diff --git a/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml b/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml
index 2694ea79bda1..2ce28c7bb13f 100644
--- a/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml
+++ b/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml
@@ -80,6 +80,7 @@ examples:
org_id: 'ORG_ID'
ignore_read_extra:
- 'oidc.0.client_secret.0.value.0.plain_text'
+ - 'extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text'
- name: 'iam_workforce_pool_provider_oidc_upload_key'
primary_resource_id: 'example'
vars:
@@ -388,7 +389,7 @@ properties:
The configuration for OAuth 2.0 client used to get the additional user
attributes. This should be used when users can't get the desired claims
in authentication credentials. Currently this configuration is only
- supported with OIDC protocol.
+ supported with SAML and OIDC protocol.
properties:
- name: 'issuerUri'
type: String
diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.tmpl b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.tmpl
index c42fab228ace..cb8ee340adc6 100644
--- a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.tmpl
+++ b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.tmpl
@@ -12,7 +12,7 @@ resource "google_iam_workforce_pool_provider" "{{$.PrimaryResourceId}}" {
"google.subject" = "assertion.sub"
}
oidc {
- issuer_uri = "https://accounts.thirdparty.com"
+ issuer_uri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"
client_id = "client-id"
client_secret {
value {
@@ -25,6 +25,19 @@ resource "google_iam_workforce_pool_provider" "{{$.PrimaryResourceId}}" {
additional_scopes = ["groups", "roles"]
}
}
+ extra_attributes_oauth2_client {
+ issuer_uri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"
+ client_id = "client-id"
+ client_secret {
+ value {
+ plain_text = "client-secret"
+ }
+ }
+ attributes_type = "AZURE_AD_GROUPS_MAIL"
+ query_parameters {
+ filter = "mail:gcp"
+ }
+ }
display_name = "Display name"
description = "A sample OIDC workforce pool provider."
disabled = false
diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_saml_full.tf.tmpl b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_saml_full.tf.tmpl
index c74bfab882a1..6d1ccc4be710 100644
--- a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_saml_full.tf.tmpl
+++ b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_saml_full.tf.tmpl
@@ -14,6 +14,19 @@ resource "google_iam_workforce_pool_provider" "{{$.PrimaryResourceId}}" {
saml {
idp_metadata_xml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"
}
+ extra_attributes_oauth2_client {
+ issuer_uri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"
+ client_id = "client-id"
+ client_secret {
+ value {
+ plain_text = "client-secret"
+ }
+ }
+ attributes_type = "AZURE_AD_GROUPS_MAIL"
+ query_parameters {
+ filter = "mail:gcp"
+ }
+ }
display_name = "Display name"
description = "A sample SAML workforce pool provider."
disabled = false
diff --git a/mmv1/third_party/terraform/services/iamworkforcepool/resource_iam_workforce_pool_provider_test.go.tmpl b/mmv1/third_party/terraform/services/iamworkforcepool/resource_iam_workforce_pool_provider_test.go.tmpl
index 46c36f852671..074d339669dd 100644
--- a/mmv1/third_party/terraform/services/iamworkforcepool/resource_iam_workforce_pool_provider_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/iamworkforcepool/resource_iam_workforce_pool_provider_test.go.tmpl
@@ -120,7 +120,7 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_saml(t *testing.T) {
})
}
-func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t *testing.T) {
+func TestAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client(t *testing.T) {
t.Parallel()
random_suffix := acctest.RandString(t, 10)
@@ -135,7 +135,7 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t
CheckDestroy: testAccCheckIAMWorkforcePoolWorkforcePoolDestroyProducer(t),
Steps: []resource.TestStep{
{
- Config: testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_full(context),
+ Config: testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_full(context),
},
{
ResourceName: "google_iam_workforce_pool_provider.my_provider",
@@ -144,7 +144,7 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t
ImportStateVerifyIgnore: []string{"oidc.0.client_secret.0.value.0.plain_text", "extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text"},
},
{
- Config: testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_update(context),
+ Config: testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_update(context),
},
{
ResourceName: "google_iam_workforce_pool_provider.my_provider",
@@ -153,7 +153,7 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t
ImportStateVerifyIgnore: []string{"oidc.0.client_secret.0.value.0.plain_text", "extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text"},
},
{
- Config: testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_update_clearConfig(context),
+ Config: testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_update_clearConfig(context),
},
{
ResourceName: "google_iam_workforce_pool_provider.my_provider",
@@ -162,7 +162,7 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t
ImportStateVerifyIgnore: []string{"oidc.0.client_secret.0.value.0.plain_text"},
},
{
- Config: testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_basic(context),
+ Config: testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_basic(context),
},
{
ResourceName: "google_iam_workforce_pool_provider.my_provider",
@@ -180,6 +180,67 @@ func TestAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client(t
})
}
+
+func TestAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client(t *testing.T) {
+ t.Parallel()
+
+ random_suffix := acctest.RandString(t, 10)
+ context := map[string]interface{}{
+ "org_id": envvar.GetTestOrgFromEnv(t),
+ "random_suffix": random_suffix,
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckIAMWorkforcePoolWorkforcePoolDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_full(context),
+ },
+ {
+ ResourceName: "google_iam_workforce_pool_provider.my_provider",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text"},
+ },
+ {
+ Config: testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_update(context),
+ },
+ {
+ ResourceName: "google_iam_workforce_pool_provider.my_provider",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text"},
+ },
+ {
+ Config: testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_update_clearConfig(context),
+ },
+ {
+ ResourceName: "google_iam_workforce_pool_provider.my_provider",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"oidc.0.client_secret.0.value.0.plain_text"},
+ },
+ {
+ Config: testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_basic(context),
+ },
+ {
+ ResourceName: "google_iam_workforce_pool_provider.my_provider",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"extra_attributes_oauth2_client.0.client_secret.0.value.0.plain_text"},
+ },
+ {
+ Config: testAccIAMWorkforcePoolWorkforcePoolProvider_destroy(context),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckIAMWorkforcePoolWorkforcePoolProviderAccess(t, random_suffix),
+ ),
+ },
+ },
+ })
+}
+
func testAccCheckIAMWorkforcePoolWorkforcePoolProviderAccess(t *testing.T, random_suffix string) resource.TestCheckFunc {
return func(s *terraform.State) error {
pool_resource_name := "google_iam_workforce_pool.my_pool"
@@ -426,7 +487,7 @@ resource "google_iam_workforce_pool_provider" "my_provider" {
}
-func testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_full(context map[string]interface{}) string {
+func testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_full(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_iam_workforce_pool" "my_pool" {
workforce_pool_id = "my-pool-%{random_suffix}"
@@ -476,7 +537,7 @@ resource "google_iam_workforce_pool_provider" "my_provider" {
`, context)
}
-func testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_update(context map[string]interface{}) string {
+func testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_update(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_iam_workforce_pool" "my_pool" {
workforce_pool_id = "my-pool-%{random_suffix}"
@@ -526,7 +587,7 @@ resource "google_iam_workforce_pool_provider" "my_provider" {
`, context)
}
-func testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_update_clearConfig(context map[string]interface{}) string {
+func testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_update_clearConfig(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_iam_workforce_pool" "my_pool" {
workforce_pool_id = "my-pool-%{random_suffix}"
@@ -563,7 +624,7 @@ resource "google_iam_workforce_pool_provider" "my_provider" {
`, context)
}
-func testAccIAMWorkforcePoolWorkforcePoolProvider_extraAttributesOauth2Client_basic(context map[string]interface{}) string {
+func testAccIAMWorkforcePoolWorkforcePoolOidcProvider_extraAttributesOauth2Client_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_iam_workforce_pool" "my_pool" {
workforce_pool_id = "my-pool-%{random_suffix}"
@@ -610,6 +671,147 @@ resource "google_iam_workforce_pool_provider" "my_provider" {
`, context)
}
+
+func testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_full(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_iam_workforce_pool" "my_pool" {
+ workforce_pool_id = "my-pool-%{random_suffix}"
+ parent = "organizations/%{org_id}"
+ location = "global"
+}
+
+resource "google_iam_workforce_pool_provider" "my_provider" {
+ workforce_pool_id = google_iam_workforce_pool.my_pool.workforce_pool_id
+ location = google_iam_workforce_pool.my_pool.location
+ provider_id = "my-provider-%{random_suffix}"
+ attribute_mapping = {
+ "google.subject" = "assertion.sub"
+ }
+ saml {
+ idp_metadata_xml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"
+ }
+ extra_attributes_oauth2_client {
+ issuer_uri = "https://login.microsoftonline.com/3c75f51a-5393-4b53-8efe-fa85c311e533/v2.0/"
+ client_id = "client-id"
+ client_secret {
+ value {
+ plain_text = "client-secret"
+ }
+ }
+ attributes_type = "AZURE_AD_GROUPS_MAIL"
+ query_parameters {
+ filter = "mail:gcp"
+ }
+ }
+ display_name = "Display name"
+ description = "A sample OIDC workforce pool provider."
+ disabled = false
+ attribute_condition = "true"
+}
+`, context)
+}
+
+func testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_update(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_iam_workforce_pool" "my_pool" {
+ workforce_pool_id = "my-pool-%{random_suffix}"
+ parent = "organizations/%{org_id}"
+ location = "global"
+}
+
+resource "google_iam_workforce_pool_provider" "my_provider" {
+ workforce_pool_id = google_iam_workforce_pool.my_pool.workforce_pool_id
+ location = google_iam_workforce_pool.my_pool.location
+ provider_id = "my-provider-%{random_suffix}"
+ attribute_mapping = {
+ "google.subject" = "false"
+ }
+ saml {
+ idp_metadata_xml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"
+ }
+ extra_attributes_oauth2_client {
+ issuer_uri = "https://login.microsoftonline.com/3c75f51a-5393-4b53-8efe-fa85c311e533/v2.0/"
+ client_id = "new-client-id"
+ client_secret {
+ value {
+ plain_text = "new-client-secret"
+ }
+ }
+ attributes_type = "AZURE_AD_GROUPS_MAIL"
+ query_parameters {
+ filter = "displayName:gcp"
+ }
+ }
+ display_name = "New Display name"
+ description = "A sample OIDC workforce pool provider with updated description."
+ disabled = true
+ attribute_condition = "false"
+}
+`, context)
+}
+
+func testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_update_clearConfig(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_iam_workforce_pool" "my_pool" {
+ workforce_pool_id = "my-pool-%{random_suffix}"
+ parent = "organizations/%{org_id}"
+ location = "global"
+}
+
+resource "google_iam_workforce_pool_provider" "my_provider" {
+ workforce_pool_id = google_iam_workforce_pool.my_pool.workforce_pool_id
+ location = google_iam_workforce_pool.my_pool.location
+ provider_id = "my-provider-%{random_suffix}"
+ attribute_mapping = {
+ "google.subject" = "false"
+ }
+ saml {
+ idp_metadata_xml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"
+ }
+ display_name = "New Display name"
+ description = "A sample OIDC workforce pool provider with updated description."
+ disabled = true
+ attribute_condition = "false"
+}
+`, context)
+}
+
+func testAccIAMWorkforcePoolWorkforcePoolSamlProvider_extraAttributesOauth2Client_basic(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_iam_workforce_pool" "my_pool" {
+ workforce_pool_id = "my-pool-%{random_suffix}"
+ parent = "organizations/%{org_id}"
+ location = "global"
+}
+
+resource "google_iam_workforce_pool_provider" "my_provider" {
+ workforce_pool_id = google_iam_workforce_pool.my_pool.workforce_pool_id
+ location = google_iam_workforce_pool.my_pool.location
+ provider_id = "my-provider-%{random_suffix}"
+ attribute_mapping = {
+ "google.subject" = "false"
+ }
+ saml {
+ idp_metadata_xml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"
+ }
+ extra_attributes_oauth2_client {
+ issuer_uri = "https://login.microsoftonline.com/3c75f51a-5393-4b53-8efe-fa85c311e533/v2.0/"
+ client_id = "client-id"
+ client_secret {
+ value {
+ plain_text = "client-secret"
+ }
+ }
+ attributes_type = "AZURE_AD_GROUPS_MAIL"
+ }
+ display_name = "New Display name"
+ description = "A sample OIDC workforce pool provider with updated description."
+ disabled = true
+ attribute_condition = "false"
+}
+`, context)
+}
+
func testAccIAMWorkforcePoolWorkforcePoolProvider_destroy(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_iam_workforce_pool" "my_pool" {