Issues with importing AzureAD Applications
Opened this issue · 5 comments
Hello,
I am getting a lot of errors when I try to import AzureAD applications. Details are below:
Terraformer Version: v0.8.24
Terraform Version: 1.5.3 also tried with 0.13.5
Azure AD Plugin Version: 2.53.1 also tried with 2.44.1
Running all on MacOS Sonoma 14.5. Everything is installed via homebrew. I do have sufficient permissions on azure AD
When running terraformer import azuread --resources=application
I get the errors below:
2024-07-30T15:56:43.842-0400 [ERROR] plugin.terraform-provider-azuread_v2.44.1_x5: Response contains error diagnostic: @module=sdk.proto diagnostic_severity=ERROR tf_proto_version=5.4 tf_resource_type=azuread_application @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail="" tf_req_id=73c06693-0e4f-1548-5fca-0bcf795f445f
diagnostic_summary=
| parsing "796c5e6d-caf9-44e5-91ce-a10807ede7e1": parsing the Application ID: the number of segments didn't match
|
| Expected a Application ID that matched (containing 2 segments):
|
| > /applications/00000000-0000-0000-0000-000000000000
|
| However this value was provided (which was parsed into 0 segments):
|
| > 796c5e6d-caf9-44e5-91ce-a10807ede7e1
|
| The following Segments are expected:
|
| * Segment 0 - this should be the literal value "applications"
| * Segment 1 - this should be the user specified value for this applicationId [for example "00000000-0000-0000-0000-000000000000"]
|
| The following Segments were parsed:
|
| * Segment 0 - not found
| * Segment 1 - not found
tf_provider_addr=provider tf_rpc=ImportResourceState timestamp=2024-07-30T15:56:43.842-0400
2024/07/30 15:56:43 ERROR: Unable to refresh resource tfer--KnowBe4-0020-Security-0020-Awareness-0020-Training
2024/07/30 15:56:43 Filtered number of resources for service application: 0
2024/07/30 15:56:43 azuread Connecting....
2024/07/30 15:56:43 azuread save application
2024/07/30 15:56:43 azuread save tfstate for application
Same issue here. Looks like Terraformer is not correctly forming the Application ID for the Terraform input commands when parsing through the list of application ObjectIDs it detected. At a glance it appears a simple fix of appending '/applications/' to the front of each ObjectID retrieved somewhere before 'return resources' on Line 36 of application.go would do the trick.
I'm still not having any luck with this. I have been trying to modify application.go to add the needed "/applications/" segment that the Terraform import commands require. I have been playing around with the appendResource function in my attempts to no avail. Alas, my development knowledge is limited and I've never used Go, so I've been trying to wrap my head around pointers vs values without any success. For algorithm I'm trying to take resource.ID, append the needed string segment to the front of it, and pass the new value as id to az.appendSimpleResource. I imagine it takes something like storing the value from the pointer in a temp variable, storing the address from the pointer, updating the temp value, and overwriting the value at the pointer address. If anybody is familiar with how to do that with Go, I'd love some assistance. :)
Created a PR that fixes this issue. I tested this and it worked for me. I was able to terraform existing applications. If you can't wait until it is merged. Download the source, update the application.go file, and overwrite the func at line 39 with the code below:
func (az *ApplicationServiceGenerator) appendResource(resource *msgraph.Application) {
id := resource.ID
// Prepend "/applications/" to the application ID
fullID := "/applications/" + *id
az.appendSimpleResource(fullID, *resource.DisplayName, "azuread_application")
}
Then build using go mod download
and build using go build -v
once built, move the binary from the terraformer repo to user usr/local/bin
and then run the terraformer command to terraform the applications. Let me know if this works for you
Thank you! This fix worked like a charm. I had been doing that exact thing but missed the step about copying the new binary over to usr/local/bin. I knew it had to be something simple and turns out it was my very limited exposure to Unix/Linux OS instead ha. I appreciate the quick response. Sorry it took so long to test it out in my environment. I had been detained by a more pressing issue last week.
Thanks a lot @max-blue
It's the same thing for all other resources by the way (group, user..)