Merge pull request #1008 from hashicorp/bugfix/application-mapped-cla…

…ims-on-create Bugfix: work around an API bug where `acceptMappedClaims` cannot be set on create when holding `Application.ReadWrite.OwnedBy` role
hashicorp · Feb 16, 2023 · 5eb9251 · 5eb9251
2 parents 92afd70 + ef06d42
commit 5eb9251
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/internal/services/applications/application_resource.go b/internal/services/applications/application_resource.go
@@ -954,9 +954,19 @@ func applicationResourceCreate(ctx context.Context, d *schema.ResourceData, meta
 	}
 	tempDisplayName := fmt.Sprintf("TERRAFORM_UPDATE_%s", uuid)
 
+	api := expandApplicationApi(d.Get("api").([]interface{}))
+
+	// API bug: cannot set `acceptMappedClaims` when holding the Application.ReadWrite.OwnedBy role
+	// See /~https://github.com/hashicorp/terraform-provider-azuread/issues/914
+	var acceptMappedClaims *bool
+	if api.AcceptMappedClaims != nil && *api.AcceptMappedClaims {
+		acceptMappedClaims = api.AcceptMappedClaims
+		api.AcceptMappedClaims = nil
+	}
+
 	// Create a new application
 	properties := msgraph.Application{
-		Api:                   expandApplicationApi(d.Get("api").([]interface{})),
+		Api:                   api,
 		AppRoles:              expandApplicationAppRoles(d.Get("app_role").(*schema.Set).List()),
 		Description:           utils.NullableString(d.Get("description").(string)),
 		DisplayName:           utils.String(tempDisplayName),
@@ -1056,6 +1066,20 @@ func applicationResourceCreate(ctx context.Context, d *schema.ResourceData, meta
 		return tf.ErrorDiagF(err, "Failed to patch application after creating")
 	}
 
+	// API bug: cannot set `acceptMappedClaims` when holding the Application.ReadWrite.OwnedBy role
+	// See /~https://github.com/hashicorp/terraform-provider-azuread/issues/914
+	if acceptMappedClaims != nil {
+		api.AcceptMappedClaims = acceptMappedClaims
+		if _, err := client.Update(ctx, msgraph.Application{
+			DirectoryObject: msgraph.DirectoryObject{
+				Id: app.Id,
+			},
+			Api: api,
+		}); err != nil {
+			return tf.ErrorDiagPathF(err, "api.0.mapped_claims_enabled", "Failed to patch application after creating to set `api.0.mapped_claims_enabled` property")
+		}
+	}
+
 	if len(ownersExtra) > 0 {
 		// Add any remaining owners after the application is created
 		app.Owners = &ownersExtra