From dce5301f405ec7d8511ab85724140494db335a8d Mon Sep 17 00:00:00 2001 From: Wilson de Carvalho Date: Thu, 4 Nov 2021 18:30:05 -0700 Subject: [PATCH] Replace sso by idp (#125) Co-authored-by: Victor Moraes --- CHANGELOG.md | 18 ++ Makefile | 3 +- README.md | 12 +- cyral/provider.go | 18 +- ...o.go => resource_cyral_integration_idp.go} | 11 +- cyral/resource_cyral_integration_idp_test.go | 261 ++++++++++++++++++ cyral/resource_cyral_integration_okta.go | 2 +- cyral/resource_cyral_integration_sso_test.go | 261 ------------------ ...tion_sso_aad.md => integration_idp_aad.md} | 18 +- ...on_sso_adfs.md => integration_idp_adfs.md} | 19 +- ...gerock.md => integration_idp_forgerock.md} | 18 +- ...so_gsuite.md => integration_idp_gsuite.md} | 18 +- ...on_sso_okta.md => integration_idp_okta.md} | 20 +- ...pingone.md => integration_idp_ping_one.md} | 20 +- 14 files changed, 362 insertions(+), 337 deletions(-) rename cyral/{resource_cyral_integration_sso.go => resource_cyral_integration_idp.go} (97%) create mode 100644 cyral/resource_cyral_integration_idp_test.go delete mode 100644 cyral/resource_cyral_integration_sso_test.go rename docs/resources/{integration_sso_aad.md => integration_idp_aad.md} (92%) rename docs/resources/{integration_sso_adfs.md => integration_idp_adfs.md} (92%) rename docs/resources/{integration_sso_forgerock.md => integration_idp_forgerock.md} (93%) rename docs/resources/{integration_sso_gsuite.md => integration_idp_gsuite.md} (93%) rename docs/resources/{integration_sso_okta.md => integration_idp_okta.md} (92%) rename docs/resources/{integration_sso_pingone.md => integration_idp_ping_one.md} (92%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12179d0f..2292d255 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +## 2.2.0 (November 4, 2021) + +Minimum required Control Plane version: `v2.25.0`. + +### Bug fixes: +* **Fix cyclic dependency issue in SAML certificate data source**: [#121](https://github.com/cyralinc/terraform-provider-cyral/pull/121); + +### Deprecated resources: + +* `cyral_integration_sso_*` renamed to `cyral_integration_idp_*` + +## 2.1.1 (October 21, 2021) + +Minimum required Control Plane version: `v2.24.0`. + +### Bug fixes: +* **Remove unnecessary PreCheck from Terraform Provider Tests**: [#117](https://github.com/cyralinc/terraform-provider-cyral/pull/117); + ## 2.1.0 (October 18, 2021) Minimum required Control Plane version: `v2.24.0`. diff --git a/Makefile b/Makefile index 4c848a70..d84c48ff 100644 --- a/Makefile +++ b/Makefile @@ -37,8 +37,7 @@ local/install: local/build docker/test: docker-compose run -e CYRAL_TF_CP_URL=$(CYRAL_TF_CP_URL) -e CYRAL_TF_CLIENT_ID=$(CYRAL_TF_CLIENT_ID) \ - -e CYRAL_TF_CLIENT_SECRET=$(CYRAL_TF_CLIENT_SECRET) -e CYRAL_TF_SSO_URL=$(CYRAL_TF_SSO_URL) \ - -e CYRAL_TF_SAML_METADATA_URL=$(CYRAL_TF_SAML_METADATA_URL) -e TF_ACC=true \ + -e CYRAL_TF_CLIENT_SECRET=$(CYRAL_TF_CLIENT_SECRET) -e TF_ACC=true \ app $(GOTEST) github.com/cyralinc/terraform-provider-cyral/... -v -race docker/build: diff --git a/README.md b/README.md index 96b8204c..8f25e53e 100644 --- a/README.md +++ b/README.md @@ -164,12 +164,12 @@ terraform import cyral_repository.my_resource_name myrepo - [Resource Integration Pager Duty](./docs/resource_integration_pager_duty.md) - [Resource Integration Slack Alerts](./docs/resource_integration_slack_alerts.md) - [Resource Integration Splunk](./docs/resource_integration_splunk.md) -- [Resource Integration SSO AAD](./docs/resources/integration_sso_aad.md) -- [Resource Integration SSO ADFS](./docs/resources/integration_sso_adfs.md) -- [Resource Integration SSO Forgerock](./docs/resources/integration_sso_forgerock.md) -- [Resource Integration SSO GSuite](./docs/resources/integration_sso_gsuite.md) -- [Resource Integration SSO Okta](./docs/resources/integration_sso_okta.md) -- [Resource Integration SSO Ping One](./docs/resources/integration_sso_ping_one.md) +- [Resource Integration IdP AAD](./docs/resources/integration_idp_aad.md) +- [Resource Integration IdP ADFS](./docs/resources/integration_idp_adfs.md) +- [Resource Integration IdP Forgerock](./docs/resources/integration_idp_forgerock.md) +- [Resource Integration IdP GSuite](./docs/resources/integration_idp_gsuite.md) +- [Resource Integration IdP Okta](./docs/resources/integration_idp_okta.md) +- [Resource Integration IdP Ping One](./docs/resources/integration_idp_ping_one.md) - [Resource Integration Sumo Logic](./docs/resource_integration_sumo_logic.md) - [Resource Policy](./docs/resource_policy.md) - [Resource Policy Rule](./docs/resource_policy_rule.md) diff --git a/cyral/provider.go b/cyral/provider.go index 17c01cff..8438df6c 100644 --- a/cyral/provider.go +++ b/cyral/provider.go @@ -96,12 +96,18 @@ func Provider() *schema.Provider { "cyral_integration_pager_duty": resourceIntegrationPagerDuty(), "cyral_integration_slack_alerts": resourceIntegrationSlackAlerts(), "cyral_integration_splunk": resourceIntegrationSplunk(), - "cyral_integration_sso_aad": resourceIntegrationSSO("aad"), - "cyral_integration_sso_adfs": resourceIntegrationSSO("adfs-2016"), - "cyral_integration_sso_forgerock": resourceIntegrationSSO("forgerock"), - "cyral_integration_sso_gsuite": resourceIntegrationSSO("gsuite"), - "cyral_integration_sso_okta": resourceIntegrationSSO("okta"), - "cyral_integration_sso_ping_one": resourceIntegrationSSO("pingone"), + "cyral_integration_idp_aad": resourceIntegrationIDP("aad", ""), + "cyral_integration_idp_adfs": resourceIntegrationIDP("adfs-2016", ""), + "cyral_integration_idp_forgerock": resourceIntegrationIDP("forgerock", ""), + "cyral_integration_idp_gsuite": resourceIntegrationIDP("gsuite", ""), + "cyral_integration_idp_okta": resourceIntegrationIDP("okta", ""), + "cyral_integration_idp_ping_one": resourceIntegrationIDP("pingone", ""), + "cyral_integration_sso_aad": resourceIntegrationIDP("aad", "Use 'cyral_integration_idp_aad' instead"), + "cyral_integration_sso_adfs": resourceIntegrationIDP("adfs-2016", "Use 'cyral_integration_idp_adfs' instead"), + "cyral_integration_sso_forgerock": resourceIntegrationIDP("forgerock", "Use 'cyral_integration_idp_forgerock' instead"), + "cyral_integration_sso_gsuite": resourceIntegrationIDP("gsuite", "Use 'cyral_integration_idp_gsuite' instead"), + "cyral_integration_sso_okta": resourceIntegrationIDP("okta", "Use 'cyral_integration_idp_okta' instead"), + "cyral_integration_sso_ping_one": resourceIntegrationIDP("pingone", "Use 'cyral_integration_idp_ping_one' instead"), "cyral_integration_sumo_logic": resourceIntegrationSumoLogic(), "cyral_policy": resourcePolicy(), "cyral_policy_rule": resourcePolicyRule(), diff --git a/cyral/resource_cyral_integration_sso.go b/cyral/resource_cyral_integration_idp.go similarity index 97% rename from cyral/resource_cyral_integration_sso.go rename to cyral/resource_cyral_integration_idp.go index 38c04d0c..97782d58 100644 --- a/cyral/resource_cyral_integration_sso.go +++ b/cyral/resource_cyral_integration_idp.go @@ -9,11 +9,12 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func resourceIntegrationSSO(identityProvider string) *schema.Resource { +func resourceIntegrationIDP(identityProvider, deprecationMessage string) *schema.Resource { return &schema.Resource{ + DeprecationMessage: deprecationMessage, CreateContext: CreateResource( ResourceOperationConfig{ - Name: "resourceIntegrationSSOCreate", + Name: "resourceIntegrationIDPCreate", HttpMethod: http.MethodPost, CreateURL: func(d *schema.ResourceData, c *client.Client) string { return fmt.Sprintf("https://%s/v1/integrations/saml", c.ControlPlane) @@ -29,7 +30,7 @@ func resourceIntegrationSSO(identityProvider string) *schema.Resource { ReadContext: ReadResource(readSAMLIntegrationConfig), UpdateContext: UpdateResource( ResourceOperationConfig{ - Name: "resourceIntegrationSSOUpdate", + Name: "resourceIntegrationIDPUpdate", HttpMethod: http.MethodPut, CreateURL: func(d *schema.ResourceData, c *client.Client) string { return fmt.Sprintf("https://%s/v1/integrations/saml/%s", c.ControlPlane, d.Id()) @@ -43,7 +44,7 @@ func resourceIntegrationSSO(identityProvider string) *schema.Resource { ), DeleteContext: DeleteResource( ResourceOperationConfig{ - Name: "resourceIntegrationSSODelete", + Name: "resourceIntegrationIDPDelete", HttpMethod: http.MethodDelete, CreateURL: func(d *schema.ResourceData, c *client.Client) string { return fmt.Sprintf("https://%s/v1/integrations/saml/%s", c.ControlPlane, d.Id()) @@ -249,7 +250,7 @@ func resourceIntegrationSSO(identityProvider string) *schema.Resource { } var readSAMLIntegrationConfig = ResourceOperationConfig{ - Name: "resourceIntegrationSSORead", + Name: "resourceIntegrationIDPRead", HttpMethod: http.MethodGet, CreateURL: func(d *schema.ResourceData, c *client.Client) string { return fmt.Sprintf("https://%s/v1/integrations/saml/%s", c.ControlPlane, d.Id()) diff --git a/cyral/resource_cyral_integration_idp_test.go b/cyral/resource_cyral_integration_idp_test.go new file mode 100644 index 00000000..e9d228ea --- /dev/null +++ b/cyral/resource_cyral_integration_idp_test.go @@ -0,0 +1,261 @@ +package cyral + +import ( + "fmt" + "regexp" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +const ( + TestSingleSignOnURL = "https://some-test-sso-url.com" +) + +func TestAccIDPIntegrationResource(t *testing.T) { + samlDisplayName := "tf-test-saml-integration" + resource.Test(t, resource.TestCase{ + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: testAccIDPIntegrationConfig_EmptySamlp(), + ExpectError: regexp.MustCompile(`At least 1 "samlp" blocks are required`), + }, + { + Config: testAccIDPIntegrationConfig_EmptyConfig(), + ExpectError: regexp.MustCompile(`At least 1 "config" blocks are required`), + }, + { + Config: testAccIDPIntegrationConfig_EmptySSOUrl(), + ExpectError: regexp.MustCompile( + `The argument "single_sign_on_service_url" is required`), + }, + { + Config: testAccIDPIntegrationConfig_ADFS_DefaultValues(), + Check: testAccIDPIntegrationCheck_ADFS_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_AAD_DefaultValues(), + Check: testAccIDPIntegrationCheck_AAD_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_Forgerock_DefaultValues(), + Check: testAccIDPIntegrationCheck_Forgerock_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_GSuite_DefaultValues(), + Check: testAccIDPIntegrationCheck_GSuite_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_PingOne_DefaultValues(), + Check: testAccIDPIntegrationCheck_PingOne_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_Okta_DefaultValues(), + Check: testAccIDPIntegrationCheck_Okta_DefaultValues(), + }, + { + Config: testAccIDPIntegrationConfig_Updated(samlDisplayName), + Check: testAccIDPIntegrationCheck_Updated(samlDisplayName), + }, + { + Config: testAccIDPIntegrationConfig_NotEmptyAlias(), + Check: testAccIDPIntegrationCheck_NotEmptyAlias(), + }, + }, + }) +} + +func testAccIDPIntegrationConfig_EmptySamlp() string { + return ` + resource "cyral_integration_idp_okta" "test_saml_integration" { + } + ` +} + +func testAccIDPIntegrationConfig_EmptyConfig() string { + return ` + resource "cyral_integration_idp_okta" "test_saml_integration" { + samlp { + } + } + ` +} + +func testAccIDPIntegrationConfig_EmptySSOUrl() string { + return ` + resource "cyral_integration_idp_okta" "test_saml_integration" { + samlp { + config { + } + } + } + ` +} + +func testAccIDPIntegrationConfig_ADFS_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_adfs" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_ADFS_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_adfs.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_AAD_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_aad" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_AAD_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_aad.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_Forgerock_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_forgerock" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_Forgerock_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_forgerock.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_GSuite_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_gsuite" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_GSuite_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_gsuite.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_PingOne_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_ping_one" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_PingOne_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_ping_one.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_Okta_DefaultValues() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_okta" "test_saml_integration" { + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_Okta_DefaultValues() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} + +func testAccIDPIntegrationConfig_Updated(samlDisplayName string) string { + return fmt.Sprintf(` + resource "cyral_integration_idp_okta" "test_saml_integration" { + samlp { + display_name = "%s" + disabled = true + config { + single_sign_on_service_url = "%s" + back_channel_supported = true + } + } + } + `, samlDisplayName, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_Updated(samlDisplayName string) resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.display_name", samlDisplayName), + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.disabled", "true"), + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.config.0.back_channel_supported", "true"), + ) +} + +func testAccIDPIntegrationConfig_NotEmptyAlias() string { + return fmt.Sprintf(` + resource "cyral_integration_idp_okta" "test_saml_integration" { + draft_alias = "test-alias" + samlp { + config { + single_sign_on_service_url = "%s" + } + } + } + `, TestSingleSignOnURL) +} + +func testAccIDPIntegrationCheck_NotEmptyAlias() resource.TestCheckFunc { + return resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "draft_alias", "test-alias"), + resource.TestCheckResourceAttrPair( + "cyral_integration_idp_okta.test_saml_integration", "id", + "cyral_integration_idp_okta.test_saml_integration", "draft_alias"), + resource.TestCheckResourceAttr("cyral_integration_idp_okta.test_saml_integration", + "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), + ) +} diff --git a/cyral/resource_cyral_integration_okta.go b/cyral/resource_cyral_integration_okta.go index d68babec..5cce8964 100644 --- a/cyral/resource_cyral_integration_okta.go +++ b/cyral/resource_cyral_integration_okta.go @@ -104,7 +104,7 @@ var cleanUpOktaIntegration = ResourceOperationConfig{ func resourceIntegrationOkta() *schema.Resource { return &schema.Resource{ - DeprecationMessage: "Use `cyral_integration_sso_okta` instead.", + DeprecationMessage: "Use `cyral_integration_idp_okta` instead.", CreateContext: CreateOktaIntegration, ReadContext: ReadOktaIntegration, UpdateContext: UpdateOktaIntegration, diff --git a/cyral/resource_cyral_integration_sso_test.go b/cyral/resource_cyral_integration_sso_test.go deleted file mode 100644 index 5dccc325..00000000 --- a/cyral/resource_cyral_integration_sso_test.go +++ /dev/null @@ -1,261 +0,0 @@ -package cyral - -import ( - "fmt" - "regexp" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" -) - -const ( - TestSingleSignOnURL = "https://some-test-sso-url.com" -) - -func TestAccSSOIntegrationResource(t *testing.T) { - samlDisplayName := "tf-test-saml-integration" - resource.Test(t, resource.TestCase{ - ProviderFactories: providerFactories, - Steps: []resource.TestStep{ - { - Config: testAccSSOIntegrationConfig_EmptySamlp(), - ExpectError: regexp.MustCompile(`At least 1 "samlp" blocks are required`), - }, - { - Config: testAccSSOIntegrationConfig_EmptyConfig(), - ExpectError: regexp.MustCompile(`At least 1 "config" blocks are required`), - }, - { - Config: testAccSSOIntegrationConfig_EmptySSOUrl(), - ExpectError: regexp.MustCompile( - `The argument "single_sign_on_service_url" is required`), - }, - { - Config: testAccSSOIntegrationConfig_ADFS_DefaultValues(), - Check: testAccSSOIntegrationCheck_ADFS_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_AAD_DefaultValues(), - Check: testAccSSOIntegrationCheck_AAD_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_Forgerock_DefaultValues(), - Check: testAccSSOIntegrationCheck_Forgerock_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_GSuite_DefaultValues(), - Check: testAccSSOIntegrationCheck_GSuite_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_PingOne_DefaultValues(), - Check: testAccSSOIntegrationCheck_PingOne_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_Okta_DefaultValues(), - Check: testAccSSOIntegrationCheck_Okta_DefaultValues(), - }, - { - Config: testAccSSOIntegrationConfig_Updated(samlDisplayName), - Check: testAccSSOIntegrationCheck_Updated(samlDisplayName), - }, - { - Config: testAccSSOIntegrationConfig_NotEmptyAlias(), - Check: testAccSSOIntegrationCheck_NotEmptyAlias(), - }, - }, - }) -} - -func testAccSSOIntegrationConfig_EmptySamlp() string { - return ` - resource "cyral_integration_sso_okta" "test_saml_integration" { - } - ` -} - -func testAccSSOIntegrationConfig_EmptyConfig() string { - return ` - resource "cyral_integration_sso_okta" "test_saml_integration" { - samlp { - } - } - ` -} - -func testAccSSOIntegrationConfig_EmptySSOUrl() string { - return ` - resource "cyral_integration_sso_okta" "test_saml_integration" { - samlp { - config { - } - } - } - ` -} - -func testAccSSOIntegrationConfig_ADFS_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_adfs" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_ADFS_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_adfs.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_AAD_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_aad" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_AAD_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_aad.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_Forgerock_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_forgerock" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_Forgerock_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_forgerock.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_GSuite_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_gsuite" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_GSuite_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_gsuite.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_PingOne_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_ping_one" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_PingOne_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_ping_one.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_Okta_DefaultValues() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_okta" "test_saml_integration" { - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_Okta_DefaultValues() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} - -func testAccSSOIntegrationConfig_Updated(samlDisplayName string) string { - return fmt.Sprintf(` - resource "cyral_integration_sso_okta" "test_saml_integration" { - samlp { - display_name = "%s" - disabled = true - config { - single_sign_on_service_url = "%s" - back_channel_supported = true - } - } - } - `, samlDisplayName, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_Updated(samlDisplayName string) resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.display_name", samlDisplayName), - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.disabled", "true"), - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.config.0.back_channel_supported", "true"), - ) -} - -func testAccSSOIntegrationConfig_NotEmptyAlias() string { - return fmt.Sprintf(` - resource "cyral_integration_sso_okta" "test_saml_integration" { - draft_alias = "test-alias" - samlp { - config { - single_sign_on_service_url = "%s" - } - } - } - `, TestSingleSignOnURL) -} - -func testAccSSOIntegrationCheck_NotEmptyAlias() resource.TestCheckFunc { - return resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "draft_alias", "test-alias"), - resource.TestCheckResourceAttrPair( - "cyral_integration_sso_okta.test_saml_integration", "id", - "cyral_integration_sso_okta.test_saml_integration", "draft_alias"), - resource.TestCheckResourceAttr("cyral_integration_sso_okta.test_saml_integration", - "samlp.0.config.0.single_sign_on_service_url", TestSingleSignOnURL), - ) -} diff --git a/docs/resources/integration_sso_aad.md b/docs/resources/integration_idp_aad.md similarity index 92% rename from docs/resources/integration_sso_aad.md rename to docs/resources/integration_idp_aad.md index 199582b1..09a3d245 100644 --- a/docs/resources/integration_sso_aad.md +++ b/docs/resources/integration_idp_aad.md @@ -1,13 +1,13 @@ -# Azure Active Directory SSO Integration Resource +# Azure Active Directory IdP Integration Resource -Provides an AAD SSO integration resource. +Provides integration with Azure Active Directory identity provider to allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configuration ```hcl -resource "cyral_integration_sso_aad" "some_resource_name" { +resource "cyral_integration_idp_aad" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +27,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_aad" "some_resource_name" { +resource "cyral_integration_idp_aad" "some_resource_name" { samlp { provider_id = "saml" disabled = false @@ -65,7 +65,7 @@ resource "cyral_integration_sso_aad" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference @@ -73,12 +73,12 @@ resource "cyral_integration_sso_aad" "some_resource_name" { The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `Azure Active Directory`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `Azure Active Directory`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -111,5 +111,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration. diff --git a/docs/resources/integration_sso_adfs.md b/docs/resources/integration_idp_adfs.md similarity index 92% rename from docs/resources/integration_sso_adfs.md rename to docs/resources/integration_idp_adfs.md index d343d7e8..c3ab96c0 100644 --- a/docs/resources/integration_sso_adfs.md +++ b/docs/resources/integration_idp_adfs.md @@ -1,13 +1,14 @@ -# Active Directory Federation Services SSO Integration Resource +# Active Directory Federation Services IdP Integration Resource -Provides an ADFS SSO integration resource. +Provides integration with Active Directory Federation Services identity provider to +allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configuration ```hcl -resource "cyral_integration_sso_adfs" "some_resource_name" { +resource "cyral_integration_idp_adfs" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +28,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_adfs" "some_resource_name" { +resource "cyral_integration_idp_adfs" "some_resource_name" { samlp { provider_id = "saml" disabled = false @@ -65,7 +66,7 @@ resource "cyral_integration_sso_adfs" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference @@ -73,12 +74,12 @@ resource "cyral_integration_sso_adfs" "some_resource_name" { The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `Active Directory`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `Active Directory`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -111,5 +112,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration. diff --git a/docs/resources/integration_sso_forgerock.md b/docs/resources/integration_idp_forgerock.md similarity index 93% rename from docs/resources/integration_sso_forgerock.md rename to docs/resources/integration_idp_forgerock.md index 366a1604..1b61546b 100644 --- a/docs/resources/integration_sso_forgerock.md +++ b/docs/resources/integration_idp_forgerock.md @@ -1,13 +1,13 @@ -# Forgerock SSO Integration Resource +# Forgerock IdP Integration Resource -Provides a Forgerock SSO integration resource. +Provides integration with Forgerock identity provider to allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configuration ```hcl -resource "cyral_integration_sso_forgerock" "some_resource_name" { +resource "cyral_integration_idp_forgerock" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +27,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_forgerock" "some_resource_name" { +resource "cyral_integration_idp_forgerock" "some_resource_name" { samlp { provider_id = "saml" disabled = false @@ -65,7 +65,7 @@ resource "cyral_integration_sso_forgerock" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference @@ -73,12 +73,12 @@ resource "cyral_integration_sso_forgerock" "some_resource_name" { The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `Forgerock`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `Forgerock`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -111,5 +111,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration. diff --git a/docs/resources/integration_sso_gsuite.md b/docs/resources/integration_idp_gsuite.md similarity index 93% rename from docs/resources/integration_sso_gsuite.md rename to docs/resources/integration_idp_gsuite.md index 840cc50c..bf0ecbc9 100644 --- a/docs/resources/integration_sso_gsuite.md +++ b/docs/resources/integration_idp_gsuite.md @@ -1,13 +1,13 @@ -# GSuite SSO Integration Resource +# GSuite IdP Integration Resource -Provides a GSuite SSO integration resource. +Provides integration with GSuite identity provider to allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configurationg ```hcl -resource "cyral_integration_sso_gsuite" "some_resource_name" { +resource "cyral_integration_idp_gsuite" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +27,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_gsuite" "some_resource_name" { +resource "cyral_integration_idp_gsuite" "some_resource_name" { samlp { provider_id = "saml" disabled = false @@ -65,7 +65,7 @@ resource "cyral_integration_sso_gsuite" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference @@ -73,12 +73,12 @@ resource "cyral_integration_sso_gsuite" "some_resource_name" { The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `GSuite`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `GSuite`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -111,5 +111,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration. diff --git a/docs/resources/integration_sso_okta.md b/docs/resources/integration_idp_okta.md similarity index 92% rename from docs/resources/integration_sso_okta.md rename to docs/resources/integration_idp_okta.md index 7cf6ed36..49562874 100644 --- a/docs/resources/integration_sso_okta.md +++ b/docs/resources/integration_idp_okta.md @@ -1,13 +1,13 @@ -# Okta SSO Integration Resource +# Okta IdP Integration Resource -Provides an Okta SSO integration resource. +Provides integration with Okta identity provider to allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configuration ```hcl -resource "cyral_integration_sso_okta" "some_resource_name" { +resource "cyral_integration_idp_okta" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +27,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_okta" "some_resource_name" { +resource "cyral_integration_idp_okta" "some_resource_name" { draft_alias = "some_existing_okta_draft_alias" samlp { provider_id = "saml" @@ -66,21 +66,21 @@ resource "cyral_integration_sso_okta" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference * `samlp` - (Required) It contains the top-level configuration for an identity provider. -* `draft_alias` - (Optional) An `alias` that uniquely identifies a SSO Integration draft. If set, will delete any correspondent draft and create a new SSO Integration with the same `alias`. Defaults to `""`. +* `draft_alias` - (Optional) An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `""`. The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `Okta`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `Okta`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -113,5 +113,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration. diff --git a/docs/resources/integration_sso_pingone.md b/docs/resources/integration_idp_ping_one.md similarity index 92% rename from docs/resources/integration_sso_pingone.md rename to docs/resources/integration_idp_ping_one.md index f9fafa0b..638683d5 100644 --- a/docs/resources/integration_sso_pingone.md +++ b/docs/resources/integration_idp_ping_one.md @@ -1,13 +1,13 @@ -# PingOne SSO Integration Resource +# PingOne IdP Integration Resource -Provides a PingOne SSO integration resource. +Provides integration with PingOne identity provider to allow single-sign on to Cyral. ## Example Usage ### Integration with Default Configuration ```hcl -resource "cyral_integration_sso_ping_one" "some_resource_name" { +resource "cyral_integration_idp_ping_one" "some_resource_name" { samlp { config { single_sign_on_service_url = "some_sso_url" @@ -27,7 +27,7 @@ data "cyral_saml_configuration" "some_data_source_name" { saml_metadata_url = "some_metadata_url" } -resource "cyral_integration_sso_ping_one" "some_resource_name" { +resource "cyral_integration_idp_ping_one" "some_resource_name" { draft_alias = "some_existing_ping_one_draft_alias" samlp { provider_id = "saml" @@ -66,21 +66,21 @@ resource "cyral_integration_sso_ping_one" "some_resource_name" { } } ``` --> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this SSO Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. +-> When using the [SAML Configuration Data Source](../data-sources/saml_configuration.md) to configure this IdP Integration resource, consider verifying if the `string` attributes are `empty` like in the example above so that the resource arguments can be used with their default values, instead of setting them as empty. ## Argument Reference * `samlp` - (Required) It contains the top-level configuration for an identity provider. -* `draft_alias` - (Optional) An `alias` that uniquely identifies a SSO Integration draft. If set, will delete any correspondent draft and create a new SSO Integration with the same `alias`. Defaults to `""`. +* `draft_alias` - (Optional) An `alias` that uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the same `alias`. Defaults to `""`. The `samlp` object supports the following: -* `config` - (Required) The SAML configuration for this SSO Integration. +* `config` - (Required) The SAML configuration for this IdP Integration. * `provider_id` - (Optional) This is the provider ID of `saml`. Defaults to `saml`. * `disabled` - (Optional) Disable maps to Keycloak's `enabled` field. Defaults to `false`. * `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after `First Login` with this identity provider. Term `First Login` means that no Keycloak account is currently linked to the authenticated identity provider account. Defaults to `SAML_First_Broker`. * `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to `""`. -* `display_name` - (Optional) Name of the SAML Integration displayed in the UI. Defaults to `PingOne`. +* `display_name` - (Optional) Name of the IdP Integration displayed in the UI. Defaults to `PingOne`. * `store_token` - (Optional) Enable if tokens must be stored after authenticating users. Defaults to `false`. * `add_read_token_role_on_create` - (Optional) Adds read token role on creation. Defaults to `false`. * `trust_email` - (Optional) If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to `false`. @@ -113,5 +113,5 @@ The `config` object supports the following: ## Attribute Reference -* `id` - The ID of this resource, which corresponds to the SSO Integration `alias`. -* `internal_id` - An ID that is auto-generated internally for this SSO Integration. +* `id` - The ID of this resource, which corresponds to the IdP Integration `alias`. +* `internal_id` - An ID that is auto-generated internally for this IdP Integration.