Skip to content

Instantly share code, notes, and snippets.

@archmangler

archmangler/gist:002776037cc4e56b215468c476953b21

Created September 9, 2022 13:59
Show Gist options
  • Save archmangler/002776037cc4e56b215468c476953b21 to your computer and use it in GitHub Desktop.
Save archmangler/002776037cc4e56b215468c476953b21 to your computer and use it in GitHub Desktop.
Download ZIP
AD Group Management Example: The "for_each" value depends on resource attributes that cannot be determined until apply
Raw
gistfile1.md

Step #1: add a new user

(base) welcome@Traianos-MacBook-Pro azure-ad-management % cat users.csv 
first_name,last_name,department,job_title
Joe,Blogs,Contracting,Engineer
Tom,Jones,Contracting,Manager
Wukong,Sun,Contracting,Manager
Wu,Tzu,Contracting,Manager
Musashi,Miyamoto,Contracting,Manager
Temujin,Khan,Contracting,Manager
-> Batu,Khan,Contracting,Manager

Step 2: terraform plan

(base) welcome@Traianos-MacBook-Pro azure-ad-management % terraform plan -out terraform.plan
random_pet.suffix: Refreshing state... [id=literate-mongrel]
azuread_group.contracting: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd]
azuread_group.managers: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca]
azuread_group.engineers: Refreshing state... [id=f5fe4c9f-418e-4395-a661-58de92f98b2f]
azuread_user.users["Temujin"]: Refreshing state... [id=27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_user.users["Musashi"]: Refreshing state... [id=c340ff12-cd33-465c-b421-fa879e186020]
azuread_user.users["Tom"]: Refreshing state... [id=553d488b-da17-459f-9c65-f7dafe63d2be]
azuread_user.users["Wukong"]: Refreshing state... [id=3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_user.users["Wu"]: Refreshing state... [id=79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_user.users["Joe"]: Refreshing state... [id=e60e893c-3ea9-481e-9174-de2743fd5729]
azuread_group_member.engineers["jblogs-literate-mongrel"]: Refreshing state... [id=f5fe4c9f-418e-4395-a661-58de92f98b2f/member/e60e893c-3ea9-481e-9174-de2743fd5729]
╷
│ Error: Invalid for_each argument
│ 
│   on memberships.tf line 4, in resource "azuread_group_member" "contracting":
│    4:   for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.department == "Contracting" }
│     ├────────────────
│     │ azuread_user.users is object with 7 attributes
│ 
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
╵
╷
│ Error: Invalid for_each argument
│ 
│   on memberships.tf line 10, in resource "azuread_group_member" "managers":
│   10:   for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.job_title == "Manager" }
│     ├────────────────
│     │ azuread_user.users is object with 7 attributes
│ 
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
╵
(base) welcome@Traianos-MacBook-Pro azure-ad-management %

Step 3: Workaround, comment out all the azure_memberships_ resource definitions:


#member group memberships here

resource "azuread_group_member" "contracting" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.department == "Contracting" }
  group_object_id  = azuread_group.contracting.id
  member_object_id = each.value.id
}

resource "azuread_group_member" "managers" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.job_title == "Manager" }
  group_object_id  = azuread_group.managers.id
  member_object_id = each.value.id
}

resource "azuread_group_member" "engineers" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.job_title == "Engineer" }
  group_object_id  = azuread_group.engineers.id
  member_object_id = each.value.id
}

Step 4: Plan Again ...

random_pet.suffix: Refreshing state... [id=literate-mongrel]
azuread_group_member.engineers["jblogs-literate-mongrel"]: Refreshing state... [id=f5fe4c9f-418e-4395-a661-58de92f98b2f/member/e60e893c-3ea9-481e-9174-de2743fd5729]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_group_member.contracting["wsun-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_group_member.managers["wtzu-literate-mongrel"]: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_group_member.managers["tkhan-literate-mongrel"]: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_group_member.contracting["jblogs-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/e60e893c-3ea9-481e-9174-de2743fd5729]
azuread_group_member.contracting["tjones-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be]
azuread_group_member.managers["tjones-literate-mongrel"]: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be]
azuread_group_member.managers["wsun-literate-mongrel"]: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_group_member.contracting["wtzu-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020]
azuread_group.contracting: Refreshing state... [id=528b16f6-0cee-479e-9376-3b465f56cacd]
azuread_group.engineers: Refreshing state... [id=f5fe4c9f-418e-4395-a661-58de92f98b2f]
azuread_group.managers: Refreshing state... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca]
azuread_user.users["Temujin"]: Refreshing state... [id=27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_user.users["Wukong"]: Refreshing state... [id=3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_user.users["Tom"]: Refreshing state... [id=553d488b-da17-459f-9c65-f7dafe63d2be]
azuread_user.users["Wu"]: Refreshing state... [id=79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_user.users["Musashi"]: Refreshing state... [id=c340ff12-cd33-465c-b421-fa879e186020]
azuread_user.users["Joe"]: Refreshing state... [id=e60e893c-3ea9-481e-9174-de2743fd5729]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # azuread_group.managers has been changed
  ~ resource "azuread_group" "managers" {
        id                         = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      ~ members                    = [
          + "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f",
          + "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad",
          + "553d488b-da17-459f-9c65-f7dafe63d2be",
          + "79776ce3-d710-4d34-b912-9f93acc70a50",
          + "c340ff12-cd33-465c-b421-fa879e186020",
        ]
        # (17 unchanged attributes hidden)
    }
  # azuread_group.contracting has been changed
  ~ resource "azuread_group" "contracting" {
        id                         = "528b16f6-0cee-479e-9376-3b465f56cacd"
      ~ members                    = [
          + "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f",
          + "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad",
          + "553d488b-da17-459f-9c65-f7dafe63d2be",
          + "79776ce3-d710-4d34-b912-9f93acc70a50",
          + "c340ff12-cd33-465c-b421-fa879e186020",
          + "e60e893c-3ea9-481e-9174-de2743fd5729",
        ]
        # (17 unchanged attributes hidden)
    }
  # azuread_group.engineers has been changed
  ~ resource "azuread_group" "engineers" {
        id                         = "f5fe4c9f-418e-4395-a661-58de92f98b2f"
      ~ members                    = [
          + "e60e893c-3ea9-481e-9174-de2743fd5729",
        ]
        # (17 unchanged attributes hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  - destroy

Terraform will perform the following actions:

  # azuread_group_member.contracting["jblogs-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/e60e893c-3ea9-481e-9174-de2743fd5729" -> null
      - member_object_id = "e60e893c-3ea9-481e-9174-de2743fd5729" -> null
    }

  # azuread_group_member.contracting["mmiyamoto-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020" -> null
      - member_object_id = "c340ff12-cd33-465c-b421-fa879e186020" -> null
    }

  # azuread_group_member.contracting["tjones-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be" -> null
      - member_object_id = "553d488b-da17-459f-9c65-f7dafe63d2be" -> null
    }

  # azuread_group_member.contracting["tkhan-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
      - member_object_id = "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
    }

  # azuread_group_member.contracting["wsun-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
      - member_object_id = "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
    }

  # azuread_group_member.contracting["wtzu-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "contracting" {
      - group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd" -> null
      - id               = "528b16f6-0cee-479e-9376-3b465f56cacd/member/79776ce3-d710-4d34-b912-9f93acc70a50" -> null
      - member_object_id = "79776ce3-d710-4d34-b912-9f93acc70a50" -> null
    }

  # azuread_group_member.engineers["jblogs-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "engineers" {
      - group_object_id  = "f5fe4c9f-418e-4395-a661-58de92f98b2f" -> null
      - id               = "f5fe4c9f-418e-4395-a661-58de92f98b2f/member/e60e893c-3ea9-481e-9174-de2743fd5729" -> null
      - member_object_id = "e60e893c-3ea9-481e-9174-de2743fd5729" -> null
    }

  # azuread_group_member.managers["mmiyamoto-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020" -> null
      - member_object_id = "c340ff12-cd33-465c-b421-fa879e186020" -> null
    }

  # azuread_group_member.managers["tjones-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be" -> null
      - member_object_id = "553d488b-da17-459f-9c65-f7dafe63d2be" -> null
    }

  # azuread_group_member.managers["tkhan-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
      - member_object_id = "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
    }

  # azuread_group_member.managers["wsun-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
      - member_object_id = "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
    }

  # azuread_group_member.managers["wtzu-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/79776ce3-d710-4d34-b912-9f93acc70a50" -> null
      - member_object_id = "e60e893c-3ea9-481e-9174-de2743fd5729" -> null
    }

  # azuread_group_member.managers["mmiyamoto-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020" -> null
      - member_object_id = "c340ff12-cd33-465c-b421-fa879e186020" -> null
    }

  # azuread_group_member.managers["tjones-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be" -> null
      - member_object_id = "553d488b-da17-459f-9c65-f7dafe63d2be" -> null
    }

  # azuread_group_member.managers["tkhan-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
      - member_object_id = "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f" -> null
    }

  # azuread_group_member.managers["wsun-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
      - member_object_id = "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad" -> null
    }

  # azuread_group_member.managers["wtzu-literate-mongrel"] will be destroyed
  - resource "azuread_group_member" "managers" {
      - group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca" -> null
      - id               = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/79776ce3-d710-4d34-b912-9f93acc70a50" -> null
      - member_object_id = "79776ce3-d710-4d34-b912-9f93acc70a50" -> null
    }

  # azuread_user.users["Batu"] will be created
  + resource "azuread_user" "users" {
      + about_me                       = (known after apply)
      + account_enabled                = true
      + business_phones                = (known after apply)
      + creation_type                  = (known after apply)
      + department                     = "Contracting"
      + disable_password_expiration    = false
      + disable_strong_password        = false
      + display_name                   = "Batu Khan"
      + external_user_state            = (known after apply)
      + force_password_change          = true
      + id                             = (known after apply)
      + im_addresses                   = (known after apply)
      + job_title                      = "Manager"
      + mail                           = (known after apply)
      + mail_nickname                  = (known after apply)
      + object_id                      = (known after apply)
      + onpremises_distinguished_name  = (known after apply)
      + onpremises_domain_name         = (known after apply)
      + onpremises_immutable_id        = (known after apply)
      + onpremises_sam_account_name    = (known after apply)
      + onpremises_security_identifier = (known after apply)
      + onpremises_sync_enabled        = (known after apply)
      + onpremises_user_principal_name = (known after apply)
      + password                       = (sensitive value)
      + proxy_addresses                = (known after apply)
      + show_in_address_list           = true
      + user_principal_name            = "[email protected]"
      + user_type                      = (known after apply)
    }

Plan: 1 to add, 0 to change, 12 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: terraform.plan

To perform exactly these actions, run the following command to apply:
    terraform apply "terraform.plan"

Step 5: Apply the new plan:


.
.
.
azuread_group_member.managers["tkhan-literate-mongrel"]: Destruction complete after 41s
azuread_group_member.contracting["wtzu-literate-mongrel"]: Destruction complete after 41s
azuread_group_member.contracting["wsun-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad, 50s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 50s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 50s elapsed]
azuread_group_member.managers["wsun-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad, 50s elapsed]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020, 50s elapsed]
azuread_group_member.managers["tjones-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be, 30s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 30s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 1m0s elapsed]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020, 1m0s elapsed]
azuread_group_member.managers["wsun-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad, 1m0s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m0s elapsed]
azuread_group_member.contracting["wsun-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad, 1m0s elapsed]
azuread_group_member.managers["tjones-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be, 40s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 40s elapsed]
azuread_group_member.managers["wsun-literate-mongrel"]: Destruction complete after 1m2s
azuread_group_member.contracting["wsun-literate-mongrel"]: Destruction complete after 1m2s
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 1m10s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m10s elapsed]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020, 1m10s elapsed]
azuread_group_member.managers["tjones-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be, 50s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 50s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 1m20s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m20s elapsed]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020, 1m20s elapsed]
azuread_group_member.managers["tjones-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m0s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 1m0s elapsed]
azuread_group_member.managers["tjones-literate-mongrel"]: Destruction complete after 1m1s
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Destruction complete after 1m22s
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m30s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 1m30s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 1m10s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f, 1m40s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m40s elapsed]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Still destroying... [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020, 1m20s elapsed]
azuread_group_member.contracting["tkhan-literate-mongrel"]: Destruction complete after 1m43s
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Destruction complete after 1m22s
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 1m50s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Still destroying... [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be, 2m0s elapsed]
azuread_group_member.contracting["tjones-literate-mongrel"]: Destruction complete after 2m3s
azuread_user.users["Batu"]: Creating...
azuread_user.users["Batu"]: Creation complete after 1s [id=fd182a97-388d-4af8-865d-57917f516eed]

Apply complete! Resources: 1 added, 0 changed, 12 destroyed.
(base) welcome@Traianos-MacBook-Pro azure-ad-management %

Step 5: Uncomment the membership resources to re-add the users to the AAD groups


(base) welcome@Traianos-MacBook-Pro azure-ad-management % cat memberships.tf    
#member group memberships here

resource "azuread_group_member" "contracting" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.department == "Contracting" }
  group_object_id  = azuread_group.contracting.id
  member_object_id = each.value.id
}

resource "azuread_group_member" "managers" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.job_title == "Manager" }
  group_object_id  = azuread_group.managers.id
  member_object_id = each.value.id
}

resource "azuread_group_member" "engineers" {
  for_each         = { for u in azuread_user.users : u.mail_nickname => u if u.job_title == "Engineer" }
  group_object_id  = azuread_group.engineers.id
  member_object_id = each.value.id
}

Step 7: Plan

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # azuread_group.contracting has been changed
  ~ resource "azuread_group" "contracting" {
        id                         = "528b16f6-0cee-479e-9376-3b465f56cacd"
      ~ members                    = [
          - "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f",
          - "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad",
          - "553d488b-da17-459f-9c65-f7dafe63d2be",
          - "79776ce3-d710-4d34-b912-9f93acc70a50",
          - "c340ff12-cd33-465c-b421-fa879e186020",
          - "e60e893c-3ea9-481e-9174-de2743fd5729",
        ]
        # (17 unchanged attributes hidden)
    }
  # azuread_group.engineers has been changed
  ~ resource "azuread_group" "engineers" {
        id                         = "f5fe4c9f-418e-4395-a661-58de92f98b2f"
      ~ members                    = [
          - "e60e893c-3ea9-481e-9174-de2743fd5729",
        ]
        # (17 unchanged attributes hidden)
    }
  # azuread_group.managers has been changed
  ~ resource "azuread_group" "managers" {
        id                         = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      ~ members                    = [
          - "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f",
          - "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad",
          - "553d488b-da17-459f-9c65-f7dafe63d2be",
          - "79776ce3-d710-4d34-b912-9f93acc70a50",
          - "c340ff12-cd33-465c-b421-fa879e186020",
        ]
        # (17 unchanged attributes hidden)
    }
  # azuread_user.users["Batu"] has been changed
  ~ resource "azuread_user" "users" {
        id                          = "fd182a97-388d-4af8-865d-57917f516eed"
      + other_mails                 = []
        # (17 unchanged attributes hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azuread_group_member.contracting["bkhan-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "fd182a97-388d-4af8-865d-57917f516eed"
    }

  # azuread_group_member.contracting["jblogs-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "e60e893c-3ea9-481e-9174-de2743fd5729"
    }

  # azuread_group_member.contracting["mmiyamoto-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "c340ff12-cd33-465c-b421-fa879e186020"
    }

  # azuread_group_member.contracting["tjones-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "553d488b-da17-459f-9c65-f7dafe63d2be"
    }

  # azuread_group_member.contracting["tkhan-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f"
    }

  # azuread_group_member.contracting["wsun-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad"
    }

  # azuread_group_member.contracting["wtzu-literate-mongrel"] will be created
  + resource "azuread_group_member" "contracting" {
      + group_object_id  = "528b16f6-0cee-479e-9376-3b465f56cacd"
      + id               = (known after apply)
      + member_object_id = "79776ce3-d710-4d34-b912-9f93acc70a50"
    }

  # azuread_group_member.engineers["jblogs-literate-mongrel"] will be created
  + resource "azuread_group_member" "engineers" {
      + group_object_id  = "f5fe4c9f-418e-4395-a661-58de92f98b2f"
      + id               = (known after apply)
      + member_object_id = "e60e893c-3ea9-481e-9174-de2743fd5729"
    }

  # azuread_group_member.managers["bkhan-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "fd182a97-388d-4af8-865d-57917f516eed"
    }

  # azuread_group_member.managers["mmiyamoto-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "c340ff12-cd33-465c-b421-fa879e186020"
    }

  # azuread_group_member.managers["tjones-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "553d488b-da17-459f-9c65-f7dafe63d2be"
    }

  # azuread_group_member.managers["tkhan-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f"
    }

  # azuread_group_member.managers["wsun-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad"
    }

  # azuread_group_member.managers["wtzu-literate-mongrel"] will be created
  + resource "azuread_group_member" "managers" {
      + group_object_id  = "6f8f1629-776b-4cb1-b04e-db3a4d0295ca"
      + id               = (known after apply)
      + member_object_id = "79776ce3-d710-4d34-b912-9f93acc70a50"
    }

Plan: 14 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: terraform.plan

To perform exactly these actions, run the following command to apply:
    terraform apply "terraform.plan"

Step 8: Apply

(base) welcome@Traianos-MacBook-Pro azure-ad-management % terraform apply terraform.plan
azuread_group_member.contracting["wsun-literate-mongrel"]: Creating...
azuread_group_member.managers["wtzu-literate-mongrel"]: Creating...
azuread_group_member.contracting["tkhan-literate-mongrel"]: Creating...
azuread_group_member.engineers["jblogs-literate-mongrel"]: Creating...
azuread_group_member.managers["tkhan-literate-mongrel"]: Creating...
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Creating...
azuread_group_member.managers["wsun-literate-mongrel"]: Creating...
azuread_group_member.contracting["jblogs-literate-mongrel"]: Creating...
azuread_group_member.managers["bkhan-literate-mongrel"]: Creating...
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Creating...
azuread_group_member.contracting["jblogs-literate-mongrel"]: Creation complete after 0s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/e60e893c-3ea9-481e-9174-de2743fd5729]
azuread_group_member.engineers["jblogs-literate-mongrel"]: Creation complete after 0s [id=f5fe4c9f-418e-4395-a661-58de92f98b2f/member/e60e893c-3ea9-481e-9174-de2743fd5729]
azuread_group_member.contracting["wtzu-literate-mongrel"]: Creating...
azuread_group_member.contracting["bkhan-literate-mongrel"]: Creating...
azuread_group_member.managers["wsun-literate-mongrel"]: Creation complete after 0s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_group_member.contracting["tjones-literate-mongrel"]: Creating...
azuread_group_member.contracting["tkhan-literate-mongrel"]: Creation complete after 1s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_group_member.managers["tjones-literate-mongrel"]: Creating...
azuread_group_member.managers["tkhan-literate-mongrel"]: Creation complete after 1s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/27ac8c1c-a350-4cc8-afb5-6d9ad2d76d4f]
azuread_group_member.contracting["wsun-literate-mongrel"]: Creation complete after 1s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/3c7aeeae-2c74-4cc6-8337-c8b0ef7749ad]
azuread_group_member.managers["mmiyamoto-literate-mongrel"]: Creation complete after 1s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/c340ff12-cd33-465c-b421-fa879e186020]
azuread_group_member.contracting["mmiyamoto-literate-mongrel"]: Creation complete after 1s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/c340ff12-cd33-465c-b421-fa879e186020]
azuread_group_member.managers["bkhan-literate-mongrel"]: Creation complete after 1s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/fd182a97-388d-4af8-865d-57917f516eed]
azuread_group_member.contracting["wtzu-literate-mongrel"]: Creation complete after 2s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_group_member.managers["wtzu-literate-mongrel"]: Creation complete after 2s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/79776ce3-d710-4d34-b912-9f93acc70a50]
azuread_group_member.contracting["bkhan-literate-mongrel"]: Creation complete after 2s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/fd182a97-388d-4af8-865d-57917f516eed]
azuread_group_member.managers["tjones-literate-mongrel"]: Creation complete after 1s [id=6f8f1629-776b-4cb1-b04e-db3a4d0295ca/member/553d488b-da17-459f-9c65-f7dafe63d2be]
azuread_group_member.contracting["tjones-literate-mongrel"]: Creation complete after 2s [id=528b16f6-0cee-479e-9376-3b465f56cacd/member/553d488b-da17-459f-9c65-f7dafe63d2be]

Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment