Search code examples
azure-active-directoryterraformterraform-provider-azure

Importing Azure Active Directory groups on Terraform

Using the azuread provider from Terraform, I am trying to create groups reading a CSV file like this:

display_name
Group1
Group2
Group3

Reading it in a local variable:

locals {
  departments      = csvdecode(file("${path.module}/aad_departments.csv"))
}

# Create groups
resource "azuread_group" "groups" {
  for_each = { for group in local.departments : group.display_name => group }
  display_name = each.value.display_name
  prevent_duplicate_names = true
}

But I would like to import an existing group, "Group2", that already exists. I have used this command:

terraform import azuread_group.groups xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

But when I plan and apply this terraform script it throws an error saying that the group already exist:

"To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information."

How can I import it?

Thank you very much,

Solution

  • because you are using a for_each meta-argument to loop.

    I am expecting { for group in local.departments : group.display_name => group } would result in the below construct.

    {
  "group1" = {
    "display_name" = "group1"
  }
  "group2" = {
    "display_name" = "group2"
  }
  "group3" = {
    "display_name" = "group3"
  }
}

    You also need to add either security_enabled or mail_enabled in your terraform code as per your requirements.

    reference error message : "security_enabled": one ofmail_enabled,security_enabled must be specified

    resource "azuread_group" "groups" {
  for_each = { for group in local.departments : group.display_name => group }

  display_name            = each.value.display_name
  prevent_duplicate_names = true
  security_enabled        = true
   #### OR #####
  # mail_enabled            = true
}

    Finally, you have to use the below three commands to import the 3 groups in your state file.

    terraform import 'azuread_group.groups["group1"]' "<object_id>" # to import group1
terraform import 'azuread_group.groups["group2"]' "<object_id>" # to import group2
terraform import 'azuread_group.groups["group3"]' "<object_id>" # to import group3

    Just for the safer side, you can use terraform console and verify the value of construct out of { for group in local.departments : group.display_name => group } and adapt the commands/code accordingly.

    Hope it helped.