terraform-provider-vcd
terraform-provider-vcd copied to clipboard
vmware
Add resource for controlling Identity providers
Add resource for setting up identity providers. I imagine two seperate resources, one for a SAML type and one for a LDAP one.
Our use case for this one is as a service provider. When hosting multiple customers on the platform.
With vcd_org_group I can add LDAP groups for Organization. But before it can succeed I need to manually configure LDAP Settings in Organization Identity Providers. Or is there some way other than wait this feature requrest?
+1 for this. It would be nice to be able to automate the process of setting up 2FA for a tenant end-to-end.
On top of that, I have an issue (with vcd 9.7 and 10.1.2): if I add the ldap configuration manually, I cannot modify the org anymore with terraform:
2021/05/19 17:01:24 --------------------------------------------------------------------------------
2021/05/19 17:01:24 Request caller: govcd.(*AdminOrg).Update-->govcd.(*AdminOrg).Update-->govcd.executeRequestWithApiVersion-->govcd.(*Client).executeTaskRequest-->govcd.executeRequestCustomErr-->govcd.(*Client).NewRequestWithApiVersion-->govcd.(*Client).newRequest
2021/05/19 17:01:24 PUT https://10.23.92.173/api/admin/org/458b28e3-e3ab-4e4e-8c7a-3cee0131a088
2021/05/19 17:01:24 --------------------------------------------------------------------------------
2021/05/19 17:01:24 Request data: [10287]
<?xml version="1.0" encoding="UTF-8"?>
<AdminOrg xmlns="http://www.vmware.com/vcloud/v1.5" name="org-test_2">
<Description>org created by terraform, test for delivery on selfdc vcloud</Description>
<FullName>org-test_2 organization</FullName>
<IsEnabled>true</IsEnabled>
<Settings href="https://10.23.92.173/api/admin/org/458b28e3-e3ab-4e4e-8c7a-3cee0131a088/settings" type="application/vnd.vmware.admin.orgSettings+xml">
. . .
<OrgLdapSettings href="https://10.23.92.173/api/admin/org/458b28e3-e3ab-4e4e-8c7a-3cee0131a088/settings/ldap" type="application/vnd.vmware.admin.organizationLdapSettings+xml">
<OrgLdapMode>CUSTOM</OrgLdapMode>
<CustomOrgLdapSettings>
. . .
</CustomOrgLdapSettings>
</OrgLdapSettings>
</Settings>
</AdminOrg>
2021/05/19 17:01:24 Req header:
2021/05/19 17:01:24 X-Vmware-Vcloud-Token-Type: [Bearer]
2021/05/19 17:01:24 Authorization: [********]
2021/05/19 17:01:24 User-Agent: [terraform-provider-vcd/v3.2.0 (linux/amd64; isProvider:true)]
2021/05/19 17:01:24 X-Vmware-Vcloud-Access-Token: [********]
2021/05/19 17:01:24 Accept: [application/*+xml;version=32.0]
2021/05/19 17:01:24 ################################################################################
2021/05/19 17:01:24 Response caller govcd.(*AdminOrg).Update-->govcd.(*AdminOrg).Update-->govcd.executeRequestWithApiVersion-->govcd.(*Client).executeTaskRequest-->govcd.executeRequestCustomErr-->govcd.checkRespWithErrType-->govcd.ParseErr-->govcd.decodeBody
2021/05/19 17:01:24 Response status 400 Bad Request
2021/05/19 17:01:24 ################################################################################
Hi, I still have this problem: a vcd_org cannot be modified if it has ldap configurations. Any news on that?
Just referencing other issues: https://github.com/vmware/terraform-provider-vcd/issues/672 https://github.com/vmware/terraform-provider-vcd/issues/597
A resource for configuring LDAP in organizations has been just merged (PR #909)
SAML configuration is implemented in PR #1064
Testing it thoroughly, however, is not a simple matter.
Could anyone interested in this feature build a provider using the branch of PR #1024 and see if it does what you expect?
Feel free to contact the team in Slack channel #vcd-terraform-dev ( in slack space vmwarecode.slack.com ) for feedback.