From 62901ce5314ace32183d4bd76f4a6a23621903ab Mon Sep 17 00:00:00 2001 From: "gitlab@jekone.com" Date: Fri, 16 Sep 2022 10:52:15 +0200 Subject: [PATCH 1/2] added saml options and changed few variables --- main.tf | 13 +++++++++---- variables.tf | 30 +++++++++++++++++++++++++++--- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 8c4fd04..4dcad7e 100644 --- a/main.tf +++ b/main.tf @@ -95,10 +95,15 @@ resource "aws_elasticsearch_domain" "opensearch" { resource "aws_elasticsearch_domain_saml_options" "opensearch_saml_options" { domain_name = var.cluster_name saml_options { - enabled = var.saml_options_enabled + enabled = var.saml_options_enabled + master_backend_role = var.saml_options_master_backend_role + master_user_name = var.saml_options_master_user_name + roles_key = var.saml_options_roles_key + session_timeout_minutes = var.saml_options_session_timeout_minutes + subject_key = var.saml_options_subject_key idp { - entity_id = var.entity_id - metadata_content = var.metadata_content + entity_id = var.saml_options_idp_entity_id + metadata_content = var.saml_options_idp_metadata_content } } -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index dceb7c9..462a4a9 100644 --- a/variables.tf +++ b/variables.tf @@ -217,14 +217,38 @@ variable "saml_options_enabled" { type = bool default = false } - -variable "entity_id" { +variable "saml_options_master_backend_role" { + description = "(Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user." + type = string + default = null +} +variable "saml_options_master_user_name" { + description = "(Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user." + type = string + default = null +} +variable "saml_options_roles_key" { + description = "(Optional) Element of the SAML assertion to use for backend roles. Default is roles. e.g. http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" + type = string + default = null +} +variable "saml_options_subject_key" { + description = "(Optional) Custom SAML attribute to use for user names. Default is an empty string. This will cause Elasticsearch to use the NameID element of the Subject, which is the default location for name identifiers in the SAML specification." + type = string + default = null +} +variable "saml_options_session_timeout_minutes" { + description = "(Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440." + type = number + default = null +} +variable "saml_options_idp_entity_id" { description = "URL of the entity id" type = string default = null } -variable "metadata_content" { +variable "saml_options_idp_metadata_content" { type = string description = "Contents of the saml-metadata.xml file" default = null From 1797a1c9a71d40e975197537066e295e6c60feae Mon Sep 17 00:00:00 2001 From: "gitlab@jekone.com" Date: Fri, 16 Sep 2022 10:53:06 +0200 Subject: [PATCH 2/2] formating --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 462a4a9..603b7c0 100644 --- a/variables.tf +++ b/variables.tf @@ -258,4 +258,4 @@ variable "tags" { type = map(string) description = "A mapping of tags to assign to the OpenSearch cluster." default = {} -} \ No newline at end of file +}