New data source 'azuread_domains'

[tiwood]

This PR adds a new data source for Domains registered in Azure AD.

• New data source 'azuread_domains'
• Add markdown documentation
• Add tests

Example Usage

// This gets all **verified** domains currently registered in Azure AD
data "azuread_domains" "my_domains" {}

// This gets all domains currently registered in Azure AD
data "azuread_domains" "my_domains" {
 include_unverified = true
}

// This gets only the default domain registered in Azure AD
data "azuread_domains" "default_domain" {
 only_default = true
}

// This will return only the tenant root domain (foo.onmicrosoft.com)
data "azuread_domains" "my_root_domain" {
 only_initial = true
}

Example Output

domains = [
    {
        authentication_type = "Managed",
        domain_name = hashicorp.onmicrosoft.com,
        is_default = 1,
        is_initial = 1,
        is_verified = 1
    }
]

Use cases

• This will be helpful to create objects where the user principal name is required (say foo@hashicorp.onmicrosoft.com) and the domain suffix is not known during runtime (testing for example)

[tombuildsstuff]

hey @tiwood

Thanks for this PR :)

I've spent a little bit of time playing with this and on the whole this looks pretty good - however I'm wondering if we want to expose a couple of extra filters here? I've put together this gist showing what I mean - what do you think?

Thanks

[tiwood]

hey @tiwood

Thanks for this PR :)

I've spent a little bit of time playing with this and on the whole this looks pretty good - however I'm wondering if we want to expose a couple of extra filters here? I've put together this gist showing what I mean - what do you think?

Thanks

Hey @tombuildsstuff,

I'm still thinking about what the default output and the parameters should be, as I'm not 100% sold on only filters, as each domain can have multiple of the "only properties" at once.

What do you think about the following:

• azuread_domains without params will only return verified domains
• There will be an option to include_unverified (Conflicts with only_tenant_domain)
• There will be an option to only_tenant_domain (Conflicts with include_unverified)
• The following properties will be included in the output for each domain:
  is_verified is_default authentication_type

I think this is easier to understand, WDYT?

[tombuildsstuff]

@tiwood include sounds good 👍 I was otherwise going to suggest filter (but it's the same thought)

The only question I've got is around the tenant_domain field, I feel like it'd be better to consistently make this is_initial - WDYT?

[tiwood]

@tombuildsstuff, I've changed the resource like I proposed and updated the original description accordingly.

For consistency I've renamed the attribute only_tenant_domain to only_initial.

Again a short summary:

• without attributes the data source will return all VERIFIED domains registered in AAD.
• if only_initial is set to true only the initial tenant domain is returned (the foo.onmicrosoft.com domain)
• if you set include_unverified to true unverified domains will be included in the output.

[katbyte]

Thanks @tiwood,

I think you may want to mark the only_initial as conflicting with include_unverified.

Also only_default may be another useful filter to add?

[tiwood]

@katbyte, they actually may be use cases where you want to create objects in the default domain, therefore I've added the option to set only_default.

Additionally I've added the ConflictsWith validation:

• include_unverified conflicts with only_default and only_initial as default and initial domains have to be verified by design.
• only_defaultand only_initialare conflicting with each other.

[katbyte]

Thanks for the updates @tiwood LGTM now 👍

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!