Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Data Source/Resource: azuread_user #8

Closed
glenjamin opened this issue May 22, 2018 · 11 comments
Closed

New Data Source/Resource: azuread_user #8

glenjamin opened this issue May 22, 2018 · 11 comments

Comments

@glenjamin
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When using azurerm_role_assignment to set permissions, we often want to refer to existing users and groups.

It would be great if there was a data provider for this.

It might also be useful to have a resource provider to create these in the first place.

New or Affected Resource(s)

n/a

Potential Terraform Configuration

n/a

References

n/a

@tombuildsstuff
Copy link
Contributor

hey @glenjamin

Thanks for opening this issue :)

We've had a few requests for managing/using information about Users and Groups within Terraform recently - I'm going to add the thinking tag to this for the moment. In general Terraform whilst could return this information as Data Sources - I don't necessarily think it's the right tool to be managing this information (since it can naturally change outside of Terraform e.g. users synced from Azure AD) - and whilst this issue is mostly about Data Sources, two are naturally related since in order to write tests for a Data Source we generally need a matching resource.

Thanks!

@tombuildsstuff tombuildsstuff changed the title Azure AD User/Group data / resource provider New Data Source/Resources for Azure AD User/Groups May 22, 2018
@glenjamin
Copy link
Author

I forgot about Azure AD syncing.

I agree that resources for these might not make the most sense, but at the moment I have to put a load of AD Object IDs in my code, so it would be nice if there was a way to do the data sources.

@LaurentLesle
Copy link
Contributor

I think it is a good idea to be able to generate service principals in Azure AD from Terraform and link the service principal to a custom role, azure keyvault policy or other resources. I tend to use certificates instead of service principal's password and with Terraform I can nicely linked that from Keyvault. At least the use case for initial provisioning would work well. Certificate rotation/password changes could be more tricky. I would not use terraform for Azure AD users (type members/guests). I can see however a lot of use cases for Azure AD Groups creation + custom roles.

@perbergland
Copy link

If this was available I would definitely use it for groups and service principals and maybe for users when running without any syncing to other ADs (pure Azure AD).

@tombuildsstuff
Copy link
Contributor

👋🏻

We've just posted a proposal regarding splitting the Azure Active Directory resources out into their own Provider in #2322, which would allow us to ship support for the AzureAD Group and User resources. If you're subscribed to this thread we'd be interested to hear any feedback you may have on the proposal in that thread :)

Thanks!

@katbyte
Copy link
Collaborator

katbyte commented Jan 10, 2019

Hi @glenjamin,

As in 2.0 we are deprecating all Azure AD resources and data sources in the Azure RM provider in favour of this new provider I have moved the issue here.

@katbyte katbyte transferred this issue from hashicorp/terraform-provider-azurerm Jan 10, 2019
@perbergland
Copy link

Since it seems this will be implemented fairly soon I have been thinking about how to treat group members and owners.
For most use cases I would prefer to be able to add both owners and members outside of terraform so then it would make the most sense to have group members and owners as resources separate from the group itself, but sometimes I want to have fully managed groups and then it would be preferred to have both properties as lists and purge any item not mentioned in the list.

What are other people's thoughts?

@tombuildsstuff
Copy link
Contributor

@perbergland I'd suggest opening a separate issue for that (tbh this issue should be split into two, one for the Groups and one for Users since both of these areas are pretty big, but anyway 🙃).

In terms of how that's implemented I could see it being useful to manage both internally and externally as you've mentioned; but I'd suggest it needs further research as to the API's available in that new issue?

@tombuildsstuff
Copy link
Contributor

Support for Groups has been merged in #14 (thanks @tiwood 🍾) - as such I'm going to update the title of this issue to focus on support for Users (which is being added in #18)

@tombuildsstuff tombuildsstuff changed the title New Data Source/Resources for Azure AD User/Groups New Data Source/Resource: azuread_user Jan 22, 2019
@tombuildsstuff tombuildsstuff added this to the 0.2.0 milestone Jan 22, 2019
@tombuildsstuff tombuildsstuff modified the milestones: 0.2.0, 0.3.0 Feb 9, 2019
@katbyte katbyte modified the milestones: 0.3.0, 0.2.0 Feb 10, 2019
@katbyte
Copy link
Collaborator

katbyte commented Feb 10, 2019

Support for users was merged in #18 (thanks again @tiwood)

@ghost
Copy link

ghost commented Mar 12, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants