Merge pull request #39060 from ablackrw/f-aws_workspaces_directory-sa…

…ml_properties

Add aws_workspaces_directory.saml_properties

.changelog/39060.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+data-source/aws_workspaces_directory: Add `saml_properties` attribute
+```
+
+```release-note:enhancement
+resource/aws_workspaces_directory: Add `saml_properties` configuration block
+```

internal/service/workspaces/README.md

@@ -2,6 +2,21 @@
 
 This area is primarily for AWS provider contributors and maintainers. For information on _using_ Terraform and the AWS provider, see the links below.
 
+Acceptance tests for the following resource types are bundled into the `TestAccWorkSpaces_serial` test:
+
+* `aws_workspaces_directory`
+* `aws_workspaces_ip_group`
+* `aws_workspaces_workspace`
+
+Acceptance tests for the following data sources are bundled into the `TestAccWorkSpacesDataSource_serial` test:
+
+* `aws_workspaces_bundle`
+* `aws_workspaces_directory`
+* `aws_workspaces_image`
+* `aws_workspaces_workspace`
+
+To invoke specific tests in a bundle, use the subtest specification syntax (`/<Package>` or `/<Package>/<test>`).
+
 ## Handy Links
 
 * [Find out about contributing](https://hashicorp.github.io/terraform-provider-aws/#contribute) to the AWS provider!

internal/service/workspaces/directory.go

@@ -81,6 +81,31 @@ func resourceDirectory() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"saml_properties": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"relay_state_parameter_name": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "RelayState",
+						},
+						names.AttrStatus: {
+							Type:             schema.TypeString,
+							Optional:         true,
+							Default:          types.SamlStatusEnumDisabled,
+							ValidateDiagFunc: enum.Validate[types.SamlStatusEnum](),
+						},
+						"user_access_url": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
 			"self_service_permissions": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -253,6 +278,19 @@ func resourceDirectoryCreate(ctx context.Context, d *schema.ResourceData, meta i
 		return sdkdiag.AppendErrorf(diags, "waiting for WorkSpaces Directory (%s) create: %s", d.Id(), err)
 	}
 
+	if v, ok := d.GetOk("saml_properties"); ok {
+		input := &workspaces.ModifySamlPropertiesInput{
+			ResourceId:     aws.String(d.Id()),
+			SamlProperties: expandSAMLProperties(v.([]interface{})),
+		}
+
+		_, err := conn.ModifySamlProperties(ctx, input)
+
+		if err != nil {
+			return sdkdiag.AppendErrorf(diags, "setting WorkSpaces Directory (%s) SAML properties: %s", d.Id(), err)
+		}
+	}
+
 	if v, ok := d.GetOk("self_service_permissions"); ok {
 		input := &workspaces.ModifySelfservicePermissionsInput{
 			ResourceId:             aws.String(d.Id()),
@@ -335,6 +373,9 @@ func resourceDirectoryRead(ctx context.Context, d *schema.ResourceData, meta int
 	if err := d.Set("self_service_permissions", flattenSelfservicePermissions(directory.SelfservicePermissions)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting self_service_permissions: %s", err)
 	}
+	if err := d.Set("saml_properties", flattenSAMLProperties(directory.SamlProperties)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting saml_properties: %s", err)
+	}
 	d.Set(names.AttrSubnetIDs, directory.SubnetIds)
 	if err := d.Set("workspace_access_properties", flattenWorkspaceAccessProperties(directory.WorkspaceAccessProperties)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting workspace_access_properties: %s", err)
@@ -351,6 +392,31 @@ func resourceDirectoryUpdate(ctx context.Context, d *schema.ResourceData, meta i
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).WorkSpacesClient(ctx)
 
+	if d.HasChange("saml_properties") {
+		tfListSAMLProperties := d.Get("saml_properties").([]interface{})
+		tfMap := tfListSAMLProperties[0].(map[string]interface{})
+
+		var dels []types.DeletableSamlProperty
+		if tfMap["relay_state_parameter_name"].(string) == "" {
+			dels = append(dels, types.DeletableSamlPropertySamlPropertiesRelayStateParameterName)
+		}
+		if tfMap["user_access_url"].(string) == "" {
+			dels = append(dels, types.DeletableSamlPropertySamlPropertiesUserAccessUrl)
+		}
+
+		input := &workspaces.ModifySamlPropertiesInput{
+			PropertiesToDelete: dels,
+			ResourceId:         aws.String(d.Id()),
+			SamlProperties:     expandSAMLProperties(tfListSAMLProperties),
+		}
+
+		_, err := conn.ModifySamlProperties(ctx, input)
+
+		if err != nil {
+			return sdkdiag.AppendErrorf(diags, "updating WorkSpaces Directory (%s) SAML properties: %s", d.Id(), err)
+		}
+	}
+
 	if d.HasChange("self_service_permissions") {
 		input := &workspaces.ModifySelfservicePermissionsInput{
 			ResourceId:             aws.String(d.Id()),
@@ -614,6 +680,29 @@ func expandWorkspaceAccessProperties(tfList []interface{}) *types.WorkspaceAcces
 	return apiObject
 }
 
+func expandSAMLProperties(tfList []interface{}) *types.SamlProperties {
+	if len(tfList) == 0 || tfList[0] == nil {
+		return nil
+	}
+
+	tfMap := tfList[0].(map[string]interface{})
+	apiObject := &types.SamlProperties{}
+
+	if tfMap["relay_state_parameter_name"].(string) != "" {
+		apiObject.RelayStateParameterName = aws.String(tfMap["relay_state_parameter_name"].(string))
+	}
+
+	if tfMap[names.AttrStatus].(string) != "" {
+		apiObject.Status = types.SamlStatusEnum(tfMap[names.AttrStatus].(string))
+	}
+
+	if tfMap["user_access_url"].(string) != "" {
+		apiObject.UserAccessUrl = aws.String(tfMap["user_access_url"].(string))
+	}
+
+	return apiObject
+}
+
 func expandSelfservicePermissions(tfList []interface{}) *types.SelfservicePermissions {
 	if len(tfList) == 0 || tfList[0] == nil {
 		return nil
@@ -697,6 +786,20 @@ func flattenWorkspaceAccessProperties(apiObject *types.WorkspaceAccessProperties
 	}
 }
 
+func flattenSAMLProperties(apiObject *types.SamlProperties) []interface{} {
+	if apiObject == nil {
+		return []interface{}{}
+	}
+
+	return []interface{}{
+		map[string]interface{}{
+			"relay_state_parameter_name": aws.ToString(apiObject.RelayStateParameterName),
+			names.AttrStatus:             apiObject.Status,
+			"user_access_url":            aws.ToString(apiObject.UserAccessUrl),
+		},
+	}
+}
+
 func flattenSelfservicePermissions(apiObject *types.SelfservicePermissions) []interface{} {
 	if apiObject == nil {
 		return []interface{}{}

internal/service/workspaces/directory_data_source.go

@@ -59,6 +59,26 @@ func dataSourceDirectory() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"saml_properties": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"relay_state_parameter_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						names.AttrStatus: {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"user_access_url": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 			"self_service_permissions": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -192,6 +212,9 @@ func dataSourceDirectoryRead(ctx context.Context, d *schema.ResourceData, meta i
 	if err := d.Set("self_service_permissions", flattenSelfservicePermissions(directory.SelfservicePermissions)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting self_service_permissions: %s", err)
 	}
+	if err := d.Set("saml_properties", flattenSAMLProperties(directory.SamlProperties)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting saml_properties: %s", err)
+	}
 	d.Set(names.AttrSubnetIDs, directory.SubnetIds)
 	if err := d.Set("workspace_access_properties", flattenWorkspaceAccessProperties(directory.WorkspaceAccessProperties)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting workspace_access_properties: %s", err)

internal/service/workspaces/directory_data_source_test.go

@@ -44,6 +44,10 @@ func testAccDirectoryDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(dataSourceName, "iam_role_id", resourceName, "iam_role_id"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "ip_group_ids", resourceName, "ip_group_ids"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "registration_code", resourceName, "registration_code"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "saml_properties.#", resourceName, "saml_properties.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "saml_properties.0.relay_state_parameter_name", resourceName, "saml_properties.0.relay_state_parameter_name"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "saml_properties.0.status", resourceName, "saml_properties.0.status"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "saml_properties.0.user_access_url", resourceName, "saml_properties.0.user_access_url"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "self_service_permissions.#", resourceName, "self_service_permissions.#"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "self_service_permissions.0.change_compute_type", resourceName, "self_service_permissions.0.change_compute_type"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "self_service_permissions.0.increase_volume_size", resourceName, "self_service_permissions.0.increase_volume_size"),
@@ -90,6 +94,12 @@ resource "aws_security_group" "test" {
 resource "aws_workspaces_directory" "test" {
   directory_id = aws_directory_service_directory.main.id
 
+  saml_properties {
+    relay_state_parameter_name = "LinkMode"
+    status                     = "ENABLED"
+    user_access_url            = "https://sso.%[2]s/"
+  }
+
   self_service_permissions {
     change_compute_type  = false
     increase_volume_size = true
@@ -129,5 +139,5 @@ data "aws_workspaces_directory" "test" {
 data "aws_iam_role" "workspaces-default" {
   name = "workspaces_DefaultRole"
 }
-`, rName))
+`, rName, domain))
 }