New resource & data source 'azurerm_azuread_group'

azurerm/config.go

@@ -109,6 +109,7 @@ type ArmClient struct {
 	roleDefinitionsClient   authorization.RoleDefinitionsClient
 	applicationsClient      graphrbac.ApplicationsClient
 	servicePrincipalsClient graphrbac.ServicePrincipalsClient
+	groupsClient            graphrbac.GroupsClient
 
 	// Autoscale Settings
 	autoscaleSettingsClient insights.AutoscaleSettingsClient
@@ -509,6 +510,13 @@ func (c *ArmClient) registerAuthentication(endpoint, graphEndpoint, subscription
 	servicePrincipalsClient.Sender = sender
 	servicePrincipalsClient.SkipResourceProviderRegistration = c.skipProviderRegistration
 	c.servicePrincipalsClient = servicePrincipalsClient
+
+	groupsClient := graphrbac.NewGroupsClientWithBaseURI(graphEndpoint, tenantId)
+	setUserAgent(&groupsClient.Client)
+	groupsClient.Authorizer = graphAuth
+	groupsClient.Sender = sender
+	groupsClient.SkipResourceProviderRegistration = c.skipProviderRegistration
+	c.groupsClient = groupsClient
 }
 
 func (c *ArmClient) registerCDNClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {

azurerm/data_source_azuread_group.go

@@ -0,0 +1,97 @@
+package azurerm
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmAzureADGroup() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmAzureADGroupRead,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"object_id"},
+			},
+
+			"object_id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"name"},
+				ValidateFunc:  validate.UUID,
+			},
+		},
+	}
+}
+
+func dataSourceArmAzureADGroupRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).groupsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	var adgroup graphrbac.ADGroup
+	var groupObj *graphrbac.ADGroup
+
+	if oId, ok := d.GetOk("object_id"); ok {
+		// use the object_id to find the Azure AD group
+
+		objectId := oId.(string)
+		resp, err := client.Get(ctx, objectId)
+		if err != nil {
+			if utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("Error: AzureAD Group with ID %q was not found", objectId)
+			}
+
+			return fmt.Errorf("Error making Read request on AzureAD Group with ID %q: %+v", objectId, err)
+		}
+
+		adgroup = resp
+
+	} else {
+
+		// use the name to find the Azure AD group
+		name := d.Get("name").(string)
+		filter := fmt.Sprintf("displayName eq '%s'", name)
+		log.Printf("[DEBUG] [data_source_azuread_group] Using filter %q", filter)
+
+		resp, err := client.ListComplete(ctx, filter)
+		if err != nil {
+			return fmt.Errorf("Error listing Azure AD groups: %+v", err)
+		}
+
+		for _, v := range *resp.Response().Value {
+			if v.DisplayName != nil {
+				if strings.EqualFold(*v.DisplayName, name) {
+					log.Printf("[DEBUG] [data_source_azuread_group] %q (API result) matches %q (given value). The group has the objectId: %q", *v.DisplayName, name, *v.ObjectID)
+					groupObj = &v
+					break
+				} else {
+					log.Printf("[DEBUG] [data_source_azuread_group] %q (API result) does not match %q (given value)", *v.DisplayName, name)
+				}
+			}
+		}
+		if groupObj == nil {
+			return fmt.Errorf("Couldn't locate a Azure AD group with a name of %q", name)
+		}
+
+		adgroup = *groupObj
+	}
+
+	d.SetId(*adgroup.ObjectID)
+	d.Set("object_id", adgroup.ObjectID)
+	d.Set("name", adgroup.DisplayName)
+
+	return nil
+}

azurerm/data_source_azuread_group_test.go

@@ -0,0 +1,79 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureRMAzureADGroup_byObjectId(t *testing.T) {
+	dataSourceName := "data.azurerm_azuread_group.test"
+	id := uuid.New().String()
+	config := testAccDataSourceAzureRMAzureADGroup_objectId(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMActiveDirectoryGroup(id),
+			},
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryGroupExists(dataSourceName),
+					resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMAzureADGroup_byName(t *testing.T) {
+	dataSourceName := "data.azurerm_azuread_group.test"
+	id := uuid.New().String()
+	config := testAccDataSourceAzureRMAzureADGroup_name(id)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMActiveDirectoryGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMActiveDirectoryGroup(id),
+			},
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMActiveDirectoryGroupExists(dataSourceName),
+					resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAzureRMAzureADGroup_objectId(id string) string {
+	template := testAccAzureRMActiveDirectoryGroup(id)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_azuread_group" "test" {
+  object_id = "${azurerm_azuread_group.test.id}"
+}
+`, template)
+}
+
+func testAccDataSourceAzureRMAzureADGroup_name(id string) string {
+	template := testAccAzureRMActiveDirectoryGroup(id)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_azuread_group" "test" {
+  name = "${azurerm_azuread_group.test.name}"
+}
+`, template)
+}

azurerm/provider.go

@@ -79,6 +79,7 @@ func Provider() terraform.ResourceProvider {
 
 		DataSourcesMap: map[string]*schema.Resource{
 			"azurerm_azuread_application":                   dataSourceArmAzureADApplication(),
+			"azurerm_azuread_group":                         dataSourceArmAzureADGroup(),
 			"azurerm_azuread_service_principal":             dataSourceArmActiveDirectoryServicePrincipal(),
 			"azurerm_application_security_group":            dataSourceArmApplicationSecurityGroup(),
 			"azurerm_app_service":                           dataSourceArmAppService(),
@@ -124,6 +125,7 @@ func Provider() terraform.ResourceProvider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"azurerm_azuread_application":                     resourceArmActiveDirectoryApplication(),
+			"azurerm_azuread_group":                           resourceArmActiveDirectoryGroup(),
 			"azurerm_azuread_service_principal":               resourceArmActiveDirectoryServicePrincipal(),
 			"azurerm_azuread_service_principal_password":      resourceArmActiveDirectoryServicePrincipalPassword(),
 			"azurerm_application_gateway":                     resourceArmApplicationGateway(),

azurerm/resource_arm_azuread_group.go

@@ -0,0 +1,87 @@
+package azurerm
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmActiveDirectoryGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmActiveDirectoryGroupCreate,
+		Read:   resourceArmActiveDirectoryGroupRead,
+		Delete: resourceArmActiveDirectoryGroupDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.NoZeroValues,
+			},
+		},
+	}
+}
+
+func resourceArmActiveDirectoryGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).groupsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	name := d.Get("name").(string)
+
+	properties := graphrbac.GroupCreateParameters{
+		DisplayName:     &name,
+		MailEnabled:     utils.Bool(false),
+		MailNickname:    &name,
+		SecurityEnabled: utils.Bool(true),
+	}
+
+	group, err := client.Create(ctx, properties)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(*group.ObjectID)
+
+	return resourceArmActiveDirectoryGroupRead(d, meta)
+}
+
+func resourceArmActiveDirectoryGroupRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).groupsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	resp, err := client.Get(ctx, d.Id())
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[DEBUG] [resource_arm_azuread_group] Azure AD group with id %q was not found - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+
+		return fmt.Errorf("Error retrieving Azure AD Group with ID %q: %+v", d.Id(), err)
+	}
+
+	d.Set("name", resp.DisplayName)
+
+	return nil
+}
+
+func resourceArmActiveDirectoryGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).groupsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	if resp, err := client.Delete(ctx, d.Id()); err != nil {
+		if !utils.ResponseWasNotFound(resp) {
+			return fmt.Errorf("Error Deleting Azure AD Group with ID %q: %+v", d.Id(), err)
+		}
+	}
+
+	return nil
+}