New data source 'azuread_domains'

azuread/config.go

@@ -29,6 +29,7 @@ type ArmClient struct {
 
 	// azure AD clients
 	applicationsClient      graphrbac.ApplicationsClient
+	domainsClient           graphrbac.DomainsClient
 	groupsClient            graphrbac.GroupsClient
 	servicePrincipalsClient graphrbac.ServicePrincipalsClient
 }
@@ -74,6 +75,9 @@ func (c *ArmClient) registerGraphRBACClients(endpoint, tenantID string, authoriz
 	c.applicationsClient = graphrbac.NewApplicationsClientWithBaseURI(endpoint, tenantID)
 	configureClient(&c.applicationsClient.Client, authorizer)
 
+	c.domainsClient = graphrbac.NewDomainsClientWithBaseURI(endpoint, tenantID)
+	configureClient(&c.domainsClient.Client, authorizer)
+
 	c.groupsClient = graphrbac.NewGroupsClientWithBaseURI(endpoint, tenantID)
 	configureClient(&c.groupsClient.Client, authorizer)
 

azuread/data_domains.go

@@ -0,0 +1,156 @@
+package azuread
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataDomains() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceActiveDirectoryDomainsRead,
+
+		Schema: map[string]*schema.Schema{
+			"include_unverified": {
+				Type:          schema.TypeBool,
+				Optional:      true,
+				ConflictsWith: []string{"only_default", "only_initial"}, //default or initial domains have to be verified
+			},
+			"only_default": {
+				Type:          schema.TypeBool,
+				Optional:      true,
+				ConflictsWith: []string{"only_initial"},
+			},
+			"only_initial": {
+				Type:          schema.TypeBool,
+				Optional:      true,
+				ConflictsWith: []string{"only_default"},
+			},
+			"domains": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"domain_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"authentication_type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"is_default": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"is_initial": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"is_verified": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceActiveDirectoryDomainsRead(d *schema.ResourceData, meta interface{}) error {
+	tenantId := meta.(*ArmClient).tenantID
+	client := meta.(*ArmClient).domainsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	includeUnverified := d.Get("include_unverified").(bool)
+	onlyDefault := d.Get("only_default").(bool)
+	onlyInitial := d.Get("only_initial").(bool)
+
+	results, err := client.List(ctx, "")
+	if err != nil {
+		return fmt.Errorf("Error listing Azure AD Domains: %+v", err)
+	}
+
+	d.SetId("domains-" + tenantId)
+
+	domains := flattenDomains(results.Value, includeUnverified, onlyDefault, onlyInitial)
+	if len(domains) == 0 {
+		return fmt.Errorf("Error: No domains were returned based on those filters")
+	}
+
+	if err = d.Set("domains", domains); err != nil {
+		return fmt.Errorf("Error setting `domains`: %+v", err)
+	}
+
+	return nil
+}
+
+func flattenDomains(input *[]graphrbac.Domain, includeUnverified, onlyDefault, onlyInitial bool) []interface{} {
+	if input == nil {
+		return []interface{}{}
+	}
+
+	domains := make([]interface{}, 0)
+	for _, v := range *input {
+		if v.Name == nil {
+			log.Printf("[DEBUG] Domain Name was nil - skipping")
+			continue
+		}
+
+		domainName := *v.Name
+
+		authenticationType := "undefined"
+		if v.AuthenticationType != nil {
+			authenticationType = *v.AuthenticationType
+		}
+
+		isDefault := false
+		if v.IsDefault != nil {
+			isDefault = *v.IsDefault
+		}
+
+		isInitial := false
+		if v.AdditionalProperties["isInitial"] != nil {
+			isInitial = v.AdditionalProperties["isInitial"].(bool)
+		}
+
+		isVerified := false
+		if v.IsVerified != nil {
+			isVerified = *v.IsVerified
+		}
+
+		// Filters
+		if !isDefault && onlyDefault {
+			// skip all domains except the initial domain
+			log.Printf("[DEBUG] Skipping %q since the filter requires the default domain", domainName)
+			continue
+		}
+
+		if !isInitial && onlyInitial {
+			// skip all domains except the initial domain
+			log.Printf("[DEBUG] Skipping %q since the filter requires the initial domain", domainName)
+			continue
+		}
+
+		if !isVerified && !includeUnverified {
+			//skip unverified domains
+			log.Printf("[DEBUG] Skipping %q since the filter requires verified domains", domainName)
+			continue
+		}
+
+		domain := map[string]interface{}{
+			"authentication_type": authenticationType,
+			"domain_name":         domainName,
+			"is_default":          isDefault,
+			"is_initial":          isInitial,
+			"is_verified":         isVerified,
+		}
+
+		domains = append(domains, domain)
+	}
+
+	return domains
+}

azuread/data_domains_test.go

@@ -0,0 +1,72 @@
+package azuread
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureADDomains_basic(t *testing.T) {
+	dataSourceName := "data.azuread_domains.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: `data "azuread_domains" "test" {}`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.domain_name"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.authentication_type"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_default"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_initial"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_verified"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureADDomains_onlyDefault(t *testing.T) {
+	dataSourceName := "data.azuread_domains.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: `data "azuread_domains" "test" {
+					only_default = true
+				}`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.domain_name"),
+					resource.TestCheckResourceAttr(dataSourceName, "domains.0.is_default", "true"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_default"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_verified"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureADDomains_onlyInitial(t *testing.T) {
+	dataSourceName := "data.azuread_domains.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: `data "azuread_domains" "test" {
+					only_initial = true
+				}`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.domain_name"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_default"),
+					resource.TestCheckResourceAttr(dataSourceName, "domains.0.is_initial", "true"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "domains.0.is_verified"),
+				),
+			},
+		},
+	})
+}

azuread/provider.go

@@ -75,6 +75,7 @@ func Provider() terraform.ResourceProvider {
 
 		DataSourcesMap: map[string]*schema.Resource{
 			"azuread_application":       dataApplication(),
+			"azuread_domains":           dataDomains(),
 			"azuread_group":             dataGroup(),
 			"azuread_service_principal": dataServicePrincipal(),
 		},

website/azuread.erb

@@ -51,6 +51,10 @@
                   <a href="/docs/providers/azuread/d/application.html">azuread_application</a>
                 </li>
 
+                <li<%= sidebar_current("docs-azuread-datasource-azuread-domains") %>>
+                  <a href="/docs/providers/azuread/d/domains.html">azuread_domains</a>
+                </li>
+
                 <li<%= sidebar_current("docs-azuread-datasource-azuread-group") %>>
                   <a href="/docs/providers/azuread/d/group.html">azuread_group</a>
                 </li>

website/docs/d/domains.html.markdown

@@ -0,0 +1,43 @@
+---
+layout: "azuread"
+page_title: "Azure Active Directory: azuread_domains"
+sidebar_current: "docs-azuread-datasource-azuread-domains"
+description: |-
+  Gets information about an existing Domains within Azure Active Directory.
+---
+
+# Data Source: azuread_domains
+
+Use this data source to access information about an existing Domains within Azure Active Directory.
+
+-> **NOTE:** If you're authenticating using a Service Principal then it must have permissions to `Directory.Read.All` within the `Windows Azure Active Directory` API.
+
+## Example Usage
+
+```hcl
+data "azuread_domains" "aad_domains" {}
+
+output "domains" {
+  value = "${data.azuread_domains.aad_domains.domains}"
+}
+```
+
+## Argument Reference
+
+* `include_unverified` - (Optional) Set to `true` if unverified Azure AD Domains should be included. Defaults to `false`.
+* `only_default` - (Optional) Set to `true` to only return the default domain.
+* `only_initial` - (Optional) Set to `true` to only return the initial domain, which is your primary Azure Active Directory tenant domain. Defaults to `false`.
+
+-> **NOTE:** If `include_unverified` is set to `true` you cannot specify `only_default` or `only_initial`. Additionally you cannot combine `only_default` with `only_initial`.
+
+## Attributes Reference
+
+* `domains` - One or more `domain` blocks as defined below.
+
+The `domain` block contains:
+
+* `domain_name` - The name of the domain.
+* `authentication_type` - The authentication type of the domain (Managed or Federated).
+* `is_default` - `True` if this is the default domain that is used for user creation.
+* `is_initial` - `True` if this is the initial domain created by Azure Activie Directory.
+* `is_verified` - `True` if the domain has completed domain ownership verification.