Closed ecanault closed 3 months ago
Hi there, looks like an easy enough implementation, i'll take a look next week for you. Thanks
I've added support for ldap groups using a new identity_server block that can now be added to jamfpro_account_group
. This has been added with PR #160 and is part of the v0.0.45 release. Please test and confirm. many thanks
Hi @ShocOne
Thanks a lot for this enhancement! Just made a test : resources are correctly created, but the terraform deployment command ends up with errors:
╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '4' to become available after 1 retries. Last error: context deadline exceeded
│
│ with jamfpro_account_group.admin_group,
│ on main.tf line 38, in resource "jamfpro_account_group" "admin_group":
│ 38: resource "jamfpro_account_group" "admin_group" {
│
╵
╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '5' to become available after 1 retries. Last error: context deadline exceeded
│
│ with jamfpro_account_group.auditor_group,
│ on main.tf line 47, in resource "jamfpro_account_group" "auditor_group":
│ 47: resource "jamfpro_account_group" "auditor_group" {
│
╵
╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '6' to become available after 1 retries. Last error: context deadline exceeded
│
│ with jamfpro_account_group.enrollment_group,
│ on main.tf line 56, in resource "jamfpro_account_group" "enrollment_group":
│ 56: resource "jamfpro_account_group" "enrollment_group" {
│
╵
Here are the relevant parts of mymain.tf
file:
terraform {
required_providers {
jamfpro = {
source = "deploymenttheory/jamfpro"
version = "~> 0.0.45"
}
}
}
provider "jamfpro" {
instance_name = var.JAMFPRO_INSTANCE_NAME
username = var.JAMFPRO_USERNAME
password = var.JAMFPRO_PASSWORD
log_level = "none"
log_output_format = "console"
log_console_separator = " "
hide_sensitive_data = true
max_retry_attempts = 5
enable_dynamic_rate_limiting = false
max_concurrent_requests = 5
token_refresh_buffer_period = 10
total_retry_duration = 30
custom_timeout = 30
}
resource "jamfpro_account_group" "admin_group" {
name = var.SSO_ADMIN_GROUP
access_level = "Full Access"
privilege_set = "Administrator"
identity_server {
id = 1004
}
}
resource "jamfpro_account_group" "auditor_group" {
name = var.SSO_AUDIT_GROUP
access_level = "Full Access"
privilege_set = "Auditor"
identity_server {
id = 1004
}
}
resource "jamfpro_account_group" "enrollment_group" {
name = var.SSO_ENROLL_GROUP
access_level = "Full Access"
privilege_set = "Enrollment Only"
identity_server {
id = 1004
}
}
Regards, Emmanuel
Hi Manu, I've made some changes to the provider to accommodate your ask and they will be in the next release to support iDP and LDAP. I've been focusing on the stating issues you flagged in your comments this week. Which should be resolved now.
Hi @ShocOne Many thanks for that, I will test it ASAP. I will have other features requests I think 🙂.
Please try the latest release v0.0.48 and let me know how you get on. My sandbox jamf environment doesn't haven't have ldap integration so im having to build off of the data model and documentation exclusively.
Hi, I have juste done a quick test : the objects create tasks take a looong time (~ 4 mn), but it works \o/ I didn't played with the new options as discussed in the Slack channel but I will do :-) I hope to have more time next week to work on this subject. Thanks
great. if you have any other feedback then let me know. thanks for testing
[like] Emmanuel Canault reacted to your message:
From: ShocOne @.> Sent: Friday, April 12, 2024 1:48:50 PM To: deploymenttheory/terraform-provider-jamfpro @.> Cc: Emmanuel Canault @.>; Author @.> Subject: Re: [deploymenttheory/terraform-provider-jamfpro] Feature Request: Add support for directory groups in jamfpro_account_group (Issue #155)
great. if you have any other feedback then let me know. thanks for testing
— Reply to this email directly, view it on GitHubhttps://github.com/deploymenttheory/terraform-provider-jamfpro/issues/155#issuecomment-2051799408, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKY46S5UHDCJFPL6PBMOA3TY47Q4FAVCNFSM6AAAAABFYYIWECVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJRG44TSNBQHA. You are receiving this because you authored the thread.Message ID: @.***>
Hi,
Is it possible to add the ability to manage LDAP or IdP groups in
jamfpro_account_group
?This can be done with the Classic API by submitting the following datas:
Where:
LDAP_GROUP
is the name of the LDAP groupLDAP_ID
is the ID of the LDAP or IdP configuration in Jamf Pro (seeapi/v1/cloud-idp
in Jamf Pro API for example for Entra or Google integrations)Thanks in advance :-) Emmanuel