[BUG] Trusted Domains in Subaccount are not added

[abs-mkl]

Is there an existing issue for this?

• [X] I have searched the existing issues

What version of the Terraform provider are you using?

1.5.0

What version of the Terraform CLI are you using?

1.9.5

What type of issue are you facing

bug report

Describe the bug

Unfortunately, it is not possible to add the Trusted Domains in a subaccount.

values.tfvars

    security = {
      default_identity_provider                = "sap.custom"
      access_token_validity                    = 3600
      refresh_token_validity                   = 86400
      treat_users_with_same_email_as_same_user = false      
      custom_email_domains                     = ["https://*.test.com"]
    }  

variables.tf

variable "security" {
  description = "Security settings for the subaccount"
  type = object({
    default_identity_provider                = string
    custom_email_domains                     = list(string)
    access_token_validity                    = number
    refresh_token_validity                   = number
    treat_users_with_same_email_as_same_user = bool    
  })
  default = null
}

main.tf

resource "btp_subaccount_security_settings" "security_settings" {
  subaccount_id                            = btp_subaccount.subaccount.id
  default_identity_provider                = var.security.default_identity_provider
  custom_email_domains                     = var.security.custom_email_domains
  access_token_validity                    = var.security.access_token_validity
  refresh_token_validity                   = var.security.refresh_token_validity
  treat_users_with_same_email_as_same_user = var.security.treat_users_with_same_email_as_same_user
}

Expected Behavior

The trusted domains are added and visible in the SAP BTP Cockpit

https://help.sap.com/docs/btp/sap-business-technology-platform/configure-trusted-domains-for-sap-authorization-and-trust-management-service

Steps To Reproduce

No response

User's Role Collections

No response

Add screenshots to help explain your problem

No response

Additional context

No response

[lechnerc77]

The parameter custom_email_domains is propagated correctly and stored on SAP BTP. Here the output of the BTP CLI command btp list security/settingsafter applying the Terraform configuration:

The UI section mentioned in the issue, does not show the domain, as it refers to the domains for iFrames:

If we add a entry here manually:

We see that this is reflected in the corresponding output:

Next Steps: Clarifications:

• Where to find values in BTP Cockpit UI
• Clarification why parameter iFrames is not supported

[abs-mkl]

I see. But since I want to set the domains for iFrames this is not possible?

[lechnerc77]

@abs-mkl I added some more info in the comment above. I will update the issue once I have the information about the points that need clarification.

[abs-mkl]

Thank you very much :)

[lechnerc77]

@abs-mkl here are some updates:

• Currently there is a feature imbalance for security settings between what could be done via BTP CLI and Terraform Provider for SAP BTP and what is available in the UI of the SAP BTP cockpit. The custom email domains is an example. The responsible team is working on harmonizing this, however there is no ETA available yet. To manage and verify these settings, you must use either the Terraform provider or the BTP CLI
• Concerning the iFrames parameter: this is indeed missing and we will introduce it in the next release of the Terraform provider. I will keep this issue open and reference the issue in the upcoming PR for the missing parameter.

[abs-mkl]

@lechnerc77 The IFrame parameter is the parameter I need, so I'm looking forward to the next release :)