Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzureAD v3 - azuread_conditional_access_policy property authentication_strength_policy_id requires UUID #1497

Closed
bubbletroubles opened this issue Sep 27, 2024 · 3 comments · Fixed by #1499
Closed

AzureAD v3 - azuread_conditional_access_policy property authentication_strength_policy_id requires UUID #1497

bubbletroubles opened this issue Sep 27, 2024 · 3 comments · Fixed by #1499
Labels
feature/conditional-access regression
Milestone
v3.0.1

Comments

@bubbletroubles
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Affected Resource(s)

  • azuread_3.0.0

Terraform Configuration Files

resource "azuread_conditional_access_policy" "example" {
  display_name = "example"
  state        = "enabled"

  conditions {
    users {
      included_users  = []
      excluded_users  = [break-glass]
      included_groups = [group]
      excluded_groups = []
      included_roles  = []
      excluded_roles  = []
    }

    applications {
      included_applications = ["All"] 
      excluded_applications = []
    }

    platforms {
      included_platforms = ["all"]
      excluded_platforms = []
    }
    
    locations {
      included_locations = ["All"]
      excluded_locations = []
    }

    client_app_types = ["all"]
  } 

  grant_controls {
    operator          = "OR"
    authentication_strength_policy_id =  azuread_authentication_strength_policy.example.id
  }
}

Debug Output

Panic Output

│ Error: expected "grant_controls.0.authentication_strength_policy_id" to be a valid UUID, got /policies/authenticationStrengthPolicies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx

Expected Behavior

It should accept the value /policies/authenticationStrengthPolicies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx

Actual Behavior

It tries to validate the string /policies/authenticationStrengthPolicies/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx as a UUID, which it is not.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000
@bubbletroubles bubbletroubles changed the title AzureAD v3 - azuread_conditional_access_policy property authentication_strength_policy_id doesn't accept new value AzureAD v3 - azuread_conditional_access_policy property authentication_strength_policy_id requires UUID Sep 27, 2024
@manicminer
Copy link
Contributor

@bubbletroubles Thanks for the report, we'll get this hotfixed

@manicminer manicminer mentioned this issue Sep 27, 2024
Merged
@manicminer manicminer added this to the v3.0.1 milestone Sep 27, 2024
@wiebeck
Copy link

wiebeck commented Sep 27, 2024

I got some errors as well that are probably related:

Error: parsing ID for azuread_directory_role_assignment: uuid string is wrong length

In my state file the id definitely is no UUID but lAPpYvVpN0KRkAEhdxReEIhi2cdseeBHlVb0CtWlFxM-1

...and...

Error: parsing ID for azuread_service_principal_delegated_permission_grant: uuid string is wrong length

Here the state shows an id like eTzfYY6D4EWc7YpcVr6HY-HcBxbA1fRAi-m92VzNGkg, so also no UUID.

@manicminer
Copy link
Contributor

Thanks @wiebeck, fixing those also 👍

@bubbletroubles bubbletroubles mentioned this issue Sep 30, 2024
Open
@sdx-jkataja sdx-jkataja mentioned this issue Oct 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/conditional-access regression
Projects
None yet
Milestone
v3.0.1
Development

Successfully merging a pull request may close this issue.

bugfixes for ID parsing hashicorp/terraform-provider-azuread
3 participants
@manicminer @bubbletroubles @wiebeck