Skip to content

Commit

Permalink
INTDB-301-DOC: Move Federated Docs to separate branch (#747)
Browse files Browse the repository at this point in the history
* Move Federated Docs to separate branch PR

* Add docs for new datasources and updated role mappings resource

* Refactor okta_idp_id to idp_id in docs

* Add additional parameters for identity provider resource

* Removed cloud from much of the docs

* Applied group id description changes

* Addressed more suggested docs changes

* Downcased federated settings

* Make role mapping import optional add missing formatting for example

* Highlight importance of import being needed

* Changed Provides an to provides a and remove upper case on federated settings

* Update identity_provider datasource

* Missed one

* Add SHA-256

* Fix post_auth_role_grants

* Doc corrections

* remove pagination from singular role mapping

* Import needed

* Doc updates

* Update org settings resource to pull up required args

* Add import statement importance

Co-authored-by: Dosty <[email protected]>
  • Loading branch information
martinstibbe and evertsd authored Jun 30, 2022
1 parent 7a3f20d commit 0f04f70
Show file tree
Hide file tree
Showing 12 changed files with 725 additions and 0 deletions.
39 changes: 39 additions & 0 deletions website/docs/d/federated_settings.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
layout: "mongodbatlas"
page_title: "MongoDB Atlas: mongodbatlas_federated_settings"
sidebar_current: "docs-mongodbatlas-datasource-federated-settings"
description: |-
Provides a federated settings data source.
---

# mongodbatlas_federated_settings

`mongodbatlas_federated_settings` provides a federated settings data source. Atlas Cloud federated settings provides federated settings outputs.


## Example Usage

```terraform
data "mongodbatlas_federated_settings" "settings" {
org_id = "627a9683e7f7f7ff7fe306f14"
}
```

## Argument Reference
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:


### FederatedSettings
* `federated_domains` - List that contains the domains associated with the organization's identity provider.
* `has_role_mappings` - Flag that indicates whether this organization has role mappings configured.
* `id` - Unique 24-hexadecimal digit string that identifies this federation.
* `identity_provider_id` - Unique 20-hexadecimal digit string that identifies the identity provider connected to this organization.
* `identity_provider_status` - Value that indicates whether the identity provider is active. Atlas returns ACTIVE if the identity provider is active and INACTIVE if the identity provider is inactive.


For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/)
87 changes: 87 additions & 0 deletions website/docs/d/federated_settings_identity_provider.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
---
layout: "mongodbatlas"
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_identity_provider"
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-identity-provider"
description: |-
Provides a federated settings Organization identity provider data source.
---

# mongodbatlas_federated_settings_identity_provider

`mongodbatlas_federated_settings_identity_provider` provides a federated settings identity provider data source. Atlas federated settings identity provider provides federated settings outputs for the configured identity provider.


## Example Usage

```terraform
resource "mongodbatlas_federated_settings_identity_provider" "identity_provider" {
federation_settings_id = "627a9687f7f7f7f774de306f14"
name = "mongodb_federation_test"
associated_domains = ["yourdomain.com"]
sso_debug_enabled = true
status = "ACTIVE"
sso_url = "https://mysso.oktapreview.com/app/mysso_terraformtest_1/exk177f7f7f70h8/sso/saml"
issuer_uri = "http://www.okta.com/exk17f7f7f7f7p50h8"
request_binding = "HTTP-POST"
response_signature_algorithm = "SHA-256"
}
data "mongodbatlas_federated_settings_identity_provider" "identity_provider_ds" {
federation_settings_id = mongodbatlas_federated_settings_identity_provider.identity_provider.id
identity_provider_id = "0oad47f7fXnk1297"
}
```

## Argument Reference

* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `identity_provider_id` - (Required) Unique 20-hexadecimal digit string that identifies the IdP.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:


### FederatedSettingsIdentityProvider

* `acs_url` - Assertion consumer service URL to which the IdP sends the SAML response.
* `associated_domains` - List that contains the configured domains from which users can log in for this IdP.
* `associated_orgs` - List that contains the organizations from which users can log in for this IdP.
* `domain_allow_list` - List that contains the approved domains from which organization users can log in.
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization.
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants.

### Role_mappings
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies.
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping.
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role.
* `group_id` - Unique identifier of the project to which you want the role mapping to apply.
* `role` - Specifies the Role that is attached to the Role Mapping.
### User Conflicts
* `email_address` - Email address of the the user that conflicts with selected domains.
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `first_name` - First name of the the user that conflicts with selected domains.
* `last_name` - Last name of the the user that conflicts with selected domains.
* `user_id` - Name of the Atlas user that conflicts with selected domains.
* `audience_uri` - Identifier for the intended audience of the SAML Assertion.
* `display_name` - Human-readable label that identifies the IdP.
* `issuer_uri` - Identifier for the issuer of the SAML Assertion.
* `okta_idp_id` - Unique 20-hexadecimal digit string that identifies the IdP.
### Pem File Info - List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.
* `not_after` - Expiration Date.
* `not_before` - Start Date.
* `file_name` - Filename of certificate
* `request_binding` - SAML Authentication Request Protocol binding used to send the AuthNRequest. Atlas supports the following binding values:
- HTTP POST
- HTTP REDIRECT
* `response_signature_algorithm` - Algorithm used to encrypt the IdP signature. Atlas supports the following signature algorithm values:
- SHA-1
- SHA-256
* `sso_debug_enabled` - Flag that indicates whether the IdP has enabled Bypass SAML Mode. Enabling this mode generates a URL that allows you bypass SAML and login to your organizations at any point. You can authenticate with this special URL only when Bypass Mode is enabled. Set this parameter to true during testing. This keeps you from getting locked out of MongoDB.
* `sso_url` - URL of the receiver of the SAML AuthNRequest.
* `status` - Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP.


For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/)
88 changes: 88 additions & 0 deletions website/docs/d/federated_settings_identity_providers.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
layout: "mongodbatlas"
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_identity_providers"
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-identity-providers"
description: |-
Provides a federated settings Organization Identity Provider datasource.
---

# mongodbatlas_federated_settings_identity_providers

`mongodbatlas_federated_settings_identity_provider` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Identity Providers provides federated settings outputs for the configured Identity Providers.


## Example Usage

```terraform
resource "mongodbatlas_federated_settings_identity_provider" "identity_provider" {
federation_settings_id = "627a9687f7f7f7f774de306f14"
name = "mongodb_federation_test"
associated_domains = ["yourdomain.com"]
sso_debug_enabled = true
status = "ACTIVE"
}
data "mongodbatlas_federated_settings_identity_providers" "identitty_provider" {
federation_settings_id = mongodbatlas_federated_settings_identity_provider.identity_provider.id
page_num = 1
items_per_page = 5
}
```

## Argument Reference

* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `page_num` - (Optional) The page to return. Defaults to `1`.
* `items_per_page` - (Optional) Number of items to return per page, up to a maximum of 500. Defaults to `100`.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:

* `results` - Includes cloudProviderSnapshot object for each item detailed in the results array section.
* `totalCount` - Count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated.

### FederatedSettingsIdentityProvider

* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `acs_url` - Assertion consumer service URL to which the IdP sends the SAML response.
* `associated_domains` - List that contains the configured domains from which users can log in for this IdP.
* `associated_orgs` - List that contains the configured domains from which users can log in for this IdP.
* `domain_allow_list` - List that contains the approved domains from which organization users can log in.
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization.
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants.

### Role_mappings
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies.
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping.
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role.
* `group_id` - Unique identifier of the project to which you want the role mapping to apply.
* `role` - Specifies the Role that is attached to the Role Mapping.
### User Conflicts
* `email_address` - Email address of the the user that conflicts with selected domains.
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `first_name` - First name of the the user that conflicts with selected domains.
* `last_name` - Last name of the the user that conflicts with selected domains.
* `user_id` - Name of the Atlas user that conflicts with selected domains.
* `audience_uri` - Identifier for the intended audience of the SAML Assertion.
* `display_name` - Human-readable label that identifies the IdP.
* `issuer_uri` - Identifier for the issuer of the SAML Assertion.
* `idp_id` - Unique 20-hexadecimal digit string that identifies the IdP.
### Pem File Info - List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.
* `not_after` - Expiration Date.
* `not_before` - Start Date.
* `file_name` - Filename of certificate
* `request_binding` - SAML Authentication Request Protocol binding used to send the AuthNRequest. Atlas supports the following binding values:
- HTTP POST
- HTTP REDIRECT
* `response_signature_algorithm` - Algorithm used to encrypt the IdP signature. Atlas supports the following signature algorithm values:
- SHA-1
- SHA-256
* `sso_debug_enabled` - Flag that indicates whether the IdP has enabled Bypass SAML Mode. Enabling this mode generates a URL that allows you bypass SAML and login to your organizations at any point. You can authenticate with this special URL only when Bypass Mode is enabled. Set this parameter to true during testing. This keeps you from getting locked out of MongoDB.
* `sso_url` - URL of the receiver of the SAML AuthNRequest.
* `status` - Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP.


For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/)
59 changes: 59 additions & 0 deletions website/docs/d/federated_settings_org_config.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
layout: "mongodbatlas"
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_org_config"
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-org-config"
description: |-
Provides a federated settings Organization Configuration.
---

# mongodbatlas_federated_settings_org_configs

`mongodbatlas_federated_settings_org_config` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Organizational configuration provides federated settings outputs for the configured Organizational configuration.


## Example Usage

```terraform
resource "mongodbatlas_federated_settings_org_config" "org_connections" {
federation_settings_id = "627a9687f7f7f7f774de306f14"
org_id = "627a9683ea7ff7f74de306f14"
domain_restriction_enabled = false
domain_allow_list = ["mydomain.com"]
}
data "mongodbatlas_federated_settings_org_config" "org_configs_ds" {
federation_settings_id = data.mongodbatlas_federated_settings_org_config.org_connections.id
org_id = "627a9683ea7ff7f74de306f14"
}
```

## Argument Reference

* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:

### FederatedSettingsOrgConfig
* `domain_allow_list` - List that contains the approved domains from which organization users can log in. Note: If the organization uses an identity provider, `domain_allow_list` includes: any SSO domains associated with organization's identity provider and any custom domains associated with the specific organization.
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization. User Conflicts returns null when `domain_restriction_enabled` is false.
* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `post_auth_role_grants` - List that contains the default [roles](https://www.mongodb.com/docs/atlas/reference/user-roles/#std-label-organization-roles) granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants.

### Role_mappings
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies.
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping.
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role.
* `group_id` - Unique identifier of the project to which you want the role mapping to apply.
* `role` - Specifies the Role that is attached to the Role Mapping.
### User Conflicts
* `email_address` - Email address of the the user that conflicts with selected domains.
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `first_name` - First name of the the user that conflicts with selected domains.
* `last_name` - Last name of the the user that conflicts with selected domains.
* `user_id` - Name of the Atlas user that conflicts with selected domains.

For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/)
63 changes: 63 additions & 0 deletions website/docs/d/federated_settings_org_configs.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
layout: "mongodbatlas"
page_title: "MongoDB Atlas: mongodbatlas_federated_settings_org_configs"
sidebar_current: "docs-mongodbatlas-datasource-federated-settings-org-configs"
description: |-
Provides a federated settings Organization Configurations.
---

# mongodbatlas_federated_settings_org_configs

`mongodbatlas_federated_settings_org_configs` provides an Federated Settings Identity Providers datasource. Atlas Cloud Federated Settings Identity Providers provides federated settings outputs for the configured Identity Providers.


## Example Usage

```terraform
resource "mongodbatlas_federated_settings_org_config" "org_connections" {
federation_settings_id = "627a9687f7f7f7f774de306f14"
org_id = "627a9683ea7ff7f74de306f14"
domain_restriction_enabled = false
domain_allow_list = ["mydomain.com"]
}
data "mongodbatlas_federated_settings_org_configs" "org_configs_ds" {
federation_settings_id = data.mongodbatlas_federated_settings_org_config.org_connections.id
}
```

## Argument Reference

* `federation_settings_id` - (Required) Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `page_num` - (Optional) The page to return. Defaults to `1`.
* `items_per_page` - (Optional) Number of items to return per page, up to a maximum of 500. Defaults to `100`.

## Attributes Reference

In addition to all arguments above, the following attributes are exported:

* `results` - Includes cloudProviderSnapshot object for each item detailed in the results array section.
* `totalCount` - Count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated.

### FederatedSettingsOrgConfigs
* `domain_allow_list` - List that contains the approved domains from which organization users can log in.
* `domain_restriction_enabled` - Flag that indicates whether domain restriction is enabled for the connected organization.
* `identity_provider_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `org_id` - Unique 24-hexadecimal digit string that identifies the organization that contains your projects.
* `post_auth_role_grants` - List that contains the default roles granted to users who authenticate through the IdP in a connected organization. If you provide a postAuthRoleGrants field in the request, the array that you provide replaces the current postAuthRoleGrants.

### Role_mappings
* `external_group_name` - Unique human-readable label that identifies the identity provider group to which this role mapping applies.
* `id` - Unique 24-hexadecimal digit string that identifies this role mapping.
* `role_assignments` - Atlas roles and the unique identifiers of the groups and organizations associated with each role.
* `group_id` - Unique identifier of the project to which you want the role mapping to apply.
* `role` - Specifies the Role that is attached to the Role Mapping.
### User Conflicts
* `email_address` - Email address of the the user that conflicts with selected domains.
* `federation_settings_id` - Unique 24-hexadecimal digit string that identifies the federated authentication configuration.
* `first_name` - First name of the the user that conflicts with selected domains.
* `last_name` - Last name of the the user that conflicts with selected domains.
* `user_id` - Name of the Atlas user that conflicts with selected domains.

For more information see: [MongoDB Atlas API Reference.](https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/)
Loading

0 comments on commit 0f04f70

Please sign in to comment.