AxtonGrams · jschoombee · Nov 18, 2024 · Jul 26, 2024 · Jul 26, 2024 · Jul 29, 2024
@@ -0,0 +1,124 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wiz_saml_group_mapping Resource - terraform-provider-wiz"
+subcategory: ""
+description: |-
+  Configure SAML Group Role Mapping. When using SSO to authenticate with Wiz, you can map group memberships in SAML assertions to Wiz roles across specific scopes.
+---
+
+# wiz_saml_group_mapping (Resource)
+
+Configure SAML Group Role Mapping. When using SSO to authenticate with Wiz, you can map group memberships in SAML assertions to Wiz roles across specific scopes.
+
+## Example Usage
+
+```terraform
+# Configure SAML Group Role Mapping on a global scope
+resource "wiz_saml_group_mapping" "test_global_scope" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "global-reader-group-id"
+      role              = "PROJECT_READER"
+    }
+  ]
+}
+
+# Configure SAML Group Role Mapping for a single project
+resource "wiz_saml_group_mapping" "test_single_project" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "admin-group-id"
+      role              = "PROJECT_ADMIN"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786"
+      ]
+    }
+  ]
+}
+
+# Configure SAML Group Role Mapping for multiple projects
+resource "wiz_saml_group_mapping" "test_multi_project" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "member-group-id"
+      role              = "PROJECT_MEMBER"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786",
+        "e7f6542c-81f6-43cf-af48-bdd77f09650d"
+      ]
+    }
+  ]
+}
+
+# Configure multiple SAML Group Role Mappings
+resource "wiz_saml_group_mapping" "test_multi_mappings" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "global-reader-group-id"
+      role              = "PROJECT_READER"
+    },
+    {
+      provider_group_id = "admin-group-id"
+      role              = "PROJECT_ADMIN"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786"
+      ]
+    },
+    {
+      provider_group_id = "member-group-id"
+      role              = "PROJECT_MEMBER"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786",
+        "e7f6542c-81f6-43cf-af48-bdd77f09650d"
+      ]
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_mapping` (Block Set, Min: 1) (see [below for nested schema](#nestedblock--group_mapping))
+- `saml_idp_id` (String) Identifier for the Saml Provider
+
+### Read-Only
+
+- `id` (String) Unique tf-internal identifier for the saml group mapping
+
+<a id="nestedblock--group_mapping"></a>
+### Nested Schema for `group_mapping`
+
+Required:
+
+- `provider_group_id` (String) Provider group ID
+- `role` (String) Wiz Role name
+
+Optional:
+
+- `projects` (List of String) Project mapping
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# The id for importing resources has to be in this format: 'mapping|<saml_idp_id>|<provider_group_id>:<project_ids>:<role>#...'.
+# Import with saml mapping to multiple projects
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a,ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_READER"
+
+# Import with mapping to single project
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER"
+
+# Import with global mapping
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7::PROJECT_READER"
+
+# Import with multiple group mappings
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER#12345678-1234-1234-1234-123456789012:ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_WRITER"
+```
@@ -0,0 +1,12 @@
+# The id for importing resources has to be in this format: 'mapping|<saml_idp_id>|<provider_group_id>:<project_ids>:<role>#...'.
+# Import with saml mapping to multiple projects
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a,ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_READER"
+
+# Import with mapping to single project
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER"
+
+# Import with global mapping
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7::PROJECT_READER"
+
+# Import with multiple group mappings
+terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER#12345678-1234-1234-1234-123456789012:ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_WRITER"
@@ -0,0 +1,65 @@
+# Configure SAML Group Role Mapping on a global scope
+resource "wiz_saml_group_mapping" "test_global_scope" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "global-reader-group-id"
+      role              = "PROJECT_READER"
+    }
+  ]
+}
+
+# Configure SAML Group Role Mapping for a single project
+resource "wiz_saml_group_mapping" "test_single_project" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "admin-group-id"
+      role              = "PROJECT_ADMIN"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786"
+      ]
+    }
+  ]
+}
+
+# Configure SAML Group Role Mapping for multiple projects
+resource "wiz_saml_group_mapping" "test_multi_project" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "member-group-id"
+      role              = "PROJECT_MEMBER"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786",
+        "e7f6542c-81f6-43cf-af48-bdd77f09650d"
+      ]
+    }
+  ]
+}
+
+# Configure multiple SAML Group Role Mappings
+resource "wiz_saml_group_mapping" "test_multi_mappings" {
+  saml_idp_id = "test-saml-identity-provider"
+  group_mappings = [
+    {
+      provider_group_id = "global-reader-group-id"
+      role              = "PROJECT_READER"
+    },
+    {
+      provider_group_id = "admin-group-id"
+      role              = "PROJECT_ADMIN"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786"
+      ]
+    },
+    {
+      provider_group_id = "member-group-id"
+      role              = "PROJECT_MEMBER"
+      projects = [
+        "ee25cc95-82b0-4543-8934-5bc655b86786",
+        "e7f6542c-81f6-43cf-af48-bdd77f09650d"
+      ]
+    }
+  ]
+}
@@ -27,4 +27,6 @@ const (
 	TcCloudConfigRule TestCase = "CLOUD_CONFIG_RULE"
 	// TcProjectCloudAccountLink test case
 	TcProjectCloudAccountLink = "PROJECT_CLOUD_ACCOUNT_LINK"
+	// TcSAMLGroupMapping test case
+	TcSAMLGroupMapping TestCase = "SAML_GROUP_MAPPING"
 )
@@ -49,6 +49,8 @@ func testAccPreCheck(t *testing.T, tc TestCase) {
 		envVars = append(commonEnvVars, "WIZ_PROJECT_ID")
 	case TcProjectCloudAccountLink:
 		envVars = append(commonEnvVars, "WIZ_PROJECT_ID", "WIZ_SUBSCRIPTION_ID")
+	case TcSAMLGroupMapping:
+		envVars = append(commonEnvVars, "WIZ_PROJECT_ID", "WIZ_PROVIDER_GROUP_ID", "WIZ_SAML_IDP_ID")
 	default:
 		t.Fatalf("unknown testCase: %s", tc)
 	}

@@ -0,0 +1,56 @@
+package acceptance
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccResourceWizSAMLGroupMapping_basic(t *testing.T) {
+	samlIdpID := os.Getenv("WIZ_SAML_IDP_ID")
+	providerGroupID := os.Getenv("WIZ_PROVIDER_GROUP_ID")
+	projectID := os.Getenv("WIZ_PROJECT_ID")
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t, TcSAMLGroupMapping) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testResourceWizSAMLGroupMappingBasic(samlIdpID, providerGroupID, projectID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"wiz_saml_group_mapping.foo",
+						"saml_idp_id",
+						samlIdpID,
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_saml_group_mapping.foo",
+						"group_mapping.0.provider_group_id",
+						providerGroupID,
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_saml_group_mapping.foo",
+						"group_mapping.0.projects.0",
+						projectID,
+					),
+				),
+			},
+		},
+	})
+}
+
+func testResourceWizSAMLGroupMappingBasic(samlIdpID string, providerGroupID string, projectID string) string {
+	return fmt.Sprintf(`
+		resource "wiz_saml_group_mapping" "foo" {
+		  saml_idp_id = "%s"
+		  group_mapping {
+			provider_group_id = "%s"
+			role = "PROJECT_READER"
+			projects = [
+			  "%s"
+			]
+		  }
+		}`, samlIdpID, providerGroupID, projectID)
+}
@@ -299,6 +299,7 @@ yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/
 				"wiz_report_graph_query":                       resourceWizReportGraphQuery(),
 				"wiz_project":                                  resourceWizProject(),
 				"wiz_saml_idp":                                 resourceWizSAMLIdP(),
+				"wiz_saml_group_mapping":                       resourceWizSAMLGroupMapping(),
 				"wiz_security_framework":                       resourceWizSecurityFramework(),
 				"wiz_service_account":                          resourceWizServiceAccount(),
 				"wiz_user":                                     resourceWizUser(),