Tom Bamford

icon indicating a website link https://manicminer.io icon indicating an email [email protected]

icon company @DEFRA icon location UK

Results 356 comments of Tom Bamford

Terraform destroy on azuread_service_principal returns 403, but is destroyed

@avinashpancham Given the authentication setup you describe, I suspect this is down to API/object permissions. There is a useful Azure docs page describing the [default permissions for users](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions) when no...

Terraform destroy on azuread_service_principal returns 403, but is destroyed

Hi @avinashpancham, @dimbleby, @slyons Thanks for reporting on this issue. I have not observed this error myself however it's likely in my testing I don't have the same configurations of...

Grant Controls not working for B2C Directories

Hi @PatMcHugh, thanks for reporting this. I'll do some testing to try and reproduce. In the meantime, if you are able to post a [debug log](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs#logging-and-tracing) covering this error, that...

Grant Controls not working for B2C Directories

@dougan001 Many thanks for the feedback, that helps narrow down the cause. This may be challenging to resolve since the API has bugs around handling of the `sessionControls` field -...

allowPublicClient property of azure ad application Manifest is set to false but should be null

hi @logcorner, thanks for opening this issue. I believe you'll need to set the `fallback_public_client_enabled` property of the application as this setting is not enabled by default. This corresponds to...

allowPublicClient property of azure ad application Manifest is set to false but should be null

@logcorner Sorry I should have been more specific - that property doesn't support `null` as a value, in fact that's Terraform's way of omitting the property from the provider. Can...

allowPublicClient property of azure ad application Manifest is set to false but should be null

@theoboardpro I'll look into it and see if there's a way we can do this without a breaking change. It may however have to wait until version 3.0.

Reintroduce `azuread_application_app_role`

Hi @tomaciazek, thanks for requesting this. For background, at the time we removed the `azuread_application_app_role` resource, this was to resolve some other bugs which occurred at the unfortunate confluence of...

Add additional app_role & app_role_assignment to existing application

Hi @fmayerhof, thanks for reporting this. At first glance this might be related to the cascading nature of the computed `app_role_ids` properties for the application and service principal, and possibly...

Add additional app_role & app_role_assignment to existing application

@fmayerhof Thanks for confirming! I'll look into this a little deeper and see if we can improve how the computed `app_role_ids` attributes are managed here.