terraform-provider-azuread icon indicating copy to clipboard operation
terraform-provider-azuread copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Access packages are deployed with disabled policies

Open sujitks opened this issue 1 year ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v3.0 on windows_amd64

  • provider registry.terraform.io/hashicorp/azuread v2.42.0

Affected Resource(s)

azuread_access_package_assignment_policy

  • azuread_XXXXX

Terraform Configuration Files

resource "azuread_access_package_assignment_policy" "archs_policy" {
  access_package_id = azuread_access_package.app_lz_package_archs.id
  display_name      = "assignment-policy-archs"
  description       = "Access package for LZ assignment policy"
  duration_in_days  = 90

  requestor_settings {
    scope_type = "AllExistingDirectorySubjects"
  }

  approval_settings {
    approval_required = true

    approval_stage {
      approval_timeout_in_days = 14

      primary_approver {
        object_id    = azuread_group.rbac-mgr-group[each.key].object_id
        subject_type = "groupMembers"
      }
    }
  }

  assignment_review_settings {
    enabled                        = true
    review_frequency               = "weekly"
    duration_in_days               = 3
    review_type                    = "Self"
    access_review_timeout_behavior = "keepAccess"
  }

  question {
    text {
      default_text = "Enter your manager's name"
    }
    required = true
  }
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

Access packages should be listed and available to request

Actual Behavior

Access packages, catalogues and polices are deployed however they are not available in the myaccess portal to request. Policies are deployed with 'Enabled=False'.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000

sujitks avatar Oct 12 '23 15:10 sujitks

experiencing the same issue.

mclark042 avatar Dec 15 '23 13:12 mclark042

I've just found the requests_accepted argument within the requestor_settings block. Setting this to 'true' will enable the policy :)

danieldklc avatar Jan 18 '24 02:01 danieldklc

Yes, @danieldklc. This works and makes the access package enabled.

image

sujitks avatar Mar 14 '24 11:03 sujitks