terraform-provider-aviatrix icon indicating copy to clipboard operation
terraform-provider-aviatrix copied to clipboard

Published 20 hours ago verified publisher icon AviatrixSystems

custom_saml_request_template for aviatrix_saml_endpoint always produces an update in-place

Open o-heinen opened this issue 2 years ago • 0 comments

Describe the problem Setting "aviatrix_saml_endpoint" "custom_saml_request_template" always leads to an update in-place:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aviatrix_saml_endpoint.azure_saml_endpoint will be updated in-place
  ~ resource "aviatrix_saml_endpoint" "azure_saml_endpoint" {
      ~ custom_saml_request_template = <<-EOT
            <?xml version="1.0" encoding="UTF-8"?>
            <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="$ID" Version="2.0" IssueInstant="$Time" Destination="$Dest" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="$ACS">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">$Issuer</saml:Issuer>
            </samlp:AuthnRequest>
        EOT
        id                           = "azure_sandbox"
        # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

To Reproduce Applied the following resource

locals {
    idp_metadata_url = try("https://login.microsoftonline.com/${var.arm_tenant_id}/federationmetadata/2007-06/federationmetadata.xml?appid=${data.azuread_application.aviatrix_uservpn_app.application_id}", "")
}

resource "aviatrix_saml_endpoint" "azure_saml_endpoint" {
  endpoint_name     = "azure_sandbox"
  idp_metadata_type = "URL"
  idp_metadata_url  = local.idp_metadata_url

  custom_entity_id = local.saml_assertion_consumer_service_url
  custom_saml_request_template = file("custom-saml-template.xml")
}

custom-saml-template.xml: (content from https://docs.aviatrix.com/HowTos/SAML_Integration_Azure_AD_IdP.html#step-4-update-the-aviatrix-sp-endpoint)

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="$ID" Version="2.0" IssueInstant="$Time" Destination="$Dest" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="$ACS">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">$Issuer</saml:Issuer>
</samlp:AuthnRequest>

Expected behavior I do nu expect any updates, seeing the template did not change

Additional data / screenshots

Environment:

  • Provider version : AviatrixSystems/aviatrix - 2.22.0
  • Terraform version: v1.2.1
  • Aviatrix Controller version - UserConnect-6.7.1186

o-heinen avatar Jul 05 '22 07:07 o-heinen