fix(terraform-provider-jans): update terraform module

terraform-provider-jans/.goreleaser.yml

@@ -0,0 +1,60 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+before:
+  hooks:
+    # this is just an example and not a requirement for provider building/publishing
+    - go mod tidy
+builds:
+- env:
+    # goreleaser does not work with CGO, it could also complicate
+    # usage by users in CI/CD systems like Terraform Cloud where
+    # they are unable to install libraries.
+    - CGO_ENABLED=0
+  mod_timestamp: '{{ .CommitTimestamp }}'
+  flags:
+    - -trimpath
+  ldflags:
+    - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+  goos:
+    - freebsd
+    - windows
+    - linux
+    - darwin
+  goarch:
+    - amd64
+    - '386'
+    - arm
+    - arm64
+  ignore:
+    - goos: darwin
+      goarch: '386'
+  binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+- format: zip
+  name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  # If you want to manually examine the release before its live, uncomment this line:
+  # draft: true
+changelog:
+  skip: true

terraform-provider-jans/CHANGELOG.md

@@ -1,8 +1,27 @@
 # Changelog
 
+## [0.2.0](https://github.com/JannsenProject/terraform-provider-jans/compare/v0.1.0...v0.2.0) (2023-02-16)
+
+
+### Features
+
+* add initial janssen terraform provider 
+
+
+### Bug Fixes
+
+* 3 obsolete validations 
+* added sorting of parameter array for app configuration 
+* added support for nested slices as entity attributes 
+* adjusted validations to match latest API definition 
+* obsolete validations 
+* remove debugging code 
+* update attribute description to reflect new validation rules 
+* update description of app config to include info on sort order 
+
 ## 0.1.0 (2023-02-08)
 
 
 ### Features
 
-* add initial janssen terraform provider
+* add initial janssen terraform provider 

terraform-provider-jans/jans/admin_ui_rbac_test.go

@@ -10,6 +10,10 @@ import (
 
 func TestAdminUIRoles(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)
@@ -68,6 +72,10 @@ func TestAdminUIRoles(t *testing.T) {
 
 func TestAdminUIPermissions(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)
@@ -125,6 +133,10 @@ func TestAdminUIPermissions(t *testing.T) {
 
 func TestAdminUIRolePermissions(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)

terraform-provider-jans/jans/app_configuration.go

@@ -186,8 +186,8 @@ type AppConfiguration struct {
 	DynamicRegistrationCustomObjectClass                      string                                `schema:"dynamic_registration_custom_object_class" json:"dynamicRegistrationCustomObjectClass"`
 	DynamicRegistrationScopesParamEnabled                     bool                                  `schema:"dynamic_registration_scopes_param_enabled" json:"dynamicRegistrationScopesParamEnabled"`
 	DynamicRegistrationPasswordGrantTypeEnabled               bool                                  `schema:"dynamic_registration_password_grant_type_enabled" json:"dynamicRegistrationPasswordGrantTypeEnabled"`
-	PersistIdToken                                            bool                                  `schema:"persist_id_token_in_ldap" json:"persistIdToken"`
-	PersistRefreshToken                                       bool                                  `schema:"persist_refresh_token_in_ldap" json:"persistRefreshToken"`
+	PersistIdTokenInLdap                                      bool                                  `schema:"persist_id_token_in_ldap" json:"persistIdTokenInLdap"`
+	PersistRefreshTokenInLdap                                 bool                                  `schema:"persist_refresh_token_in_ldap" json:"persistRefreshTokenInLdap"`
 	AllowPostLogoutRedirectWithoutValidation                  bool                                  `schema:"allow_post_logout_redirect_without_validation" json:"allowPostLogoutRedirectWithoutValidation"`
 	InvalidateSessionCookiesAfterAuthorizationFlow            bool                                  `schema:"invalidate_session_cookies_after_authorization_flow" json:"invalidateSessionCookiesAfterAuthorizationFlow"`
 	ReturnClientSecretOnRead                                  bool                                  `schema:"return_client_secret_on_read" json:"returnClientSecretOnRead"`
@@ -340,6 +340,8 @@ func (c *Client) GetAppConfiguration(ctx context.Context) (*AppConfiguration, er
 		return nil, fmt.Errorf("get request failed: %w", err)
 	}
 
+	sortArrays(&ret.AuthorizationRequestCustomAllowedParameters)
+
 	return ret, nil
 }
 

terraform-provider-jans/jans/app_configuration_test.go

@@ -2,7 +2,10 @@ package jans
 
 import (
 	"context"
+	"fmt"
+	"math/rand"
 	"testing"
+	"time"
 )
 
 func TestAuthConfigMapping(t *testing.T) {
@@ -39,7 +42,11 @@ func TestPatchAuthConfig(t *testing.T) {
 		t.Fatal("expected 1 client in blacklist")
 	}
 
-	cfg.ClientBlackList = []string{"*.attacker.com/*"}
+	rand.Seed(time.Now().UnixNano())
+
+	newEntry := fmt.Sprintf("*.attacker-%v.com/*", rand.Intn(100))
+
+	cfg.ClientBlackList = []string{newEntry}
 
 	if _, err := client.UpdateAppConfiguration(ctx, cfg); err != nil {
 		t.Fatal(err)
@@ -54,7 +61,8 @@ func TestPatchAuthConfig(t *testing.T) {
 		t.Fatal("expected 1 client in blacklist")
 	}
 
-	if (cfg.ClientBlackList[0]) != "*.attacker.com/*" {
-		t.Fatal("expected *.attacker.com/* in blacklist")
+	if (cfg.ClientBlackList[0]) != newEntry {
+		t.Fatalf("expected '%s' in blacklist, got '%s'", newEntry, cfg.ClientBlackList[0])
 	}
+
 }

terraform-provider-jans/jans/client.go

@@ -7,6 +7,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"reflect"
+	"sort"
 
 	"net/http"
 	"net/url"
@@ -379,3 +381,61 @@ func (c *Client) request(ctx context.Context, params requestParams) error {
 
 	return nil
 }
+
+// Since some arrays in the JSON we get from the server are unsorted,
+// but HCL is sorted, we sort all arrays we from the API before we
+// compare them with the HCL arrays. This way we can avoid getting
+// diverging plans.
+func sortArrays(entity any) {
+
+	if reflect.ValueOf(entity).Kind() != reflect.Ptr {
+		panic("entity is not a pointer")
+	}
+
+	t := reflect.TypeOf(entity).Elem()
+	v := reflect.ValueOf(entity).Elem()
+
+	if t.Kind() == reflect.Slice {
+
+		if t.Elem().Kind() == reflect.Struct {
+
+			// slices of structs are recursively sorted
+			for i := 0; i < v.Len(); i++ {
+				sortArrays(v.Index(i).Addr().Interface())
+			}
+
+		}
+
+		// all slices are then sorted themselves. We use
+		// the string representation. More complex sorting
+		// can be added here if needed.
+		sort.Slice(v.Interface(), func(i, j int) bool {
+			a := fmt.Sprintf("%v", v.Index(i).Interface())
+			b := fmt.Sprintf("%v", v.Index(j).Interface())
+			return a < b
+		})
+
+		return
+	}
+
+	if v.Kind() != reflect.Struct {
+		panic("entity is not a pointer to struct, nor to a slice")
+	}
+
+	// iterate over all fields of the entity
+	for i := 0; i < v.NumField(); i++ {
+
+		field := v.Field(i)
+
+		// check if the field is an array
+		if field.Kind() == reflect.Slice {
+
+			sort.Slice(field.Interface(), func(i, j int) bool {
+				a := fmt.Sprintf("%v", field.Index(i).Interface())
+				b := fmt.Sprintf("%v", field.Index(j).Interface())
+				return a < b
+			})
+		}
+	}
+
+}

terraform-provider-jans/jans/client_test.go

@@ -8,9 +8,10 @@ import (
 )
 
 var (
-	host = ""
-	user = ""
-	pass = ""
+	host              = ""
+	user              = ""
+	pass              = ""
+	skipKnownFailures = false
 )
 
 func TestMain(m *testing.M) {
@@ -51,3 +52,73 @@ func TestClient(t *testing.T) {
 	}
 
 }
+
+func TestSortArrays(t *testing.T) {
+
+	cfg := AppConfiguration{
+		AuthorizationEncryptionEncValuesSupported: []string{
+			"A128CBC+HS256",
+			"A256CBC+HS512",
+			"A128GCM",
+			"A256GCM",
+		},
+		AuthorizationRequestCustomAllowedParameters: []CustomAllowedParameter{
+			{
+				ParamName:        "customParam2",
+				ReturnInResponse: true,
+			},
+			{
+				ParamName:        "customParam1",
+				ReturnInResponse: false,
+			},
+			{
+				ParamName:        "customParam3",
+				ReturnInResponse: false,
+			},
+		},
+	}
+
+	sortArrays(&cfg)
+
+	if cfg.AuthorizationEncryptionEncValuesSupported[0] != "A128CBC+HS256" ||
+		cfg.AuthorizationEncryptionEncValuesSupported[1] != "A128GCM" ||
+		cfg.AuthorizationEncryptionEncValuesSupported[2] != "A256CBC+HS512" ||
+		cfg.AuthorizationEncryptionEncValuesSupported[3] != "A256GCM" {
+		t.Errorf("unexpected value in AuthorizationEncryptionEncValuesSupported: %#v", cfg.AuthorizationEncryptionEncValuesSupported)
+	}
+
+	if cfg.AuthorizationRequestCustomAllowedParameters[0].ParamName != "customParam1" ||
+		cfg.AuthorizationRequestCustomAllowedParameters[1].ParamName != "customParam2" ||
+		cfg.AuthorizationRequestCustomAllowedParameters[2].ParamName != "customParam3" {
+		t.Errorf("unexpected value in AuthorizationRequestCustomAllowedParameters: %#v", cfg.AuthorizationRequestCustomAllowedParameters)
+	}
+
+	arr := []AdminUIRolePermissionMapping{
+		{
+			Role: "admin",
+			Permissions: []string{
+				"permission3",
+				"permission1",
+				"permission2",
+			},
+		},
+		{
+			Role: "user",
+			Permissions: []string{
+				"permission2",
+				"permission3",
+				"permission1",
+			},
+		},
+	}
+
+	sortArrays(&arr)
+
+	for _, v := range arr {
+		if v.Permissions[0] != "permission1" ||
+			v.Permissions[1] != "permission2" ||
+			v.Permissions[2] != "permission3" {
+			t.Errorf("unexpected value in Permissions: %#v", v.Permissions)
+		}
+	}
+}

terraform-provider-jans/jans/custom_user_test.go

@@ -95,7 +95,8 @@ func TestCustomUsers(t *testing.T) {
 	filter := cmp.FilterPath(func(p cmp.Path) bool {
 		attr := p.String()
 		return attr == "CreatedAt" || attr == "BaseDn" || attr == "Dn" ||
-			attr == "UserPassword" || attr == "Inum" || attr == "UpdatedAt"
+			attr == "UserPassword" || attr == "Inum" || attr == "UpdatedAt" ||
+			attr == "DisplayValue"
 	}, cmp.Ignore())
 
 	if diff := cmp.Diff(&usr, createdUser, filter); diff != "" {

terraform-provider-jans/jans/fido2_config_test.go

@@ -9,6 +9,10 @@ import (
 
 func TestFido2Config(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)

terraform-provider-jans/jans/fido2_configuration_test.go

@@ -7,6 +7,10 @@ import (
 
 func TestFido2Configuration(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)

terraform-provider-jans/jans/fido2_device_test.go

@@ -7,6 +7,10 @@ import (
 
 func TestFido2Devices(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)

terraform-provider-jans/jans/group_test.go

@@ -7,6 +7,10 @@ import (
 
 func TestGroup(t *testing.T) {
 
+	if skipKnownFailures {
+		t.SkipNow()
+	}
+
 	client, err := NewInsecureClient(host, user, pass)
 	if err != nil {
 		t.Fatal(err)
@@ -16,7 +20,7 @@ func TestGroup(t *testing.T) {
 
 	_, err = client.GetGroups(ctx)
 	if err != nil {
-		t.Fatal(err)
+		t.Error(err)
 	}
 
 	newGroup := Group{