search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
457 stars 536 forks source link

[Enhancement]: vault_saml_auth_backend lacks support for configuration tune #2115

Open nmasur opened 8 months ago

nmasur commented 8 months ago

Description

We are using the SAML auth method for web UI login, and since there is no support for IdP-initiated login, users need to navigate to the Vault UI and click the button to login. Adding configuration tune to allow unauth visibility would make this easier.

Affected Resource(s) and/or Data Source(s)

vault_saml_auth_backend

Potential Terraform Configuration

resource "vault_saml_auth_backend" "test" {
  path             = "saml"
  idp_metadata_url = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"
  entity_id        = "https://my.vault/v1/auth/saml"
  acs_urls         = ["https://my.vault.primary/v1/auth/saml/callback"]
  default_role     = "admin"
  tune = {
    listing_visibility = "unauth"
  }
}

References

See this document for the description of what we need to do. https://support.hashicorp.com/hc/en-us/articles/360001922527-Configuring-a-Default-UI-Auth-Method

Other auth backend providers already have support for tune. https://registry.terraform.io/providers/hashicorp/vault/3.23.0/docs/resources/auth_backend

Similar issue for Okta auth backend

2069

Would you like to implement a fix?

None