-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathresources.groups.tf
50 lines (37 loc) · 2.01 KB
/
resources.groups.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# ------
# GROUPS
# ------
locals {
# Path where the groups information file are located
groups_path = "${var.artifacts_path}/groups"
# Name of the file holding the information
groups_information_file = var.groups_information_filename
# Group information file full path
apim_groups = "${local.groups_path}/${local.groups_information_file}"
}
# Get data about Azure AD groups to use the object ID
data "azuread_group" "apim_groups" {
for_each = can(jsondecode(file(local.apim_groups)).aad_groups) ? toset(jsondecode(file(local.apim_groups)).aad_groups) : []
display_name = each.key
}
# Create groups
## Before assigning a group on a product the group needs to be created on the API Management scope first.
## Azure AD groups
resource "azurerm_api_management_group" "aad" {
for_each = can(jsondecode(file(local.apim_groups)).aad_groups) ? toset(jsondecode(file(local.apim_groups)).aad_groups) : []
api_management_name = data.azurerm_api_management.main.name
resource_group_name = data.azurerm_api_management.main.resource_group_name
name = lower(replace(each.key, "/[ .]/", "-")) # Replace both space " " and dots "." from name. "name" may only contain alphanumeric characters, underscores and dashes up to 80 characters in length
display_name = each.key
external_id = "aad://${data.azuread_client_config.current.tenant_id}/groups/${data.azuread_group.apim_groups[each.key].object_id}"
type = "external"
}
## Local groups on APIM
resource "azurerm_api_management_group" "local" {
for_each = can(jsondecode(file(local.apim_groups)).local_groups) ? toset(jsondecode(file(local.apim_groups)).local_groups) : []
api_management_name = data.azurerm_api_management.main.name
resource_group_name = data.azurerm_api_management.main.resource_group_name
name = lower(replace(each.key, "/[ .]/", "-")) # Replace both space " " and dots "." from name. "name" may only contain alphanumeric characters, underscores and dashes up to 80 characters in length
display_name = each.key
type = "custom"
}