Ability to fully configure apps

onelogin / terraform-provider-onelogin

GNU General Public License v3.0

27 stars 19 forks source link

Ability to fully configure apps #65

Closed GaretJax closed 1 year ago

GaretJax commented 3 years ago

My apologies if this is already covered elsewhere.

What I'm trying to achieve: configure AWS and OneLogin to use the "Aws Multi-Account" app fully in terraform.

In my case, I need to be able to configure the "External Role Name", "External ID", and the "List of SAML providers" configuration values. Ideally, these would be exposed as additional resources, as otherwise, we would introduce circular dependencies (AWS SAML provider depends on app metadata, but the app configuration depends on the external role name).

Regarding the app metadata, it would be a nice bonus if that's exposed via an attribute so that we can directly use it with the "aws_iam_saml_provider" resource.

mikkoc commented 3 years ago

Not the author, but as a workaround for the metadata not being available in the app resource we use this:

data "http" "saml_metadata" {
  url = onelogin_saml_apps.app.sso.metadata_url
}

resource "aws_iam_saml_provider" "onelogin_saml_app" {
  name                   = "app-name"
  saml_metadata_document = data.http.saml_metadata.body
}

GaretJax commented 3 years ago

Thanks @mikkoc, that's indeed nice.

pmoosh commented 3 years ago

@GaretJax

did you get the configuration setup and the parameters to work for "Aws Multi-Account"? I am having issue setting parameter, configuration values like:

configuration = { audience = "something" consumer = "something_else" }

It completes but the WebUI won't show them....

GaretJax commented 3 years ago

I also noticed that it completes, but successive apply runs identify new state changes and I don't know if it actually works.

pmoosh commented 3 years ago

@GaretJax - thx. I also noticed that when I use curl with the API directly I need 2 retries until all the parameters are set correctly.

andymac4182 commented 3 years ago

@GaretJax I am about to start doing something similar are you able to share any of your Terraform as I can't quite see all the parameters I need to set. In my case I generate the RoleName, ExternalID and can "guess" the SAML provider as I know all the account ids upfront and dictate the name of the SAML provider.

GaretJax commented 2 years ago

Just to make it clear: I am not able to get it to work, hence this issue. :-)

Jmfwolf commented 1 year ago

The new terraform provider onelogin should allow this. Please let me know if the issue continues