forked from aztfmod/terraform-azurerm-caf
-
Notifications
You must be signed in to change notification settings - Fork 2
/
azuread_groups.tf
49 lines (40 loc) · 1.95 KB
/
azuread_groups.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#
# Azure Active Directory Groups
#
module "azuread_groups" {
source = "./modules/azuread/groups"
for_each = local.azuread.azuread_groups
global_settings = local.global_settings
azuread_groups = each.value
tenant_id = local.client_config.tenant_id
client_config = local.client_config
remote_objects = {
azuread_administrative_units = local.combined_objects_azuread_administrative_units
}
}
output "azuread_groups" {
value = module.azuread_groups
}
module "azuread_groups_members" {
source = "./modules/azuread/groups_members"
for_each = local.azuread.azuread_groups
client_config = local.client_config
settings = each.value
azuread_groups = module.azuread_groups
group_id = module.azuread_groups[each.key].object_id
azuread_apps = module.azuread_applications
azuread_service_principals = local.combined_objects_azuread_service_principals[try(each.value.lz_key, local.client_config.landingzone_key)]
}
# Module to decouple AD Group membership to remote AD Groups
module "azuread_groups_membership" {
source = "./modules/azuread/groups_members"
for_each = local.azuread.azuread_groups_membership
client_config = local.client_config
group_key = try(each.value.key, each.key) # Make it possible to have orphen name of top level keys, useful when you have group keys with same name in different LZs
settings = each.value
group_id = try(try(try(module.azuread_groups[each.key].id, local.combined_objects_azuread_groups[try(each.value.group_lz_key, null)][each.key].id), each.value.group_id, null))
azuread_groups = local.combined_objects_azuread_groups
azuread_service_principals = local.combined_objects_azuread_service_principals
managed_identities = local.combined_objects_managed_identities
mssql_servers = local.combined_objects_mssql_servers
}