terraform-provider-azuread
terraform-provider-azuread copied to clipboard
hashicorp
Manage azure role settings
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Requesting the ability to manage azure role settings from terraform. The ability to set things such as "Activation maximum duration (hours)", "On activation, require", "Require justification on activation", etc from the roles settings page. This will help with modifying built-in or custom roles to match our policies and not have to manually edit each one in the console.
New or Affected Resource(s)
- azuread
Thanks for requesting this @Keith-EMP. We already support assignment policies for entitlement management, is this what you're looking for?
I don't think thats it. I am talking about the role settings in azure ad (entra). the settings for activating PIM such as "On activation, require" or "Activation maximum duration (hours)" settings. I have been using graph api for this but would like terraform options as it's much cleaner and easier to manage. graph api partial URL for example: /policies/roleManagementPolicies/{id}/rules/Expiration_EndUser_Assignment
think https://github.com/hashicorp/terraform-provider-azurerm/pull/23295 is a proposal for this functionality
@manicminer This issue is requesting for policy settings for EntraID Roles. #1327 is for EntraId Groups and https://github.com/hashicorp/terraform-provider-azurerm/pull/25900 is for Azure Roles.
This issue should be reopened as there is not a terraform resource to modify policy settings for EntraId Roles
