kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expose additional workforce identity attributes (#3717)

Browse Source
This commit is contained in:
Julio Castillo
2026-02-09 15:30:58 +01:00
committed by GitHub
parent 4fa6a6f205
commit 518d9d96aa
6 changed files with 79 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/organization/README.md
View File

@@ -841,7 +841,9 @@ module "org" {
organization_id = var.organization_id
workforce_identity_config = {
# optional, defaults to 'default'
pool_name = "test-pool"
pool_name = "test-pool"
display_name = "Test Pool"
description = "Workforce pool for testing."
providers = {
saml-basic = {
attribute_mapping_template = "azuread"
@@ -959,7 +961,7 @@ module "org" {
| [tag_bindings](variables-tags.tf#L89) | Tag bindings for this organization, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [tags](variables-tags.tf#L96) | Tags by key name. If `id` is provided, key or value creation is skipped. The `iam` attribute behaves like the similarly named one at module level. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Managed by the Terraform organization module.&#34;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; id &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string, &#34;Managed by the Terraform organization module.&#34;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; members &#61; list&#40;string&#41;&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; member &#61; string&#10; role &#61; string&#10; condition &#61; optional&#40;object&#40;&#123;&#10; expression &#61; string&#10; title &#61; string&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [tags_config](variables-tags.tf#L161) | Fine-grained control on tag resource and IAM creation. | <code title="object&#40;&#123;&#10; force_context_ids &#61; optional&#40;bool, false&#41;&#10; ignore_iam &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [workforce_identity_config](variables-identity-providers.tf#L17) | Workforce Identity Federation pool and providers. | <code title="object&#40;&#123;&#10; pool_name &#61; optional&#40;string, &#34;default&#34;&#41;&#10; providers &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; attribute_condition &#61; optional&#40;string&#41;&#10; attribute_mapping &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; attribute_mapping_template &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool, false&#41;&#10; identity_provider &#61; object&#40;&#123;&#10; oidc &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; optional&#40;string&#41;&#10; jwks_json &#61; optional&#40;string&#41;&#10; web_sso_config &#61; optional&#40;object&#40;&#123;&#10; response_type &#61; optional&#40;string, &#34;CODE&#34;&#41;&#10; assertion_claims_behavior &#61; optional&#40;string, &#34;ONLY_ID_TOKEN_CLAIMS&#34;&#41;&#10; additional_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; saml &#61; optional&#40;object&#40;&#123;&#10; idp_metadata_xml &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; oauth2_client_config &#61; optional&#40;object&#40;&#123;&#10; extended_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; extra_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [workforce_identity_config](variables-identity-providers.tf#L17) | Workforce Identity Federation pool and providers. | <code title="object&#40;&#123;&#10; pool_name &#61; optional&#40;string, &#34;default&#34;&#41;&#10; description &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; session_duration &#61; optional&#40;string&#41;&#10; access_restrictions &#61; optional&#40;object&#40;&#123;&#10; disable_programmatic_signin &#61; optional&#40;bool&#41;&#10; allowed_services &#61; optional&#40;list&#40;object&#40;&#123;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; providers &#61; optional&#40;map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; display_name &#61; optional&#40;string&#41;&#10; attribute_condition &#61; optional&#40;string&#41;&#10; attribute_mapping &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; attribute_mapping_template &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool, false&#41;&#10; identity_provider &#61; object&#40;&#123;&#10; oidc &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; optional&#40;string&#41;&#10; jwks_json &#61; optional&#40;string&#41;&#10; web_sso_config &#61; optional&#40;object&#40;&#123;&#10; response_type &#61; optional&#40;string, &#34;CODE&#34;&#41;&#10; assertion_claims_behavior &#61; optional&#40;string, &#34;ONLY_ID_TOKEN_CLAIMS&#34;&#41;&#10; additional_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; saml &#61; optional&#40;object&#40;&#123;&#10; idp_metadata_xml &#61; string&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; oauth2_client_config &#61; optional&#40;object&#40;&#123;&#10; extended_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; extra_attributes &#61; optional&#40;object&#40;&#123;&#10; issuer_uri &#61; string&#10; client_id &#61; string&#10; client_secret &#61; string&#10; attributes_type &#61; optional&#40;string&#41;&#10; query_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs