terraform-provider-azuread icon indicating copy to clipboard operation
terraform-provider-azuread copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Add more fine grained assignment durations to azuread_access_package_assignment_policy

Open mbrouwer opened this issue 2 years ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Right now it is only possible to choose for a duration_in_days which only allows for a whole number. We would like to set the assignment duration to be in hours, for example 2 hours

New or Affected Resource(s)

  • azuread_access_package_assignment_policy

Potential Terraform Configuration

resource "azuread_access_package" "access_package" {
  display_name = "DisplayName"
  description  = "Description"
  catalog_id   = data.azuread_access_package_catalog.catalog.id
}

resource "azuread_access_package_assignment_policy" "assignment_policy" {
  access_package_id = azuread_access_package.access_package.id
  display_name = "DisplayName"
  description  = "Description"
  duration_in_hours = 2

  requestor_settings {
    scope_type = "SpecificDirectorySubjects"
    requestor {
      backup       = false
      object_id    = "ObjectID"
      subject_type = "groupMembers"
    }
  }

  approval_settings {
    approval_required = false
  }
}```

### References
* https://learn.microsoft.com/en-us/graph/api/entitlementmanagement-post-assignmentpolicies?view=graph-rest-1.0&tabs=http

mbrouwer avatar Jun 13 '23 10:06 mbrouwer

Considering the API's format and the possibility to define the duration in a more granular manner (e.g., hours), we could change the duration_in_days attribute to duration which will accept the duration in ISO 8601 format.

In this way, it would be possible to set duration in days, hours, minutes, or even seconds. For example, if you want to set the duration to 2 hours, you would use "PT2H".

The potential Terraform Configuration would look like this:

resource "azuread_access_package" "access_package" {
  display_name = "DisplayName"
  description  = "Description"
  catalog_id   = data.azuread_access_package_catalog.catalog.id
}

resource "azuread_access_package_assignment_policy" "assignment_policy" {
  access_package_id = azuread_access_package.access_package.id
  display_name = "DisplayName"
  description  = "Description"
  duration = "PT2H"

  requestor_settings {
    scope_type = "SpecificDirectorySubjects"
    requestor {
      backup       = false
      object_id    = "ObjectID"
      subject_type = "groupMembers"
    }
  }

  approval_settings {
    approval_required = false
  }
}

This would align the Terraform provider more closely with the Microsoft Graph API and provide the flexibility for defining the duration in a more fine-grained manner.

rhernaus avatar Jun 13 '23 10:06 rhernaus

I agree on using ISO 8601 this would align it with the the current Microsoft Graph setup.

brolifen avatar Jun 19 '23 05:06 brolifen

Do we have any update on it?

leandroscarduarelex avatar Dec 09 '24 08:12 leandroscarduarelex

bump on this

tnh avatar May 02 '25 05:05 tnh

Still open ??

RachidFCGB avatar Jul 29 '25 17:07 RachidFCGB