gpt4 book ai didi

azure - 通过从 CSV 文件获取用户详细信息,使用 terraform 在 azure AD 组中添加用户

转载 作者:行者123 更新时间:2023-12-02 23:23:28 25 4
gpt4 key购买 nike

我正在关注此文档 Manage Azure Active Directory (Azure AD) Users and Groups以及同一页面中提到的用于在 Azure AD 组中添加用户的相同存储库。

我不需要资源函数来创建用户,因为用户已由另一个团队创建。我们只需要创建组并将成员添加到其中即可。

我可以通过使用成员电子邮件地址创建 tfvars 文件来将用户添加到组中

terraform.tfvars

dev-team = [
"<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b6d7f6d3ced7dbc6dad398d5d9db" rel="noreferrer noopener nofollow">[email protected]</a>",
"<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9ffddffae7fef2eff3fab1fcf0f2" rel="noreferrer noopener nofollow">[email protected]</a>"
]

组.tf

data "azuread_user" "user" {
for_each = toset(var.dev-team)
user_principal_name = each.key
}

resource "azuread_group" "api-jnk-cld-ops" {
display_name = "api-jnk-cld-ops"
security_enabled = true
}

resource "azuread_group_member" "member" {
for_each = toset(var.dev-team)
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}

变量.tf

variable "dev-team" {
type = list(string)
}

我想要实现的是,用户应该在 csv 文件中列出,而不是在 tfvars 中给出。和官方文档提到的一样Manage Azure Active Directory (Azure AD) Users and Groups唯一不同的是我不想创建用户。

获取用户并检查用户所属的部门并将用户添加到正确的组中,这就是我正在尝试做的事情..

错误:如果我有在另一个组中使用的重复 UPN,则会出现新问题。

Two different items produced the key"[email protected]" in this 'for' expression. Ifduplicates are expected, use the ellipsis (...) after the value expression toenable grouping by key.

AzureGroup  Surname UserPrincipalName   UserSamAccountName  GroupName   ObjectClass DistinguishedName   GivenName   Enabled AzureUserPrincipalName  AzureUserId
api-jnk-cld-ops user1 <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b6c3c5d3c487f6d3ced7dbc6dad398d5d9db" rel="noreferrer noopener nofollow">[email protected]</a> abcd api-jnk-cld-ops user user1 TRUE <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5b2e283e296a1b2f3e282f753435363238293428343d2f75383436" rel="noreferrer noopener nofollow">[email protected]</a> fad08bd2-3fa471403656
api-jnk-ai-ops user2 <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e99c9a8c9bdba98c91888499858cc78a8684" rel="noreferrer noopener nofollow">[email protected]</a> defg api-jnk-ai-ops user user2 TRUE <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="deabadbbacec9eaabbadaaf0b1b0b3b7bdacb1adb1b8aaf0bdb1b3" rel="noreferrer noopener nofollow">[email protected]</a> 5f2d00eb-bfc6-67219cec3bb7
api-jnk-bd-ops user1 <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="64111701165524011c05091408014a070b09" rel="noreferrer noopener nofollow">[email protected]</a> abcd api-jnk-bd-ops user user1 TRUE <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c2b7b1a7b0f382b6a7b1b6ecadacafaba1b0adb1ada4b6eca1adaf" rel="noreferrer noopener nofollow">[email protected]</a> fad08bd2-3fa471403656
resource "azuread_group_member" "member" {

for_each = { for user in local.users : user.AzureUserPrincipalName => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.api-jnk-cld-ops.id
member_object_id = data.azuread_user.user[each.key].id
}

最佳答案

What I am trying to achieve is, users should be listed in csv fileinstead of giving in tfvars. The same way as official documentsmentioned Manage Azure Active Directory (Azure AD) Users and Groupsonly different is i don't want to create user.

您可以使用以下代码来满足您的要求:

provider "azuread" {}
locals {
users = csvdecode(file("C:/user.csv"))
}
data "azuread_user" "user" {
for_each = { for user in local.users : user.UPN => user }
user_principal_name = each.value.UPN
}

resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}

resource "azuread_group_member" "member" {
for_each = { for user in local.users : user.UPN => user }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}

CSV 文件:

enter image description here

输出:

enter image description here

enter image description here

更新以下错误:

enter image description here

如果您使用重复项,那么您必须通过索引将列表转换为 map ,这样您就可以使用 for 循环,如下所示:

data "azuread_user" "user" {
for_each = { for i , user in local.users : i => user }
user_principal_name = each.value.AzureUserPrincipalName
}

resource "azuread_group" "dev-team" {
display_name = "inx-dev"
security_enabled = true
}

resource "azuread_group_member" "member" {
for_each = { for i,user in local.users : i => user if user.AzureGroup == "api-jnk-cld-ops" }
group_object_id = azuread_group.dev-team.id
member_object_id = data.azuread_user.user[each.key].id
}

输出:

enter image description here

enter image description here

enter image description here

关于azure - 通过从 CSV 文件获取用户详细信息,使用 terraform 在 azure AD 组中添加用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69983907/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com