这是indexloc提供的服务,不要输入任何密码
Skip to content

[vercel_team_config] Fix saml dsync for access groups #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Apr 29, 2025
Merged

[vercel_team_config] Fix saml dsync for access groups #298

merged 10 commits into from
Apr 29, 2025

Conversation

kitfoster
Copy link
Collaborator

@kitfoster kitfoster commented Apr 14, 2025
edited
Loading

At the moment, the vercel_team_config resource incorrectly implements Access Group support. If a team has SAML roles mapped access groups, the provider deletes the mappings.

This is a breaking change

steps for upgrading 👇

  1. Update schema for vercel_team_config.saml
    1. If vercel_team_config.saml.access_group_id is specified: remove it
    2. If vercel_team_config.saml.roles is specified: change the values of the object from strings to objects with the format { role = "<role e.g. VIEWER>" } | { access_group_id = "<access_group_id>" }
  2. Refresh the terraform state with terraform refresh or terraform apply
// before
resource "vercel_team_config" "test_team" {
  ...
  saml = {
    enforced = <boolean>
    access_group_id = "<access_group_id>"
    roles = {
     <directory_group_id> = "<role e.g. VIEWER>"
    }
  }
}

// after
resource "vercel_team_config" "test_team" {
  ...
  saml = {
    enforced = <boolean>
    roles = {
      <directory_group_id> = {
        role = "<role e.g. VIEWER>"
      }
      <directory_group_id> = {
        access_group_id = "<access_group_id>"
      }
    }
  }
}

@kitfoster kitfoster changed the title Fix saml access groups [vercel_team_config] Fix saml dsync for access groups Apr 14, 2025
kitfoster
kitfoster commented Apr 14, 2025
View reviewed changes
jarneson
jarneson reviewed Apr 14, 2025
View reviewed changes
@kitfoster kitfoster marked this pull request as ready for review April 25, 2025 08:47
dglsparsons
dglsparsons reviewed Apr 25, 2025
View reviewed changes
@dglsparsons dglsparsons force-pushed the fix-saml-access-groups branch from 2d1784a to cfdd691 Compare April 28, 2025 15:45
@kitfoster
Copy link
Collaborator Author

kitfoster commented Apr 29, 2025
edited
Loading

The tests currently have a failure, as the schema upgrade from 0 to 1 means that terraform apply performs a refresh. This shows that the resource will be updated in place. The upgrade steps show that a terraform apply or terraform refresh is required for the new version, so this is an expected failure

 # vercel_team_config.test_team will be updated in-place
  ~ resource "vercel_team_config" "test_team" {
      + email_domain                          = (known after apply)
        id                                    = "<id>"
        name                                  = "<name>"
      + preview_deployment_suffix             = (known after apply)
        # (10 unchanged attributes hidden)
    }

@kitfoster kitfoster merged commit bc29013 into main Apr 29, 2025
3 of 5 checks passed
@kitfoster kitfoster deleted the fix-saml-access-groups branch April 29, 2025 08:22
@kitfoster kitfoster mentioned this pull request Apr 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jarneson jarneson jarneson left review comments

@dglsparsons dglsparsons dglsparsons approved these changes

@craigandrews craigandrews Awaiting requested review from craigandrews craigandrews is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kitfoster @jarneson @dglsparsons