terraform-provider-msgraph

command module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2020 License: Apache-2.0 Imports: 3 Imported by: 0

README

WIP: Terraform Provider for Microsoft Graph

Test Release

Introduction

The POC implementation of Terraform provider for Microsoft Graph using msgraph.go.

One of the main purposes of this provider is to become an alternative to the official Azure Active Directory provider.

You need Terraform v0.12 and an Azure AD tenant with the admin privilege.

Supported resources

  • Data sources
    • data_group
    • data_user
  • Resources
    • msgraph_application
    • msgraph_application_password
    • msgraph_group
    • msgraph_group_member
    • msgraph_user

Provider configuration

provider "msgraph" {
  tenant_id        = "common"
  client_id        = "82492584-8587-4e7d-ad48-19546ce8238f"
  client_secret    = "" // empty for device code authorization
  token_cache_path = "token_cache.json"
}

The configuration above (client_id = "82492584-8587-4e7d-ad48-19546ce8238f") is to use the public client defined in l0w.dev tenant with the permission Directory.AccessAsUser.All. You can use it to make terraform to access your tenant's directory with the delegated privilege.

When client_secret is empty, the provider attempts the device code authorization. You can see the following message in the debug log on the first invocation of terraform plan:

$ TF_LOG=DEBUG terraform plan
...
2020-02-09T03:55:33.204+0900 [DEBUG] plugin.terraform-provider-msgraph: 2020/02/09 03:55:33 To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code GEXSRT5LT to authenticate.

Open https://microsoft.com/devicelogin with your web browser and enter the code to proceed the authorization steps. After completing authorization it stores auth tokens in a file specified by token_cache_path. On subsequent terraform invocations it can skip the authorization steps above with this file.

How to test

Terraform v0.12 and Go v1.13 are required. It's strongly recommended to acquire a developer sandbox tenant by joining the Office 365 developer program.

Clone the repository, then move to one of the test directories and build terraform-provider-msgraph executable there:

$ git clone https://github.com/yaegashi/terraform-provider-msgraph
$ cd terraform-provider-msgraph/tests/users
$ go build ../..

Edit provider and variable in main.tf for your environment:

provider "msgraph" {
  tenant_id        = "common"
  client_id        = "82492584-8587-4e7d-ad48-19546ce8238f"
  client_secret    = "" // empty for device code authorization
  token_cache_path = "token_cache.json"
}

variable "tenant_domain" {
  type    = string
  default = "l0wdev.onmicrosoft.com"
}

Run terraform with an environment variable TF_LOG=DEBUG to enable debug log output:

$ terraform init
$ TF_LOG=DEBUG terraform plan
$ TF_LOG=DEBUG terraform apply

Todo

  • Support various graph resources (resource/data)
  • Support importing
  • Code auto-generation based on the API metadata
  • Persist OAuth2 tokens in backend storage?
  • Better device auth grant experience (no TF_LOG=DEBUG)
  • Unit testing
  • CI/CD
  • Manuals

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
tests
benchmark/msgraphgo command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.