Merge pull request #7 from sbp-akamai/add-additional-saml-options-and…

…-change-variable-names Add additional saml options and change variable names
sbp-akamai · Sep 16, 2022 · 898826f · 898826f
2 parents f2cfd28 + 1797a1c
commit 898826f
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 8 deletions.
diff --git a/main.tf b/main.tf
@@ -95,10 +95,15 @@ resource "aws_elasticsearch_domain" "opensearch" {
 resource "aws_elasticsearch_domain_saml_options" "opensearch_saml_options" {
   domain_name = var.cluster_name
   saml_options {
-    enabled = var.saml_options_enabled
+    enabled                 = var.saml_options_enabled
+    master_backend_role     = var.saml_options_master_backend_role
+    master_user_name        = var.saml_options_master_user_name
+    roles_key               = var.saml_options_roles_key
+    session_timeout_minutes = var.saml_options_session_timeout_minutes
+    subject_key             = var.saml_options_subject_key
     idp {
-      entity_id        = var.entity_id
-      metadata_content = var.metadata_content
+      entity_id        = var.saml_options_idp_entity_id
+      metadata_content = var.saml_options_idp_metadata_content
     }
   }
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -217,14 +217,38 @@ variable "saml_options_enabled" {
   type        = bool
   default     = false
 }
-
-variable "entity_id" {
+variable "saml_options_master_backend_role" {
+  description = "(Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
+  type        = string
+  default     = null
+}
+variable "saml_options_master_user_name" {
+  description = "(Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
+  type        = string
+  default     = null
+}
+variable "saml_options_roles_key" {
+  description = "(Optional) Element of the SAML assertion to use for backend roles. Default is roles. e.g. http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
+  type        = string
+  default     = null
+}
+variable "saml_options_subject_key" {
+  description = "(Optional) Custom SAML attribute to use for user names. Default is an empty string. This will cause Elasticsearch to use the NameID element of the Subject, which is the default location for name identifiers in the SAML specification."
+  type        = string
+  default     = null
+}
+variable "saml_options_session_timeout_minutes" {
+  description = "(Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
+  type        = number
+  default     = null
+}
+variable "saml_options_idp_entity_id" {
   description = "URL of the entity id"
   type        = string
   default     = null
 }
 
-variable "metadata_content" {
+variable "saml_options_idp_metadata_content" {
   type        = string
   description = "Contents of the saml-metadata.xml file"
   default     = null
@@ -234,4 +258,4 @@ variable "tags" {
   type        = map(string)
   description = "A mapping of tags to assign to the OpenSearch cluster."
   default     = {}
-}
+}