azuread.getGroups
Gets Object IDs or Display Names for multiple Azure Active Directory groups.
API Permissions
The following API permissions are required in order to use this data source.
When authenticated with a service principal, this data source requires one of the following application roles: Group.Read.All or Directory.Read.All
When authenticated with a user principal, this data source does not require any additional roles.
Example Usage
Look up by group name
using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = AzureAD.GetGroups.Invoke(new()
{
DisplayNames = new[]
{
"group-a",
"group-b",
},
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
DisplayNames: []string{
"group-a",
"group-b",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AzureadFunctions.getGroups(GetGroupsArgs.builder()
.displayNames(
"group-a",
"group-b")
.build());
}
}
import pulumi
import pulumi_azuread as azuread
example = azuread.get_groups(display_names=[
"group-a",
"group-b",
])
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = azuread.getGroups({
displayNames: [
"group-a",
"group-b",
],
});
variables:
example:
fn::invoke:
Function: azuread:getGroups
Arguments:
displayNames:
- group-a
- group-b
Look up by display name prefix
using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var sales = AzureAD.GetGroups.Invoke(new()
{
DisplayNamePrefix = "sales-",
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
DisplayNamePrefix: pulumi.StringRef("sales-"),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var sales = AzureadFunctions.getGroups(GetGroupsArgs.builder()
.displayNamePrefix("sales-")
.build());
}
}
import pulumi
import pulumi_azuread as azuread
sales = azuread.get_groups(display_name_prefix="sales-")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const sales = azuread.getGroups({
displayNamePrefix: "sales-",
});
variables:
sales:
fn::invoke:
Function: azuread:getGroups
Arguments:
displayNamePrefix: sales-
Look up all groups
using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var all = AzureAD.GetGroups.Invoke(new()
{
ReturnAll = true,
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
ReturnAll: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var all = AzureadFunctions.getGroups(GetGroupsArgs.builder()
.returnAll(true)
.build());
}
}
import pulumi
import pulumi_azuread as azuread
all = azuread.get_groups(return_all=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const all = azuread.getGroups({
returnAll: true,
});
variables:
all:
fn::invoke:
Function: azuread:getGroups
Arguments:
returnAll: true
Look up all mail-enabled groups
using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var mailEnabled = AzureAD.GetGroups.Invoke(new()
{
MailEnabled = true,
ReturnAll = true,
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
MailEnabled: pulumi.BoolRef(true),
ReturnAll: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var mailEnabled = AzureadFunctions.getGroups(GetGroupsArgs.builder()
.mailEnabled(true)
.returnAll(true)
.build());
}
}
import pulumi
import pulumi_azuread as azuread
mail_enabled = azuread.get_groups(mail_enabled=True,
return_all=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const mailEnabled = azuread.getGroups({
mailEnabled: true,
returnAll: true,
});
variables:
mailEnabled:
fn::invoke:
Function: azuread:getGroups
Arguments:
mailEnabled: true
returnAll: true
Look up all security-enabled groups that are not mail-enabled
using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var securityOnly = AzureAD.GetGroups.Invoke(new()
{
MailEnabled = false,
ReturnAll = true,
SecurityEnabled = true,
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
MailEnabled: pulumi.BoolRef(false),
ReturnAll: pulumi.BoolRef(true),
SecurityEnabled: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var securityOnly = AzureadFunctions.getGroups(GetGroupsArgs.builder()
.mailEnabled(false)
.returnAll(true)
.securityEnabled(true)
.build());
}
}
import pulumi
import pulumi_azuread as azuread
security_only = azuread.get_groups(mail_enabled=False,
return_all=True,
security_enabled=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const securityOnly = azuread.getGroups({
mailEnabled: false,
returnAll: true,
securityEnabled: true,
});
variables:
securityOnly:
fn::invoke:
Function: azuread:getGroups
Arguments:
mailEnabled: false
returnAll: true
securityEnabled: true
Using getGroups
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getGroups(args: GetGroupsArgs, opts?: InvokeOptions): Promise<GetGroupsResult>
function getGroupsOutput(args: GetGroupsOutputArgs, opts?: InvokeOptions): Output<GetGroupsResult>def get_groups(display_name_prefix: Optional[str] = None,
display_names: Optional[Sequence[str]] = None,
ignore_missing: Optional[bool] = None,
mail_enabled: Optional[bool] = None,
object_ids: Optional[Sequence[str]] = None,
return_all: Optional[bool] = None,
security_enabled: Optional[bool] = None,
opts: Optional[InvokeOptions] = None) -> GetGroupsResult
def get_groups_output(display_name_prefix: Optional[pulumi.Input[str]] = None,
display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
ignore_missing: Optional[pulumi.Input[bool]] = None,
mail_enabled: Optional[pulumi.Input[bool]] = None,
object_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
return_all: Optional[pulumi.Input[bool]] = None,
security_enabled: Optional[pulumi.Input[bool]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetGroupsResult]func GetGroups(ctx *Context, args *GetGroupsArgs, opts ...InvokeOption) (*GetGroupsResult, error)
func GetGroupsOutput(ctx *Context, args *GetGroupsOutputArgs, opts ...InvokeOption) GetGroupsResultOutput> Note: This function is named GetGroups in the Go SDK.
public static class GetGroups
{
public static Task<GetGroupsResult> InvokeAsync(GetGroupsArgs args, InvokeOptions? opts = null)
public static Output<GetGroupsResult> Invoke(GetGroupsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetGroupsResult> getGroups(GetGroupsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azuread:index/getGroups:getGroups
arguments:
# arguments dictionaryThe following arguments are supported:
- Display
Name stringPrefix A common display name prefix to match when returning groups.
- Display
Names List<string> The display names of the groups.
- Ignore
Missing bool Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- Mail
Enabled bool Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- Object
Ids List<string> The object IDs of the groups.
- Return
All bool A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- Security
Enabled bool Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
- Display
Name stringPrefix A common display name prefix to match when returning groups.
- Display
Names []string The display names of the groups.
- Ignore
Missing bool Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- Mail
Enabled bool Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- Object
Ids []string The object IDs of the groups.
- Return
All bool A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- Security
Enabled bool Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
- display
Name StringPrefix A common display name prefix to match when returning groups.
- display
Names List<String> The display names of the groups.
- ignore
Missing Boolean Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- mail
Enabled Boolean Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- object
Ids List<String> The object IDs of the groups.
- return
All Boolean A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- security
Enabled Boolean Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
- display
Name stringPrefix A common display name prefix to match when returning groups.
- display
Names string[] The display names of the groups.
- ignore
Missing boolean Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- mail
Enabled boolean Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- object
Ids string[] The object IDs of the groups.
- return
All boolean A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- security
Enabled boolean Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
- display_
name_ strprefix A common display name prefix to match when returning groups.
- display_
names Sequence[str] The display names of the groups.
- ignore_
missing bool Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- mail_
enabled bool Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- object_
ids Sequence[str] The object IDs of the groups.
- return_
all bool A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- security_
enabled bool Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
- display
Name StringPrefix A common display name prefix to match when returning groups.
- display
Names List<String> The display names of the groups.
- ignore
Missing Boolean Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with
return_all. Defaults tofalse.- mail
Enabled Boolean Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to
trueensures all groups are mail-enabled, and setting tofalseensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.- object
Ids List<String> The object IDs of the groups.
- return
All Boolean A flag to denote if all groups should be fetched and returned. Cannot be specified wth
ignore_missing. Defaults tofalse.- security
Enabled Boolean Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to
trueensures all groups are security-enabled, and setting tofalseensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together withobject_ids.
getGroups Result
The following output properties are available:
- Display
Name stringPrefix - Display
Names List<string> The display names of the groups.
- Id string
The provider-assigned unique ID for this managed resource.
- Mail
Enabled bool - Object
Ids List<string> The object IDs of the groups.
- Security
Enabled bool - Ignore
Missing bool - Return
All bool
- Display
Name stringPrefix - Display
Names []string The display names of the groups.
- Id string
The provider-assigned unique ID for this managed resource.
- Mail
Enabled bool - Object
Ids []string The object IDs of the groups.
- Security
Enabled bool - Ignore
Missing bool - Return
All bool
- display
Name StringPrefix - display
Names List<String> The display names of the groups.
- id String
The provider-assigned unique ID for this managed resource.
- mail
Enabled Boolean - object
Ids List<String> The object IDs of the groups.
- security
Enabled Boolean - ignore
Missing Boolean - return
All Boolean
- display
Name stringPrefix - display
Names string[] The display names of the groups.
- id string
The provider-assigned unique ID for this managed resource.
- mail
Enabled boolean - object
Ids string[] The object IDs of the groups.
- security
Enabled boolean - ignore
Missing boolean - return
All boolean
- display_
name_ strprefix - display_
names Sequence[str] The display names of the groups.
- id str
The provider-assigned unique ID for this managed resource.
- mail_
enabled bool - object_
ids Sequence[str] The object IDs of the groups.
- security_
enabled bool - ignore_
missing bool - return_
all bool
- display
Name StringPrefix - display
Names List<String> The display names of the groups.
- id String
The provider-assigned unique ID for this managed resource.
- mail
Enabled Boolean - object
Ids List<String> The object IDs of the groups.
- security
Enabled Boolean - ignore
Missing Boolean - return
All Boolean
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azureadTerraform Provider.