From 207fb2eba56f31a5376dd4f314191b0fb1921065 Mon Sep 17 00:00:00 2001 From: mo-auto <54212639+mo-auto@users.noreply.github.com> Date: Thu, 14 Mar 2024 09:10:31 +0000 Subject: [PATCH] fix(terraform-provider-jans): update terraform provider Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com> --- CHANGELOG.md | 14 + README.md | 1 - docs/data-sources/custom_script_types.md | 11 +- docs/data-sources/fido2_configuration.md | 2 - docs/data-sources/persistence_config.md | 2 - docs/data-sources/plugins.md | 2 - docs/data-sources/schema.md | 2 - docs/data-sources/service_provider_config.md | 2 - docs/index.md | 10 + docs/resources/agama_deployment.md | 9 +- docs/resources/app_configuration.md | 33 +- docs/resources/custom_user.md | 2 - .../default_authentication_method.md | 2 - docs/resources/fido2_configuration.md | 2 - docs/resources/fido2_device.md | 2 - docs/resources/fido_device.md | 2 - docs/resources/group.md | 2 - docs/resources/json_web_key.md | 2 - docs/resources/ldap_database_configuration.md | 2 - docs/resources/logging_configuration.md | 2 - docs/resources/oidc_client.md | 11 +- docs/resources/organization.md | 2 - docs/resources/scim_app_configuration.md | 2 - docs/resources/scope.md | 11 +- docs/resources/script.md | 2 - docs/resources/smtp_configuration.md | 2 - docs/resources/uma_resource.md | 2 - docs/resources/user.md | 2 - go.mod | 52 +-- go.sum | 248 ++++++-------- jans/app_configuration.go | 50 ++- jans/attributes.go | 4 +- jans/client.go | 122 +++++++ jans/custom_user.go | 4 +- jans/kc_saml_config.go | 100 ++++++ jans/kc_saml_config_test.go | 48 +++ jans/kc_saml_idp.go | 158 +++++++++ jans/kc_saml_idp_test.go | 54 +++ jans/kc_saml_tr.go | 166 +++++++++ jans/kc_saml_tr_test.go | 61 ++++ jans/message.go | 227 +++++++++++++ jans/oidc_client.go | 13 +- jans/oidc_client_test.go | 2 +- jans/scope.go | 8 +- jans/script.go | 4 +- jans/testdata/metadata.xml | 8 + jans/uma_resource.go | 4 +- provider/provider.go | 53 +-- provider/resource_admin_permission_test.go | 14 +- ...urce_admin_role_permission_mapping_test.go | 14 +- provider/resource_admin_role_test.go | 14 +- provider/resource_app_configuration.go | 199 +++++++++-- provider/resource_fido2_configuration_test.go | 12 +- provider/resource_kc_saml_config.go | 230 +++++++++++++ provider/resource_kc_saml_idp.go | 272 +++++++++++++++ provider/resource_kc_saml_tr.go | 316 ++++++++++++++++++ provider/resource_message.go | 266 +++++++++++++++ provider/resource_oidc_client.go | 56 +++- provider/resource_oidc_client_test.go | 11 +- provider/resource_script.go | 2 + 60 files changed, 2558 insertions(+), 374 deletions(-) create mode 100644 jans/kc_saml_config.go create mode 100644 jans/kc_saml_config_test.go create mode 100644 jans/kc_saml_idp.go create mode 100644 jans/kc_saml_idp_test.go create mode 100644 jans/kc_saml_tr.go create mode 100644 jans/kc_saml_tr_test.go create mode 100644 jans/message.go create mode 100644 jans/testdata/metadata.xml mode change 100644 => 100755 provider/resource_app_configuration.go create mode 100644 provider/resource_kc_saml_config.go create mode 100644 provider/resource_kc_saml_idp.go create mode 100644 provider/resource_kc_saml_tr.go create mode 100644 provider/resource_message.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bf6959..bf1bd34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## [1.1.0](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.2...v1.1.0) (2024-03-12) + + +### Features + +* add KC and sync with upstream APIs + + +### Bug Fixes + +* oidc backchannel_user_code_parameter schema type +* sync with upstream +* update readme + ## [0.8.2](https://github.com/JanssenProject/terraform-provider-jans/compare/v0.8.1...v0.8.2) (2023-11-09) diff --git a/README.md b/README.md index b6da780..f5d2819 100644 --- a/README.md +++ b/README.md @@ -42,4 +42,3 @@ If any of those 3 parameters is not provided, the provider will not be able to c Optionally, users can also set the following variables: * `insecure_client` - If set to `true`, the provider will not verify the TLS certificate of the Janssen server. This is useful for testing purposes and should not be used in production, unless absolutely unavoidable. - diff --git a/docs/data-sources/custom_script_types.md b/docs/data-sources/custom_script_types.md index 0ee8509..5851311 100644 --- a/docs/data-sources/custom_script_types.md +++ b/docs/data-sources/custom_script_types.md @@ -10,7 +10,16 @@ description: |- Data source for retrieving supported custom script types. +## Example Usage +```terraform +data "jans_custom_script_types" "script_types" { +} + +output "script_type_client_registration_enabled" { + value = contains(data.jans_custom_script_types.script_types, "client_registration") +} +``` ## Schema @@ -19,5 +28,3 @@ Data source for retrieving supported custom script types. - `id` (String) The ID of this resource. - `types` (List of String) A list of support custom script types. - - diff --git a/docs/data-sources/fido2_configuration.md b/docs/data-sources/fido2_configuration.md index 546330a..bd58d11 100644 --- a/docs/data-sources/fido2_configuration.md +++ b/docs/data-sources/fido2_configuration.md @@ -22,5 +22,3 @@ Data source for retrieving the Fido2 configuration of the Janssen server - `id` (String) The ID of this resource. - `issuer` (String) A URI indicating the party operating the FIDO U2F server. - `version` (String) The version of the FIDO2 U2F core protocol to which this server conforms. The value MUST be the string 1.0. - - diff --git a/docs/data-sources/persistence_config.md b/docs/data-sources/persistence_config.md index 7bc43d3..8aa520c 100644 --- a/docs/data-sources/persistence_config.md +++ b/docs/data-sources/persistence_config.md @@ -28,5 +28,3 @@ output "persistence_config" { - `id` (String) The ID of this resource. - `persistence_type` (String) - - diff --git a/docs/data-sources/plugins.md b/docs/data-sources/plugins.md index 38c17e5..d339f54 100644 --- a/docs/data-sources/plugins.md +++ b/docs/data-sources/plugins.md @@ -28,5 +28,3 @@ Read-Only: - `class_name` (String) - `description` (String) - `name` (String) - - diff --git a/docs/data-sources/schema.md b/docs/data-sources/schema.md index 707b6b8..7b339be 100644 --- a/docs/data-sources/schema.md +++ b/docs/data-sources/schema.md @@ -102,5 +102,3 @@ Read-Only: - `last_modified` (String) - `location` (String) - `resource_type` (String) - - diff --git a/docs/data-sources/service_provider_config.md b/docs/data-sources/service_provider_config.md index bbd027d..990fb88 100644 --- a/docs/data-sources/service_provider_config.md +++ b/docs/data-sources/service_provider_config.md @@ -112,5 +112,3 @@ Read-Only: Read-Only: - `supported` (Boolean) - - diff --git a/docs/index.md b/docs/index.md index dcef440..d8a3e14 100644 --- a/docs/index.md +++ b/docs/index.md @@ -15,6 +15,16 @@ To use the provider, you need to provide the URL of the Jansen instance, as well as valid credentials that have access to the Janssen instance. ```terraform +terraform { + required_version = ">= 0.12.0" + required_providers { + janssen = { + source = "JanssenProject/jans" + version = "0.6.0" + } + } +} + provider "jans" { url = "https://test-instnace.jans.io" client_id = "1800.3d29d884-e56b-47ac-83ab-b37942b83a89" diff --git a/docs/resources/agama_deployment.md b/docs/resources/agama_deployment.md index 6b7bd47..101df43 100644 --- a/docs/resources/agama_deployment.md +++ b/docs/resources/agama_deployment.md @@ -18,9 +18,14 @@ Resource for managing agama authentication flow deployments. ### Required - `deployment_file` (String) Path to the deployment file (in zip format) -- `deployment_file_hash` (String) Hash of the deployment file, used to detect changes. - `name` (String) Agama project name +### Optional + +- `autoconfigure` (Boolean) Passing 'true' will make this project be configured with the sample configurations + found in the provided binary archive. This param should rarely be passed: use only in controlled + environments where the archive is not shared with third parties + ### Read-Only - `base_dn` (String) Agama deployment base DN @@ -28,5 +33,3 @@ Resource for managing agama authentication flow deployments. - `dn` (String) Agama deployment DN - `id` (String) Agama deployment ID - `task_active` (Boolean) Boolean value with default value false. - - diff --git a/docs/resources/app_configuration.md b/docs/resources/app_configuration.md index b5155d1..068e4b5 100644 --- a/docs/resources/app_configuration.md +++ b/docs/resources/app_configuration.md @@ -35,7 +35,10 @@ resource "jans_app_configuration" "global" { - `allow_end_session_with_unmatched_sid` (Boolean) Boolean value specifying whether to allow end session with unmatched SID. - `allow_id_token_without_implicit_grant_type` (Boolean) Specifies if a token without implicit grant types is allowed. - `allow_post_logout_redirect_without_validation` (Boolean) Allows post logout redirect without validation for End Session Endpoint. +- `allow_revoke_for_other_clients` (Boolean) Boolean value ture allow revoke for other clients. - `allow_spontaneous_scopes` (Boolean) Specifies whether to allow spontaneous scopes. +- `archived_jwk_lifetime_in_seconds` (Number) The archived jwk lifetime in seconds. +- `archived_jwks_uri` (String) Archved URLs of the OP's JSON Web Key Set (JWK) document. - `authentication_filters` (Block List) List of authentication filters. (see [below for nested schema](#nestedblock--authentication_filters)) - `authentication_filters_enabled` (Boolean) Boolean value specifying whether to enable user authentication filters. - `authentication_protection_configuration` (Block List, Max: 1) Authentication Brute Force Protection Configuration. (see [below for nested schema](#nestedblock--authentication_protection_configuration)) @@ -126,7 +129,7 @@ resource "jans_app_configuration" "global" { - `dpop_use_nonce` (Boolean) Demonstration of Proof-of-Possession (DPoP) nonce usage. - `dynamic_grant_type_default` (List of String) List of the OAuth 2.0 Grant Type values that it's possible to set via client registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token', - 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'. + 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'. - `dynamic_registration_allowed_password_grant_scopes` (List of String) List of grant scopes for dynamic registration. - `dynamic_registration_custom_attributes` (List of String) Custom attributes for the Dynamic registration. One of 'jansTrustedClnt'. - `dynamic_registration_custom_object_class` (String) LDAP custom object class for dynamic registration. @@ -179,17 +182,16 @@ resource "jans_app_configuration" "global" { - `include_sid_in_response` (Boolean) Boolean value specifying whether to include sessionId in response. - `introspection_access_token_must_have_introspection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have introspection scope. - `introspection_access_token_must_have_uma_protection_scope` (Boolean) Reject introspection requests if access_token in Authorization header does not have uma_protection scope. +- `introspection_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint +- `introspection_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint - `introspection_endpoint` (String) URL for the Introspection Endpoint. Example: https://server.example.com/restv1/introspection - `introspection_response_scopes_backward_compatibility` (Boolean) +- `introspection_restrict_basic_authn_to_own_tokens` (Boolean) Specifies if basic authentication to be restricted to own tokens. - `introspection_script_backward_compatibility` (Boolean) Boolean value specifying whether switch off client's introspection scripts (true value) and run all scripts that exists on server. +- `introspection_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint - `introspection_skip_authorization` (Boolean) Specifies if authorization to be skipped for introspection. - `invalidate_session_cookies_after_authorization_flow` (Boolean) Boolean value to specify whether to invalidate 'session_id' and 'consent_session_id' cookies right after successful or unsuccessful authorization. - `issuer` (String) URL using the https scheme that OP asserts as Issuer identifier. Example: https://server.example.com/ -- `jans_eleven_delete_key_endpoint` (String) URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey -- `jans_eleven_generate_key_endpoint` (String) URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey -- `jans_eleven_sign_endpoint` (String) URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign -- `jans_eleven_test_mode_token` (String) jansEleven Test Mode Token. -- `jans_eleven_verify_signature_endpoint` (String) URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature - `jans_id` (String) URL for the Inum generator Service. Example: https://server.example.com/oxid/service/jans/inum - `jans_open_id_connect_version` (String) OpenID Connect Version. Example: openidconnect-1.0 - `jms_broker_uri_set` (List of String) JMS Broker URI Set. @@ -208,6 +210,7 @@ resource "jans_app_configuration" "global" { - `key_store_file` (String) The Key Store File (JKS). Example: /etc/certs/jans-auth-keys.jks - `key_store_secret` (String) The password of the Key Store. - `legacy_id_token_claims` (Boolean) Include Claims in ID Token. +- `lock_message_config` (Block List, Max: 1) Lock message configuration. (see [below for nested schema](#nestedblock--lock_message_config)) - `log_client_id_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client ID on client authentication. - `log_client_name_on_client_authentication` (Boolean) Boolean value to specify if application should log the Client Name on client authentication. - `log_not_found_entity_as_error` (Boolean) Boolean value specifying whether to log not found entity as error. @@ -277,10 +280,13 @@ resource "jans_app_configuration" "global" { - `return_device_secret_from_authz_endpoint` (Boolean) Boolean value to specify if the device secret should be returned by the authz endpoint. - `rotate_client_registration_access_token_on_usage` (Boolean) Boolean value specifying whether to rotate client registration access token on usage. - `rotate_device_secret` (Boolean) Enable/Disable device secret rotation. +- `save_tokens_in_cache` (Boolean) Boolean value specifying whether to save token in cache. +- `save_tokens_in_cache_and_dont_save_in_persistence` (Boolean) Boolean value specifying whether to save token in cache and don't save in persistence. - `sector_identifier_cache_lifetime_in_minutes` (Number) The cache lifetime in minutes of the sector identifier. - `server_session_id_lifetime` (Number) The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime. - `service_documentation` (String) URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. Example: http://gluu.org/docs +- `session_id_cookie_lifetime` (Number) The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends. - `session_id_lifetime` (Number) The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends. - `session_id_persist_in_cache` (Boolean) Boolean value specifying whether to persist session_id in cache. - `session_id_persist_on_prompt_none` (Boolean) Boolean value specifying whether to persist session ID on prompt none. @@ -309,6 +315,10 @@ resource "jans_app_configuration" "global" { - `token_revocation_endpoint` (String) The URL for the access_token or refresh_token revocation endpoint. Example: https://server.example.com/restv1/revoke - `trusted_client_enabled` (Boolean) Boolean value specifying whether a client is trusted and no authorization is required. - `trusted_ssa_issuers` (Block List) List of trusted SSA issuers. (see [below for nested schema](#nestedblock--trusted_ssa_issuers)) +- `tx_token_encryption_alg_values_supported` (List of String) A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint. +- `tx_token_encryption_enc_values_supported` (List of String) A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint. +- `tx_token_lifetime` (Number) The lifetime of the Token Exchange Token. +- `tx_token_signing_alg_values_supported` (List of String) A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint. - `ui_locales_supported` (List of String) Languages and scripts supported for the user interface. One of "en", "bg", "de", "es", "fr", "it", "ru", "tr". - `uma_add_scopes_automatically` (Boolean) Add scopes automatically. - `uma_configuration_endpoint` (String) URL for the UMA Configuration Endpoint. Example: https://server.example.com/restv1/uma2-configuration @@ -354,7 +364,7 @@ Optional: - `page_mismatch_error_page` (String) - `root_dir` (String) - `scripts_path` (String) -- `serializer_type` (String) +- `serialize_rules` (Map of List of String) - `templates_path` (String) @@ -464,6 +474,15 @@ Read-Only: - `id` (String) The ID of this resource. + +### Nested Schema for `lock_message_config` + +Optional: + +- `enable_id_token_messages` (Boolean) Boolean value specifying whether to enable ID Token messages. +- `id_token_messages_channel` (String) ID Token messages channel. + + ### Nested Schema for `ssa_configuration` diff --git a/docs/resources/custom_user.md b/docs/resources/custom_user.md index 85eb7b7..b0263cb 100644 --- a/docs/resources/custom_user.md +++ b/docs/resources/custom_user.md @@ -78,5 +78,3 @@ Optional: - `display_value` (String) Display value for the attribute. - `value` (String) Value for the attribute. - - diff --git a/docs/resources/default_authentication_method.md b/docs/resources/default_authentication_method.md index 3c8fadb..962813e 100644 --- a/docs/resources/default_authentication_method.md +++ b/docs/resources/default_authentication_method.md @@ -28,5 +28,3 @@ resource "jans_default_authentication_method" "global" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/fido2_configuration.md b/docs/resources/fido2_configuration.md index f8d12ce..e893203 100644 --- a/docs/resources/fido2_configuration.md +++ b/docs/resources/fido2_configuration.md @@ -103,5 +103,3 @@ Optional: - `domains` (List of String) Requested Party domains. - `name` (String) Name of the requested party. - - diff --git a/docs/resources/fido2_device.md b/docs/resources/fido2_device.md index 57a871d..e3fc3ea 100644 --- a/docs/resources/fido2_device.md +++ b/docs/resources/fido2_device.md @@ -41,5 +41,3 @@ Read-Only: - `last_modified` (String) - `location` (String) - `resource_type` (String) - - diff --git a/docs/resources/fido_device.md b/docs/resources/fido_device.md index e2ec533..01b25dd 100644 --- a/docs/resources/fido_device.md +++ b/docs/resources/fido_device.md @@ -48,5 +48,3 @@ Read-Only: - `last_modified` (String) - `location` (String) - `resource_type` (String) - - diff --git a/docs/resources/group.md b/docs/resources/group.md index a766762..24ccff7 100644 --- a/docs/resources/group.md +++ b/docs/resources/group.md @@ -79,5 +79,3 @@ Read-Only: - `last_modified` (String) - `location` (String) - `resource_type` (String) - - diff --git a/docs/resources/json_web_key.md b/docs/resources/json_web_key.md index 7aa79b8..424ef70 100644 --- a/docs/resources/json_web_key.md +++ b/docs/resources/json_web_key.md @@ -60,5 +60,3 @@ resource "jans_json_web_key" "test" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/ldap_database_configuration.md b/docs/resources/ldap_database_configuration.md index d977d09..e6cbcaa 100644 --- a/docs/resources/ldap_database_configuration.md +++ b/docs/resources/ldap_database_configuration.md @@ -57,5 +57,3 @@ resource "jans_ldap_database_configuration" "test" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/logging_configuration.md b/docs/resources/logging_configuration.md index 9ea405a..f453c31 100644 --- a/docs/resources/logging_configuration.md +++ b/docs/resources/logging_configuration.md @@ -39,5 +39,3 @@ resource "jans_logging_configuration" "global" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/oidc_client.md b/docs/resources/oidc_client.md index 1ba4b31..2ab9f0e 100644 --- a/docs/resources/oidc_client.md +++ b/docs/resources/oidc_client.md @@ -31,7 +31,6 @@ description: |- localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the http scheme with localhost as the hostname. - `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--attributes)) -- `authentication_method` (String) - `authorized_origins` (List of String) Specifies authorized JavaScript origins. - `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests. @@ -135,6 +134,7 @@ Optional: - `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods. - `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent. - `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client. +- `authorization_details_types` (List of String) List of authorization details types. - `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when true. Default value is false. - `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. @@ -142,7 +142,10 @@ Optional: - `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required. - `evidence` (String) Specifies the evidence that the client presents to the authorization server. - `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration. +- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response. +- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response. - `introspection_scripts` (List of String) List of introspection scripts. +- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response. - `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses. - `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses. - `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses. @@ -167,6 +170,10 @@ Optional: - `spontaneous_scopes` (List of String) List of spontaneous scope regular expression. - `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which the OAuth client will use in mutual TLS authentication. +- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response. +- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response. +- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration. +- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response. - `update_token_script_dns` (List of String) List of update token scripts. @@ -183,5 +190,3 @@ Optional: - `display_value` (String) Display value for the attribute. - `value` (String) Value for the attribute. - - diff --git a/docs/resources/organization.md b/docs/resources/organization.md index 5144910..1f7a632 100644 --- a/docs/resources/organization.md +++ b/docs/resources/organization.md @@ -50,5 +50,3 @@ resource "jans_organization" "global" { - `base_dn` (String) - `dn` (String) - `id` (String) The ID of this resource. - - diff --git a/docs/resources/scim_app_configuration.md b/docs/resources/scim_app_configuration.md index 2c794eb..a6e4d3c 100644 --- a/docs/resources/scim_app_configuration.md +++ b/docs/resources/scim_app_configuration.md @@ -60,5 +60,3 @@ resource "jans_scim_app_configuration" "global" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/scope.md b/docs/resources/scope.md index e21bce6..8e00252 100644 --- a/docs/resources/scope.md +++ b/docs/resources/scope.md @@ -91,7 +91,6 @@ Optional: localhost as the hostname. Native Clients must only register redirect_uris using custom URI schemes or URLs using the http scheme with localhost as the hostname. - `attributes` (Block List, Max: 1) (see [below for nested schema](#nestedblock--clients--attributes)) -- `authentication_method` (String) - `authorized_origins` (List of String) Specifies authorized JavaScript origins. - `backchannel_authentication_request_signing_alg` (String) The JWS algorithm alg value that the Client will use for signing authentication request, as described in Section 7.1.1. of OAuth 2.0 [RFC6749]. When omitted, the Client will not send signed authentication requests. @@ -194,6 +193,7 @@ Optional: - `additional_token_endpoint_auth_methods` (List of String) List of additional token endpoint authentication methods. - `allow_offline_access_without_consent` (Boolean) Specifies whether to allow offline access without consent. - `allow_spontaneous_scopes` (Boolean) boolean, whether to allow spontaneous scopes for client. +- `authorization_details_types` (List of String) List of authorization details types. - `backchannel_logout_session_required` (Boolean) Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when true. Default value is false. - `backchannel_logout_uri` (List of String) List of RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. @@ -201,7 +201,10 @@ Optional: - `dpop_bound_access_token` (Boolean) boolean value to indicate if DPoP bound access token is required. - `evidence` (String) Specifies the evidence that the client presents to the authorization server. - `id_token_lifetime` (Number) Specifies the Client-specific ID Token expiration. +- `introspection_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the introspection response. +- `introspection_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the introspection response. - `introspection_scripts` (List of String) List of introspection scripts. +- `introspection_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the introspection response. - `jans_auth_enc_resp_alg` (String) JWE alg algorithm JWA required for encrypting authorization responses. - `jans_auth_enc_resp_enc` (String) JWE enc algorithm JWA required for encrypting auhtorization responses. - `jans_auth_signed_resp_alg` (String) JWS alg algorithm JWA required for signing authorization responses. @@ -226,6 +229,10 @@ Optional: - `spontaneous_scopes` (List of String) List of spontaneous scope regular expression. - `tls_client_auth_subject_dn` (String) String representation of the expected subject distinguished name of the certificate, which the OAuth client will use in mutual TLS authentication. +- `tx_token_encrypted_response_alg` (String) JWE alg algorithm (JWA) required for encrypting the TX Token response. +- `tx_token_encrypted_response_enc` (String) JWE enc algorithm (JWA) required for encrypting the TX Token response. +- `tx_token_lifetime` (Number) Specifies the Client-specific TX Token expiration. +- `tx_token_signed_response_alg` (String) JWS alg algorithm (JWA) required for signing the TX Token response. - `update_token_script_dns` (List of String) List of update token scripts. @@ -242,5 +249,3 @@ Optional: - `display_value` (String) Display value for the attribute. - `value` (String) Value for the attribute. - - diff --git a/docs/resources/script.md b/docs/resources/script.md index 0424aef..c2ff120 100644 --- a/docs/resources/script.md +++ b/docs/resources/script.md @@ -102,5 +102,3 @@ Read-Only: - `raised_at` (String) - `stack_trace` (String) - - diff --git a/docs/resources/smtp_configuration.md b/docs/resources/smtp_configuration.md index 7919e2c..c086cf1 100644 --- a/docs/resources/smtp_configuration.md +++ b/docs/resources/smtp_configuration.md @@ -55,5 +55,3 @@ resource "jans_smtp_configuration" "global" { ### Read-Only - `id` (String) The ID of this resource. - - diff --git a/docs/resources/uma_resource.md b/docs/resources/uma_resource.md index 19e661f..5841cdd 100644 --- a/docs/resources/uma_resource.md +++ b/docs/resources/uma_resource.md @@ -55,5 +55,3 @@ resource "jans_uma_resource" "test" { - `dn` (String) - `id` (String) Resource id. - - diff --git a/docs/resources/user.md b/docs/resources/user.md index dca993d..505ecb3 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -283,5 +283,3 @@ Read-Only: - `last_modified` (String) - `location` (String) - `resource_type` (String) - - diff --git a/go.mod b/go.mod index 70a1ca3..8a95621 100644 --- a/go.mod +++ b/go.mod @@ -1,38 +1,43 @@ module github.com/jans/terraform-provider-jans -go 1.18 +go 1.20 -require github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0 +require github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 require ( - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/hc-install v0.4.0 // indirect - github.com/hashicorp/terraform-exec v0.17.2 // indirect - github.com/hashicorp/terraform-json v0.14.0 // indirect - golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 // indirect + github.com/hashicorp/hc-install v0.6.1 // indirect + github.com/hashicorp/terraform-exec v0.19.0 // indirect + github.com/hashicorp/terraform-json v0.17.1 // indirect + github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/mod v0.13.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect ) require ( github.com/agext/levenshtein v1.2.2 // indirect - github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/fatih/color v1.13.0 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-cmp v0.5.9 + github.com/google/go-cmp v0.6.0 github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 - github.com/hashicorp/go-hclog v1.2.1 // indirect + github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.4.4 // indirect + github.com/hashicorp/go-plugin v1.5.1 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hcl/v2 v2.13.0 // indirect + github.com/hashicorp/hcl/v2 v2.19.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.14.0 // indirect - github.com/hashicorp/terraform-plugin-log v0.7.0 - github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c // indirect - github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect + github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect + github.com/hashicorp/terraform-plugin-log v0.9.0 + github.com/hashicorp/terraform-registry-address v0.2.2 // indirect + github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect @@ -43,14 +48,11 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/oklog/run v1.0.0 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect - github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect - github.com/vmihailenco/tagparser v0.1.1 // indirect - github.com/zclconf/go-cty v1.10.0 // indirect - golang.org/x/net v0.9.0 // indirect - golang.org/x/sys v0.7.0 // indirect - golang.org/x/text v0.9.0 // indirect + github.com/zclconf/go-cty v1.14.1 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.56.3 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/grpc v1.57.1 // indirect + google.golang.org/protobuf v1.31.0 // indirect ) diff --git a/go.sum b/go.sum index 8259547..124f45c 100644 --- a/go.sum +++ b/go.sum @@ -1,116 +1,90 @@ -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= -github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk= -github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= -github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= -github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= -github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= -github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= -github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= +github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= -github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= -github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= -github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw= -github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ= -github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= +github.com/hashicorp/go-plugin v1.5.1 h1:oGm7cWBaYIp3lJpx1RUEfLWophprE2EV/KUeqBYo+6k= +github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.4.0 h1:cZkRFr1WVa0Ty6x5fTvL1TuO1flul231rWkGH92oYYk= -github.com/hashicorp/hc-install v0.4.0/go.mod h1:5d155H8EC5ewegao9A4PUTMNPZaq+TbOzkJJZ4vrXeI= -github.com/hashicorp/hcl/v2 v2.13.0 h1:0Apadu1w6M11dyGFxWnmhhcMjkbAiKCv7G1r/2QgCNc= -github.com/hashicorp/hcl/v2 v2.13.0/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0= +github.com/hashicorp/hc-install v0.6.1 h1:IGxShH7AVhPaSuSJpKtVi/EFORNjO+OYVJJrAtGG2mY= +github.com/hashicorp/hc-install v0.6.1/go.mod h1:0fW3jpg+wraYSnFDJ6Rlie3RvLf1bIqVIkzoon4KoVE= +github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= +github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go= -github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8= -github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e17dKDpqV7s= -github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM= -github.com/hashicorp/terraform-plugin-go v0.14.0 h1:ttnSlS8bz3ZPYbMb84DpcPhY4F5DsQtcAS7cHo8uvP4= -github.com/hashicorp/terraform-plugin-go v0.14.0/go.mod h1:2nNCBeRLaenyQEi78xrGrs9hMbulveqG/zDMQSvVJTE= -github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs= -github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0 h1:eIJjFlI4k6BMso6Wq/bq56U0RukXc4JbwJJ8Oze2/tg= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0/go.mod h1:mYPs/uchNcBq7AclQv9QUtSf9iNcfp1Ag21jqTlDf2M= -github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg= -github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI= -github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0= -github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= +github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= +github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= +github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= +github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= +github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU= +github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec= +github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= +github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 h1:X7vB6vn5tON2b49ILa4W7mFAsndeqJ7bZFOGbVO+0Cc= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0/go.mod h1:ydFcxbdj6klCqYEPkPvdvFKiNGKZLUs+896ODUXCyao= +github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno= +github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= +github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= +github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= -github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= -github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= -github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= @@ -119,8 +93,6 @@ github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= @@ -129,112 +101,104 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758= github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= -github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= -github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= -github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= -github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= -github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= -github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= -github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0= -github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= -github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= +github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= +github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= +github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA= +github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 h1:O8uGbHCqlTp2P6QJSLmCojM4mN6UemYv8K+dCnmHmu0= -golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= -google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= +google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/jans/app_configuration.go b/jans/app_configuration.go index a3c1842..17a6ea9 100644 --- a/jans/app_configuration.go +++ b/jans/app_configuration.go @@ -8,18 +8,18 @@ import ( // EngineConfiguration enables an alternative way to build authentication // flows in the Janssen server. type EngineConfiguration struct { - Enabled bool `schema:"enabled" json:"enabled"` - RootDir string `schema:"root_dir" json:"rootDir"` - TemplatesPath string `schema:"templates_path" json:"templatesPath"` - ScriptsPath string `schema:"scripts_path" json:"scriptsPath"` - SerializerType string `schema:"serializer_type" json:"serializerType"` - MaxItemsLoggedInCollections int `schema:"max_items_logged_in_collections" json:"maxItemsLoggedInCollections"` - PageMismatchErrorPage string `schema:"page_mismatch_error_page" json:"pageMismatchErrorPage"` - InterruptionErrorPage string `schema:"interruption_error_page" json:"interruptionErrorPage"` - CrashErrorPage string `schema:"crash_error_page" json:"crashErrorPage"` - FinishedFlowPage string `schema:"finished_flow_page" json:"finishedFlowPage"` - BridgeScriptPage string `schema:"bridge_script_page" json:"bridgeScriptPage"` - DefaultResponseHeaders map[string]string `schema:"default_response_headers" json:"defaultResponseHeaders"` + Enabled bool `schema:"enabled" json:"enabled"` + RootDir string `schema:"root_dir" json:"rootDir"` + TemplatesPath string `schema:"templates_path" json:"templatesPath"` + ScriptsPath string `schema:"scripts_path" json:"scriptsPath"` + MaxItemsLoggedInCollections int `schema:"max_items_logged_in_collections" json:"maxItemsLoggedInCollections"` + PageMismatchErrorPage string `schema:"page_mismatch_error_page" json:"pageMismatchErrorPage"` + InterruptionErrorPage string `schema:"interruption_error_page" json:"interruptionErrorPage"` + CrashErrorPage string `schema:"crash_error_page" json:"crashErrorPage"` + FinishedFlowPage string `schema:"finished_flow_page" json:"finishedFlowPage"` + BridgeScriptPage string `schema:"bridge_script_page" json:"bridgeScriptPage"` + SerializeRules map[string][]string `schema:"serialize_rules" json:"serializeRules"` + DefaultResponseHeaders map[string]string `schema:"default_response_headers" json:"defaultResponseHeaders"` } // CibaEndUserNotificationConfig represents the configuration properties for @@ -100,6 +100,11 @@ type TrustedIssuerConfig struct { AutomaticallyGrantedScopes []string `schema:"automatically_granted_scopes" json:"automatically_granted_scopes"` } +type LockMessageConfig struct { + EnableIDTokenMessages bool `schema:"enable_id_token_messages" json:"enableIDTokenMessages"` + IDTokenMessagesChannel string `schema:"id_token_messages_channel" json:"idTokenMessagesChannel"` +} + // AppConfiguration represents the Janssen authorization server // configuration properties type AppConfiguration struct { @@ -115,6 +120,7 @@ type AppConfiguration struct { EndSessionEndpoint string `schema:"end_session_endpoint" json:"endSessionEndpoint"` RegistrationEndpoint string `schema:"registration_endpoint" json:"registrationEndpoint"` JwksUri string `schema:"jwks_uri" json:"jwksUri"` + ArchivedJwksUri string `schema:"archived_jwks_uri" json:"archivedJwksUri"` OpenIDDiscoveryEndpoint string `schema:"openid_discovery_endpoint" json:"openIdDiscoveryEndpoint"` OpenIDConfigurationEndpoint string `schema:"openid_configuration_endpoint" json:"openIdConfigurationEndpoint"` IDGenerationEndpoint string `schema:"id_generation_endpoint" json:"idGenerationEndpoint"` @@ -139,7 +145,9 @@ type AppConfiguration struct { RequireRequestObjectEncryption bool `schema:"require_request_object_encryption" json:"requireRequestObjectEncryption"` RequirePkce bool `schema:"require_pkce" json:"requirePkce"` AllowAllValueForRevokeEndpoint bool `schema:"allow_all_value_for_revoke_endpoint" json:"allowAllValueForRevokeEndpoint"` + AllowRevokeForOtherClients bool `schema:"allow_revoke_for_other_clients" json:"allowRevokeForOtherClients"` SectorIdentifierCacheLifetimeInMinutes int `schema:"sector_identifier_cache_lifetime_in_minutes" json:"sectorIdentifierCacheLifetimeInMinutes"` + ArchivedJwkLifetimeInSeconds int `schema:"archived_jwk_lifetime_in_seconds" json:"archivedJwkLifetimeInSeconds"` UmaConfigurationEndpoint string `schema:"uma_configuration_endpoint" json:"umaConfigurationEndpoint"` UmaRptAsJwt bool `schema:"uma_rpt_as_jwt" json:"umaRptAsJwt"` UmaRptLifetime int `schema:"uma_rpt_lifetime" json:"umaRptLifetime"` @@ -168,6 +176,12 @@ type AppConfiguration struct { UserInfoSigningAlgValuesSupported []string `schema:"user_info_signing_alg_values_supported" json:"userInfoSigningAlgValuesSupported"` UserInfoEncryptionAlgValuesSupported []string `schema:"user_info_encryption_alg_values_supported" json:"userInfoEncryptionAlgValuesSupported"` UserInfoEncryptionEncValuesSupported []string `schema:"user_info_encryption_enc_values_supported" json:"userInfoEncryptionEncValuesSupported"` + IntrospectionSigningAlgValuesSupported []string `schema:"introspection_signing_alg_values_supported" json:"introspectionSigningAlgValuesSupported"` + IntrospectionEncryptionAlgValuesSupported []string `schema:"introspection_encryption_alg_values_supported" json:"introspectionEncryptionAlgValuesSupported"` + IntrospectionEncryptionEncValuesSupported []string `schema:"introspection_encryption_enc_values_supported" json:"introspectionEncryptionEncValuesSupported"` + TxTokenSigningAlgValuesSupported []string `schema:"tx_token_signing_alg_values_supported" json:"txTokenSigningAlgValuesSupported"` + TxTokenEncryptionAlgValuesSupported []string `schema:"tx_token_encryption_alg_values_supported" json:"txTokenEncryptionAlgValuesSupported"` + TxTokenEncryptionEncValuesSupported []string `schema:"tx_token_encryption_enc_values_supported" json:"txTokenEncryptionEncValuesSupported"` IDTokenSigningAlgValuesSupported []string `schema:"id_token_signing_alg_values_supported" json:"idTokenSigningAlgValuesSupported"` IDTokenEncryptionAlgValuesSupported []string `schema:"id_token_encryption_alg_values_supported" json:"idTokenEncryptionAlgValuesSupported"` IDTokenEncryptionEncValuesSupported []string `schema:"id_token_encryption_enc_values_supported" json:"idTokenEncryptionEncValuesSupported"` @@ -195,8 +209,11 @@ type AppConfiguration struct { OpTosUri string `schema:"op_tos_uri" json:"opTosUri"` AuthorizationCodeLifetime int `schema:"authorization_code_lifetime" json:"authorizationCodeLifetime"` RefreshTokenLifetime int `schema:"refresh_token_lifetime" json:"refreshTokenLifetime"` + TxTokenLifetime int `schema:"tx_token_lifetime" json:"txTokenLifetime"` IDTokenLifetime int `schema:"id_token_lifetime" json:"idTokenLifetime"` IDTokenFilterClaimsBasedOnAccessToken bool `schema:"id_token_filter_claims_based_on_access_token" json:"idTokenFilterClaimsBasedOnAccessToken"` + SaveTokensInCache bool `schema:"save_tokens_in_cache" json:"saveTokensInCache"` + SaveTokensInCacheAndDontSaveInPersistence bool `schema:"save_tokens_in_cache_and_dont_save_in_persistence" json:"saveTokensInCacheAndDontSaveInPersistence"` AccessTokenLifetime int `schema:"access_token_lifetime" json:"accessTokenLifetime"` CleanServiceInterval int `schema:"clean_service_interval" json:"cleanServiceInterval"` CleanServiceBatchChunkSize int `schema:"clean_service_batch_chunk_size" json:"cleanServiceBatchChunkSize"` @@ -246,7 +263,7 @@ type AppConfiguration struct { DisablePromptLogin bool `schema:"disable_prompt_login" json:"disablePromptLogin"` DisablePromptConsent bool `schema:"disable_prompt_consent" json:"disablePromptConsent"` SessionIdLifetime int `schema:"session_id_lifetime" json:"sessionIdLifetime"` - ServerSessionIdLifetime int `schema:"server_session_id_lifetime" json:"serverSessionIdLifetime"` + SessionIdCookieLifetime int `schema:"session_id_cookie_lifetime" json:"sessionIdCookieLifetime"` ActiveSessionAuthorizationScope string `schema:"active_session_authorization_scope" json:"activeSessionAuthorizationScope"` ConfigurationUpdateInterval int `schema:"configuration_update_interval" json:"configurationUpdateInterval"` LogNotFoundEntityAsError bool `schema:"log_not_found_entity_as_error" json:"logNotFoundEntityAsError"` @@ -270,14 +287,10 @@ type AppConfiguration struct { KeyAlgsAllowedForGeneration []string `schema:"key_algs_allowed_for_generation" json:"keyAlgsAllowedForGeneration"` StaticKid string `schema:"static_kid" json:"staticKid"` StaticDecryptionKid string `schema:"static_decryption_kid" json:"staticDecryptionKid"` - JansElevenTestModeToken string `schema:"jans_eleven_test_mode_token" json:"jansElevenTestModeToken"` - JansElevenGenerateKeyEndpoint string `schema:"jans_eleven_generate_key_endpoint" json:"jansElevenGenerateKeyEndpoint"` - JansElevenSignEndpoint string `schema:"jans_eleven_sign_endpoint" json:"jansElevenSignEndpoint"` - JansElevenVerifySignatureEndpoint string `schema:"jans_eleven_verify_signature_endpoint" json:"jansElevenVerifySignatureEndpoint"` - JansElevenDeleteKeyEndpoint string `schema:"jans_eleven_delete_key_endpoint" json:"jansElevenDeleteKeyEndpoint"` IntrospectionAccessTokenMustHaveUmaProtectionScope bool `schema:"introspection_access_token_must_have_uma_protection_scope" json:"introspectionAccessTokenMustHaveUmaProtectionScope"` IntrospectionAccessTokenMustHaveIntrospectionScope bool `schema:"introspection_access_token_must_have_introspection_scope" json:"introspectionAccessTokenMustHaveIntrospectionScope"` IntrospectionSkipAuthorization bool `schema:"introspection_skip_authorization" json:"introspectionSkipAuthorization"` + IntrospectionRestrictBasicAuthnToOwnTokens bool `schema:"introspection_restrict_basic_authn_to_own_tokens" json:"introspectionRestrictBasicAuthnToOwnTokens"` EndSessionWithAccessToken bool `schema:"end_session_with_access_token" json:"endSessionWithAccessToken"` CookieDomain string `schema:"cookie_domain" json:"cookieDomain"` EnabledOAuthAuditLogging bool `schema:"enabled_oauth_audit_logging" json:"enabledOAuthAuditLogging"` @@ -380,6 +393,7 @@ type AppConfiguration struct { HttpLoggingResponseBodyContent bool `schema:"http_logging_response_body_content" json:"httpLoggingResponseBodyContent"` Fapi bool `schema:"fapi" json:"fapi"` SkipAuthenticationFilterOptionsMethod bool `schema:"skip_authentication_filter_options_method" json:"skipAuthenticationFilterOptionsMethod"` + LockMessageConfig LockMessageConfig `schema:"lock_message_config" json:"lockMessageConfig"` } // GetAppConfiguration returns all Janssen authorization server configuration diff --git a/jans/attributes.go b/jans/attributes.go index 4bce6a3..5ae0e72 100644 --- a/jans/attributes.go +++ b/jans/attributes.go @@ -69,7 +69,9 @@ func (c *Client) GetAttributes(ctx context.Context) ([]Attribute, error) { resp := response{} - if err := c.get(ctx, "/jans-config-api/api/v1/attributes", token, &resp); err != nil { + if err := c.get(ctx, "/jans-config-api/api/v1/attributes", token, &resp, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/jans/client.go b/jans/client.go index 3af46ea..b744d26 100644 --- a/jans/client.go +++ b/jans/client.go @@ -7,10 +7,12 @@ import ( "encoding/json" "fmt" "io" + "mime/multipart" "reflect" "sort" "net/http" + "net/textproto" "net/url" ) @@ -254,6 +256,118 @@ func (c *Client) post(ctx context.Context, path, token string, req, resp any) er return c.request(ctx, params) } +type FormField struct { + Typ string + Data io.Reader +} + +type requestParamsOptions func(*requestParams) error + +func (c *Client) newParams(method, path string, resp any, options ...requestParamsOptions) (*requestParams, error) { + params := &requestParams{ + method: method, + accept: "application/json", + path: path, + resp: resp, + } + + for _, o := range options { + if err := o(params); err != nil { + return nil, err + } + } + + return params, nil +} + +func (c *Client) withToken(ctx context.Context, url string) requestParamsOptions { + return func(params *requestParams) (err error) { + params.token, err = c.getToken(ctx, url) + return + } +} + +func (c *Client) withFormData(req map[string]FormField) requestParamsOptions { + return func(params *requestParams) (err error) { + var b bytes.Buffer + + w := multipart.NewWriter(&b) + defer w.Close() + + for key, r := range req { + var fw io.Writer + + switch r.Typ { + case "file": + if fw, err = w.CreateFormFile(key, "file"); err != nil { + return + } + case "json": + h := make(textproto.MIMEHeader) + h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"`, key)) + h.Set("Content-Type", "application/json") + if fw, err = w.CreatePart(h); err != nil { + return + } + } + + if _, err = io.Copy(fw, r.Data); err != nil { + return + } + } + + w.Close() + + params.contentType = w.FormDataContentType() + params.payload = b.Bytes() + + return nil + } +} + +func (c *Client) postFormData(ctx context.Context, path, token string, req map[string]FormField, resp any) (err error) { + var b bytes.Buffer + + w := multipart.NewWriter(&b) + defer w.Close() + + for key, r := range req { + var fw io.Writer + + switch r.Typ { + case "file": + if fw, err = w.CreateFormFile(key, "file"); err != nil { + return + } + case "json": + h := make(textproto.MIMEHeader) + h.Set("Content-Disposition", fmt.Sprintf(`form-data; name="%s"`, key)) + h.Set("Content-Type", "application/json") + if fw, err = w.CreatePart(h); err != nil { + return + } + } + + if _, err = io.Copy(fw, r.Data); err != nil { + return + } + } + + w.Close() + + params := requestParams{ + method: "POST", + path: path, + contentType: w.FormDataContentType(), + accept: "application/json", + token: token, + payload: b.Bytes(), + resp: resp, + } + + return c.request(ctx, params) +} + // post performs an HTTP POST request to the given path, using the given token // and the provided request entity, which is marshaled into JSON. The response // data is unmarshaled into the provided response value, which has to be of @@ -355,11 +469,19 @@ func (c *Client) request(ctx context.Context, params requestParams) error { } client := &http.Client{Transport: tr} + // b, _ := httputil.DumpRequest(req, true) + // fmt.Print("REQUEST:\n") + // fmt.Printf("%s\n", b) + resp, err := client.Do(req) if err != nil { return fmt.Errorf("could not perform request: %w", err) } + // b, _ = httputil.DumpResponse(resp, true) + // fmt.Print("RESPONSE:\n") + // fmt.Printf("%s\n", b) + if resp.StatusCode == 400 { // try to read error message data, err := io.ReadAll(resp.Body) diff --git a/jans/custom_user.go b/jans/custom_user.go index 65b107c..f1497ef 100644 --- a/jans/custom_user.go +++ b/jans/custom_user.go @@ -39,7 +39,9 @@ func (c *Client) GetCustomUsers(ctx context.Context) ([]CustomUser, error) { ret := response{} - if err := c.get(ctx, "/jans-config-api/mgt/configuser", token, &ret); err != nil { + if err := c.get(ctx, "/jans-config-api/mgt/configuser", token, &ret, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/jans/kc_saml_config.go b/jans/kc_saml_config.go new file mode 100644 index 0000000..afa08f5 --- /dev/null +++ b/jans/kc_saml_config.go @@ -0,0 +1,100 @@ +package jans + +import ( + "context" + "fmt" +) + +type KCSAMLConfiguration struct { + ApplicationName string `schema:"application_name" json:"applicationName"` + SamlTrustRelationshipDn string `schema:"saml_trust_relationship_dn" json:"samlTrustRelationshipDn"` + TrustIdpDn string `schema:"trusted_idp_dn" json:"trustedIdpDn"` + Enabled bool `schema:"enabled" json:"enabled"` + SelectedIdp string `schema:"selected_idp" json:"selectedIdp"` + ServerUrl string `schema:"server_url" json:"serverUrl"` + Realm string `schema:"realm" json:"realm"` + ClientId string `schema:"client_id" json:"clientId"` + ClientSecret string `schema:"client_secret" json:"clientSecret"` + GrantType string `schema:"grant_type" json:"grantType"` + Scope string `schema:"scope" json:"scope"` + Username string `schema:"username" json:"username"` + Password string `schema:"password" json:"password"` + SpMetadataUrl string `schema:"sp_metadata_url" json:"spMetadataUrl"` + TokenUrl string `schema:"token_url" json:"tokenUrl"` + IdpUrl string `schema:"idp_url" json:"idpUrl"` + IdpMetadataImportUrl string `schema:"idp_metadata_import_url" json:"idpMetadataImportUrl"` + IdpRootDir string `schema:"idp_root_dir" json:"idpRootDir"` + IdpMetadataDir string `schema:"idp_metadata_dir" json:"idpMetadataDir"` + IdpMetadataTempDir string `schema:"idp_metadata_temp_dir" json:"idpMetadataTempDir"` + IdpMetadataFile string `schema:"idp_metadata_file" json:"idpMetadataFile"` + SpMetadataDir string `schema:"sp_metadata_dir" json:"spMetadataDir"` + SpMetadataTempDir string `schema:"sp_metadata_temp_dir" json:"spMetadataTempDir"` + SpMetadataFile string `schema:"sp_metadata_file" json:"spMetadataFile"` + IgnoreValidation bool `schema:"ignore_validation" json:"ignoreValidation"` + IdpMetadataMandatoryAttributes []string `schema:"idp_metadata_mandatory_attributes" json:"idpMetadataMandatoryAttributes"` + KcAttributes []string `schema:"kc_attributes" json:"kcAttributes"` + KcSamlConfig []string `schema:"kc_saml_config" json:"kcSamlConfig"` +} + +func (c *Client) CreateKCSAMLConfiguration(ctx context.Context, config *KCSAMLConfiguration) (*KCSAMLConfiguration, error) { + + if config == nil { + return nil, fmt.Errorf("config is nil") + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + ret := &KCSAMLConfiguration{} + + if err := c.put(ctx, "/jans-config-api/kc/samlConfig", token, config, ret); err != nil { + return nil, fmt.Errorf("put request failed: %w", err) + } + + return ret, nil +} + +func (c *Client) GetKCSAMLConfiguration(ctx context.Context) (*KCSAMLConfiguration, error) { + token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + ret := &KCSAMLConfiguration{} + + if err := c.get(ctx, "/jans-config-api/kc/samlConfig", token, ret); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return ret, nil +} + +func (c *Client) PatchKCSAMLConfiguration(ctx context.Context, patches []PatchRequest) (*KCSAMLConfiguration, error) { + + if len(patches) == 0 { + return c.GetKCSAMLConfiguration(ctx) + } + + orig, err := c.GetKCSAMLConfiguration(ctx) + if err != nil { + return nil, fmt.Errorf("failed to get fido2 configuration: %w", err) + } + + updates, err := createPatchesDiff(orig, patches) + if err != nil { + return nil, fmt.Errorf("failed to create patches: %w", err) + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml-config.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + if err := c.patch(ctx, "/jans-config-api/kc/samlConfig", token, updates); err != nil { + return nil, fmt.Errorf("put request failed: %w", err) + } + + return c.GetKCSAMLConfiguration(ctx) +} diff --git a/jans/kc_saml_config_test.go b/jans/kc_saml_config_test.go new file mode 100644 index 0000000..5f5a4d7 --- /dev/null +++ b/jans/kc_saml_config_test.go @@ -0,0 +1,48 @@ +package jans + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestCreateConfig(t *testing.T) { + c, err := NewInsecureClient(host, user, pass) + if err != nil { + t.Fatal(err) + } + + ctx := context.Background() + + config := &KCSAMLConfiguration{ + ApplicationName: "SomeAPP", + Enabled: true, + } + + _, err = c.CreateKCSAMLConfiguration(ctx, config) + if err != nil { + t.Fatal(err) + } + + pr := []PatchRequest{ + { + Op: "replace", + Path: "/applicationName", + Value: "UpdatedAPP", + }, + } + config, err = c.PatchKCSAMLConfiguration(ctx, pr) + if err != nil { + t.Fatal(err) + } + + gotConfig, err := c.GetKCSAMLConfiguration(ctx) + if err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(config, gotConfig); diff != "" { + t.Errorf("Config mismatch (-want +got):\n%s", diff) + } +} diff --git a/jans/kc_saml_idp.go b/jans/kc_saml_idp.go new file mode 100644 index 0000000..4c65059 --- /dev/null +++ b/jans/kc_saml_idp.go @@ -0,0 +1,158 @@ +package jans + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" +) + +type IdentityProviderPagedResult struct { + Start int `json:"start"` + TotalEntriesCount int `json:"total_entries_count"` + EntriesCount int `json:"entries_count"` + Entries []IdentityProvider `json:"entries"` +} + +type BrokerIdentityProviderForm struct { + IdentityProvider *IdentityProvider `schema:"identity_provider" json:"identityProvider"` + MetaDataFile []byte `schema:"metadata_file" json:"metadataFile"` +} + +type IdentityProvider struct { + DN string `schema:"dn" json:"dn"` + Inum string `schema:"inum" json:"inum"` + CreatorId string `schema:"creator_id" json:"creatorId"` + Name string `schema:"name" json:"name"` + DisplayName string `schema:"display_name" json:"displayName"` + Description string `schema:"description" json:"description"` + Realm string `schema:"realm" json:"realm"` + Enabled bool `schema:"enabled" json:"enabled"` + SigningCertificate string `schema:"signing_certificate" json:"signingCertificate"` + ValidateSignature string `schema:"validate_signature" json:"validateSignature"` + SingleLogoutServiceUrl string `schema:"single_logout_service_url" json:"singleLogoutServiceUrl"` + NameIDPolicyFormat string `schema:"name_id_policy_format" json:"nameIDPolicyFormat"` + IdpEntityId string `schema:"idp_entity_id" json:"idpEntityId"` + SingleSignOnServiceUrl string `schema:"single_sign_on_service_url" json:"singleSignOnServiceUrl"` + EncryptionPublicKey string `schema:"encryption_public_key" json:"encryptionPublicKey"` + ProviderId string `schema:"provider_id" json:"providerId"` + TrustEmail bool `schema:"trust_email" json:"trustEmail"` + StoreToken bool `schema:"store_token" json:"storeToken"` + AddReadTokenRoleOnCreate bool `schema:"add_read_token_role_on_create" json:"addReadTokenRoleOnCreate"` + AuthenticateByDefault bool `schema:"authenticate_by_default" json:"authenticateByDefault"` + LinkOnly bool `schema:"link_only" json:"linkOnly"` + FirstBrokerLoginFlowAlias string `schema:"first_broker_login_flow_alias" json:"firstBrokerLoginFlowAlias"` + PostBrokerLoginFlowAlias string `schema:"post_broker_login_flow_alias" json:"postBrokerLoginFlowAlias"` + SpMetaDataURL string `schema:"sp_meta_data_url" json:"spMetaDataURL"` + SpMetaDataLocation string `schema:"sp_meta_data_location" json:"spMetaDataLocation"` + IdpMetaDataURL string `schema:"idp_meta_data_url" json:"idpMetaDataURL"` + IdpMetaDataLocation string `schema:"idp_meta_data_location" json:"idpMetaDataLocation"` + Status string `schema:"status" json:"status"` + ValidationStatus string `schema:"validation_status" json:"validationStatus"` + ValidationLog []string `schema:"validation_log" json:"validationLog"` + BaseDn string `schema:"base_dn" json:"baseDn"` + ValidUntil string `schema:"valid_until" json:"validUntil"` + CacheDuration string `schema:"cache_duration" json:"cacheDuration"` +} + +func (c *Client) createIDPFormData(idp *IdentityProvider, file io.Reader) (map[string]FormField, error) { + data := map[string]FormField{} + + if file != nil { + data["metaDataFile"] = FormField{ + Typ: "file", + Data: file, + } + } + + b, err := json.Marshal(idp) + if err != nil { + return nil, fmt.Errorf("failed to marshal request: %w", err) + } + + r := bytes.NewReader(b) + + data["identityProvider"] = FormField{ + Typ: "json", + Data: r, + } + + return data, nil +} + +func (c *Client) CreateIDP(ctx context.Context, idp *IdentityProvider, file io.Reader) (*IdentityProvider, error) { + + data, err := c.createIDPFormData(idp, file) + if err != nil { + return nil, fmt.Errorf("failed to create form data: %w", err) + } + + resp := &IdentityProvider{} + req, err := c.newParams("POST", "/jans-config-api/kc/saml/idp/upload", resp, + c.withToken(ctx, "https://jans.io/idp/saml.write"), + c.withFormData(data), + ) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + if err := c.request(ctx, *req); err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) UpdateIDP(ctx context.Context, idp *IdentityProvider, file io.Reader) (*IdentityProvider, error) { + + data, err := c.createIDPFormData(idp, file) + if err != nil { + return nil, fmt.Errorf("failed to create form data: %w", err) + } + + resp := &IdentityProvider{} + req, err := c.newParams("PUT", "/jans-config-api/kc/saml/idp/upload", resp, + c.withToken(ctx, "https://jans.io/idp/saml.write"), + c.withFormData(data), + ) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + if err := c.request(ctx, *req); err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) GetIDP(ctx context.Context, inum string) (*IdentityProvider, error) { + + token, err := c.getToken(ctx, "https://jans.io/idp/saml.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + resp := &IdentityProvider{} + + if err = c.get(ctx, "/jans-config-api/kc/saml/idp/"+inum, token, resp); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) DeleteIDP(ctx context.Context, inum string) error { + + token, err := c.getToken(ctx, "https://jans.io/idp/saml.write") + if err != nil { + return fmt.Errorf("failed to get token: %w", err) + } + + if err := c.delete(ctx, "/jans-config-api/kc/saml/idp/"+inum, token); err != nil { + return fmt.Errorf("delete request failed: %w", err) + } + + return nil +} diff --git a/jans/kc_saml_idp_test.go b/jans/kc_saml_idp_test.go new file mode 100644 index 0000000..8c37374 --- /dev/null +++ b/jans/kc_saml_idp_test.go @@ -0,0 +1,54 @@ +package jans + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestCreateIDP(t *testing.T) { + c, err := NewInsecureClient(host, user, pass) + if err != nil { + t.Fatal(err) + } + + ctx := context.Background() + + idp := &IdentityProvider{ + CreatorId: "admin", + Description: "Test IDP", + DisplayName: "Test IDP", + Name: "test-idp", + Realm: "jans", + NameIDPolicyFormat: "urn:mace:shibboleth:1.0:nameIdentifier", + IdpEntityId: "https://moabu-promoted-loon.gluu.info/idp/shibboleth", + SingleSignOnServiceUrl: "https://moabu-promoted-loon.gluu.info/idp/profile/SAML2/POST/SSO", + } + + idp, err = c.CreateIDP(ctx, idp, nil) + if err != nil { + t.Fatal(err) + } + defer func() { + if err := c.DeleteIDP(ctx, idp.Inum); err != nil { + t.Fatal(err) + } + }() + + idp.Description = "Updated description" + + idp, err = c.UpdateIDP(ctx, idp, nil) + if err != nil { + t.Fatal(err) + } + + gotIdp, err := c.GetIDP(ctx, idp.Inum) + if err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(idp, gotIdp); diff != "" { + t.Errorf("IDP mismatch (-want +got):\n%s", diff) + } +} diff --git a/jans/kc_saml_tr.go b/jans/kc_saml_tr.go new file mode 100644 index 0000000..e01e49c --- /dev/null +++ b/jans/kc_saml_tr.go @@ -0,0 +1,166 @@ +package jans + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" +) + +type TrustRelationshipForm struct { + TrustRelationship TrustRelationship `schema:"trustRelationship" json:"trustRelationship"` + MetaDataFile []byte `schema:"metaDataFile" json:"metaDataFile"` +} + +type TrustRelationship struct { + DN string `schema:"dn" json:"dn"` + Inum string `schema:"inum" json:"inum"` + Owner string `schema:"owner" json:"owner"` + Name string `schema:"name" json:"name"` + DisplayName string `schema:"display_name" json:"displayName"` + Description string `schema:"description" json:"description"` + RootUrl string `schema:"root_url" json:"rootUrl"` + AdminUrl string `schema:"admin_url" json:"adminUrl"` + BaseUrl string `schema:"base_url" json:"baseUrl"` + SurrogateAuthRequired bool `schema:"surrogate_auth_required" json:"surrogateAuthRequired"` + Enabled bool `schema:"enabled" json:"enabled"` + AlwaysDisplayInConsole bool `schema:"always_display_in_console" json:"alwaysDisplayInConsole"` + ClientAuthenticatorType string `schema:"client_authenticator_type" json:"clientAuthenticatorType"` + Secret string `schema:"secret" json:"secret"` + RegisterationAccessToken string `schema:"registration_access_token" json:"registrationAccessToken"` + ConsetRequired bool `schema:"consent_required" json:"consentRequired"` + SPMetaDataSourceType string `schema:"sp_meta_data_source_type" json:"spMetaDataSourceType"` + SamlMetadata SAMLMetadata `schema:"saml_metadata" json:"samlMetadata"` + RedirectUris []string `schema:"redirect_uris" json:"redirectUris"` + SPMetaDataURL string `schema:"sp_meta_data_url" json:"spMetaDataURL"` + MetaLocation string `schema:"meta_location" json:"metaLocation"` + ReleasedAttributes []string `schema:"released_attributes" json:"releasedAttributes"` + Url string `schema:"url" json:"url"` + SPLogoutURL string `schema:"sp_logout_url" json:"spLogoutURL"` + Status string `schema:"status" json:"status"` + ValidationStatus string `schema:"validation_status" json:"validationStatus"` + ValidationLog []string `schema:"validation_log" json:"validationLog"` + ProfileConfigurations ProfileConfigurations `schema:"profile_configurations" json:"profileConfigurations"` + BaseDn string `schema:"base_dn" json:"baseDn"` +} + +type SAMLMetadata struct { + NameIDPolicyFormat string `schema:"name_id_policy_format" json:"nameIDPolicyFormat"` + EntityId string `schema:"entity_id" json:"entityId"` + SingleLogoutServiceURL string `schema:"single_logout_service_url" json:"singleLogoutServiceUrl"` + JansAssertionConsumerServiceGetURL string `schema:"jans_assertion_consumer_service_get_url" json:"jansAssertionConsumerServiceGetURL"` + JansAssertionConsumerServicePostURL string `schema:"jans_assertion_consumer_service_post_url" json:"jansAssertionConsumerServicePostURL"` +} + +type AdditionalProp struct { + Name string `schema:"name" json:"name"` + SignResponses string `schema:"sign_responses" json:"signResponses"` +} + +type ProfileConfigurations struct { + AddtionalProp1 AdditionalProp `schema:"additional_prop1" json:"additionalProp1"` + AddtionalProp2 AdditionalProp `schema:"additional_prop2" json:"additionalProp2"` + AddtionalProp3 AdditionalProp `schema:"additional_prop3" json:"additionalProp3"` +} + +func (c *Client) createTRFormData(tr *TrustRelationship, file io.Reader) (map[string]FormField, error) { + data := map[string]FormField{} + + tr.SPMetaDataSourceType = "manual" + if file != nil { + data["metaDataFile"] = FormField{ + Typ: "file", + Data: file, + } + tr.SPMetaDataSourceType = "file" + } + + b, err := json.Marshal(tr) + if err != nil { + return nil, fmt.Errorf("failed to marshal request: %w", err) + } + + r := bytes.NewReader(b) + + data["trustRelationship"] = FormField{ + Typ: "json", + Data: r, + } + + return data, nil +} + +func (c *Client) CreateTR(ctx context.Context, tr *TrustRelationship, file io.Reader) (*TrustRelationship, error) { + + data, err := c.createTRFormData(tr, file) + if err != nil { + return nil, fmt.Errorf("failed to create form data: %w", err) + } + + resp := &TrustRelationship{} + req, err := c.newParams("POST", "/jans-config-api/kc/saml/trust-relationship/upload", resp, + c.withToken(ctx, "https://jans.io/oauth/config/saml.write"), + c.withFormData(data), + ) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + if err := c.request(ctx, *req); err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) UpdateTR(ctx context.Context, tr *TrustRelationship, file io.Reader) (*TrustRelationship, error) { + data, err := c.createTRFormData(tr, file) + if err != nil { + return nil, fmt.Errorf("failed to create form data: %w", err) + } + + resp := &TrustRelationship{} + req, err := c.newParams("PUT", "/jans-config-api/kc/saml/trust-relationship/upload", resp, + c.withToken(ctx, "https://jans.io/oauth/config/saml.write"), + c.withFormData(data), + ) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + if err := c.request(ctx, *req); err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) DeleteTR(ctx context.Context, inum string) error { + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml.write") + if err != nil { + return fmt.Errorf("failed to get token: %w", err) + } + + if err := c.delete(ctx, "/jans-config-api/kc/saml/trust-relationship/"+inum, token); err != nil { + return fmt.Errorf("delete request failed: %w", err) + } + + return nil +} + +func (c *Client) GetTR(ctx context.Context, inum string) (*TrustRelationship, error) { + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/saml.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + resp := &TrustRelationship{} + if err = c.get(ctx, "/jans-config-api/kc/saml/trust-relationship/id/"+inum, token, resp); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return resp, nil +} diff --git a/jans/kc_saml_tr_test.go b/jans/kc_saml_tr_test.go new file mode 100644 index 0000000..f68f560 --- /dev/null +++ b/jans/kc_saml_tr_test.go @@ -0,0 +1,61 @@ +package jans + +import ( + "bytes" + "context" + _ "embed" + "testing" + + "github.com/google/go-cmp/cmp" +) + +//go:embed testdata/metadata.xml +var metadata []byte + +func TestCreateTR(t *testing.T) { + c, err := NewInsecureClient(host, user, pass) + if err != nil { + t.Fatal(err) + } + + ctx := context.Background() + + tr := &TrustRelationship{ + Name: "My TR7", + DisplayName: "Some display name", + Description: "Some trust relationship", + SPMetaDataSourceType: "file", + } + + r := bytes.NewReader(metadata) + + tr, err = c.CreateTR(ctx, tr, r) + if err != nil { + t.Fatal(err) + } + defer func() { + if err := c.DeleteTR(ctx, tr.Inum); err != nil { + t.Fatal(err) + } + }() + + tr.Description = "Updated description" + + if _, err := r.Seek(0, 0); err != nil { + t.Fatal(err) + } + + tr, err = c.UpdateTR(ctx, tr, r) + if err != nil { + t.Fatal(err) + } + + gotTr, err := c.GetTR(ctx, tr.Inum) + if err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tr, gotTr); diff != "" { + t.Errorf("TR mismatch (-want +got):\n%s", diff) + } +} diff --git a/jans/message.go b/jans/message.go new file mode 100644 index 0000000..8dc8cdb --- /dev/null +++ b/jans/message.go @@ -0,0 +1,227 @@ +package jans + +import ( + "context" + "fmt" +) + +type PostgresMessageConfiguration struct { + DriverClassName string `schema:"driver_class_name" json:"driverClassName,omitempty"` + DbSchemaName string `schema:"db_schema_name" json:"dbSchemaName,omitempty"` + ConnectionUri string `schema:"connection_uri" json:"connectionUri,omitempty"` + AuthUserName string `schema:"auth_user_name" json:"authUserName,omitempty"` + AuthUserPassword string `schema:"auth_user_password" json:"authUserPassword,omitempty"` + ConnectionPoolMaxTotal int32 `schema:"connection_pool_max_total" json:"connectionPoolMaxTotal,omitempty"` + ConnectionPoolMaxIdle int32 `schema:"connection_pool_max_idle" json:"connectionPoolMaxIdle,omitempty"` + ConnectionPoolMinIdle int32 `schema:"connection_pool_min_idle" json:"connectionPoolMinIdle,omitempty"` + MessageWaitMillis int32 `schema:"message_wait_millis" json:"messageWaitMillis,omitempty"` + MessageSleepThreadTime int32 `schema:"message_sleep_thread_millis" json:"messageSleepThreadTime,omitempty"` +} + +type RedisMessageConfiguration struct { + RedisProviderType string `schema:"redis_provider_type" json:"redisProviderType,omitempty"` + Servers string `schema:"servers" json:"servers,omitempty"` + DefaultPutExpiration int32 `schema:"default_put_expiration" json:"defaultPutExpiration,omitempty"` + SentinelMasterGroupName string `schema:"sentinel_master_group_name" json:"sentinelMasterGroupName,omitempty"` + Password string `schema:"password" json:"password,omitempty"` + UseSSL bool `schema:"use_ssl" json:"useSSL,omitempty"` + SslTrustStoreFilePath string `schema:"ssl_trust_store_file_path" json:"sslTrustStoreFilePath,omitempty"` + SslTrustStorePassword string `schema:"ssl_trust_store_password" json:"sslTrustStorePassword,omitempty"` + SslKeyStoreFilePath string `schema:"ssl_key_store_file_path" json:"sslKeyStoreFilePath,omitempty"` + SslKeyStorePassword string `schema:"ssl_key_store_password" json:"sslKeyStorePassword,omitempty"` + MaxIdleConnections int32 `schema:"max_idle_connections" json:"maxIdleConnections,omitempty"` + MaxTotalConnections int32 `schema:"max_total_connections" json:"maxTotalConnections,omitempty"` + ConnectionTimeout int32 `schema:"connection_timeout" json:"connectionTimeout,omitempty"` + SoTimeout int32 `schema:"so_timeout" json:"soTimeout,omitempty"` + MaxRetryAttempts int32 `schema:"max_retry_attempts" json:"maxRetryAttempts,omitempty"` +} + +type MessageConfiguration struct { + MessageProviderType string `schema:"message_provider_type" json:"messageProviderType,omitempty"` + RedisConfiguration *RedisMessageConfiguration `schema:"redis_configuration" json:"redisConfiguration,omitempty"` + PostgresConfiguration *PostgresMessageConfiguration `schema:"postgres_configuration" json:"postgresConfiguration,omitempty"` +} + +func (c *Client) GetMessage(ctx context.Context) (*MessageConfiguration, error) { + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + resp := &MessageConfiguration{} + + if err = c.get(ctx, "/jans-config-api/api/v1/config/message", token, resp); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) PatchMessage(ctx context.Context, patches []PatchRequest) (*MessageConfiguration, error) { + + if len(patches) == 0 { + return c.GetMessage(ctx) + } + + orig, err := c.GetMessage(ctx) + if err != nil { + return nil, fmt.Errorf("failed to get fido2 configuration: %w", err) + } + + updates, err := createPatchesDiff(orig, patches) + if err != nil { + return nil, fmt.Errorf("failed to create patches: %w", err) + } + + if len(updates) == 0 { + return orig, nil + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + if err := c.patch(ctx, "/jans-config-api/api/v1/config/message", token, updates); err != nil { + return nil, fmt.Errorf("patch request failed: %w", err) + } + + return c.GetMessage(ctx) +} + +func (c *Client) GetMessagePostgres(ctx context.Context) (*PostgresMessageConfiguration, error) { + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + resp := &PostgresMessageConfiguration{} + + if err = c.get(ctx, "/jans-config-api/api/v1/config/message/postgres", token, resp); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) CreateMessagePostgres(ctx context.Context, postgres *PostgresMessageConfiguration) (*PostgresMessageConfiguration, error) { + + if postgres == nil { + return nil, fmt.Errorf("postgres is nil") + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + ret := &PostgresMessageConfiguration{} + + if err := c.put(ctx, "/jans-config-api/api/v1/config/message/postgres", token, postgres, ret); err != nil { + return nil, fmt.Errorf("put request failed: %w", err) + } + + return ret, nil +} + +func (c *Client) PatchMessagePostgres(ctx context.Context, patches []PatchRequest) (*PostgresMessageConfiguration, error) { + + if len(patches) == 0 { + return c.GetMessagePostgres(ctx) + } + + orig, err := c.GetMessagePostgres(ctx) + if err != nil { + return nil, fmt.Errorf("failed to get fido2 configuration: %w", err) + } + + updates, err := createPatchesDiff(orig, patches) + if err != nil { + return nil, fmt.Errorf("failed to create patches: %w", err) + } + + if len(updates) == 0 { + return orig, nil + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + if err := c.patch(ctx, "/jans-config-api/api/v1/config/message/postgres", token, updates); err != nil { + return nil, fmt.Errorf("patch request failed: %w", err) + } + + return c.GetMessagePostgres(ctx) +} + +func (c *Client) GetMessageRedis(ctx context.Context) (*RedisMessageConfiguration, error) { + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.readonly") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + resp := &RedisMessageConfiguration{} + + if err = c.get(ctx, "/jans-config-api/api/v1/config/message/redis", token, resp); err != nil { + return nil, fmt.Errorf("get request failed: %w", err) + } + + return resp, nil +} + +func (c *Client) CreateMessageRedis(ctx context.Context, redis *RedisMessageConfiguration) (*RedisMessageConfiguration, error) { + + if redis == nil { + return nil, fmt.Errorf("redis is nil") + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + ret := &RedisMessageConfiguration{} + + if err := c.put(ctx, "/jans-config-api/api/v1/config/message/redis", token, redis, ret); err != nil { + return nil, fmt.Errorf("put request failed: %w", err) + } + + return ret, nil +} + +func (c *Client) PatchMessageRedis(ctx context.Context, patches []PatchRequest) (*RedisMessageConfiguration, error) { + + if len(patches) == 0 { + return c.GetMessageRedis(ctx) + } + + orig, err := c.GetMessageRedis(ctx) + if err != nil { + return nil, fmt.Errorf("failed to get fido2 configuration: %w", err) + } + + updates, err := createPatchesDiff(orig, patches) + if err != nil { + return nil, fmt.Errorf("failed to create patches: %w", err) + } + + if len(updates) == 0 { + return orig, nil + } + + token, err := c.getToken(ctx, "https://jans.io/oauth/config/message.write") + if err != nil { + return nil, fmt.Errorf("failed to get token: %w", err) + } + + if err := c.patch(ctx, "/jans-config-api/api/v1/config/message/redis", token, updates); err != nil { + return nil, fmt.Errorf("patch request failed: %w", err) + } + + return c.GetMessageRedis(ctx) +} diff --git a/jans/oidc_client.go b/jans/oidc_client.go index abc0038..0318c2b 100644 --- a/jans/oidc_client.go +++ b/jans/oidc_client.go @@ -32,6 +32,7 @@ type OidcClientAttribute struct { RedirectUrisRegex string `schema:"redirect_uris_regex" json:"redirectUrisRegex,omitempty"` JansAuthorizedAcr []string `schema:"jans_authorized_acr" json:"jansAuthorizedAcr,omitempty"` JansDefaultPromptLogin bool `schema:"jans_default_prompt_login" json:"jansDefaultPromptLogin,omitempty"` + TxTokenLifetime int `schema:"tx_token_lifetime" json:"txTokenLifetime,omitempty"` IdTokenLifetime int `schema:"id_token_lifetime" json:"idTokenLifetime,omitempty"` AllowOfflineAccessWithoutConsent bool `schema:"allow_offline_access_without_consent" json:"allowOfflineAccessWithoutConsent,omitempty"` MinimumAcrLevel int `schema:"minimum_acr_level" json:"minimumAcrLevel,omitempty"` @@ -40,6 +41,13 @@ type OidcClientAttribute struct { MinimumAcrPriorityList []string `schema:"minimum_acr_priority_list" json:"minimumAcrPriorityList,omitempty"` RequestedLifetime int `schema:"requested_lifetime" json:"requestedLifetime,omitempty"` Evidence string `schema:"evidence" json:"evidence,omitempty"` + IntrospectionSignedResponseAlg string `schema:"introspection_signed_response_alg" json:"introspectionSignedResponseAlg,omitempty"` + IntrospectionEncryptedResponseAlg string `schema:"introspection_encrypted_response_alg" json:"introspectionEncryptedResponseAlg,omitempty"` + IntrospectionEncryptedResponseEnc string `schema:"introspection_encrypted_response_enc" json:"introspectionEncryptedResponseEnc,omitempty"` + TxTokenSignedResponseAlg string `schema:"tx_token_signed_response_alg" json:"txTokenSignedResponseAlg,omitempty"` + TxTokenEncryptedResponseAlg string `schema:"tx_token_encrypted_response_alg" json:"txTokenEncryptedResponseAlg,omitempty"` + TxTokenEncryptedResponseEnc string `schema:"tx_token_encrypted_response_enc" json:"txTokenEncryptedResponseEnc,omitempty"` + AuthorizationDetailsTypes []string `schema:"authorization_details_types" json:"authorizationDetailsTypes,omitempty"` } // OidcClient is the definition of an OpenId Connect Client. @@ -118,7 +126,6 @@ type OidcClient struct { Groups []string `schema:"groups" json:"groups,omitempty"` Ttl int `schema:"ttl" json:"ttl,omitempty"` DisplayName string `schema:"display_name" json:"displayName,omitempty"` - AuthenticationMethod string `schema:"authentication_method" json:"authenticationMethod,omitempty"` BaseDn string `schema:"base_dn" json:"baseDn,omitempty"` Inum string `schema:"inum" json:"inum,omitempty"` } @@ -136,7 +143,9 @@ func (c *Client) GetOidcClients(ctx context.Context) ([]OidcClient, error) { } ret := response{} - if err := c.get(ctx, "/jans-config-api/api/v1/openid/clients", token, &ret); err != nil { + if err := c.get(ctx, "/jans-config-api/api/v1/openid/clients", token, &ret, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/jans/oidc_client_test.go b/jans/oidc_client_test.go index 972d321..750b5c4 100644 --- a/jans/oidc_client_test.go +++ b/jans/oidc_client_test.go @@ -178,9 +178,9 @@ func TestOIDCClient(t *testing.T) { // Groups: []string{}, // Ttl: 3600, DisplayName: "SCIM client", - AuthenticationMethod: "client_secret_basic", BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans", Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e", + // TODO: Add new encryption algs } createdClient, err := client.CreateOidcClient(ctx, &newClient) diff --git a/jans/scope.go b/jans/scope.go index 1a738d0..21444bb 100644 --- a/jans/scope.go +++ b/jans/scope.go @@ -49,11 +49,9 @@ func (c *Client) GetScopes(ctx context.Context) ([]Scope, error) { ret := response{} - queryParams := map[string]string{ - "limit": "100", - } - - if err := c.get(ctx, "/jans-config-api/api/v1/scopes", token, &ret, queryParams); err != nil { + if err := c.get(ctx, "/jans-config-api/api/v1/scopes", token, &ret, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/jans/script.go b/jans/script.go index 163d5e6..cc08165 100644 --- a/jans/script.go +++ b/jans/script.go @@ -66,7 +66,9 @@ func (c *Client) GetScripts(ctx context.Context) ([]Script, error) { ret := response{} - if err := c.get(ctx, "/jans-config-api/api/v1/config/scripts", token, &ret); err != nil { + if err := c.get(ctx, "/jans-config-api/api/v1/config/scripts", token, &ret, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/jans/testdata/metadata.xml b/jans/testdata/metadata.xml new file mode 100644 index 0000000..fab84ed --- /dev/null +++ b/jans/testdata/metadata.xml @@ -0,0 +1,8 @@ + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + + + diff --git a/jans/uma_resource.go b/jans/uma_resource.go index 20d204a..0d4f693 100644 --- a/jans/uma_resource.go +++ b/jans/uma_resource.go @@ -38,7 +38,9 @@ func (c *Client) GetUMAResources(ctx context.Context) ([]UMAResource, error) { } ret := response{} - if err := c.get(ctx, "/jans-config-api/api/v1/uma/resources", token, &ret); err != nil { + if err := c.get(ctx, "/jans-config-api/api/v1/uma/resources", token, &ret, map[string]string{ + "limit": "5", + }); err != nil { return nil, fmt.Errorf("get request failed: %w", err) } diff --git a/provider/provider.go b/provider/provider.go index 68adc30..02206b8 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -65,31 +65,34 @@ func Provider() *schema.Provider { // Provider automatically handles routing operations such as Apply, // Diff, etc. to the proper resource. ResourcesMap: map[string]*schema.Resource{ - "jans_admin_ui_permission": resourceAdminUIPermission(), - "jans_admin_ui_role": resourceAdminUIRole(), - "jans_admin_ui_role_permission_mapping": resourceAdminUIRolePermissionMapping(), - "jans_agama_deployment": resourceAgamaDeployment(), - "jans_api_app_configuration": resourceApiAppConfiguration(), - "jans_app_configuration": resourceAppConfiguration(), - "jans_attribute": resourceAttribute(), - "jans_cache_configuration": resourceCacheConfiguration(), - "jans_custom_user": resourceCustomUser(), - "jans_default_authentication_method": resourceDefaultAuthenticationMethod(), - "jans_fido_device": resourceFidoDevice(), - "jans_fido2_configuration": resourceFido2Configuration(), - "jans_fido2_device": resourceFido2Device(), - "jans_group": resourceGroup(), - "jans_json_web_key": resourceJsonWebKey(), - "jans_ldap_database_configuration": resourceLDAPDatabaseConfiguration(), - "jans_logging_configuration": resourceLoggingConfiguration(), - "jans_oidc_client": resourceOidcClient(), - "jans_organization": resourceOrganization(), - "jans_scim_app_configuration": resourceScimAppConfiguration(), - "jans_scope": resourceScope(), - "jans_script": resourceScript(), - "jans_smtp_configuration": resourceSmtpConfiguration(), - "jans_uma_resource": resourceUMAResource(), - "jans_user": resourceUser(), + // "jans_admin_ui_permission": resourceAdminUIPermission(), + // "jans_admin_ui_role": resourceAdminUIRole(), + // "jans_admin_ui_role_permission_mapping": resourceAdminUIRolePermissionMapping(), + "jans_agama_deployment": resourceAgamaDeployment(), + "jans_api_app_configuration": resourceApiAppConfiguration(), + "jans_app_configuration": resourceAppConfiguration(), + "jans_attribute": resourceAttribute(), + "jans_cache_configuration": resourceCacheConfiguration(), + "jans_custom_user": resourceCustomUser(), + "jans_default_authentication_method": resourceDefaultAuthenticationMethod(), + "jans_fido_device": resourceFidoDevice(), + "jans_fido2_configuration": resourceFido2Configuration(), + "jans_fido2_device": resourceFido2Device(), + "jans_group": resourceGroup(), + "jans_json_web_key": resourceJsonWebKey(), + "jans_kc_saml_configuration": resourceKCSamlConfiguration(), + "jans_kc_saml_identity_provider": resourceKCSamlIDP(), + "jans_kc_saml_trust_relationship": resourceKCSamlTR(), + "jans_ldap_database_configuration": resourceLDAPDatabaseConfiguration(), + "jans_logging_configuration": resourceLoggingConfiguration(), + "jans_oidc_client": resourceOidcClient(), + "jans_organization": resourceOrganization(), + "jans_scim_app_configuration": resourceScimAppConfiguration(), + "jans_scope": resourceScope(), + "jans_script": resourceScript(), + "jans_smtp_configuration": resourceSmtpConfiguration(), + "jans_uma_resource": resourceUMAResource(), + "jans_user": resourceUser(), }, // DataSourcesMap is the collection of available data sources that diff --git a/provider/resource_admin_permission_test.go b/provider/resource_admin_permission_test.go index 5aeebdb..2815b11 100644 --- a/provider/resource_admin_permission_test.go +++ b/provider/resource_admin_permission_test.go @@ -1,17 +1,6 @@ package provider -import ( - "context" - "errors" - "fmt" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/jans/terraform-provider-jans/jans" -) - +/* func TestAdminUIPermission_Mapping(t *testing.T) { schema := resourceAdminUIPermission() @@ -112,3 +101,4 @@ func testAccReourceCheckAdminUIPermissionDestroy(s *terraform.State) error { return nil } +*/ diff --git a/provider/resource_admin_role_permission_mapping_test.go b/provider/resource_admin_role_permission_mapping_test.go index 0fb4f7a..f00d2e2 100644 --- a/provider/resource_admin_role_permission_mapping_test.go +++ b/provider/resource_admin_role_permission_mapping_test.go @@ -1,17 +1,6 @@ package provider -import ( - "context" - "errors" - "fmt" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/jans/terraform-provider-jans/jans" -) - +/* func TestAdminUIRolePermissionMapping_Mapping(t *testing.T) { schema := resourceAdminUIRolePermissionMapping() @@ -128,3 +117,4 @@ func testAccResourceCheckAdminUIRolePermissionMappingDestroy(s *terraform.State) return nil } +*/ diff --git a/provider/resource_admin_role_test.go b/provider/resource_admin_role_test.go index 7835f19..5242242 100644 --- a/provider/resource_admin_role_test.go +++ b/provider/resource_admin_role_test.go @@ -1,17 +1,6 @@ package provider -import ( - "context" - "errors" - "fmt" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/jans/terraform-provider-jans/jans" -) - +/* func TestAdminUIRole_Mapping(t *testing.T) { schema := resourceAdminUIRole() @@ -115,3 +104,4 @@ func testAccResourceCheckAdminUIRoleDestroy(s *terraform.State) error { return nil } +*/ diff --git a/provider/resource_app_configuration.go b/provider/resource_app_configuration.go old mode 100644 new mode 100755 index 547f946..7b5ccc6 --- a/provider/resource_app_configuration.go +++ b/provider/resource_app_configuration.go @@ -225,6 +225,12 @@ func resourceAppConfiguration() *schema.Resource { Description: "URL of the OP's JSON Web Key Set (JWK) document. This contains the signing key(s) the RP uses to validate signatures from the OP. Example: https://server.example.com/restv1/jwks", ValidateDiagFunc: validateURL, }, + "archived_jwks_uri": { + Type: schema.TypeString, + Optional: true, + Description: "Archved URLs of the OP's JSON Web Key Set (JWK) document.", + ValidateDiagFunc: validateURL, + }, "openid_discovery_endpoint": { Type: schema.TypeString, Optional: true, @@ -366,11 +372,21 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "Boolean value true allow all value for revoke endpoint.", }, + "allow_revoke_for_other_clients": { + Type: schema.TypeBool, + Optional: true, + Description: "Boolean value ture allow revoke for other clients.", + }, "sector_identifier_cache_lifetime_in_minutes": { Type: schema.TypeInt, Optional: true, Description: "The cache lifetime in minutes of the sector identifier.", }, + "archived_jwk_lifetime_in_seconds": { + Type: schema.TypeInt, + Optional: true, + Description: "The archived jwk lifetime in seconds.", + }, "uma_configuration_endpoint": { Type: schema.TypeString, Optional: true, @@ -524,6 +540,7 @@ func resourceAppConfiguration() *schema.Resource { "implicit", "password", "refresh_token", + "tx_token", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:uma-ticket", @@ -623,6 +640,72 @@ func resourceAppConfiguration() *schema.Resource { }, }, }, + "introspection_signing_alg_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWS signing algorithms (alg values) JWA supported by the introspection endpoint`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, signingAlgs) + }, + }, + }, + "introspection_encryption_alg_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, encryptionAlgs) + }, + }, + }, + "introspection_encryption_enc_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWE encryption algorithms (alg values) JWA supported by the introspection endpoint`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, encryptionEnc) + }, + }, + }, + "tx_token_signing_alg_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWS signing algorithms (alg values) supported by the Token Exchange endpoint.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, signingAlgs) + }, + }, + }, + "tx_token_encryption_alg_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWE encryption algorithms (alg values) supported by the Token Exchange endpoint.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, encryptionAlgs) + }, + }, + }, + "tx_token_encryption_enc_values_supported": { + Type: schema.TypeList, + Optional: true, + Description: `A list of the JWE encryption algorithms (enc values) supported by the Token Exchange endpoint.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + return validateEnum(v, encryptionEnc) + }, + }, + }, "id_token_signing_alg_values_supported": { Type: schema.TypeList, Optional: true, @@ -897,6 +980,11 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "The lifetime of the Refresh Token.", }, + "tx_token_lifetime": { + Type: schema.TypeInt, + Optional: true, + Description: "The lifetime of the Token Exchange Token.", + }, "id_token_lifetime": { Type: schema.TypeInt, Optional: true, @@ -907,6 +995,16 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "Boolean value specifying whether idToken filters claims based on accessToken.", }, + "save_tokens_in_cache": { + Type: schema.TypeBool, + Optional: true, + Description: "Boolean value specifying whether to save token in cache.", + }, + "save_tokens_in_cache_and_dont_save_in_persistence": { + Type: schema.TypeBool, + Optional: true, + Description: "Boolean value specifying whether to save token in cache and don't save in persistence.", + }, "access_token_lifetime": { Type: schema.TypeInt, Optional: true, @@ -1216,6 +1314,11 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "The lifetime of session id in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.", }, + "session_id_cookie_lifetime": { + Type: schema.TypeInt, + Optional: true, + Description: "The lifetime of session id cookie in seconds. If 0 or -1 then expiration is not set. 'session_id' cookie expires when browser session ends.", + }, "server_session_id_lifetime": { Type: schema.TypeInt, Optional: true, @@ -1246,7 +1349,7 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: `List of the OAuth 2.0 Grant Type values that it's possible to set via client registration API. One of 'none', 'authorization_code', 'implicit', 'password', 'client_credentials', 'refresh_token', - 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code'.`, + 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:openid:params:grant-type:ciba', 'urn:ietf:params:oauth:grant-type:device_code', 'tx_token'.`, Elem: &schema.Schema{ Type: schema.TypeString, }, @@ -1361,34 +1464,6 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "Specifies static decryption Kid", }, - "jans_eleven_test_mode_token": { - Type: schema.TypeString, - Optional: true, - Description: "jansEleven Test Mode Token.", - }, - "jans_eleven_generate_key_endpoint": { - Type: schema.TypeString, - Optional: true, - Description: "URL for the jansEleven Generate Key Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/generateKey", - ValidateDiagFunc: validateURL, - }, - "jans_eleven_sign_endpoint": { - Type: schema.TypeString, - Optional: true, - Description: "URL for the jansEleven Sign Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/sign", - ValidateDiagFunc: validateURL, - }, - "jans_eleven_verify_signature_endpoint": { - Type: schema.TypeString, - Optional: true, - Description: "URL for the jansEleven Verify Signature Endpoint. Example: https://server.example.com/janseleven/rest/janseleven/verifySignature", - ValidateDiagFunc: validateURL, - }, - "jans_eleven_delete_key_endpoint": { - Type: schema.TypeString, - Optional: true, - Description: "URL for the jansEleven Delete Key Endpoint. Example: https://server.example.com/janseleven/rest/oxeleven/deleteKey", - }, "introspection_access_token_must_have_uma_protection_scope": { Type: schema.TypeBool, Optional: true, @@ -1404,6 +1479,11 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "Specifies if authorization to be skipped for introspection.", }, + "introspection_restrict_basic_authn_to_own_tokens": { + Type: schema.TypeBool, + Optional: true, + Description: "Specifies if basic authentication to be restricted to own tokens.", + }, "end_session_with_access_token": { Type: schema.TypeBool, Optional: true, @@ -1983,6 +2063,33 @@ func resourceAppConfiguration() *schema.Resource { Description: "List of feature flags.", Elem: &schema.Schema{ Type: schema.TypeString, + ValidateDiagFunc: func(i interface{}, p cty.Path) diag.Diagnostics { + + enums := []string{ + "UNKNOWN", + "HEALTH_CHECK", + "USERINFO", + "CLIENTINFO", + "ID_GENERATION", + "REGISTRATION", + "INTROSPECTION", + "REVOKE_TOKEN", + "REVOKE_SESSION", + "ACTIVE_SESSION", + "END_SESSION", + "STATUS_SESSION", + "JANS_CONFIGURATION", + "CIBA", + "UMA", + "U2F", + "DEVICE_AUTHZ", + "METRIC", + "STAT", + "PAR", + "SSA", + } + return validateEnum(i, enums) + }, }, }, "http_logging_enabled": { @@ -2026,10 +2133,6 @@ func resourceAppConfiguration() *schema.Resource { Type: schema.TypeString, Optional: true, }, - "serializer_type": { - Type: schema.TypeString, - Optional: true, - }, "max_items_logged_in_collections": { Type: schema.TypeInt, Optional: true, @@ -2054,6 +2157,16 @@ func resourceAppConfiguration() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "serialize_rules": { + Type: schema.TypeMap, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, "default_response_headers": { Type: schema.TypeMap, Optional: true, @@ -2107,6 +2220,26 @@ func resourceAppConfiguration() *schema.Resource { Optional: true, Description: "Boolean value specifying whether to skip authentication filter for options method calls.", }, + "lock_message_config": { + Type: schema.TypeList, + Optional: true, + Description: "Lock message configuration.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_id_token_messages": { + Type: schema.TypeBool, + Optional: true, + Description: "Boolean value specifying whether to enable ID Token messages.", + }, + "id_token_messages_channel": { + Type: schema.TypeString, + Optional: true, + Description: "ID Token messages channel.", + }, + }, + }, + }, "fapi": { Type: schema.TypeBool, Optional: true, diff --git a/provider/resource_fido2_configuration_test.go b/provider/resource_fido2_configuration_test.go index d46c81c..bd5c0d3 100644 --- a/provider/resource_fido2_configuration_test.go +++ b/provider/resource_fido2_configuration_test.go @@ -21,10 +21,10 @@ func TestResourceFido2Config_Mapping(t *testing.T) { Issuer: "https://moabu-21f13b7c-9069-ad58-5685-852e6d236020.gluu.info", BaseEndpoint: "https://moabu-21f13b7c-9069-ad58-5685-852e6d236020.gluu.info/jans-fido2/restv1", CleanServiceInterval: 60, - CleanServiceBatchChunkSize: 10000, + CleanServiceBatchChunkSize: 100, UseLocalCache: true, DisableJdkLogger: true, - LoggingLevel: "INFO", + LoggingLevel: "", LoggingLayout: "text", ExternalLoggerConfiguration: "", MetricReporterEnabled: true, @@ -62,8 +62,8 @@ func TestResourceFido2Config_Mapping(t *testing.T) { t.Fatal(err) } - if len(patches) != 22 { - t.Errorf("Got %d patches, expected 22", len(patches)) + if len(patches) != 21 { + t.Errorf("Got %d patches, expected 21", len(patches)) } if err := fromSchemaResource(data, &newCfg); err != nil { @@ -112,11 +112,11 @@ func testAccResourceCheckFido2ConfigurationImport(states []*terraform.InstanceSt found = true - if err := checkAttribute(is, "clean_service_batch_chunk_size", "10000"); err != nil { + if err := checkAttribute(is, "clean_service_batch_chunk_size", "100"); err != nil { return err } - if err := checkAttribute(is, "logging_level", "INFO"); err != nil { + if err := checkAttribute(is, "logging_level", ""); err != nil { return err } diff --git a/provider/resource_kc_saml_config.go b/provider/resource_kc_saml_config.go new file mode 100644 index 0000000..f321f54 --- /dev/null +++ b/provider/resource_kc_saml_config.go @@ -0,0 +1,230 @@ +package provider + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/jans/terraform-provider-jans/jans" +) + +func resourceKCSamlConfiguration() *schema.Resource { + + return &schema.Resource{ + Description: "Resource for managing Keycloak SAML Configuration.", + CreateContext: resourceKCSamlConfigurationCreate, + ReadContext: resourceKCSamlConfigurationRead, + UpdateContext: resourceKCSamlConfigurationUpdate, + DeleteContext: resourceUntrackOnDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + Schema: map[string]*schema.Schema{ + "application_name": { + Type: schema.TypeString, + Optional: true, + Description: "Application name.", + }, + "saml_trust_relationship_dn": { + Type: schema.TypeString, + Optional: true, + Description: "SAML trust relationship DN.", + }, + "trusted_idp_dn": { + Type: schema.TypeString, + Optional: true, + Description: "Trusted IDP DN.", + }, + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether the configuration should be enabled or not.", + }, + "slected_idp": { + Type: schema.TypeString, + Optional: true, + Description: "Selected IDP.", + }, + "server_url": { + Type: schema.TypeString, + Optional: true, + Description: "Server URL.", + }, + "realm": { + Type: schema.TypeString, + Optional: true, + Description: "Realm.", + }, + "client_id": { + Type: schema.TypeString, + Optional: true, + Description: "Client ID.", + }, + "client_secret": { + Type: schema.TypeString, + Optional: true, + Description: "Client Secret.", + }, + "grant_type": { + Type: schema.TypeString, + Optional: true, + Description: "Grant Type.", + }, + "scope": { + Type: schema.TypeString, + Optional: true, + Description: "Scope.", + }, + "username": { + Type: schema.TypeString, + Optional: true, + Description: "Username.", + }, + "password": { + Type: schema.TypeString, + Optional: true, + Description: "Password.", + }, + "sp_metadata_url": { + Type: schema.TypeString, + Optional: true, + Description: "SP Metadata URL.", + }, + "token_url": { + Type: schema.TypeString, + Optional: true, + Description: "Token URL.", + }, + "idp_url": { + Type: schema.TypeString, + Optional: true, + Description: "IDP URL.", + }, + "idp_metadata_import_url": { + Type: schema.TypeString, + Optional: true, + Description: "IDP Metadata Import URL.", + }, + "idp_root_dir": { + Type: schema.TypeString, + Optional: true, + Description: "IDP Root Directory.", + }, + "idp_metadata_dir": { + Type: schema.TypeString, + Optional: true, + Description: "IDP Metadata Directory.", + }, + "idp_metadata_temp_dir": { + Type: schema.TypeString, + Optional: true, + Description: "IDP Metadata Temporary Directory.", + }, + "idp_metadata_file": { + Type: schema.TypeString, + Optional: true, + Description: "IDP Metadata File.", + }, + "sp_metadata_dir": { + Type: schema.TypeString, + Optional: true, + Description: "SP Metadata Directory.", + }, + "sp_metadata_temp_dir": { + Type: schema.TypeString, + Optional: true, + Description: "SP Metadata Temporary Directory.", + }, + "sp_metadata_file": { + Type: schema.TypeString, + Optional: true, + Description: "SP Metadata File.", + }, + "ignore_validation": { + Type: schema.TypeString, + Optional: true, + Description: "Ignore Validation.", + }, + "idp_metadata_mandatory_attributes": { + Type: schema.TypeList, + Optional: true, + Description: "IDP Metadata Mandatory Attributes.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "kc_attributes": { + Type: schema.TypeList, + Optional: true, + Description: "KC Attributes.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "kc_saml_config": { + Type: schema.TypeList, + Optional: true, + Description: "KC SAML Config..", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func resourceKCSamlConfigurationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + var saml jans.KCSAMLConfiguration + + if err := fromSchemaResource(d, &saml); err != nil { + return diag.Errorf("failed to read resource: %s", err.Error()) + } + + tflog.Debug(ctx, "Creating new KCSAMLConfiguration", map[string]interface{}{"message": saml}) + if _, err := c.CreateKCSAMLConfiguration(ctx, &saml); err != nil { + return diag.Errorf("failed to create KCSAMLConfiguration: %s", err.Error()) + } + + return resourceKCSamlConfigurationRead(ctx, d, meta) +} + +func resourceKCSamlConfigurationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + + saml, err := c.GetKCSAMLConfiguration(ctx) + if err != nil { + return diag.Errorf("failed to get KCSAMLConfiguration: %s", err.Error()) + } + + if err := toSchemaResource(d, saml); err != nil { + return diag.Errorf("failed to write resource: %s", err.Error()) + } + + tflog.Debug(ctx, "KCSAMLConfiguration read") + + return nil +} + +func resourceKCSamlConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + + var saml jans.KCSAMLConfiguration + patches, err := patchFromResourceData(d, &saml) + if err != nil { + return diag.Errorf("failed to read resource: %s", err.Error()) + } + + tflog.Debug(ctx, "Updating KCSAMLConfiguration", map[string]interface{}{"message": saml}) + if _, err := c.PatchKCSAMLConfiguration(ctx, patches); err != nil { + return diag.Errorf("failed to update KCSAMLConfiguration: %s", err.Error()) + } + + tflog.Debug(ctx, "KCSAMLConfiguration updated") + + return resourceKCSamlConfigurationRead(ctx, d, meta) +} diff --git a/provider/resource_kc_saml_idp.go b/provider/resource_kc_saml_idp.go new file mode 100644 index 0000000..1d58c7c --- /dev/null +++ b/provider/resource_kc_saml_idp.go @@ -0,0 +1,272 @@ +package provider + +import ( + "context" + + "github.com/hashicorp/go-cty/cty" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/jans/terraform-provider-jans/jans" +) + +func resourceKCSamlIDP() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Keycloak SAML Identity Provider.", + CreateContext: resourceKCSamlIDPCreate, + ReadContext: resourceKCSamlIDPRead, + UpdateContext: resourceKCSamlIDPUpdate, + DeleteContext: resourceKCSamlIDPDelete, + Schema: map[string]*schema.Schema{ + "dn": { + Type: schema.TypeString, + Computed: true, + Description: "DN of the identity provider.", + }, + "inum": { + Type: schema.TypeString, + Computed: true, + Description: "Inum of the identity provider.", + }, + "creator_id": { + Type: schema.TypeString, + Required: true, + Description: "Creator ID of the identity provider.", + }, + "name": { + Type: schema.TypeString, + Required: true, + Description: "Name of the identity provider.", + }, + "display_name": { + Type: schema.TypeString, + Required: true, + Description: "Display name of the identity provider.", + }, + "description": { + Type: schema.TypeString, + Required: true, + Description: "Description of the identity provider.", + }, + "realm": { + Type: schema.TypeString, + Required: true, + Description: "Realm of the identity provider.", + }, + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Status of the identity provider.", + }, + "signing_certificate": { + Type: schema.TypeString, + Optional: true, + Description: "Signing certificate of the identity provider.", + }, + "validate_signature": { + Type: schema.TypeString, + Optional: true, + Description: "Validate signature of the identity provider.", + }, + "single_logout_service_url": { + Type: schema.TypeString, + Optional: true, + Description: "Single logout service URL of the identity provider.", + }, + "name_id_policy_format": { + Type: schema.TypeString, + Optional: true, + Description: "Name ID policy format of the identity provider.", + }, + "idp_entity_id": { + Type: schema.TypeString, + Optional: true, + Description: "IDP entity ID of the identity provider.", + }, + "single_sign_on_service_url": { + Type: schema.TypeString, + Optional: true, + Description: "Single sign on service URL of the identity provider.", + }, + "encryption_public_key": { + Type: schema.TypeString, + Optional: true, + Description: "Encryption public key of the identity provider.", + }, + "provider_id": { + Type: schema.TypeString, + Optional: true, + Description: "Provider ID of the identity provider.", + }, + "trust_email": { + Type: schema.TypeBool, + Optional: true, + Description: "Trust email of the identity provider.", + }, + "store_token": { + Type: schema.TypeBool, + Optional: true, + Description: "Store token of the identity provider.", + }, + "add_read_token_role_on_create": { + Type: schema.TypeBool, + Optional: true, + Description: "Add read token role on create of the identity provider.", + }, + "authenticate_by_default": { + Type: schema.TypeBool, + Optional: true, + Description: "Authenticate by default of the identity provider.", + }, + "link_only": { + Type: schema.TypeBool, + Optional: true, + Description: "Link only of the identity provider.", + }, + "first_broker_login_flow_alias": { + Type: schema.TypeString, + Optional: true, + Description: "First broker login flow alias of the identity provider.", + }, + "post_broker_login_flow_alias": { + Type: schema.TypeString, + Optional: true, + Description: "Post broker login flow alias of the identity provider.", + }, + "sp_meta_data_url": { + Type: schema.TypeString, + Optional: true, + Description: "SP metadata URL of the identity provider.", + }, + "sp_meta_data_location": { + Type: schema.TypeString, + Optional: true, + Description: "SP metadata location of the identity provider.", + }, + "idp_meta_data_url": { + Type: schema.TypeString, + Optional: true, + Description: "IDP metadata URL of the identity provider.", + }, + "idp_meta_data_location": { + Type: schema.TypeString, + Optional: true, + Description: "IDP metadata location of the identity provider.", + }, + "status": { + Type: schema.TypeString, + Optional: true, + Description: "Status of the identity provider.", + ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics { + enums := []string{"active", "inactive", "expired", "register"} + return validateEnum(v, enums) + }, + }, + "validation_status": { + Type: schema.TypeString, + Optional: true, + Description: "Validation status of the identity provider.", + ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics { + enums := []string{"In Progress", "Success", "Scheduled", "Failed"} + return validateEnum(v, enums) + }, + }, + "validation_log": { + Type: schema.TypeList, + Optional: true, + Description: "Validation log of the identity provider.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "base_dn": { + Type: schema.TypeString, + Optional: true, + Description: "Base DN of the identity provider.", + }, + "valid_until": { + Type: schema.TypeString, + Optional: true, + Description: "Valid until of the identity provider.", + }, + "cache_duration": { + Type: schema.TypeString, + Optional: true, + Description: "Cache duration of the identity provider.", + }, + "metadata_file": { + Type: schema.TypeString, + Optional: true, + Description: "Metadata file location for the trust relationship.", + }, + }, + } +} + +func resourceKCSamlIDPCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + + idp, f, err := handleMetadataFile[jans.IdentityProvider](d) + if err != nil { + return diag.FromErr(err) + } + + ip, err := c.CreateIDP(ctx, idp, f) + if err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "New Identity Provider created", map[string]interface{}{"inum": ip.Inum}) + + return resourceKCSamlIDPRead(ctx, d, meta) +} + +func resourceKCSamlIDPRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + c := meta.(*jans.Client) + + ip, err := c.GetIDP(ctx, d.Get("inum").(string)) + if err != nil { + return handleNotFoundError(ctx, err, d) + } + + if err := toSchemaResource(d, ip); err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "Identity Provider read") + + return nil +} + +func resourceKCSamlIDPDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { + c := meta.(*jans.Client) + + inum := d.Get("inum").(string) + tflog.Debug(ctx, "Deleting Identity Provider", map[string]any{"inum": inum}) + if err := c.DeleteIDP(ctx, inum); err != nil { + return diag.FromErr(err) + } + tflog.Debug(ctx, "Identity Provider deleted", map[string]any{"inum": inum}) + + return resourceKCSamlIDPRead(ctx, d, meta) +} + +func resourceKCSamlIDPUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + c := meta.(*jans.Client) + + idp, f, err := handleMetadataFile[jans.IdentityProvider](d) + if err != nil { + return diag.FromErr(err) + } + + ip, err := c.UpdateIDP(ctx, idp, f) + if err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "Identity Provider updated", map[string]interface{}{"inum": ip.Inum}) + + return resourceKCSamlIDPRead(ctx, d, meta) +} diff --git a/provider/resource_kc_saml_tr.go b/provider/resource_kc_saml_tr.go new file mode 100644 index 0000000..c5dbd4f --- /dev/null +++ b/provider/resource_kc_saml_tr.go @@ -0,0 +1,316 @@ +package provider + +import ( + "context" + "fmt" + "io" + "os" + + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/jans/terraform-provider-jans/jans" +) + +func resourceKCSamlTR() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Keycloak SAML Trust Relationship.", + CreateContext: resourceKCSamlTRCreate, + ReadContext: resourceKCSamlTRRead, + UpdateContext: resourceKCSamlTRUpdate, + DeleteContext: resourceKCSamlTRDelete, + Schema: map[string]*schema.Schema{ + "dn": { + Type: schema.TypeString, + Computed: true, + Description: "DN of the identity provider.", + }, + "inum": { + Type: schema.TypeString, + Computed: true, + Description: "Inum of the identity provider.", + }, + "owner": { + Type: schema.TypeString, + Optional: true, + Description: "Owner of the trust relationship.", + }, + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Name of the trust relationship.", + }, + "display_name": { + Type: schema.TypeString, + Required: true, + Description: "Display name of the trust relationship.", + }, + "description": { + Type: schema.TypeString, + Required: true, + Description: "Description of the trust relationship.", + }, + "root_url": { + Type: schema.TypeString, + Optional: true, + Description: "Root URL of the trust relationship.", + }, + "admin_url": { + Type: schema.TypeString, + Optional: true, + Description: "Admin URL of the trust relationship.", + }, + "base_url": { + Type: schema.TypeString, + Optional: true, + Description: "Base URL of the trust relationship.", + }, + "surrogate_auth_required": { + Type: schema.TypeBool, + Optional: true, + Description: "Surrogate auth required of the trust relationship.", + }, + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: "Status of the trust relationship.", + }, + "always_display_in_console": { + Type: schema.TypeBool, + Optional: true, + Description: "Always display in console of the trust relationship.", + }, + "client_authenticator_type": { + Type: schema.TypeString, + Optional: true, + Description: "Client authenticator type of the trust relationship.", + }, + "secret": { + Type: schema.TypeString, + Optional: true, + Description: "Secret of the trust relationship.", + }, + "registration_access_token": { + Type: schema.TypeString, + Optional: true, + Description: "Registration access token of the trust relationship.", + }, + "consent_required": { + Type: schema.TypeBool, + Optional: true, + Description: "Consent required of the trust relationship.", + }, + "metadata_file": { + Type: schema.TypeString, + Optional: true, + Description: "Metadata file location for the trust relationship.", + AtLeastOneOf: []string{"saml_metadata"}, + }, + "saml_metadata": { + Type: schema.TypeList, + Optional: true, + AtLeastOneOf: []string{"metadata_file"}, + Description: "SAML metadata of the trust relationship.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name_id_policy_format": { + Type: schema.TypeString, + Optional: true, + Description: "Name ID policy format of the trust relationship.", + }, + "entity_id": { + Type: schema.TypeString, + Optional: true, + Description: "Entity ID of the trust relationship.", + }, + "single_logout_service_url": { + Type: schema.TypeString, + Optional: true, + Description: "Single logout service URL of the trust relationship.", + }, + "jans_assertion_consumer_service_get_url": { + Type: schema.TypeString, + Optional: true, + Description: "Jans assertion consumer service GET URL of the trust relationship.", + }, + "jans_assertion_consumer_service_post_url": { + Type: schema.TypeString, + Optional: true, + Description: "Jans assertion consumer service POST URL of the trust relationship.", + }, + }, + }, + MaxItems: 1, + }, + "redirect_uris": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "Redirect URIs of the trust relationship.", + }, + "sp_meta_data_url": { + Type: schema.TypeString, + Optional: true, + Description: "SP metadata URL of the trust relationship.", + }, + "meta_location": { + Type: schema.TypeString, + Optional: true, + Description: "Meta location of the trust relationship.", + }, + "released_attributes": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "Released attributes of the trust relationship.", + }, + "url": { + Type: schema.TypeString, + Optional: true, + Description: "URL of the trust relationship.", + }, + "sp_logout_url": { + Type: schema.TypeString, + Optional: true, + Description: "SP logout URL of the trust relationship.", + }, + "status": { + Type: schema.TypeString, + Optional: true, + Description: "Status of the trust relationship.", + }, + "validation_status": { + Type: schema.TypeString, + Optional: true, + Description: "Validation status of the trust relationship.", + }, + "validation_log": { + Type: schema.TypeList, + Optional: true, + Description: "Validation log of the trust relationship.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "profile_configurations": { + Type: schema.TypeList, + Optional: true, + Description: "Profile configurations of the trust relationship.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "additional_prop1": additionalPropSchema(), + "additional_prop2": additionalPropSchema(), + "additional_prop3": additionalPropSchema(), + }, + }, + MaxItems: 1, + }, + "base_dn": { + Type: schema.TypeString, + Optional: true, + Description: "Base DN of the trust relationship.", + }, + }, + } +} + +func additionalPropSchema() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Description: "Additional prop of the trust relationship.", + Elem: &schema.Schema{Type: schema.TypeString}, + MaxItems: 1, + } +} + +func resourceKCSamlTRRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics { + + c := m.(*jans.Client) + + tr, err := c.GetTR(ctx, d.Get("inum").(string)) + if err != nil { + return diag.FromErr(err) + } + + if err := toSchemaResource(d, tr); err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "ResourceKCSamlTRRead: Read trust relationship: inum=%s, dn=%s", map[string]any{"Inum": tr.Inum}) + + return nil +} + +func resourceKCSamlTRCreate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics { + + c := m.(*jans.Client) + + tr, f, err := handleMetadataFile[jans.TrustRelationship](d) + if err != nil { + return diag.FromErr(err) + } + + tr, err = c.CreateTR(ctx, tr, f) + if err != nil { + return diag.FromErr(err) + } + + return resourceKCSamlTRRead(ctx, d, m) +} + +func resourceKCSamlTRUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { + + c := meta.(*jans.Client) + + tr, f, err := handleMetadataFile[jans.TrustRelationship](d) + if err != nil { + return diag.FromErr(err) + } + + tr, err = c.UpdateTR(ctx, tr, f) + if err != nil { + return diag.FromErr(err) + } + + return resourceKCSamlTRRead(ctx, d, meta) +} + +func resourceKCSamlTRDelete(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics { + c := m.(*jans.Client) + + inum := d.Get("inum").(string) + tflog.Debug(ctx, "Deleting trust relationship: inum=%s", map[string]any{"Inum": inum}) + if err := c.DeleteTR(ctx, inum); err != nil { + return diag.FromErr(err) + } + tflog.Debug(ctx, "Deleted trust relationship: inum=%s", map[string]any{"Inum": inum}) + + return resourceKCSamlTRRead(ctx, d, m) +} + +func handleMetadataFile[T any](d *schema.ResourceData) (*T, io.Reader, error) { + req := new(T) + + err := fromSchemaResource(d, req) + if err != nil { + return nil, nil, err + } + + v, ok := d.GetOk("metadata_file") + if !ok { + return req, nil, nil + } + + loc, ok := v.(string) + if !ok { + return nil, nil, fmt.Errorf("expected type string, got %T", v) + } + + f, err := os.Open(loc) + if err != nil { + return nil, nil, fmt.Errorf("failed to open file: %w", err) + } + + return req, f, nil +} diff --git a/provider/resource_message.go b/provider/resource_message.go new file mode 100644 index 0000000..a867b38 --- /dev/null +++ b/provider/resource_message.go @@ -0,0 +1,266 @@ +package provider + +import ( + "context" + + "github.com/hashicorp/go-cty/cty" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/jans/terraform-provider-jans/jans" +) + +func resourceMessageConfiguration() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Message Configuration.", + CreateContext: resourceMessageConfigurationCreate, + ReadContext: resourceMessageConfigurationRead, + UpdateContext: resourceMessageConfigurationUpdate, + DeleteContext: resourceUntrackOnDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + Schema: map[string]*schema.Schema{ + "message_provider_type": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: func(v interface{}, _ cty.Path) diag.Diagnostics { + + enums := []string{"DISABLED", "REDIS", "POSTGRES"} + return validateEnum(v, enums) + }, + Description: "Message provider type.", + }, + "postgres_configuration": { + Type: schema.TypeList, + Required: true, + Description: "Postgres configuration.", + Elem: resourcePostgresConfiguration(), + MaxItems: 1, + }, + "redis_configuration": { + Type: schema.TypeList, + Required: true, + Description: "Postgres configuration.", + Elem: resourceRedisConfiguration(), + MaxItems: 1, + }, + }, + } +} + +func resourceNullConfiguration() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Null Configuration.", + } +} + +func resourcePostgresConfiguration() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Postgres Configuration.", + Schema: map[string]*schema.Schema{ + "driver_class_name": { + Type: schema.TypeString, + Optional: true, + Description: "Driver class name.", + }, + "db_schema_name": { + Type: schema.TypeString, + Optional: true, + Description: "Name of the database schema.", + }, + "connection_uri": { + Type: schema.TypeString, + Optional: true, + Description: "Connection URI of the database.", + }, + "auth_user_name": { + Type: schema.TypeString, + Optional: true, + Description: "Username for authenticating.", + }, + "auth_user_password": { + Type: schema.TypeString, + Optional: true, + Description: "Password for authenticating.", + }, + "connection_pool_max_total": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum number of connections.", + }, + "connection_pool_max_idle": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum number of idle connections.", + }, + "connection_pool_min_idle": { + Type: schema.TypeInt, + Optional: true, + Description: "Minimum number of idle connections.", + }, + "message_wait_millis": { + Type: schema.TypeInt, + Optional: true, + Description: "Time to wait for a message.", + }, + "message_sleep_thread_millis": { + Type: schema.TypeInt, + Optional: true, + Description: "Time to sleep for a message.", + }, + }, + } +} + +func resourceRedisConfiguration() *schema.Resource { + return &schema.Resource{ + Description: "Resource for managing Redis Configuration.", + Schema: map[string]*schema.Schema{ + "redis_provider_type": { + Type: schema.TypeString, + Optional: true, + ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { + + enums := []string{"STANDALONE", "CLUSTER", "SHARED", "SENTINEL"} + return validateEnum(v, enums) + }, + Description: "Redis provider type.", + }, + "servers": { + Type: schema.TypeString, + Optional: true, + Description: "Redis servers.", + }, + "default_put_expiration": { + Type: schema.TypeInt, + Optional: true, + Description: "Default put expiration.", + }, + "sentinel_master_group_name": { + Type: schema.TypeString, + Optional: true, + Description: "Sentinel master group name.", + }, + "password": { + Type: schema.TypeString, + Optional: true, + Description: "Password for authenticating.", + }, + "use_ssl": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether to use SSL.", + }, + "ssl_trust_store_file_path": { + Type: schema.TypeString, + Optional: true, + Description: "SSL trust store file path.", + }, + "ssl_trust_store_password": { + Type: schema.TypeString, + Optional: true, + Description: "SSL trust store password.", + }, + "ssl_key_store_file_path": { + Type: schema.TypeString, + Optional: true, + Description: "SSL key store file path.", + }, + "ssl_key_store_password": { + Type: schema.TypeString, + Optional: true, + Description: "SSL key store password.", + }, + "max_idle_connections": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum number of idle connections.", + }, + "max_total_connections": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum number of connections.", + }, + "connection_timeout": { + Type: schema.TypeInt, + Optional: true, + Description: "Connection timeout.", + }, + "so_timeout": { + Type: schema.TypeInt, + Optional: true, + Description: "SO timeout.", + }, + "max_retry_attempts": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum number of retry attempts.", + }, + }, + } +} + +func resourceMessageConfigurationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + var message jans.MessageConfiguration + + if err := fromSchemaResource(d, &message); err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "Creating new Message Configuration") + if message.MessageProviderType == "NULL" { + return diag.Errorf("Message provider type cannot be NULL") + } else if message.MessageProviderType == "REDIS" && message.RedisConfiguration != nil { + if _, err := c.CreateMessageRedis(ctx, message.RedisConfiguration); err != nil { + return diag.FromErr(err) + } + } else if message.MessageProviderType == "POSTGRES" && message.PostgresConfiguration != nil { + if _, err := c.CreateMessagePostgres(ctx, message.PostgresConfiguration); err != nil { + return diag.FromErr(err) + } + } + + tflog.Debug(ctx, "New Message Configuration created", map[string]interface{}{"message_provider_type": message.MessageProviderType}) + + return resourceMessageConfigurationRead(ctx, d, meta) +} + +func resourceMessageConfigurationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + + message, err := c.GetMessage(ctx) + if err != nil { + return handleNotFoundError(ctx, err, d) + } + + if err := toSchemaResource(d, message); err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "Message Configuration read") + + return nil +} + +func resourceMessageConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + c := meta.(*jans.Client) + + var message jans.MessageConfiguration + patches, err := patchFromResourceData(d, &message) + if err != nil { + return diag.FromErr(err) + } + + if _, err := c.PatchMessage(ctx, patches); err != nil { + return diag.FromErr(err) + } + + tflog.Debug(ctx, "Message Configuration updated", map[string]interface{}{"message_provider_type": message.MessageProviderType}) + + return resourceMessageConfigurationRead(ctx, d, meta) +} diff --git a/provider/resource_oidc_client.go b/provider/resource_oidc_client.go index a52edf1..d7eedd0 100644 --- a/provider/resource_oidc_client.go +++ b/provider/resource_oidc_client.go @@ -313,7 +313,7 @@ func resourceOidcClient() *schema.Resource { Description: "Requested Client Authentication method for the Token Endpoint.", ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { - enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "tls_client_auth", "none"} + enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "access_token", "tls_client_auth", "self_signed_tls_client_auth", "none"} return validateEnum(v, enums) }, }, @@ -651,6 +651,11 @@ func resourceOidcClient() *schema.Resource { Description: `sets prompt=login to the authorization request, which causes the authorization server to force the user to sign in again before it will show the authorization prompt.`, }, + "tx_token_lifetime": { + Type: schema.TypeInt, + Optional: true, + Description: "Specifies the Client-specific TX Token expiration.", + }, "id_token_lifetime": { Type: schema.TypeInt, Optional: true, @@ -697,6 +702,44 @@ func resourceOidcClient() *schema.Resource { Optional: true, Description: "Specifies the evidence that the client presents to the authorization server.", }, + "introspection_signed_response_alg": { + Type: schema.TypeString, + Optional: true, + Description: "JWS alg algorithm (JWA) required for signing the introspection response.", + }, + "introspection_encrypted_response_alg": { + Type: schema.TypeString, + Optional: true, + Description: "JWE alg algorithm (JWA) required for encrypting the introspection response.", + }, + "introspection_encrypted_response_enc": { + Type: schema.TypeString, + Optional: true, + Description: "JWE enc algorithm (JWA) required for encrypting the introspection response.", + }, + "tx_token_signed_response_alg": { + Type: schema.TypeString, + Optional: true, + Description: "JWS alg algorithm (JWA) required for signing the TX Token response.", + }, + "tx_token_encrypted_response_alg": { + Type: schema.TypeString, + Optional: true, + Description: "JWE alg algorithm (JWA) required for encrypting the TX Token response.", + }, + "tx_token_encrypted_response_enc": { + Type: schema.TypeString, + Optional: true, + Description: "JWE enc algorithm (JWA) required for encrypting the TX Token response.", + }, + "authorization_details_types": { + Type: schema.TypeList, + Optional: true, + Description: "List of authorization details types.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, }, }, }, @@ -763,17 +806,6 @@ func resourceOidcClient() *schema.Resource { Optional: true, Description: "Display name of the client.", }, - "authentication_method": { - Type: schema.TypeString, - Optional: true, - Description: "", - ValidateDiagFunc: func(v interface{}, p cty.Path) diag.Diagnostics { - - enums := []string{"client_secret_basic", "client_secret_post", "client_secret_jwt", - "private_key_jwt", "access_token", "tls_client_auth", "self_signed_tls_client_auth", "none"} - return validateEnum(v, enums) - }, - }, "base_dn": { Type: schema.TypeString, Computed: true, diff --git a/provider/resource_oidc_client_test.go b/provider/resource_oidc_client_test.go index 15afabf..77be717 100644 --- a/provider/resource_oidc_client_test.go +++ b/provider/resource_oidc_client_test.go @@ -76,11 +76,11 @@ func TestReourceOidcClient_Mapping(t *testing.T) { Description: "Test client", Organization: "inum=1200.33AFBA,ou=scopes,o=jans", // Groups: []string{}, - Ttl: 3600, - DisplayName: "SCIM client", - AuthenticationMethod: "client_secret_basic", - BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans", - Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e", + Ttl: 3600, + DisplayName: "SCIM client", + BaseDn: "inum=1201.d52300ed-8193-510e-b31d-5829f4af346e,ou=clients,o=jans", + Inum: "1201.d52300ed-8193-510e-b31d-5829f4af346e", + // TODO: Add new encryption algs } if err := toSchemaResource(data, client); err != nil { @@ -124,7 +124,6 @@ func testAccResourceOidcClientConfig_basic() string { return ` resource "jans_oidc_client" "test" { inum = "1201.d52300ed-8193-510e-b31d-5829f4af346e" - authentication_method = "client_secret_basic" token_endpoint_auth_method = "client_secret_basic" application_type = "web" display_name = "SCIM client" diff --git a/provider/resource_script.go b/provider/resource_script.go index 568187b..4876eae 100644 --- a/provider/resource_script.go +++ b/provider/resource_script.go @@ -88,10 +88,12 @@ func resourceScript() *schema.Resource { "persistence_extension", "idp", "discovery", + "authz_detail", "update_token", "config_api_auth", "modify_ssa_response", "fido2_extension", + "lock_extension", } return validateEnum(v, enums) },