-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Data Source/Resource: azuread_user
#8
Comments
hey @glenjamin Thanks for opening this issue :) We've had a few requests for managing/using information about Users and Groups within Terraform recently - I'm going to add the Thanks! |
I forgot about Azure AD syncing. I agree that resources for these might not make the most sense, but at the moment I have to put a load of AD Object IDs in my code, so it would be nice if there was a way to do the data sources. |
I think it is a good idea to be able to generate service principals in Azure AD from Terraform and link the service principal to a custom role, azure keyvault policy or other resources. I tend to use certificates instead of service principal's password and with Terraform I can nicely linked that from Keyvault. At least the use case for initial provisioning would work well. Certificate rotation/password changes could be more tricky. I would not use terraform for Azure AD users (type members/guests). I can see however a lot of use cases for Azure AD Groups creation + custom roles. |
If this was available I would definitely use it for groups and service principals and maybe for users when running without any syncing to other ADs (pure Azure AD). |
👋🏻 We've just posted a proposal regarding splitting the Azure Active Directory resources out into their own Provider in #2322, which would allow us to ship support for the AzureAD Group and User resources. If you're subscribed to this thread we'd be interested to hear any feedback you may have on the proposal in that thread :) Thanks! |
Hi @glenjamin, As in 2.0 we are deprecating all Azure AD resources and data sources in the Azure RM provider in favour of this new provider I have moved the issue here. |
Since it seems this will be implemented fairly soon I have been thinking about how to treat group members and owners. What are other people's thoughts? |
@perbergland I'd suggest opening a separate issue for that (tbh this issue should be split into two, one for the Groups and one for Users since both of these areas are pretty big, but anyway 🙃). In terms of how that's implemented I could see it being useful to manage both internally and externally as you've mentioned; but I'd suggest it needs further research as to the API's available in that new issue? |
azuread_user
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
Description
When using
azurerm_role_assignment
to set permissions, we often want to refer to existing users and groups.It would be great if there was a data provider for this.
It might also be useful to have a resource provider to create these in the first place.
New or Affected Resource(s)
n/a
Potential Terraform Configuration
n/a
References
n/a
The text was updated successfully, but these errors were encountered: