terraform-provider-azuread icon indicating copy to clipboard operation
terraform-provider-azuread copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Data Source azuread_groups: wildcard support

Open sce81 opened this issue 3 years ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Ability to search for AzureAD Groups using a wildcard. eg "display_names = ["tech_*"] at the moment, only exact matches can be searched, meaning I then have to filter those results through another process to get only the groups I require.

New or Affected Resource(s)

data "azuread_groups" "example" {
  display_names = ["Tech_*"]
}
  • azuread_XXXXX

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000

sce81 avatar Jan 10 '22 09:01 sce81

Hi @sce81, thanks for requesting this feature. I think it makes sense to add some additional filtering support to the plural data sources like azuread_groups and azuread_users. Would a prefix match on the display name work for your use case?

manicminer avatar Jan 12 '22 08:01 manicminer

Hi Tom, thansk for getting back to me. I'd say prefix would work in same cases, but not necessarily all. my customers vault identifier is in the middle of the name eg: "GRP_XX_VAULT_TEAM_FUNCTION" i would be hoping to put in a filter like "*_VAULT_*"

sce81 avatar Jan 12 '22 10:01 sce81

That makes sense. I'll have to do a little more digging as support for complex matching beyond the startsWith function seems to be patchy - ideally we'd like to make use of API-supported filters where possible. The startsWith $filter function seems to be supported everywhere, however the $search parameter (which you have to use for more complex matching) requires additional headers (which we can implement) but also do not work on some tenants (e.g. B2C).

manicminer avatar Jan 12 '22 12:01 manicminer

Hey tom, thanks again for your update. I guess startsWith is a step up from where it is now, providing theres no restrictive character limit it can be a workable solution..

sce81 avatar Jan 12 '22 12:01 sce81