terraform/quickstart/301-service-fabric/azuread.tf

# Service Fabric Cluster
resource "azuread_application" "cluster" {
  name = "${var.name}-cluster-${var.environment}"
}

resource "azuread_service_principal" "cluster" {
  application_id = "${azuread_application.cluster.application_id}"
}

resource "random_string" "cluster_password" {
  length  = 32
  special = true
}

resource "azuread_service_principal_password" "cluster" {
  service_principal_id = "${azuread_service_principal.cluster.id}"
  value                = "${random_string.cluster_password.result}"
  end_date             = "2099-01-01T01:00:00Z"
}

# Service Fabric Client
resource "azuread_application" "client" {
  name = "${var.name}-client-${var.environment}"
  reply_urls = ["https://${azurerm_public_ip.sf.fqdn}:19080/Explorer/index.html"]

  app_role {
    allowed_member_types = [
      "User",
    ]

    description  = "Admins can manage roles and perform all task actions"
    display_name = "Admin"
    is_enabled   = true
    value        = "Admin"
  }

  app_role {
    allowed_member_types = [
      "User",
    ]

    description  = "ReadOnly roles have limited query access"
    display_name = "ReadOnly"
    is_enabled   = true
    value        = "User"
  }

  required_resource_access {
    resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API

    # DELEGATED PERMISSIONS: "Sign in and read user profile":
    resource_access {
      id   = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
      type = "Scope"
    }
  }
}

resource "azuread_service_principal" "client" {
  application_id = "${azuread_application.client.application_id}"
}

resource "random_string" "client_password" {
  length  = 32
  special = true
}

resource "azuread_service_principal_password" "client" {
  service_principal_id = "${azuread_service_principal.client.id}"
  value                = "${random_string.client_password.result}"
  end_date             = "2099-01-01T01:00:00Z"
}