From b2dd80940f1ecf6ab31b492e10b80c0ddcf9c5b8 Mon Sep 17 00:00:00 2001
From: Ricardo Rey Diez <rdiez@cyral.com>
Date: Wed, 13 Mar 2024 15:41:59 -0600
Subject: [PATCH 1/2] ENG-13675: update documentation for identity_provider
 field

Rephrase
---
 .../resource_cyral_repository_conf_auth.go     | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go b/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
index 84ce71be..786dc132 100644
--- a/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
+++ b/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
@@ -215,9 +215,21 @@ func repositoryConfAuthResourceSchemaV0() *schema.Resource {
 				Default:     DefaultClientTLS,
 			},
 			"identity_provider": {
-				Description: "The ID (Alias) of the identity provider integration.",
-				Type:        schema.TypeString,
-				Optional:    true,
+				Description: fmt.Sprintf(
+					"The semantics of this field changed in control planes `v4.13` and later. See how "+
+						"it should be configured depending on your control plane version:\n"+
+						"  - `v4.12` and below:\n       - Provide the ID (Alias) of the identity provider "+
+						"integration to allow user authentication using an IdP.\n"+
+						"  - `v4.13` and later:\n      - If not supplied, then end-user "+
+						"authentication is disabled.\n      - If end-user authentication "+
+						"with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any "+
+						"other non-empty string.\n      - If end-user authentication with "+
+						"AWS IAM is desired, then this must be the ID of an AWS IAM integration, "+
+						"and the `auth_type` attribute must be set to `%s`.",
+					AwsIAMAuthType,
+				),
+				Type:     schema.TypeString,
+				Optional: true,
 			},
 			"repo_tls": {
 				Description: fmt.Sprintf("Is TLS enabled for the repository? Default is %q.", DefaultRepoTLS),

From 1f23ef3a26716f08eafe3c91792a1de76a1a471a Mon Sep 17 00:00:00 2001
From: Ricardo Rey Diez <rdiez@cyral.com>
Date: Thu, 21 Mar 2024 15:59:50 -0600
Subject: [PATCH 2/2] Rebase with prettyfier fix

---
 .../confauth/resource_cyral_repository_conf_auth.go       | 8 ++++----
 docs/resources/repository_conf_auth.md                    | 8 +++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go b/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
index 786dc132..2d8bbb29 100644
--- a/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
+++ b/cyral/internal/repository/confauth/resource_cyral_repository_conf_auth.go
@@ -218,12 +218,12 @@ func repositoryConfAuthResourceSchemaV0() *schema.Resource {
 				Description: fmt.Sprintf(
 					"The semantics of this field changed in control planes `v4.13` and later. See how "+
 						"it should be configured depending on your control plane version:\n"+
-						"  - `v4.12` and below:\n       - Provide the ID (Alias) of the identity provider "+
+						"\t- `v4.12` and below:\n\t\t- Provide the ID (Alias) of the identity provider "+
 						"integration to allow user authentication using an IdP.\n"+
-						"  - `v4.13` and later:\n      - If not supplied, then end-user "+
-						"authentication is disabled.\n      - If end-user authentication "+
+						"\t- `v4.13` and later:\n\t\t- If not supplied, then end-user "+
+						"authentication is disabled.\n\t\t- If end-user authentication "+
 						"with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any "+
-						"other non-empty string.\n      - If end-user authentication with "+
+						"other non-empty string.\n\t\t- If end-user authentication with "+
 						"AWS IAM is desired, then this must be the ID of an AWS IAM integration, "+
 						"and the `auth_type` attribute must be set to `%s`.",
 					AwsIAMAuthType,
diff --git a/docs/resources/repository_conf_auth.md b/docs/resources/repository_conf_auth.md
index 8a089fdf..cb6cd978 100644
--- a/docs/resources/repository_conf_auth.md
+++ b/docs/resources/repository_conf_auth.md
@@ -31,7 +31,13 @@ resource "cyral_repository_conf_auth" "some_resource_name" {
     -   `ACCESS_TOKEN`
     -   `AWS_IAM`
 -   `client_tls` (String) Is the repo Client using TLS? Default is "disable".
--   `identity_provider` (String) The ID (Alias) of the identity provider integration.
+-   `identity_provider` (String) The semantics of this field changed in control planes `v4.13` and later. See how it should be configured depending on your control plane version:
+    -   `v4.12` and below:
+        -   Provide the ID (Alias) of the identity provider integration to allow user authentication using an IdP.
+    -   `v4.13` and later:
+        -   If not supplied, then end-user authentication is disabled.
+        -   If end-user authentication with Cyral Access Token is desired, then set to `ACCESS_TOKEN` or any other non-empty string.
+        -   If end-user authentication with AWS IAM is desired, then this must be the ID of an AWS IAM integration, and the `auth_type` attribute must be set to `AWS_IAM`.
 -   `repo_tls` (String) Is TLS enabled for the repository? Default is "disable".
 
 ### Read-Only