From d5187b9de7ed7ffe2088a5c66f33f6050dd4b48b Mon Sep 17 00:00:00 2001 From: TomasKunka Date: Thu, 25 Jan 2024 16:30:51 +0000 Subject: [PATCH] Add optional transitive members in group data source --- internal/services/groups/group_data_source.go | 24 +++++++++++++++--- .../services/groups/group_data_source_test.go | 25 +++++++++++++++++++ .../services/groups/group_resource_test.go | 24 ++++++++++++++++++ 3 files changed, 70 insertions(+), 3 deletions(-) diff --git a/internal/services/groups/group_data_source.go b/internal/services/groups/group_data_source.go index e7eb5014f0..d972ddaafd 100644 --- a/internal/services/groups/group_data_source.go +++ b/internal/services/groups/group_data_source.go @@ -148,6 +148,13 @@ func groupDataSource() *pluginsdk.Resource { }, }, + "include_transitive_members": { + Description: "Specifies whether to include transitive members (a flat list of all nested members).", + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + }, + "onpremises_domain_name": { Description: "The on-premises FQDN, also called dnsDomainName, synchronized from the on-premises directory when Azure AD Connect is used", Type: pluginsdk.TypeString, @@ -423,9 +430,20 @@ func groupDataSourceRead(ctx context.Context, d *pluginsdk.ResourceData, meta in tf.Set(d, "hide_from_address_lists", hideFromAddressLists) tf.Set(d, "hide_from_outlook_clients", hideFromOutlookClients) - members, _, err := client.ListMembers(ctx, d.Id()) - if err != nil { - return tf.ErrorDiagF(err, "Could not retrieve group members for group with object ID: %q", d.Id()) + includeTransitiveMembers := d.Get("include_transitive_members").(bool) + var members *[]string + if includeTransitiveMembers { + var err error + members, _, err = client.ListTransitiveMembers(ctx, d.Id()) + if err != nil { + return tf.ErrorDiagF(err, "Could not retrieve transitive group members for group with object ID: %q", d.Id()) + } + } else { + var err error + members, _, err = client.ListMembers(ctx, d.Id()) + if err != nil { + return tf.ErrorDiagF(err, "Could not retrieve group members for group with object ID: %q", d.Id()) + } } tf.Set(d, "members", members) diff --git a/internal/services/groups/group_data_source_test.go b/internal/services/groups/group_data_source_test.go index 33b36698b3..baa4ab76c1 100644 --- a/internal/services/groups/group_data_source_test.go +++ b/internal/services/groups/group_data_source_test.go @@ -159,6 +159,20 @@ func TestAccGroupDataSource_members(t *testing.T) { }) } +func TestAccGroupDataSource_transitiveMembers(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azuread_group", "test") + + data.DataSourceTest(t, []acceptance.TestStep{ + { + Config: GroupDataSource{}.transitiveMembers(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("display_name").HasValue(fmt.Sprintf("acctestGroup-%d", data.RandomInteger)), + check.That(data.ResourceName).Key("members.#").HasValue("4"), + ), + }, + }) +} + func TestAccGroupDataSource_owners(t *testing.T) { data := acceptance.BuildTestData(t, "data.azuread_group", "test") @@ -314,6 +328,17 @@ data "azuread_group" "test" { `, GroupResource{}.withThreeMembers(data)) } +func (GroupDataSource) transitiveMembers(data acceptance.TestData) string { + return fmt.Sprintf(` +%[1]s + +data "azuread_group" "test" { + object_id = azuread_group.test.object_id + include_transitive_members = true +} +`, GroupResource{}.withTransitiveMembers(data)) +} + func (GroupDataSource) dynamicMembership(data acceptance.TestData) string { return fmt.Sprintf(` %[1]s diff --git a/internal/services/groups/group_resource_test.go b/internal/services/groups/group_resource_test.go index c2cebcf910..ab465779e3 100644 --- a/internal/services/groups/group_resource_test.go +++ b/internal/services/groups/group_resource_test.go @@ -954,6 +954,30 @@ resource "azuread_group" "test" { `, r.templateThreeUsers(data), data.RandomInteger) } +func (r GroupResource) withTransitiveMembers(data acceptance.TestData) string { + return fmt.Sprintf(` +%[1]s + +resource "azuread_group" "nested" { + display_name = "acctestGroup-%[2]d-Nested" + security_enabled = true + members = [ + azuread_user.test.object_id, + azuread_group.member.object_id, + azuread_service_principal.test.object_id + ] +} + +resource "azuread_group" "test" { + display_name = "acctestGroup-%[2]d" + security_enabled = true + members = [ + azuread_group.nested.object_id + ] +} +`, r.templateDiverseDirectoryObjects(data), data.RandomInteger) +} + func (r GroupResource) withOwnersAndMembers(data acceptance.TestData) string { return fmt.Sprintf(` %[1]s