terraform-provider-azuread
terraform-provider-azuread copied to clipboard
hashicorp
azuread_application_federated_identity_credential & azurerm_federated_identity_credential are inconsistent with audience parameter
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureAD Provider) Version
latest
Affected Resource(s)
azuread_application_federated_identity_credential & azurerm_federated_identity_credential are inconsistent with their treatment of the audience parameter
Terraform Configuration Files
resource "azurerm_federated_identity_credential" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
parent_id = azurerm_user_assigned_identity.example.id
**audience** = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:owner/name:ref:refs/heads/main"
}
resource "azuread_application_federated_identity_credential" "example" {
application_id = azuread_application.example.id
display_name = "example"
description = "example"
**audiences** = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:owner/name:ref:refs/heads/main"
}
Debug Output
Panic Output
Expected Behavior
azurerm_federated_identity_credential uses audience (singular) azuread_application_federated_identity_credential uses audiences (plural)
Probably make the most sense for both to use the plural (audiences)
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
References
- #0000
It's quite difficult to choose here, since the API is clearly designed for multiple values but so far there's a limitation of one audience 🤔
