» Data Source: azuread_service_principal
Gets information about an existing Service Principal associated with an Application within Azure Active Directory.
NOTE: If you're authenticating using a Service Principal then it must have permissions to both Read and write all applications
and Sign in and read user profile
within the Windows Azure Active Directory
API.
» Example Usage (by Application Display Name)
data "azuread_service_principal" "example" {
display_name = "my-awesome-application"
}
» Example Usage (by Application ID)
data "azuread_service_principal" "example" {
application_id = "00000000-0000-0000-0000-000000000000"
}
» Example Usage (by Object ID)
data "azuread_service_principal" "example" {
object_id = "00000000-0000-0000-0000-000000000000"
}
» Argument Reference
The following arguments are supported:
application_id
- (Optional) The ID of the Azure AD Application.object_id
- (Optional) The ID of the Azure AD Service Principal.display_name
- (Optional) The Display Name of the Azure AD Application associated with this Service Principal.
NOTE: At least one of application_id
, display_name
or object_id
must be specified.
app_roles
- A collection ofapp_role
blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-rolesoauth2_permissions
- A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by aoauth2_permission
block as documented below.
» Attributes Reference
The following attributes are exported:
id
- The Object ID for the Service Principal.
oauth2_permission
block exports the following:
id
- The unique identifier for one of theOAuth2Permission
type
- The type of the permissionadmin_consent_description
- The description of the admin consentadmin_consent_display_name
- The display name of the admin consentis_enabled
- Is this permission enabled?user_consent_description
- The description of the user consentuser_consent_display_name
- The display name of the user consentvalue
- The name of this permission
app_role
block exports the following:
id
- The unique identifier of theapp_role
.allowed_member_types
- Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are:User
andApplication
, or both.description
- Permission help text that appears in the admin app assignment and consent experiences.display_name
- Display name for the permission that appears in the admin consent and app assignment experiences.is_enabled
- Determines if the app role is enabled.value
- Specifies the value of the roles claim that the application should expect in the authentication and access tokens.