Merge pull request #253 from aquasecurity/SLK-73211-terraform-provide…

…r-bug-terraform-for-role-mapping-doesnt-accept-commas SLK-73211 - Change split separator for role mapping
aquasecurity · Dec 26, 2023 · e35bcdb · e35bcdb
2 parents 51dc661 + 06c718a
commit e35bcdb
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/aquasec/resource_role_mapping.go b/aquasec/resource_role_mapping.go
@@ -24,7 +24,7 @@ func resourceRoleMapping() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"role_mapping": {
 							Type:        schema.TypeMap,
-							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua",
+							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.",
 							Elem: &schema.Schema{
 								Type: schema.TypeString,
 							},
@@ -43,7 +43,7 @@ func resourceRoleMapping() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"role_mapping": {
 							Type:        schema.TypeMap,
-							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua",
+							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.",
 							Elem: &schema.Schema{
 								Type: schema.TypeString,
 							},
@@ -62,7 +62,7 @@ func resourceRoleMapping() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"role_mapping": {
 							Type:        schema.TypeMap,
-							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua",
+							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.",
 							Elem: &schema.Schema{
 								Type: schema.TypeString,
 							},
@@ -81,7 +81,7 @@ func resourceRoleMapping() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"role_mapping": {
 							Type:        schema.TypeMap,
-							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua",
+							Description: "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.",
 							Elem: &schema.Schema{
 								Type: schema.TypeString,
 							},

diff --git a/aquasec/resource_sso.go b/aquasec/resource_sso.go
@@ -356,7 +356,7 @@ func convertRoleMapping(m map[string]interface{}) map[string][]string {
 
 	if len(m["role_mapping"].(map[string]interface{})) > 0 {
 		for key, element := range m["role_mapping"].(map[string]interface{}) {
-			elementArry := strings.Split(element.(string), ",")
+			elementArry := strings.Split(element.(string), "|")
 			roleMapping[key] = elementArry
 		}
 	}

diff --git a/docs/resources/role_mapping.md b/docs/resources/role_mapping.md
@@ -17,6 +17,7 @@ resource "aquasec_role_mapping" "role_mapping" {
     saml {
         role_mapping = {
             Administrator = "group1"
+            Scanner       = "group2|group3"
         }
     }
 }
@@ -45,28 +46,28 @@ output "role_mapping" {
 
 Required:
 
-- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua
+- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.
 
 
 <a id="nestedblock--oauth2"></a>
 ### Nested Schema for `oauth2`
 
 Required:
 
-- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua
+- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.
 
 
 <a id="nestedblock--openid"></a>
 ### Nested Schema for `openid`
 
 Required:
 
-- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua
+- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.
 
 
 <a id="nestedblock--saml"></a>
 ### Nested Schema for `saml`
 
 Required:
 
-- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua
+- `role_mapping` (Map of String) Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.
diff --git a/examples/resources/aquasec_role_mapping/resource.tf b/examples/resources/aquasec_role_mapping/resource.tf
@@ -2,6 +2,7 @@ resource "aquasec_role_mapping" "role_mapping" {
     saml {
         role_mapping = {
             Administrator = "group1"
+            Scanner       = "group2|group3"
         }
     }
 }