Add Wiz SAML User Capability

[jpautz]

Description

The wiz_user resource only supports the "Wiz" login type, with no option for SAML integration. The payloads for Update, Read, and Delete are all the same as for the normal user. Where there is a difference is in the Create. A simple extension of the wiz_user to support SAML appears on the surface to have little side effects.

Potential Terraform Configuration

resource "wiz_user" "bobsmith" {
  assigned_project_ids = ["11111-22222-33333-44444-55555"]
  email                = "[email protected]"
  name                 = "Bob Smith"
  role                 = "DOCUMENT_READER"
  idpID                = "GoogleSSO" # this would match the `wiz_saml_idp.name` field
  send_email_invite    = false
}

References

From the Wiz API Console

graphqlClient := graphql.NewClient("https://<wiz-api>/graphql")
graphqlRequest := graphql.NewRequest(`
    mutation CreateSAMLUser($input: CreateSAMLUserInput!) {
        createSAMLUser(input: $input) {
          user {
            id
          }
        }
      }
`)
// Prepare the variables
variablesJSON := `{
  "input": {
    "name": "bobsmith",
    "role": "PROJECT_READER",
    "assignedProjectIds": [
      "11111-22222-33333-44444-55555"
    ],
    "email": "[email protected]",
    "idpID": "MySAMLSSO"
  }
}`

wiz_user's have an ID, which looks something like a UUID. When using a SAML provider named (for example) "GoogleSSO" the ID will be googlesso_<UUID>. It is this behavior that allows all subsequent Read, Update, and Delete operations to be performed on the same base "User" type.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment