feat(saml): add optional master_backend_role and master_user_name par…

…ams (#9) * Added support to pass optional master_backend_role and master_user_name parameters to cover the aws_elasticsearch_domain_saml_options resource completely. - master_backend_role - (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. - master_user_name - (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. * fix(error): expected "saml_options.0.master_backend_role" to not be an empty string │ Error: expected "saml_options.0.master_backend_role" to not be an empty string, got │ │ with module.opensearch.aws_elasticsearch_domain_saml_options.opensearch, │ on .terraform/modules/opensearch/main.tf line 86, in resource "aws_elasticsearch_domain_saml_options" "opensearch": │ 86: master_backend_role = var.saml_master_backend_role * fix(error): expected "saml_options.0.master_user_name" to not be an empty string │ Error: expected "saml_options.0.master_user_name" to not be an empty string, got │ │ with module.opensearch.aws_elasticsearch_domain_saml_options.opensearch, │ on .terraform/modules/opensearch/main.tf line 85, in resource "aws_elasticsearch_domain_saml_options" "opensearch": │ 85: master_user_name = var.saml_master_user_name Co-authored-by: Pankaj Kaushal <pankaj.kaushal@greenhousegroup.com> Co-authored-by: Steve Teuber <steve.teuber@idealo.de>
idealo · Apr 22, 2022 · c1113eb · c1113eb
1 parent a916c7a
commit c1113eb
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -82,6 +82,8 @@ resource "aws_elasticsearch_domain_saml_options" "opensearch" {
     subject_key             = var.saml_subject_key
     roles_key               = var.saml_roles_key
     session_timeout_minutes = var.saml_session_timeout
+    master_user_name        = var.saml_master_user_name
+    master_backend_role     = var.saml_master_backend_role
 
     idp {
       entity_id        = var.saml_entity_id

diff --git a/variables.tf b/variables.tf
@@ -125,6 +125,18 @@ variable "saml_session_timeout" {
   default     = 60
 }
 
+variable "saml_master_backend_role" {
+  description = "This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards."
+  type        = string
+  default     = null
+}
+
+variable "saml_master_user_name" {
+  description = "This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards."
+  type        = string
+  default     = null
+}
+
 variable "index_templates" {
   description = "A map of all index templates to create."
   type        = map(any)