Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Reviews #927

Open
g-psantos opened this issue Nov 14, 2022 · 2 comments
Open

Access Reviews #927

g-psantos opened this issue Nov 14, 2022 · 2 comments
Labels
new-resource

Comments

@g-psantos
Copy link

g-psantos commented Nov 14, 2022
edited

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Enable management of Azure AD Access Reviews through Terraform. The relevant API endpoints and resources are stable and documented here.

New or Affected Resource(s)

  • azuread_access_review (mapping to accessReviewScheduleDefinition in the API)

Potential Terraform Configuration

The API resources are constructed in a very generic way and don't align well with how Terraform resources are usually configured (IMO). So, the provider should have some translation layer to enable resources such as the ones that follow:

resource "azuread_group_access_review" "this" {
  name                 = "Annual Review of Group Membership"
  scope                = "00000000-0000-0000-0000-000000000000"
  admin_description    = "Annual review of membership in ABC"
  reviewer_description = "Please review membership in the ABC Group and determine whether any users should be removed."

  # Ideally, `reviewers` would accept either the special strings `owners` or
  # `self` (for group owners and group members themselves, respectively) or a
  # list of user principal names.
  reviewers = ""

  # Number of days that each access review instance will take
  duration = 7

  # Access reviews can be one-time or recurring. Ideally, they're set as
  # recurring if a `recurrence` block is included in the resource and as
  # one-time otherwise. See the `recurrencePattern` resource documentation for
  # available parameter combinations.
  # 
  # The example below is for a review that starts on the first Monday of June
  # each year. (Or should, anyway...)
  recurrence {
    type         = "relative_yearly"
    interval     = 1
    month        = 6
    days_of_week = ["monday"]

    range {
      # Alternatively, `type` could be set to `endDate` (and an `end_date`
      # parameter would be required) or `numbered` (and an `occurrences`
      # parameter would be required).
      type = "noEnd"
    }
  }

  auto_apply              = true # Auto-apply reviewer decisions, including default decisions (if any)
  default_decision        = "recommendation" # Set to `null` for no default decision; set to `allow` or `deny` as alternative default decisions
  enable_recommendations  = true
  enable_notifications    = true
  enable_reminders        = true
  require_justification   = true
  enable_decision_history = false
}

References
@g-psantos g-psantos mentioned this issue Jan 24, 2023
Closed
@MrMeisterLabs
Copy link

Hi,

Any updates on this?
Thank you for initiating this development!

@DenisBalan
Copy link

Any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@manicminer @g-psantos @MrMeisterLabs @DenisBalan