From c5b45d75a3b9a943ac74f1c435e2d882041ee257 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Wed, 15 Mar 2023 07:17:17 +0000
Subject: [PATCH] fix(terraform-provider-jans): update terraform provider
Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>
---
CHANGELOG.md | 9 +-
docs/index.md | 2 +
docs/resources/api_app_configuration.md | 119 +++++++
docs/resources/app_configuration.md | 14 +-
.../jans_api_app_configuration/import.sh | 4 +
.../jans_api_app_configuration/resource.tf | 3 +
go.mod | 7 +-
go.sum | 14 +-
jans/api_app_configuration.go | 103 ++++++
jans/api_app_configuration_test.go | 61 ++++
jans/app_configuration.go | 6 +-
provider/provider.go | 1 +
provider/resource_api_app_configuration.go | 335 ++++++++++++++++++
.../resource_api_app_configuration_test.go | 180 ++++++++++
provider/resource_app_configuration_test.go | 2 +-
templates/index.md.tmpl | 2 +
16 files changed, 839 insertions(+), 23 deletions(-)
create mode 100644 docs/resources/api_app_configuration.md
create mode 100644 examples/resources/jans_api_app_configuration/import.sh
create mode 100644 examples/resources/jans_api_app_configuration/resource.tf
create mode 100644 jans/api_app_configuration.go
create mode 100644 jans/api_app_configuration_test.go
create mode 100644 provider/resource_api_app_configuration.go
create mode 100644 provider/resource_api_app_configuration_test.go
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 822f649..cebb159 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,13 @@
# Changelog
-## [0.2.0](https://github.com/JannsenProject/terraform-provider-jans/compare/v0.1.0...v0.2.0) (2023-02-16)
+## [0.3.0](https://github.com/techtative/terraform-provider-jans/compare/v0.2.0...v0.3.0) (2023-03-15)
+
+
+### Features
+
+* added new resource for manaing api app config
+
+## [0.2.0](https://github.com/techtative/terraform-provider-jans/compare/v0.1.0...v0.2.0) (2023-02-16)
### Features
diff --git a/docs/index.md b/docs/index.md
index a820559..dcef440 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -35,6 +35,7 @@ the other hand will result in the resource being removed from the state file.
The following resources are considered instance configurations:
+- jans_api_app_configuration
- jans_app_configuration
- jans_cache_configuration
- jans_default_authentication_method
@@ -47,6 +48,7 @@ The following resources are considered instance configurations:
It is recommended to import all of those resources before managing anything else:
```bash
+terraform import jans_api_app_configuration.global global
terraform import jans_app_configuration.global global
terraform import jans_cache_configuration.global global
terraform import jans_default_authentication_method.global global
diff --git a/docs/resources/api_app_configuration.md b/docs/resources/api_app_configuration.md
new file mode 100644
index 0000000..90c4084
--- /dev/null
+++ b/docs/resources/api_app_configuration.md
@@ -0,0 +1,119 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "jans_api_app_configuration Resource - terraform-provider-jans"
+subcategory: ""
+description: |-
+ Resource for managing config-api configuration properties.
+---
+
+# jans_api_app_configuration (Resource)
+
+Resource for managing config-api configuration properties.
+
+## Example Usage
+
+```terraform
+resource "jans_api_app_configuration" "global" {
+
+}
+```
+
+
+## Schema
+
+### Optional
+
+- `agama_configuration` (Block List) (see [below for nested schema](#nestedblock--agama_configuration))
+- `api_approved_issuer` (List of String)
+- `api_client_id` (String)
+- `api_client_password` (String)
+- `api_protection_type` (String)
+- `audit_log_conf` (Block List) (see [below for nested schema](#nestedblock--audit_log_conf))
+- `auth_issuer_url` (String)
+- `auth_openid_configuration_url` (String)
+- `auth_openid_introspection_url` (String)
+- `auth_openid_revoke_url` (String)
+- `auth_openid_token_url` (String)
+- `config_oauth_enabled` (Boolean)
+- `cors_configuration_filters` (Block List) (see [below for nested schema](#nestedblock--cors_configuration_filters))
+- `data_format_conversion_conf` (Block List) (see [below for nested schema](#nestedblock--data_format_conversion_conf))
+- `disable_jdk_logger` (Boolean)
+- `endpoint_injection_enabled` (Boolean)
+- `exclusive_auth_scopes` (List of String)
+- `external_logger_configuration` (String)
+- `logging_layout` (String)
+- `logging_level` (String)
+- `max_count` (Number)
+- `plugins` (Block List) (see [below for nested schema](#nestedblock--plugins))
+- `smallrye_health_root_path` (String)
+- `user_exclusion_attributes` (List of String)
+- `user_mandatory_attributes` (List of String)
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+
+### Nested Schema for `agama_configuration`
+
+Optional:
+
+- `mandatory_attributes` (List of String)
+- `optional_attributes` (List of String)
+
+
+
+### Nested Schema for `audit_log_conf`
+
+Optional:
+
+- `enabled` (Boolean)
+- `header_attributes` (List of String)
+- `ignore_http_method` (List of String)
+
+
+
+### Nested Schema for `cors_configuration_filters`
+
+Optional:
+
+- `cors_allowed_headers` (String)
+- `cors_allowed_methods` (String)
+- `cors_allowed_origins` (String)
+- `cors_enabled` (Boolean)
+- `cors_exposed_headers` (String)
+- `cors_logging_enabled` (Boolean)
+- `cors_preflight_max_age` (Number)
+- `cors_request_decorate` (Boolean)
+- `cors_support_credentials` (Boolean)
+- `filter_name` (String)
+
+
+
+### Nested Schema for `data_format_conversion_conf`
+
+Optional:
+
+- `enabled` (Boolean)
+- `ignore_http_method` (List of String)
+
+
+
+### Nested Schema for `plugins`
+
+Optional:
+
+- `class_name` (String)
+- `description` (String)
+- `name` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# The API App configuration is a global resource that has to be imported,
+# before it can be managed (it cannot be created or deleted). You can choose
+# any identifier for the import, or use 'global' as in the example below.
+terraform import jans_api_app_configuration.global global
+```
diff --git a/docs/resources/app_configuration.md b/docs/resources/app_configuration.md
index 1a7ea4d..e9ce7d7 100644
--- a/docs/resources/app_configuration.md
+++ b/docs/resources/app_configuration.md
@@ -37,7 +37,7 @@ resource "jans_app_configuration" "global" {
- `authorization_encryption_alg_values_supported` (List of String) A list of the authorization encryption algorithms supported.
- `authorization_encryption_enc_values_supported` (List of String) A list of the authorization encryption algorithms supported.
- `authorization_endpoint` (String) The authorization endpoint URL. Example: https://server.example.com/restv1/authorize
-- `authorization_request_custom_allowed_parameters` (Block List) Authorization Request Custom Allowed Parameters. (see [below for nested schema](#nestedblock--authorization_request_custom_allowed_parameters))
+- `authorization_request_custom_allowed_parameters` (Block List) Authorization Request Custom Allowed Parameters. To avoid diverging state, those should be defined in alphabetical order. (see [below for nested schema](#nestedblock--authorization_request_custom_allowed_parameters))
- `authorization_signing_alg_values_supported` (List of String) A list of the authorization signing algorithms supported.
- `backchannel_authentication_endpoint` (String) Backchannel Authentication Endpoint. Example: https://server.example.com/oxeleven/rest/backchannel/backchannelAuthenticationEndpoint()
- `backchannel_authentication_request_signing_alg_values_supported` (List of String) Backchannel Authentication Request Signing Alg Values Supported.
@@ -131,8 +131,9 @@ resource "jans_app_configuration" "global" {
- `force_signed_request_object` (Boolean) Boolean value true indicates that signed request object is mandatory.
- `front_channel_logout_session_supported` (Boolean) Boolean value to specify support for front channel logout session.
- `grant_types_and_response_types_autofix_enabled` (Boolean) Boolean value specifying whether to Grant types and Response types can be auto fixed.
-- `grant_types_supported` (List of String) A list of the OAuth 2.0 Grant Type values that this OP supports. One of "authorization_code",
- "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket",
+- `grant_types_supported` (List of String) A list of the OAuth 2.0 Grant Type values that this OP supports. One of"none", "authorization_code",
+ "client_credentials", "implicit", "password", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code",
+ "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:uma-ticket",
"urn:openid:params:grant-type:ciba".
- `http_logging_enabled` (Boolean) Enable/Disable request/response logging filter.
- `http_logging_exclude_paths` (List of String) List of base URI for which request/response logging filter should not record activity. Example: "/auth/img", "/auth/stylesheet"
@@ -240,7 +241,8 @@ resource "jans_app_configuration" "global" {
- `require_request_object_encryption` (Boolean) Boolean value true encrypts request object
- `require_request_uri_registration` (Boolean) Boolean value specifying whether the OP requires any request_uri values used to be
pre-registered using the request_uris registration parameter.
-- `response_modes_supported` (List of String) A list of the OAuth 2.0 Response Mode values that this OP supports. One of "query¡¡", "fragment", "form_post".
+- `response_modes_supported` (List of String) A list of the OAuth 2.0 Response Mode values that this OP supports. One of "query",
+ "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt".
- `response_types_supported` (List of List of String) A list of the OAuth 2.0 response_type values that this OP supports. One of "code", "token", "id_token".
- `return_client_secret_on_read` (Boolean) Boolean value specifying whether a client_secret is returned on client GET or PUT. False value means not to return secret.
- `sector_identifier_cache_lifetime` (Number) The cache lifetime in minutes of the sector identifier.
@@ -268,13 +270,13 @@ resource "jans_app_configuration" "global" {
- `subject_identifiers_per_client_supported` (List of String) A list of the subject identifiers supported per client.
- `subject_types_supported` (List of String) A list of the Subject Identifier types that this OP supports. Valid types include pairwise and public.
- `token_endpoint` (String) The token endpoint URL. Example: https://server.example.com/restv1/token
-- `token_endpoint_auth_methods_supported` (List of String) A list of Client Authentication methods supported by this Token Endpoint. One of 'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt'.
+- `token_endpoint_auth_methods_supported` (List of String) A list of Client Authentication methods supported by this Token Endpoint.
- `token_endpoint_auth_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature
on the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt
authentication methods. One of 'HS256', 'HS384', 'HS512', 'RS256", 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512'.
- `token_revocation_endpoint` (String) The URL for the access_token or refresh_token revocation endpoint. Example: https://server.example.com/restv1/revoke
- `trusted_client_enabled` (Boolean) Boolean value specifying whether a client is trusted and no authorization is required.
-- `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of 'en', 'es'.
+- `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of "en", "bg", "de", "es", "fr", "it", "ru", "tr".
- `uma_add_scopes_automatically` (Boolean) Add scopes automatically.
- `uma_configuration_endpoint` (String) URL for the UMA Configuration Endpoint. Example: https://server.example.com/restv1/uma2-configuration
- `uma_grant_access_if_no_policies` (Boolean) Specifies whether to grant access to resources if there are no any policies associated with scopes.
diff --git a/examples/resources/jans_api_app_configuration/import.sh b/examples/resources/jans_api_app_configuration/import.sh
new file mode 100644
index 0000000..63f67b3
--- /dev/null
+++ b/examples/resources/jans_api_app_configuration/import.sh
@@ -0,0 +1,4 @@
+# The API App configuration is a global resource that has to be imported,
+# before it can be managed (it cannot be created or deleted). You can choose
+# any identifier for the import, or use 'global' as in the example below.
+terraform import jans_api_app_configuration.global global
\ No newline at end of file
diff --git a/examples/resources/jans_api_app_configuration/resource.tf b/examples/resources/jans_api_app_configuration/resource.tf
new file mode 100644
index 0000000..5c85d79
--- /dev/null
+++ b/examples/resources/jans_api_app_configuration/resource.tf
@@ -0,0 +1,3 @@
+resource "jans_api_app_configuration" "global" {
+
+}
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 7cc7c1f..1233ed9 100644
--- a/go.mod
+++ b/go.mod
@@ -46,12 +46,11 @@ require (
github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
github.com/vmihailenco/tagparser v0.1.1 // indirect
github.com/zclconf/go-cty v1.10.0 // indirect
- golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
- golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
- golang.org/x/text v0.3.7 // indirect
+ golang.org/x/net v0.7.0 // indirect
+ golang.org/x/sys v0.5.0 // indirect
+ golang.org/x/text v0.7.0 // indirect
google.golang.org/appengine v1.6.6 // indirect
google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d // indirect
google.golang.org/grpc v1.48.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
- gopkg.in/yaml.v2 v2.4.0
)
diff --git a/go.sum b/go.sum
index 3ea87c5..890f4ff 100644
--- a/go.sum
+++ b/go.sum
@@ -231,8 +231,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -260,15 +260,15 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -322,8 +322,6 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/jans/api_app_configuration.go b/jans/api_app_configuration.go
new file mode 100644
index 0000000..7b7ecc9
--- /dev/null
+++ b/jans/api_app_configuration.go
@@ -0,0 +1,103 @@
+package jans
+
+import (
+ "context"
+ "fmt"
+)
+
+type AuditLogConf struct {
+ Enabled bool `schema:"enabled" json:"enabled"`
+ IgnoreHttpMethod []string `schema:"ignore_http_method" json:"ignoreHttpMethod"`
+ HeaderAttributes []string `schema:"header_attributes" json:"headerAttributes"`
+}
+
+type DataFormatConversionConf struct {
+ Enabled bool `schema:"enabled" json:"enabled"`
+ IgnoreHttpMethod []string `schema:"ignore_http_method" json:"ignoreHttpMethod"`
+}
+
+type AgamaConfiguration struct {
+ MandatoryAttributes []string `schema:"mandatory_attributes" json:"mandatoryAttributes"`
+ OptionalAttributes []string `schema:"optional_attributes" json:"optionalAttributes"`
+}
+
+// PersistenceConfiguration represents the persistence configuration
+// of the Janssen server.
+type ApiAppConfiguration struct {
+ ConfigOauthEnabled bool `schema:"config_oauth_enabled" json:"configOauthEnabled"`
+ ApiApprovedIssuer []string `schema:"api_approved_issuer" json:"apiApprovedIssuer"`
+ ApiProtectionType string `schema:"api_protection_type" json:"apiProtectionType"`
+ ApiClientId string `schema:"api_client_id" json:"apiClientId"`
+ ApiClientPassword string `schema:"api_client_password" json:"apiClientPassword"`
+ EndpointInjectionEnabled bool `schema:"endpoint_injection_enabled" json:"endpointInjectionEnabled"`
+ AuthIssuerUrl string `schema:"auth_issuer_url" json:"authIssuerUrl"`
+ AuthOpenidConfigurationUrl string `schema:"auth_openid_configuration_url" json:"authOpenidConfigurationUrl"`
+ AuthOpenidIntrospectionUrl string `schema:"auth_openid_introspection_url" json:"authOpenidIntrospectionUrl"`
+ AuthOpenidTokenUrl string `schema:"auth_openid_token_url" json:"authOpenidTokenUrl"`
+ AuthOpenidRevokeUrl string `schema:"auth_openid_revoke_url" json:"authOpenidRevokeUrl"`
+ SmallryeHealthRootPath string `schema:"smallrye_health_root_path" json:"smallryeHealthRootPath"`
+ ExclusiveAuthScopes []string `schema:"exclusive_auth_scopes" json:"exclusiveAuthScopes"`
+ CorsConfigurationFilters []CorsConfigurationFilter `schema:"cors_configuration_filters" json:"corsConfigurationFilters"`
+ LoggingLevel string `schema:"logging_level" json:"loggingLevel"`
+ LoggingLayout string `schema:"logging_layout" json:"loggingLayout"`
+ ExternalLoggerConfiguration string `schema:"external_logger_configuration" json:"externalLoggerConfiguration"`
+ DisableJdkLogger bool `schema:"disable_jdk_logger" json:"disableJdkLogger"`
+ MaxCount int `schema:"max_count" json:"maxCount"`
+ UserExclusionAttributes []string `schema:"user_exclusion_attributes" json:"userExclusionAttributes"`
+ UserMandatoryAttributes []string `schema:"user_mandatory_attributes" json:"userMandatoryAttributes"`
+ AgamaConfiguration AgamaConfiguration `schema:"agama_configuration" json:"agamaConfiguration"`
+ AuditLogConf AuditLogConf `schema:"audit_log_conf" json:"auditLogConf"`
+ DataFormatConversionConf DataFormatConversionConf `schema:"data_format_conversion_conf" json:"dataFormatConversionConf"`
+ Plugins []PluginConf `schema:"plugins" json:"plugins"`
+}
+
+// GetApiAppConfiguration returns the current API configuration.
+func (c *Client) GetApiAppConfiguration(ctx context.Context) (*ApiAppConfiguration, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/properties.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ ret := ApiAppConfiguration{}
+
+ if err := c.get(ctx, "/jans-config-api/api/v1/api-config", token, &ret); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return &ret, nil
+}
+
+// UpdateApiAppConfiguration uses the provided api configuration to create a
+// list of patch requests to update the Janssen api configuration properties.
+func (c *Client) UpdateApiAppConfiguration(ctx context.Context, config *ApiAppConfiguration) (*ApiAppConfiguration, error) {
+
+ if config == nil {
+ return nil, fmt.Errorf("config is nil")
+ }
+
+ orig, err := c.GetApiAppConfiguration(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get app configuration: %w", err)
+ }
+
+ patches, err := createPatches(config, orig)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create patches: %w", err)
+ }
+
+ if len(patches) == 0 {
+ return nil, fmt.Errorf("no patches provided")
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/properties.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.patch(ctx, "/jans-config-api/api/v1/api-config", token, patches); err != nil {
+ return nil, fmt.Errorf("patch request failed: %w", err)
+ }
+
+ return c.GetApiAppConfiguration(ctx)
+}
diff --git a/jans/api_app_configuration_test.go b/jans/api_app_configuration_test.go
new file mode 100644
index 0000000..a2f824b
--- /dev/null
+++ b/jans/api_app_configuration_test.go
@@ -0,0 +1,61 @@
+package jans
+
+import (
+ "context"
+ "testing"
+)
+
+func TestApiAppConfigMapping(t *testing.T) {
+
+ client, err := NewInsecureClient(host, user, pass)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := context.Background()
+
+ _, err = client.GetApiAppConfiguration(ctx)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+}
+
+func TestPatchApiAppConfig(t *testing.T) {
+
+ client, err := NewInsecureClient(host, user, pass)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := context.Background()
+
+ cfg, err := client.GetApiAppConfiguration(ctx)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ oldCount := cfg.MaxCount
+
+ cfg.MaxCount = 5
+
+ _, err = client.UpdateApiAppConfiguration(ctx, cfg)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ t.Cleanup(func() {
+ cfg.MaxCount = oldCount
+ _, _ = client.UpdateApiAppConfiguration(ctx, cfg)
+ })
+
+ cfg, err = client.GetApiAppConfiguration(ctx)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if cfg.MaxCount != 5 {
+ t.Fatalf("%v", cfg.MaxCount)
+ }
+
+}
diff --git a/jans/app_configuration.go b/jans/app_configuration.go
index 7f8a58a..d59477b 100644
--- a/jans/app_configuration.go
+++ b/jans/app_configuration.go
@@ -5,9 +5,9 @@ import (
"fmt"
)
-// AgamaConfiguration enables an alternative way to build authentication
+// EngineConfiguration enables an alternative way to build authentication
// flows in the Janssen server.
-type AgamaConfiguration struct {
+type EngineConfiguration struct {
Enabled bool `schema:"enabled" json:"enabled"`
RootDir string `schema:"root_dir" json:"rootDir"`
TemplatesPath string `schema:"templates_path" json:"templatesPath"`
@@ -308,7 +308,7 @@ type AppConfiguration struct {
HttpLoggingEnabled bool `schema:"http_logging_enabled" json:"httpLoggingEnabled"`
HttpLoggingExcludePaths []string `schema:"http_logging_exclude_paths" json:"httpLoggingExcludePaths"`
ExternalLoggerConfiguration string `schema:"external_logger_configuration" json:"externalLoggerConfiguration"`
- AgamaConfiguration AgamaConfiguration `schema:"agama_configuration" json:"agamaConfiguration"`
+ AgamaConfiguration EngineConfiguration `schema:"agama_configuration" json:"agamaConfiguration"`
EnabledComponents []string `schema:"enabled_components" json:"enabledComponents"`
PersonCustomObjectClassList []string `schema:"person_custom_object_class_list" json:"personCustomObjectClassList"`
StatWebServiceIntervalLimitInSeconds int `schema:"stat_web_service_interval_limit_in_seconds" json:"statWebServiceIntervalLimitInSeconds"`
diff --git a/provider/provider.go b/provider/provider.go
index 88c8030..1b13b08 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -63,6 +63,7 @@ func Provider() *schema.Provider {
"jans_admin_ui_role": resourceAdminUIRole(),
"jans_admin_ui_role_permission_mapping": resourceAdminUIRolePermissionMapping(),
"jans_agama_flow": resourceAgamaFlow(),
+ "jans_api_app_configuration": resourceApiAppConfiguration(),
"jans_app_configuration": resourceAppConfiguration(),
"jans_attribute": resourceAttribute(),
"jans_cache_configuration": resourceCacheConfiguration(),
diff --git a/provider/resource_api_app_configuration.go b/provider/resource_api_app_configuration.go
new file mode 100644
index 0000000..0106081
--- /dev/null
+++ b/provider/resource_api_app_configuration.go
@@ -0,0 +1,335 @@
+package provider
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func resourceApiAppConfiguration() *schema.Resource {
+
+ return &schema.Resource{
+ Description: "Resource for managing config-api configuration properties.",
+ CreateContext: resourceBlockCreate,
+ ReadContext: resourceApiAppConfigurationRead,
+ UpdateContext: resourceApiAppConfigurationUpdate,
+ DeleteContext: resourceUntrackOnDelete,
+ Importer: &schema.ResourceImporter{
+ StateContext: schema.ImportStatePassthroughContext,
+ },
+ Schema: map[string]*schema.Schema{
+ "config_oauth_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "api_approved_issuer": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "api_protection_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "api_client_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "api_client_password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "endpoint_injection_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "auth_issuer_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "auth_openid_configuration_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "auth_openid_introspection_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "auth_openid_token_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "auth_openid_revoke_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "smallrye_health_root_path": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "exclusive_auth_scopes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "cors_configuration_filters": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "filter_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "cors_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "cors_allowed_origins": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "cors_allowed_methods": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "cors_allowed_headers": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "cors_exposed_headers": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "cors_support_credentials": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "cors_logging_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "cors_preflight_max_age": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "",
+ },
+ "cors_request_decorate": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ },
+ },
+ },
+ "logging_level": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "logging_layout": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "external_logger_configuration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "disable_jdk_logger": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "max_count": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "",
+ },
+ "user_exclusion_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "user_mandatory_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "agama_configuration": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "mandatory_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "optional_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ },
+ "audit_log_conf": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "ignore_http_method": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "header_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ },
+ "data_format_conversion_conf": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "",
+ },
+ "ignore_http_method": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ },
+ "plugins": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ "class_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "",
+ },
+ },
+ },
+ },
+ },
+ }
+}
+
+func resourceApiAppConfigurationRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ var diags diag.Diagnostics
+
+ flow, err := c.GetApiAppConfiguration(ctx)
+ if err != nil {
+ return handleNotFoundError(ctx, err, d)
+ }
+
+ if err := toSchemaResource(d, flow); err != nil {
+ return diag.FromErr(err)
+ }
+ d.SetId("jans_api_app_configuration")
+
+ return diags
+
+}
+
+func resourceApiAppConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ var config jans.ApiAppConfiguration
+ if err := fromSchemaResource(d, &config); err != nil {
+ return diag.FromErr(err)
+ }
+ tflog.Debug(ctx, "Updating ApiAppConfiguration")
+ if _, err := c.UpdateApiAppConfiguration(ctx, &config); err != nil {
+ return diag.FromErr(err)
+ }
+ tflog.Debug(ctx, "ApiAppConfiguration updated")
+
+ return resourceApiAppConfigurationRead(ctx, d, meta)
+}
diff --git a/provider/resource_api_app_configuration_test.go b/provider/resource_api_app_configuration_test.go
new file mode 100644
index 0000000..714145c
--- /dev/null
+++ b/provider/resource_api_app_configuration_test.go
@@ -0,0 +1,180 @@
+package provider
+
+import (
+ "context"
+ "errors"
+ "testing"
+
+ "github.com/google/go-cmp/cmp"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func TestResourceApiAppConfiguration_Mapping(t *testing.T) {
+
+ schema := resourceApiAppConfiguration()
+
+ data := schema.Data(nil)
+
+ authConfig := jans.ApiAppConfiguration{
+ ConfigOauthEnabled: true,
+ ApiApprovedIssuer: []string{"https://demoexample.gluu.org"},
+ ApiProtectionType: "oauth2",
+ ApiClientId: "1800.e6a05744-194f-4549-b1b8-f8a9df885582",
+ ApiClientPassword: "/s09uYMMjav2MOVqElIYDw==",
+ EndpointInjectionEnabled: false,
+ AuthIssuerUrl: "https://demoexample.gluu.org",
+ AuthOpenidConfigurationUrl: "https://demoexample.gluu.org/.well-known/openid-configuration",
+ AuthOpenidIntrospectionUrl: "https://demoexample.gluu.org/jans-auth/restv1/introspection",
+ AuthOpenidTokenUrl: "https://demoexample.gluu.org/jans-auth/restv1/token",
+ AuthOpenidRevokeUrl: "https://demoexample.gluu.org/jans-auth/restv1/revoke",
+ SmallryeHealthRootPath: "/health-check",
+ ExclusiveAuthScopes: []string{"jans_stat", "https://jans.io/scim/users.read", "https://jans.io/scim/users.write"},
+ CorsConfigurationFilters: []jans.CorsConfigurationFilter{
+ {
+ FilterName: "CorsFilter",
+ CorsEnabled: true,
+ CorsAllowedOrigins: "*",
+ CorsAllowedMethods: "GET,PUT,POST,DELETE,PATCH,HEAD,OPTIONS",
+ CorsSupportCredentials: true,
+ CorsLoggingEnabled: false,
+ CorsPreflightMaxAge: 1800,
+ CorsRequestDecorate: true,
+ },
+ },
+ LoggingLevel: "INFO",
+ LoggingLayout: "text",
+ DisableJdkLogger: true,
+ MaxCount: 0,
+ UserExclusionAttributes: []string{"userPassword"},
+ UserMandatoryAttributes: []string{"mail", "displayName", "jansStatus", "userPassword", "givenName"},
+ AgamaConfiguration: jans.AgamaConfiguration{
+ MandatoryAttributes: []string{"qname", "source"},
+ OptionalAttributes: []string{"serialVersionUID", "enabled"},
+ },
+ AuditLogConf: jans.AuditLogConf{
+ Enabled: true,
+ HeaderAttributes: []string{"User-inum"},
+ },
+ DataFormatConversionConf: jans.DataFormatConversionConf{
+ Enabled: true,
+ IgnoreHttpMethod: []string{"@jakarta.ws.rs.GET()"},
+ },
+ Plugins: []jans.PluginConf{
+ {
+ Name: "admin",
+ Description: "admin-ui plugin",
+ ClassName: "io.jans.ca.plugin.adminui.rest.ApiApplication",
+ },
+ {
+ Name: "fido2",
+ Description: "fido2 plugin",
+ ClassName: "io.jans.configapi.plugin.fido2.rest.ApiApplication",
+ },
+ {
+ Name: "scim",
+ Description: "scim plugin",
+ ClassName: "io.jans.configapi.plugin.scim.rest.ApiApplication",
+ },
+ {
+ Name: "user-management",
+ Description: "user-management plugin",
+ ClassName: "io.jans.configapi.plugin.mgt.rest.ApiApplication",
+ },
+ },
+ }
+
+ if err := toSchemaResource(data, authConfig); err != nil {
+ t.Fatal(err)
+ }
+
+ newConfig := jans.ApiAppConfiguration{}
+
+ if err := fromSchemaResource(data, &newConfig); err != nil {
+ t.Fatal(err)
+ }
+
+ if diff := cmp.Diff(authConfig, newConfig); diff != "" {
+ t.Errorf("Got different config after mapping: %s", diff)
+ }
+}
+
+func TestAccResourceApiAppConfiguration_basic(t *testing.T) {
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccReourceCheckApiAppConfigurationDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccResourceApiAppConfigurationConfig_basic(),
+ ResourceName: "jans_api_app_configuration.global",
+ ImportState: true,
+ ImportStateId: "jans_api_app_configuration.jans_api_app_configuration",
+ ImportStateCheck: testAccResourceCheckApiAppConfigurationImport,
+ },
+ },
+ })
+}
+
+func testAccResourceApiAppConfigurationConfig_basic() string {
+ return `
+resource "jans_api_app_configuration" "global" {
+}
+`
+}
+
+func testAccResourceCheckApiAppConfigurationImport(states []*terraform.InstanceState) error {
+
+ found := false
+ for _, is := range states {
+
+ if is.ID != "jans_api_app_configuration" {
+ continue
+ }
+
+ found = true
+
+ if err := checkAttribute(is, "api_protection_type", "oauth2"); err != nil {
+ return err
+ }
+
+ if err := checkAttribute(is, "user_exclusion_attributes.0", "userPassword"); err != nil {
+ return err
+ }
+
+ if err := checkAttribute(is, "endpoint_injection_enabled", "false"); err != nil {
+ return err
+ }
+
+ break
+ }
+
+ if !found {
+ return errors.New("resource not found in states")
+ }
+
+ return nil
+}
+
+func testAccReourceCheckApiAppConfigurationDestroy(s *terraform.State) error {
+
+ // since this is a global resource, delete should not have any effect
+
+ c := testAccProvider.Meta().(*jans.Client)
+
+ ctx := context.Background()
+
+ for _, rs := range s.RootModule().Resources {
+ if rs.Type != "jans_api_app_configuration" {
+ continue
+ }
+ _, err := c.GetApiAppConfiguration(ctx)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
diff --git a/provider/resource_app_configuration_test.go b/provider/resource_app_configuration_test.go
index cb574a4..6e97b4b 100644
--- a/provider/resource_app_configuration_test.go
+++ b/provider/resource_app_configuration_test.go
@@ -22,7 +22,7 @@ func TestResourceAuthServiceConfig_Mapping(t *testing.T) {
AuthenticationProtectionConfiguration: jans.AuthenticationProtectionConfiguration{
DelayTime: 16,
},
- AgamaConfiguration: jans.AgamaConfiguration{
+ AgamaConfiguration: jans.EngineConfiguration{
DefaultResponseHeaders: map[string]string{
"X-Frame-Options": "SAMEORIGIN",
},
diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl
index 8cbf074..611cd6a 100644
--- a/templates/index.md.tmpl
+++ b/templates/index.md.tmpl
@@ -29,6 +29,7 @@ the other hand will result in the resource being removed from the state file.
The following resources are considered instance configurations:
+- jans_api_app_configuration
- jans_app_configuration
- jans_cache_configuration
- jans_default_authentication_method
@@ -41,6 +42,7 @@ The following resources are considered instance configurations:
It is recommended to import all of those resources before managing anything else:
```bash
+terraform import jans_api_app_configuration.global global
terraform import jans_app_configuration.global global
terraform import jans_cache_configuration.global global
terraform import jans_default_authentication_method.global global