Groups: support new fields: behaviors, onpremises_*, `preferred_l…

…anguage`, `provisioning_options`, `proxy_addresses`, `theme`, `visibility`

GNUmakefile

@@ -98,7 +98,7 @@ todo:
 
 docs-lint:
 	@echo "==> Checking documentation spelling..."
-	@misspell -error -source=text -i hdinsight -locale UK docs/
+	@misspell -error -source=text -i hdinsight docs/
 	@echo "==> Checking documentation for errors..."
 	@tfproviderdocs check -provider-name=azuread -allowed-guide-subcategories="Authentication,Upgrade Guides" -enable-contents-check -require-schema-ordering -require-guide-subcategory -require-resource-subcategory
 	@sh -c "'$(CURDIR)/scripts/terrafmt-docs.sh'"

docs/data-sources/group.md

@@ -31,13 +31,24 @@ The following arguments are supported:
 The following attributes are exported:
 
 * `assignable_to_role` - Indicates whether this group can be assigned to an Azure Active Directory role.
+* `behaviors` - A list of behaviors for a Microsoft 365 group, such as `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details.
 * `description` - The optional description of the group.
 * `display_name` - The display name for the group.
 * `object_id` - The object ID of the group.
 * `mail` - The SMTP address for the group.
 * `mail_enabled` - Whether the group is mail-enabled.
 * `mail_nickname` - The mail alias for the group, unique in the organisation.
-* `members` - The object IDs of the group members.
-* `owners` - The object IDs of the group owners.
+* `members` - List of object IDs of the group members.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_netbios_name` - The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sam_account_name` - The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
+* `owners` - List of object IDs of the group owners.
+* `preferred_language` - The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
+* `provisioning_options` - A list of provisioning options for a Microsoft 365 group, such as `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details.
+* `proxy_addresses` - List of email addresses for the group that direct to the same group mailbox.
 * `security_enabled` - Whether the group is a security group.
+* `theme` - The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. When no theme is set, the value is `null`.
 * `types` - A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group.
+* `visibility` - The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility.

docs/resources/group.md

@@ -54,15 +54,19 @@ resource "azuread_group" "example" {
 The following arguments are supported:
 
 * `assignable_to_role` - (Optional) Indicates whether this group can be assigned to an Azure Active Directory role. Can only be `true` for security-enabled groups. Changing this forces a new resource to be created.
+* `behaviors` - (Optional) A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
 * `description` - (Optional) The description for the group.
 * `display_name` - (Required) The display name for the group.
 * `mail_enabled` - (Optional) Whether the group is a mail enabled, with a shared group mailbox. At least one of `mail_enabled` or `security_enabled` must be specified. A group can be mail enabled _and_ security enabled.
 * `mail_nickname` - (Optional) The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.
 * `members` - (Optional) A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals.
 * `owners` - (Optional) A set of owners who own this group. Supported object types are Users or Service Principals.
 * `prevent_duplicate_names` - (Optional) If `true`, will return an error if an existing group is found with the same name. Defaults to `false`.
+* `provisioning_options` - (Optional) A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.
 * `security_enabled` - (Optional) Whether the group is a security group for controlling access to in-app resources. At least one of `security_enabled` or `mail_enabled` must be specified. A group can be security enabled _and_ mail enabled.
+* `theme` - (Optional) The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.
 * `types` - (Optional) A set of group types to configure for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group. Required when `mail_enabled` is true. Changing this forces a new resource to be created.
+* `visibility` - (Optional) The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.
 
 -> **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing groups if you want to avoid name collisions.
 
@@ -74,6 +78,13 @@ In addition to all arguments above, the following attributes are exported:
 
 * `mail` - The SMTP address for the group.
 * `object_id` - The object ID of the group.
+* `onpremises_domain_name` - The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_netbios_name` - The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sam_account_name` - The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_security_identifier` - The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
+* `onpremises_sync_enabled` - Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
+* `preferred_language` - The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
+* `proxy_addresses` - List of email addresses for the group that direct to the same group mailbox.
 
 ## Import
 

go.mod

@@ -27,8 +27,11 @@ require (
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/zclconf/go-cty v1.8.3 // indirect
+	golang.org/x/text v0.3.6
 	google.golang.org/api v0.47.0 // indirect
 	google.golang.org/genproto v0.0.0-20210518161634-ec7691c0a37d // indirect
 )
 
 go 1.16
+
+replace github.com/manicminer/hamilton => /Users/tom/go/src/github.com/manicminer/hamilton

internal/services/groups/group_data_source.go

@@ -69,6 +69,15 @@ func groupDataSource() *schema.Resource {
 				Computed:    true,
 			},
 
+			"behaviors": {
+				Description: "The group behaviors for a Microsoft 365 group",
+				Type:        schema.TypeList,
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+
 			"description": {
 				Description: "The optional description of the group",
 				Type:        schema.TypeString,
@@ -96,6 +105,36 @@ func groupDataSource() *schema.Resource {
 				},
 			},
 
+			"onpremises_domain_name": {
+				Description: "The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
+			"onpremises_netbios_name": {
+				Description: "The on-premises NetBIOS name, synchronized from the on-premises directory when Azure AD Connect is used",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
+			"onpremises_sam_account_name": {
+				Description: "The on-premises SAM account name, synchronized from the on-premises directory when Azure AD Connect is used",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
+			"onpremises_security_identifier": {
+				Description: "The on-premises security identifier (SID), synchronized from the on-premises directory when Azure AD Connect is used",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
+			"onpremises_sync_enabled": {
+				Description: "Whether this group is synchronized from an on-premises directory (true), no longer synchronized (false), or has never been synchronized (null)",
+				Type:        schema.TypeBool,
+				Computed:    true,
+			},
+
 			"owners": {
 				Description: "The object IDs of the group owners",
 				Type:        schema.TypeList,
@@ -105,6 +144,36 @@ func groupDataSource() *schema.Resource {
 				},
 			},
 
+			"preferred_language": {
+				Description: "The preferred language for a Microsoft 365 group, in ISO 639-1 notation",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
+			"provisioning_options": {
+				Description: "The group provisioning options for a Microsoft 365 group",
+				Type:        schema.TypeList,
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+
+			"proxy_addresses": {
+				Description: "Email addresses for the group that direct to the same group mailbox",
+				Type:        schema.TypeList,
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+
+			"theme": {
+				Description: "The colour theme for a Microsoft 365 group",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+
 			"types": {
 				Description: "A list of group types configured for the group. The only supported type is `Unified`, which specifies a Microsoft 365 group",
 				Type:        schema.TypeList,
@@ -113,6 +182,12 @@ func groupDataSource() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+
+			"visibility": {
+				Description: "Specifies the group join policy and group content visibility",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
 		},
 	}
 }
@@ -199,14 +274,25 @@ func groupDataSourceRead(ctx context.Context, d *schema.ResourceData, meta inter
 	d.SetId(*group.ID)
 
 	tf.Set(d, "assignable_to_role", group.IsAssignableToRole)
+	tf.Set(d, "behaviors", flattenGroupResourceBehaviorOptions(group.ResourceBehaviorOptions))
 	tf.Set(d, "description", group.Description)
 	tf.Set(d, "display_name", group.DisplayName)
 	tf.Set(d, "mail", group.Mail)
 	tf.Set(d, "mail_enabled", group.MailEnabled)
 	tf.Set(d, "mail_nickname", group.MailNickname)
 	tf.Set(d, "object_id", group.ID)
+	tf.Set(d, "onpremises_domain_name", group.OnPremisesDomainName)
+	tf.Set(d, "onpremises_netbios_name", group.OnPremisesNetBiosName)
+	tf.Set(d, "onpremises_sam_account_name", group.OnPremisesSamAccountName)
+	tf.Set(d, "onpremises_security_identifier", group.OnPremisesSecurityIdentifier)
+	tf.Set(d, "onpremises_sync_enabled", group.OnPremisesSyncEnabled)
+	tf.Set(d, "preferred_language", group.PreferredLanguage)
+	tf.Set(d, "provisioning_options", flattenGroupResourceProvisioningOptions(group.ResourceProvisioningOptions))
+	tf.Set(d, "proxy_addresses", tf.FlattenStringSlicePtr(group.ProxyAddresses))
 	tf.Set(d, "security_enabled", group.SecurityEnabled)
+	tf.Set(d, "theme", group.Theme)
 	tf.Set(d, "types", group.GroupTypes)
+	tf.Set(d, "visibility", group.Visibility)
 
 	members, _, err := client.ListMembers(ctx, d.Id())
 	if err != nil {