terraform-provider-azuread icon indicating copy to clipboard operation
terraform-provider-azuread copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Enable azuread_group to return indirect members

Open jrbracey opened this issue 3 years ago • 5 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently the azuread_group data source only returns direct members of the group. It would be helpful to be able to also get all transitive members of that group. I see that Microsoft Graph has the API https://graph.microsoft.com/v1.0/groups/GROUP_ID/transitiveMembers which could be leveraged for this.

The existing data source could be updated as shown below or a new data source could be created.

New or Affected Resource(s)

  • azuread_group (update exisiting)
  • azuread_group_members (create separate)

Potential Terraform Configuration

data "azuread_group" "example" { display_name = "Group Name Here" include_members = "transitive" }

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000

jrbracey avatar Sep 07 '22 22:09 jrbracey

The current "groups List Members" method and client from Hamilton does not currently allow for this query to be passed through but would be relatively easy to implement: HamiltonCode - The SDK behind the Microsoft graph interactions (note the only params are the group id)

Threpio avatar Sep 10 '22 13:09 Threpio

Noting here that https://github.com/manicminer/hamilton/pull/191 has been merged, and transitive members can now be included in terraform's azuread_group data source. @Threpio please advise if a new issue should be opened for this functionality.

panic-kbutton avatar Oct 27 '22 18:10 panic-kbutton

Woops, looks like this was closed prematurely :)

manicminer avatar Oct 27 '22 18:10 manicminer

I'm just discovering this open issue, while searching for a solution to this problem. At the moment, is there any way that this can be utilized in its current state?

cran1um avatar Aug 22 '23 18:08 cran1um

I ended up publishing my own version...

terraform {
  required_providers {
    azuread = {
      source  = "TomasKunka/azuread"
      version = "2.48.0"
    }
  }
}

data "azuread_group" "example" {
  display_name               = "example"
  include_transitive_members = true
}

output "group_members" {
  value = data.azuread_group.example.members
}

TomasKunka avatar Mar 22 '24 21:03 TomasKunka