Skip to content

Commit

Permalink
fix(terraform-provider-jans): update terraform provider
Browse files Browse the repository at this point in the history
Signed-off-by: mo-auto <[email protected]>
  • Loading branch information
mo-auto committed Sep 27, 2023
1 parent f544e57 commit 0040774
Show file tree
Hide file tree
Showing 10 changed files with 105 additions and 18 deletions.
20 changes: 20 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,25 @@
# Changelog

## [0.8.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.3...v0.8.0) (2023-09-27)


### Features

* fixed app configuration, OIDC client, and attribute type to match latest API


### Bug Fixes

* added new attributes to app config, client, custom scripts to match latest API version

## [0.7.4](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.4...v0.7.4) (2023-09-28)


### Bug Fixes

* fixed app configuration, OIDC client, and attribute type to match latest API


## [0.7.3](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.7.2...v0.7.3) (2023-07-28)


Expand Down
6 changes: 6 additions & 0 deletions docs/resources/app_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ resource "jans_app_configuration" "global" {
- `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters))
- `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters.
- `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration))
- `authorization_challenge_default_acr` (String) Default ACR for authorization challenge.
- `authorization_challenge_endpoint` (String) The authorization challenge endpoint URL.
- `authorization_challenge_should_generate_session` (Boolean) Boolean value specifying whether to generate session for authorization challenge.
- `authorization_code_lifetime` (Number) The lifetime of the Authorization Code.
- `authorization_encryption_alg_values_supported` (List of String) A list of the authorization encryption algorithms supported.
- `authorization_encryption_enc_values_supported` (List of String) A list of the authorization encryption algorithms supported.
Expand Down Expand Up @@ -84,8 +87,10 @@ resource "jans_app_configuration" "global" {
- `css_location` (String) The location for CSS files.
- `custom_headers_with_authorization_response` (Boolean) Boolean value specifying whether to enable Custom Response Header parameter to return custom headers with the Authorization Response.
- `date_formatter_patterns` (Map of String) Data formatter patterns.
- `dcr_attestation_evidence_required` (Boolean) Boolean value indicating if DCR attestation evidence is required.
- `dcr_authorization_with_client_credentials` (Boolean) Boolean value indicating if DCR authorization to be performed using client credentials.
- `dcr_authorization_with_mtls` (Boolean) Boolean value indicating if DCR authorization allowed with MTLS.
- `dcr_forbid_expiration_time_in_request` (Boolean) Boolean value to specify if the expiration time should be forbidden in DCR request.
- `dcr_signature_validation_enabled` (Boolean) Boolean value enables DCR signature validation. Default is false.
- `dcr_signature_validation_jwks` (String) Specifies JWKS for all DCR's validations.
- `dcr_signature_validation_jwks_uri` (String) Specifies JWKS URI for all DCR's validations.
Expand Down Expand Up @@ -208,6 +213,7 @@ resource "jans_app_configuration" "global" {
- `logging_level` (String) Logging level for jans-auth logger.
- `metric_reporter_interval` (Number) The interval for metric reporter in seconds.
- `metric_reporter_keep_data_days` (Number) The days to keep metric reported data.
- `mtls_authorization_challenge_endpoint` (String) URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Challenge Endpoint.
- `mtls_authorization_endpoint` (String) URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Endpoint.
Example: 'https://server.example.com/jans-auth/restv1/mtls'
- `mtls_check_session_iframe` (String) URL for MTLS IFrame that supports cross-origin communications for session state information with the RP
Expand Down
1 change: 1 addition & 0 deletions docs/resources/oidc_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ Optional:
- `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
- `consent_gathering_scripts` (List of String) List of consent gathering scripts.
- `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
- `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
- `introspection_scripts` (List of String) List of introspection scripts.
- `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
Expand Down
1 change: 1 addition & 0 deletions docs/resources/scope.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ Optional:
- `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
- `consent_gathering_scripts` (List of String) List of consent gathering scripts.
- `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
- `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
- `introspection_scripts` (List of String) List of introspection scripts.
- `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
Expand Down
7 changes: 6 additions & 1 deletion jans/app_configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ type AppConfiguration struct {
Issuer string `schema:"issuer" json:"issuer"`
BaseEndpoint string `schema:"base_endpoint" json:"baseEndpoint"`
AuthorizationEndpoint string `schema:"authorization_endpoint" json:"authorizationEndpoint"`
AuthorizationChallengeEndpoint string `schema:"authorization_challenge_endpoint" json:"authorizationChallengeEndpoint"`
TokenEndpoint string `schema:"token_endpoint" json:"tokenEndpoint"`
TokenRevocationEndpoint string `schema:"token_revocation_endpoint" json:"tokenRevocationEndpoint"`
UserInfoEndpoint string `schema:"userinfo_endpoint" json:"userInfoEndpoint"`
Expand All @@ -122,6 +123,7 @@ type AppConfiguration struct {
RequirePar bool `schema:"require_par" json:"requirePar"`
DeviceAuthzEndpoint string `schema:"device_authz_endpoint" json:"deviceAuthzEndpoint"`
MtlsAuthorizationEndpoint string `schema:"mtls_authorization_endpoint" json:"mtlsAuthorizationEndpoint"`
MtlsAuthorizationChallengeEndpoint string `schema:"mtls_authorization_challenge_endpoint" json:"mtlsAuthorizationChallengeEndpoint"`
MtlsTokenEndpoint string `schema:"mtls_token_endpoint" json:"mtlsTokenEndpoint"`
MtlsTokenRevocationEndpoint string `schema:"mtls_token_revocation_endpoint" json:"mtlsTokenRevocationEndpoint"`
MtlsUserInfoEndpoint string `schema:"mtls_user_info_endpoint" json:"mtlsUserInfoEndpoint"`
Expand Down Expand Up @@ -309,6 +311,7 @@ type AppConfiguration struct {
DcrSignatureValidationJwksUri string `schema:"dcr_signature_validation_jwks_uri" json:"dcrSignatureValidationJwksUri"`
DcrAuthorizationWithClientCredentials bool `schema:"dcr_authorization_with_client_credentials" json:"dcrAuthorizationWithClientCredentials"`
DcrAuthorizationWithMTLS bool `schema:"dcr_authorization_with_mtls" json:"dcrAuthorizationWithMTLS"`
DcrAttestationEvidenceRequired bool `schema:"dcr_attestation_evidence_required" json:"dcrAttestationEvidenceRequired"`
TrustedSSAIssuers []TrustedIssuerConfig `schema:"trusted_ssa_issuers" json:"trustedSsaIssuers"`
UseLocalCache bool `schema:"use_local_cache" json:"useLocalCache"`
FapiCompatibility bool `schema:"fapi_compatibility" json:"fapiCompatibility"`
Expand Down Expand Up @@ -368,11 +371,13 @@ type AppConfiguration struct {
DcrSsaValidationConfigs []SsaValidationConfig `schema:"dcr_ssa_validation_configs" json:"dcrSsaValidationConfigs"`
SsaConfiguration SsaConfiguration `schema:"ssa_configuration" json:"ssaConfiguration"`
BlockWebviewAuthorizationEnabled bool `schema:"block_webview_authorization_enabled" json:"blockWebviewAuthorizationEnabled"`
AuthorizationChallengeDefaultAcr string `schema:"authorization_challenge_default_acr" json:"authorizationChallengeDefaultAcr"`
AuthorizationChallengeShouldGenerateSession bool `schema:"authorization_challenge_should_generate_session" json:"authorizationChallengeShouldGenerateSession"`
DateFormatterPatterns map[string]string `schema:"date_formatter_patterns" json:"dateFormatterPatterns"`
AllResponseTypesSupported []string `schema:"all_response_types_supported" json:"allResponseTypesSupported"`
HttpLoggingResponseBodyContent bool `schema:"http_logging_response_body_content" json:"httpLoggingResponseBodyContent"`
SkipAuthenticationFilterOptionsMethod bool `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"`
Fapi bool `schema:"fapi" json:"fapi"`
SkipAuthenticationFilterOptionsMethod bool `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"`
}

// GetAppConfiguration returns all Janssen authorization server configuration
Expand Down
12 changes: 6 additions & 6 deletions jans/attributes.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ type AttributeValidation struct {
MaxLength int `schema:"max_length" json:"maxLength,omitempty"`
}

// Attribute represents a single Gluu attribute.
// Attribute represents a single Jans attribute.
type Attribute struct {
Dn string `schema:"dn" json:"dn,omitempty"`
Selected bool `schema:"selected" json:"selected,omitempty"`
Expand Down Expand Up @@ -52,7 +52,7 @@ type Attribute struct {
BaseDn string `schema:"base_dn" json:"baseDn,omitempty"`
}

// GetAttributes returns a list of all Gluu attributes currently configured
// GetAttributes returns a list of all Jans attributes currently configured
// in the server.
func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) {

Expand All @@ -76,7 +76,7 @@ func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) {
return resp.Data, nil
}

// GetAttribute returns a single attribute, identified by its inum.
// GetAttribute returns a single Jans attribute, identified by its inum.
func (c *Client) GetAttribute(ctx context.Context, inum string) (*Attribute, error) {

if inum == "" {
Expand All @@ -98,7 +98,7 @@ func (c *Client) GetAttribute(ctx context.Context, inum string) (*Attribute, err
return ret, nil
}

// CreateAttribute creates a new attribute.
// CreateAttribute creates a new Jans attribute.
func (c *Client) CreateAttribute(ctx context.Context, attr *Attribute) (*Attribute, error) {

if attr == nil {
Expand All @@ -119,7 +119,7 @@ func (c *Client) CreateAttribute(ctx context.Context, attr *Attribute) (*Attribu
return ret, nil
}

// UpdateAttribute updates an existing attribute.
// UpdateAttribute updates an existing Jans attribute.
func (c *Client) UpdateAttribute(ctx context.Context, attr *Attribute) (*Attribute, error) {

if attr == nil {
Expand All @@ -142,7 +142,7 @@ func (c *Client) UpdateAttribute(ctx context.Context, attr *Attribute) (*Attribu
return ret, nil
}

// DeleteAttribute deletes the attribute with the given inum.
// DeleteAttribute deletes the Jans attribute with the given inum.
func (c *Client) DeleteAttribute(ctx context.Context, inum string) error {

if inum == "" {
Expand Down
1 change: 1 addition & 0 deletions jans/oidc_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ type OidcClientAttribute struct {
AdditionalTokenEndpointAuthMethods []string `schema:"additional_token_endpoint_auth_methods" json:"additionalTokenEndpointAuthMethods,omitempty"`
MinimumAcrPriorityList []string `schema:"minimum_acr_priority_list" json:"minimumAcrPriorityList,omitempty"`
RequestedLifetime int `schema:"requested_lifetime" json:"requestedLifetime,omitempty"`
Evidence string `schema:"evidence" json:"evidence,omitempty"`
}

// OidcClient is the definition of an OpenId Connect Client.
Expand Down
37 changes: 32 additions & 5 deletions provider/resource_app_configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,12 @@ func resourceAppConfiguration() *schema.Resource {
Description: "The authorization endpoint URL. Example: https://server.example.com/restv1/authorize",
ValidateDiagFunc: validateURL,
},
"authorization_challenge_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "The authorization challenge endpoint URL.",
ValidateDiagFunc: validateURL,
},
"token_endpoint": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -267,6 +273,12 @@ func resourceAppConfiguration() *schema.Resource {
Example: 'https://server.example.com/jans-auth/restv1/mtls'`,
ValidateDiagFunc: validateURL,
},
"mtls_authorization_challenge_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: `URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Challenge Endpoint.`,
ValidateDiagFunc: validateURL,
},
"mtls_token_endpoint": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -1587,6 +1599,11 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value indicating if DCR authorization allowed with MTLS.",
},
"dcr_attestation_evidence_required": {
Type: schema.TypeBool,
Optional: true,
Description: "Boolean value indicating if DCR attestation evidence is required.",
},
"trusted_ssa_issuers": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -2052,6 +2069,16 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value specifying whether to block webview authorization.",
},
"authorization_challenge_default_acr": {
Type: schema.TypeString,
Optional: true,
Description: "Default ACR for authorization challenge.",
},
"authorization_challenge_should_generate_session": {
Type: schema.TypeBool,
Optional: true,
Description: "Boolean value specifying whether to generate session for authorization challenge.",
},
"date_formatter_patterns": {
Type: schema.TypeMap,
Optional: true,
Expand All @@ -2070,6 +2097,11 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value specifying whether to skip authentication filter for options method calls.",
},
"fapi": {
Type: schema.TypeBool,
Optional: true,
Description: "Boolean value specifying whether to enable FAPI.",
},
"all_response_types_supported": {
Type: schema.TypeList,
Optional: true,
Expand All @@ -2084,11 +2116,6 @@ func resourceAppConfiguration() *schema.Resource {
},
},
},
"fapi": {
Type: schema.TypeBool,
Optional: true,
Description: "Boolean value specifying whether to enable FAPI.",
},
},
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
Expand Down
5 changes: 5 additions & 0 deletions provider/resource_oidc_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -692,6 +692,11 @@ func resourceOidcClient() *schema.Resource {
Optional: true,
Description: "List of requested lifetime.",
},
"evidence": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the evidence that the client presents to the authorization server.",
},
},
},
},
Expand Down
33 changes: 27 additions & 6 deletions provider/resource_script.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,33 @@ func resourceScript() *schema.Resource {
ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {

enums := []string{
"person_authentication", "introspection", "resource_owner_password_credentials",
"application_session", "cache_refresh", "client_registration", "id_generator",
"uma_rpt_policy", "uma_rpt_claims", "uma_claims_gathering", "consent_gathering",
"dynamic_scope", "spontaneous_scope", "end_session", "post_authn", "select_account",
"scim", "ciba_end_user_notification", "revoke_token", "persistence_extension",
"idp", "discovery", "update_token", "config_api",
"person_authentication",
"authorization_challenge",
"introspection",
"resource_owner_password_credentials",
"application_session",
"cache_refresh",
"client_registration",
"id_generator",
"uma_rpt_policy",
"uma_rpt_claims",
"uma_claims_gathering",
"consent_gathering",
"dynamic_scope",
"spontaneous_scope",
"end_session",
"post_authn",
"select_account",
"scim",
"ciba_end_user_notification",
"revoke_token",
"persistence_extension",
"idp",
"discovery",
"update_token",
"config_api_auth",
"modify_ssa_response",
"fido2_extension",
}
return validateEnum(v, enums)
},
Expand Down

0 comments on commit 0040774

Please sign in to comment.