From c1113eb17d84944a03c822987a9ec0b26581c22d Mon Sep 17 00:00:00 2001
From: Pankaj <spo0nman@users.noreply.github.com>
Date: Fri, 22 Apr 2022 18:11:29 +0200
Subject: [PATCH] feat(saml): add optional master_backend_role and
 master_user_name params (#9)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Added support to pass optional master_backend_role and master_user_name parameters to cover the aws_elasticsearch_domain_saml_options resource completely.

     - master_backend_role - (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.
     - master_user_name - (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.

* fix(error): expected "saml_options.0.master_backend_role" to not be an empty string

│ Error: expected "saml_options.0.master_backend_role" to not be an empty string, got
│
│   with module.opensearch.aws_elasticsearch_domain_saml_options.opensearch,
│   on .terraform/modules/opensearch/main.tf line 86, in resource "aws_elasticsearch_domain_saml_options" "opensearch":
│   86:     master_backend_role     = var.saml_master_backend_role

* fix(error): expected "saml_options.0.master_user_name" to not be an empty string

│ Error: expected "saml_options.0.master_user_name" to not be an empty string, got
│
│   with module.opensearch.aws_elasticsearch_domain_saml_options.opensearch,
│   on .terraform/modules/opensearch/main.tf line 85, in resource "aws_elasticsearch_domain_saml_options" "opensearch":
│   85:     master_user_name        = var.saml_master_user_name

Co-authored-by: Pankaj Kaushal <pankaj.kaushal@greenhousegroup.com>
Co-authored-by: Steve Teuber <steve.teuber@idealo.de>
---
 main.tf      |  2 ++
 variables.tf | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/main.tf b/main.tf
index 6df3bf7..c37605b 100644
--- a/main.tf
+++ b/main.tf
@@ -82,6 +82,8 @@ resource "aws_elasticsearch_domain_saml_options" "opensearch" {
     subject_key             = var.saml_subject_key
     roles_key               = var.saml_roles_key
     session_timeout_minutes = var.saml_session_timeout
+    master_user_name        = var.saml_master_user_name
+    master_backend_role     = var.saml_master_backend_role
 
     idp {
       entity_id        = var.saml_entity_id
diff --git a/variables.tf b/variables.tf
index 98ad870..4ef81d7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -125,6 +125,18 @@ variable "saml_session_timeout" {
   default     = 60
 }
 
+variable "saml_master_backend_role" {
+  description = "This backend role receives full permissions to the cluster, equivalent to a new master role, but can only use those permissions within Dashboards."
+  type        = string
+  default     = null
+}
+
+variable "saml_master_user_name" {
+  description = "This username receives full permissions to the cluster, equivalent to a new master user, but can only use those permissions within Dashboards."
+  type        = string
+  default     = null
+}
+
 variable "index_templates" {
   description = "A map of all index templates to create."
   type        = map(any)