Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to realistically use azuread_invitation? #851

Closed
timon-michel-scopevisio opened this issue Jul 26, 2022 · 2 comments
Closed

How to realistically use azuread_invitation? #851

timon-michel-scopevisio opened this issue Jul 26, 2022 · 2 comments

Comments

@timon-michel-scopevisio

I'm currently trying to implement the "azuread_invitation" resource to invite a user if it not already exists.

I managed to get it working like this:

locals {
  external_users: ["test@test.com"]
}

data "azuread_users" "all" {
  return_all = true
}

resource "azuread_invitation" "guests" {
  for_each = {
    for username in local.external_users:
        username => username
    if !contains(data.azuread_users.all.users.*.mail, username)
  }

  user_email_address = each.key
  redirect_url       = "https://example.com"
}

This way if the specified user in locals.external_users is not found in AD, an invitation is created. If i, however run another time without changing the code, it tries to delete the user as it is now invited into the organization.
If i delete the "invitation" using terraform, it deletes the whole user instead:

return tf.ErrorDiagPathF(err, "id", "Deleting invited user with object ID %q, got status %d with error: %+v", userID, status, err)

I understand that the "invitations" endpoint of MS Graph is POST-Only so there is no real way to "delete" an invitation. But deleting the whole user instead is not what i expected. How can i create an invitation without deleting the freshly invited user afterwards?

There is probably no ideal solution to this as Microsoft will probably not change their API for this - so is there any workaround? I would be fine with Terraform just making the invitation a "submit-and-forget".

@manicminer
Copy link
Contributor

Hi @timon-michel-scopevisio, thanks for raising this. We understand the implementation of the azuread_invitation resource is limiting and we have plans to improve this by incorporating invite functionality into the azuread_user resource instead. This should allow for more robust user maangement - guest, member, invited, or homed - or a combination of these!

Whilst there is no specific ETA at this time, this is on our roadmap and is being tracked in #650.

@manicminer manicminer closed this as not planned Won't fix, can't repro, duplicate, stale Jul 31, 2022
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants