{"id":21975262,"url":"https://github.com/yaegashi/terraform-provider-msgraph","last_synced_at":"2025-09-12T21:28:15.177Z","repository":{"id":57537582,"uuid":"239180818","full_name":"yaegashi/terraform-provider-msgraph","owner":"yaegashi","description":"Terraform Provider for Microsoft Graph","archived":false,"fork":false,"pushed_at":"2020-07-29T13:28:37.000Z","size":246,"stargazers_count":14,"open_issues_count":0,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-28T15:51:48.805Z","etag":null,"topics":["msgraph","terraform","terraform-provider"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yaegashi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-08T18:16:55.000Z","updated_at":"2024-01-10T17:56:49.000Z","dependencies_parsed_at":"2022-09-04T14:01:16.374Z","dependency_job_id":null,"html_url":"https://github.com/yaegashi/terraform-provider-msgraph","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/yaegashi/terraform-provider-msgraph","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaegashi%2Fterraform-provider-msgraph","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaegashi%2Fterraform-provider-msgraph/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaegashi%2Fterraform-provider-msgraph/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaegashi%2Fterraform-provider-msgraph/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yaegashi","download_url":"https://codeload.github.com/yaegashi/terraform-provider-msgraph/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaegashi%2Fterraform-provider-msgraph/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274879595,"owners_count":25367095,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["msgraph","terraform","terraform-provider"],"created_at":"2024-11-29T15:50:36.640Z","updated_at":"2025-09-12T21:28:15.151Z","avatar_url":"https://github.com/yaegashi.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Provider for Microsoft Graph\n\n![Test](https://github.com/yaegashi/terraform-provider-msgraph/workflows/Test/badge.svg)\n![Release](https://github.com/yaegashi/terraform-provider-msgraph/workflows/Release/badge.svg)\n\n## Introduction\n\nThe POC implementation of [Terraform](https://terraform.io) provider\nfor [Microsoft Graph](https://developer.microsoft.com/en-us/graph)\nusing [msgraph.go](https://github.com/yaegashi/msgraph.go).\n\nOne of the main purposes of this provider is to become an alternative\nto [the official Azure Active Directory provider](https://www.terraform.io/docs/providers/azuread/).\n\nYou need Terraform v0.12 and an Azure AD tenant with the admin privilege.\n\n## Supported resources\n\n- Data sources\n  - data_group\n  - data_user\n- Resources\n  - msgraph_application\n  - msgraph_application_password\n  - msgraph_group\n  - msgraph_group_member\n  - msgraph_user\n\n## Provider configuration\n\nThe provider has the configuration with the following default values.\nYou can modify the default values with the corresponding environment variables.\n\n```hcl\nprovider \"msgraph\" {\n  tenant_id           = \"common\"                               // env:ARM_TENANT_ID\n  client_id           = \"82492584-8587-4e7d-ad48-19546ce8238f\" // env:ARM_CLIENT_ID\n  client_secret       = \"\"                                     // env:ARM_CLIENT_SECRET\n  token_cache_path    = \"token_cache.json\"                     // env:ARM_TOKEN_CACHE_PATH\n  console_device_path = \"/dev/tty\"                             // env:ARM_CONSOLE_DEVICE_PATH\n}\n```\n\nThe default configuration above is\nto use the public client defined in `l0w.dev` tenant with the permission `Directory.AccessAsUser.All`.\nYou can use it to make terraform to access your tenant's directory with the delegated privilege.\n\nWhen `client_secret` is empty,\nthe provider attempts [the device code authorization](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code).\nYou can see the following message on the first invocation of `terraform plan`:\n\n```console\n$ terraform plan\nRefreshing Terraform state in-memory prior to plan...\nThe refreshed state will be used to calculate this plan, but will not be\npersisted to local or remote state storage.\n\nTo sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code GNATKX4J8 to authenticate.\n```\n\nOpen https://microsoft.com/devicelogin with your web browser and enter the code to proceed the authorization steps.\nAfter completing authorization it stores auth tokens in a file specified by `token_cache_path`.\nOn subsequent terraform invocations it can skip the authorization steps above with this file.\n\nYou can also specify an Azure Blob URL with SAS for `token_cache_path`.\nIt's recommended to pass it via `ARM_TOKEN_CACHE_PATH` envvar\nsince the SAS is considered sensitive information that should be hidden.\n\nThe provider opens `console_device_path` to prompt the instruction of the device code authorization.\nIt might have no acccess to `/dev/tty` in the restricted environment like GitLab CI runner.\nYou can workaround it by fd number device and redirection with the shell as follows:\n\n```console\n$ 99\u003e\u00262 ARM_CONSOLE_DEVICE_PATH=/dev/fd/99 terraform plan\n```\n\n## How to test\n\nTerraform v0.12 and Go v1.14 are required.\nIt's strongly recommended to acquire a developer sandbox tenant\nby joining [the Office 365 developer program](https://developer.microsoft.com/en-us/office/dev-program).\n\nClone the repository, then move to one of [the test directories](tests) and build `terraform-provider-msgraph` executable there:\n\n```console\n$ git clone https://github.com/yaegashi/terraform-provider-msgraph\n$ cd terraform-provider-msgraph/tests/users\n$ go build ../..\n```\n\nEdit `provider` and `variable` in `main.tf` for your environment:\n\n```hcl\nprovider \"msgraph\" {\n  tenant_id        = \"common\"\n  client_id        = \"82492584-8587-4e7d-ad48-19546ce8238f\"\n  client_secret    = \"\" // empty for device code authorization\n  token_cache_path = \"token_cache.json\"\n}\n\nvariable \"tenant_domain\" {\n  type    = string\n  default = \"l0wdev.onmicrosoft.com\"\n}\n```\n\nRun terraform with an environment variable `TF_LOG=DEBUG` to enable debug log output:\n\n```console\n$ terraform init\n$ TF_LOG=DEBUG terraform plan\n$ TF_LOG=DEBUG terraform apply\n```\n\n## Todo\n\n- [ ] Support various graph resources (`resource`/`data`)\n  - [ ] [User](https://docs.microsoft.com/en-us/graph/api/resources/user)\n  - [ ] [Group](https://docs.microsoft.com/en-us/graph/api/resources/group)\n  - [ ] [Application](https://docs.microsoft.com/en-us/graph/api/resources/application)\n  - [ ] [Team](https://docs.microsoft.com/en-us/graph/api/resources/teams-api-overview)\n  - [ ] [Site](https://docs.microsoft.com/en-us/graph/api/resources/sharepoint) (no ability to create new sites)\n- [ ] Support importing\n- [ ] Code auto-generation based on the API metadata\n- [x] Persist OAuth2 tokens in backend storage (Azure Blob Storage)\n- [x] Better device auth grant experience (no `TF_LOG=DEBUG`)\n- [ ] Unit testing\n- [x] CI/CD (GoReleaser)\n- [ ] Manuals\n- [ ] Publish to the Terraform registry (#1)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyaegashi%2Fterraform-provider-msgraph","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyaegashi%2Fterraform-provider-msgraph","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyaegashi%2Fterraform-provider-msgraph/lists"}