Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO New User & Group Resource #18812

Closed
ajaychoudhary-bcg opened this issue Apr 13, 2021 · 14 comments
Closed

SSO New User & Group Resource #18812

ajaychoudhary-bcg opened this issue Apr 13, 2021 · 14 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. upstream Addresses functionality related to the cloud provider.
Milestone

Comments

@ajaychoudhary-bcg
Copy link

ajaychoudhary-bcg commented Apr 13, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Related #18739

Description

It would be great if we can provide resource to create new group and add members using terraform.

New or Affected Resource(s)

New

  • aws_XXXXX

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000
@ajaychoudhary-bcg ajaychoudhary-bcg added the enhancement Requests to existing resources that expand the functionality or scope. label Apr 13, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Apr 13, 2021
@YakDriver
Copy link
Member

@ajaychoudhary-bcg This sounds like a good idea. However, can you please provide additional details, such as a possible name for the new resource and what the Terraform configuration would look like?

@YakDriver YakDriver removed the needs-triage Waiting for first response or review from a maintainer. label Apr 13, 2021
@ajaychoudhary-bcg
Copy link
Author

ajaychoudhary-bcg commented Apr 14, 2021

@YakDriver
When we create group from UI, it requires only name and description.
resource "aws_ssoadmin_group" "example" {
name = "test"
description = "test" # Optional argument
users = [list of users arns] # Optional argument
#other attributes as required for integration
}
similarly we need for user
resource "aws_ssoadmin_user" "example" {
Username= string
EmailAddress= string
firstname = string
lastname = string
#other attributes as required for integration
}
and data source for users will also be required with filter to get existing users and add in group.

@ajaychoudhary-bcg
Copy link
Author

do we know by when this will be available?

@bhegazy
Copy link

bhegazy commented Jul 4, 2021

I don't think this is yet possible since it's not yet supported in AWS SDK , maybe we should also edit the this issue title to be SSO New User & Group Resource to match the issue in aws-sdk

@ajaychoudhary-bcg ajaychoudhary-bcg changed the title SSO New Group Resource SSO New User & Group Resource Jul 20, 2021
@rpuserh
Copy link

rpuserh commented Dec 9, 2021

Any update on this ?

@DrFaust92 DrFaust92 added the upstream Addresses functionality related to the cloud provider. label Feb 12, 2022
@rwejdling
Copy link

I guess the best option for now is to enable an automatic provisioning endpoint on the SSO tenant and use the SCIM API directly. Annoying, but could work.

@Stasmo
Copy link

Stasmo commented Mar 15, 2022

The AWS SCIM API only returns a maximum of 50 users when listing users. There is no way to retrieve the rest of the users. The AWS SCIM endpoint also does not return a user's group information, so there's no way to tell which groups the user is part of. Unfortunately, the AWS SCIM API is not a great option for automated user provisioning.

@mbuotidem
Copy link

It appears this is now supported in AWS SDK: https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html

@antonioned
Copy link

#26598 - currently being worked on by TF team

@ewbankkit
Copy link
Contributor

Closed via #26948 and #26674.

@ewbankkit ewbankkit added this to the v4.33.0 milestone Sep 28, 2022
@github-actions
Copy link

This functionality has been released in v4.33.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@rainmanh
Copy link

rainmanh commented Oct 26, 2022

@ewbankkit is in your roadmap the implementation of the imports for the following?

  • aws_identitystore_user
  • aws_identitystore_group

While I can create new User/Groups, I would really need to import the resources from the existing infrastructure.
I've looked into the current documentation and the import feature is not there for either of them, so I wonder whether that will be done sometime soon.
p.s: I see aws_identitystore_group_membership got the import feature but without the other 2 it's a bit of an issue on this end.

Many thanks

@sblask
Copy link

sblask commented Oct 26, 2022

@rainmanh I just imported users and groups, so that just works, but it might not be documented. You can just import using the ID of the user and group unlike the group membership where you need to get the membership ID first.

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. upstream Addresses functionality related to the cloud provider.
Projects
None yet
Development

No branches or pull requests