Enable azuread_group to return indirect members

jrbracey commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently the azuread_group data source only returns direct members of the group. It would be helpful to be able to also get all transitive members of that group. I see that Microsoft Graph has the API https://graph.microsoft.com/v1.0/groups/GROUP_ID/transitiveMembers which could be leveraged for this.

The existing data source could be updated as shown below or a new data source could be created.

New or Affected Resource(s)

azuread_group (update exisiting)
azuread_group_members (create separate)

Potential Terraform Configuration

data "azuread_group" "example" { display_name = "Group Name Here" include_members = "transitive" }

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

0000

Threpio commented 2 years ago

The current "groups List Members" method and client from Hamilton does not currently allow for this query to be passed through but would be relatively easy to implement: HamiltonCode - The SDK behind the Microsoft graph interactions (note the only params are the group id)

panic-kbutton commented 1 year ago

Noting here that https://github.com/manicminer/hamilton/pull/191 has been merged, and transitive members can now be included in terraform's azuread_group data source. @Threpio please advise if a new issue should be opened for this functionality.

manicminer commented 1 year ago

Woops, looks like this was closed prematurely :)

cran1um commented 1 year ago

I'm just discovering this open issue, while searching for a solution to this problem. At the moment, is there any way that this can be utilized in its current state?

TomasKunka commented 5 months ago

I ended up publishing my own version...

terraform {
  required_providers {
    azuread = {
      source  = "TomasKunka/azuread"
      version = "2.48.0"
    }
  }
}

data "azuread_group" "example" {
  display_name               = "example"
  include_transitive_members = true
}

output "group_members" {
  value = data.azuread_group.example.members
}

hashicorp / terraform-provider-azuread