Closed mikkoc closed 3 years ago
We've had our eye on roles next as other customers have been asking for this too. We'll use this suggestion along with what others are asking for and come up with something :)
My team has a similar need for this. I'd prefer the latter approach of having a separate resource for role attachments. In our case we have roles attached to an app, but the mapping rules within the app also refer to these roles. Having a separate role attachment resource eliminates any circular dependency issues and terraform can just manage these implicit dependencies.
I made a feature branch for app roles if you'd like to sideload and try it out. To sideload, clone the repository, checkout the branch, and run make sideload
from the project root.
You'd need to create roles in the UI first since our API doesn't support role creation yet (otherwise I would have made a role resource as well). You can query your roles with
curl --location --request GET 'https://api.us.onelogin.com/api/1/roles/' \
--header 'Authorization: Bearer <access_token>'
In your .tf file you'd make the attachment like so.
resource onelogin_saml_apps saml {
connector_id = 50534
name = "SAML App"
description = "SAML"
configuration = {
signature_algorithm = "SHA-1"
}
}
resource onelogin_app_role_attachments test {
app_id = onelogin_saml_apps.saml.id
role_id = 12345
}
Let me know if that does the job. I'm thinking of adding a similar concept to User resources as well if this is how you'd like to use it.
I tested with the 0.1.2 release, it works. thanks
Hello,
In our company we assign Roles to OneLogin apps in order to grant access to different people across our organisation.
It would be nice to be able to control this via Terraform when creating the app.
I could see this as being either embedded in the app resource, i.e.:
or have a separate TF resource to handle the attachment (inspired by the AWS IAM policy attachment), i.e.: