Hi
I have the following data structure
groups = {
group1 = {
scope = "global"
description = ""
container = local.ou_id
members = ["user_name1”, “user_name2”]
},
group2 = {
scope = "global"
description = ""
container = local.ou_id
members = [“user_name3”]
},
group3 = {
scope = "global"
description = ""
container = local.ou_id
members = ["user_name1",”user_name4”]
},
}
I am using the terraform ms active directory provider. Unfortunately, due to existing limitations in the provider, I need to take the list of members from the each group and convert the sAMAccountName to the members GUID.
So this code works fine when using just the sAMAccountName
resource "ad_group_membership" "gmr" {
for_each = { for k, v in var.groups : k => v if ((length(v.members) != 0 ) && (var.groups_enabled == true ) }
group_id = each.key
group_members = each.value.members
depends_on = [
ad_group.role
]
}
But now I need to somehow lookup the GUID of each group member in each group and for the sAMAccountName, replace “each.value.members” with the GUID for each member
So first, I create a local which gets all members from all groups
locals {
group_members = flatten([for k, v in var.groups : [
for member in v.members : {
member = member
}
]])
}
May I should be creating a map above which map groups by key and members by value??
The I create a datasource to lookup the user_id for each member
data "ad_user" "users" {
for_each = { for k, v in local.group_members : v.member => v if (var.groups_enabled == true) }
user_id = each.value.member
}
Then I store those ids in local
locals {
user_ids = toset([for k, v in data.ad_user.users: v.id])
}
The part I cannot quite work out yet is how I map those user_ids for each member to the correct group for the resource group membership
resource "ad_group_membership" "gmr" {
for_each = { for k, v in var.roles : k => v if ((length(v.members) != 0 ) && (var.roles_enabled == true)) }
group_id = each.key
group_members = <need the user id from data source for each of the members>
depends_on = [
ad_group.role
]
}