From 7b141383e119a38ebde9dfaa1b803f15b26c3361 Mon Sep 17 00:00:00 2001
From: SonOfLope <jonathanlopez@hotmail.ca>
Date: Tue, 13 Feb 2024 12:03:48 -0500
Subject: [PATCH] Issue #3: Adds member addition to ad created groups

---
 .../modules/azure-kubernetes-cluster/accounts.tf      | 11 +++++++++++
 .../modules/azure-kubernetes-cluster/variables.tf     |  5 +++++
 terraform/staging/main.tf                             |  1 +
 terraform/staging/variables.tf                        |  5 +++++
 4 files changed, 22 insertions(+)

diff --git a/terraform/modules/azure-kubernetes-cluster/accounts.tf b/terraform/modules/azure-kubernetes-cluster/accounts.tf
index fe1cb9c5..fc3b8af2 100644
--- a/terraform/modules/azure-kubernetes-cluster/accounts.tf
+++ b/terraform/modules/azure-kubernetes-cluster/accounts.tf
@@ -20,3 +20,14 @@ resource "azuread_group" "groups" {
   owners           = [data.azuread_client_config.current.object_id]
   security_enabled = true
 }
+
+data "azuread_user" "users" {
+  for_each            = toset(var.ad_members)
+  user_principal_name = each.value
+}
+
+resource "azuread_group_member" "add_members" {
+  for_each         = toset(var.ad_groups)
+  group_object_id  = azuread_group.groups[each.value].object_id
+  member_object_id = data.azuread_user.users[each.value].object_id
+}
diff --git a/terraform/modules/azure-kubernetes-cluster/variables.tf b/terraform/modules/azure-kubernetes-cluster/variables.tf
index 6e082d61..e58811a9 100644
--- a/terraform/modules/azure-kubernetes-cluster/variables.tf
+++ b/terraform/modules/azure-kubernetes-cluster/variables.tf
@@ -162,3 +162,8 @@ variable "ad_groups" {
   description = "ad groups to be used in aks rolebindings"
   type        = list(string)
 }
+
+variable "ad_members" {
+  description = "ad members to be added to ad_groups"
+  type        = list(string)
+}
diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
index 592caab7..70991062 100644
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -85,6 +85,7 @@ module "aks-cluster-0" {
   rbac_enabled               = var.rbac_enabled
   aks_admin_group_object_ids = var.aks_admin_group_object_ids
   ad_groups                  = var.ad_groups
+  ad_members                 = var.ad_members
 
   network_resource_group = module.cluster-network-0.resource_group_name
   network_vnet           = module.cluster-network-0.virtual_network_name
diff --git a/terraform/staging/variables.tf b/terraform/staging/variables.tf
index c6b48134..88bd222b 100644
--- a/terraform/staging/variables.tf
+++ b/terraform/staging/variables.tf
@@ -147,3 +147,8 @@ variable "ad_groups" {
   description = "ad groups to be used in aks rolebindings"
   type        = list(string)
 }
+
+variable "ad_members" {
+  description = "ad members to be added to ad groups"
+  type        = list(string)
+}