-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
INTDB-301-DOC: Move Federated Docs to separate branch (#747)
* Move Federated Docs to separate branch PR * Add docs for new datasources and updated role mappings resource * Refactor okta_idp_id to idp_id in docs * Add additional parameters for identity provider resource * Removed cloud from much of the docs * Applied group id description changes * Addressed more suggested docs changes * Downcased federated settings * Make role mapping import optional add missing formatting for example * Highlight importance of import being needed * Changed Provides an to provides a and remove upper case on federated settings * Update identity_provider datasource * Missed one * Add SHA-256 * Fix post_auth_role_grants * Doc corrections * remove pagination from singular role mapping * Import needed * Doc updates * Update org settings resource to pull up required args * Add import statement importance Co-authored-by: Dosty <[email protected]>
- Loading branch information
1 parent
7a3f20d
commit 0f04f70
Showing
12 changed files
with
725 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
layout: "mongodbatlas" | ||
page_title: "MongoDB Atlas: mongodbatlas_federated_settings" | ||
sidebar_current: "docs-mongodbatlas-datasource-federated-settings" | ||
description: |- | ||
Provides a federated settings data source. | ||
--- | ||
|
||
# mongodbatlas_federated_settings | ||
|
||
`mongodbatlas_federated_settings` provides a federated settings data source. Atlas Cloud federated settings provides federated settings outputs. | ||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "mongodbatlas_federated_settings" "settings" { | ||
org_id = "627a9683e7f7f7ff7fe306f14" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
|
||
### FederatedSettings | ||
* `federated_domains` - List that contains the domains associated with the organization's identity provider. | ||
* `has_role_mappings` - Flag that indicates whether this organization has role mappings configured. | ||
* `id` - Unique 24-hexadecimal digit string that identifies this federation. | ||
* `identity_provider_id` - Unique 20-hexadecimal digit string that identifies the identity provider connected to this organization. | ||
* `identity_provider_status` - Value that indicates whether the identity provider is active. Atlas returns ACTIVE if the identity provider is active and INACTIVE if the identity provider is inactive. | ||
|
||
|
||
For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/) |
87 changes: 87 additions & 0 deletions
87
website/docs/d/federated_settings_identity_provider.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
--- | ||
layout: "mongodbatlas" | ||
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_identity_provider" | ||
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-identity-provider" | ||
description: |- | ||
Provides a federated settings Organization identity provider data source. | ||
--- | ||
|
||
# mongodbatlas_federated_settings_identity_provider | ||
|
||
`mongodbatlas_federated_settings_identity_provider` provides a federated settings identity provider data source. Atlas federated settings identity provider provides federated settings outputs for the configured identity provider. | ||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "mongodbatlas_federated_settings_identity_provider" "identity_provider" { | ||
federation_settings_id = "627a9687f7f7f7f774de306f14" | ||
name = "mongodb_federation_test" | ||
associated_domains = ["yourdomain.com"] | ||
sso_debug_enabled = true | ||
status = "ACTIVE" | ||
sso_url = "https://mysso.oktapreview.com/app/mysso_terraformtest_1/exk177f7f7f70h8/sso/saml" | ||
issuer_uri = "http://www.okta.com/exk17f7f7f7f7p50h8" | ||
request_binding = "HTTP-POST" | ||
response_signature_algorithm = "SHA-256" | ||
} | ||
data "mongodbatlas_federated_settings_identity_provider" "identity_provider_ds" { | ||
federation_settings_id = mongodbatlas_federated_settings_identity_provider.identity_provider.id | ||
identity_provider_id = "0oad47f7fXnk1297" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `identity_provider_id` - (Required) Unique 20-hexadecimal digit string that identifies the IdP. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
|
||
### FederatedSettingsIdentityProvider | ||
|
||
* `acs_url` - Assertion consumer service URL to which the IdP sends the SAML response. | ||
* `associated_domains` - List that contains the configured domains from which users can log in for this IdP. | ||
* `associated_orgs` - List that contains the organizations from which users can log in for this IdP. | ||
* `domain_allow_list` - List that contains the approved domains from which organization users can log in. | ||
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization. | ||
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects. | ||
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants. | ||
|
||
### Role_mappings | ||
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies. | ||
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping. | ||
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role. | ||
* `group_id` - Unique identifier of the project to which you want the role mapping to apply. | ||
* `role` - Specifies the Role that is attached to the Role Mapping. | ||
### User Conflicts | ||
* `email_address` - Email address of the the user that conflicts with selected domains. | ||
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `first_name` - First name of the the user that conflicts with selected domains. | ||
* `last_name` - Last name of the the user that conflicts with selected domains. | ||
* `user_id` - Name of the Atlas user that conflicts with selected domains. | ||
* `audience_uri` - Identifier for the intended audience of the SAML Assertion. | ||
* `display_name` - Human-readable label that identifies the IdP. | ||
* `issuer_uri` - Identifier for the issuer of the SAML Assertion. | ||
* `okta_idp_id` - Unique 20-hexadecimal digit string that identifies the IdP. | ||
### Pem File Info - List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate. | ||
* `not_after` - Expiration Date. | ||
* `not_before` - Start Date. | ||
* `file_name` - Filename of certificate | ||
* `request_binding` - SAML Authentication Request Protocol binding used to send the AuthNRequest. Atlas supports the following binding values: | ||
- HTTP POST | ||
- HTTP REDIRECT | ||
* `response_signature_algorithm` - Algorithm used to encrypt the IdP signature. Atlas supports the following signature algorithm values: | ||
- SHA-1 | ||
- SHA-256 | ||
* `sso_debug_enabled` - Flag that indicates whether the IdP has enabled Bypass SAML Mode. Enabling this mode generates a URL that allows you bypass SAML and login to your organizations at any point. You can authenticate with this special URL only when Bypass Mode is enabled. Set this parameter to true during testing. This keeps you from getting locked out of MongoDB. | ||
* `sso_url` - URL of the receiver of the SAML AuthNRequest. | ||
* `status` - Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP. | ||
|
||
|
||
For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/) |
88 changes: 88 additions & 0 deletions
88
website/docs/d/federated_settings_identity_providers.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
layout: "mongodbatlas" | ||
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_identity_providers" | ||
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-identity-providers" | ||
description: |- | ||
Provides a federated settings Organization Identity Provider datasource. | ||
--- | ||
|
||
# mongodbatlas_federated_settings_identity_providers | ||
|
||
`mongodbatlas_federated_settings_identity_provider` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Identity Providers provides federated settings outputs for the configured Identity Providers. | ||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "mongodbatlas_federated_settings_identity_provider" "identity_provider" { | ||
federation_settings_id = "627a9687f7f7f7f774de306f14" | ||
name = "mongodb_federation_test" | ||
associated_domains = ["yourdomain.com"] | ||
sso_debug_enabled = true | ||
status = "ACTIVE" | ||
} | ||
data "mongodbatlas_federated_settings_identity_providers" "identitty_provider" { | ||
federation_settings_id = mongodbatlas_federated_settings_identity_provider.identity_provider.id | ||
page_num = 1 | ||
items_per_page = 5 | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `page_num` - (Optional) The page to return. Defaults to `1`. | ||
* `items_per_page` - (Optional) Number of items to return per page, up to a maximum of 500. Defaults to `100`. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `results` - Includes cloudProviderSnapshot object for each item detailed in the results array section. | ||
* `totalCount` - Count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated. | ||
|
||
### FederatedSettingsIdentityProvider | ||
|
||
* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `acs_url` - Assertion consumer service URL to which the IdP sends the SAML response. | ||
* `associated_domains` - List that contains the configured domains from which users can log in for this IdP. | ||
* `associated_orgs` - List that contains the configured domains from which users can log in for this IdP. | ||
* `domain_allow_list` - List that contains the approved domains from which organization users can log in. | ||
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization. | ||
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects. | ||
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants. | ||
|
||
### Role_mappings | ||
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies. | ||
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping. | ||
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role. | ||
* `group_id` - Unique identifier of the project to which you want the role mapping to apply. | ||
* `role` - Specifies the Role that is attached to the Role Mapping. | ||
### User Conflicts | ||
* `email_address` - Email address of the the user that conflicts with selected domains. | ||
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `first_name` - First name of the the user that conflicts with selected domains. | ||
* `last_name` - Last name of the the user that conflicts with selected domains. | ||
* `user_id` - Name of the Atlas user that conflicts with selected domains. | ||
* `audience_uri` - Identifier for the intended audience of the SAML Assertion. | ||
* `display_name` - Human-readable label that identifies the IdP. | ||
* `issuer_uri` - Identifier for the issuer of the SAML Assertion. | ||
* `idp_id` - Unique 20-hexadecimal digit string that identifies the IdP. | ||
### Pem File Info - List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate. | ||
* `not_after` - Expiration Date. | ||
* `not_before` - Start Date. | ||
* `file_name` - Filename of certificate | ||
* `request_binding` - SAML Authentication Request Protocol binding used to send the AuthNRequest. Atlas supports the following binding values: | ||
- HTTP POST | ||
- HTTP REDIRECT | ||
* `response_signature_algorithm` - Algorithm used to encrypt the IdP signature. Atlas supports the following signature algorithm values: | ||
- SHA-1 | ||
- SHA-256 | ||
* `sso_debug_enabled` - Flag that indicates whether the IdP has enabled Bypass SAML Mode. Enabling this mode generates a URL that allows you bypass SAML and login to your organizations at any point. You can authenticate with this special URL only when Bypass Mode is enabled. Set this parameter to true during testing. This keeps you from getting locked out of MongoDB. | ||
* `sso_url` - URL of the receiver of the SAML AuthNRequest. | ||
* `status` - Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP. | ||
|
||
|
||
For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/) |
59 changes: 59 additions & 0 deletions
59
website/docs/d/federated_settings_org_config.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
layout: "mongodbatlas" | ||
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_org_config" | ||
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-org-config" | ||
description: |- | ||
Provides a federated settings Organization Configuration. | ||
--- | ||
|
||
# mongodbatlas_federated_settings_org_configs | ||
|
||
`mongodbatlas_federated_settings_org_config` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Organizational configuration provides federated settings outputs for the configured Organizational configuration. | ||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "mongodbatlas_federated_settings_org_config" "org_connections" { | ||
federation_settings_id = "627a9687f7f7f7f774de306f14" | ||
org_id = "627a9683ea7ff7f74de306f14" | ||
domain_restriction_enabled = false | ||
domain_allow_list = ["mydomain.com"] | ||
} | ||
data "mongodbatlas_federated_settings_org_config" "org_configs_ds" { | ||
federation_settings_id = data.mongodbatlas_federated_settings_org_config.org_connections.id | ||
org_id = "627a9683ea7ff7f74de306f14" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
### FederatedSettingsOrgConfig | ||
* `domain_allow_list` - List that contains the approved domains from which organization users can log in. Note: If the organization uses an identity provider, `domain_allow_list` includes: any SSO domains associated with organization's identity provider and any custom domains associated with the specific organization. | ||
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization. User Conflicts returns null when `domain_restriction_enabled` is false. | ||
* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `post_auth_role_grants` - List that contains the default [roles](https://www.mongodb.com/docs/atlas/reference/user-roles/#std-label-organization-roles) granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants. | ||
|
||
### Role_mappings | ||
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies. | ||
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping. | ||
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role. | ||
* `group_id` - Unique identifier of the project to which you want the role mapping to apply. | ||
* `role` - Specifies the Role that is attached to the Role Mapping. | ||
### User Conflicts | ||
* `email_address` - Email address of the the user that conflicts with selected domains. | ||
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `first_name` - First name of the the user that conflicts with selected domains. | ||
* `last_name` - Last name of the the user that conflicts with selected domains. | ||
* `user_id` - Name of the Atlas user that conflicts with selected domains. | ||
|
||
For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/) |
63 changes: 63 additions & 0 deletions
63
website/docs/d/federated_settings_org_configs.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
layout: "mongodbatlas" | ||
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_org_configs" | ||
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-org-configs" | ||
description: |- | ||
Provides a federated settings Organization Configurations. | ||
--- | ||
|
||
# mongodbatlas_federated_settings_org_configs | ||
|
||
`mongodbatlas_federated_settings_org_configs` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Identity Providers provides federated settings outputs for the configured Identity Providers. | ||
|
||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "mongodbatlas_federated_settings_org_config" "org_connections" { | ||
federation_settings_id = "627a9687f7f7f7f774de306f14" | ||
org_id = "627a9683ea7ff7f74de306f14" | ||
domain_restriction_enabled = false | ||
domain_allow_list = ["mydomain.com"] | ||
} | ||
data "mongodbatlas_federated_settings_org_configs" "org_configs_ds" { | ||
federation_settings_id = data.mongodbatlas_federated_settings_org_config.org_connections.id | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `page_num` - (Optional) The page to return. Defaults to `1`. | ||
* `items_per_page` - (Optional) Number of items to return per page, up to a maximum of 500. Defaults to `100`. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `results` - Includes cloudProviderSnapshot object for each item detailed in the results array section. | ||
* `totalCount` - Count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated. | ||
|
||
### FederatedSettingsOrgConfigs | ||
* `domain_allow_list` - List that contains the approved domains from which organization users can log in. | ||
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization. | ||
* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects. | ||
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants. | ||
|
||
### Role_mappings | ||
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies. | ||
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping. | ||
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role. | ||
* `group_id` - Unique identifier of the project to which you want the role mapping to apply. | ||
* `role` - Specifies the Role that is attached to the Role Mapping. | ||
### User Conflicts | ||
* `email_address` - Email address of the the user that conflicts with selected domains. | ||
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration. | ||
* `first_name` - First name of the the user that conflicts with selected domains. | ||
* `last_name` - Last name of the the user that conflicts with selected domains. | ||
* `user_id` - Name of the Atlas user that conflicts with selected domains. | ||
|
||
For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/) |
Oops, something went wrong.