Add saml identity support (#147)

* Add SAML identity support

* Update release documentation

Author: martezr

CHANGELOG.md

@@ -1,14 +1,20 @@
 ## UNRELEASED
 
+## 0.9.4 (August 14, 2023)
+
 NOTES:
 
+* Add support for managing a SAML identity source. [#140](https://github.com/gomorpheus/terraform-provider-morpheus/issues/140) 
+* Add support for managing user roles. [#114](https://github.com/gomorpheus/terraform-provider-morpheus/issues/114) 
+
 FEATURES:
 
 * **New Data Source:** `morpheus_catalog_item_type`
 * **New Data Source:** `morpheus_permission_set`
 * **New Data Source:** `morpheus_security_package`
 * **New Data Source:** `morpheus_vdi_pool`
 * **New Resource:** `morpheus_ipv4_ip_pool`
+* **New Resource:** `morpheus_saml_identity_source`
 * **New Resource:** `morpheus_security_package`
 * **New Resource:** `morpheus_servicenow_integration`
 * **New Resource:** `morpheus_user_role`

docs/resources/saml_identity_source.md

@@ -0,0 +1,93 @@
+---
+page_title: "morpheus_saml_identity_source Resource - terraform-provider-morpheus"
+subcategory: ""
+description: |-
+  Provides a saml identity source resource
+---
+
+# morpheus_saml_identity_source
+
+Provides a saml identity source resource
+
+## Example Usage
+
+```terraform
+data "morpheus_tenant" "demo_tenant" {
+  name = "Demo"
+}
+
+resource "morpheus_saml_identity_source" "addemo" {
+  tenant_id                      = morpheus_tenant.demo_tenant.id
+  name                           = "samldemo"
+  description                    = "TF example SAML identity source"
+  login_redirect_url             = "https://tfexamplesaml.test.local:8443/realms/master/protocol/saml"
+  logout_redirect_url            = "https://tfexamplesaml.test.local:8443/realms/master/protocol/saml"
+  include_saml_request_parameter = true
+  saml_request                   = "SelfSigned"
+  validate_assertion_signature   = false
+  given_name_attribute           = "givenName"
+  surname_attribute              = "surname"
+  email_attribute                = "email"
+  default_account_role_id        = 4
+  role_attribute_name            = "memberOf"
+  required_role_attribute_value  = "test"
+  role_mapping {
+    role_id             = 4
+    role_name           = "Demo"
+    assertion_attribute = "developers"
+  }
+
+  role_mapping {
+    role_id             = 5
+    role_name           = "tf-example-user-role"
+    assertion_attribute = "developers"
+  }
+  enable_role_mapping_permission = false
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `default_account_role_id` (Number) The id of the default role a user is assigned when they are in the required group or if no specific group mapping applies to the user
+- `name` (String) The name of the SAML identity source
+- `tenant_id` (Number) The ID of the Morpheus tenant to associate the identity source with
+
+### Optional
+
+- `description` (String) The description of the SAML identity source
+- `email_attribute` (String) SAML SP field value to map to Morpheus user email address
+- `enable_role_mapping_permission` (Boolean) When enabled, Tenant users with appropriate rights to view and edit Roles will have the ability to set role mapping for the Identity Source integration
+- `given_name_attribute` (String) SAML SP field value to map to Morpheus user First Name
+- `include_saml_request_parameter` (Boolean) Whether to include the SAML request as a parameter
+- `login_redirect_url` (String) This is the SAML endpoint Morpheus will redirect to when a user signs into Morpheus via SAML
+- `logout_redirect_url` (String) The URL Morpheus will POST to when a SAML user logs out of Morpheus
+- `required_role_attribute_value` (String) The name of the attribute/assertion field that maps to the required role
+- `role_attribute_name` (String) The name of the attribute/assertion field that will map to Morpheus roles, such a MemberOf
+- `role_mapping` (Block Set) The SAML to Morpheus Role mapping (see [below for nested schema](#nestedblock--role_mapping))
+- `saml_request` (String) The SAML request configuration (NoSignature, SelfSigned, CustomSignature)
+- `surname_attribute` (String) SAML SP field value to map to Morpheus user Last Name
+- `validate_assertion_signature` (Boolean) Whether to validate the assertion signature (SAML RESPONSE field in the UI)
+
+### Read-Only
+
+- `id` (String) The ID of the SAML identity source
+
+<a id="nestedblock--role_mapping"></a>
+### Nested Schema for `role_mapping`
+
+Optional:
+
+- `assertion_attribute` (String) The assertion attribute to map the role to
+- `role_id` (Number) The id of the Morpheus role to map to
+- `role_name` (String) The name or authority of the Morpheus role to map to
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import morpheus_saml_identity_source.tf_example_saml_identity_source 1
+```

docs/resources/workflow_catalog_item.md

@@ -41,14 +41,14 @@ resource "morpheus_workflow_catalog_item" "tfexample_workflow_catalog_item" {
 
 - `content` (String) The markdown content associated with the workflow catalog item
 - `context_type` (String) The Morpheus context type of the operational workflow
-- `dark_logo_image_name` (String) The file name of the app blueprint catalog item dark mode logo image
-- `dark_logo_image_path` (String) The file path of the app blueprint catalog item dark mode logo image including the file name
+- `dark_logo_image_name` (String) The file name of the workflow catalog item dark mode logo image
+- `dark_logo_image_path` (String) The file path of the workflow catalog item dark mode logo image including the file name
 - `description` (String) The description of the workflow catalog item
 - `enabled` (Boolean) Whether the workflow catalog item is enabled
 - `featured` (Boolean) Whether the workflow catalog item is featured
 - `labels` (Set of String) The organization labels associated with the catalog item (Only supported on Morpheus 5.5.3 or higher)
-- `logo_image_name` (String) The file name of the app blueprint catalog item logo image
-- `logo_image_path` (String) The file path of the app blueprint catalog item logo image including the file name
+- `logo_image_name` (String) The file name of the workflow catalog item logo image
+- `logo_image_path` (String) The file path of the workflow catalog item logo image including the file name
 - `option_type_ids` (List of Number) The list of option type ids associated with the workflow catalog item
 
 ### Read-Only

examples/guides/getting_started/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     morpheus = {
       source  = "gomorpheus/morpheus"
-      version = "0.9.3"
+      version = "0.9.4"
     }
   }
 }

examples/provider/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     morpheus = {
       source  = "gomorpheus/morpheus"
-      version = "0.9.3"
+      version = "0.9.4"
     }
   }
 }

examples/resources/morpheus_saml_identity_source/import.sh

@@ -0,0 +1 @@
+terraform import morpheus_saml_identity_source.tf_example_saml_identity_source 1

examples/resources/morpheus_saml_identity_source/resource.tf

@@ -0,0 +1,32 @@
+data "morpheus_tenant" "demo_tenant" {
+  name = "Demo"
+}
+
+resource "morpheus_saml_identity_source" "addemo" {
+  tenant_id                      = morpheus_tenant.demo_tenant.id
+  name                           = "samldemo"
+  description                    = "TF example SAML identity source"
+  login_redirect_url             = "https://tfexamplesaml.test.local:8443/realms/master/protocol/saml"
+  logout_redirect_url            = "https://tfexamplesaml.test.local:8443/realms/master/protocol/saml"
+  include_saml_request_parameter = true
+  saml_request                   = "SelfSigned"
+  validate_assertion_signature   = false
+  given_name_attribute           = "givenName"
+  surname_attribute              = "surname"
+  email_attribute                = "email"
+  default_account_role_id        = 4
+  role_attribute_name            = "memberOf"
+  required_role_attribute_value  = "test"
+  role_mapping {
+    role_id             = 4
+    role_name           = "Demo"
+    assertion_attribute = "developers"
+  }
+
+  role_mapping {
+    role_id             = 5
+    role_name           = "tf-example-user-role"
+    assertion_attribute = "developers"
+  }
+  enable_role_mapping_permission = false
+}

morpheus/provider.go

@@ -123,6 +123,7 @@ func Provider() *schema.Provider {
 			"morpheus_restart_task":                     resourceRestartTask(),
 			"morpheus_router_quota_policy":              resourceRouterQuotaPolicy(),
 			"morpheus_ruby_script_task":                 resourceRubyScriptTask(),
+			"morpheus_saml_identity_source":             resourceSAMLIdentitySource(),
 			"morpheus_scale_threshold":                  resourceScaleThreshold(),
 			"morpheus_script_template":                  resourceScriptTemplate(),
 			"morpheus_security_package":                 resourceSecurityPackage(),

morpheus/resource_app_blueprint_catalog_item.go

@@ -319,7 +319,7 @@ func resourceAppBlueprintCatalogItemUpdate(ctx context.Context, d *schema.Resour
 
 	var filePayloads []*morpheus.FilePayload
 
-	if d.Get("logo_image_path") != "" && d.Get("logo_image_name") != "" {
+	if d.HasChange("logo_image_path") || d.HasChange("logo_image_name") {
 		data, err := os.ReadFile(d.Get("logo_image_path").(string))
 		if err != nil {
 			return diag.FromErr(err)
@@ -332,7 +332,7 @@ func resourceAppBlueprintCatalogItemUpdate(ctx context.Context, d *schema.Resour
 		}
 		filePayloads = append(filePayloads, filePayload)
 	}
-	if d.Get("dark_logo_image_path") != "" && d.Get("dark_logo_image_name") != "" {
+	if d.HasChange("dark_logo_image_path") || d.HasChange("dark_logo_image_name") {
 		darkLogoData, err := os.ReadFile(d.Get("dark_logo_image_path").(string))
 		if err != nil {
 			return diag.FromErr(err)