UPN needs single-quote escaping

[daramir]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

• 0.12.31

Affected Resource(s)

Resources

• azuread_user ??? (currently unknown if resource for data sources below is affected as well, as our use-case only includes an azuread_group resource, for which we read/add/remove members)

Data Sources

• azuread_user
• azuread_users

Terraform Configuration Files

data "azuread_user" "example" {
  user_principal_name = "jack.o'lantern@contoso.com"
}

output "user" {
  description = "The entire user object to peruse"
  value       = data.azuread_user.example
}

Debug Output

Panic Output

Expected Behavior

The user is fetched correctly by the data source, example:

data.azuread_user.example: Refreshing state...

Outputs:

user = {
  "account_enabled" = true
  (...)
  "display_name" = "Jack O'Lantern"
  "given_name" = "Jack"
  "id" = "11111111-1111-1111-1111-111111111111"
  (...)
  "mail_nickname" = "olantej"
  "manager_id" = "ffffffff-ffff-ffff-ffff-ffffffffffff"
  "object_id" = "11111111-1111-1111-1111-111111111111"
  (...)
  "user_principal_name" = "jack.o'lantern@contoso.com"
  "user_type" = "Member"
}

Actual Behavior

Operation (terraform refresh, terraform plan) fails, erroring for each object that has a single quote in their email.

Error: Finding user with UPN: "jack.o'lantern@contoso.com"

  on user-data-query.tf line 1, in data "azuread_user" "example":
   1: data "azuread_user" "example" {

UsersClient.BaseClient.Get(): unexpected status 400 with OData error:
BadRequest: Invalid filter clause

The provider does not escape the UPN, as is mandated by the Microsoft Graph Documentation.

single-quote escaping

Steps to Reproduce

1. terraform refresh

Important Factoids

While the OData query is built in a vendor module, issue most likely belongs here in this repo, and not in https://github.com/manicminer/hamilton. There are many Filter operator types and not all of them might require such escaping. Additionally, it would be optimal to escape only the object of the operator (which will be enclosed by SQUOTE) and not the entire filter statement.

RFC 3696 which covers Restrictions on email addresses

References

• UPN needs single-quote escaping #639

[daramir]

I will work on a pull request that addresses this issue and link it in Issue Description when ready. In the meantime, please provide feedback and/or request more information if necessary.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.