Merge pull request #120 from jfrog/add-scim-user-and-group

Add SCIM user and group
jfrog · Aug 12, 2024 · e8bbc41 · e8bbc41
2 parents 6bbaae0 + b2c2911
commit e8bbc41
Show file tree

Hide file tree

Showing 14 changed files with 1,204 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,11 @@
-## 1.11.0 (August 9, 2024). Tested on Artifactory 7.90.7 with Terraform 1.9.4 and OpenTofu 1.8.1
+## 1.11.0 (August 12, 2024). Tested on Artifactory 7.90.7 with Terraform 1.9.4 and OpenTofu 1.8.1
 
 FEATURES:
 
-**New Resource:** `platform_saml_settings` - Resource to manage SAML SSO settings. PR: [#118](https://github.com/jfrog/terraform-provider-platform/pull/118)
+**New Resource:**
+* `platform_saml_settings` - Resource to manage SAML SSO settings. PR: [#118](https://github.com/jfrog/terraform-provider-platform/pull/118)
+* `platform_scim_user` - Resource to manage SCIM user. PR: [#120](https://github.com/jfrog/terraform-provider-platform/pull/120)
+* `platform_scim_group` - Resource to manage SCIM group. PR: [#120](https://github.com/jfrog/terraform-provider-platform/pull/120)
 
 ## 1.10.0 (July 21, 2024). Tested on Artifactory 7.84.17 with Terraform 1.9.2 and OpenTofu 1.7.3
 

diff --git a/docs/resources/saml_settings.md b/docs/resources/saml_settings.md
@@ -50,7 +50,7 @@ resource "platform_saml_settings" "my-okta-saml-settings" {
 
 - `allow_user_to_access_profile` (Boolean) When set, auto created users will have access to their profile page and will be able to perform actions such as generating an API key. Default value is `false`.
 - `auto_redirect` (Boolean) When set, clicking on the login link will direct users to the configured SAML login URL. Default value is `false`.
-- `email_attribute` (String) If `no_auto_user_creation` is diabled or an internal user exists, the system will set the user's email to the value in this attribute that is returned by the SAML login XML response..
+- `email_attribute` (String) If `no_auto_user_creation` is diabled or an internal user exists, the system will set the user's email to the value in this attribute that is returned by the SAML login XML response.
 - `enable` (Boolean) When set, SAML integration is enabled and users may be authenticated via a SAML server. Default value is `true`.
 - `group_attribute` (String) The group attribute in the SAML login XML response. Note that the system will search for a case-sensitive match to an existing group..
 - `name_id_attribute` (String) The username attribute used to configure the SSO URL for the identity provider.

diff --git a/docs/resources/scim_group.md b/docs/resources/scim_group.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "platform_scim_group Resource - terraform-provider-platform"
+subcategory: ""
+description: |-
+  Provides a JFrog SCIM Group https://jfrog.com/help/r/jfrog-platform-administration-documentation/scim resource to manage groups with the SCIM protocol.
+---
+
+# platform_scim_group (Resource)
+
+Provides a JFrog [SCIM Group](https://jfrog.com/help/r/jfrog-platform-administration-documentation/scim) resource to manage groups with the SCIM protocol.
+
+## Example Usage
+
+```terraform
+resource "platform_scim_group" "my-scim-group" {
+  id = "my-scim-group"
+  display_name = "my-scim-group"
+  members = [{
+    value = "[email protected]"
+    display = "[email protected]"
+  }, {
+    value = "anonymous"
+    display = "anonymous"
+  }]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `display_name` (String)
+- `id` (String) Group ID
+- `members` (Attributes Set) (see [below for nested schema](#nestedatt--members))
+
+### Read-Only
+
+- `meta` (Map of String)
+
+<a id="nestedatt--members"></a>
+### Nested Schema for `members`
+
+Required:
+
+- `display` (String)
+- `value` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import platform_scim_group.my-scim-group my-scim-group
+```
diff --git a/docs/resources/scim_user.md b/docs/resources/scim_user.md
@@ -0,0 +1,65 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "platform_scim_user Resource - terraform-provider-platform"
+subcategory: ""
+description: |-
+  Provides a JFrog SCIM User https://jfrog.com/help/r/jfrog-platform-administration-documentation/scim resource to manage users with the SCIM protocol.
+---
+
+# platform_scim_user (Resource)
+
+Provides a JFrog [SCIM User](https://jfrog.com/help/r/jfrog-platform-administration-documentation/scim) resource to manage users with the SCIM protocol.
+
+## Example Usage
+
+```terraform
+resource "platform_scim_user" "my-scim-user" {
+  username = "[email protected]"
+  active   = true
+  emails = [{
+    value = "[email protected]"
+    primary = true
+  }]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `emails` (Attributes Set) (see [below for nested schema](#nestedatt--emails))
+- `username` (String)
+
+### Optional
+
+- `active` (Boolean)
+
+### Read-Only
+
+- `groups` (Attributes Set) (see [below for nested schema](#nestedatt--groups))
+- `meta` (Map of String)
+
+<a id="nestedatt--emails"></a>
+### Nested Schema for `emails`
+
+Required:
+
+- `primary` (Boolean)
+- `value` (String)
+
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Required:
+
+- `value` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import platform_scim_user.my-scim-user [email protected]
+```
diff --git a/examples/resources/platform_scim_group/import.sh b/examples/resources/platform_scim_group/import.sh
@@ -0,0 +1 @@
+terraform import platform_scim_group.my-scim-group my-scim-group
diff --git a/examples/resources/platform_scim_group/resource.tf b/examples/resources/platform_scim_group/resource.tf
@@ -0,0 +1,11 @@
+resource "platform_scim_group" "my-scim-group" {
+  id = "my-scim-group"
+  display_name = "my-scim-group"
+  members = [{
+    value = "[email protected]"
+    display = "[email protected]"
+  }, {
+    value = "anonymous"
+    display = "anonymous"
+  }]
+}
diff --git a/examples/resources/platform_scim_user/import.sh b/examples/resources/platform_scim_user/import.sh
@@ -0,0 +1 @@
+terraform import platform_scim_user.my-scim-user [email protected]
diff --git a/examples/resources/platform_scim_user/resource.tf b/examples/resources/platform_scim_user/resource.tf
@@ -0,0 +1,8 @@
+resource "platform_scim_user" "my-scim-user" {
+  username = "[email protected]"
+  active   = true
+  emails = [{
+    value = "[email protected]"
+    primary = true
+  }]
+}
diff --git a/pkg/platform/provider.go b/pkg/platform/provider.go
@@ -210,6 +210,8 @@ func (p *PlatformProvider) Resources(ctx context.Context) []func() resource.Reso
 		NewPermissionResource,
 		NewReverseProxyResource,
 		NewSAMLSettingsResource,
+		NewSCIMUserResource,
+		NewSCIMGroupResource,
 		NewWorkerServiceResource,
 	}
 }

diff --git a/pkg/platform/resource_saml_settings.go b/pkg/platform/resource_saml_settings.go
@@ -158,7 +158,7 @@ func (r *SAMLSettingsResource) Schema(ctx context.Context, req resource.SchemaRe
 				Validators: []validator.String{
 					stringvalidator.LengthAtLeast(1),
 				},
-				MarkdownDescription: "If `no_auto_user_creation` is diabled or an internal user exists, the system will set the user's email to the value in this attribute that is returned by the SAML login XML response..",
+				MarkdownDescription: "If `no_auto_user_creation` is diabled or an internal user exists, the system will set the user's email to the value in this attribute that is returned by the SAML login XML response.",
 			},
 			"group_attribute": schema.StringAttribute{
 				Optional: true,