This repository has been archived by the owner on Jul 3, 2023. It is now read-only.
/
config.go
336 lines (313 loc) · 17.9 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
package framework
import (
"crypto/tls"
"fmt"
"net"
"net/http"
"net/url"
"os"
"regexp"
"strconv"
"syscall"
"github.com/hashicorp/terraform-plugin-framework/diag"
"github.com/iwarapter/pingfederate-sdk-go/services/pingOneConnections"
"github.com/iwarapter/pingfederate-sdk-go/services/incomingProxySettings"
"github.com/iwarapter/pingfederate-sdk-go/pingfederate/config"
"github.com/iwarapter/pingfederate-sdk-go/services/administrativeAccounts"
"github.com/iwarapter/pingfederate-sdk-go/services/authenticationApi"
"github.com/iwarapter/pingfederate-sdk-go/services/authenticationPolicies"
"github.com/iwarapter/pingfederate-sdk-go/services/authenticationPolicyContracts"
"github.com/iwarapter/pingfederate-sdk-go/services/authenticationSelectors"
"github.com/iwarapter/pingfederate-sdk-go/services/bulk"
"github.com/iwarapter/pingfederate-sdk-go/services/certificatesCa"
"github.com/iwarapter/pingfederate-sdk-go/services/certificatesRevocation"
"github.com/iwarapter/pingfederate-sdk-go/services/cluster"
"github.com/iwarapter/pingfederate-sdk-go/services/configArchive"
"github.com/iwarapter/pingfederate-sdk-go/services/configStore"
"github.com/iwarapter/pingfederate-sdk-go/services/connectionMetadata"
"github.com/iwarapter/pingfederate-sdk-go/services/dataStores"
"github.com/iwarapter/pingfederate-sdk-go/services/extendedProperties"
"github.com/iwarapter/pingfederate-sdk-go/services/idpAdapters"
"github.com/iwarapter/pingfederate-sdk-go/services/idpConnectors"
"github.com/iwarapter/pingfederate-sdk-go/services/idpDefaultUrls"
"github.com/iwarapter/pingfederate-sdk-go/services/idpSpConnections"
"github.com/iwarapter/pingfederate-sdk-go/services/idpStsRequestParametersContracts"
"github.com/iwarapter/pingfederate-sdk-go/services/idpToSpAdapterMapping"
"github.com/iwarapter/pingfederate-sdk-go/services/idpTokenProcessors"
"github.com/iwarapter/pingfederate-sdk-go/services/kerberosRealms"
"github.com/iwarapter/pingfederate-sdk-go/services/keyPairs"
"github.com/iwarapter/pingfederate-sdk-go/services/keyPairsOauthOpenIdConnect"
"github.com/iwarapter/pingfederate-sdk-go/services/keyPairsSigning"
"github.com/iwarapter/pingfederate-sdk-go/services/keyPairsSslClient"
"github.com/iwarapter/pingfederate-sdk-go/services/keyPairsSslServer"
"github.com/iwarapter/pingfederate-sdk-go/services/license"
"github.com/iwarapter/pingfederate-sdk-go/services/localIdentityIdentityProfiles"
"github.com/iwarapter/pingfederate-sdk-go/services/metadataUrls"
"github.com/iwarapter/pingfederate-sdk-go/services/notificationPublishers"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthAccessTokenManagers"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthAccessTokenMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthAuthServerSettings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthAuthenticationPolicyContractMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthCibaServerPolicy"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthClientRegistrationPolicies"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthClientSettings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthClients"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthIdpAdapterMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthOpenIdConnect"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthOutOfBandAuthPlugins"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthResourceOwnerCredentialsMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthTokenExchangeGenerator"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthTokenExchangeProcessor"
"github.com/iwarapter/pingfederate-sdk-go/services/oauthTokenExchangeTokenGeneratorMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/passwordCredentialValidators"
"github.com/iwarapter/pingfederate-sdk-go/services/redirectValidation"
"github.com/iwarapter/pingfederate-sdk-go/services/serverSettings"
"github.com/iwarapter/pingfederate-sdk-go/services/session"
"github.com/iwarapter/pingfederate-sdk-go/services/spAdapters"
"github.com/iwarapter/pingfederate-sdk-go/services/spAuthenticationPolicyContractMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/spDefaultUrls"
"github.com/iwarapter/pingfederate-sdk-go/services/spIdpConnections"
"github.com/iwarapter/pingfederate-sdk-go/services/spTargetUrlMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/spTokenGenerators"
"github.com/iwarapter/pingfederate-sdk-go/services/tokenProcessorToTokenGeneratorMappings"
"github.com/iwarapter/pingfederate-sdk-go/services/version"
"github.com/iwarapter/pingfederate-sdk-go/services/virtualHostNames"
)
type pfConfig struct {
Username string
Password string
Context string
BaseURL string
BypassExternalValidation bool
}
type pfClient struct {
apiVersion string
major, minor int
BypassExternalValidation bool
AdministrativeAccounts administrativeAccounts.AdministrativeAccountsAPI
AuthenticationApi authenticationApi.AuthenticationApiAPI
AuthenticationPolicies authenticationPolicies.AuthenticationPoliciesAPI
AuthenticationPolicyContracts authenticationPolicyContracts.AuthenticationPolicyContractsAPI
AuthenticationSelectors authenticationSelectors.AuthenticationSelectorsAPI
Bulk bulk.BulkAPI
CertificatesCa certificatesCa.CertificatesCaAPI
CertificatesRevocation certificatesRevocation.CertificatesRevocationAPI
Cluster cluster.ClusterAPI
ConfigArchive configArchive.ConfigArchiveAPI
ConfigStore configStore.ConfigStoreAPI
ConnectionMetadata connectionMetadata.ConnectionMetadataAPI
DataStores dataStores.DataStoresAPI
ExtendedProperties extendedProperties.ExtendedPropertiesAPI
IdpAdapters idpAdapters.IdpAdaptersAPI
IdpConnectors idpConnectors.IdpConnectorsAPI
IdpDefaultUrls idpDefaultUrls.IdpDefaultUrlsAPI
IdpSpConnections idpSpConnections.IdpSpConnectionsAPI
IdpStsRequestParametersContracts idpStsRequestParametersContracts.IdpStsRequestParametersContractsAPI
IdpToSpAdapterMapping idpToSpAdapterMapping.IdpToSpAdapterMappingAPI
IdpTokenProcessors idpTokenProcessors.IdpTokenProcessorsAPI
IncomingProxySettings incomingProxySettings.IncomingProxySettingsAPI
KerberosRealms kerberosRealms.KerberosRealmsAPI
KeyPairs keyPairs.KeyPairsAPI
KeyPairsOauthOpenIdConnect keyPairsOauthOpenIdConnect.KeyPairsOauthOpenIdConnectAPI
KeyPairsSigning keyPairsSigning.KeyPairsSigningAPI
KeyPairsSslClient keyPairsSslClient.KeyPairsSslClientAPI
KeyPairsSslServer keyPairsSslServer.KeyPairsSslServerAPI
License license.LicenseAPI
LocalIdentityIdentityProfiles localIdentityIdentityProfiles.LocalIdentityIdentityProfilesAPI
MetadataUrls metadataUrls.MetadataUrlsAPI
NotificationPublishers notificationPublishers.NotificationPublishersAPI
OauthAccessTokenManagers oauthAccessTokenManagers.OauthAccessTokenManagersAPI
OauthAccessTokenMappings oauthAccessTokenMappings.OauthAccessTokenMappingsAPI
OauthAuthServerSettings oauthAuthServerSettings.OauthAuthServerSettingsAPI
OauthAuthenticationPolicyContractMappings oauthAuthenticationPolicyContractMappings.OauthAuthenticationPolicyContractMappingsAPI
OauthCibaServerPolicy oauthCibaServerPolicy.OauthCibaServerPolicyAPI
OauthClientRegistrationPolicies oauthClientRegistrationPolicies.OauthClientRegistrationPoliciesAPI
OauthClientSettings oauthClientSettings.OauthClientSettingsAPI
OauthClients oauthClients.OauthClientsAPI
OauthIdpAdapterMappings oauthIdpAdapterMappings.OauthIdpAdapterMappingsAPI
OauthOpenIdConnect oauthOpenIdConnect.OauthOpenIdConnectAPI
OauthOutOfBandAuthPlugins oauthOutOfBandAuthPlugins.OauthOutOfBandAuthPluginsAPI
OauthResourceOwnerCredentialsMappings oauthResourceOwnerCredentialsMappings.OauthResourceOwnerCredentialsMappingsAPI
OauthTokenExchangeGenerator oauthTokenExchangeGenerator.OauthTokenExchangeGeneratorAPI
OauthTokenExchangeProcessor oauthTokenExchangeProcessor.OauthTokenExchangeProcessorAPI
OauthTokenExchangeTokenGeneratorMappings oauthTokenExchangeTokenGeneratorMappings.OauthTokenExchangeTokenGeneratorMappingsAPI
PasswordCredentialValidators passwordCredentialValidators.PasswordCredentialValidatorsAPI
PingOneConnections pingOneConnections.PingOneConnectionsAPI
RedirectValidation redirectValidation.RedirectValidationAPI
ServerSettings serverSettings.ServerSettingsAPI
Session session.SessionAPI
SpAdapters spAdapters.SpAdaptersAPI
SpAuthenticationPolicyContractMappings spAuthenticationPolicyContractMappings.SpAuthenticationPolicyContractMappingsAPI
SpDefaultUrls spDefaultUrls.SpDefaultUrlsAPI
SpIdpConnections spIdpConnections.SpIdpConnectionsAPI
SpTargetUrlMappings spTargetUrlMappings.SpTargetUrlMappingsAPI
SpTokenGenerators spTokenGenerators.SpTokenGeneratorsAPI
TokenProcessorToTokenGeneratorMappings tokenProcessorToTokenGeneratorMappings.TokenProcessorToTokenGeneratorMappingsAPI
Version version.VersionAPI
VirtualHostNames virtualHostNames.VirtualHostNamesAPI
}
// Client configures and returns a fully initialized PFClient
func (c *pfConfig) Client() (*pfClient, diag.Diagnostics) {
var diags diag.Diagnostics
/* #nosec */
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
baseURL, err := url.ParseRequestURI(c.BaseURL)
if err != nil {
diags = append(diags, diag.NewErrorDiagnostic("Invalid URL", fmt.Sprintf("Unable to parse base_url for client: %s", err)))
//diags = append(diags, diag.Diagnostic{
// Severity: diag.Error,
// Summary: "Invalid URL",
// Detail: fmt.Sprintf("Unable to parse base_url for client: %s", err),
//})
return nil, diags
}
cfg := config.NewConfig().WithEndpoint(baseURL.String() + c.Context).WithUsername(c.Username).WithPassword(c.Password)
if os.Getenv("TF_LOG") == "DEBUG" || os.Getenv("TF_LOG") == "TRACE" || os.Getenv("TF_LOG_PROVIDER") == "DEBUG" || os.Getenv("TF_LOG_PROVIDER") == "TRACE" {
cfg.WithDebug(true)
}
client := &pfClient{
BypassExternalValidation: c.BypassExternalValidation,
AdministrativeAccounts: administrativeAccounts.New(cfg),
AuthenticationApi: authenticationApi.New(cfg),
AuthenticationPolicies: authenticationPolicies.New(cfg),
AuthenticationPolicyContracts: authenticationPolicyContracts.New(cfg),
AuthenticationSelectors: authenticationSelectors.New(cfg),
Bulk: bulk.New(cfg),
CertificatesCa: certificatesCa.New(cfg),
CertificatesRevocation: certificatesRevocation.New(cfg),
Cluster: cluster.New(cfg),
ConfigArchive: configArchive.New(cfg),
ConfigStore: configStore.New(cfg),
ConnectionMetadata: connectionMetadata.New(cfg),
DataStores: dataStores.New(cfg),
ExtendedProperties: extendedProperties.New(cfg),
IdpAdapters: idpAdapters.New(cfg),
IdpConnectors: idpConnectors.New(cfg),
IdpDefaultUrls: idpDefaultUrls.New(cfg),
IdpSpConnections: idpSpConnections.New(cfg),
IdpStsRequestParametersContracts: idpStsRequestParametersContracts.New(cfg),
IdpToSpAdapterMapping: idpToSpAdapterMapping.New(cfg),
IdpTokenProcessors: idpTokenProcessors.New(cfg),
IncomingProxySettings: incomingProxySettings.New(cfg),
KerberosRealms: kerberosRealms.New(cfg),
KeyPairs: keyPairs.New(cfg),
KeyPairsOauthOpenIdConnect: keyPairsOauthOpenIdConnect.New(cfg),
KeyPairsSigning: keyPairsSigning.New(cfg),
KeyPairsSslClient: keyPairsSslClient.New(cfg),
KeyPairsSslServer: keyPairsSslServer.New(cfg),
License: license.New(cfg),
LocalIdentityIdentityProfiles: localIdentityIdentityProfiles.New(cfg),
MetadataUrls: metadataUrls.New(cfg),
NotificationPublishers: notificationPublishers.New(cfg),
OauthAccessTokenManagers: oauthAccessTokenManagers.New(cfg),
OauthAccessTokenMappings: oauthAccessTokenMappings.New(cfg),
OauthAuthServerSettings: oauthAuthServerSettings.New(cfg),
OauthAuthenticationPolicyContractMappings: oauthAuthenticationPolicyContractMappings.New(cfg),
OauthCibaServerPolicy: oauthCibaServerPolicy.New(cfg),
OauthClientRegistrationPolicies: oauthClientRegistrationPolicies.New(cfg),
OauthClientSettings: oauthClientSettings.New(cfg),
OauthClients: oauthClients.New(cfg),
OauthIdpAdapterMappings: oauthIdpAdapterMappings.New(cfg),
OauthOpenIdConnect: oauthOpenIdConnect.New(cfg),
OauthOutOfBandAuthPlugins: oauthOutOfBandAuthPlugins.New(cfg),
OauthResourceOwnerCredentialsMappings: oauthResourceOwnerCredentialsMappings.New(cfg),
OauthTokenExchangeGenerator: oauthTokenExchangeGenerator.New(cfg),
OauthTokenExchangeProcessor: oauthTokenExchangeProcessor.New(cfg),
OauthTokenExchangeTokenGeneratorMappings: oauthTokenExchangeTokenGeneratorMappings.New(cfg),
PasswordCredentialValidators: passwordCredentialValidators.New(cfg),
PingOneConnections: pingOneConnections.New(cfg),
RedirectValidation: redirectValidation.New(cfg),
ServerSettings: serverSettings.New(cfg),
Session: session.New(cfg),
SpAdapters: spAdapters.New(cfg),
SpAuthenticationPolicyContractMappings: spAuthenticationPolicyContractMappings.New(cfg),
SpDefaultUrls: spDefaultUrls.New(cfg),
SpIdpConnections: spIdpConnections.New(cfg),
SpTargetUrlMappings: spTargetUrlMappings.New(cfg),
SpTokenGenerators: spTokenGenerators.New(cfg),
TokenProcessorToTokenGeneratorMappings: tokenProcessorToTokenGeneratorMappings.New(cfg),
Version: version.New(cfg),
VirtualHostNames: virtualHostNames.New(cfg),
}
v, _, err := client.Version.GetVersion()
if err != nil {
diags = append(diags, diag.NewErrorDiagnostic("Connection Error", fmt.Sprintf("Unable to connect to PingFederate: %s", checkErr(err))))
//diags = append(diags, diag.Diagnostic{
// Severity: diag.Error,
// Summary: "Connection Error",
// Detail: fmt.Sprintf("Unable to connect to PingFederate: %s", checkErr(err)),
//})
return nil, diags
}
client.apiVersion = *v.Version
client.major, client.minor, err = parseVersion(*v.Version)
if err != nil {
diags = append(diags, diag.NewErrorDiagnostic("Connection Error", fmt.Sprintf("Unable to determine PingFederate version: %s", err)))
return nil, diags
}
return client, nil
}
func parseVersion(version string) (int, int, error) {
re := regexp.MustCompile(`^(\d+)\.(\d+)`)
parts := re.FindStringSubmatch(version)
if len(parts) != 3 {
return 0, 0, fmt.Errorf("unexpected number of parts, got: %d want: 2, value: %v", len(parts), parts)
}
major, err := strconv.Atoi(parts[1])
if err != nil {
return 0, 0, fmt.Errorf("unable to parse version major componenent: '%s'", parts[1])
}
minor, err := strconv.Atoi(parts[2])
if err != nil {
return 0, 0, fmt.Errorf("unable to parse version minor componenent: '%s'", parts[2])
}
return major, minor, nil
}
// Returns PingFederate version
func (c pfClient) PfVersion() string {
return c.apiVersion
}
// IsVersion Checks whether we are running against PingFederate a version greater than specified
func (c pfClient) IsVersion(major, minor int) bool {
return c.major == major && c.minor == minor
}
// IsVersionLessEqThan Checks whether we are running against PingFederate a version less or equal than specified
func (c pfClient) IsVersionLessEqThan(major, minor int) bool {
if c.major <= major {
if c.major == major && minor < c.minor {
return false
}
return true
}
return false
}
// IsVersionGreaterEqThan Checks whether we are running against PingFederate a version greater or equal than specified
func (c pfClient) IsVersionGreaterEqThan(major, minor int) bool {
if c.major >= major {
if c.major == major && minor > c.minor {
return false
}
return true
}
return false
}
func checkErr(err error) string {
if netError, ok := err.(net.Error); ok && netError.Timeout() {
return "Timeout"
}
switch t := err.(type) {
case *net.OpError:
if t.Op == "dial" {
return "Unknown host/port"
} else if t.Op == "read" {
return "Connection refused"
}
case *url.Error:
return checkErr(t.Err)
case syscall.Errno:
if t == syscall.ECONNREFUSED {
return "Connection refused"
}
}
return err.Error()
}