Hey all I think I need to log an issue with <https github co Pulumi Community #azure

Hey all. I think I need to log an issue with <Azu...

calm-mechanic-84632

12/03/2024, 10:24 PM

Hey all. I think I need to log an issue with Azure AD package but wanted to check here first. We've recently upgraded our Pulumi files (typescript) to use the

6.0.1

package. We are creating

Application

ServicePrincipal

and

ApplicationPassword

resources. Both the Service Principal and Application Passwords make reference to the Application resource in their creation.

Copy code

// simplified

ApplicationPassword.applicationId = app1.objectId

ServicePrincipal.clientId = app1.clientId

The Application creates correctly. The ApplicationPasswords creates correctly (I know there's another issue with the format changing here, but we're working around that. No problems.) When it comes to making the Application a Service Principal that's where I'm seeing an error. The error looks like it is coming from the underlying Terraform.

Copy code

error: azuread:index/servicePrincipal:ServicePrincipal resource 'aad-sp-backend' has a problem: Missing required argument. The argument "client_id" is required, but no definition was found.. Examine values at 'aad-sp-backend.clientId'.

Obviously the

clientId

is being provided, but for some reason it's value is

undefined

when running

pulumi up

. In my testing I used the Application object to create stack outputs for: app.id app.objectId app.clientId The id and the objectId are both available properties on the resource - and they're identical. They output correctly. But again the clientId is not defined and there's no output for it. When I dig into the source for the Application resource, it shows

clientId

as an available property. The typescript appears to be valid and builds correctly. But references to that property just aren't working. Here's the code:

Copy code

export const backendApp = new Application(
  'aad-app-backend',
  {
    displayName: `${config.appName}-backend-${config.stackName}`,
    identifierUris: [backendIdentifierUri],
    owners: [current.then(current => current.objectId)],
    api: {
      oauth2PermissionScopes: [
        {
          id: scopeId.result,
          value: '<http://Http.Post|Http.Post>',
          type: 'User',
          adminConsentDisplayName: 'Http post call',
          adminConsentDescription: 'Allow the app to send http post call.',
          enabled: true
        }
      ]
    }
  },
  { provider: config.azureadProvider }
);

new ServicePrincipal(
  'aad-sp-backend',
  {
    clientId: backendApp.clientId,
    owners: [current.then(current => current.objectId)]
  },
  { provider: config.azureadProvider, dependsOn: backendApp }
);

I'm seeing the same results with the

6.0.0

version of the package. I looked at the

issues

section on the github repo for the package and saw some similar issues that arose from the terraform changes and updates to this package, but none that are specific to what I'm seeing. If I'm doing something wrong here, please point me in the right direction else confirmation this issue needs to be logged is helpful, too.

calm-mechanic-84632

12/03/2024, 10:36 PM

Source showing that the

ServicePrincipal

needs the

clientId

and the

Application

should provide one.

adventurous-butcher-54166

12/04/2024, 3:05 PM

Check out this issue

calm-mechanic-84632

12/04/2024, 6:02 PM

Yeah, definitely seems tangentially related. Although the specific change of format there is something we already identified and worked around.

13 Views

Open in Slack

Previous Next