Remove auth_type from base workspace template schema

marrobi · marrobi · commit 25e3789eaafe · 2026-03-12T23:29:06.000Z
Remove auth_type field entirely from template_schema.json. The new approach makes client_id an always-visible optional top-level field - if provided, Terraform imports the existing AAD app; if empty, Terraform creates one automatically. This eliminates the deprecated API-side Graph validation that blocked workspace creation with bare app registrations. Also moves aad_redirect_uris and create_aad_groups to regular top-level properties (no longer conditional on auth_type). Fixes #2247
diff --git a/templates/workspaces/base/template_schema.json b/templates/workspaces/base/template_schema.json
@@ -5,7 +5,6 @@
   "title": "Base Workspace",
   "description": "This workspace template is the foundation for TRE workspaces.",
   "required": [
-    "auth_type",
     "address_space_size"
   ],
   "authorizedRoles": [],
@@ -64,15 +63,10 @@
       "description": "Network address space to be used by the workspace.",
       "updateable": true
     },
-    "auth_type": {
+    "client_id": {
       "type": "string",
-      "title": "Workspace Authentication Type",
-      "description": "",
-      "default": "Automatic",
-      "enum": [
-        "Automatic",
-        "Manual"
-      ],
+      "title": "Application (Client) ID",
+      "description": "Optional. Provide the client ID of a pre-created AAD application. If left empty, Terraform will create a new one automatically.",
       "updateable": true
     },
     "create_aad_groups": {
@@ -102,6 +96,39 @@
       "description": "Check this box if you want to deploy the workspace to another subscription.",
       "default": false,
       "updateable": false
+    },
+    "aad_redirect_uris": {
+      "type": "array",
+      "title": "AAD Redirect URIs",
+      "description": "Additional redirect URIs for the workspace AAD app",
+      "updateable": true,
+      "items": {
+        "title": "items",
+        "type": "object",
+        "required": [
+          "name",
+          "value"
+        ],
+        "properties": {
+          "name": {
+            "title": "name",
+            "type": "string",
+            "description": "Redirect URI Name",
+            "examples": [
+              "My Redirect URI"
+            ],
+            "pattern": "^.*$"
+          },
+          "value": {
+            "title": "value",
+            "type": "string",
+            "description": "Redirect URI Value",
+            "examples": [
+              "https://a-domain-name.com/oauth/"
+            ]
+          }
+        }
+      }
     }
   },
   "allOf": [
@@ -233,68 +260,6 @@
         ]
       }
     },
-    {
-      "if": {
-        "properties": {
-          "auth_type": {
-            "const": "Manual"
-          }
-        },
-        "required": [
-          "auth_type"
-        ]
-      },
-      "then": {
-        "properties": {
-          "client_id": {
-            "type": "string",
-            "title": "Application (Client) ID",
-            "description": "The AAD Application Registration ID for the workspace.",
-            "updateable": true
-          }
-        },
-        "required": [
-          "client_id"
-        ]
-      },
-      "else": {
-        "properties": {
-          "aad_redirect_uris": {
-            "type": "array",
-            "title": "AAD Redirect URIs",
-            "description": "Redirect URIs for the AAD app in Automatic Auth mode",
-            "updateable": true,
-            "items": {
-              "title": "items",
-              "type": "object",
-              "required": [
-                "name",
-                "value"
-              ],
-              "properties": {
-                "name": {
-                  "title": "name",
-                  "type": "string",
-                  "description": "Redirect URI Name",
-                  "examples": [
-                    "My Redirect URI"
-                  ],
-                  "pattern": "^.*$"
-                },
-                "value": {
-                  "title": "value",
-                  "type": "string",
-                  "description": "Redirect URI Value",
-                  "examples": [
-                    "https://a-domain-name.com/oauth/"
-                  ]
-                }
-              }
-            }
-          }
-        }
-      }
-    },
     {
       "if": {
         "properties": {
@@ -339,9 +304,8 @@
       "app_service_plan_sku",
       "address_space_size",
       "address_space",
-      "auth_type",
-      "create_aad_groups",
       "client_id",
+      "create_aad_groups",
       "enable_backup",
       "enable_airlock",
       "configure_review_vms",
