通过从 CSV 文件中获取用户详细信息,使用 terraform 在 azure AD 组中添加用户
Add users in azure AD group using terraform by fetching the user details from CSV file
我正在关注此文档 Manage Azure Active Directory (Azure AD) Users and Groups 和同一页面中提到的相同存储库以在 Azure AD 组中添加用户。
我不需要资源函数来创建用户,因为其他团队已经创建了用户。我们只需要创建组并将成员添加到其中。
我可以通过使用成员电子邮件地址创建一个 tfvars 文件来将用户添加到组中
terraform.tfvars
dev-team = [
"a@example.com",
"b@example.com"
]
groups.tf
data "azuread_user" "user" {
for_each = toset(var.dev-team)
user_principal_name = each.key
}
resource "azuread_group" "api-jnk-cld-ops" {
display_name = "api-jnk-cld-ops"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = toset(var.dev-team)
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}
variables.tf
variable "dev-team" {
type = list(string)
}
我想要实现的是,用户应该列在 csv 文件中而不是在 tfvars 中。与官方文档中提到的方式相同Manage Azure Active Directory (Azure AD) Users and Groups 唯一不同的是我不想创建用户。
获取用户并检查用户属于哪个部门并将用户添加到正确的组这就是我正在尝试做的..
错误:如果我有重复的 UPN 在另一个组中使用,则会出现新问题。
Two different items produced the key
"user1@example.com" in this 'for' expression. If
duplicates are expected, use the ellipsis (...) after the value expression to
enable grouping by key.
AzureGroup Surname UserPrincipalName UserSamAccountName GroupName ObjectClass DistinguishedName GivenName Enabled AzureUserPrincipalName AzureUserId
api-jnk-cld-ops user1 user1@example.com abcd api-jnk-cld-ops user user1 TRUE user1@test.onmicrosoft.com fad08bd2-3fa471403656
api-jnk-ai-ops user2 user2@example.com defg api-jnk-ai-ops user user2 TRUE user2@test.onmicrosoft.com 5f2d00eb-bfc6-67219cec3bb7
api-jnk-bd-ops user1 user1@example.com abcd api-jnk-bd-ops user user1 TRUE user1@test.onmicrosoft.com fad08bd2-3fa471403656
resource "azuread_group_member" "member" {
for_each = { for user in local.users : user.AzureUserPrincipalName => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}
What I am trying to achieve is, users should be listed in csv file
instead of giving in tfvars. The same way as official documents
mentioned Manage Azure Active Directory (Azure AD) Users and Groups
only different is i don't want to create user.
您可以使用以下代码满足您的要求:
provider "azuread" {}
locals {
users = csvdecode(file("C:/user.csv"))
}
data "azuread_user" "user" {
for_each = { for user in local.users : user.UPN => user }
user_principal_name = each.value.UPN
}
resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = { for user in local.users : user.UPN => user }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}
CSV 文件:
输出:
更新以下错误:
如果您使用重复项,则必须通过索引将列表转换为地图,因此您可以使用如下所示的 for 循环:
data "azuread_user" "user" {
for_each = { for i , user in local.users : i => user }
user_principal_name = each.value.AzureUserPrincipalName
}
resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = { for i,user in local.users : i => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}
输出:
我正在关注此文档 Manage Azure Active Directory (Azure AD) Users and Groups 和同一页面中提到的相同存储库以在 Azure AD 组中添加用户。
我不需要资源函数来创建用户,因为其他团队已经创建了用户。我们只需要创建组并将成员添加到其中。
我可以通过使用成员电子邮件地址创建一个 tfvars 文件来将用户添加到组中
terraform.tfvars
dev-team = [
"a@example.com",
"b@example.com"
]
groups.tf
data "azuread_user" "user" {
for_each = toset(var.dev-team)
user_principal_name = each.key
}
resource "azuread_group" "api-jnk-cld-ops" {
display_name = "api-jnk-cld-ops"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = toset(var.dev-team)
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}
variables.tf
variable "dev-team" {
type = list(string)
}
我想要实现的是,用户应该列在 csv 文件中而不是在 tfvars 中。与官方文档中提到的方式相同Manage Azure Active Directory (Azure AD) Users and Groups 唯一不同的是我不想创建用户。
获取用户并检查用户属于哪个部门并将用户添加到正确的组这就是我正在尝试做的..
错误:如果我有重复的 UPN 在另一个组中使用,则会出现新问题。
Two different items produced the key "user1@example.com" in this 'for' expression. If duplicates are expected, use the ellipsis (...) after the value expression to enable grouping by key.
AzureGroup Surname UserPrincipalName UserSamAccountName GroupName ObjectClass DistinguishedName GivenName Enabled AzureUserPrincipalName AzureUserId
api-jnk-cld-ops user1 user1@example.com abcd api-jnk-cld-ops user user1 TRUE user1@test.onmicrosoft.com fad08bd2-3fa471403656
api-jnk-ai-ops user2 user2@example.com defg api-jnk-ai-ops user user2 TRUE user2@test.onmicrosoft.com 5f2d00eb-bfc6-67219cec3bb7
api-jnk-bd-ops user1 user1@example.com abcd api-jnk-bd-ops user user1 TRUE user1@test.onmicrosoft.com fad08bd2-3fa471403656
resource "azuread_group_member" "member" {
for_each = { for user in local.users : user.AzureUserPrincipalName => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}
What I am trying to achieve is, users should be listed in csv file instead of giving in tfvars. The same way as official documents mentioned Manage Azure Active Directory (Azure AD) Users and Groups only different is i don't want to create user.
您可以使用以下代码满足您的要求:
provider "azuread" {}
locals {
users = csvdecode(file("C:/user.csv"))
}
data "azuread_user" "user" {
for_each = { for user in local.users : user.UPN => user }
user_principal_name = each.value.UPN
}
resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = { for user in local.users : user.UPN => user }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}
CSV 文件:
输出:
更新以下错误:
如果您使用重复项,则必须通过索引将列表转换为地图,因此您可以使用如下所示的 for 循环:
data "azuread_user" "user" {
for_each = { for i , user in local.users : i => user }
user_principal_name = each.value.AzureUserPrincipalName
}
resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = { for i,user in local.users : i => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}
输出: