admin管理员组

文章数量:1289364

I am trying to automate the process of adding Admin credentials like Tenant URL and Secret Token to Enterprise app provisioning (As done on Portal)

Right now I am creating application and service_principal using terraform like this

# Enterprise Application

resource "azuread_application" "enterprise_app_scim" {
  display_name = var.ent_app_display_name
  owners       = var.ent_app_owners
}

resource "azuread_service_principal" "enterprise_app_scim_sp" {
  
  client_id      = azuread_application.enterprise_app_scim.client_id
  owners         = azuread_application.enterprise_app_scim.owners
  preferred_single_sign_on_mode = "saml"
  app_role_assignment_required = true

  feature_tags {
    enterprise = true
    custom_single_sign_on = true
  }
 
}

I have tried creating the provisioning by combining some cli commands and url from co-pilot but this isn't working and actually looks like the uri in use isn't even valid. I have tried several things and tbh now I am unsure if this is even the correct approach.

I would be very grateful if someone could guide a bit here.

resource "null_resource" "scim_provisioning" {
  provisioner "local-exec" {
    command = <<EOT
      TOKEN=$(az account get-access-token --resource  --query accessToken -o tsv)
      az rest --method PATCH \
        --uri ".0/servicePrincipals/${azuread_service_principal.enterprise_app_scim_sp.id}/synchronization" \
        --headers "{\"Authorization\": \"Bearer $TOKEN\"}" \
        --body '{
          "synchronization": {
            "jobs": [
              {
                "tenantUrl": "${var.scim_tenant_url}",
                "secretToken": "${var.scim_bearer_token}"
              }
            ]
          }
        }'
    EOT
  }
}

Error

Not Found({"error":{"code":"UnknownError","message":"{\"Message\":\"No HTTP resource was found that matches the request URI '('63e5e074-xxxx-4367-ba72-257f07052e9f')/synchronization/secrets?api-version=2.0'.\"}","innerError":{"date":"2025-02-20T12:31:22","request-id":"467a024e-574c-42c3-9612-xxxxxxx","client-request-id":"467a024e-574c-42c3-9612-b320e07c299d"}}})

本文标签:

版权声明:本文标题:azure - EntraID: Adding Admin credentials like Tenant URL and Secret Token to Enterprise app provisioning - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741433748a2378512.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。