forked from cncsc/terraform-azuread-group
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
64 lines (50 loc) · 2.36 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# APPLY CONFIGURATION TO A GITHUB ORGANIZATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
terraform {
required_version = ">= 0.12.26"
required_providers {
azuread = {
source = "hashicorp/azuread"
version = ">= 2.30.0"
}
}
}
# ---------------------------------------------------------------------------------------------------------------------
# CREATE THE GROUP
# ---------------------------------------------------------------------------------------------------------------------
resource "azuread_group" "group" {
lifecycle {
ignore_changes = [
// The following fields only have an effect on initial provisioning of the group.
// When importing existing resources, these would trigger a replacement of the imported resource.
behaviors,
provisioning_options,
]
}
display_name = var.display_name
description = var.description
visibility = var.visibility
types = var.types
members = var.members
owners = var.owners
prevent_duplicate_names = var.prevent_duplicate_names
auto_subscribe_new_members = contains(var.types, "Unified") ? var.auto_subscribe_new_members : null
behaviors = contains(var.types, "Unified") ? var.behaviors : null
external_senders_allowed = contains(var.types, "Unified") ? var.external_senders_allowed : null
hide_from_address_lists = contains(var.types, "Unified") ? var.hide_from_address_lists : null
hide_from_outlook_clients = contains(var.types, "Unified") ? var.hide_from_outlook_clients : null
theme = contains(var.types, "Unified") ? var.theme : null
mail_enabled = contains(var.types, "Unified") ? var.mail_enabled : false
mail_nickname = var.mail_nickname
security_enabled = var.security_enabled
assignable_to_role = var.security_enabled == true ? var.assignable_to_role : null
provisioning_options = contains(var.types, "Unified") ? var.provisioning_options : null
dynamic "dynamic_membership" {
for_each = contains(var.types, "DynamicMembership") && var.dynamic_membership != null ? [1] : []
content {
enabled = var.dynamic_membership.enabled
rule = var.dynamic_membership.rule
}
}
}