Add support for creating multiple workforce identity pools (#3846)
* Added support for multiple workforce identity pools * Fixed organization module workforce identity federation outputs * tfdoc --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> Co-authored-by: Julio Castillo <jccb@google.com>
This commit is contained in:
kovagoadam
@@ -911,60 +911,60 @@ Auto-population of provider attributes is supported via the `attribute_mapping_t
|
||||
module "org" {
|
||||
source = "./fabric/modules/organization"
|
||||
organization_id = var.organization_id
|
||||
workforce_identity_config = {
|
||||
# optional, defaults to 'default'
|
||||
pool_name = "test-pool"
|
||||
display_name = "Test Pool"
|
||||
description = "Workforce pool for testing."
|
||||
providers = {
|
||||
saml-basic = {
|
||||
attribute_mapping_template = "azuread"
|
||||
identity_provider = {
|
||||
saml = {
|
||||
idp_metadata_xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>..."
|
||||
}
|
||||
}
|
||||
}
|
||||
saml-full = {
|
||||
attribute_mapping = {
|
||||
"google.subject" = "assertion.sub"
|
||||
}
|
||||
identity_provider = {
|
||||
saml = {
|
||||
idp_metadata_xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>..."
|
||||
}
|
||||
}
|
||||
oauth2_client_config = {
|
||||
extra_attributes = {
|
||||
issuer_uri = "https://login.microsoftonline.com/abcdef/v2.0"
|
||||
client_id = "client-id"
|
||||
client_secret = "client-secret"
|
||||
attributes_type = "AZURE_AD_GROUPS_ID"
|
||||
query_filter = "mail:gcp"
|
||||
}
|
||||
}
|
||||
}
|
||||
oidc-full = {
|
||||
attribute_mapping = {
|
||||
"google.subject" = "assertion.sub"
|
||||
}
|
||||
identity_provider = {
|
||||
oidc = {
|
||||
issuer_uri = "https://sts.windows.net/abcd01234/"
|
||||
client_id = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery"
|
||||
client_secret = "client-secret"
|
||||
web_sso_config = {
|
||||
response_type = "CODE"
|
||||
assertion_claims_behavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"
|
||||
workforce_identity_pools = {
|
||||
"test-pool" = {
|
||||
display_name = "Test Pool"
|
||||
description = "Workforce pool for testing."
|
||||
providers = {
|
||||
saml-basic = {
|
||||
attribute_mapping_template = "azuread"
|
||||
identity_provider = {
|
||||
saml = {
|
||||
idp_metadata_xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>..."
|
||||
}
|
||||
}
|
||||
}
|
||||
oauth2_client_config = {
|
||||
extra_attributes = {
|
||||
issuer_uri = "https://login.microsoftonline.com/abcd01234/v2.0"
|
||||
client_id = "client-id"
|
||||
client_secret = "client-secret"
|
||||
attributes_type = "AZURE_AD_GROUPS_MAIL"
|
||||
saml-full = {
|
||||
attribute_mapping = {
|
||||
"google.subject" = "assertion.sub"
|
||||
}
|
||||
identity_provider = {
|
||||
saml = {
|
||||
idp_metadata_xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>..."
|
||||
}
|
||||
}
|
||||
oauth2_client_config = {
|
||||
extra_attributes = {
|
||||
issuer_uri = "https://login.microsoftonline.com/abcdef/v2.0"
|
||||
client_id = "client-id"
|
||||
client_secret = "client-secret"
|
||||
attributes_type = "AZURE_AD_GROUPS_ID"
|
||||
query_filter = "mail:gcp"
|
||||
}
|
||||
}
|
||||
}
|
||||
oidc-full = {
|
||||
attribute_mapping = {
|
||||
"google.subject" = "assertion.sub"
|
||||
}
|
||||
identity_provider = {
|
||||
oidc = {
|
||||
issuer_uri = "https://sts.windows.net/abcd01234/"
|
||||
client_id = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery"
|
||||
client_secret = "client-secret"
|
||||
web_sso_config = {
|
||||
response_type = "CODE"
|
||||
assertion_claims_behavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"
|
||||
}
|
||||
}
|
||||
}
|
||||
oauth2_client_config = {
|
||||
extra_attributes = {
|
||||
issuer_uri = "https://login.microsoftonline.com/abcd01234/v2.0"
|
||||
client_id = "client-id"
|
||||
client_secret = "client-secret"
|
||||
attributes_type = "AZURE_AD_GROUPS_MAIL"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1033,7 +1033,7 @@ module "org" {
|
||||
| [tag_bindings](variables-tags.tf#L89) | Tag bindings for this organization, in key => tag value id format. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [tags](variables-tags.tf#L96) | Tags by key name. If `id` is provided, key or value creation is skipped. The `iam` attribute behaves like the similarly named one at module level. | <code>map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tags_config](variables-tags.tf#L161) | Fine-grained control on tag resource and IAM creation. | <code>object({…})</code> | | <code>{}</code> |
|
||||
| [workforce_identity_config](variables-identity-providers.tf#L17) | Workforce Identity Federation pool and providers. | <code>object({…})</code> | | <code>null</code> |
|
||||
| [workforce_identity_pools](variables-identity-providers.tf#L17) | Workforce Identity Federation pools and providers. | <code>map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
@@ -1055,6 +1055,7 @@ module "org" {
|
||||
| [sink_writer_identities](outputs.tf#L125) | Writer identities created for each sink. | |
|
||||
| [tag_keys](outputs.tf#L133) | Tag key resources. | |
|
||||
| [tag_values](outputs.tf#L142) | Tag value resources. | |
|
||||
| [workforce_identity_provider_names](outputs.tf#L150) | Workforce Identity provider names. | |
|
||||
| [workforce_identity_providers](outputs.tf#L157) | Workforce Identity provider attributes. | |
|
||||
| [workforce_identity_pool_ids](outputs.tf#L150) | Workforce identity pool ids. | |
|
||||
| [workforce_identity_provider_names](outputs.tf#L157) | Workforce Identity provider names. | |
|
||||
| [workforce_identity_providers](outputs.tf#L164) | Workforce Identity provider attributes. | |
|
||||
<!-- END TFDOC -->
|
||||
|
||||
Reference in New Issue
Block a user