Skip to content

Commit

Permalink
fix(terraform-provider-jans): update terraform provider
Browse files Browse the repository at this point in the history
Signed-off-by: mo-auto <[email protected]>
  • Loading branch information
mo-auto committed Mar 14, 2024
1 parent a720799 commit 207fb2e
Show file tree
Hide file tree
Showing 60 changed files with 2,558 additions and 374 deletions.
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,19 @@
# Changelog

## [1.1.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.2...v1.1.0) (2024-03-12)


### Features

* add KC and sync with upstream APIs


### Bug Fixes

* oidc backchannel_user_code_parameter schema type
* sync with upstream
* update readme

## [0.8.2](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.1...v0.8.2) (2023-11-09)


Expand Down
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,3 @@ If any of those 3 parameters is not provided, the provider will not be able to c
Optionally, users can also set the following variables:

* `insecure_client` - If set to `true`, the provider will not verify the TLS certificate of the Janssen server. This is useful for testing purposes and should not be used in production, unless absolutely unavoidable.

11 changes: 9 additions & 2 deletions docs/data-sources/custom_script_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@ description: |-

Data source for retrieving supported custom script types.

## Example Usage

```terraform
data "jans_custom_script_types" "script_types" {
}
output "script_type_client_registration_enabled" {
value = contains(data.jans_custom_script_types.script_types, "client_registration")
}
```

<!-- schema generated by tfplugindocs -->
## Schema
Expand All @@ -19,5 +28,3 @@ Data source for retrieving supported custom script types.

- `id` (String) The ID of this resource.
- `types` (List of String) A list of support custom script types.


2 changes: 0 additions & 2 deletions docs/data-sources/fido2_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,3 @@ Data source for retrieving the Fido2 configuration of the Janssen server
- `id` (String) The ID of this resource.
- `issuer` (String) A URI indicating the party operating the FIDO U2F server.
- `version` (String) The version of the FIDO2 U2F core protocol to which this server conforms. The value MUST be the string 1.0.


2 changes: 0 additions & 2 deletions docs/data-sources/persistence_config.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,3 @@ output "persistence_config" {

- `id` (String) The ID of this resource.
- `persistence_type` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/plugins.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,3 @@ Read-Only:
- `class_name` (String)
- `description` (String)
- `name` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,5 +102,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/service_provider_config.md
Original file line number Diff line number Diff line change
Expand Up @@ -112,5 +112,3 @@ Read-Only:
Read-Only:

- `supported` (Boolean)


10 changes: 10 additions & 0 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,16 @@ To use the provider, you need to provide the URL of the Jansen instance, as
well as valid credentials that have access to the Janssen instance.

```terraform
terraform {
required_version = ">= 0.12.0"
required_providers {
janssen = {
source = "JanssenProject/jans"
version = "0.6.0"
}
}
}
provider "jans" {
url = "https://test-instnace.jans.io"
client_id = "1800.3d29d884-e56b-47ac-83ab-b37942b83a89"
Expand Down
9 changes: 6 additions & 3 deletions docs/resources/agama_deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,18 @@ Resource for managing agama authentication flow deployments.
### Required

- `deployment_file` (String) Path to the deployment file (in zip format)
- `deployment_file_hash` (String) Hash of the deployment file, used to detect changes.
- `name` (String) Agama project name

### Optional

- `autoconfigure` (Boolean) Passing 'true' will make this project be configured with the sample configurations
found in the provided binary archive. This param should rarely be passed: use only in controlled
environments where the archive is not shared with third parties

### Read-Only

- `base_dn` (String) Agama deployment base DN
- `created_at` (String) Agama deployment creation time
- `dn` (String) Agama deployment DN
- `id` (String) Agama deployment ID
- `task_active` (Boolean) Boolean value with default value false.


33 changes: 26 additions & 7 deletions docs/resources/app_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ resource "jans_app_configuration" "global" {
- `allow_end_session_with_unmatched_sid` (Boolean) Boolean value specifying whether to allow end session with unmatched SID.
- `allow_id_token_without_implicit_grant_type` (Boolean) Specifies if a token without implicit grant types is allowed.
- `allow_post_logout_redirect_without_validation` (Boolean) Allows post logout redirect without validation for End Session Endpoint.
- `allow_revoke_for_other_clients` (Boolean) Boolean value ture allow revoke for other clients.
- `allow_spontaneous_scopes` (Boolean) Specifies whether to allow spontaneous scopes.
- `archived_jwk_lifetime_in_seconds` (Number) The archived jwk lifetime in seconds.
- `archived_jwks_uri` (String) Archved URLs of the OP's JSON Web Key Set (JWK) document.
- `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters))
- `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters.
- `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration))
Expand Down Expand Up @@ -126,7 +129,7 @@ resource "jans_app_configuration" "global" {
- `dpop_use_nonce` (Boolean) Demonstration of Proof-of-Possession (DPoP) nonce usage.
- `dynamic_grant_type_default` (List of String) List of the OAuth 2.0 Grant Type values that it's possible to set via client
registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token',
'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'.
'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'.
- `dynamic_registration_allowed_password_grant_scopes` (List of String) List of grant scopes for dynamic registration.
- `dynamic_registration_custom_attributes` (List of String) Custom attributes for the Dynamic registration. One of 'jansTrustedClnt'.
- `dynamic_registration_custom_object_class` (String) LDAP custom object class for dynamic registration.
Expand Down Expand Up @@ -179,17 +182,16 @@ resource "jans_app_configuration" "global" {
- `include_sid_in_response` (Boolean) Boolean value specifying whether to include sessionId in response.
- `introspection_access_token_must_have_introspection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have introspection scope.
- `introspection_access_token_must_have_uma_protection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have uma_protection scope.
- `introspection_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
- `introspection_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
- `introspection_endpoint` (String) URL for the Introspection Endpoint. Example: https://server.example.com/restv1/introspection
- `introspection_response_scopes_backward_compatibility` (Boolean)
- `introspection_restrict_basic_authn_to_own_tokens` (Boolean) Specifies if basic authentication to be restricted to own tokens.
- `introspection_script_backward_compatibility` (Boolean) Boolean value specifying whether switch off client's introspection scripts (true value) and run all scripts that exists on server.
- `introspection_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint
- `introspection_skip_authorization` (Boolean) Specifies if authorization to be skipped for introspection.
- `invalidate_session_cookies_after_authorization_flow` (Boolean) Boolean value to specify whether to invalidate 'session_id' and 'consent_session_id' cookies right after successful or unsuccessful authorization.
- `issuer` (String) URL using the https scheme that OP asserts as Issuer identifier. Example: https://server.example.com/
- `jans_eleven_delete_key_endpoint` (String) URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey
- `jans_eleven_generate_key_endpoint` (String) URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey
- `jans_eleven_sign_endpoint` (String) URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign
- `jans_eleven_test_mode_token` (String) jansEleven Test Mode Token.
- `jans_eleven_verify_signature_endpoint` (String) URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature
- `jans_id` (String) URL for the Inum generator Service. Example: https://server.example.com/oxid/service/jans/inum
- `jans_open_id_connect_version` (String) OpenID Connect Version. Example: openidconnect-1.0
- `jms_broker_uri_set` (List of String) JMS Broker URI Set.
Expand All @@ -208,6 +210,7 @@ resource "jans_app_configuration" "global" {
- `key_store_file` (String) The Key Store File (JKS). Example: /etc/certs/jans-auth-keys.jks
- `key_store_secret` (String) The password of the Key Store.
- `legacy_id_token_claims` (Boolean) Include Claims in ID Token.
- `lock_message_config` (Block List, Max: 1) Lock message configuration. (see [below for nested schema](#nestedblock--lock_message_config))
- `log_client_id_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client ID on client authentication.
- `log_client_name_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client Name on client authentication.
- `log_not_found_entity_as_error` (Boolean) Boolean value specifying whether to log not found entity as error.
Expand Down Expand Up @@ -277,10 +280,13 @@ resource "jans_app_configuration" "global" {
- `return_device_secret_from_authz_endpoint` (Boolean) Boolean value to specify if the device secret should be returned by the authz endpoint.
- `rotate_client_registration_access_token_on_usage` (Boolean) Boolean value specifying whether to rotate client registration access token on usage.
- `rotate_device_secret` (Boolean) Enable/Disable device secret rotation.
- `save_tokens_in_cache` (Boolean) Boolean value specifying whether to save token in cache.
- `save_tokens_in_cache_and_dont_save_in_persistence` (Boolean) Boolean value specifying whether to save token in cache and don't save in persistence.
- `sector_identifier_cache_lifetime_in_minutes` (Number) The cache lifetime in minutes of the sector identifier.
- `server_session_id_lifetime` (Number) The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime.
- `service_documentation` (String) URL of a page containing human-readable information that developers might want or need to know
when using the OpenID Provider. Example: http://gluu.org/docs
- `session_id_cookie_lifetime` (Number) The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
- `session_id_lifetime` (Number) The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
- `session_id_persist_in_cache` (Boolean) Boolean value specifying whether to persist session_id in cache.
- `session_id_persist_on_prompt_none` (Boolean) Boolean value specifying whether to persist session ID on prompt none.
Expand Down Expand Up @@ -309,6 +315,10 @@ resource "jans_app_configuration" "global" {
- `token_revocation_endpoint` (String) The URL for the access_token or refresh_token revocation endpoint. Example: https://server.example.com/restv1/revoke
- `trusted_client_enabled` (Boolean) Boolean value specifying whether a client is trusted and no authorization is required.
- `trusted_ssa_issuers` (Block List) List of trusted SSA issuers. (see [below for nested schema](#nestedblock--trusted_ssa_issuers))
- `tx_token_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint.
- `tx_token_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint.
- `tx_token_lifetime` (Number) The lifetime of the Token Exchange Token.
- `tx_token_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint.
- `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of "en", "bg", "de", "es", "fr", "it", "ru", "tr".
- `uma_add_scopes_automatically` (Boolean) Add scopes automatically.
- `uma_configuration_endpoint` (String) URL for the UMA Configuration Endpoint. Example: https://server.example.com/restv1/uma2-configuration
Expand Down Expand Up @@ -354,7 +364,7 @@ Optional:
- `page_mismatch_error_page` (String)
- `root_dir` (String)
- `scripts_path` (String)
- `serializer_type` (String)
- `serialize_rules` (Map of List of String)
- `templates_path` (String)


Expand Down Expand Up @@ -464,6 +474,15 @@ Read-Only:
- `id` (String) The ID of this resource.


<a id="nestedblock--lock_message_config"></a>
### Nested Schema for `lock_message_config`

Optional:

- `enable_id_token_messages` (Boolean) Boolean value specifying whether to enable ID Token messages.
- `id_token_messages_channel` (String) ID Token messages channel.


<a id="nestedblock--ssa_configuration"></a>
### Nested Schema for `ssa_configuration`

Expand Down
2 changes: 0 additions & 2 deletions docs/resources/custom_user.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,3 @@ Optional:

- `display_value` (String) Display value for the attribute.
- `value` (String) Value for the attribute.


2 changes: 0 additions & 2 deletions docs/resources/default_authentication_method.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,3 @@ resource "jans_default_authentication_method" "global" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/fido2_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -103,5 +103,3 @@ Optional:

- `domains` (List of String) Requested Party domains.
- `name` (String) Name of the requested party.


2 changes: 0 additions & 2 deletions docs/resources/fido2_device.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)


2 changes: 0 additions & 2 deletions docs/resources/fido_device.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,5 +48,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)


2 changes: 0 additions & 2 deletions docs/resources/group.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)


2 changes: 0 additions & 2 deletions docs/resources/json_web_key.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,3 @@ resource "jans_json_web_key" "test" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/ldap_database_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,3 @@ resource "jans_ldap_database_configuration" "test" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/logging_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,3 @@ resource "jans_logging_configuration" "global" {
### Read-Only

- `id` (String) The ID of this resource.


11 changes: 8 additions & 3 deletions docs/resources/oidc_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ description: |-
localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the
http scheme with localhost as the hostname.
- `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--attributes))
- `authentication_method` (String)
- `authorized_origins` (List of String) Specifies authorized JavaScript origins.
- `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described
in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests.
Expand Down Expand Up @@ -135,14 +134,18 @@ Optional:
- `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods.
- `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent.
- `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client.
- `authorization_details_types` (List of String) List of authorization details types.
- `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in
the Logout Token to identify the RP session with the OP when true. Default value is false.
- `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
- `consent_gathering_scripts` (List of String) List of consent gathering scripts.
- `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
- `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response.
- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response.
- `introspection_scripts` (List of String) List of introspection scripts.
- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response.
- `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
- `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses.
- `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses.
Expand All @@ -167,6 +170,10 @@ Optional:
- `spontaneous_scopes` (List of String) List of spontaneous scope regular expression.
- `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which
the OAuth client will use in mutual TLS authentication.
- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response.
- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response.
- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration.
- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response.
- `update_token_script_dns` (List of String) List of update token scripts.


Expand All @@ -183,5 +190,3 @@ Optional:

- `display_value` (String) Display value for the attribute.
- `value` (String) Value for the attribute.


2 changes: 0 additions & 2 deletions docs/resources/organization.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,3 @@ resource "jans_organization" "global" {
- `base_dn` (String)
- `dn` (String)
- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/scim_app_configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,3 @@ resource "jans_scim_app_configuration" "global" {
### Read-Only

- `id` (String) The ID of this resource.


Loading

0 comments on commit 207fb2e

Please sign in to comment.