Azure app registration module that create application registration, scopes and app roles.
Updates in this version:
- I have created separate module azure_application_password and azure_application_pre_authorized and azuread_service_principal
- The azuread_application is updated to use lookups and any type variables.
Sample application will create following:
- App roles as
Query-01.ReadandQuery-01.Write - Oauth2_permission_scope
TestScope_01 - Microsoft Graph
User.Readpermission - Service principal
- Password Credentials
- Identifier Uris ( # To set application uri to api//<app_id>, you need to update via script, this is not possible in terraform)
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| azuread | >= 2.15.0 |
| azurerm | >= 2.59.0 |
| random | >= 3.1.0 |
| Name | Version |
|---|---|
| azuread | >= 2.15.0 |
No modules.
| Name | Type |
|---|---|
| azuread_application.main | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| api | An optional api block, which configures API related settings for this application. | any |
null |
no |
| app_role | A collection of app_role blocks. | any |
[] |
no |
| device_only_auth_enabled | Specifies whether this application supports device authentication without a user. | bool |
false |
no |
| display_name | The display name for the application. | string |
n/a | yes |
| fallback_public_client_enabled | Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. | bool |
false |
no |
| group_membership_claims | Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are None, SecurityGroup or All. |
list(string) |
[ |
no |
| identifier_uris | A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant. | list(string) |
[] |
no |
| logo_image | A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. | string |
null |
no |
| marketing_url | The URL to the application's home page. If no homepage is specified this defaults to https://{name} |
string |
null |
no |
| oauth2_post_response_required | Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. | bool |
false |
no |
| optional_claims | An optional claim block. | any |
null |
no |
| owners | A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. | list(string) |
[] |
no |
| prevent_duplicate_names | If true, will return an error if an existing application is found with the same name. | bool |
false |
no |
| privacy_statement_url | URL of the application's privacy statement. | string |
null |
no |
| public_client | To configure non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device. Must be a valid https or ms-appx-web URL. | any |
null |
no |
| required_resource_access | A collection of required resource access for this application. | any |
null |
no |
| sign_in_audience | The Microsoft account types that are supported for the current application. Must be one of AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount. |
string |
"AzureADMyOrg" |
no |
| single_page_application | A single_page_application block, which configures single-page application (SPA) related settings for this application. Must be https. | any |
null |
no |
| support_url | URL of the application's support page. | string |
null |
no |
| tags | A set of tags to apply to the application. Cannot be used together with the feature_tags block | list(string) |
[] |
no |
| template_id | Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. | string |
null |
no |
| terms_of_service_url | URL of the application's terms of service statement. | string |
null |
no |
| web | Configures web related settings for this application. | any |
null |
no |
| Name | Description |
|---|---|
| app_role_ids | A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration. |
| client_id | The application id of AzureAD application created. |
| disabled_by_microsoft | Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. DisabledDueToViolationOfServicesAgreement. |
| logo_url | CDN URL to the application's logo, as uploaded with the logo_image property. |
| oauth2_permission_scope_ids | A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration. |
| object_id | The object id of application. Can be used to assign roles to user. |
| publisher_domain | The verified publisher domain for the application. |