You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the modules for AD group manipulation only return membership using the transitive_members property, which collapses nested groups. Additionally, due to a known issue in the graph API, service principals are not returned in queries for any kind of group member. The only way to view service principals is by querying the group object and expanding the members property explicitly.
We should add a flag that forces group_membership return properties to be sourced from the expanded members property, which will properly expose nested groups and service principals. This flag will default to false to preserve compatibility with the existing roles.
ISSUE TYPE
Feature Idea
COMPONENT NAME
azure_rm_adgroup_info
azure_rm_adgroup
ADDITIONAL INFORMATION
See example invocation below
azure.azcollection.azure_rm_adgroup_info:
object_id: "xx-yy-zz"return_group_members: trueraw_membership: true # <-- new flag that specifies the returned members should include service principals and not be transitive
The text was updated successfully, but these errors were encountered:
SUMMARY
Currently, the modules for AD group manipulation only return membership using the
transitive_members
property, which collapses nested groups. Additionally, due to a known issue in the graph API, service principals are not returned in queries for any kind of group member. The only way to view service principals is by querying the group object and expanding themembers
property explicitly.We should add a flag that forces group_membership return properties to be sourced from the expanded
members
property, which will properly expose nested groups and service principals. This flag will default to false to preserve compatibility with the existing roles.ISSUE TYPE
COMPONENT NAME
azure_rm_adgroup_info
azure_rm_adgroup
ADDITIONAL INFORMATION
See example invocation below
The text was updated successfully, but these errors were encountered: