Skip to content

Commit

Permalink
Add support for extra attributes oauth2 client
Browse files Browse the repository at this point in the history
fields to create workforce pool operation. This
address the gap between newly added support in
Gcloud command of iam create workforce pool
provider and iam update workforce pool provider.

Fixes hashicorp/terraform-provider-google#20862

```
iam: added `extra_attributes_oauth2_client` field to `google_iam_workforce_pool_provider` SAML resource
```
  • Loading branch information
omkark-google committed Jan 11, 2025
1 parent e2df63b commit a8ae85a
Show file tree
Hide file tree
Showing 4 changed files with 238 additions and 10 deletions.
2 changes: 1 addition & 1 deletion mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ properties:
The configuration for OAuth 2.0 client used to get the additional user
attributes. This should be used when users can't get the desired claims
in authentication credentials. Currently this configuration is only
supported with OIDC protocol.
supported with SAML and OIDC protocol.
properties:
- name: 'issuerUri'
type: String
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,19 @@ resource "google_iam_workforce_pool_provider" "{{$.PrimaryResourceId}}" {
additional_scopes = ["groups", "roles"]
}
}
extra_attributes_oauth2_client {
issuer_uri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"
client_id = "client-id"
client_secret {
value {
plain_text = "client-secret"
}
}
attributes_type = "AZURE_AD_GROUPS_MAIL"
query_parameters {
filter = "mail:test"
}
}
display_name = "Display name"
description = "A sample OIDC workforce pool provider."
disabled = false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,19 @@ resource "google_iam_workforce_pool_provider" "{{$.PrimaryResourceId}}" {
saml {
idp_metadata_xml = "<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"
}
extra_attributes_oauth2_client {
issuer_uri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"
client_id = "client-id"
client_secret {
value {
plain_text = "client-secret"
}
}
attributes_type = "AZURE_AD_GROUPS_MAIL"
query_parameters {
filter = "mail:gcp"
}
}
display_name = "Display name"
description = "A sample SAML workforce pool provider."
disabled = false
Expand Down
Loading

0 comments on commit a8ae85a

Please sign in to comment.