Summary
Following the implementation of sysdig_sso_openid and sysdig_sso_saml resources (#688), add support for the remaining SSO-related Platform API endpoints.
Proposed Changes
1. New Resource: sysdig_sso_group_mapping
API Endpoint: /platform/v1/group-mappings
Maps IdP groups to Sysdig teams and roles.
Schema:
| Field |
Type |
Required |
Description |
group_name |
string |
Yes |
External IdP group name (max 256 chars) |
standard_team_role |
enum |
No* |
ROLE_TEAM_NONE, ROLE_TEAM_READ, ROLE_TEAM_SERVICE_MANAGER, ROLE_TEAM_STANDARD, ROLE_TEAM_EDIT, ROLE_TEAM_MANAGER |
custom_team_role_id |
int |
No* |
Custom team role ID |
is_admin |
bool |
No |
Admin group flag (default: false) |
team_map.is_for_all_teams |
bool |
Yes |
Map to all teams |
team_map.team_ids |
list(int) |
No |
Specific team IDs (required if is_for_all_teams=false) |
weight |
int |
No |
Priority 1-32767, lower = higher priority (default: 32767) |
* standard_team_role and custom_team_role_id are mutually exclusive
Deprecates: sysdig_group_mapping
2. New Resource: sysdig_sso_group_mapping_settings
API Endpoint: /platform/v1/group-mappings/settings
Global settings for how group mappings behave.
Schema:
| Field |
Type |
Required |
Description |
no_mapping_strategy |
enum |
Yes |
UNAUTHORIZED, DEFAULT_TEAM_DEFAULT_ROLE, NO_MAPPINGS_ERROR_REDIRECT |
different_roles_same_team_strategy |
enum |
Yes |
UNAUTHORIZED, FIRST_MATCH, WEIGHTED, WEIGHTED_BY_TEAM |
no_mappings_error_redirect_url |
string |
No |
Redirect URL (max 2048 chars, only for NO_MAPPINGS_ERROR_REDIRECT) |
Deprecates: sysdig_group_mapping_config
3. New Resource: sysdig_sso_global_settings
API Endpoint: /platform/v1/global-sso-settings/{product}
Global SSO configuration per product.
Schema:
| Field |
Type |
Required |
Description |
product |
enum |
Yes |
monitor or secure |
is_password_login_enabled |
bool |
Yes |
Enable/disable password login when SSO is active |
References
Summary
Following the implementation of
sysdig_sso_openidandsysdig_sso_samlresources (#688), add support for the remaining SSO-related Platform API endpoints.Proposed Changes
1. New Resource:
sysdig_sso_group_mappingAPI Endpoint:
/platform/v1/group-mappingsMaps IdP groups to Sysdig teams and roles.
Schema:
group_namestandard_team_rolecustom_team_role_idis_adminteam_map.is_for_all_teamsteam_map.team_idsweight*
standard_team_roleandcustom_team_role_idare mutually exclusiveDeprecates:
sysdig_group_mapping2. New Resource:
sysdig_sso_group_mapping_settingsAPI Endpoint:
/platform/v1/group-mappings/settingsGlobal settings for how group mappings behave.
Schema:
no_mapping_strategydifferent_roles_same_team_strategyno_mappings_error_redirect_urlDeprecates:
sysdig_group_mapping_config3. New Resource:
sysdig_sso_global_settingsAPI Endpoint:
/platform/v1/global-sso-settings/{product}Global SSO configuration per product.
Schema:
productmonitororsecureis_password_login_enabledReferences