Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable azuread_group to return indirect members #881

Open
jrbracey opened this issue Sep 7, 2022 · 5 comments · Fixed by manicminer/hamilton#191
Open

Enable azuread_group to return indirect members #881

jrbracey opened this issue Sep 7, 2022 · 5 comments · Fixed by manicminer/hamilton#191
Labels
enhancement feature/groups

Comments

@jrbracey
Copy link

jrbracey commented Sep 7, 2022

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently the azuread_group data source only returns direct members of the group. It would be helpful to be able to also get all transitive members of that group. I see that Microsoft Graph has the API https://graph.microsoft.com/v1.0/groups/GROUP_ID/transitiveMembers which could be leveraged for this.

The existing data source could be updated as shown below or a new data source could be created.

New or Affected Resource(s)

  • azuread_group (update exisiting)
  • azuread_group_members (create separate)

Potential Terraform Configuration

data "azuread_group" "example" {
display_name = "Group Name Here"
include_members = "transitive"
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000
@Threpio
Copy link
Contributor

Threpio commented Sep 10, 2022
edited
Loading

The current "groups List Members" method and client from Hamilton does not currently allow for this query to be passed through but would be relatively easy to implement:
HamiltonCode - The SDK behind the Microsoft graph interactions
(note the only params are the group id)

@panic-kbutton panic-kbutton mentioned this issue Oct 13, 2022
Merged
@panic-kbutton
Copy link

Noting here that manicminer/hamilton#191 has been merged, and transitive members can now be included in terraform's azuread_group data source. @Threpio please advise if a new issue should be opened for this functionality.

@manicminer manicminer reopened this Oct 27, 2022
@manicminer
Copy link
Contributor

Woops, looks like this was closed prematurely :)

panic-kbutton added a commit to panic-kbutton/aad-transitive-members that referenced this issue Nov 9, 2022
@panic-kbutton
Create README.md
42421b7 
hack to work around transitive member retrieval limitations in AzureAD provider in terraform, Open Issue: hashicorp/terraform-provider-azuread#881

Usage: supply group ID in command, returns all transitive members in form {"value":"comma,separated,list,of,members"} for easy terraform progam integration.
@cran1um
Copy link

cran1um commented Aug 22, 2023

I'm just discovering this open issue, while searching for a solution to this problem. At the moment, is there any way that this can be utilized in its current state?

@TomasKunka TomasKunka mentioned this issue Jan 26, 2024
Merged
@TomasKunka TomasKunka mentioned this issue Mar 22, 2024
Merged
TomasKunka added a commit to TomasKunka/terraform-provider-azuread that referenced this issue Mar 22, 2024
@TomasKunka
Feature: hashicorp#881 Enable azuread_group to return indirect members (
71c835f 
#2)

* Add optional transitive members in group data source

* Run terrafmt

* Copy release conf from terraform-provider-hashicups
@TomasKunka
Copy link
Contributor

I ended up publishing my own version...

terraform {
  required_providers {
    azuread = {
      source  = "TomasKunka/azuread"
      version = "2.48.0"
    }
  }
}

data "azuread_group" "example" {
  display_name               = "example"
  include_transitive_members = true
}

output "group_members" {
  value = data.azuread_group.example.members
}

manicminer added a commit that referenced this issue May 8, 2024
@manicminer
Merge pull request #1300 from TomasKunka/feat/transitive-members
7ee41ff 
Feature: #881 Enable azuread_group to return indirect members
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature/groups
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Transitive Member Listing for Groups panic-kbutton/hamilton
6 participants
@manicminer @panic-kbutton @jrbracey @TomasKunka @cran1um @Threpio