Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix azuread_privileged_access_group_eligibility_schedule resource update functionality #1614

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix azuread_privileged_access_group_eligibility_schedule resource update functionality #1614

wants to merge 1 commit into from
+1 −1

Conversation

h0597
Copy link

@h0597 h0597 commented Jan 9, 2025

My goal with this pull request is to improve the azuread_privileged_access_group_eligibility_schedule resource.

Updating the 'Update' functionality to use the adminUpdate instead of adminAssign As per Microsoft graph documentation

adminUpdate: For administrators to change existing eligible assignments. instead of adminAssign: For administrators to assign group membership or ownership eligibility to principals.

I found this issue in relation to this problem: #1412

As this is my first fork pull request, I hope this way is correct to do it. If not, please let me know so I can improve the pull request.

@h0597
Update privileged_access_group_eligiblity_schedule_resource.go
853b612 
Updating the Update functionality to use the adminUpdate: For administrators to change existing eligible assignments. instead of 
adminAssign: For administrators to assign group membership or ownership eligibility to principals. As per microsoft graph documentation
@h0597 h0597 marked this pull request as ready for review January 9, 2025 17:16
@h0597 h0597 requested a review from a team as a code owner January 9, 2025 17:16
@farflungfish farflungfish mentioned this pull request Jan 17, 2025
Open
@SPALLADI
Copy link

Any luck with merging the PR?

@relent0r
Copy link

I'm interested in this one too as I've hit the issue where you get 400 errors and are unable to apply after any changes are required. I need to manually delete all the assignments and reapply to make it work which given how slow the azure interface is for this is really painful.

@farflungfish
Copy link

This is definitely the solution we are looking for; total pain in the rear without it at the moment having to recreate role assignments.

@xzuttz
Copy link

xzuttz commented Jan 27, 2025

An issue for us as well. Looking forward to a solution soon.

@srjennings
Copy link

PR is ready for review, folks are looking for review/merge status
CC @katbyte @jackofallops

@kevinfalconer-seccl
Copy link

Issue that we are facing at the moment as well, hopefully will be looked at soon!

@xgryph
Copy link

xgryph commented Feb 21, 2025

bump!

@andymaxseccl
Copy link

This seems like a simple fix, can anyone check out this PR please? @hashicorp-cloud

@aaron-warner-nzta aaron-warner-nzta mentioned this pull request Feb 25, 2025
Closed
@aaron-warner-nzta
Copy link

I've been doing testing on this fix today. It looks like it causes a problem where the state is not being updated after the change is applied.

I think its because when the update takes place a new assignment is created on the MS side but the state is not updated with this new assignment information and still has the original ID reference. So every time it reads from the API it uses the previous assignments ID which contains the original configuration so Terraform see's no changes being required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature/identity-governance size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@h0597 @SPALLADI @relent0r @farflungfish @xzuttz @srjennings @kevinfalconer-seccl @xgryph @andymaxseccl @aaron-warner-nzta