (#157)azuread_user
- support for theusage_location
property (#141)data.azuread_user
- support looking up a user withmail_nickname
(#161)data.azuread_users
- support looking up users withmail_nicknames
(#161)
IMPROVEMENTS:
- dependencies: upgrading
github.com/Azure/azure-sdk-for-go
tov32.5.0
(#140) - dependencies: upgrading
github.com/Azure/go-autorest
tov13.0.0
(#140) - dependencies: upgrading
github.com/hashicorp/go-azure-helpers
tov0.7.0
(#140) - dependencies: upgrading
github.com/hashicorp/terraform
to0.12.6
(#133) azuread_service_principal
- support for theapp_role_assignment_required
property (#127)
BUG FIXES:
azuread_application_password
- fix incorrect conflicts with (#129)
FEATURES:
IMPROVEMENTS:
azuread_application
- support for theapp_roles
property (#98)azuread_application
- theidentifier_uris
property now allowsapi
,urn
, andms-appx
URI schemas (#115)azuread_application_password
- deprecation ofapplication_id
in favour ofapplication_object_id
(#107)azuread_group
- support for themembers
property (#100)azuread_group
- support for theowners
property (#62)azuread_service_principal
- export theoauth2_permissions
property (#103)data.azuread_application
- support for theapp_roles
property (#110)data.azuread_service_principal
- export theapp_roles
property (#110)
BUG FIXES:
azuread_application_password
- will now wait for replication on resource creation (#118)azuread_service_principal_password
- will now wait for replication on resource creation (#117)
NOTES:
- Resource creation potentially could take longer after this release as the provider will now attempt to wait for replication like the az cli tool.
FEATURES:
- New Resource:
azuread_application_password
(#71)
IMPROVEMENTS:
- dependencies: upgrading to
v0.12.0
ofgithub.com/hashicorp/terraform
(#82) azuread_application
- support for thegroup_membership_claims
property (#78)azuread_application
- now exports theoauth2_permissions
property (#79)azuread_application
- now exports theobject_id
property (#99)azuread_application
- support for thetype
property enabling the creation ofnative
applications (#74)azuread_application
- will now wait for replication by waiting for 10 successful reads after creation (#93)azuread_group
- will now wait for replication by waiting for 10 successful reads after creation (#91)azuread_group
- now exports theobject_id
property (#99)azuread_service_principal
- will now wait for replication by waiting for 10 successful reads after creation (#93)azuread_service_principal
- now exports theobject_id
property (#99)azuread_user
- will now wait for replication by waiting for 10 successful reads after creation (#91)azuread_user
- increase the maximum allowed length ofpassword
to 256 (#81)azuread_user
- now exports theobject_id
property (#99)data.azuread_application
- now exports thegroup_membership_claims
property (#78)data.azuread_application
- now exports theoauth2_permissions
property (#79)
BUG FIXES:
- Release fixing metadata to register the provider as compatible with Terraform 0.12.
NOTES:
- This release includes a Terraform SDK upgrade with compatibility for Terraform v0.12. The provider remains backwards compatible with Terraform v0.11 and there should not be any significant behavioural changes. (#56)
BUG FIXES:
azuread_application
- the order of thereply_urls
property no longer matters (#61)
FEATURES:
- New Data Source:
azuread_domains
(#27) - New Data Source:
azuread_group
(#14) - New Resource:
azuread_group
(#14)
IMPROVEMENTS:
- dependencies: switching to use Go Modules (#26)
- dependencies: updating
github.com/Azure/azure-sdk-for-go
to v24.1.0 (#25) - dependencies: updating
github.com/Azure/go-autorest
to v11.2.8 (#24) - validation: adding validation to all fields (#30)
azuread_application
- support forrequired_resource_access
property (#23)azuread_service_principal
- support for thetags
property (#31)azuread_service_principal_password
- support for realitive ends dates with theend_date_relative
property (#53)
BUG FIXES:
azuread_application
- correctly reading back thereply_urls
property into state (#21)
Initial release of the Azure Active Directory provider - featuring resources split out from the AzureRM Provider.
FEATURES:
- New Data Source:
azuread_application
- New Data Source:
azuread_service_principal
- New Resource:
azuread_application
- New Resource:
azuread_service_principal
- New Resource:
azuread_service_principal_password