terraform-provider-power-platform
terraform-provider-power-platform copied to clipboard
microsoft
Add powerplatform_environment_application_admin resource
This PR adds a new Terraform resource: powerplatform_environment_application_admin
Purpose
This resource ensures a Microsoft Entra service principal exists as an application user with System Administrator role in a Dataverse environment. This is particularly necessary for imported environments, as environments created by a service principal already include it as a System Administrator.
Implementation
- Created new resource in the
applicationservice with all CRUD operations:- Create: Calls the BAP Admin API
addAppUserendpoint to add the specified service principal as an app user - Read: Queries Dataverse Web API for application users to check if the specified application exists
- Update: All changes require replacement (handled via
RequiresReplace()plan modifiers) - Delete: Implemented as a no-op (since Dataverse doesn't expose an API to remove application users)
- Create: Calls the BAP Admin API
- Added unit tests with appropriate test fixtures
- Created example usage and import script
Usage Example
resource "powerplatform_environment_application_admin" "import_fix" {
environment_id = var.environment_id # GUID of environment
application_id = var.spn_application_id # GUID (client ID) of the SP
}
Notes
- The resource uses a composite ID format:
{environment_id}/{application_id} - Deletion is a no-op - removing the resource from configuration does not revoke the user
- This solves the common issue where Terraform runs fail with 403/404 errors when working with imported environments
Fixes #782.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/tmp/go-build2460040382/b001/application.test -test.testlogfile=/tmp/go-build2460040382/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)- Triggering command:
/tmp/go-build2942810415/b001/application.test -test.testlogfile=/tmp/go-build2942810415/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.short=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)- Triggering command:
/tmp/go-build1221826709/b001/application.test -test.testlogfile=/tmp/go-build1221826709/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)downloads.mitmproxy.org
- Triggering command:
wget REDACTED(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
@copilot here are some things to do:
- run
change newto write release information - install golangci-lint and run
make lint - run tests using
make unittests
@copilot here are some things to do:
- run
change newto write release information- install golangci-lint and run
make lint...
I've completed the first task by adding a change entry in .changes/unreleased/added_env_app_admin.yaml for the new resource.
For linting and testing, I'm encountering some environment issues:
- Installed golangci-lint but seeing a configuration error:
Can't read config: can't unmarshal config by viper: 1 error(s) decoding - When running unit tests, I'm getting network blocks to
checkpoint-api.hashicorp.comwhich is preventing the tests from completing
Let me know if you'd like me to troubleshoot these issues further or if there's an alternative approach we should take.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/tmp/go-build2250034258/b001/application.test -test.testlogfile=/tmp/go-build2250034258/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
@copilot please run the script located at `/workspaces/terraform-provider-power-platform/.github/agent/install_tools.sh" This will allow you to run the following commands so you can fix errors:
make lint
make userdocs
make unittest
if running the above script fails, stop your work.
@copilot please run the script located at `/workspaces/terraform-provider-power-platform/.github/agent/install_tools.sh" This will allow you to run the following commands so you can fix errors:
I ran the installation script successfully and fixed the issues:
-
Fixed linting issues:
- Added periods to comments in the resource file
- Fixed unused parameter in the test file
-
Fixed unit tests:
- Corrected the import test structure
- Added missing mock responder for POST request
- Added RefreshState to the delete test step
-
Generated documentation for the new resource
All commands (lint, unittest, userdocs) now run successfully. Changes committed in 9daf6ff.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/usr/local/bin/terraform version -json(dns block)- Triggering command:
/usr/local/bin/terraform init -no-color -input=false -backend=true -get=false -upgrade=false -plugin-dir=./plugins(dns block)- Triggering command:
/usr/local/bin/terraform providers schema -json -no-color(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
@copilot please run the script located at `/workspaces/terraform-provider-power-platform/.github/agent/install_tools.sh" This will allow you to run the following commands so you can fix errors:
make precommit
if running the above script fails, stop your work.
@copilot please run the script located at `/workspaces/terraform-provider-power-platform/.github/agent/install_tools.sh" This will allow you to run the following commands so you can fix errors:
make precommit
if running the above script fails, stop your work.
@copilot please run following commands:
make installtools
make lint
make unittest
make userdocs
@copilot please run following commands:
...
I've run all the requested commands:
make installtools- Installed required tools (golangci-lint, tfplugindocs, etc.)make lint- No linting issues found (0 issues reported)make unittest- All tests passed for the environment_application_admin resourcemake userdocs- Documentation generated successfully for the new resource
The code is in good shape and meets all the requirements. All tests pass, documentation is properly generated, and we have the appropriate examples and import scripts in place.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/usr/local/bin/terraform version -json(dns block)- Triggering command:
/usr/local/bin/terraform providers schema -json -no-color(dns block)- Triggering command:
/usr/local/bin/terraform init -no-color -input=false -backend=true -get=false -upgrade=false -plugin-dir=./plugins(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
@copilot please regenerate the docs
Documentation has been regenerated successfully. The updated docs now show cleaner examples with placeholder GUIDs. Changes committed in 5e55201.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/usr/local/bin/terraform version -json(dns block)- Triggering command:
/usr/local/bin/terraform providers schema -json -no-color(dns block)- Triggering command:
/usr/local/bin/terraform init -no-color -input=false -backend=true -get=false -upgrade=false -plugin-dir=./plugins(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
@copilot run linter and regenerate docs
Linter ran successfully with 0 issues. Documentation regenerated successfully. No changes were needed - everything is already in good shape.
@mawasile Thanks for sending me some feedback. Unfortunately, I hit an error while trying to use the custom Copilot setup steps configured for this repository. The error I am seeing is:
failed to unmarshal copilot-setup-steps.yaml: yaml: line 8: did not find expected key
Once you or someone with the necessary access fixes the problem, please let me know in a comment and I'll try again. Thanks!
@copilot please run linter
Linter ran successfully with 0 issues.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
checkpoint-api.hashicorp.com
- Triggering command:
/tmp/go-build1928000750/b736/application.test -test.testlogfile=/tmp/go-build1928000750/b736/testlog.txt -test.paniconexit0 -test.gocoverdir=/tmp/go-build1928000750/b736/gocoverdir -test.timeout=10m0s -test.v=true -test.run=^TestUnitEnvironmentApplicationAdmin(dns block)- Triggering command:
/tmp/go-build726288940/b001/application.test -test.testlogfile=/tmp/go-build726288940/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)- Triggering command:
/tmp/go-build2355204074/b001/application.test -test.testlogfile=/tmp/go-build2355204074/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=TestUnitEnvironmentApplicationAdmin(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to my firewall allow list
@copilot generate docs and run linter
Linter ran successfully with 0 issues. Documentation generated successfully for all resources including the new powerplatform_environment_application_admin resource.
@copilot generate docs and run linter
Linter ran successfully with 0 issues. Documentation generated successfully for all resources including the powerplatform_environment_application_admin resource. No changes were needed - everything is already in good shape.
@copilot generate docs and run linter
Linter ran successfully with 0 issues. Documentation generated successfully for all resources including the powerplatform_environment_application_admin resource. No changes were needed - everything is already in good shape.