diff --git a/.changes/v3.9.0/1013-improvements.md b/.changes/v3.9.0/1013-improvements.md new file mode 100644 index 000000000..bbbd89a21 --- /dev/null +++ b/.changes/v3.9.0/1013-improvements.md @@ -0,0 +1 @@ +* `vcd_org_group` adds `OAUTH` as an option to argument `provider_type` [GH-1013] \ No newline at end of file diff --git a/.changes/v3.9.0/984-improvements.md b/.changes/v3.9.0/984-improvements.md index abadf11b7..e9e9f78cb 100644 --- a/.changes/v3.9.0/984-improvements.md +++ b/.changes/v3.9.0/984-improvements.md @@ -1,2 +1,2 @@ * `vcd_external_network_v2` allows setting DNS fields `dns1`, `dns2` and `dns_suffix` for NSX-T - backed entities so that it can be inherited by direct Org VDC networks [GH-984] + backed entities so that it can be inherited by direct Org VDC networks [GH-984] \ No newline at end of file diff --git a/vcd/datasource_vcd_org_group.go b/vcd/datasource_vcd_org_group.go index b3f27772b..de49192fc 100644 --- a/vcd/datasource_vcd_org_group.go +++ b/vcd/datasource_vcd_org_group.go @@ -25,7 +25,7 @@ func datasourceVcdOrgGroup() *schema.Resource { "provider_type": { Type: schema.TypeString, Computed: true, - Description: "Identity provider type - 'SAML' or 'INTEGRATED' for local or LDAP", + Description: "Identity provider type for this this group. One of: 'INTEGRATED', 'SAML', 'OAUTH'.", }, "description": { Type: schema.TypeString, diff --git a/vcd/resource_vcd_org_group.go b/vcd/resource_vcd_org_group.go index 0f31612ee..df3cc413b 100644 --- a/vcd/resource_vcd_org_group.go +++ b/vcd/resource_vcd_org_group.go @@ -42,8 +42,8 @@ func resourceVcdOrgGroup() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, // VCD does not allow to change provider type - Description: "Identity provider type - 'SAML' or 'INTEGRATED' for LDAP", - ValidateFunc: validation.StringInSlice([]string{"SAML", "INTEGRATED"}, false), + Description: "Identity provider type for this this group. One of: 'INTEGRATED', 'SAML', 'OAUTH'.", + ValidateFunc: validation.StringInSlice([]string{"INTEGRATED", "SAML", "OAUTH"}, false), }, "description": { Type: schema.TypeString, diff --git a/website/docs/d/org_group.html.markdown b/website/docs/d/org_group.html.markdown index 68d4777d1..c12467f1e 100644 --- a/website/docs/d/org_group.html.markdown +++ b/website/docs/d/org_group.html.markdown @@ -8,7 +8,7 @@ description: |- # vcd\_org\_group -Provides a data source for VMware Cloud Director Organization Groups. This can be used to fetch organization groups already defined in `SAML` or `LDAP`. +Provides a data source for VMware Cloud Director Organization Groups. This can be used to fetch organization groups already defined in `SAML`, `OAUTH` or `LDAP`. Supported in provider *v3.6+* diff --git a/website/docs/r/org_group.html.markdown b/website/docs/r/org_group.html.markdown index ddbfa563a..ad08515f3 100644 --- a/website/docs/r/org_group.html.markdown +++ b/website/docs/r/org_group.html.markdown @@ -9,12 +9,12 @@ description: |- # vcd\_org\_group Provides a VMware Cloud Director Organization group. This can be used to create, update, and delete -organization groups defined in `SAML` or `LDAP`. +organization groups defined in `SAML`, `OAUTH` or `LDAP`. Supported in provider *v2.9+* ~> **Note:** This operation requires the rights included in the predefined `Organization -Administrator` role or an equivalent set of rights. `SAML` or `LDAP` must be configured as vCD +Administrator` role or an equivalent set of rights. `SAML`, `OAUTH` or `LDAP` must be configured as vCD does not support local groups and will return HTTP error 403 "This operation is denied." if selected `provider_type` is not configured. @@ -30,6 +30,18 @@ resource "vcd_org_group" "org1" { } ``` +## Example Usage to add OAUTH group + +```hcl +resource "vcd_org_group" "org1" { + org = "org1" + + provider_type = "OAUTH" + name = "Org1-AdminGroup" + role = "Organization Administrator" +} +``` + ## Example Usage to add LDAP group ```hcl @@ -50,7 +62,7 @@ The following arguments are supported: * `org` - (Optional) The name of organization to which the VDC belongs. Optional if defined at provider level. * `name` - (Required) A unique name for the group. * `description` - (Optional) The description of Organization group -* `provider_type` - (Required) Identity provider type for this this group. One of `SAML` or +* `provider_type` - (Required) Identity provider type for this this group. One of `SAML`, `OAUTH` or `INTEGRATED`. **Note** `LDAP` must be configured to create `INTEGRATED` groups and names must match `LDAP` group names. If LDAP is not configured - it will return 403 errors. * `role` - (Required) The role of the group. Role names can be retrieved from the organization. Both built-in roles and