search

deploymenttheory / terraform-provider-jamfpro

Jamf Pro Terraform Provider/Plugin written with the TF Provider SDK v2. Written in go
Mozilla Public License 2.0
24 stars 9 forks source link

Feature Request: Add support for directory groups in jamfpro_account_group #155

Closed ecanault closed 3 months ago

ecanault commented 3 months ago

Hi,

Is it possible to add the ability to manage LDAP or IdP groups in jamfpro_account_group?

This can be done with the Classic API by submitting the following datas:

<group>
  <name>${LDAP_GROUP}</name>
  <access_level>Full Access</access_level>
  <privilege_set>Administrator</privilege_set>
  <ldap_server>
  <id>${LDAP_ID}</id>
  </ldap_server>
</group>

Where:

Thanks in advance :-) Emmanuel

ShocOne commented 3 months ago

Hi there, looks like an easy enough implementation, i'll take a look next week for you. Thanks

ShocOne commented 3 months ago

I've added support for ldap groups using a new identity_server block that can now be added to jamfpro_account_group . This has been added with PR #160 and is part of the v0.0.45 release. Please test and confirm. many thanks

ecanault commented 3 months ago

Hi @ShocOne

Thanks a lot for this enhancement! Just made a test : resources are correctly created, but the terraform deployment command ends up with errors:

╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '4' to become available after 1 retries. Last error: context deadline exceeded
│ 
│   with jamfpro_account_group.admin_group,
│   on main.tf line 38, in resource "jamfpro_account_group" "admin_group":
│   38: resource "jamfpro_account_group" "admin_group" {
│ 
╵
╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '5' to become available after 1 retries. Last error: context deadline exceeded
│ 
│   with jamfpro_account_group.auditor_group,
│   on main.tf line 47, in resource "jamfpro_account_group" "auditor_group":
│   47: resource "jamfpro_account_group" "auditor_group" {
│ 
╵
╷
│ Error: Error waiting for Jamf Pro Account Group resource with ID '6' to become available after 1 retries. Last error: context deadline exceeded
│ 
│   with jamfpro_account_group.enrollment_group,
│   on main.tf line 56, in resource "jamfpro_account_group" "enrollment_group":
│   56: resource "jamfpro_account_group" "enrollment_group" {
│ 
╵

Here are the relevant parts of mymain.tf file:

terraform {
  required_providers {
    jamfpro = {
      source  = "deploymenttheory/jamfpro"
      version = "~> 0.0.45"
    }
  }
}

provider "jamfpro" {
  instance_name                = var.JAMFPRO_INSTANCE_NAME
  username                     = var.JAMFPRO_USERNAME
  password                     = var.JAMFPRO_PASSWORD
  log_level                    = "none"
  log_output_format            = "console"
  log_console_separator        = " "
  hide_sensitive_data          = true
  max_retry_attempts           = 5
  enable_dynamic_rate_limiting = false
  max_concurrent_requests      = 5
  token_refresh_buffer_period  = 10
  total_retry_duration         = 30
  custom_timeout               = 30
}

resource "jamfpro_account_group" "admin_group" {
  name          = var.SSO_ADMIN_GROUP
  access_level  = "Full Access"
  privilege_set = "Administrator"
  identity_server {
    id = 1004
  }
}

resource "jamfpro_account_group" "auditor_group" {
  name          = var.SSO_AUDIT_GROUP
  access_level  = "Full Access"
  privilege_set = "Auditor"
  identity_server {
    id = 1004
  }
}

resource "jamfpro_account_group" "enrollment_group" {
  name          = var.SSO_ENROLL_GROUP
  access_level  = "Full Access"
  privilege_set = "Enrollment Only"
  identity_server {
    id = 1004
  }
}

Regards, Emmanuel

ShocOne commented 3 months ago

Hi Manu, I've made some changes to the provider to accommodate your ask and they will be in the next release to support iDP and LDAP. I've been focusing on the stating issues you flagged in your comments this week. Which should be resolved now.

ecanault commented 3 months ago

Hi @ShocOne Many thanks for that, I will test it ASAP. I will have other features requests I think 🙂.

ShocOne commented 3 months ago

Please try the latest release v0.0.48 and let me know how you get on. My sandbox jamf environment doesn't haven't have ldap integration so im having to build off of the data model and documentation exclusively.

ecanault commented 3 months ago

Hi, I have juste done a quick test : the objects create tasks take a looong time (~ 4 mn), but it works \o/ I didn't played with the new options as discussed in the Slack channel but I will do :-) I hope to have more time next week to work on this subject. Thanks

ShocOne commented 3 months ago

great. if you have any other feedback then let me know. thanks for testing

ecanault commented 3 months ago

[like] Emmanuel Canault reacted to your message:

From: ShocOne @.> Sent: Friday, April 12, 2024 1:48:50 PM To: deploymenttheory/terraform-provider-jamfpro @.> Cc: Emmanuel Canault @.>; Author @.> Subject: Re: [deploymenttheory/terraform-provider-jamfpro] Feature Request: Add support for directory groups in jamfpro_account_group (Issue #155)

great. if you have any other feedback then let me know. thanks for testing

— Reply to this email directly, view it on GitHubhttps://github.com/deploymenttheory/terraform-provider-jamfpro/issues/155#issuecomment-2051799408, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKY46S5UHDCJFPL6PBMOA3TY47Q4FAVCNFSM6AAAAABFYYIWECVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJRG44TSNBQHA. You are receiving this because you authored the thread.Message ID: @.***>