extend iam saml to pass url

iam-saml/README.md

@@ -65,6 +65,8 @@ No modules.
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
+| <a name="input_idp_metadata_selector"></a> [idp\_metadata\_selector](#input\_idp\_metadata\_selector) | URL Query parameter for selecting urn:amazon:webservices string for EW or gov | `string` | `"PID="` | no |
+| <a name="input_idp_metadata_url"></a> [idp\_metadata\_url](#input\_idp\_metadata\_url) | ID Provider Metadata URL | `string` | `null` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_saml_provider_name"></a> [saml\_provider\_name](#input\_saml\_provider\_name) | SAML Provider Name | `string` | `"Census_TCO_IDMS"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |

iam-saml/bin/external_get-saml-metadata.sh

@@ -1,16 +1,18 @@
 #!/bin/bash
 
+VERSION="1.1.0"
+
 #set -e
-eval "$(jq -r '@sh "AWS_ENVIRONMENT=\(.aws_environment) OUTPUT=\(.output_file) URL_PREFIX=\(.url_prefix)"')"
+eval "$(jq -r '@sh "AWS_ENVIRONMENT=\(.aws_environment) OUTPUT=\(.output_file) URL=\(.url) URL_SELECTOR=\(.url_selector)"')"
 
 if [[ -z $AWS_ENVIRONMENT ]] || [[ "$AWS_ENVIRONMENT" == "null" ]]
 then
   AWS_ENVIRONMENT="east-west"
 fi
 
-if [[ -z "$URL_PREFIX" ]] || [[ "$URL_PREFIX" == "null" ]]
+if [[ -z "$URL" ]] || [[ "$URL" == "null" ]]
 then
-  URL_PREFIX="https://id-provider.tco.census.gov/nidp/saml2/metadata?PID="
+  URL="https://id-provider.tco.census.gov/nidp/saml2/metadata"
 fi
 
 if [[ $AWS_ENVIRONMENT == "east-west" ]] || [[ $AWS_ENVIRONMENT == "ew" ]]
@@ -41,14 +43,26 @@ fi
 
 # if output file exists, do not re-run this
 
+if [ "$URL_SELECTOR" = "null" ]
+then
+  URL_SELECTOR=""
+fi
+
+if [ ! -z "$URL_SELECTOR" ]
+then
+  FULL_URL="${URL}?${URL_SELECTOR}${SELECT}"
+else
+  FULL_URL=$URL
+fi
+
 if [ ! -r $OUTPUT ]
 then
-  URL="${URL_PREFIX}${SELECT}"
-  curl -q -k $URL > $OUTPUT
+  curl -q -k ${FULL_URL} > $OUTPUT
   status=$?
 else
   status=0
 fi
 result=$(cat $OUTPUT)
 
-jq -n --arg output_file "$OUTPUT" --arg value "$result" --arg status "$status" '{"output_file":$output_file,"value":$value,"status":$status}'
+jq -n --arg output_file "$OUTPUT" --arg value "$result" --arg status "$status" --arg url "$FULL_URL" --arg version "$VERSION" \
+  '{"output_file":$output_file,"value":$value,"status":$status,"url":$url,"version":$version}'

iam-saml/main.tf

@@ -74,7 +74,8 @@ data "external" "saml_metadata" {
   query = {
     "aws_environment" = local.account_environment
     "output_file"     = local.saml_metadata_file
-    #    "url_prefix" = ""
+    "url"             = var.idp_metadata_url
+    "url_selector"    = var.idp_metadata_selector
   }
 }
 

iam-saml/variables.tf

@@ -9,3 +9,15 @@ variable "component_tags" {
   type        = map(map(string))
   default     = { "s3" = {}, "kms" = {}, "ddb" = {} }
 }
+
+variable "idp_metadata_url" {
+  description = "ID Provider Metadata URL"
+  type        = string
+  default     = null
+}
+
+variable "idp_metadata_selector" {
+  description = "URL Query parameter for selecting urn:amazon:webservices string for EW or gov"
+  type        = string
+  default     = "PID="
+}