I have the following az cli code:
az ad app permission add --api '00000002-0000-0000-c000-000000000000' --id $app.appId --api-permissions `
"311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope" `
"824c81eb-e3f8-4ee6-8f6d-de7f50d565b7=Role"
az ad app permission grant --api 00000002-0000-0000-c000-000000000000 --id $app.appId
I am looking for the terraform equivalent, but cannot find it. Anyone?
As per the docs, you need to within the same command,
resource "azuread_application" "example" {
name = "example"
homepage = "https://homepage"
identifier_uris = ["https://uri"]
reply_urls = ["https://replyurl"]
available_to_other_tenants = false
oauth2_allow_implicit_flow = true
type = "webapp/api"
required_resource_access {
resource_app_id = "00000003-0000-0000-c000-000000000000"
resource_access {
id = "..."
type = "Role"
}
resource_access {
id = "..."
type = "Scope"
}
resource_access {
id = "..."
type = "Scope"
}
}
required_resource_access {
resource_app_id = "00000002-0000-0000-c000-000000000000"
resource_access {
id = "..."
type = "Scope"
}
}
app_role {
allowed_member_types = [
"User",
"Application",
]
description = "Admins can manage roles and perform all task actions"
display_name = "Admin"
is_enabled = true
value = "Admin"
}
}