create a type model for data source saml settings that does not conflict with the resource model. Update docs

Author: uturunku1

CHANGELOG.md

@@ -23,6 +23,8 @@ ENHANCEMENTS:
 
 * resource/tfe_organization_run_task: Add `hmac_key_wo` write-only attribute, by @shwetamurali ([#1646](https://github.com/hashicorp/terraform-provider-tfe/pull/1646))
 
+* resource/tfe_saml_settings: Add `private_key_wo` write-only attribute, by @uturunku1 ([#1660](https://github.com/hashicorp/terraform-provider-tfe/pull/1660))
+
 ## v.0.64.0
 
 FEATURES:

internal/provider/data_source_saml_settings.go

@@ -29,8 +29,8 @@ type dataSourceTFESAMLSettings struct {
 	client *tfe.Client
 }
 
-// modelTFESAMLSettings maps the data source schema data.
-type modelTFESAMLSettings struct {
+// modelDataTFESAMLSettings maps the data source schema data.
+type modelDataTFESAMLSettings struct {
 	ID                        types.String `tfsdk:"id"`
 	Enabled                   types.Bool   `tfsdk:"enabled"`
 	Debug                     types.Bool   `tfsdk:"debug"`
@@ -50,7 +50,6 @@ type modelTFESAMLSettings struct {
 	MetadataURL               types.String `tfsdk:"metadata_url"`
 	Certificate               types.String `tfsdk:"certificate"`
 	PrivateKey                types.String `tfsdk:"private_key"`
-	PrivateKeyWO              types.String `tfsdk:"private_key_wo"`
 	SignatureSigningMethod    types.String `tfsdk:"signature_signing_method"`
 	SignatureDigestMethod     types.String `tfsdk:"signature_digest_method"`
 }
@@ -159,7 +158,7 @@ func (d *dataSourceTFESAMLSettings) Read(ctx context.Context, _ datasource.ReadR
 	}
 
 	// Set state
-	diags := resp.State.Set(ctx, &modelTFESAMLSettings{
+	diags := resp.State.Set(ctx, &modelDataTFESAMLSettings{
 		ID:                        types.StringValue(s.ID),
 		Enabled:                   types.BoolValue(s.Enabled),
 		Debug:                     types.BoolValue(s.Debug),

internal/provider/resource_tfe_saml_settings.go

@@ -34,6 +34,31 @@ const (
 	samlDefaultSSOAPITokenSessionTimeoutSeconds int64  = 1209600 // 14 days
 )
 
+type modelTFESAMLSettings struct {
+	ID                        types.String `tfsdk:"id"`
+	Enabled                   types.Bool   `tfsdk:"enabled"`
+	Debug                     types.Bool   `tfsdk:"debug"`
+	TeamManagementEnabled     types.Bool   `tfsdk:"team_management_enabled"`
+	AuthnRequestsSigned       types.Bool   `tfsdk:"authn_requests_signed"`
+	WantAssertionsSigned      types.Bool   `tfsdk:"want_assertions_signed"`
+	IDPCert                   types.String `tfsdk:"idp_cert"`
+	OldIDPCert                types.String `tfsdk:"old_idp_cert"`
+	SLOEndpointURL            types.String `tfsdk:"slo_endpoint_url"`
+	SSOEndpointURL            types.String `tfsdk:"sso_endpoint_url"`
+	AttrUsername              types.String `tfsdk:"attr_username"`
+	AttrGroups                types.String `tfsdk:"attr_groups"`
+	AttrSiteAdmin             types.String `tfsdk:"attr_site_admin"`
+	SiteAdminRole             types.String `tfsdk:"site_admin_role"`
+	SSOAPITokenSessionTimeout types.Int64  `tfsdk:"sso_api_token_session_timeout"`
+	ACSConsumerURL            types.String `tfsdk:"acs_consumer_url"`
+	MetadataURL               types.String `tfsdk:"metadata_url"`
+	Certificate               types.String `tfsdk:"certificate"`
+	PrivateKey                types.String `tfsdk:"private_key"`
+	PrivateKeyWO              types.String `tfsdk:"private_key_wo"`
+	SignatureSigningMethod    types.String `tfsdk:"signature_signing_method"`
+	SignatureDigestMethod     types.String `tfsdk:"signature_digest_method"`
+}
+
 // resourceTFESAMLSettings implements the tfe_saml_settings resource type
 type resourceTFESAMLSettings struct {
 	client *tfe.Client

website/docs/r/saml_settings.html.markdown

@@ -44,9 +44,12 @@ The following arguments are supported:
 * `sso_api_token_session_timeout` - (Optional) Specifies the Single Sign On session timeout in seconds. Defaults to 14 days.
 * `certificate` - (Optional) The certificate used for request and assertion signing.
 * `private_key` - (Optional) The private key used for request and assertion signing.
+* `private_key_wo` - (Optional) The private key used for request and assertion signing, guaranteed not to be written to plan or state artifacts. One of `private_key` or `private_key_wo` must be provided.
 * `signature_signing_method` - (Optional) Signature Signing Method. Must be either `SHA1` or `SHA256`. Defaults to `SHA256`.
 * `signature_digest_method` - (Optional) Signature Digest Method. Must be either `SHA1` or `SHA256`. Defaults to `SHA256`.
 
+-> **Note:** Write-Only argument `private_key_wo` is available to use in place of `private_key`. Write-Only arguments are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/v1.11.x/resources/ephemeral#write-only-arguments).
+
 ## Attributes Reference
 
 * `id` - The ID of the SAML Settings. Always `saml`.