New resource & data source 'azurerm_azuread_group' #1839
Conversation
|
Related: #1272 |
|
@jeffreyCline, @tombuildsstuff, any plans to get this merged into 1.15? |
There was a problem hiding this comment.
Hello @tiwood,
Thank you for this contribution, I have reviewed it and left some comments inline. The main blockers are:
- I don't believe
object_idis required for this resource,.idserves the same purpose - the 3 other properties used when creating the group should be exposed instead of silently defaulted: (MailEnabled, MailNickname & SecurityEnabled)
- Import check steps should be added to the resource tests
- The requirement for either object ID or name on the datasource should be enforced by a
CustomizeDifffunction. An example of the function can be seen here
|
|
||
| properties := graphrbac.GroupCreateParameters{ | ||
| DisplayName: &name, | ||
| MailEnabled: utils.Bool(false), |
There was a problem hiding this comment.
Could we expose these three properties in the schema instead of silently defaulting them?
There was a problem hiding this comment.
I could do that, but at the moment the Graph API only supports the creation of security enabled groups (MailEnabled: false, SecurityEnabled: true). See here.
So what is the protocol here, adding these to the schema as computed and default to them for now, or keep it as is?
|
Hi @tiwood, are you able to make the requested changes to this PR? I would love to be able to use this data source instead of having to hard-code AD Group Ids in my Azure Terraform configurations. |
|
@X-Guardian, I'm going to make the required changes in the next few days. |
|
Thanks @tiwood , that's excellent news! |
|
Hi @katbyte, I think this is ready for another review, please let me know if further changes are required. |
|
maybe @tombuildsstuff can help reviewing this since @katbyte removed her assignment? |
|
hey @tiwood @Leon99 @X-Guardian Thanks for this PR - apologies for the delayed review of this! Just to give some context behind the delayed review of this: as a part of the upcoming v2.0 release of the AzureRM Provider we're thinking through some of the longer-term changes that we'd like to make to the Provider. At this point we're trying to determine where the Azure Active Directory resources belong, since there's now enough edge-cases/feature enhancements that this may make sense in it's own Provider; which would allow us to more easily ship support for the AzureAD resources which are harder to test. The proposal to split the AzureAD resources out into its own provider is being tracked in #2322 - would you be able to take a look and let us know your thoughts? Thanks! |
|
👋 As mentioned in #2322 - we're planning on splitting the AzureAD resources out into their own provider. Since this PR is waiting on that change (which is planned in the not-too-distant future) rather than leaving this open in a holding pattern I'm going to temporarily close this PR for the moment - however we should be able to migrate this PR over once the split-out's done (I hope you don't mind @tiwood). Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
This replaces PR #1585.
This PR adds a new resource and data source for Azure Active Directory groups.
Example Usage
The following attributes are exported:
id- The Object ID for the Azure AD Group.object_id- The Object ID for the Azure AD Group.name- The Display Name for the Azure AD Group.