Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for PIM Group management #1327

Merged
merged 57 commits into from
May 8, 2024
Merged

Add support for PIM Group management #1327

merged 57 commits into from
May 8, 2024

Conversation

oWretch
Copy link
Contributor

@oWretch oWretch commented Mar 6, 2024
edited

Merge of #1320, #1322, #1324.

Closes #68, #1164, #1186, #1257.

Depends on manicminer/hamilton#277.

Bumps hamilton to v0.67.0

Provides three new resources:

  • azuread_group_role_management_policy
  • azuread_privileged_access_group_assignment_schedule
  • azuread_privileged_access_group_eligibility_schedule

Provides one new data source

  • azuread_group_role_management_policy thanks to @iwarapter

@oWretch
Enable typed resources for identitygovernance
0e3b0cc
@oWretch
Create azuread_privileged_access_group_assignment_schedule_request
b14959b
@oWretch
Handle deletion of requests in all states
003e26d
@oWretch
Initial test creation
cccc742
@oWretch
Handle case where the request comes back failed from Entra
f72d4ee
@oWretch
Create azuread_privileged_access_group_eligibility_schedule_request
11408d5
@oWretch
Create tests for azuread_privileged_access_group_eligibility_schedule…
b27b94e 
…_request
@oWretch
Enable typed resources for Policies
236a7b0
@oWretch
Create clients
f6ac361
@oWretch
Initial resource for PAM Group policies
dc2facb
@oWretch
Initial CRUD functions
7b1a840
@oWretch
Correct schema errors
8beaa4f
@oWretch
Fix Create function
bb74378
@oWretch
Fix ID issues
7ddb94e
@oWretch
Add parsing for role policies
07cc7c2
@oWretch
Finish migrating settings into blocks
f163e04
@oWretch
Rename AllowPermanent to ExpirationRequired
08b6a3d 
Better matches the underlying resource and means
we don't need to negate the bool
@oWretch
Update policy build code to actually work
1dbc70a
@oWretch
Read now works also
66ac6af
@oWretch
Update parameter requirements
d370422
@oWretch
Rename all resource etc with Group prefix
7fcfbce 
Preparation for doing Directory and DirectoryRole resources
@oWretch
We have working tests
2acc9de
@oWretch
Add documentation
8dede21 
Rename some fields to make more sense
@oWretch
Rename approval_stages to approval_stage
65c7657
@oWretch
Ensure all additional_recipients blocks have an item
2a655fe
@oWretch
Rename base object_id to group_id
a6b7c04
@oWretch
Update primary_approver block to better match the underlying API
78ac258
@oWretch
Fix duplicate approval_stages being saved in the state file
0fd0004
@oWretch
Allow additional_recipients to be an empty list
2dd6c6a
@oWretch
Convert Lists to Sets where order doesn't matter
1318798
@MathewJohnsonIPO MathewJohnsonIPO mentioned this pull request Apr 23, 2024
Closed
@MohnJadden
Copy link

@manicminer Could we trouble you to review? A bunch of folks in #68 are eagerly awaiting the changes in this PR.

manicminer
manicminer approved these changes May 8, 2024
View reviewed changes
Copy link
Member

@manicminer manicminer left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @oWretch for this PR and @iwarapter for collaborating!

Apologies for the delay in reviewing. This looks fantastic and I have no changes to request - the only substantive change I've made was to fix up the azuread_group_role_management_policy data source test.

Tests are passing and this LGTM! 🚀 🚀 🚀 🌕

Screenshot 2024-05-08 at 01 34 44
Screenshot 2024-05-08 at 01 28 57

@manicminer manicminer merged commit dc33379 into hashicorp:main May 8, 2024
27 checks passed
manicminer added a commit that referenced this pull request May 8, 2024
@manicminer
Changelog for #1327
50e604b
@github-actions github-actions bot added this to the v2.49.0 milestone May 8, 2024
@oWretch oWretch mentioned this pull request May 8, 2024
Open
13 tasks
This was referenced May 8, 2024
Closed
Closed
Closed
@oWretch oWretch deleted the f/pim-groups branch May 8, 2024 10:02
dduportal pushed a commit to jenkins-infra/azure that referenced this pull request May 10, 2024
@jenkins-infra-updatecli @jenkins-infra-bot
Bump Terraform azuread provider version to 2.49.0 (#689)
d9c0ecb 
<Actions>
<action
id="6d17e7acdb2f3311576150379e22805f2f9b4aa72ff00ec136aceee45cae4b98">
        <h3>Bump Terraform `azuread` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
            <summary>Update Terraform lock file</summary>
<p>changes detected:&#xA;&#x9;&#34;hashicorp/azuread&#34; updated from
&#34;2.48.0&#34; to &#34;2.49.0&#34; in file
&#34;.terraform.lock.hcl&#34;</p>
            <details>
                <summary>2.49.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azuread/releases/tag/v2.49.0&#xA;FEATURES:&#xA;&#xA;*
**New Data Source:** `azuread_group_role_management_policy`
([#1327](https://github.com/hashicorp/terraform-provider-azuread/issues/1327))&#xA;*
**New Resource:** `azuread_group_role_management_policy`
([#1327](https://github.com/hashicorp/terraform-provider-azuread/issues/1327))&#xA;*
**New Resource:** `azuread_privileged_access_group_assignment_schedule`
([#1327](https://github.com/hashicorp/terraform-provider-azuread/issues/1327))&#xA;*
**New Resource:** `azuread_privileged_access_group_eligibility_schedule`
([#1327](https://github.com/hashicorp/terraform-provider-azuread/issues/1327))&#xA;*
**New Resource:** `azuread_synchronization_job_provision_on_demand`
([#1032](https://github.com/hashicorp/terraform-provider-azuread/issues/1032))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
`data.azuread_group` - support for the `include_transitive_members`
property
([#1300](https://github.com/hashicorp/terraform-provider-azuread/issues/1300))&#xA;*
`azuread_application` - relax validation for the `identifier_uris`
property to allow more values
([#1351](https://github.com/hashicorp/terraform-provider-azuread/issues/1351))&#xA;*
`azuread_application_identifier_uri` - relax validation for the
`identifier_uri` property to allow more values
([#1351](https://github.com/hashicorp/terraform-provider-azuread/issues/1351))&#xA;*
`azuread_group` - support the `SkipExchangeInstantOn` value for the
`behaviors` property
([#1370](https://github.com/hashicorp/terraform-provider-azuread/issues/1370))&#xA;*
`azuread_user` - relax validation for the `employee_type` property to
allow more values
([#1328](https://github.com/hashicorp/terraform-provider-azuread/issues/1328))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azuread_application_pre_authorized` - fix a
destroy-time bug that could prevent deletion of the resource
([#1299](https://github.com/hashicorp/terraform-provider-azuread/issues/1299))&#xA;&#xA;&#xA;</pre>
            </details>
        </details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/158/">Jenkins
pipeline link</a>
    </action>
</Actions>

---

<table>
  <tr>
    <td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
    </td>
    <td>
      <p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
      </p>
      <details><summary>Options:</summary>
        <br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
        <ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
        </ul>
        <p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
        </p>
      </details>
    </td>
  </tr>
</table>

Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
@bryansan-msft bryansan-msft mentioned this pull request May 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenchan0130 kenchan0130 kenchan0130 left review comments

@manicminer manicminer manicminer approved these changes

Assignees
No one assigned
Labels
dependencies documentation feature/identity-governance feature/policies size/XL tooling
Projects
None yet
Milestone
v2.49.0
Development

Successfully merging this pull request may close these issues.

Privileged Identity Management (PIM)
6 participants
@oWretch @yaron @MohnJadden @manicminer @kenchan0130 @iwarapter