diff --git a/azuread/data_group.go b/azuread/data_group.go index 1d006ccc9..755ee839a 100644 --- a/azuread/data_group.go +++ b/azuread/data_group.go @@ -27,6 +27,11 @@ func dataGroup() *schema.Resource { ConflictsWith: []string{"name"}, }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "name": { Type: schema.TypeString, Optional: true, @@ -86,6 +91,10 @@ func dataSourceActiveDirectoryGroupRead(d *schema.ResourceData, meta interface{} d.Set("object_id", group.ObjectID) d.Set("name", group.DisplayName) + if v, ok := group.AdditionalProperties["description"]; ok { + d.Set("description", v.(string)) + } + members, err := graph.GroupAllMembers(client, ctx, d.Id()) if err != nil { return err diff --git a/azuread/resource_group.go b/azuread/resource_group.go index f8dce1da5..61cecc9a8 100644 --- a/azuread/resource_group.go +++ b/azuread/resource_group.go @@ -36,9 +36,10 @@ func resourceGroup() *schema.Resource { ValidateFunc: validation.NoZeroValues, }, - "object_id": { + "description": { Type: schema.TypeString, - Computed: true, + ForceNew: true, // there is no update method availible in the SDK + Optional: true, }, "members": { @@ -62,6 +63,11 @@ func resourceGroup() *schema.Resource { ValidateFunc: validate.UUID, }, }, + + "object_id": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -73,10 +79,15 @@ func resourceGroupCreate(d *schema.ResourceData, meta interface{}) error { name := d.Get("name").(string) properties := graphrbac.GroupCreateParameters{ - DisplayName: &name, - MailEnabled: p.Bool(false), // we're defaulting to false, as the API currently only supports the creation of non-mail enabled security groups. - MailNickname: p.String(uuid.New().String()), // this matches the portal behaviour - SecurityEnabled: p.Bool(true), // we're defaulting to true, as the API currently only supports the creation of non-mail enabled security groups. + DisplayName: &name, + MailEnabled: p.Bool(false), // we're defaulting to false, as the API currently only supports the creation of non-mail enabled security groups. + MailNickname: p.String(uuid.New().String()), // this matches the portal behaviour + SecurityEnabled: p.Bool(true), // we're defaulting to true, as the API currently only supports the creation of non-mail enabled security groups. + AdditionalProperties: make(map[string]interface{}), + } + + if v, ok := d.GetOk("description"); ok { + properties.AdditionalProperties["description"] = v.(string) } group, err := client.Create(ctx, properties) @@ -86,6 +97,7 @@ func resourceGroupCreate(d *schema.ResourceData, meta interface{}) error { if group.ObjectID == nil { return fmt.Errorf("nil Group ID for %q: %+v", name, err) } + d.SetId(*group.ObjectID) // Add members if specified @@ -134,6 +146,10 @@ func resourceGroupRead(d *schema.ResourceData, meta interface{}) error { d.Set("name", resp.DisplayName) d.Set("object_id", resp.ObjectID) + if v, ok := resp.AdditionalProperties["description"]; ok { + d.Set("description", v.(string)) + } + members, err := graph.GroupAllMembers(client, ctx, d.Id()) if err != nil { return err diff --git a/azuread/resource_group_test.go b/azuread/resource_group_test.go index dc516ae0f..83cb8f58b 100644 --- a/azuread/resource_group_test.go +++ b/azuread/resource_group_test.go @@ -37,6 +37,7 @@ func TestAccAzureADGroup_basic(t *testing.T) { func TestAccAzureADGroup_complete(t *testing.T) { rn := "azuread_group.test" id := tf.AccRandTimeInt() + pw := "p@$$wR2" + acctest.RandStringFromCharSet(7, acctest.CharSetAlphaNum) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -44,8 +45,8 @@ func TestAccAzureADGroup_complete(t *testing.T) { CheckDestroy: testCheckAzureADGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureADGroup_basic(id), - Check: testCheckAzureAdGroupBasic(id, "0", "0"), + Config: testAccAzureADGroup_complete(id, pw), + Check: testCheckAzureAdGroupBasic(id, "1", "1"), }, { ResourceName: rn, @@ -352,6 +353,19 @@ resource "azuread_group" "test" { `, id) } +func testAccAzureADGroup_complete(id int, password string) string { + return fmt.Sprintf(` +%s + +resource "azuread_group" "test" { + name = "acctestGroup-%d" + description = "Please delete me as this is a test AD group!" + members = [azuread_user.test.object_id] + owners = [azuread_user.test.object_id] +} +`, testAccADUser_basic(id, password), id) +} + func testAccAzureADDiverseDirectoryObjects(id int, password string) string { return fmt.Sprintf(` data "azuread_domains" "tenant_domain" { diff --git a/website/docs/d/group.html.markdown b/website/docs/d/group.html.markdown index a3b0918c6..4b72e4ebb 100644 --- a/website/docs/d/group.html.markdown +++ b/website/docs/d/group.html.markdown @@ -36,6 +36,7 @@ The following arguments are supported: The following attributes are exported: * `id` - The Object ID of the Azure AD Group. +* `description` - The description of the AD Group. * `name` - The name of the Azure AD Group. * `owners` - The Object IDs of the Azure AD Group owners. * `members` - The Object IDs of the Azure AD Group members. diff --git a/website/docs/r/group.markdown b/website/docs/r/group.markdown index d82e082f8..df80da31f 100644 --- a/website/docs/r/group.markdown +++ b/website/docs/r/group.markdown @@ -43,6 +43,7 @@ resource "azuread_group" "example" { The following arguments are supported: * `name` - (Required) The display name for the Group. Changing this forces a new resource to be created. +* `description` - (Optional) The description for the Group. Changing this forces a new resource to be created. * `members` (Optional) A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals. * `owners` (Optional) A set of owners who own this Group. Supported Object types are Users or Service Principals. @@ -58,12 +59,6 @@ The following attributes are exported: * `id` - The Object ID of the Group. -* `name` - The Display Name of the Group. - -* `members` - The Members of the Group. - -* `owners` - The Members of the Group. - ## Import Azure Active Directory Groups can be imported using the `object id`, e.g.