pulumi-azuread icon indicating copy to clipboard operation
pulumi-azuread copied to clipboard

Published 20 hours ago verified publisher icon pulumi

API Documentation is out-of-date or misleading

Open mentallabyrinth opened this issue 1 year ago • 1 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

It appears the documentation for https://www.pulumi.com/registry/packages/azuread/api-docs/applicationapiaccess is out-of-date. Following the examples directly leads to code that cannot compile. In the first example the following code is provided:

var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();
var msGraph = AzureAD.GetServicePrincipal.Invoke(new()
{
    ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult => 
        getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),
});

However, MicrosoftGraph property doesn't exist. The Result property is a ImmutableDictionary<string, string> so the access path should be:

var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();
var msGraph = AzureAD.GetServicePrincipal.Invoke(new()
{
    ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult => 
        getApplicationPublishedAppIdsResult.Result["MicrosoftGraph"]),
});

Next, if the developer tries to implement this segment of code in the first example:

var exampleMsgraph = new AzureAD.ApplicationApiAccess("example_msgraph", new()
    {
        ApplicationId = example.Id,
        ApiClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult => getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),
        RoleIds = new[]
        {
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.AppRoleIds?.Group_Read_All),
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.AppRoleIds?.User_Read_All),
        },
        ScopeIds = new[]
        {
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.Oauth2PermissionScopeIds?.User_ReadWrite),
        },
    });

It fails because both AppRoleIds and Oauth2PermissionScopeIds are type ImmutableDictionary<string, string>. With the fixed code it should be:

var exampleMsgraph = new AzureAD.ApplicationApiAccess("example_msgraph", new()
    {
        ApplicationId = example.Id,
        ApiClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult => getApplicationPublishedAppIdsResult.Result["MicrosoftGraph"]),
        RoleIds = new[]
        {
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.AppRoleIds["Group.Read.All"]),
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.AppRoleIds["User.Read.All"]),
        },
        ScopeIds = new[]
        {
            msgraph.Apply(getServicePrincipalResult => getServicePrincipalResult.Oauth2PermissionScopeIds["User.ReadWrite"]),
        },
    });

Note: I'm using the latest stable version v5.48.0 as mentioned in the documentation.

Thank you for your time.

Affected area/feature

Looking a the https://www.pulumi.com/registry/packages/azuread/api-docs/ documentation this is a wide spread issue. Multiple update will be required.

mentallabyrinth avatar May 03 '24 16:05 mentallabyrinth

Thank you for reporting this, @mentallabyrinth! This might be a bug in our code generation. I've filed an issue with that team.

thomas11 avatar May 08 '24 05:05 thomas11