From 9be5900fa58663c559abde5720345e6d8c31666a Mon Sep 17 00:00:00 2001
From: Russell Kerns <rkerns@cloudflare.com>
Date: Thu, 14 Mar 2024 10:13:34 -0500
Subject: [PATCH] AUTH-5974 added saml_attribute_transform_jsonata for saas
 apps

---
 .changelog/1562.txt        |  3 +++
 access_application.go      | 17 +++++++++--------
 access_application_test.go |  6 ++++--
 3 files changed, 16 insertions(+), 10 deletions(-)
 create mode 100644 .changelog/1562.txt

diff --git a/.changelog/1562.txt b/.changelog/1562.txt
new file mode 100644
index 00000000000..e135f681d31
--- /dev/null
+++ b/.changelog/1562.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: add support for `saml_attribute_transform_jsonata` in saas apps
+```
diff --git a/access_application.go b/access_application.go
index 53ab80957e6..8776e18598b 100644
--- a/access_application.go
+++ b/access_application.go
@@ -114,14 +114,15 @@ type SaasApplication struct {
 	AuthType  string     `json:"auth_type,omitempty"`
 
 	// SAML saas app
-	ConsumerServiceUrl     string                `json:"consumer_service_url,omitempty"`
-	SPEntityID             string                `json:"sp_entity_id,omitempty"`
-	IDPEntityID            string                `json:"idp_entity_id,omitempty"`
-	NameIDFormat           string                `json:"name_id_format,omitempty"`
-	SSOEndpoint            string                `json:"sso_endpoint,omitempty"`
-	DefaultRelayState      string                `json:"default_relay_state,omitempty"`
-	CustomAttributes       []SAMLAttributeConfig `json:"custom_attributes,omitempty"`
-	NameIDTransformJsonata string                `json:"name_id_transform_jsonata,omitempty"`
+	ConsumerServiceUrl            string                `json:"consumer_service_url,omitempty"`
+	SPEntityID                    string                `json:"sp_entity_id,omitempty"`
+	IDPEntityID                   string                `json:"idp_entity_id,omitempty"`
+	NameIDFormat                  string                `json:"name_id_format,omitempty"`
+	SSOEndpoint                   string                `json:"sso_endpoint,omitempty"`
+	DefaultRelayState             string                `json:"default_relay_state,omitempty"`
+	CustomAttributes              []SAMLAttributeConfig `json:"custom_attributes,omitempty"`
+	NameIDTransformJsonata        string                `json:"name_id_transform_jsonata,omitempty"`
+	SamlAttributeTransformJsonata string                `json:"saml_attribute_transform_jsonata"`
 
 	// OIDC saas app
 	ClientID         string   `json:"client_id,omitempty"`
diff --git a/access_application_test.go b/access_application_test.go
index 67be75e9413..c3254e8f381 100644
--- a/access_application_test.go
+++ b/access_application_test.go
@@ -679,7 +679,8 @@ func TestCreateSAMLSaasAccessApplications(t *testing.T) {
 							}
 						}
 					],
-					"name_id_transform_jsonata": "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')"
+					"name_id_transform_jsonata": "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
+					"saml_attribute_transform_jsonata": "$ ~>| groups | {'group_name': name} |"
 				}
 			}
 		}
@@ -732,7 +733,8 @@ func TestCreateSAMLSaasAccessApplications(t *testing.T) {
 					},
 				},
 			},
-			NameIDTransformJsonata: "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
+			NameIDTransformJsonata:        "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
+			SamlAttributeTransformJsonata: "$ ~>| groups | {'group_name': name} |",
 		},
 		CreatedAt:                &createdAt,
 		UpdatedAt:                &updatedAt,