🖊️
Notes
  • Notes
  • aws
    • CloudWatch
    • EKS
    • IAM
    • Key Management Service (KMS)
    • security
      • Attacks against AWS infrastructure
    • vpc
      • AWS Transit Gateway
  • azure
    • Azure AD
    • Azure CDN
    • DNS in Azure
    • Hub-spoke network topology
    • Identity and access management
    • Azure Landing zones
    • Storage
  • certifications
    • aws-sa-pro
    • Certified Kubernetes Administrator
  • containers
    • Examples
    • Linux Container Primitives
  • databases
    • Relational databases
  • gcp
    • IAM
  • git
    • Git
  • golang
    • Building Go projects
    • Concurrency
    • Project structure
  • infosec
    • SSH
    • SSL
  • Kubernetes
    • Admission Controllers
    • Autoscaling
    • Debugging
    • Multi-tenancy
    • Network Policies
    • Pod Priority
    • Pod Security Policies
    • Secrets
    • StatefulSet
    • additional-services
      • Debugging ArgoCD RBAC
      • open-policy-agent
  • misc
    • FFmpeg
    • PDFs
  • programming
    • Learning resources
    • concepts
      • Serialization
  • rabbitmq
    • Clustering and HA
    • Shovel plugin
  • shells
    • Bash
  • terraform
    • Moving resources between remote states
  • tools
    • FFmpeg
    • yt-dlp
  • vim
    • Fzf (plugin)
    • Registers
    • Spell Check
  • virtualization
    • File formats
  • linux
    • arch
      • Arch Linux installation
Powered by GitBook
On this page
  • Creating Azure AD users with Terraform
  • Fetch initial credentials from Terraform state
  1. azure

Azure AD

Creating Azure AD users with Terraform

Azure AD users can be managed with Terraform. The following is almost complete example for the key parts:

data "azuread_domains" "aad_domains" {}

locals {
  aad_domain  = data.azuread_domains.aad_domains.domains[0].domain_name # assumes that only one domain exists
  users       = [
    "Foo Bar",
    "Bar Baz"
  ]
}

resource "random_password" "rnd_pw" {
  for_each = toset(local.users)

  length  = 16
  special = true
  number  = true
  keepers = {
    name = each.key
  }
}

/*
 * Sets initial password to one generated with Terraform.
 * This password is stored to state. Password change is forced
 * for new users and changes to passwords are ignored by Terraform,
 * so Terraform will not override the new password
 */
resource "azuread_user" "users" {
  for_each = toset(local.users)

  user_principal_name   = "$SOME_REPEATABLE_PATTERN@${local.aad_domain}"
  display_name          = "${each.key}"
  password              = random_password.rnd_pw[each.key].result
  force_password_change = true

  lifecycle {
    ignore_changes = [password]
  }
}

Fetch initial credentials from Terraform state

Here is a command to fetch users and their initial passwords from Terraform state with jq:

terraform show -json | jq ' .values.root_module.resources | map(select( .address |contains("azuread_user") )) | map({user_principal_name: .values.user_principal_name, password: .values.password})'

PreviousazureNextAzure CDN

Last updated 3 years ago