-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add azuread_directory_role_eligibility_schedule_request resource #974
Conversation
Anything I can do to help keep this moving? Will the work in hamilton need to be completed first? |
a48155a
to
48f7188
Compare
I rebased and added a basic test, I did the same for the PR in hamilton. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @JonasBak, thanks for working on this!
This is off to a great start. I've made a suggestion inline below. It also looks like we're missing documentation for the new resource, if you can look at these then I'll be happy to take another look and we can see about merging this. Thanks!
internal/services/directoryroles/directory_role_eligibility_schedule_request_resource.go
Outdated
Show resolved
Hide resolved
Any update on this PR, I see the upstream changes are available with v0.62.0, this would be extremely beneficial to a piece of work I need to do |
…tResourceCreate()
I've rebased with main, added some docs, and added |
@manicminer Could you take a look at this again? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JonasBak Thanks for the reminder and apologies for the delay in re-reviewing. I have only one minor suggestion regarding the import validation (see below) which I'll update. Other than that, this looks great and the test passes!
I had a go at adding support for appScopeId
too, but I struggled to work out what to specify for this field as the API seems to silently ignore it instead of erroring (I tried an app ID, object ID of an application, object ID for a service principal). We can look to add this later.
internal/services/directoryroles/directory_role_eligibility_schedule_request_resource.go
Outdated
Show resolved
Hide resolved
@manicminer Thank you for approving this! We've been wanting to use it for a while. FWIW - I don't think |
No problem, sorry again for the delay. Thanks for the feedback; I was able to scope a request to an application using the Portal, but alas the portal uses the PIM data plane API - so perhaps the MS Graph interface is incomplete as you say. |
Oh! Perhaps it is used now. It's been a while since I've done an assignment via the portal. Thanks to this, it might be a bit longer ;) |
<Actions> <action id="c2aadc6326b4b0bc58df11ee286b0f67ccdb5888bd77f391e6473570113337ec"> <h3>Bump Terraform `azuread` provider version</h3> <details id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24"> <summary>Update Terraform lock file</summary> <p>"hashicorp/azuread" updated from "2.42.0" to "2.43.0" in file ".terraform.lock.hcl"</p> <details> <summary>2.43.0</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.43.0
FEATURES:

* **New Resource:** `azuread_directory_role_eligibility_schedule_request` ([#974](https://github.com/hashicorp/terraform-provider-azuread/issues/974))


</pre> </details> </details> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
This PR adds a
azuread_directory_role_eligibility_schedule_request
resource. We would like to be able to manage eligible roles in PIM with terraform. This PR lets us do it like this:This is a pretty bare-bones version of the resource, but it gives us what we need for now. I have also opened a PR in https://github.com/manicminer/hamilton here: manicminer/hamilton#204.
Related to #68.
As I wrote in the other PR, I havn't written any tests, as I wanted to get some input first. The user/service principal requires a role and a permission to be able to use the API, should I set these roles and permissions up as part of the tests?