Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attributes not omitted when set to null #1565

Open
aredev opened this issue Nov 7, 2024 · 0 comments
Open

Attributes not omitted when set to null #1565

aredev opened this issue Nov 7, 2024 · 0 comments

Comments

@aredev
Copy link

aredev commented Nov 7, 2024

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Affected Resource(s)

  • Terraform v1.9.2
  • hashicorp/azuread 3.0.2

Terraform Configuration Files

resource "azuread_group_role_management_policy" "pim_management_policy" {
  group_id = var.privileged_group_id
  role_id  = "member"

  eligible_assignment_rules {
    expiration_required = false
  }

  activation_rules {
    maximum_duration                                   = "PT6H"
    require_approval                                   = local.requires_approval
    require_justification                              = true
    required_conditional_access_authentication_context = "c1"

    dynamic "approval_stage" {
      for_each = local.requires_approval ? [var.approver_group_id] : []

      content {
        primary_approver {
          type      = "groupMembers"
          object_id = approval_stage.value
        }
      }
    }
  }
}

Debug Output

Link to Gist

Expected Behavior

The issue is with the behavior of the attributes within the activation_rules block. Lets take the required_conditional_access_authentication_context attribute as an example. This should be the reference to an Entra ID authentication context (e.g. c1 up to c99). If I change this value from c1 to null I would expect that this attribute would be omitted.

Actual Behavior

Nothing happens when setting the attributes to null. It keeps the current value, in my testing with required_conditional_access_authentication_context this was an authentication context (c1).

Steps to Reproduce

  1. Set the required_conditional_access_authentication_context within activation_rules to c1
  2. Run terraform plan and terraform apply
  3. Set the required_conditional_access_authentication_context to null
  4. Run terraform plan and you will see that the required_conditional_access_authentication_context will remain unchanged.

Important Factoids

All the terraform resources are put in a module and we are invoking the module. During my testing I have made the changes to both the variables passed to the module which are then used as attribute values as well as directly changing the values of the attributes in the module.

References

  • #0000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aredev