From 8c95aab2c9ccedde749a2fa6dd92c652dd99950d Mon Sep 17 00:00:00 2001 From: Jonas Courteau Date: Mon, 13 Sep 2021 15:58:26 -0700 Subject: [PATCH 1/4] resource/aws_elasticsearch_domain_saml_option: Change `subject_key` match the AWS-side default of `""` - an empty string. --- .changelog/WIP.txt | 3 +++ internal/service/elasticsearch/domain_saml_options.go | 2 +- website/docs/r/elasticsearch_domain_saml_options.html.markdown | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 .changelog/WIP.txt diff --git a/.changelog/WIP.txt b/.changelog/WIP.txt new file mode 100644 index 000000000000..1d00cb499009 --- /dev/null +++ b/.changelog/WIP.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_elasticsearch_domain_saml_option: Change `subject_key` match the AWS-side default of `""` - an empty string. +``` diff --git a/internal/service/elasticsearch/domain_saml_options.go b/internal/service/elasticsearch/domain_saml_options.go index c7b735121d73..8d04cb7b338d 100644 --- a/internal/service/elasticsearch/domain_saml_options.go +++ b/internal/service/elasticsearch/domain_saml_options.go @@ -92,7 +92,7 @@ func ResourceDomainSAMLOptions() *schema.Resource { "subject_key": { Type: schema.TypeString, Optional: true, - Default: "NameID", + Default: "", DiffSuppressFunc: elasticsearchDomainSamlOptionsDiffSupress, }, }, diff --git a/website/docs/r/elasticsearch_domain_saml_options.html.markdown b/website/docs/r/elasticsearch_domain_saml_options.html.markdown index 8abf58c3e854..d85af204f77e 100644 --- a/website/docs/r/elasticsearch_domain_saml_options.html.markdown +++ b/website/docs/r/elasticsearch_domain_saml_options.html.markdown @@ -62,7 +62,7 @@ The following arguments are optional: * `master_user_name` - (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. * `roles_key` - (Optional) Element of the SAML assertion to use for backend roles. Default is roles. * `session_timeout_minutes` - (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. -* `subject_key` - (Optional) Element of the SAML assertion to use for username. Default is NameID. +* `subject_key` - (Optional) Custom SAML attribute to use for user names. Default is an empty string - `""`. This will cause Elasticsearch to use the `NameID` element of the `Subject`, which is the default location for name identifiers in the SAML specification. #### idp From f0f55a1ac30c9a1b36014e04628ff9901506beba Mon Sep 17 00:00:00 2001 From: Jonas Courteau Date: Mon, 13 Sep 2021 17:25:55 -0700 Subject: [PATCH 2/4] rename changelog to match the PR --- .changelog/{WIP.txt => 20892.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{WIP.txt => 20892.txt} (100%) diff --git a/.changelog/WIP.txt b/.changelog/20892.txt similarity index 100% rename from .changelog/WIP.txt rename to .changelog/20892.txt From bf113c30dab7fca81752627967f999e0a3f70b58 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 25 Mar 2022 18:11:15 -0400 Subject: [PATCH 3/4] Fix case --- .../service/elasticsearch/domain_saml_options_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/service/elasticsearch/domain_saml_options_test.go b/internal/service/elasticsearch/domain_saml_options_test.go index 27c2aac5eed2..0c9ea854c650 100644 --- a/internal/service/elasticsearch/domain_saml_options_test.go +++ b/internal/service/elasticsearch/domain_saml_options_test.go @@ -14,7 +14,7 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) -func TestAccElasticsearchDomainSamlOptions_basic(t *testing.T) { +func TestAccElasticsearchDomainSAMLOptions_basic(t *testing.T) { var domain elasticsearch.ElasticsearchDomainStatus rName := sdkacctest.RandomWithPrefix("acc-test") @@ -50,7 +50,7 @@ func TestAccElasticsearchDomainSamlOptions_basic(t *testing.T) { }) } -func TestAccElasticsearchDomainSamlOptions_disappears(t *testing.T) { +func TestAccElasticsearchDomainSAMLOptions_disappears(t *testing.T) { rName := sdkacctest.RandomWithPrefix("acc-test") rUserName := sdkacctest.RandomWithPrefix("es-master-user") idpEntityId := fmt.Sprintf("https://%s", acctest.RandomDomainName()) @@ -75,7 +75,7 @@ func TestAccElasticsearchDomainSamlOptions_disappears(t *testing.T) { }) } -func TestAccElasticsearchDomainSamlOptions_disappears_Domain(t *testing.T) { +func TestAccElasticsearchDomainSAMLOptions_disappears_Domain(t *testing.T) { rName := sdkacctest.RandomWithPrefix("acc-test") rUserName := sdkacctest.RandomWithPrefix("es-master-user") idpEntityId := fmt.Sprintf("https://%s", acctest.RandomDomainName()) @@ -101,7 +101,7 @@ func TestAccElasticsearchDomainSamlOptions_disappears_Domain(t *testing.T) { }) } -func TestAccElasticsearchDomainSamlOptions_Update(t *testing.T) { +func TestAccElasticsearchDomainSAMLOptions_Update(t *testing.T) { rName := sdkacctest.RandomWithPrefix("acc-test") rUserName := sdkacctest.RandomWithPrefix("es-master-user") idpEntityId := fmt.Sprintf("https://%s", acctest.RandomDomainName()) @@ -135,7 +135,7 @@ func TestAccElasticsearchDomainSamlOptions_Update(t *testing.T) { }) } -func TestAccElasticsearchDomainSamlOptions_Disabled(t *testing.T) { +func TestAccElasticsearchDomainSAMLOptions_Disabled(t *testing.T) { rName := sdkacctest.RandomWithPrefix("acc-test") rUserName := sdkacctest.RandomWithPrefix("es-master-user") idpEntityId := fmt.Sprintf("https://%s", acctest.RandomDomainName()) From ec69c277f74b30d59dfdb502a2392284bc023fe2 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 25 Mar 2022 18:14:21 -0400 Subject: [PATCH 4/4] Update changelog --- .changelog/20892.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/20892.txt b/.changelog/20892.txt index 1d00cb499009..def01eb55c63 100644 --- a/.changelog/20892.txt +++ b/.changelog/20892.txt @@ -1,3 +1,3 @@ ```release-note:bug -resource/aws_elasticsearch_domain_saml_option: Change `subject_key` match the AWS-side default of `""` - an empty string. +resource/aws_elasticsearch_domain_saml_option: Fix difference caused by `subject_key` default not matching AWS default; old and new defaults are equivalent ```