diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7bf6959..bf1bd34 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,19 @@
# Changelog
+## [1.1.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.2...v1.1.0) (2024-03-12)
+
+
+### Features
+
+* add KC and sync with upstream APIs
+
+
+### Bug Fixes
+
+* oidc backchannel_user_code_parameter schema type
+* sync with upstream
+* update readme
+
## [0.8.2](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.1...v0.8.2) (2023-11-09)
diff --git a/README.md b/README.md
index b6da780..f5d2819 100644
--- a/README.md
+++ b/README.md
@@ -42,4 +42,3 @@ If any of those 3 parameters is not provided, the provider will not be able to c
Optionally, users can also set the following variables:
* `insecure_client` - If set to `true`, the provider will not verify the TLS certificate of the Janssen server. This is useful for testing purposes and should not be used in production, unless absolutely unavoidable.
-
diff --git a/docs/data-sources/custom_script_types.md b/docs/data-sources/custom_script_types.md
index 0ee8509..5851311 100644
--- a/docs/data-sources/custom_script_types.md
+++ b/docs/data-sources/custom_script_types.md
@@ -10,7 +10,16 @@ description: |-
Data source for retrieving supported custom script types.
+## Example Usage
+```terraform
+data "jans_custom_script_types" "script_types" {
+}
+
+output "script_type_client_registration_enabled" {
+ value = contains(data.jans_custom_script_types.script_types, "client_registration")
+}
+```
## Schema
@@ -19,5 +28,3 @@ Data source for retrieving supported custom script types.
- `id` (String) The ID of this resource.
- `types` (List of String) A list of support custom script types.
-
-
diff --git a/docs/data-sources/fido2_configuration.md b/docs/data-sources/fido2_configuration.md
index 546330a..bd58d11 100644
--- a/docs/data-sources/fido2_configuration.md
+++ b/docs/data-sources/fido2_configuration.md
@@ -22,5 +22,3 @@ Data source for retrieving the Fido2 configuration of the Janssen server
- `id` (String) The ID of this resource.
- `issuer` (String) A URI indicating the party operating the FIDO U2F server.
- `version` (String) The version of the FIDO2 U2F core protocol to which this server conforms. The value MUST be the string 1.0.
-
-
diff --git a/docs/data-sources/persistence_config.md b/docs/data-sources/persistence_config.md
index 7bc43d3..8aa520c 100644
--- a/docs/data-sources/persistence_config.md
+++ b/docs/data-sources/persistence_config.md
@@ -28,5 +28,3 @@ output "persistence_config" {
- `id` (String) The ID of this resource.
- `persistence_type` (String)
-
-
diff --git a/docs/data-sources/plugins.md b/docs/data-sources/plugins.md
index 38c17e5..d339f54 100644
--- a/docs/data-sources/plugins.md
+++ b/docs/data-sources/plugins.md
@@ -28,5 +28,3 @@ Read-Only:
- `class_name` (String)
- `description` (String)
- `name` (String)
-
-
diff --git a/docs/data-sources/schema.md b/docs/data-sources/schema.md
index 707b6b8..7b339be 100644
--- a/docs/data-sources/schema.md
+++ b/docs/data-sources/schema.md
@@ -102,5 +102,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)
-
-
diff --git a/docs/data-sources/service_provider_config.md b/docs/data-sources/service_provider_config.md
index bbd027d..990fb88 100644
--- a/docs/data-sources/service_provider_config.md
+++ b/docs/data-sources/service_provider_config.md
@@ -112,5 +112,3 @@ Read-Only:
Read-Only:
- `supported` (Boolean)
-
-
diff --git a/docs/index.md b/docs/index.md
index dcef440..d8a3e14 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -15,6 +15,16 @@ To use the provider, you need to provide the URL of the Jansen instance, as
well as valid credentials that have access to the Janssen instance.
```terraform
+terraform {
+ required_version = ">= 0.12.0"
+ required_providers {
+ janssen = {
+ source = "JanssenProject/jans"
+ version = "0.6.0"
+ }
+ }
+}
+
provider "jans" {
url = "https://test-instnace.jans.io"
client_id = "1800.3d29d884-e56b-47ac-83ab-b37942b83a89"
diff --git a/docs/resources/agama_deployment.md b/docs/resources/agama_deployment.md
index 6b7bd47..101df43 100644
--- a/docs/resources/agama_deployment.md
+++ b/docs/resources/agama_deployment.md
@@ -18,9 +18,14 @@ Resource for managing agama authentication flow deployments.
### Required
- `deployment_file` (String) Path to the deployment file (in zip format)
-- `deployment_file_hash` (String) Hash of the deployment file, used to detect changes.
- `name` (String) Agama project name
+### Optional
+
+- `autoconfigure` (Boolean) Passing 'true' will make this project be configured with the sample configurations
+ found in the provided binary archive. This param should rarely be passed: use only in controlled
+ environments where the archive is not shared with third parties
+
### Read-Only
- `base_dn` (String) Agama deployment base DN
@@ -28,5 +33,3 @@ Resource for managing agama authentication flow deployments.
- `dn` (String) Agama deployment DN
- `id` (String) Agama deployment ID
- `task_active` (Boolean) Boolean value with default value false.
-
-
diff --git a/docs/resources/app_configuration.md b/docs/resources/app_configuration.md
index b5155d1..068e4b5 100644
--- a/docs/resources/app_configuration.md
+++ b/docs/resources/app_configuration.md
@@ -35,7 +35,10 @@ resource "jans_app_configuration" "global" {
- `allow_end_session_with_unmatched_sid` (Boolean) Boolean value specifying whether to allow end session with unmatched SID.
- `allow_id_token_without_implicit_grant_type` (Boolean) Specifies if a token without implicit grant types is allowed.
- `allow_post_logout_redirect_without_validation` (Boolean) Allows post logout redirect without validation for End Session Endpoint.
+- `allow_revoke_for_other_clients` (Boolean) Boolean value ture allow revoke for other clients.
- `allow_spontaneous_scopes` (Boolean) Specifies whether to allow spontaneous scopes.
+- `archived_jwk_lifetime_in_seconds` (Number) The archived jwk lifetime in seconds.
+- `archived_jwks_uri` (String) Archved URLs of the OP's JSON Web Key Set (JWK) document.
- `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters))
- `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters.
- `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration))
@@ -126,7 +129,7 @@ resource "jans_app_configuration" "global" {
- `dpop_use_nonce` (Boolean) Demonstration of Proof-of-Possession (DPoP) nonce usage.
- `dynamic_grant_type_default` (List of String) List of the OAuth 2.0 Grant Type values that it's possible to set via client
registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token',
- 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'.
+ 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'.
- `dynamic_registration_allowed_password_grant_scopes` (List of String) List of grant scopes for dynamic registration.
- `dynamic_registration_custom_attributes` (List of String) Custom attributes for the Dynamic registration. One of 'jansTrustedClnt'.
- `dynamic_registration_custom_object_class` (String) LDAP custom object class for dynamic registration.
@@ -179,17 +182,16 @@ resource "jans_app_configuration" "global" {
- `include_sid_in_response` (Boolean) Boolean value specifying whether to include sessionId in response.
- `introspection_access_token_must_have_introspection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have introspection scope.
- `introspection_access_token_must_have_uma_protection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have uma_protection scope.
+- `introspection_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
+- `introspection_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint
- `introspection_endpoint` (String) URL for the Introspection Endpoint. Example: https://server.example.com/restv1/introspection
- `introspection_response_scopes_backward_compatibility` (Boolean)
+- `introspection_restrict_basic_authn_to_own_tokens` (Boolean) Specifies if basic authentication to be restricted to own tokens.
- `introspection_script_backward_compatibility` (Boolean) Boolean value specifying whether switch off client's introspection scripts (true value) and run all scripts that exists on server.
+- `introspection_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint
- `introspection_skip_authorization` (Boolean) Specifies if authorization to be skipped for introspection.
- `invalidate_session_cookies_after_authorization_flow` (Boolean) Boolean value to specify whether to invalidate 'session_id' and 'consent_session_id' cookies right after successful or unsuccessful authorization.
- `issuer` (String) URL using the https scheme that OP asserts as Issuer identifier. Example: https://server.example.com/
-- `jans_eleven_delete_key_endpoint` (String) URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey
-- `jans_eleven_generate_key_endpoint` (String) URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey
-- `jans_eleven_sign_endpoint` (String) URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign
-- `jans_eleven_test_mode_token` (String) jansEleven Test Mode Token.
-- `jans_eleven_verify_signature_endpoint` (String) URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature
- `jans_id` (String) URL for the Inum generator Service. Example: https://server.example.com/oxid/service/jans/inum
- `jans_open_id_connect_version` (String) OpenID Connect Version. Example: openidconnect-1.0
- `jms_broker_uri_set` (List of String) JMS Broker URI Set.
@@ -208,6 +210,7 @@ resource "jans_app_configuration" "global" {
- `key_store_file` (String) The Key Store File (JKS). Example: /etc/certs/jans-auth-keys.jks
- `key_store_secret` (String) The password of the Key Store.
- `legacy_id_token_claims` (Boolean) Include Claims in ID Token.
+- `lock_message_config` (Block List, Max: 1) Lock message configuration. (see [below for nested schema](#nestedblock--lock_message_config))
- `log_client_id_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client ID on client authentication.
- `log_client_name_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client Name on client authentication.
- `log_not_found_entity_as_error` (Boolean) Boolean value specifying whether to log not found entity as error.
@@ -277,10 +280,13 @@ resource "jans_app_configuration" "global" {
- `return_device_secret_from_authz_endpoint` (Boolean) Boolean value to specify if the device secret should be returned by the authz endpoint.
- `rotate_client_registration_access_token_on_usage` (Boolean) Boolean value specifying whether to rotate client registration access token on usage.
- `rotate_device_secret` (Boolean) Enable/Disable device secret rotation.
+- `save_tokens_in_cache` (Boolean) Boolean value specifying whether to save token in cache.
+- `save_tokens_in_cache_and_dont_save_in_persistence` (Boolean) Boolean value specifying whether to save token in cache and don't save in persistence.
- `sector_identifier_cache_lifetime_in_minutes` (Number) The cache lifetime in minutes of the sector identifier.
- `server_session_id_lifetime` (Number) The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime.
- `service_documentation` (String) URL of a page containing human-readable information that developers might want or need to know
when using the OpenID Provider. Example: http://gluu.org/docs
+- `session_id_cookie_lifetime` (Number) The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
- `session_id_lifetime` (Number) The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.
- `session_id_persist_in_cache` (Boolean) Boolean value specifying whether to persist session_id in cache.
- `session_id_persist_on_prompt_none` (Boolean) Boolean value specifying whether to persist session ID on prompt none.
@@ -309,6 +315,10 @@ resource "jans_app_configuration" "global" {
- `token_revocation_endpoint` (String) The URL for the access_token or refresh_token revocation endpoint. Example: https://server.example.com/restv1/revoke
- `trusted_client_enabled` (Boolean) Boolean value specifying whether a client is trusted and no authorization is required.
- `trusted_ssa_issuers` (Block List) List of trusted SSA issuers. (see [below for nested schema](#nestedblock--trusted_ssa_issuers))
+- `tx_token_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint.
+- `tx_token_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint.
+- `tx_token_lifetime` (Number) The lifetime of the Token Exchange Token.
+- `tx_token_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint.
- `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of "en", "bg", "de", "es", "fr", "it", "ru", "tr".
- `uma_add_scopes_automatically` (Boolean) Add scopes automatically.
- `uma_configuration_endpoint` (String) URL for the UMA Configuration Endpoint. Example: https://server.example.com/restv1/uma2-configuration
@@ -354,7 +364,7 @@ Optional:
- `page_mismatch_error_page` (String)
- `root_dir` (String)
- `scripts_path` (String)
-- `serializer_type` (String)
+- `serialize_rules` (Map of List of String)
- `templates_path` (String)
@@ -464,6 +474,15 @@ Read-Only:
- `id` (String) The ID of this resource.
+
+### Nested Schema for `lock_message_config`
+
+Optional:
+
+- `enable_id_token_messages` (Boolean) Boolean value specifying whether to enable ID Token messages.
+- `id_token_messages_channel` (String) ID Token messages channel.
+
+
### Nested Schema for `ssa_configuration`
diff --git a/docs/resources/custom_user.md b/docs/resources/custom_user.md
index 85eb7b7..b0263cb 100644
--- a/docs/resources/custom_user.md
+++ b/docs/resources/custom_user.md
@@ -78,5 +78,3 @@ Optional:
- `display_value` (String) Display value for the attribute.
- `value` (String) Value for the attribute.
-
-
diff --git a/docs/resources/default_authentication_method.md b/docs/resources/default_authentication_method.md
index 3c8fadb..962813e 100644
--- a/docs/resources/default_authentication_method.md
+++ b/docs/resources/default_authentication_method.md
@@ -28,5 +28,3 @@ resource "jans_default_authentication_method" "global" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/fido2_configuration.md b/docs/resources/fido2_configuration.md
index f8d12ce..e893203 100644
--- a/docs/resources/fido2_configuration.md
+++ b/docs/resources/fido2_configuration.md
@@ -103,5 +103,3 @@ Optional:
- `domains` (List of String) Requested Party domains.
- `name` (String) Name of the requested party.
-
-
diff --git a/docs/resources/fido2_device.md b/docs/resources/fido2_device.md
index 57a871d..e3fc3ea 100644
--- a/docs/resources/fido2_device.md
+++ b/docs/resources/fido2_device.md
@@ -41,5 +41,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)
-
-
diff --git a/docs/resources/fido_device.md b/docs/resources/fido_device.md
index e2ec533..01b25dd 100644
--- a/docs/resources/fido_device.md
+++ b/docs/resources/fido_device.md
@@ -48,5 +48,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)
-
-
diff --git a/docs/resources/group.md b/docs/resources/group.md
index a766762..24ccff7 100644
--- a/docs/resources/group.md
+++ b/docs/resources/group.md
@@ -79,5 +79,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)
-
-
diff --git a/docs/resources/json_web_key.md b/docs/resources/json_web_key.md
index 7aa79b8..424ef70 100644
--- a/docs/resources/json_web_key.md
+++ b/docs/resources/json_web_key.md
@@ -60,5 +60,3 @@ resource "jans_json_web_key" "test" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/ldap_database_configuration.md b/docs/resources/ldap_database_configuration.md
index d977d09..e6cbcaa 100644
--- a/docs/resources/ldap_database_configuration.md
+++ b/docs/resources/ldap_database_configuration.md
@@ -57,5 +57,3 @@ resource "jans_ldap_database_configuration" "test" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/logging_configuration.md b/docs/resources/logging_configuration.md
index 9ea405a..f453c31 100644
--- a/docs/resources/logging_configuration.md
+++ b/docs/resources/logging_configuration.md
@@ -39,5 +39,3 @@ resource "jans_logging_configuration" "global" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/oidc_client.md b/docs/resources/oidc_client.md
index 1ba4b31..2ab9f0e 100644
--- a/docs/resources/oidc_client.md
+++ b/docs/resources/oidc_client.md
@@ -31,7 +31,6 @@ description: |-
localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the
http scheme with localhost as the hostname.
- `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--attributes))
-- `authentication_method` (String)
- `authorized_origins` (List of String) Specifies authorized JavaScript origins.
- `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described
in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests.
@@ -135,6 +134,7 @@ Optional:
- `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods.
- `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent.
- `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client.
+- `authorization_details_types` (List of String) List of authorization details types.
- `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in
the Logout Token to identify the RP session with the OP when true. Default value is false.
- `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
@@ -142,7 +142,10 @@ Optional:
- `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
- `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
+- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response.
+- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response.
- `introspection_scripts` (List of String) List of introspection scripts.
+- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response.
- `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
- `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses.
- `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses.
@@ -167,6 +170,10 @@ Optional:
- `spontaneous_scopes` (List of String) List of spontaneous scope regular expression.
- `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which
the OAuth client will use in mutual TLS authentication.
+- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration.
+- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response.
- `update_token_script_dns` (List of String) List of update token scripts.
@@ -183,5 +190,3 @@ Optional:
- `display_value` (String) Display value for the attribute.
- `value` (String) Value for the attribute.
-
-
diff --git a/docs/resources/organization.md b/docs/resources/organization.md
index 5144910..1f7a632 100644
--- a/docs/resources/organization.md
+++ b/docs/resources/organization.md
@@ -50,5 +50,3 @@ resource "jans_organization" "global" {
- `base_dn` (String)
- `dn` (String)
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/scim_app_configuration.md b/docs/resources/scim_app_configuration.md
index 2c794eb..a6e4d3c 100644
--- a/docs/resources/scim_app_configuration.md
+++ b/docs/resources/scim_app_configuration.md
@@ -60,5 +60,3 @@ resource "jans_scim_app_configuration" "global" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/scope.md b/docs/resources/scope.md
index e21bce6..8e00252 100644
--- a/docs/resources/scope.md
+++ b/docs/resources/scope.md
@@ -91,7 +91,6 @@ Optional:
localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the
http scheme with localhost as the hostname.
- `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--clients--attributes))
-- `authentication_method` (String)
- `authorized_origins` (List of String) Specifies authorized JavaScript origins.
- `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described
in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests.
@@ -194,6 +193,7 @@ Optional:
- `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods.
- `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent.
- `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client.
+- `authorization_details_types` (List of String) List of authorization details types.
- `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in
the Logout Token to identify the RP session with the OP when true. Default value is false.
- `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
@@ -201,7 +201,10 @@ Optional:
- `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required.
- `evidence` (String) Specifies the evidence that the client presents to the authorization server.
- `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration.
+- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response.
+- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response.
- `introspection_scripts` (List of String) List of introspection scripts.
+- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response.
- `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses.
- `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses.
- `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses.
@@ -226,6 +229,10 @@ Optional:
- `spontaneous_scopes` (List of String) List of spontaneous scope regular expression.
- `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which
the OAuth client will use in mutual TLS authentication.
+- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response.
+- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration.
+- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response.
- `update_token_script_dns` (List of String) List of update token scripts.
@@ -242,5 +249,3 @@ Optional:
- `display_value` (String) Display value for the attribute.
- `value` (String) Value for the attribute.
-
-
diff --git a/docs/resources/script.md b/docs/resources/script.md
index 0424aef..c2ff120 100644
--- a/docs/resources/script.md
+++ b/docs/resources/script.md
@@ -102,5 +102,3 @@ Read-Only:
- `raised_at` (String)
- `stack_trace` (String)
-
-
diff --git a/docs/resources/smtp_configuration.md b/docs/resources/smtp_configuration.md
index 7919e2c..c086cf1 100644
--- a/docs/resources/smtp_configuration.md
+++ b/docs/resources/smtp_configuration.md
@@ -55,5 +55,3 @@ resource "jans_smtp_configuration" "global" {
### Read-Only
- `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/uma_resource.md b/docs/resources/uma_resource.md
index 19e661f..5841cdd 100644
--- a/docs/resources/uma_resource.md
+++ b/docs/resources/uma_resource.md
@@ -55,5 +55,3 @@ resource "jans_uma_resource" "test" {
- `dn` (String)
- `id` (String) Resource id.
-
-
diff --git a/docs/resources/user.md b/docs/resources/user.md
index dca993d..505ecb3 100644
--- a/docs/resources/user.md
+++ b/docs/resources/user.md
@@ -283,5 +283,3 @@ Read-Only:
- `last_modified` (String)
- `location` (String)
- `resource_type` (String)
-
-
diff --git a/go.mod b/go.mod
index 70a1ca3..8a95621 100644
--- a/go.mod
+++ b/go.mod
@@ -1,38 +1,43 @@
module github.com/jans/terraform-provider-jans
-go 1.18
+go 1.20
-require github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0
+require github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
require (
- github.com/davecgh/go-spew v1.1.1 // indirect
+ github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+ github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+ github.com/cloudflare/circl v1.3.7 // indirect
github.com/hashicorp/go-checkpoint v0.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
- github.com/hashicorp/hc-install v0.4.0 // indirect
- github.com/hashicorp/terraform-exec v0.17.2 // indirect
- github.com/hashicorp/terraform-json v0.14.0 // indirect
- golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 // indirect
+ github.com/hashicorp/hc-install v0.6.1 // indirect
+ github.com/hashicorp/terraform-exec v0.19.0 // indirect
+ github.com/hashicorp/terraform-json v0.17.1 // indirect
+ github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+ github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+ golang.org/x/crypto v0.17.0 // indirect
+ golang.org/x/mod v0.13.0 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
)
require (
github.com/agext/levenshtein v1.2.2 // indirect
- github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
- github.com/google/go-cmp v0.5.9
+ github.com/google/go-cmp v0.6.0
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
- github.com/hashicorp/go-hclog v1.2.1 // indirect
+ github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
- github.com/hashicorp/go-plugin v1.4.4 // indirect
+ github.com/hashicorp/go-plugin v1.5.1 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
- github.com/hashicorp/hcl/v2 v2.13.0 // indirect
+ github.com/hashicorp/hcl/v2 v2.19.1 // indirect
github.com/hashicorp/logutils v1.0.0 // indirect
- github.com/hashicorp/terraform-plugin-go v0.14.0 // indirect
- github.com/hashicorp/terraform-plugin-log v0.7.0
- github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c // indirect
- github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
+ github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect
+ github.com/hashicorp/terraform-plugin-log v0.9.0
+ github.com/hashicorp/terraform-registry-address v0.2.2 // indirect
+ github.com/hashicorp/terraform-svchost v0.1.1 // indirect
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
@@ -43,14 +48,11 @@ require (
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/oklog/run v1.0.0 // indirect
github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
- github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
- github.com/vmihailenco/tagparser v0.1.1 // indirect
- github.com/zclconf/go-cty v1.10.0 // indirect
- golang.org/x/net v0.9.0 // indirect
- golang.org/x/sys v0.7.0 // indirect
- golang.org/x/text v0.9.0 // indirect
+ github.com/zclconf/go-cty v1.14.1 // indirect
+ golang.org/x/net v0.17.0 // indirect
+ golang.org/x/sys v0.15.0 // indirect
+ golang.org/x/text v0.14.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
- google.golang.org/grpc v1.56.3 // indirect
- google.golang.org/protobuf v1.30.0 // indirect
+ google.golang.org/grpc v1.57.1 // indirect
+ google.golang.org/protobuf v1.31.0 // indirect
)
diff --git a/go.sum b/go.sum
index 8259547..124f45c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,116 +1,90 @@
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I=
-github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
-github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
+github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
+github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
-github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
-github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
-github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw=
-github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
-github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-plugin v1.5.1 h1:oGm7cWBaYIp3lJpx1RUEfLWophprE2EV/KUeqBYo+6k=
+github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/hc-install v0.4.0 h1:cZkRFr1WVa0Ty6x5fTvL1TuO1flul231rWkGH92oYYk=
-github.com/hashicorp/hc-install v0.4.0/go.mod h1:5d155H8EC5ewegao9A4PUTMNPZaq+TbOzkJJZ4vrXeI=
-github.com/hashicorp/hcl/v2 v2.13.0 h1:0Apadu1w6M11dyGFxWnmhhcMjkbAiKCv7G1r/2QgCNc=
-github.com/hashicorp/hcl/v2 v2.13.0/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0=
+github.com/hashicorp/hc-install v0.6.1 h1:IGxShH7AVhPaSuSJpKtVi/EFORNjO+OYVJJrAtGG2mY=
+github.com/hashicorp/hc-install v0.6.1/go.mod h1:0fW3jpg+wraYSnFDJ6Rlie3RvLf1bIqVIkzoon4KoVE=
+github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
+github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go=
-github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8=
-github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e17dKDpqV7s=
-github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM=
-github.com/hashicorp/terraform-plugin-go v0.14.0 h1:ttnSlS8bz3ZPYbMb84DpcPhY4F5DsQtcAS7cHo8uvP4=
-github.com/hashicorp/terraform-plugin-go v0.14.0/go.mod h1:2nNCBeRLaenyQEi78xrGrs9hMbulveqG/zDMQSvVJTE=
-github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs=
-github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0 h1:eIJjFlI4k6BMso6Wq/bq56U0RukXc4JbwJJ8Oze2/tg=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0/go.mod h1:mYPs/uchNcBq7AclQv9QUtSf9iNcfp1Ag21jqTlDf2M=
-github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg=
-github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI=
-github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=
-github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
+github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM=
+github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg=
+github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
+github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
+github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU=
+github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec=
+github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
+github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 h1:X7vB6vn5tON2b49ILa4W7mFAsndeqJ7bZFOGbVO+0Cc=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0/go.mod h1:ydFcxbdj6klCqYEPkPvdvFKiNGKZLUs+896ODUXCyao=
+github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno=
+github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo=
+github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
+github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
@@ -119,8 +93,6 @@ github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
@@ -129,112 +101,104 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
-github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
-github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
-github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
-github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
-github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
-github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
-github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
+github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
+github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA=
+github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 h1:O8uGbHCqlTp2P6QJSLmCojM4mN6UemYv8K+dCnmHmu0=
-golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
-google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
-google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg=
+google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/jans/app_configuration.go b/jans/app_configuration.go
index a3c1842..17a6ea9 100644
--- a/jans/app_configuration.go
+++ b/jans/app_configuration.go
@@ -8,18 +8,18 @@ import (
// EngineConfiguration enables an alternative way to build authentication
// flows in the Janssen server.
type EngineConfiguration struct {
- Enabled bool `schema:"enabled" json:"enabled"`
- RootDir string `schema:"root_dir" json:"rootDir"`
- TemplatesPath string `schema:"templates_path" json:"templatesPath"`
- ScriptsPath string `schema:"scripts_path" json:"scriptsPath"`
- SerializerType string `schema:"serializer_type" json:"serializerType"`
- MaxItemsLoggedInCollections int `schema:"max_items_logged_in_collections" json:"maxItemsLoggedInCollections"`
- PageMismatchErrorPage string `schema:"page_mismatch_error_page" json:"pageMismatchErrorPage"`
- InterruptionErrorPage string `schema:"interruption_error_page" json:"interruptionErrorPage"`
- CrashErrorPage string `schema:"crash_error_page" json:"crashErrorPage"`
- FinishedFlowPage string `schema:"finished_flow_page" json:"finishedFlowPage"`
- BridgeScriptPage string `schema:"bridge_script_page" json:"bridgeScriptPage"`
- DefaultResponseHeaders map[string]string `schema:"default_response_headers" json:"defaultResponseHeaders"`
+ Enabled bool `schema:"enabled" json:"enabled"`
+ RootDir string `schema:"root_dir" json:"rootDir"`
+ TemplatesPath string `schema:"templates_path" json:"templatesPath"`
+ ScriptsPath string `schema:"scripts_path" json:"scriptsPath"`
+ MaxItemsLoggedInCollections int `schema:"max_items_logged_in_collections" json:"maxItemsLoggedInCollections"`
+ PageMismatchErrorPage string `schema:"page_mismatch_error_page" json:"pageMismatchErrorPage"`
+ InterruptionErrorPage string `schema:"interruption_error_page" json:"interruptionErrorPage"`
+ CrashErrorPage string `schema:"crash_error_page" json:"crashErrorPage"`
+ FinishedFlowPage string `schema:"finished_flow_page" json:"finishedFlowPage"`
+ BridgeScriptPage string `schema:"bridge_script_page" json:"bridgeScriptPage"`
+ SerializeRules map[string][]string `schema:"serialize_rules" json:"serializeRules"`
+ DefaultResponseHeaders map[string]string `schema:"default_response_headers" json:"defaultResponseHeaders"`
}
// CibaEndUserNotificationConfig represents the configuration properties for
@@ -100,6 +100,11 @@ type TrustedIssuerConfig struct {
AutomaticallyGrantedScopes []string `schema:"automatically_granted_scopes" json:"automatically_granted_scopes"`
}
+type LockMessageConfig struct {
+ EnableIDTokenMessages bool `schema:"enable_id_token_messages" json:"enableIDTokenMessages"`
+ IDTokenMessagesChannel string `schema:"id_token_messages_channel" json:"idTokenMessagesChannel"`
+}
+
// AppConfiguration represents the Janssen authorization server
// configuration properties
type AppConfiguration struct {
@@ -115,6 +120,7 @@ type AppConfiguration struct {
EndSessionEndpoint string `schema:"end_session_endpoint" json:"endSessionEndpoint"`
RegistrationEndpoint string `schema:"registration_endpoint" json:"registrationEndpoint"`
JwksUri string `schema:"jwks_uri" json:"jwksUri"`
+ ArchivedJwksUri string `schema:"archived_jwks_uri" json:"archivedJwksUri"`
OpenIDDiscoveryEndpoint string `schema:"openid_discovery_endpoint" json:"openIdDiscoveryEndpoint"`
OpenIDConfigurationEndpoint string `schema:"openid_configuration_endpoint" json:"openIdConfigurationEndpoint"`
IDGenerationEndpoint string `schema:"id_generation_endpoint" json:"idGenerationEndpoint"`
@@ -139,7 +145,9 @@ type AppConfiguration struct {
RequireRequestObjectEncryption bool `schema:"require_request_object_encryption" json:"requireRequestObjectEncryption"`
RequirePkce bool `schema:"require_pkce" json:"requirePkce"`
AllowAllValueForRevokeEndpoint bool `schema:"allow_all_value_for_revoke_endpoint" json:"allowAllValueForRevokeEndpoint"`
+ AllowRevokeForOtherClients bool `schema:"allow_revoke_for_other_clients" json:"allowRevokeForOtherClients"`
SectorIdentifierCacheLifetimeInMinutes int `schema:"sector_identifier_cache_lifetime_in_minutes" json:"sectorIdentifierCacheLifetimeInMinutes"`
+ ArchivedJwkLifetimeInSeconds int `schema:"archived_jwk_lifetime_in_seconds" json:"archivedJwkLifetimeInSeconds"`
UmaConfigurationEndpoint string `schema:"uma_configuration_endpoint" json:"umaConfigurationEndpoint"`
UmaRptAsJwt bool `schema:"uma_rpt_as_jwt" json:"umaRptAsJwt"`
UmaRptLifetime int `schema:"uma_rpt_lifetime" json:"umaRptLifetime"`
@@ -168,6 +176,12 @@ type AppConfiguration struct {
UserInfoSigningAlgValuesSupported []string `schema:"user_info_signing_alg_values_supported" json:"userInfoSigningAlgValuesSupported"`
UserInfoEncryptionAlgValuesSupported []string `schema:"user_info_encryption_alg_values_supported" json:"userInfoEncryptionAlgValuesSupported"`
UserInfoEncryptionEncValuesSupported []string `schema:"user_info_encryption_enc_values_supported" json:"userInfoEncryptionEncValuesSupported"`
+ IntrospectionSigningAlgValuesSupported []string `schema:"introspection_signing_alg_values_supported" json:"introspectionSigningAlgValuesSupported"`
+ IntrospectionEncryptionAlgValuesSupported []string `schema:"introspection_encryption_alg_values_supported" json:"introspectionEncryptionAlgValuesSupported"`
+ IntrospectionEncryptionEncValuesSupported []string `schema:"introspection_encryption_enc_values_supported" json:"introspectionEncryptionEncValuesSupported"`
+ TxTokenSigningAlgValuesSupported []string `schema:"tx_token_signing_alg_values_supported" json:"txTokenSigningAlgValuesSupported"`
+ TxTokenEncryptionAlgValuesSupported []string `schema:"tx_token_encryption_alg_values_supported" json:"txTokenEncryptionAlgValuesSupported"`
+ TxTokenEncryptionEncValuesSupported []string `schema:"tx_token_encryption_enc_values_supported" json:"txTokenEncryptionEncValuesSupported"`
IDTokenSigningAlgValuesSupported []string `schema:"id_token_signing_alg_values_supported" json:"idTokenSigningAlgValuesSupported"`
IDTokenEncryptionAlgValuesSupported []string `schema:"id_token_encryption_alg_values_supported" json:"idTokenEncryptionAlgValuesSupported"`
IDTokenEncryptionEncValuesSupported []string `schema:"id_token_encryption_enc_values_supported" json:"idTokenEncryptionEncValuesSupported"`
@@ -195,8 +209,11 @@ type AppConfiguration struct {
OpTosUri string `schema:"op_tos_uri" json:"opTosUri"`
AuthorizationCodeLifetime int `schema:"authorization_code_lifetime" json:"authorizationCodeLifetime"`
RefreshTokenLifetime int `schema:"refresh_token_lifetime" json:"refreshTokenLifetime"`
+ TxTokenLifetime int `schema:"tx_token_lifetime" json:"txTokenLifetime"`
IDTokenLifetime int `schema:"id_token_lifetime" json:"idTokenLifetime"`
IDTokenFilterClaimsBasedOnAccessToken bool `schema:"id_token_filter_claims_based_on_access_token" json:"idTokenFilterClaimsBasedOnAccessToken"`
+ SaveTokensInCache bool `schema:"save_tokens_in_cache" json:"saveTokensInCache"`
+ SaveTokensInCacheAndDontSaveInPersistence bool `schema:"save_tokens_in_cache_and_dont_save_in_persistence" json:"saveTokensInCacheAndDontSaveInPersistence"`
AccessTokenLifetime int `schema:"access_token_lifetime" json:"accessTokenLifetime"`
CleanServiceInterval int `schema:"clean_service_interval" json:"cleanServiceInterval"`
CleanServiceBatchChunkSize int `schema:"clean_service_batch_chunk_size" json:"cleanServiceBatchChunkSize"`
@@ -246,7 +263,7 @@ type AppConfiguration struct {
DisablePromptLogin bool `schema:"disable_prompt_login" json:"disablePromptLogin"`
DisablePromptConsent bool `schema:"disable_prompt_consent" json:"disablePromptConsent"`
SessionIdLifetime int `schema:"session_id_lifetime" json:"sessionIdLifetime"`
- ServerSessionIdLifetime int `schema:"server_session_id_lifetime" json:"serverSessionIdLifetime"`
+ SessionIdCookieLifetime int `schema:"session_id_cookie_lifetime" json:"sessionIdCookieLifetime"`
ActiveSessionAuthorizationScope string `schema:"active_session_authorization_scope" json:"activeSessionAuthorizationScope"`
ConfigurationUpdateInterval int `schema:"configuration_update_interval" json:"configurationUpdateInterval"`
LogNotFoundEntityAsError bool `schema:"log_not_found_entity_as_error" json:"logNotFoundEntityAsError"`
@@ -270,14 +287,10 @@ type AppConfiguration struct {
KeyAlgsAllowedForGeneration []string `schema:"key_algs_allowed_for_generation" json:"keyAlgsAllowedForGeneration"`
StaticKid string `schema:"static_kid" json:"staticKid"`
StaticDecryptionKid string `schema:"static_decryption_kid" json:"staticDecryptionKid"`
- JansElevenTestModeToken string `schema:"jans_eleven_test_mode_token" json:"jansElevenTestModeToken"`
- JansElevenGenerateKeyEndpoint string `schema:"jans_eleven_generate_key_endpoint" json:"jansElevenGenerateKeyEndpoint"`
- JansElevenSignEndpoint string `schema:"jans_eleven_sign_endpoint" json:"jansElevenSignEndpoint"`
- JansElevenVerifySignatureEndpoint string `schema:"jans_eleven_verify_signature_endpoint" json:"jansElevenVerifySignatureEndpoint"`
- JansElevenDeleteKeyEndpoint string `schema:"jans_eleven_delete_key_endpoint" json:"jansElevenDeleteKeyEndpoint"`
IntrospectionAccessTokenMustHaveUmaProtectionScope bool `schema:"introspection_access_token_must_have_uma_protection_scope" json:"introspectionAccessTokenMustHaveUmaProtectionScope"`
IntrospectionAccessTokenMustHaveIntrospectionScope bool `schema:"introspection_access_token_must_have_introspection_scope" json:"introspectionAccessTokenMustHaveIntrospectionScope"`
IntrospectionSkipAuthorization bool `schema:"introspection_skip_authorization" json:"introspectionSkipAuthorization"`
+ IntrospectionRestrictBasicAuthnToOwnTokens bool `schema:"introspection_restrict_basic_authn_to_own_tokens" json:"introspectionRestrictBasicAuthnToOwnTokens"`
EndSessionWithAccessToken bool `schema:"end_session_with_access_token" json:"endSessionWithAccessToken"`
CookieDomain string `schema:"cookie_domain" json:"cookieDomain"`
EnabledOAuthAuditLogging bool `schema:"enabled_oauth_audit_logging" json:"enabledOAuthAuditLogging"`
@@ -380,6 +393,7 @@ type AppConfiguration struct {
HttpLoggingResponseBodyContent bool `schema:"http_logging_response_body_content" json:"httpLoggingResponseBodyContent"`
Fapi bool `schema:"fapi" json:"fapi"`
SkipAuthenticationFilterOptionsMethod bool `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"`
+ LockMessageConfig LockMessageConfig `schema:"lock_message_config" json:"lockMessageConfig"`
}
// GetAppConfiguration returns all Janssen authorization server configuration
diff --git a/jans/attributes.go b/jans/attributes.go
index 4bce6a3..5ae0e72 100644
--- a/jans/attributes.go
+++ b/jans/attributes.go
@@ -69,7 +69,9 @@ func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) {
resp := response{}
- if err := c.get(ctx, "/jans-config-api/api/v1/attributes", token, &resp); err != nil {
+ if err := c.get(ctx, "/jans-config-api/api/v1/attributes", token, &resp, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/jans/client.go b/jans/client.go
index 3af46ea..b744d26 100644
--- a/jans/client.go
+++ b/jans/client.go
@@ -7,10 +7,12 @@ import (
"encoding/json"
"fmt"
"io"
+ "mime/multipart"
"reflect"
"sort"
"net/http"
+ "net/textproto"
"net/url"
)
@@ -254,6 +256,118 @@ func (c *Client) post(ctx context.Context, path, token string, req, resp any) er
return c.request(ctx, params)
}
+type FormField struct {
+ Typ string
+ Data io.Reader
+}
+
+type requestParamsOptions func(*requestParams) error
+
+func (c *Client) newParams(method, path string, resp any, options ...requestParamsOptions) (*requestParams, error) {
+ params := &requestParams{
+ method: method,
+ accept: "application/json",
+ path: path,
+ resp: resp,
+ }
+
+ for _, o := range options {
+ if err := o(params); err != nil {
+ return nil, err
+ }
+ }
+
+ return params, nil
+}
+
+func (c *Client) withToken(ctx context.Context, url string) requestParamsOptions {
+ return func(params *requestParams) (err error) {
+ params.token, err = c.getToken(ctx, url)
+ return
+ }
+}
+
+func (c *Client) withFormData(req map[string]FormField) requestParamsOptions {
+ return func(params *requestParams) (err error) {
+ var b bytes.Buffer
+
+ w := multipart.NewWriter(&b)
+ defer w.Close()
+
+ for key, r := range req {
+ var fw io.Writer
+
+ switch r.Typ {
+ case "file":
+ if fw, err = w.CreateFormFile(key, "file"); err != nil {
+ return
+ }
+ case "json":
+ h := make(textproto.MIMEHeader)
+ h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"`, key))
+ h.Set("Content-Type", "application/json")
+ if fw, err = w.CreatePart(h); err != nil {
+ return
+ }
+ }
+
+ if _, err = io.Copy(fw, r.Data); err != nil {
+ return
+ }
+ }
+
+ w.Close()
+
+ params.contentType = w.FormDataContentType()
+ params.payload = b.Bytes()
+
+ return nil
+ }
+}
+
+func (c *Client) postFormData(ctx context.Context, path, token string, req map[string]FormField, resp any) (err error) {
+ var b bytes.Buffer
+
+ w := multipart.NewWriter(&b)
+ defer w.Close()
+
+ for key, r := range req {
+ var fw io.Writer
+
+ switch r.Typ {
+ case "file":
+ if fw, err = w.CreateFormFile(key, "file"); err != nil {
+ return
+ }
+ case "json":
+ h := make(textproto.MIMEHeader)
+ h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"`, key))
+ h.Set("Content-Type", "application/json")
+ if fw, err = w.CreatePart(h); err != nil {
+ return
+ }
+ }
+
+ if _, err = io.Copy(fw, r.Data); err != nil {
+ return
+ }
+ }
+
+ w.Close()
+
+ params := requestParams{
+ method: "POST",
+ path: path,
+ contentType: w.FormDataContentType(),
+ accept: "application/json",
+ token: token,
+ payload: b.Bytes(),
+ resp: resp,
+ }
+
+ return c.request(ctx, params)
+}
+
// post performs an HTTP POST request to the given path, using the given token
// and the provided request entity, which is marshaled into JSON. The response
// data is unmarshaled into the provided response value, which has to be of
@@ -355,11 +469,19 @@ func (c *Client) request(ctx context.Context, params requestParams) error {
}
client := &http.Client{Transport: tr}
+ // b, _ := httputil.DumpRequest(req, true)
+ // fmt.Print("REQUEST:\n")
+ // fmt.Printf("%s\n", b)
+
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("could not perform request: %w", err)
}
+ // b, _ = httputil.DumpResponse(resp, true)
+ // fmt.Print("RESPONSE:\n")
+ // fmt.Printf("%s\n", b)
+
if resp.StatusCode == 400 {
// try to read error message
data, err := io.ReadAll(resp.Body)
diff --git a/jans/custom_user.go b/jans/custom_user.go
index 65b107c..f1497ef 100644
--- a/jans/custom_user.go
+++ b/jans/custom_user.go
@@ -39,7 +39,9 @@ func (c *Client) GetCustomUsers(ctx context.Context) ([]CustomUser, error) {
ret := response{}
- if err := c.get(ctx, "/jans-config-api/mgt/configuser", token, &ret); err != nil {
+ if err := c.get(ctx, "/jans-config-api/mgt/configuser", token, &ret, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/jans/kc_saml_config.go b/jans/kc_saml_config.go
new file mode 100644
index 0000000..afa08f5
--- /dev/null
+++ b/jans/kc_saml_config.go
@@ -0,0 +1,100 @@
+package jans
+
+import (
+ "context"
+ "fmt"
+)
+
+type KCSAMLConfiguration struct {
+ ApplicationName string `schema:"application_name" json:"applicationName"`
+ SamlTrustRelationshipDn string `schema:"saml_trust_relationship_dn" json:"samlTrustRelationshipDn"`
+ TrustIdpDn string `schema:"trusted_idp_dn" json:"trustedIdpDn"`
+ Enabled bool `schema:"enabled" json:"enabled"`
+ SelectedIdp string `schema:"selected_idp" json:"selectedIdp"`
+ ServerUrl string `schema:"server_url" json:"serverUrl"`
+ Realm string `schema:"realm" json:"realm"`
+ ClientId string `schema:"client_id" json:"clientId"`
+ ClientSecret string `schema:"client_secret" json:"clientSecret"`
+ GrantType string `schema:"grant_type" json:"grantType"`
+ Scope string `schema:"scope" json:"scope"`
+ Username string `schema:"username" json:"username"`
+ Password string `schema:"password" json:"password"`
+ SpMetadataUrl string `schema:"sp_metadata_url" json:"spMetadataUrl"`
+ TokenUrl string `schema:"token_url" json:"tokenUrl"`
+ IdpUrl string `schema:"idp_url" json:"idpUrl"`
+ IdpMetadataImportUrl string `schema:"idp_metadata_import_url" json:"idpMetadataImportUrl"`
+ IdpRootDir string `schema:"idp_root_dir" json:"idpRootDir"`
+ IdpMetadataDir string `schema:"idp_metadata_dir" json:"idpMetadataDir"`
+ IdpMetadataTempDir string `schema:"idp_metadata_temp_dir" json:"idpMetadataTempDir"`
+ IdpMetadataFile string `schema:"idp_metadata_file" json:"idpMetadataFile"`
+ SpMetadataDir string `schema:"sp_metadata_dir" json:"spMetadataDir"`
+ SpMetadataTempDir string `schema:"sp_metadata_temp_dir" json:"spMetadataTempDir"`
+ SpMetadataFile string `schema:"sp_metadata_file" json:"spMetadataFile"`
+ IgnoreValidation bool `schema:"ignore_validation" json:"ignoreValidation"`
+ IdpMetadataMandatoryAttributes []string `schema:"idp_metadata_mandatory_attributes" json:"idpMetadataMandatoryAttributes"`
+ KcAttributes []string `schema:"kc_attributes" json:"kcAttributes"`
+ KcSamlConfig []string `schema:"kc_saml_config" json:"kcSamlConfig"`
+}
+
+func (c *Client) CreateKCSAMLConfiguration(ctx context.Context, config *KCSAMLConfiguration) (*KCSAMLConfiguration, error) {
+
+ if config == nil {
+ return nil, fmt.Errorf("config is nil")
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ ret := &KCSAMLConfiguration{}
+
+ if err := c.put(ctx, "/jans-config-api/kc/samlConfig", token, config, ret); err != nil {
+ return nil, fmt.Errorf("put request failed: %w", err)
+ }
+
+ return ret, nil
+}
+
+func (c *Client) GetKCSAMLConfiguration(ctx context.Context) (*KCSAMLConfiguration, error) {
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ ret := &KCSAMLConfiguration{}
+
+ if err := c.get(ctx, "/jans-config-api/kc/samlConfig", token, ret); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return ret, nil
+}
+
+func (c *Client) PatchKCSAMLConfiguration(ctx context.Context, patches []PatchRequest) (*KCSAMLConfiguration, error) {
+
+ if len(patches) == 0 {
+ return c.GetKCSAMLConfiguration(ctx)
+ }
+
+ orig, err := c.GetKCSAMLConfiguration(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get fido2 configuration: %w", err)
+ }
+
+ updates, err := createPatchesDiff(orig, patches)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create patches: %w", err)
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.patch(ctx, "/jans-config-api/kc/samlConfig", token, updates); err != nil {
+ return nil, fmt.Errorf("put request failed: %w", err)
+ }
+
+ return c.GetKCSAMLConfiguration(ctx)
+}
diff --git a/jans/kc_saml_config_test.go b/jans/kc_saml_config_test.go
new file mode 100644
index 0000000..5f5a4d7
--- /dev/null
+++ b/jans/kc_saml_config_test.go
@@ -0,0 +1,48 @@
+package jans
+
+import (
+ "context"
+ "testing"
+
+ "github.com/google/go-cmp/cmp"
+)
+
+func TestCreateConfig(t *testing.T) {
+ c, err := NewInsecureClient(host, user, pass)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := context.Background()
+
+ config := &KCSAMLConfiguration{
+ ApplicationName: "SomeAPP",
+ Enabled: true,
+ }
+
+ _, err = c.CreateKCSAMLConfiguration(ctx, config)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ pr := []PatchRequest{
+ {
+ Op: "replace",
+ Path: "/applicationName",
+ Value: "UpdatedAPP",
+ },
+ }
+ config, err = c.PatchKCSAMLConfiguration(ctx, pr)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ gotConfig, err := c.GetKCSAMLConfiguration(ctx)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if diff := cmp.Diff(config, gotConfig); diff != "" {
+ t.Errorf("Config mismatch (-want +got):\n%s", diff)
+ }
+}
diff --git a/jans/kc_saml_idp.go b/jans/kc_saml_idp.go
new file mode 100644
index 0000000..4c65059
--- /dev/null
+++ b/jans/kc_saml_idp.go
@@ -0,0 +1,158 @@
+package jans
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+)
+
+type IdentityProviderPagedResult struct {
+ Start int `json:"start"`
+ TotalEntriesCount int `json:"total_entries_count"`
+ EntriesCount int `json:"entries_count"`
+ Entries []IdentityProvider `json:"entries"`
+}
+
+type BrokerIdentityProviderForm struct {
+ IdentityProvider *IdentityProvider `schema:"identity_provider" json:"identityProvider"`
+ MetaDataFile []byte `schema:"metadata_file" json:"metadataFile"`
+}
+
+type IdentityProvider struct {
+ DN string `schema:"dn" json:"dn"`
+ Inum string `schema:"inum" json:"inum"`
+ CreatorId string `schema:"creator_id" json:"creatorId"`
+ Name string `schema:"name" json:"name"`
+ DisplayName string `schema:"display_name" json:"displayName"`
+ Description string `schema:"description" json:"description"`
+ Realm string `schema:"realm" json:"realm"`
+ Enabled bool `schema:"enabled" json:"enabled"`
+ SigningCertificate string `schema:"signing_certificate" json:"signingCertificate"`
+ ValidateSignature string `schema:"validate_signature" json:"validateSignature"`
+ SingleLogoutServiceUrl string `schema:"single_logout_service_url" json:"singleLogoutServiceUrl"`
+ NameIDPolicyFormat string `schema:"name_id_policy_format" json:"nameIDPolicyFormat"`
+ IdpEntityId string `schema:"idp_entity_id" json:"idpEntityId"`
+ SingleSignOnServiceUrl string `schema:"single_sign_on_service_url" json:"singleSignOnServiceUrl"`
+ EncryptionPublicKey string `schema:"encryption_public_key" json:"encryptionPublicKey"`
+ ProviderId string `schema:"provider_id" json:"providerId"`
+ TrustEmail bool `schema:"trust_email" json:"trustEmail"`
+ StoreToken bool `schema:"store_token" json:"storeToken"`
+ AddReadTokenRoleOnCreate bool `schema:"add_read_token_role_on_create" json:"addReadTokenRoleOnCreate"`
+ AuthenticateByDefault bool `schema:"authenticate_by_default" json:"authenticateByDefault"`
+ LinkOnly bool `schema:"link_only" json:"linkOnly"`
+ FirstBrokerLoginFlowAlias string `schema:"first_broker_login_flow_alias" json:"firstBrokerLoginFlowAlias"`
+ PostBrokerLoginFlowAlias string `schema:"post_broker_login_flow_alias" json:"postBrokerLoginFlowAlias"`
+ SpMetaDataURL string `schema:"sp_meta_data_url" json:"spMetaDataURL"`
+ SpMetaDataLocation string `schema:"sp_meta_data_location" json:"spMetaDataLocation"`
+ IdpMetaDataURL string `schema:"idp_meta_data_url" json:"idpMetaDataURL"`
+ IdpMetaDataLocation string `schema:"idp_meta_data_location" json:"idpMetaDataLocation"`
+ Status string `schema:"status" json:"status"`
+ ValidationStatus string `schema:"validation_status" json:"validationStatus"`
+ ValidationLog []string `schema:"validation_log" json:"validationLog"`
+ BaseDn string `schema:"base_dn" json:"baseDn"`
+ ValidUntil string `schema:"valid_until" json:"validUntil"`
+ CacheDuration string `schema:"cache_duration" json:"cacheDuration"`
+}
+
+func (c *Client) createIDPFormData(idp *IdentityProvider, file io.Reader) (map[string]FormField, error) {
+ data := map[string]FormField{}
+
+ if file != nil {
+ data["metaDataFile"] = FormField{
+ Typ: "file",
+ Data: file,
+ }
+ }
+
+ b, err := json.Marshal(idp)
+ if err != nil {
+ return nil, fmt.Errorf("failed to marshal request: %w", err)
+ }
+
+ r := bytes.NewReader(b)
+
+ data["identityProvider"] = FormField{
+ Typ: "json",
+ Data: r,
+ }
+
+ return data, nil
+}
+
+func (c *Client) CreateIDP(ctx context.Context, idp *IdentityProvider, file io.Reader) (*IdentityProvider, error) {
+
+ data, err := c.createIDPFormData(idp, file)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create form data: %w", err)
+ }
+
+ resp := &IdentityProvider{}
+ req, err := c.newParams("POST", "/jans-config-api/kc/saml/idp/upload", resp,
+ c.withToken(ctx, "https://jans.io/idp/saml.write"),
+ c.withFormData(data),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request: %w", err)
+ }
+
+ if err := c.request(ctx, *req); err != nil {
+ return nil, fmt.Errorf("request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) UpdateIDP(ctx context.Context, idp *IdentityProvider, file io.Reader) (*IdentityProvider, error) {
+
+ data, err := c.createIDPFormData(idp, file)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create form data: %w", err)
+ }
+
+ resp := &IdentityProvider{}
+ req, err := c.newParams("PUT", "/jans-config-api/kc/saml/idp/upload", resp,
+ c.withToken(ctx, "https://jans.io/idp/saml.write"),
+ c.withFormData(data),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request: %w", err)
+ }
+
+ if err := c.request(ctx, *req); err != nil {
+ return nil, fmt.Errorf("request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) GetIDP(ctx context.Context, inum string) (*IdentityProvider, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/idp/saml.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ resp := &IdentityProvider{}
+
+ if err = c.get(ctx, "/jans-config-api/kc/saml/idp/"+inum, token, resp); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) DeleteIDP(ctx context.Context, inum string) error {
+
+ token, err := c.getToken(ctx, "https://jans.io/idp/saml.write")
+ if err != nil {
+ return fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.delete(ctx, "/jans-config-api/kc/saml/idp/"+inum, token); err != nil {
+ return fmt.Errorf("delete request failed: %w", err)
+ }
+
+ return nil
+}
diff --git a/jans/kc_saml_idp_test.go b/jans/kc_saml_idp_test.go
new file mode 100644
index 0000000..8c37374
--- /dev/null
+++ b/jans/kc_saml_idp_test.go
@@ -0,0 +1,54 @@
+package jans
+
+import (
+ "context"
+ "testing"
+
+ "github.com/google/go-cmp/cmp"
+)
+
+func TestCreateIDP(t *testing.T) {
+ c, err := NewInsecureClient(host, user, pass)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := context.Background()
+
+ idp := &IdentityProvider{
+ CreatorId: "admin",
+ Description: "Test IDP",
+ DisplayName: "Test IDP",
+ Name: "test-idp",
+ Realm: "jans",
+ NameIDPolicyFormat: "urn:mace:shibboleth:1.0:nameIdentifier",
+ IdpEntityId: "https://moabu-promoted-loon.gluu.info/idp/shibboleth",
+ SingleSignOnServiceUrl: "https://moabu-promoted-loon.gluu.info/idp/profile/SAML2/POST/SSO",
+ }
+
+ idp, err = c.CreateIDP(ctx, idp, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer func() {
+ if err := c.DeleteIDP(ctx, idp.Inum); err != nil {
+ t.Fatal(err)
+ }
+ }()
+
+ idp.Description = "Updated description"
+
+ idp, err = c.UpdateIDP(ctx, idp, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ gotIdp, err := c.GetIDP(ctx, idp.Inum)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if diff := cmp.Diff(idp, gotIdp); diff != "" {
+ t.Errorf("IDP mismatch (-want +got):\n%s", diff)
+ }
+}
diff --git a/jans/kc_saml_tr.go b/jans/kc_saml_tr.go
new file mode 100644
index 0000000..e01e49c
--- /dev/null
+++ b/jans/kc_saml_tr.go
@@ -0,0 +1,166 @@
+package jans
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+)
+
+type TrustRelationshipForm struct {
+ TrustRelationship TrustRelationship `schema:"trustRelationship" json:"trustRelationship"`
+ MetaDataFile []byte `schema:"metaDataFile" json:"metaDataFile"`
+}
+
+type TrustRelationship struct {
+ DN string `schema:"dn" json:"dn"`
+ Inum string `schema:"inum" json:"inum"`
+ Owner string `schema:"owner" json:"owner"`
+ Name string `schema:"name" json:"name"`
+ DisplayName string `schema:"display_name" json:"displayName"`
+ Description string `schema:"description" json:"description"`
+ RootUrl string `schema:"root_url" json:"rootUrl"`
+ AdminUrl string `schema:"admin_url" json:"adminUrl"`
+ BaseUrl string `schema:"base_url" json:"baseUrl"`
+ SurrogateAuthRequired bool `schema:"surrogate_auth_required" json:"surrogateAuthRequired"`
+ Enabled bool `schema:"enabled" json:"enabled"`
+ AlwaysDisplayInConsole bool `schema:"always_display_in_console" json:"alwaysDisplayInConsole"`
+ ClientAuthenticatorType string `schema:"client_authenticator_type" json:"clientAuthenticatorType"`
+ Secret string `schema:"secret" json:"secret"`
+ RegisterationAccessToken string `schema:"registration_access_token" json:"registrationAccessToken"`
+ ConsetRequired bool `schema:"consent_required" json:"consentRequired"`
+ SPMetaDataSourceType string `schema:"sp_meta_data_source_type" json:"spMetaDataSourceType"`
+ SamlMetadata SAMLMetadata `schema:"saml_metadata" json:"samlMetadata"`
+ RedirectUris []string `schema:"redirect_uris" json:"redirectUris"`
+ SPMetaDataURL string `schema:"sp_meta_data_url" json:"spMetaDataURL"`
+ MetaLocation string `schema:"meta_location" json:"metaLocation"`
+ ReleasedAttributes []string `schema:"released_attributes" json:"releasedAttributes"`
+ Url string `schema:"url" json:"url"`
+ SPLogoutURL string `schema:"sp_logout_url" json:"spLogoutURL"`
+ Status string `schema:"status" json:"status"`
+ ValidationStatus string `schema:"validation_status" json:"validationStatus"`
+ ValidationLog []string `schema:"validation_log" json:"validationLog"`
+ ProfileConfigurations ProfileConfigurations `schema:"profile_configurations" json:"profileConfigurations"`
+ BaseDn string `schema:"base_dn" json:"baseDn"`
+}
+
+type SAMLMetadata struct {
+ NameIDPolicyFormat string `schema:"name_id_policy_format" json:"nameIDPolicyFormat"`
+ EntityId string `schema:"entity_id" json:"entityId"`
+ SingleLogoutServiceURL string `schema:"single_logout_service_url" json:"singleLogoutServiceUrl"`
+ JansAssertionConsumerServiceGetURL string `schema:"jans_assertion_consumer_service_get_url" json:"jansAssertionConsumerServiceGetURL"`
+ JansAssertionConsumerServicePostURL string `schema:"jans_assertion_consumer_service_post_url" json:"jansAssertionConsumerServicePostURL"`
+}
+
+type AdditionalProp struct {
+ Name string `schema:"name" json:"name"`
+ SignResponses string `schema:"sign_responses" json:"signResponses"`
+}
+
+type ProfileConfigurations struct {
+ AddtionalProp1 AdditionalProp `schema:"additional_prop1" json:"additionalProp1"`
+ AddtionalProp2 AdditionalProp `schema:"additional_prop2" json:"additionalProp2"`
+ AddtionalProp3 AdditionalProp `schema:"additional_prop3" json:"additionalProp3"`
+}
+
+func (c *Client) createTRFormData(tr *TrustRelationship, file io.Reader) (map[string]FormField, error) {
+ data := map[string]FormField{}
+
+ tr.SPMetaDataSourceType = "manual"
+ if file != nil {
+ data["metaDataFile"] = FormField{
+ Typ: "file",
+ Data: file,
+ }
+ tr.SPMetaDataSourceType = "file"
+ }
+
+ b, err := json.Marshal(tr)
+ if err != nil {
+ return nil, fmt.Errorf("failed to marshal request: %w", err)
+ }
+
+ r := bytes.NewReader(b)
+
+ data["trustRelationship"] = FormField{
+ Typ: "json",
+ Data: r,
+ }
+
+ return data, nil
+}
+
+func (c *Client) CreateTR(ctx context.Context, tr *TrustRelationship, file io.Reader) (*TrustRelationship, error) {
+
+ data, err := c.createTRFormData(tr, file)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create form data: %w", err)
+ }
+
+ resp := &TrustRelationship{}
+ req, err := c.newParams("POST", "/jans-config-api/kc/saml/trust-relationship/upload", resp,
+ c.withToken(ctx, "https://jans.io/oauth/config/saml.write"),
+ c.withFormData(data),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request: %w", err)
+ }
+
+ if err := c.request(ctx, *req); err != nil {
+ return nil, fmt.Errorf("request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) UpdateTR(ctx context.Context, tr *TrustRelationship, file io.Reader) (*TrustRelationship, error) {
+ data, err := c.createTRFormData(tr, file)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create form data: %w", err)
+ }
+
+ resp := &TrustRelationship{}
+ req, err := c.newParams("PUT", "/jans-config-api/kc/saml/trust-relationship/upload", resp,
+ c.withToken(ctx, "https://jans.io/oauth/config/saml.write"),
+ c.withFormData(data),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request: %w", err)
+ }
+
+ if err := c.request(ctx, *req); err != nil {
+ return nil, fmt.Errorf("request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) DeleteTR(ctx context.Context, inum string) error {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml.write")
+ if err != nil {
+ return fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.delete(ctx, "/jans-config-api/kc/saml/trust-relationship/"+inum, token); err != nil {
+ return fmt.Errorf("delete request failed: %w", err)
+ }
+
+ return nil
+}
+
+func (c *Client) GetTR(ctx context.Context, inum string) (*TrustRelationship, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ resp := &TrustRelationship{}
+ if err = c.get(ctx, "/jans-config-api/kc/saml/trust-relationship/id/"+inum, token, resp); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return resp, nil
+}
diff --git a/jans/kc_saml_tr_test.go b/jans/kc_saml_tr_test.go
new file mode 100644
index 0000000..f68f560
--- /dev/null
+++ b/jans/kc_saml_tr_test.go
@@ -0,0 +1,61 @@
+package jans
+
+import (
+ "bytes"
+ "context"
+ _ "embed"
+ "testing"
+
+ "github.com/google/go-cmp/cmp"
+)
+
+//go:embed testdata/metadata.xml
+var metadata []byte
+
+func TestCreateTR(t *testing.T) {
+ c, err := NewInsecureClient(host, user, pass)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := context.Background()
+
+ tr := &TrustRelationship{
+ Name: "My TR7",
+ DisplayName: "Some display name",
+ Description: "Some trust relationship",
+ SPMetaDataSourceType: "file",
+ }
+
+ r := bytes.NewReader(metadata)
+
+ tr, err = c.CreateTR(ctx, tr, r)
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer func() {
+ if err := c.DeleteTR(ctx, tr.Inum); err != nil {
+ t.Fatal(err)
+ }
+ }()
+
+ tr.Description = "Updated description"
+
+ if _, err := r.Seek(0, 0); err != nil {
+ t.Fatal(err)
+ }
+
+ tr, err = c.UpdateTR(ctx, tr, r)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ gotTr, err := c.GetTR(ctx, tr.Inum)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if diff := cmp.Diff(tr, gotTr); diff != "" {
+ t.Errorf("TR mismatch (-want +got):\n%s", diff)
+ }
+}
diff --git a/jans/message.go b/jans/message.go
new file mode 100644
index 0000000..8dc8cdb
--- /dev/null
+++ b/jans/message.go
@@ -0,0 +1,227 @@
+package jans
+
+import (
+ "context"
+ "fmt"
+)
+
+type PostgresMessageConfiguration struct {
+ DriverClassName string `schema:"driver_class_name" json:"driverClassName,omitempty"`
+ DbSchemaName string `schema:"db_schema_name" json:"dbSchemaName,omitempty"`
+ ConnectionUri string `schema:"connection_uri" json:"connectionUri,omitempty"`
+ AuthUserName string `schema:"auth_user_name" json:"authUserName,omitempty"`
+ AuthUserPassword string `schema:"auth_user_password" json:"authUserPassword,omitempty"`
+ ConnectionPoolMaxTotal int32 `schema:"connection_pool_max_total" json:"connectionPoolMaxTotal,omitempty"`
+ ConnectionPoolMaxIdle int32 `schema:"connection_pool_max_idle" json:"connectionPoolMaxIdle,omitempty"`
+ ConnectionPoolMinIdle int32 `schema:"connection_pool_min_idle" json:"connectionPoolMinIdle,omitempty"`
+ MessageWaitMillis int32 `schema:"message_wait_millis" json:"messageWaitMillis,omitempty"`
+ MessageSleepThreadTime int32 `schema:"message_sleep_thread_millis" json:"messageSleepThreadTime,omitempty"`
+}
+
+type RedisMessageConfiguration struct {
+ RedisProviderType string `schema:"redis_provider_type" json:"redisProviderType,omitempty"`
+ Servers string `schema:"servers" json:"servers,omitempty"`
+ DefaultPutExpiration int32 `schema:"default_put_expiration" json:"defaultPutExpiration,omitempty"`
+ SentinelMasterGroupName string `schema:"sentinel_master_group_name" json:"sentinelMasterGroupName,omitempty"`
+ Password string `schema:"password" json:"password,omitempty"`
+ UseSSL bool `schema:"use_ssl" json:"useSSL,omitempty"`
+ SslTrustStoreFilePath string `schema:"ssl_trust_store_file_path" json:"sslTrustStoreFilePath,omitempty"`
+ SslTrustStorePassword string `schema:"ssl_trust_store_password" json:"sslTrustStorePassword,omitempty"`
+ SslKeyStoreFilePath string `schema:"ssl_key_store_file_path" json:"sslKeyStoreFilePath,omitempty"`
+ SslKeyStorePassword string `schema:"ssl_key_store_password" json:"sslKeyStorePassword,omitempty"`
+ MaxIdleConnections int32 `schema:"max_idle_connections" json:"maxIdleConnections,omitempty"`
+ MaxTotalConnections int32 `schema:"max_total_connections" json:"maxTotalConnections,omitempty"`
+ ConnectionTimeout int32 `schema:"connection_timeout" json:"connectionTimeout,omitempty"`
+ SoTimeout int32 `schema:"so_timeout" json:"soTimeout,omitempty"`
+ MaxRetryAttempts int32 `schema:"max_retry_attempts" json:"maxRetryAttempts,omitempty"`
+}
+
+type MessageConfiguration struct {
+ MessageProviderType string `schema:"message_provider_type" json:"messageProviderType,omitempty"`
+ RedisConfiguration *RedisMessageConfiguration `schema:"redis_configuration" json:"redisConfiguration,omitempty"`
+ PostgresConfiguration *PostgresMessageConfiguration `schema:"postgres_configuration" json:"postgresConfiguration,omitempty"`
+}
+
+func (c *Client) GetMessage(ctx context.Context) (*MessageConfiguration, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ resp := &MessageConfiguration{}
+
+ if err = c.get(ctx, "/jans-config-api/api/v1/config/message", token, resp); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) PatchMessage(ctx context.Context, patches []PatchRequest) (*MessageConfiguration, error) {
+
+ if len(patches) == 0 {
+ return c.GetMessage(ctx)
+ }
+
+ orig, err := c.GetMessage(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get fido2 configuration: %w", err)
+ }
+
+ updates, err := createPatchesDiff(orig, patches)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create patches: %w", err)
+ }
+
+ if len(updates) == 0 {
+ return orig, nil
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.patch(ctx, "/jans-config-api/api/v1/config/message", token, updates); err != nil {
+ return nil, fmt.Errorf("patch request failed: %w", err)
+ }
+
+ return c.GetMessage(ctx)
+}
+
+func (c *Client) GetMessagePostgres(ctx context.Context) (*PostgresMessageConfiguration, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ resp := &PostgresMessageConfiguration{}
+
+ if err = c.get(ctx, "/jans-config-api/api/v1/config/message/postgres", token, resp); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) CreateMessagePostgres(ctx context.Context, postgres *PostgresMessageConfiguration) (*PostgresMessageConfiguration, error) {
+
+ if postgres == nil {
+ return nil, fmt.Errorf("postgres is nil")
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ ret := &PostgresMessageConfiguration{}
+
+ if err := c.put(ctx, "/jans-config-api/api/v1/config/message/postgres", token, postgres, ret); err != nil {
+ return nil, fmt.Errorf("put request failed: %w", err)
+ }
+
+ return ret, nil
+}
+
+func (c *Client) PatchMessagePostgres(ctx context.Context, patches []PatchRequest) (*PostgresMessageConfiguration, error) {
+
+ if len(patches) == 0 {
+ return c.GetMessagePostgres(ctx)
+ }
+
+ orig, err := c.GetMessagePostgres(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get fido2 configuration: %w", err)
+ }
+
+ updates, err := createPatchesDiff(orig, patches)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create patches: %w", err)
+ }
+
+ if len(updates) == 0 {
+ return orig, nil
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.patch(ctx, "/jans-config-api/api/v1/config/message/postgres", token, updates); err != nil {
+ return nil, fmt.Errorf("patch request failed: %w", err)
+ }
+
+ return c.GetMessagePostgres(ctx)
+}
+
+func (c *Client) GetMessageRedis(ctx context.Context) (*RedisMessageConfiguration, error) {
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ resp := &RedisMessageConfiguration{}
+
+ if err = c.get(ctx, "/jans-config-api/api/v1/config/message/redis", token, resp); err != nil {
+ return nil, fmt.Errorf("get request failed: %w", err)
+ }
+
+ return resp, nil
+}
+
+func (c *Client) CreateMessageRedis(ctx context.Context, redis *RedisMessageConfiguration) (*RedisMessageConfiguration, error) {
+
+ if redis == nil {
+ return nil, fmt.Errorf("redis is nil")
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ ret := &RedisMessageConfiguration{}
+
+ if err := c.put(ctx, "/jans-config-api/api/v1/config/message/redis", token, redis, ret); err != nil {
+ return nil, fmt.Errorf("put request failed: %w", err)
+ }
+
+ return ret, nil
+}
+
+func (c *Client) PatchMessageRedis(ctx context.Context, patches []PatchRequest) (*RedisMessageConfiguration, error) {
+
+ if len(patches) == 0 {
+ return c.GetMessageRedis(ctx)
+ }
+
+ orig, err := c.GetMessageRedis(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get fido2 configuration: %w", err)
+ }
+
+ updates, err := createPatchesDiff(orig, patches)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create patches: %w", err)
+ }
+
+ if len(updates) == 0 {
+ return orig, nil
+ }
+
+ token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write")
+ if err != nil {
+ return nil, fmt.Errorf("failed to get token: %w", err)
+ }
+
+ if err := c.patch(ctx, "/jans-config-api/api/v1/config/message/redis", token, updates); err != nil {
+ return nil, fmt.Errorf("patch request failed: %w", err)
+ }
+
+ return c.GetMessageRedis(ctx)
+}
diff --git a/jans/oidc_client.go b/jans/oidc_client.go
index abc0038..0318c2b 100644
--- a/jans/oidc_client.go
+++ b/jans/oidc_client.go
@@ -32,6 +32,7 @@ type OidcClientAttribute struct {
RedirectUrisRegex string `schema:"redirect_uris_regex" json:"redirectUrisRegex,omitempty"`
JansAuthorizedAcr []string `schema:"jans_authorized_acr" json:"jansAuthorizedAcr,omitempty"`
JansDefaultPromptLogin bool `schema:"jans_default_prompt_login" json:"jansDefaultPromptLogin,omitempty"`
+ TxTokenLifetime int `schema:"tx_token_lifetime" json:"txTokenLifetime,omitempty"`
IdTokenLifetime int `schema:"id_token_lifetime" json:"idTokenLifetime,omitempty"`
AllowOfflineAccessWithoutConsent bool `schema:"allow_offline_access_without_consent" json:"allowOfflineAccessWithoutConsent,omitempty"`
MinimumAcrLevel int `schema:"minimum_acr_level" json:"minimumAcrLevel,omitempty"`
@@ -40,6 +41,13 @@ type OidcClientAttribute struct {
MinimumAcrPriorityList []string `schema:"minimum_acr_priority_list" json:"minimumAcrPriorityList,omitempty"`
RequestedLifetime int `schema:"requested_lifetime" json:"requestedLifetime,omitempty"`
Evidence string `schema:"evidence" json:"evidence,omitempty"`
+ IntrospectionSignedResponseAlg string `schema:"introspection_signed_response_alg" json:"introspectionSignedResponseAlg,omitempty"`
+ IntrospectionEncryptedResponseAlg string `schema:"introspection_encrypted_response_alg" json:"introspectionEncryptedResponseAlg,omitempty"`
+ IntrospectionEncryptedResponseEnc string `schema:"introspection_encrypted_response_enc" json:"introspectionEncryptedResponseEnc,omitempty"`
+ TxTokenSignedResponseAlg string `schema:"tx_token_signed_response_alg" json:"txTokenSignedResponseAlg,omitempty"`
+ TxTokenEncryptedResponseAlg string `schema:"tx_token_encrypted_response_alg" json:"txTokenEncryptedResponseAlg,omitempty"`
+ TxTokenEncryptedResponseEnc string `schema:"tx_token_encrypted_response_enc" json:"txTokenEncryptedResponseEnc,omitempty"`
+ AuthorizationDetailsTypes []string `schema:"authorization_details_types" json:"authorizationDetailsTypes,omitempty"`
}
// OidcClient is the definition of an OpenId Connect Client.
@@ -118,7 +126,6 @@ type OidcClient struct {
Groups []string `schema:"groups" json:"groups,omitempty"`
Ttl int `schema:"ttl" json:"ttl,omitempty"`
DisplayName string `schema:"display_name" json:"displayName,omitempty"`
- AuthenticationMethod string `schema:"authentication_method" json:"authenticationMethod,omitempty"`
BaseDn string `schema:"base_dn" json:"baseDn,omitempty"`
Inum string `schema:"inum" json:"inum,omitempty"`
}
@@ -136,7 +143,9 @@ func (c *Client) GetOidcClients(ctx context.Context) ([]OidcClient, error) {
}
ret := response{}
- if err := c.get(ctx, "/jans-config-api/api/v1/openid/clients", token, &ret); err != nil {
+ if err := c.get(ctx, "/jans-config-api/api/v1/openid/clients", token, &ret, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/jans/oidc_client_test.go b/jans/oidc_client_test.go
index 972d321..750b5c4 100644
--- a/jans/oidc_client_test.go
+++ b/jans/oidc_client_test.go
@@ -178,9 +178,9 @@ func TestOIDCClient(t *testing.T) {
// Groups: []string{},
// Ttl: 3600,
DisplayName: "SCIM client",
- AuthenticationMethod: "client_secret_basic",
BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans",
Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e",
+ // TODO: Add new encryption algs
}
createdClient, err := client.CreateOidcClient(ctx, &newClient)
diff --git a/jans/scope.go b/jans/scope.go
index 1a738d0..21444bb 100644
--- a/jans/scope.go
+++ b/jans/scope.go
@@ -49,11 +49,9 @@ func (c *Client) GetScopes(ctx context.Context) ([]Scope, error) {
ret := response{}
- queryParams := map[string]string{
- "limit": "100",
- }
-
- if err := c.get(ctx, "/jans-config-api/api/v1/scopes", token, &ret, queryParams); err != nil {
+ if err := c.get(ctx, "/jans-config-api/api/v1/scopes", token, &ret, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/jans/script.go b/jans/script.go
index 163d5e6..cc08165 100644
--- a/jans/script.go
+++ b/jans/script.go
@@ -66,7 +66,9 @@ func (c *Client) GetScripts(ctx context.Context) ([]Script, error) {
ret := response{}
- if err := c.get(ctx, "/jans-config-api/api/v1/config/scripts", token, &ret); err != nil {
+ if err := c.get(ctx, "/jans-config-api/api/v1/config/scripts", token, &ret, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/jans/testdata/metadata.xml b/jans/testdata/metadata.xml
new file mode 100644
index 0000000..fab84ed
--- /dev/null
+++ b/jans/testdata/metadata.xml
@@ -0,0 +1,8 @@
+
+
+ urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+
+
+
+
diff --git a/jans/uma_resource.go b/jans/uma_resource.go
index 20d204a..0d4f693 100644
--- a/jans/uma_resource.go
+++ b/jans/uma_resource.go
@@ -38,7 +38,9 @@ func (c *Client) GetUMAResources(ctx context.Context) ([]UMAResource, error) {
}
ret := response{}
- if err := c.get(ctx, "/jans-config-api/api/v1/uma/resources", token, &ret); err != nil {
+ if err := c.get(ctx, "/jans-config-api/api/v1/uma/resources", token, &ret, map[string]string{
+ "limit": "5",
+ }); err != nil {
return nil, fmt.Errorf("get request failed: %w", err)
}
diff --git a/provider/provider.go b/provider/provider.go
index 68adc30..02206b8 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -65,31 +65,34 @@ func Provider() *schema.Provider {
// Provider automatically handles routing operations such as Apply,
// Diff, etc. to the proper resource.
ResourcesMap: map[string]*schema.Resource{
- "jans_admin_ui_permission": resourceAdminUIPermission(),
- "jans_admin_ui_role": resourceAdminUIRole(),
- "jans_admin_ui_role_permission_mapping": resourceAdminUIRolePermissionMapping(),
- "jans_agama_deployment": resourceAgamaDeployment(),
- "jans_api_app_configuration": resourceApiAppConfiguration(),
- "jans_app_configuration": resourceAppConfiguration(),
- "jans_attribute": resourceAttribute(),
- "jans_cache_configuration": resourceCacheConfiguration(),
- "jans_custom_user": resourceCustomUser(),
- "jans_default_authentication_method": resourceDefaultAuthenticationMethod(),
- "jans_fido_device": resourceFidoDevice(),
- "jans_fido2_configuration": resourceFido2Configuration(),
- "jans_fido2_device": resourceFido2Device(),
- "jans_group": resourceGroup(),
- "jans_json_web_key": resourceJsonWebKey(),
- "jans_ldap_database_configuration": resourceLDAPDatabaseConfiguration(),
- "jans_logging_configuration": resourceLoggingConfiguration(),
- "jans_oidc_client": resourceOidcClient(),
- "jans_organization": resourceOrganization(),
- "jans_scim_app_configuration": resourceScimAppConfiguration(),
- "jans_scope": resourceScope(),
- "jans_script": resourceScript(),
- "jans_smtp_configuration": resourceSmtpConfiguration(),
- "jans_uma_resource": resourceUMAResource(),
- "jans_user": resourceUser(),
+ // "jans_admin_ui_permission": resourceAdminUIPermission(),
+ // "jans_admin_ui_role": resourceAdminUIRole(),
+ // "jans_admin_ui_role_permission_mapping": resourceAdminUIRolePermissionMapping(),
+ "jans_agama_deployment": resourceAgamaDeployment(),
+ "jans_api_app_configuration": resourceApiAppConfiguration(),
+ "jans_app_configuration": resourceAppConfiguration(),
+ "jans_attribute": resourceAttribute(),
+ "jans_cache_configuration": resourceCacheConfiguration(),
+ "jans_custom_user": resourceCustomUser(),
+ "jans_default_authentication_method": resourceDefaultAuthenticationMethod(),
+ "jans_fido_device": resourceFidoDevice(),
+ "jans_fido2_configuration": resourceFido2Configuration(),
+ "jans_fido2_device": resourceFido2Device(),
+ "jans_group": resourceGroup(),
+ "jans_json_web_key": resourceJsonWebKey(),
+ "jans_kc_saml_configuration": resourceKCSamlConfiguration(),
+ "jans_kc_saml_identity_provider": resourceKCSamlIDP(),
+ "jans_kc_saml_trust_relationship": resourceKCSamlTR(),
+ "jans_ldap_database_configuration": resourceLDAPDatabaseConfiguration(),
+ "jans_logging_configuration": resourceLoggingConfiguration(),
+ "jans_oidc_client": resourceOidcClient(),
+ "jans_organization": resourceOrganization(),
+ "jans_scim_app_configuration": resourceScimAppConfiguration(),
+ "jans_scope": resourceScope(),
+ "jans_script": resourceScript(),
+ "jans_smtp_configuration": resourceSmtpConfiguration(),
+ "jans_uma_resource": resourceUMAResource(),
+ "jans_user": resourceUser(),
},
// DataSourcesMap is the collection of available data sources that
diff --git a/provider/resource_admin_permission_test.go b/provider/resource_admin_permission_test.go
index 5aeebdb..2815b11 100644
--- a/provider/resource_admin_permission_test.go
+++ b/provider/resource_admin_permission_test.go
@@ -1,17 +1,6 @@
package provider
-import (
- "context"
- "errors"
- "fmt"
- "testing"
-
- "github.com/google/go-cmp/cmp"
- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
- "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
- "github.com/jans/terraform-provider-jans/jans"
-)
-
+/*
func TestAdminUIPermission_Mapping(t *testing.T) {
schema := resourceAdminUIPermission()
@@ -112,3 +101,4 @@ func testAccReourceCheckAdminUIPermissionDestroy(s *terraform.State) error {
return nil
}
+*/
diff --git a/provider/resource_admin_role_permission_mapping_test.go b/provider/resource_admin_role_permission_mapping_test.go
index 0fb4f7a..f00d2e2 100644
--- a/provider/resource_admin_role_permission_mapping_test.go
+++ b/provider/resource_admin_role_permission_mapping_test.go
@@ -1,17 +1,6 @@
package provider
-import (
- "context"
- "errors"
- "fmt"
- "testing"
-
- "github.com/google/go-cmp/cmp"
- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
- "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
- "github.com/jans/terraform-provider-jans/jans"
-)
-
+/*
func TestAdminUIRolePermissionMapping_Mapping(t *testing.T) {
schema := resourceAdminUIRolePermissionMapping()
@@ -128,3 +117,4 @@ func testAccResourceCheckAdminUIRolePermissionMappingDestroy(s *terraform.State)
return nil
}
+*/
diff --git a/provider/resource_admin_role_test.go b/provider/resource_admin_role_test.go
index 7835f19..5242242 100644
--- a/provider/resource_admin_role_test.go
+++ b/provider/resource_admin_role_test.go
@@ -1,17 +1,6 @@
package provider
-import (
- "context"
- "errors"
- "fmt"
- "testing"
-
- "github.com/google/go-cmp/cmp"
- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
- "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
- "github.com/jans/terraform-provider-jans/jans"
-)
-
+/*
func TestAdminUIRole_Mapping(t *testing.T) {
schema := resourceAdminUIRole()
@@ -115,3 +104,4 @@ func testAccResourceCheckAdminUIRoleDestroy(s *terraform.State) error {
return nil
}
+*/
diff --git a/provider/resource_app_configuration.go b/provider/resource_app_configuration.go
old mode 100644
new mode 100755
index 547f946..7b5ccc6
--- a/provider/resource_app_configuration.go
+++ b/provider/resource_app_configuration.go
@@ -225,6 +225,12 @@ func resourceAppConfiguration() *schema.Resource {
Description: "URL of the OP's JSON Web Key Set (JWK) document. This contains the signing key(s) the RP uses to validate signatures from the OP. Example: https://server.example.com/restv1/jwks",
ValidateDiagFunc: validateURL,
},
+ "archived_jwks_uri": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Archved URLs of the OP's JSON Web Key Set (JWK) document.",
+ ValidateDiagFunc: validateURL,
+ },
"openid_discovery_endpoint": {
Type: schema.TypeString,
Optional: true,
@@ -366,11 +372,21 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value true allow all value for revoke endpoint.",
},
+ "allow_revoke_for_other_clients": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Boolean value ture allow revoke for other clients.",
+ },
"sector_identifier_cache_lifetime_in_minutes": {
Type: schema.TypeInt,
Optional: true,
Description: "The cache lifetime in minutes of the sector identifier.",
},
+ "archived_jwk_lifetime_in_seconds": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "The archived jwk lifetime in seconds.",
+ },
"uma_configuration_endpoint": {
Type: schema.TypeString,
Optional: true,
@@ -524,6 +540,7 @@ func resourceAppConfiguration() *schema.Resource {
"implicit",
"password",
"refresh_token",
+ "tx_token",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:uma-ticket",
@@ -623,6 +640,72 @@ func resourceAppConfiguration() *schema.Resource {
},
},
},
+ "introspection_signing_alg_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, signingAlgs)
+ },
+ },
+ },
+ "introspection_encryption_alg_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, encryptionAlgs)
+ },
+ },
+ },
+ "introspection_encryption_enc_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, encryptionEnc)
+ },
+ },
+ },
+ "tx_token_signing_alg_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint.`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, signingAlgs)
+ },
+ },
+ },
+ "tx_token_encryption_alg_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint.`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, encryptionAlgs)
+ },
+ },
+ },
+ "tx_token_encryption_enc_values_supported": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint.`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+ return validateEnum(v, encryptionEnc)
+ },
+ },
+ },
"id_token_signing_alg_values_supported": {
Type: schema.TypeList,
Optional: true,
@@ -897,6 +980,11 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "The lifetime of the Refresh Token.",
},
+ "tx_token_lifetime": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "The lifetime of the Token Exchange Token.",
+ },
"id_token_lifetime": {
Type: schema.TypeInt,
Optional: true,
@@ -907,6 +995,16 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value specifying whether idToken filters claims based on accessToken.",
},
+ "save_tokens_in_cache": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Boolean value specifying whether to save token in cache.",
+ },
+ "save_tokens_in_cache_and_dont_save_in_persistence": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Boolean value specifying whether to save token in cache and don't save in persistence.",
+ },
"access_token_lifetime": {
Type: schema.TypeInt,
Optional: true,
@@ -1216,6 +1314,11 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.",
},
+ "session_id_cookie_lifetime": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.",
+ },
"server_session_id_lifetime": {
Type: schema.TypeInt,
Optional: true,
@@ -1246,7 +1349,7 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: `List of the OAuth 2.0 Grant Type values that it's possible to set via client
registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token',
- 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'.`,
+ 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
@@ -1361,34 +1464,6 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Specifies static decryption Kid",
},
- "jans_eleven_test_mode_token": {
- Type: schema.TypeString,
- Optional: true,
- Description: "jansEleven Test Mode Token.",
- },
- "jans_eleven_generate_key_endpoint": {
- Type: schema.TypeString,
- Optional: true,
- Description: "URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey",
- ValidateDiagFunc: validateURL,
- },
- "jans_eleven_sign_endpoint": {
- Type: schema.TypeString,
- Optional: true,
- Description: "URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign",
- ValidateDiagFunc: validateURL,
- },
- "jans_eleven_verify_signature_endpoint": {
- Type: schema.TypeString,
- Optional: true,
- Description: "URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature",
- ValidateDiagFunc: validateURL,
- },
- "jans_eleven_delete_key_endpoint": {
- Type: schema.TypeString,
- Optional: true,
- Description: "URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey",
- },
"introspection_access_token_must_have_uma_protection_scope": {
Type: schema.TypeBool,
Optional: true,
@@ -1404,6 +1479,11 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Specifies if authorization to be skipped for introspection.",
},
+ "introspection_restrict_basic_authn_to_own_tokens": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Specifies if basic authentication to be restricted to own tokens.",
+ },
"end_session_with_access_token": {
Type: schema.TypeBool,
Optional: true,
@@ -1983,6 +2063,33 @@ func resourceAppConfiguration() *schema.Resource {
Description: "List of feature flags.",
Elem: &schema.Schema{
Type: schema.TypeString,
+ ValidateDiagFunc: func(i interface{}, p cty.Path) diag.Diagnostics {
+
+ enums := []string{
+ "UNKNOWN",
+ "HEALTH_CHECK",
+ "USERINFO",
+ "CLIENTINFO",
+ "ID_GENERATION",
+ "REGISTRATION",
+ "INTROSPECTION",
+ "REVOKE_TOKEN",
+ "REVOKE_SESSION",
+ "ACTIVE_SESSION",
+ "END_SESSION",
+ "STATUS_SESSION",
+ "JANS_CONFIGURATION",
+ "CIBA",
+ "UMA",
+ "U2F",
+ "DEVICE_AUTHZ",
+ "METRIC",
+ "STAT",
+ "PAR",
+ "SSA",
+ }
+ return validateEnum(i, enums)
+ },
},
},
"http_logging_enabled": {
@@ -2026,10 +2133,6 @@ func resourceAppConfiguration() *schema.Resource {
Type: schema.TypeString,
Optional: true,
},
- "serializer_type": {
- Type: schema.TypeString,
- Optional: true,
- },
"max_items_logged_in_collections": {
Type: schema.TypeInt,
Optional: true,
@@ -2054,6 +2157,16 @@ func resourceAppConfiguration() *schema.Resource {
Type: schema.TypeString,
Optional: true,
},
+ "serialize_rules": {
+ Type: schema.TypeMap,
+ Optional: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeList,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
"default_response_headers": {
Type: schema.TypeMap,
Optional: true,
@@ -2107,6 +2220,26 @@ func resourceAppConfiguration() *schema.Resource {
Optional: true,
Description: "Boolean value specifying whether to skip authentication filter for options method calls.",
},
+ "lock_message_config": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Lock message configuration.",
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enable_id_token_messages": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Boolean value specifying whether to enable ID Token messages.",
+ },
+ "id_token_messages_channel": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "ID Token messages channel.",
+ },
+ },
+ },
+ },
"fapi": {
Type: schema.TypeBool,
Optional: true,
diff --git a/provider/resource_fido2_configuration_test.go b/provider/resource_fido2_configuration_test.go
index d46c81c..bd5c0d3 100644
--- a/provider/resource_fido2_configuration_test.go
+++ b/provider/resource_fido2_configuration_test.go
@@ -21,10 +21,10 @@ func TestResourceFido2Config_Mapping(t *testing.T) {
Issuer: "https://moabu-21f13b7c-9069-ad58-5685-852e6d236020.gluu.info",
BaseEndpoint: "https://moabu-21f13b7c-9069-ad58-5685-852e6d236020.gluu.info/jans-fido2/restv1",
CleanServiceInterval: 60,
- CleanServiceBatchChunkSize: 10000,
+ CleanServiceBatchChunkSize: 100,
UseLocalCache: true,
DisableJdkLogger: true,
- LoggingLevel: "INFO",
+ LoggingLevel: "",
LoggingLayout: "text",
ExternalLoggerConfiguration: "",
MetricReporterEnabled: true,
@@ -62,8 +62,8 @@ func TestResourceFido2Config_Mapping(t *testing.T) {
t.Fatal(err)
}
- if len(patches) != 22 {
- t.Errorf("Got %d patches, expected 22", len(patches))
+ if len(patches) != 21 {
+ t.Errorf("Got %d patches, expected 21", len(patches))
}
if err := fromSchemaResource(data, &newCfg); err != nil {
@@ -112,11 +112,11 @@ func testAccResourceCheckFido2ConfigurationImport(states []*terraform.InstanceSt
found = true
- if err := checkAttribute(is, "clean_service_batch_chunk_size", "10000"); err != nil {
+ if err := checkAttribute(is, "clean_service_batch_chunk_size", "100"); err != nil {
return err
}
- if err := checkAttribute(is, "logging_level", "INFO"); err != nil {
+ if err := checkAttribute(is, "logging_level", ""); err != nil {
return err
}
diff --git a/provider/resource_kc_saml_config.go b/provider/resource_kc_saml_config.go
new file mode 100644
index 0000000..f321f54
--- /dev/null
+++ b/provider/resource_kc_saml_config.go
@@ -0,0 +1,230 @@
+package provider
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func resourceKCSamlConfiguration() *schema.Resource {
+
+ return &schema.Resource{
+ Description: "Resource for managing Keycloak SAML Configuration.",
+ CreateContext: resourceKCSamlConfigurationCreate,
+ ReadContext: resourceKCSamlConfigurationRead,
+ UpdateContext: resourceKCSamlConfigurationUpdate,
+ DeleteContext: resourceUntrackOnDelete,
+ Importer: &schema.ResourceImporter{
+ StateContext: schema.ImportStatePassthroughContext,
+ },
+ Schema: map[string]*schema.Schema{
+ "application_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Application name.",
+ },
+ "saml_trust_relationship_dn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SAML trust relationship DN.",
+ },
+ "trusted_idp_dn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Trusted IDP DN.",
+ },
+ "enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Whether the configuration should be enabled or not.",
+ },
+ "slected_idp": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Selected IDP.",
+ },
+ "server_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Server URL.",
+ },
+ "realm": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Realm.",
+ },
+ "client_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client ID.",
+ },
+ "client_secret": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client Secret.",
+ },
+ "grant_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Grant Type.",
+ },
+ "scope": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Scope.",
+ },
+ "username": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Username.",
+ },
+ "password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Password.",
+ },
+ "sp_metadata_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP Metadata URL.",
+ },
+ "token_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Token URL.",
+ },
+ "idp_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP URL.",
+ },
+ "idp_metadata_import_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP Metadata Import URL.",
+ },
+ "idp_root_dir": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP Root Directory.",
+ },
+ "idp_metadata_dir": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP Metadata Directory.",
+ },
+ "idp_metadata_temp_dir": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP Metadata Temporary Directory.",
+ },
+ "idp_metadata_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP Metadata File.",
+ },
+ "sp_metadata_dir": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP Metadata Directory.",
+ },
+ "sp_metadata_temp_dir": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP Metadata Temporary Directory.",
+ },
+ "sp_metadata_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP Metadata File.",
+ },
+ "ignore_validation": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Ignore Validation.",
+ },
+ "idp_metadata_mandatory_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "IDP Metadata Mandatory Attributes.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "kc_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "KC Attributes.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "kc_saml_config": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "KC SAML Config..",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ }
+}
+
+func resourceKCSamlConfigurationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+ var saml jans.KCSAMLConfiguration
+
+ if err := fromSchemaResource(d, &saml); err != nil {
+ return diag.Errorf("failed to read resource: %s", err.Error())
+ }
+
+ tflog.Debug(ctx, "Creating new KCSAMLConfiguration", map[string]interface{}{"message": saml})
+ if _, err := c.CreateKCSAMLConfiguration(ctx, &saml); err != nil {
+ return diag.Errorf("failed to create KCSAMLConfiguration: %s", err.Error())
+ }
+
+ return resourceKCSamlConfigurationRead(ctx, d, meta)
+}
+
+func resourceKCSamlConfigurationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ saml, err := c.GetKCSAMLConfiguration(ctx)
+ if err != nil {
+ return diag.Errorf("failed to get KCSAMLConfiguration: %s", err.Error())
+ }
+
+ if err := toSchemaResource(d, saml); err != nil {
+ return diag.Errorf("failed to write resource: %s", err.Error())
+ }
+
+ tflog.Debug(ctx, "KCSAMLConfiguration read")
+
+ return nil
+}
+
+func resourceKCSamlConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ var saml jans.KCSAMLConfiguration
+ patches, err := patchFromResourceData(d, &saml)
+ if err != nil {
+ return diag.Errorf("failed to read resource: %s", err.Error())
+ }
+
+ tflog.Debug(ctx, "Updating KCSAMLConfiguration", map[string]interface{}{"message": saml})
+ if _, err := c.PatchKCSAMLConfiguration(ctx, patches); err != nil {
+ return diag.Errorf("failed to update KCSAMLConfiguration: %s", err.Error())
+ }
+
+ tflog.Debug(ctx, "KCSAMLConfiguration updated")
+
+ return resourceKCSamlConfigurationRead(ctx, d, meta)
+}
diff --git a/provider/resource_kc_saml_idp.go b/provider/resource_kc_saml_idp.go
new file mode 100644
index 0000000..1d58c7c
--- /dev/null
+++ b/provider/resource_kc_saml_idp.go
@@ -0,0 +1,272 @@
+package provider
+
+import (
+ "context"
+
+ "github.com/hashicorp/go-cty/cty"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func resourceKCSamlIDP() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Keycloak SAML Identity Provider.",
+ CreateContext: resourceKCSamlIDPCreate,
+ ReadContext: resourceKCSamlIDPRead,
+ UpdateContext: resourceKCSamlIDPUpdate,
+ DeleteContext: resourceKCSamlIDPDelete,
+ Schema: map[string]*schema.Schema{
+ "dn": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "DN of the identity provider.",
+ },
+ "inum": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Inum of the identity provider.",
+ },
+ "creator_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Creator ID of the identity provider.",
+ },
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Name of the identity provider.",
+ },
+ "display_name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Display name of the identity provider.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Description of the identity provider.",
+ },
+ "realm": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Realm of the identity provider.",
+ },
+ "enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: true,
+ Description: "Status of the identity provider.",
+ },
+ "signing_certificate": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Signing certificate of the identity provider.",
+ },
+ "validate_signature": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Validate signature of the identity provider.",
+ },
+ "single_logout_service_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Single logout service URL of the identity provider.",
+ },
+ "name_id_policy_format": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Name ID policy format of the identity provider.",
+ },
+ "idp_entity_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP entity ID of the identity provider.",
+ },
+ "single_sign_on_service_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Single sign on service URL of the identity provider.",
+ },
+ "encryption_public_key": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Encryption public key of the identity provider.",
+ },
+ "provider_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Provider ID of the identity provider.",
+ },
+ "trust_email": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Trust email of the identity provider.",
+ },
+ "store_token": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Store token of the identity provider.",
+ },
+ "add_read_token_role_on_create": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Add read token role on create of the identity provider.",
+ },
+ "authenticate_by_default": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Authenticate by default of the identity provider.",
+ },
+ "link_only": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Link only of the identity provider.",
+ },
+ "first_broker_login_flow_alias": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "First broker login flow alias of the identity provider.",
+ },
+ "post_broker_login_flow_alias": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Post broker login flow alias of the identity provider.",
+ },
+ "sp_meta_data_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP metadata URL of the identity provider.",
+ },
+ "sp_meta_data_location": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP metadata location of the identity provider.",
+ },
+ "idp_meta_data_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP metadata URL of the identity provider.",
+ },
+ "idp_meta_data_location": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IDP metadata location of the identity provider.",
+ },
+ "status": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Status of the identity provider.",
+ ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics {
+ enums := []string{"active", "inactive", "expired", "register"}
+ return validateEnum(v, enums)
+ },
+ },
+ "validation_status": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Validation status of the identity provider.",
+ ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics {
+ enums := []string{"In Progress", "Success", "Scheduled", "Failed"}
+ return validateEnum(v, enums)
+ },
+ },
+ "validation_log": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Validation log of the identity provider.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "base_dn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Base DN of the identity provider.",
+ },
+ "valid_until": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Valid until of the identity provider.",
+ },
+ "cache_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Cache duration of the identity provider.",
+ },
+ "metadata_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Metadata file location for the trust relationship.",
+ },
+ },
+ }
+}
+
+func resourceKCSamlIDPCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ idp, f, err := handleMetadataFile[jans.IdentityProvider](d)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ ip, err := c.CreateIDP(ctx, idp, f)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "New Identity Provider created", map[string]interface{}{"inum": ip.Inum})
+
+ return resourceKCSamlIDPRead(ctx, d, meta)
+}
+
+func resourceKCSamlIDPRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+ c := meta.(*jans.Client)
+
+ ip, err := c.GetIDP(ctx, d.Get("inum").(string))
+ if err != nil {
+ return handleNotFoundError(ctx, err, d)
+ }
+
+ if err := toSchemaResource(d, ip); err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "Identity Provider read")
+
+ return nil
+}
+
+func resourceKCSamlIDPDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+ c := meta.(*jans.Client)
+
+ inum := d.Get("inum").(string)
+ tflog.Debug(ctx, "Deleting Identity Provider", map[string]any{"inum": inum})
+ if err := c.DeleteIDP(ctx, inum); err != nil {
+ return diag.FromErr(err)
+ }
+ tflog.Debug(ctx, "Identity Provider deleted", map[string]any{"inum": inum})
+
+ return resourceKCSamlIDPRead(ctx, d, meta)
+}
+
+func resourceKCSamlIDPUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+ c := meta.(*jans.Client)
+
+ idp, f, err := handleMetadataFile[jans.IdentityProvider](d)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ ip, err := c.UpdateIDP(ctx, idp, f)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "Identity Provider updated", map[string]interface{}{"inum": ip.Inum})
+
+ return resourceKCSamlIDPRead(ctx, d, meta)
+}
diff --git a/provider/resource_kc_saml_tr.go b/provider/resource_kc_saml_tr.go
new file mode 100644
index 0000000..c5dbd4f
--- /dev/null
+++ b/provider/resource_kc_saml_tr.go
@@ -0,0 +1,316 @@
+package provider
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "os"
+
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func resourceKCSamlTR() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Keycloak SAML Trust Relationship.",
+ CreateContext: resourceKCSamlTRCreate,
+ ReadContext: resourceKCSamlTRRead,
+ UpdateContext: resourceKCSamlTRUpdate,
+ DeleteContext: resourceKCSamlTRDelete,
+ Schema: map[string]*schema.Schema{
+ "dn": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "DN of the identity provider.",
+ },
+ "inum": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Inum of the identity provider.",
+ },
+ "owner": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Owner of the trust relationship.",
+ },
+ "name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Name of the trust relationship.",
+ },
+ "display_name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Display name of the trust relationship.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Description of the trust relationship.",
+ },
+ "root_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Root URL of the trust relationship.",
+ },
+ "admin_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Admin URL of the trust relationship.",
+ },
+ "base_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Base URL of the trust relationship.",
+ },
+ "surrogate_auth_required": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Surrogate auth required of the trust relationship.",
+ },
+ "enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Status of the trust relationship.",
+ },
+ "always_display_in_console": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Always display in console of the trust relationship.",
+ },
+ "client_authenticator_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authenticator type of the trust relationship.",
+ },
+ "secret": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Secret of the trust relationship.",
+ },
+ "registration_access_token": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Registration access token of the trust relationship.",
+ },
+ "consent_required": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Consent required of the trust relationship.",
+ },
+ "metadata_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Metadata file location for the trust relationship.",
+ AtLeastOneOf: []string{"saml_metadata"},
+ },
+ "saml_metadata": {
+ Type: schema.TypeList,
+ Optional: true,
+ AtLeastOneOf: []string{"metadata_file"},
+ Description: "SAML metadata of the trust relationship.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name_id_policy_format": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Name ID policy format of the trust relationship.",
+ },
+ "entity_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Entity ID of the trust relationship.",
+ },
+ "single_logout_service_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Single logout service URL of the trust relationship.",
+ },
+ "jans_assertion_consumer_service_get_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Jans assertion consumer service GET URL of the trust relationship.",
+ },
+ "jans_assertion_consumer_service_post_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Jans assertion consumer service POST URL of the trust relationship.",
+ },
+ },
+ },
+ MaxItems: 1,
+ },
+ "redirect_uris": {
+ Type: schema.TypeList,
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Description: "Redirect URIs of the trust relationship.",
+ },
+ "sp_meta_data_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP metadata URL of the trust relationship.",
+ },
+ "meta_location": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Meta location of the trust relationship.",
+ },
+ "released_attributes": {
+ Type: schema.TypeList,
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Description: "Released attributes of the trust relationship.",
+ },
+ "url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "URL of the trust relationship.",
+ },
+ "sp_logout_url": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SP logout URL of the trust relationship.",
+ },
+ "status": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Status of the trust relationship.",
+ },
+ "validation_status": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Validation status of the trust relationship.",
+ },
+ "validation_log": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Validation log of the trust relationship.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "profile_configurations": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Profile configurations of the trust relationship.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "additional_prop1": additionalPropSchema(),
+ "additional_prop2": additionalPropSchema(),
+ "additional_prop3": additionalPropSchema(),
+ },
+ },
+ MaxItems: 1,
+ },
+ "base_dn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Base DN of the trust relationship.",
+ },
+ },
+ }
+}
+
+func additionalPropSchema() *schema.Schema {
+ return &schema.Schema{
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Additional prop of the trust relationship.",
+ Elem: &schema.Schema{Type: schema.TypeString},
+ MaxItems: 1,
+ }
+}
+
+func resourceKCSamlTRRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+
+ c := m.(*jans.Client)
+
+ tr, err := c.GetTR(ctx, d.Get("inum").(string))
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ if err := toSchemaResource(d, tr); err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "ResourceKCSamlTRRead: Read trust relationship: inum=%s, dn=%s", map[string]any{"Inum": tr.Inum})
+
+ return nil
+}
+
+func resourceKCSamlTRCreate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+
+ c := m.(*jans.Client)
+
+ tr, f, err := handleMetadataFile[jans.TrustRelationship](d)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ tr, err = c.CreateTR(ctx, tr, f)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ return resourceKCSamlTRRead(ctx, d, m)
+}
+
+func resourceKCSamlTRUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ tr, f, err := handleMetadataFile[jans.TrustRelationship](d)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ tr, err = c.UpdateTR(ctx, tr, f)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ return resourceKCSamlTRRead(ctx, d, meta)
+}
+
+func resourceKCSamlTRDelete(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+ c := m.(*jans.Client)
+
+ inum := d.Get("inum").(string)
+ tflog.Debug(ctx, "Deleting trust relationship: inum=%s", map[string]any{"Inum": inum})
+ if err := c.DeleteTR(ctx, inum); err != nil {
+ return diag.FromErr(err)
+ }
+ tflog.Debug(ctx, "Deleted trust relationship: inum=%s", map[string]any{"Inum": inum})
+
+ return resourceKCSamlTRRead(ctx, d, m)
+}
+
+func handleMetadataFile[T any](d *schema.ResourceData) (*T, io.Reader, error) {
+ req := new(T)
+
+ err := fromSchemaResource(d, req)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ v, ok := d.GetOk("metadata_file")
+ if !ok {
+ return req, nil, nil
+ }
+
+ loc, ok := v.(string)
+ if !ok {
+ return nil, nil, fmt.Errorf("expected type string, got %T", v)
+ }
+
+ f, err := os.Open(loc)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to open file: %w", err)
+ }
+
+ return req, f, nil
+}
diff --git a/provider/resource_message.go b/provider/resource_message.go
new file mode 100644
index 0000000..a867b38
--- /dev/null
+++ b/provider/resource_message.go
@@ -0,0 +1,266 @@
+package provider
+
+import (
+ "context"
+
+ "github.com/hashicorp/go-cty/cty"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/jans/terraform-provider-jans/jans"
+)
+
+func resourceMessageConfiguration() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Message Configuration.",
+ CreateContext: resourceMessageConfigurationCreate,
+ ReadContext: resourceMessageConfigurationRead,
+ UpdateContext: resourceMessageConfigurationUpdate,
+ DeleteContext: resourceUntrackOnDelete,
+ Importer: &schema.ResourceImporter{
+ StateContext: schema.ImportStatePassthroughContext,
+ },
+ Schema: map[string]*schema.Schema{
+ "message_provider_type": {
+ Type: schema.TypeString,
+ Required: true,
+ ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics {
+
+ enums := []string{"DISABLED", "REDIS", "POSTGRES"}
+ return validateEnum(v, enums)
+ },
+ Description: "Message provider type.",
+ },
+ "postgres_configuration": {
+ Type: schema.TypeList,
+ Required: true,
+ Description: "Postgres configuration.",
+ Elem: resourcePostgresConfiguration(),
+ MaxItems: 1,
+ },
+ "redis_configuration": {
+ Type: schema.TypeList,
+ Required: true,
+ Description: "Postgres configuration.",
+ Elem: resourceRedisConfiguration(),
+ MaxItems: 1,
+ },
+ },
+ }
+}
+
+func resourceNullConfiguration() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Null Configuration.",
+ }
+}
+
+func resourcePostgresConfiguration() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Postgres Configuration.",
+ Schema: map[string]*schema.Schema{
+ "driver_class_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Driver class name.",
+ },
+ "db_schema_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Name of the database schema.",
+ },
+ "connection_uri": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Connection URI of the database.",
+ },
+ "auth_user_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Username for authenticating.",
+ },
+ "auth_user_password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Password for authenticating.",
+ },
+ "connection_pool_max_total": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Maximum number of connections.",
+ },
+ "connection_pool_max_idle": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Maximum number of idle connections.",
+ },
+ "connection_pool_min_idle": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Minimum number of idle connections.",
+ },
+ "message_wait_millis": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Time to wait for a message.",
+ },
+ "message_sleep_thread_millis": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Time to sleep for a message.",
+ },
+ },
+ }
+}
+
+func resourceRedisConfiguration() *schema.Resource {
+ return &schema.Resource{
+ Description: "Resource for managing Redis Configuration.",
+ Schema: map[string]*schema.Schema{
+ "redis_provider_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
+
+ enums := []string{"STANDALONE", "CLUSTER", "SHARED", "SENTINEL"}
+ return validateEnum(v, enums)
+ },
+ Description: "Redis provider type.",
+ },
+ "servers": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Redis servers.",
+ },
+ "default_put_expiration": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Default put expiration.",
+ },
+ "sentinel_master_group_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Sentinel master group name.",
+ },
+ "password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Password for authenticating.",
+ },
+ "use_ssl": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Whether to use SSL.",
+ },
+ "ssl_trust_store_file_path": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SSL trust store file path.",
+ },
+ "ssl_trust_store_password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SSL trust store password.",
+ },
+ "ssl_key_store_file_path": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SSL key store file path.",
+ },
+ "ssl_key_store_password": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "SSL key store password.",
+ },
+ "max_idle_connections": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Maximum number of idle connections.",
+ },
+ "max_total_connections": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Maximum number of connections.",
+ },
+ "connection_timeout": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Connection timeout.",
+ },
+ "so_timeout": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "SO timeout.",
+ },
+ "max_retry_attempts": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Maximum number of retry attempts.",
+ },
+ },
+ }
+}
+
+func resourceMessageConfigurationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+ var message jans.MessageConfiguration
+
+ if err := fromSchemaResource(d, &message); err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "Creating new Message Configuration")
+ if message.MessageProviderType == "NULL" {
+ return diag.Errorf("Message provider type cannot be NULL")
+ } else if message.MessageProviderType == "REDIS" && message.RedisConfiguration != nil {
+ if _, err := c.CreateMessageRedis(ctx, message.RedisConfiguration); err != nil {
+ return diag.FromErr(err)
+ }
+ } else if message.MessageProviderType == "POSTGRES" && message.PostgresConfiguration != nil {
+ if _, err := c.CreateMessagePostgres(ctx, message.PostgresConfiguration); err != nil {
+ return diag.FromErr(err)
+ }
+ }
+
+ tflog.Debug(ctx, "New Message Configuration created", map[string]interface{}{"message_provider_type": message.MessageProviderType})
+
+ return resourceMessageConfigurationRead(ctx, d, meta)
+}
+
+func resourceMessageConfigurationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ message, err := c.GetMessage(ctx)
+ if err != nil {
+ return handleNotFoundError(ctx, err, d)
+ }
+
+ if err := toSchemaResource(d, message); err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "Message Configuration read")
+
+ return nil
+}
+
+func resourceMessageConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+
+ c := meta.(*jans.Client)
+
+ var message jans.MessageConfiguration
+ patches, err := patchFromResourceData(d, &message)
+ if err != nil {
+ return diag.FromErr(err)
+ }
+
+ if _, err := c.PatchMessage(ctx, patches); err != nil {
+ return diag.FromErr(err)
+ }
+
+ tflog.Debug(ctx, "Message Configuration updated", map[string]interface{}{"message_provider_type": message.MessageProviderType})
+
+ return resourceMessageConfigurationRead(ctx, d, meta)
+}
diff --git a/provider/resource_oidc_client.go b/provider/resource_oidc_client.go
index a52edf1..d7eedd0 100644
--- a/provider/resource_oidc_client.go
+++ b/provider/resource_oidc_client.go
@@ -313,7 +313,7 @@ func resourceOidcClient() *schema.Resource {
Description: "Requested Client Authentication method for the Token Endpoint.",
ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
- enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "tls_client_auth", "none"}
+ enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "access_token", "tls_client_auth", "self_signed_tls_client_auth", "none"}
return validateEnum(v, enums)
},
},
@@ -651,6 +651,11 @@ func resourceOidcClient() *schema.Resource {
Description: `sets prompt=login to the authorization request, which causes the authorization server
to force the user to sign in again before it will show the authorization prompt.`,
},
+ "tx_token_lifetime": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "Specifies the Client-specific TX Token expiration.",
+ },
"id_token_lifetime": {
Type: schema.TypeInt,
Optional: true,
@@ -697,6 +702,44 @@ func resourceOidcClient() *schema.Resource {
Optional: true,
Description: "Specifies the evidence that the client presents to the authorization server.",
},
+ "introspection_signed_response_alg": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWS alg algorithm (JWA) required for signing the introspection response.",
+ },
+ "introspection_encrypted_response_alg": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWE alg algorithm (JWA) required for encrypting the introspection response.",
+ },
+ "introspection_encrypted_response_enc": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWE enc algorithm (JWA) required for encrypting the introspection response.",
+ },
+ "tx_token_signed_response_alg": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWS alg algorithm (JWA) required for signing the TX Token response.",
+ },
+ "tx_token_encrypted_response_alg": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWE alg algorithm (JWA) required for encrypting the TX Token response.",
+ },
+ "tx_token_encrypted_response_enc": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "JWE enc algorithm (JWA) required for encrypting the TX Token response.",
+ },
+ "authorization_details_types": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "List of authorization details types.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
},
},
},
@@ -763,17 +806,6 @@ func resourceOidcClient() *schema.Resource {
Optional: true,
Description: "Display name of the client.",
},
- "authentication_method": {
- Type: schema.TypeString,
- Optional: true,
- Description: "",
- ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics {
-
- enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt",
- "private_key_jwt", "access_token", "tls_client_auth", "self_signed_tls_client_auth", "none"}
- return validateEnum(v, enums)
- },
- },
"base_dn": {
Type: schema.TypeString,
Computed: true,
diff --git a/provider/resource_oidc_client_test.go b/provider/resource_oidc_client_test.go
index 15afabf..77be717 100644
--- a/provider/resource_oidc_client_test.go
+++ b/provider/resource_oidc_client_test.go
@@ -76,11 +76,11 @@ func TestReourceOidcClient_Mapping(t *testing.T) {
Description: "Test client",
Organization: "inum=1200.33AFBA,ou=scopes,o=jans",
// Groups: []string{},
- Ttl: 3600,
- DisplayName: "SCIM client",
- AuthenticationMethod: "client_secret_basic",
- BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans",
- Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e",
+ Ttl: 3600,
+ DisplayName: "SCIM client",
+ BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans",
+ Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e",
+ // TODO: Add new encryption algs
}
if err := toSchemaResource(data, client); err != nil {
@@ -124,7 +124,6 @@ func testAccResourceOidcClientConfig_basic() string {
return `
resource "jans_oidc_client" "test" {
inum = "1201.d52300ed-8193-510e-b31d-5829f4af346e"
- authentication_method = "client_secret_basic"
token_endpoint_auth_method = "client_secret_basic"
application_type = "web"
display_name = "SCIM client"
diff --git a/provider/resource_script.go b/provider/resource_script.go
index 568187b..4876eae 100644
--- a/provider/resource_script.go
+++ b/provider/resource_script.go
@@ -88,10 +88,12 @@ func resourceScript() *schema.Resource {
"persistence_extension",
"idp",
"discovery",
+ "authz_detail",
"update_token",
"config_api_auth",
"modify_ssa_response",
"fido2_extension",
+ "lock_extension",
}
return validateEnum(v, enums)
},