terraform-provider-azuread icon indicating copy to clipboard operation
terraform-provider-azuread copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

azuread_service_principal name property

Open cveld opened this issue 2 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I would like to set the name of a service principal through the azuread_service_principal resource.

New or Affected Resource(s)

  • azuread_service_principal

Potential Terraform Configuration

resource "azuread_service_principal" "spn" {
  application_id = azuread_application.my_app_registration.application_id
  owners         = ["someguid"]
  name           = "my-service-principal-name"
}

References

  • N/A

cveld avatar Oct 24 '23 19:10 cveld

Hi @cveld, thanks for requesting this. Just to clarify, are you looking to set the display name for the service principal? This is unfortunately tied to the application registration and cannot be set independently - this is a constraint in Azure AD / the API, rather than the provider, which is why we don't expose display_name as a writable property for service principals. Please let me know if I have misunderstood and I'll be happy to look into it further.

manicminer avatar Oct 24 '23 20:10 manicminer

@manicminer I am able to change the display name of the service principal independenly of the app registration's display name.

Grabbed this from the browser dev tools' network tab:

$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$session.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
Invoke-WebRequest -UseBasicParsing -Uri "https://main.iam.ad.ext.azure.com/api/EnterpriseApplications/guid/Properties?appId=guid&loadLogo={2}" `
-Method "PATCH" `
-WebSession $session `
-Headers @{
"x-ms-client-session-id"="76f34032240e424f9d8bfd36ec1c9131"
  "x-ms-command-name"="ApplicationManagement - UpdateApplication"
  "Accept-Language"="en"
  "Authorization"="Bearer redacted"
  "x-ms-effective-locale"="en.nl-nl"
  "Accept"="*/*"
  "Referer"=""
  "x-ms-client-request-id"="56d89db1-fba5-4d8d-b723-8af3cbca8035"
} `
-ContentType "application/json" `
-Body "{`"displayName`":`"my display name`",`"appObjectId`":`"guid`",`"tags`":[`"HideApp`",`"WindowsAzureActiveDirectoryIntegratedApp`"]}"

cveld avatar Oct 25 '23 06:10 cveld

@cveld Thanks for clarifying. Unfortunately that's using an internal Azure API that we cannot use. As mentioned, the MS Graph API doesn't support setting the displayName independently for a service principal.

Screenshot 2023-10-25 at 16 54 33

I suspect that functionality might be related to legacy enterprise applications, i.e. before the introduction of app registrations. Out of curiosity, is that service principal associated with an app registration or is a standalone/legacy one? If so, is it a multi tenant app? Also, did you grab the trace from the Azure Portal? The display name is a readonly input field for me in the Enterprise Applications blade.

manicminer avatar Oct 25 '23 15:10 manicminer