Comments (11)
I forgot about Azure AD syncing.
I agree that resources for these might not make the most sense, but at the moment I have to put a load of AD Object IDs in my code, so it would be nice if there was a way to do the data sources.
from terraform-provider-azuread.
I think it is a good idea to be able to generate service principals in Azure AD from Terraform and link the service principal to a custom role, azure keyvault policy or other resources. I tend to use certificates instead of service principal's password and with Terraform I can nicely linked that from Keyvault. At least the use case for initial provisioning would work well. Certificate rotation/password changes could be more tricky. I would not use terraform for Azure AD users (type members/guests). I can see however a lot of use cases for Azure AD Groups creation + custom roles.
from terraform-provider-azuread.
@perbergland I'd suggest opening a separate issue for that (tbh this issue should be split into two, one for the Groups and one for Users since both of these areas are pretty big, but anyway 🙃).
In terms of how that's implemented I could see it being useful to manage both internally and externally as you've mentioned; but I'd suggest it needs further research as to the API's available in that new issue?
from terraform-provider-azuread.
hey @glenjamin
Thanks for opening this issue :)
We've had a few requests for managing/using information about Users and Groups within Terraform recently - I'm going to add the thinking
tag to this for the moment. In general Terraform whilst could return this information as Data Sources - I don't necessarily think it's the right tool to be managing this information (since it can naturally change outside of Terraform e.g. users synced from Azure AD) - and whilst this issue is mostly about Data Sources, two are naturally related since in order to write tests for a Data Source we generally need a matching resource.
Thanks!
from terraform-provider-azuread.
If this was available I would definitely use it for groups and service principals and maybe for users when running without any syncing to other ADs (pure Azure AD).
from terraform-provider-azuread.
👋🏻
We've just posted a proposal regarding splitting the Azure Active Directory resources out into their own Provider in #2322, which would allow us to ship support for the AzureAD Group and User resources. If you're subscribed to this thread we'd be interested to hear any feedback you may have on the proposal in that thread :)
Thanks!
from terraform-provider-azuread.
Hi @glenjamin,
As in 2.0 we are deprecating all Azure AD resources and data sources in the Azure RM provider in favour of this new provider I have moved the issue here.
from terraform-provider-azuread.
Since it seems this will be implemented fairly soon I have been thinking about how to treat group members and owners.
For most use cases I would prefer to be able to add both owners and members outside of terraform so then it would make the most sense to have group members and owners as resources separate from the group itself, but sometimes I want to have fully managed groups and then it would be preferred to have both properties as lists and purge any item not mentioned in the list.
What are other people's thoughts?
from terraform-provider-azuread.
Support for Groups has been merged in #14 (thanks @tiwood 🍾) - as such I'm going to update the title of this issue to focus on support for Users (which is being added in #18)
from terraform-provider-azuread.
Support for users was merged in #18 (thanks again @tiwood)
from terraform-provider-azuread.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
from terraform-provider-azuread.
Related Issues (20)
- Your own example of creating a group doesn't work HOT 4
- How to Customize user provisioning attribute-mappings using terraform?? HOT 4
- azuread_service_principal_delegated_permission_grant don't want to grant HOT 3
- azuread_application_registration can't be destroyed by owner if using azuread_application_owner HOT 4
- Entra ID Group constantly gets removed/added to an Administrative Unit each time Terraform runs HOT 2
- Identity Governance Entitlement Management using /beta/ API instead of /v1/ HOT 1
- Incorrect Import Id in Documentation HOT 2
- Add and grand admin consent for the "Azure VPN" enterprise application HOT 1
- Error when setting identifier_uri for azuread_application or azuread_application_identifier_uri HOT 3
- ignore_changes does not ignore `app_role` block on `azuread_application`
- data.azuread_service_principal field display_name incorrectly case sensitive HOT 1
- `azuread_conditional_access_policy` is not idempotent when session control `cloud_app_security_policy = "mcasConfigured"` is set
- How to use `azuread_application_pre_authorized` with the authorizing application being msgraph HOT 1
- Removing group members using azuread_group_member throws an error although members are being removed HOT 1
- Cannot destroy AppRegistration virtual resources HOT 2
- Improve documentation for "azuread_application" HOT 1
- Not able to remove "assignment_review_settings" block in azuread_access_package_assignment_policy HOT 5
- azuread_directory_role_eligibility_schedule_request returning RoleNotFound on creation HOT 2
- Add support for token issuance policies
- Grant admin cosent for API permission of the app HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-azuread.