terraform-redhat · gdbranco · Oct 1, 2025 · Oct 3, 2025
diff --git a/docs/resources/external_auth_provider.md b/docs/resources/external_auth_provider.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "rhcs_external_auth_provider Resource - terraform-provider-rhcs"
+subcategory: ""
+description: |-
+  External authentication provider for ROSA HCP clusters.
+---
+
+# rhcs_external_auth_provider (Resource)
+
+External authentication provider for ROSA HCP clusters.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cluster` (String) Identifier of the cluster.
+- `id` (String) Unique identifier of the external authentication provider.
+- `issuer` (Attributes) Token issuer configuration. (see [below for nested schema](#nestedatt--issuer))
+
+### Optional
+
+- `claim` (Attributes) Claim configuration for token validation and mapping. (see [below for nested schema](#nestedatt--claim))
+- `clients` (Attributes List) Client configurations for the external authentication provider. (see [below for nested schema](#nestedatt--clients))
+
+<a id="nestedatt--issuer"></a>
+### Nested Schema for `issuer`
+
+Required:
+
+- `audiences` (Set of String) List of audiences for the token issuer.
+- `url` (String) URL of the token issuer.
+
+Optional:
+
+- `ca` (String) Certificate Authority (CA) certificate content.
+
+
+<a id="nestedatt--claim"></a>
+### Nested Schema for `claim`
+
+Optional:
+
+- `mappings` (Attributes) Token claim mappings. (see [below for nested schema](#nestedatt--claim--mappings))
+- `validation_rules` (Attributes List) Token claim validation rules. (see [below for nested schema](#nestedatt--claim--validation_rules))
+
+<a id="nestedatt--claim--mappings"></a>
+### Nested Schema for `claim.mappings`
+
+Optional:
+
+- `groups` (Attributes) Groups claim mapping. (see [below for nested schema](#nestedatt--claim--mappings--groups))
+- `username` (Attributes) Username claim mapping. (see [below for nested schema](#nestedatt--claim--mappings--username))
+
+<a id="nestedatt--claim--mappings--groups"></a>
+### Nested Schema for `claim.mappings.groups`
+
+Optional:
+
+- `claim` (String) Token claim to extract groups from.
+- `prefix` (String) Prefix to apply to group names.
+
+
+<a id="nestedatt--claim--mappings--username"></a>
+### Nested Schema for `claim.mappings.username`
+
+Optional:
+
+- `claim` (String) Token claim to extract username from.
+- `prefix` (String) Prefix to apply to username.
+- `prefix_policy` (String) Policy for applying the prefix.
+
+
+
+<a id="nestedatt--claim--validation_rules"></a>
+### Nested Schema for `claim.validation_rules`
+
+Required:
+
+- `claim` (String) Token claim to validate.
+- `required_value` (String) Required value for the claim.
+
+
+
+<a id="nestedatt--clients"></a>
+### Nested Schema for `clients`
+
+Optional:
+
+- `component` (Attributes) Component configuration. (see [below for nested schema](#nestedatt--clients--component))
+- `extra_scopes` (Set of String) Additional OAuth scopes.
+- `id` (String) Client identifier.
+- `secret` (String, Sensitive) Client secret (required if client ID is provided).
+
+Read-Only:
+
+- `type` (String) Client type (confidential or public).
+
+<a id="nestedatt--clients--component"></a>
+### Nested Schema for `clients.component`
+
+Optional:
+
+- `name` (String) Component name.
+- `namespace` (String) Component namespace.