/
data_source_okta_idp_saml.go
135 lines (130 loc) · 4.02 KB
/
data_source_okta_idp_saml.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
package okta
import (
"context"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/okta/terraform-provider-okta/sdk"
)
const saml2Idp = "SAML2"
func dataSourceIdpSaml() *schema.Resource {
return &schema.Resource{
ReadContext: dataSourceIdpSamlRead,
Schema: map[string]*schema.Schema{
"id": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"name"},
Description: "Id of idp.",
},
"name": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"id"},
Description: "Name of the idp.",
},
"type": {
Type: schema.TypeString,
Computed: true,
Description: "Type of idp.",
},
"acs_binding": {
Type: schema.TypeString,
Computed: true,
Description: "ACS binding",
},
"acs_type": {
Type: schema.TypeString,
Computed: true,
Description: "Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata.",
},
"sso_url": {
Type: schema.TypeString,
Computed: true,
Description: "Single sign-on url.",
},
"sso_binding": {
Type: schema.TypeString,
Computed: true,
Description: "Single sign-on binding.",
},
"sso_destination": {
Type: schema.TypeString,
Computed: true,
Description: "SSO request binding, HTTP-POST or HTTP-REDIRECT.",
},
"subject_format": {
Type: schema.TypeSet,
Elem: &schema.Schema{Type: schema.TypeString},
Computed: true,
Description: "Expression to generate or transform a unique username for the IdP user.",
},
"subject_filter": {
Type: schema.TypeString,
Computed: true,
Description: "Regular expression pattern used to filter untrusted IdP usernames.",
},
"issuer": {
Type: schema.TypeString,
Computed: true,
Description: "URI that identifies the issuer (IdP).",
},
"issuer_mode": {
Type: schema.TypeString,
Computed: true,
Description: "Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL in the request to the IdP.",
},
"audience": {
Type: schema.TypeString,
Computed: true,
Description: "URI that identifies the target Okta IdP instance (SP)",
},
"kid": {
Type: schema.TypeString,
Computed: true,
Description: "Key ID reference to the IdP's X.509 signature certificate.",
},
},
Description: "Get a SAML IdP from Okta.",
}
}
func dataSourceIdpSamlRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
id := d.Get("id").(string)
name := d.Get("name").(string)
if id == "" && name == "" {
return diag.Errorf("config must provide either 'id' or 'name' to retrieve the IdP")
}
var (
err error
idp *sdk.IdentityProvider
)
if id != "" {
idp, err = getIdentityProviderByID(ctx, m, id, saml2Idp)
} else {
idp, err = getIdpByNameAndType(ctx, m, name, saml2Idp)
}
if err != nil {
return diag.FromErr(err)
}
d.SetId(idp.Id)
_ = d.Set("name", idp.Name)
_ = d.Set("type", idp.Type)
_ = d.Set("acs_binding", idp.Protocol.Endpoints.Acs.Binding)
_ = d.Set("acs_type", idp.Protocol.Endpoints.Acs.Type)
_ = d.Set("sso_url", idp.Protocol.Endpoints.Sso.Url)
_ = d.Set("sso_binding", idp.Protocol.Endpoints.Sso.Binding)
_ = d.Set("sso_destination", idp.Protocol.Endpoints.Sso.Destination)
_ = d.Set("subject_filter", idp.Policy.Subject.Filter)
_ = d.Set("kid", idp.Protocol.Credentials.Trust.Kid)
_ = d.Set("issuer", idp.Protocol.Credentials.Trust.Issuer)
_ = d.Set("audience", idp.Protocol.Credentials.Trust.Audience)
if idp.IssuerMode != "" {
_ = d.Set("issuer_mode", idp.IssuerMode)
}
err = setNonPrimitives(d, map[string]interface{}{
"subject_format": convertStringSliceToSet(idp.Policy.Subject.Format),
})
if err != nil {
return diag.Errorf("failed to set SAML identity provider properties: %v", err)
}
return nil
}