Skip to content

Add object_id to named_location #1703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 19, 2025
Merged

Add object_id to named_location #1703

merged 1 commit into from
Sep 19, 2025

Conversation

@alexwilcox9
Copy link
Contributor

@alexwilcox9 alexwilcox9 commented May 16, 2025
edited
Loading

In the previous major version of the provider the following Terraform would work

terraform {
  required_providers {
    azuread = {
      source  = "hashicorp/azuread"
      version = "~> 2.0"
    }
  }
}


resource "azuread_conditional_access_policy" "example" {
  display_name = "example policy"
  state        = "disabled"

  conditions {
    client_app_types = ["all"]

    applications {
      included_applications = ["All"]
    }

    locations {
      included_locations = ["All"]
      excluded_locations = [azuread_named_location.example.id]
    }

    users {
      included_users = ["All"]
    }
  }

  grant_controls {
    operator          = "OR"
    built_in_controls = ["block"]
  }

}

resource "azuread_named_location" "example" {
  display_name = "example"
  ip {
    ip_ranges = ["8.8.8.8/32"]
  }
}

However in the current version an error is produced due to the change in the id attribute and the following error is produced

╷
│ Error: Could not create conditional access policy
│ 
│   with azuread_conditional_access_policy.example,
│   on main.tf line 11, in resource "azuread_conditional_access_policy" "example":
│   11: resource "azuread_conditional_access_policy" "example" {
│ 
│ unexpected status 400 (400 Bad Request) with error: BadRequest: 1040: NamedLocation with id /identity/conditionalAccess/namedLocations/0c5924be-4bae-48ab-9245-ecbd46e3ee50 does
│ not exist in the directory.
╵

It is of course possible to get the correct value with split but this doesn't feel very elegant

      excluded_locations = [split("/", azuread_named_location.example.id)[4]]

This PR adds the object_id to the azuread_named_location resource and data source using the ID returned from the graph API

It might be worth adding a new test on the azuread_conditional_access_policy resource that uses a named location - let me know if you'd like this added

Fixes: #1504

@alexwilcox9 alexwilcox9 requested a review from a team as a code owner May 16, 2025 19:42
@alexwilcox9 alexwilcox9 mentioned this pull request May 16, 2025
Closed
@alexwilcox9 alexwilcox9 force-pushed the named_location_object_id branch from e38ecfa to 9efcd40 Compare July 18, 2025 10:18
sreallymatt
sreallymatt requested changes Sep 15, 2025
View reviewed changes
Copy link
Collaborator

@sreallymatt sreallymatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this @alexwilcox9, this LGTM but could you add a test for this regression as well?

@sreallymatt sreallymatt self-assigned this Sep 15, 2025
@alexwilcox9 alexwilcox9 force-pushed the named_location_object_id branch from 9efcd40 to 1e1da73 Compare September 19, 2025 17:18
@alexwilcox9 alexwilcox9 force-pushed the named_location_object_id branch from 1e1da73 to 9728fd3 Compare September 19, 2025 17:21
@alexwilcox9
Copy link
Contributor Author

alexwilcox9 commented Sep 19, 2025

Hey @sreallymatt

I've removed that extra asterisk and added a test that creates a conditional access policy that consumes a named location

sreallymatt
sreallymatt approved these changes Sep 19, 2025
View reviewed changes
Copy link
Collaborator

@sreallymatt sreallymatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @alexwilcox9 LGTM ✅

@sreallymatt sreallymatt merged commit 581f8f4 into hashicorp:main Sep 19, 2025
25 checks passed
@github-actions github-actions bot added this to the v3.6.0 milestone Sep 19, 2025
sreallymatt added a commit that referenced this pull request Sep 19, 2025
@sreallymatt
Update CHANGELOG.md #1703
881c1af
@alexwilcox9 alexwilcox9 deleted the named_location_object_id branch September 20, 2025 11:07
sreallymatt added a commit that referenced this pull request Sep 25, 2025
@sreallymatt
Update CHANGELOG.md #1703
cdcf21f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sreallymatt sreallymatt sreallymatt approved these changes

Assignees

@sreallymatt sreallymatt

Labels

documentation feature/conditional-access size/M size/XS

Projects

None yet

Milestone

v3.6.0

Development

Successfully merging this pull request may close these issues.

plan does not find old named locations, tries to deploy /identity/conditionalAccess/namedLocations/xxxxxxxxxxx

2 participants

@alexwilcox9 @sreallymatt