Skip to main content

Ресурс selectel_iam_oidc_federation_group_mappings_v1

Last update:
For your information

Эта инструкция — копия документации Selectel Terraform-провайдера в Terraform Registry.

Manages OIDC federation group mappings for Selectel products using public API v1. Selectel products support Identity and Access Management (IAM). For more information about group mappings, see the official Selectel documentation.

Example Usage

resource "selectel_iam_group_v1" "group_1" {
  name = "Group name"

  role {
    role_name = "reader"
    scope     = "account"
  }
}

resource "selectel_iam_oidc_federation_v1" "federation_1" {
  name                  = "Federation name"
  description           = "Federation description"
  issuer                = "https://idp.example.com/realms/master"
  client_id             = "my-client-id"
  client_secret         = "my-client-secret"
  auth_url              = "https://idp.example.com/realms/master/protocol/openid-connect/auth"
  token_url             = "https://idp.example.com/realms/master/protocol/openid-connect/token"
  jwks_url              = "https://idp.example.com/realms/master/protocol/openid-connect/certs"
  session_max_age_hours = 24
}

resource "selectel_iam_oidc_federation_group_mappings_v1" "group_mappings_1" {
  federation_id = selectel_iam_oidc_federation_v1.federation_1.id

  group_mapping {
    internal_group_id = selectel_iam_group_v1.group_1.id
    external_group_id = "external-group-1"
  }
}

Argument Reference

  • federation_id - (Required) Unique identifier of the federation, for example, abc1bb378ac84e1234b869b77aadd2ab. To get the federation ID, in the Control Panel, go to AccountFederations → copy the ID under the federation name.

  • group_mapping - (Required) Defines mappings between internal IAM groups and external identity provider groups. You can add multiple mappings – each mapping in a separate block.

    • internal_group_id - (Required) Internal IAM group ID.

    • external_group_id - (Required) External identity provider group ID.

Attributes Reference

  • id - Resource ID. Equals the federation_id value.

Import

You can import OIDC Federation group mappings:

export OS_DOMAIN_NAME=<account_id>
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
terraform import selectel_iam_oidc_federation_group_mappings_v1.group_mappings_1 <federation_id>

where:

  • <account_id> — Selectel account ID. The account ID is in the top right corner of the Control panel. Learn more about Registration.

  • <username> — Name of the service user. To get the name, in the Control panel, go to Account ⟶ the Service users tab ⟶ copy the name of the required user. Learn more about Service Users.

  • <password> — Password of the service user.

  • <federation_id> — Unique identifier of the federation, for example, abc1bb378ac84e1234b869b77aadd2ab. To get the federation ID, in the Control Panel, go to AccountFederations → copy the ID under the federation name.