英文:
Importing Azure Active Directory groups on Terraform
问题
使用Terraform的azuread提供程序,我试图创建组,读取类似于此的CSV文件:
display_name
Group1
Group2
Group3
将其读取到本地变量中:
locals {
departments = csvdecode(file("${path.module}/aad_departments.csv"))
}
创建组:
resource "azuread_group" "groups" {
for_each = { for group in local.departments : group.display_name => group }
display_name = each.value.display_name
prevent_duplicate_names = true
}
但我想导入一个已经存在的组,"Group2"。我已经使用了这个命令:
terraform import azuread_group.groups xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
但当我计划并应用此Terraform脚本时,它会抛出一个错误,说组已经存在:
"要通过Terraform进行管理,需要将此资源导入状态。请查看"azuread_group"的资源文档以获取更多信息。"
我该如何导入它?
非常感谢。
英文:
Using the azuread provider from Terraform, I am trying to create groups reading a CSV file like this:
display_name
Group1
Group2
Group3
Reading it in a local variable:
locals {
departments = csvdecode(file("${path.module}/aad_departments.csv"))
}
# Create groups
resource "azuread_group" "groups" {
for_each = { for group in local.departments : group.display_name => group }
display_name = each.value.display_name
prevent_duplicate_names = true
}
But I would like to import an existing group, "Group2", that already exists. I have used this command:
terraform import azuread_group.groups xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
But when I plan and apply this terraform script it throws an error saying that the group already exist:
"To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information."
How can I import it?
Thank you very much,
答案1
得分: 0
因为您正在使用for_each元参数进行循环。
我期望 { for group in local.departments : group.display_name => group } 会得到以下结构。
{
"group1" = {
"display_name" = "group1"
}
"group2" = {
"display_name" = "group2"
}
"group3" = {
"display_name" = "group3"
}
}
您还需要根据需求在您的terraform代码中添加security_enabled或mail_enabled。
参考错误信息:"security_enabled": 必须指定其中一个 'mail_enabled,security_enabled'。
resource "azuread_group" "groups" {
for_each = { for group in local.departments : group.display_name => group }
display_name = each.value.display_name
prevent_duplicate_names = true
security_enabled = true
#### OR #####
# mail_enabled = true
}
最后,您需要使用以下三个命令将这 3 个群组导入您的状态文件。
terraform import 'azuread_group.groups["group1"]' "<object_id>" # 导入 group1
terraform import 'azuread_group.groups["group2"]' "<object_id>" # 导入 group2
terraform import 'azuread_group.groups["group3"]' "<object_id>" # 导入 group3
为了更安全,您可以使用 terraform console 验证{ for group in local.departments : group.display_name => group }的构造值,并相应调整命令/代码。
希望对您有所帮助。
英文:
because you are using a for_each meta-argument to loop.
I am expecting { for group in local.departments : group.display_name => group } would result in the below construct.
{
"group1" = {
"display_name" = "group1"
}
"group2" = {
"display_name" = "group2"
}
"group3" = {
"display_name" = "group3"
}
}
You also need to add either security_enabled or mail_enabled in your terraform code as per your requirements.
reference error message : "security_enabled": one ofmail_enabled,security_enabled must be specified
resource "azuread_group" "groups" {
for_each = { for group in local.departments : group.display_name => group }
display_name = each.value.display_name
prevent_duplicate_names = true
security_enabled = true
#### OR #####
# mail_enabled = true
}
Finally, you have to use the below three commands to import the 3 groups in your state file.
terraform import 'azuread_group.groups["group1"]' "<object_id>" # to import group1
terraform import 'azuread_group.groups["group2"]' "<object_id>" # to import group2
terraform import 'azuread_group.groups["group3"]' "<object_id>" # to import group3
Just for the safer side, you can use terraform console and verify the value of construct out of { for group in local.departments : group.display_name => group } and adapt the commands/code accordingly.
Hope it helped.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论