Feature request: Add resource to manage OIDC providers in Harness (CRUD via /v1/oidc-provider) #1290
Description
Summary
There is currently no Terraform/OpenTofu resource in the Harness provider to manage OIDC providers. Managing OIDC configuration is essential for SSO and access control, but it currently requires manual undocumented API calls or custom automation. Please add first-class support to create, read, update, delete, and import OIDC providers.
API references
- Base path: {gateway}/v1/oidc-provider
- CRUD:
- POST /v1/oidc-provider
- GET /v1/oidc-provider/{identifier}
- PUT /v1/oidc-provider/{identifier}
- DELETE /v1/oidc-provider/{identifier}
- Headers:
- x-api-key: <platform_api_key>
- harness-account: <account_id>
Expected behavior
- plan/apply creates/updates/deletes OIDC providers.
- import:
terraform import harness_platform_oidc_provider.example <identifier>backfills state. - Diffs consider only meaningful fields; timestamps/IDs ignored.
Example configuration
resource "harness_platform_oidc_provider" "this" {
identifier = "example"
name = "Example"
scope = ["openid", "profile", "email"]
response_type = "code"
issuer = "https://example-issuer/realms/demo"
discovery = true
uid_field = "email"
send_scope_to_token_endpoint = false
pkce = false
client_config {
identifier = "example"
secret_ref = "account.example-secret-ref"
redirect_uri = "https://www.example.com/gateway/user/auth/oidc/callback"
}
jit_config {
enabled = true
claim_key = "iss"
claim_value = "https://example-issuer/realms/demo"
}
authorization_config {
authorization_enabled = true
group_claim = "groups"
}
}Thank you for considering this enhancement. Having a first-class OIDC provider resource would significantly improve reliability and maintainability of Harness platform automation.