diff --git a/examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars b/examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars index 60ddaeb879..be32857be7 100644 --- a/examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars +++ b/examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars @@ -51,6 +51,13 @@ azuread_applications = { id = "d4c3605a-b327-35c5-f04d-77f7fcdd4995" type = "Admin" value = "app" + }, + { + admin_consent_description = "Allow to administer app2." + admin_consent_display_name = "Administer app2" + enabled = true + type = "Admin" + value = "app2" } ] } diff --git a/modules/azuread/applications_v1/azuread_application.tf b/modules/azuread/applications_v1/azuread_application.tf index 900ea16d26..db440f8153 100644 --- a/modules/azuread/applications_v1/azuread_application.tf +++ b/modules/azuread/applications_v1/azuread_application.tf @@ -36,7 +36,7 @@ resource "azuread_application" "app" { content { admin_consent_description = oauth2_permission_scope.value.admin_consent_description admin_consent_display_name = oauth2_permission_scope.value.admin_consent_display_name - id = oauth2_permission_scope.value.id + id = try(oauth2_permission_scope.value.id, random_uuid.oauth2_permission_scopes[oauth2_permission_scope.key].id) enabled = try(oauth2_permission_scope.value.enabled, null) type = try(oauth2_permission_scope.value.type, null) user_consent_description = try(oauth2_permission_scope.value.user_consent_description, null) @@ -131,3 +131,10 @@ resource "random_uuid" "app_role_id" { if try(value.id, null) == null } } + +resource "random_uuid" "oauth2_permission_scopes" { + for_each = { + for key, value in try(var.settings.api.oauth2_permission_scopes, {}) : key => value + if try(value.id, null) == null + } +}