From 40ad409d17e875cbdd1408f6ef6b2554dbd26580 Mon Sep 17 00:00:00 2001 From: Iain Adams Date: Mon, 24 Apr 2023 21:22:33 +0100 Subject: [PATCH] #277 initial draft --- internal/framework/expander.go | 92 +++ internal/framework/flattener.go | 608 +++++++++++------- .../framework/pingfederate_metadata_url.go | 119 ++++ .../pingfederate_metadata_url_test.go | 167 +++++ ...erate_redirect_validation_settings_test.go | 2 +- internal/framework/provider.go | 1 + internal/framework/resource_schemas.go | 131 ++++ 7 files changed, 879 insertions(+), 241 deletions(-) create mode 100644 internal/framework/pingfederate_metadata_url.go create mode 100644 internal/framework/pingfederate_metadata_url_test.go diff --git a/internal/framework/expander.go b/internal/framework/expander.go index 3db41efe..ec0af23b 100644 --- a/internal/framework/expander.go +++ b/internal/framework/expander.go @@ -334,6 +334,30 @@ func expandGlobalAuthenticationSessionPolicy(in GlobalAuthenticationSessionPolic return &result } +func expandMetadataUrl(in MetadataUrlData) *pf.MetadataUrl { + var result pf.MetadataUrl + if in.CertView != nil { + result.CertView = expandCertView(*in.CertView) + } + if !in.Id.IsUnknown() && !in.Id.IsNull() { + result.Id = String(in.Id.ValueString()) + } + if !in.Name.IsUnknown() && !in.Name.IsNull() { + result.Name = String(in.Name.ValueString()) + } + if !in.Url.IsUnknown() && !in.Url.IsNull() { + result.Url = String(in.Url.ValueString()) + } + if !in.ValidateSignature.IsUnknown() && !in.ValidateSignature.IsNull() { + result.ValidateSignature = Bool(in.ValidateSignature.ValueBool()) + } + if in.X509File != nil { + result.X509File = expandX509File(*in.X509File) + } + + return &result +} + func expandRedirectValidationSettings(in RedirectValidationSettingsData) *pf.RedirectValidationSettings { var result pf.RedirectValidationSettings if in.RedirectValidationLocalSettings != nil { @@ -409,6 +433,59 @@ func expandBinaryLdapAttributeSettings(in BinaryLdapAttributeSettingsData) *pf.B return &result } +func expandCertView(in CertViewData) *pf.CertView { + var result pf.CertView + if !in.CryptoProvider.IsUnknown() && !in.CryptoProvider.IsNull() { + result.CryptoProvider = String(in.CryptoProvider.ValueString()) + } + if !in.Expires.IsUnknown() && !in.Expires.IsNull() { + result.Expires = String(in.Expires.ValueString()) + } + if !in.Id.IsUnknown() && !in.Id.IsNull() { + result.Id = String(in.Id.ValueString()) + } + if !in.IssuerDN.IsUnknown() && !in.IssuerDN.IsNull() { + result.IssuerDN = String(in.IssuerDN.ValueString()) + } + if !in.KeyAlgorithm.IsUnknown() && !in.KeyAlgorithm.IsNull() { + result.KeyAlgorithm = String(in.KeyAlgorithm.ValueString()) + } + if !in.KeySize.IsUnknown() && !in.KeySize.IsNull() { + i64, _ := in.KeySize.ValueBigFloat().Int64() + result.KeySize = Int(int(i64)) + } + if !in.SerialNumber.IsUnknown() && !in.SerialNumber.IsNull() { + result.SerialNumber = String(in.SerialNumber.ValueString()) + } + if !in.Sha1Fingerprint.IsUnknown() && !in.Sha1Fingerprint.IsNull() { + result.Sha1Fingerprint = String(in.Sha1Fingerprint.ValueString()) + } + if !in.Sha256Fingerprint.IsUnknown() && !in.Sha256Fingerprint.IsNull() { + result.Sha256Fingerprint = String(in.Sha256Fingerprint.ValueString()) + } + if !in.SignatureAlgorithm.IsUnknown() && !in.SignatureAlgorithm.IsNull() { + result.SignatureAlgorithm = String(in.SignatureAlgorithm.ValueString()) + } + if !in.Status.IsUnknown() && !in.Status.IsNull() { + result.Status = String(in.Status.ValueString()) + } + if !in.SubjectAlternativeNames.IsUnknown() && !in.SubjectAlternativeNames.IsNull() { + result.SubjectAlternativeNames = expandStringList(in.SubjectAlternativeNames) + } + if !in.SubjectDN.IsUnknown() && !in.SubjectDN.IsNull() { + result.SubjectDN = String(in.SubjectDN.ValueString()) + } + if !in.ValidFrom.IsUnknown() && !in.ValidFrom.IsNull() { + result.ValidFrom = String(in.ValidFrom.ValueString()) + } + if !in.Version.IsUnknown() && !in.Version.IsNull() { + i64, _ := in.Version.ValueBigFloat().Int64() + result.Version = Int(int(i64)) + } + + return &result +} + func expandClientAuth(in ClientAuthData) *pf.ClientAuth { var result pf.ClientAuth if !in.ClientCertIssuerDn.IsUnknown() && !in.ClientCertIssuerDn.IsNull() { @@ -744,6 +821,21 @@ func expandSourceTypeIdKey(in SourceTypeIdKeyData) *pf.SourceTypeIdKey { return &result } +func expandX509File(in X509FileData) *pf.X509File { + var result pf.X509File + if !in.CryptoProvider.IsUnknown() && !in.CryptoProvider.IsNull() { + result.CryptoProvider = String(in.CryptoProvider.ValueString()) + } + if !in.FileData.IsUnknown() && !in.FileData.IsNull() { + result.FileData = String(in.FileData.ValueString()) + } + if !in.Id.IsUnknown() && !in.Id.IsNull() { + result.Id = String(in.Id.ValueString()) + } + + return &result +} + func expandJdbcAttributeSources(in []JdbcAttributeSourceData) *[]*pf.AttributeSource { results := []*pf.AttributeSource{} for _, data := range in { diff --git a/internal/framework/flattener.go b/internal/framework/flattener.go index ece79990..6e0a1dd4 100644 --- a/internal/framework/flattener.go +++ b/internal/framework/flattener.go @@ -126,6 +126,194 @@ func flattenAuthenticationSessionPolicy(in *pf.AuthenticationSessionPolicy) *Aut return &result } +func flattenAuthorizationServerSettings(in *pf.AuthorizationServerSettings) *AuthorizationServerSettingsData { + result := AuthorizationServerSettingsData{} + if in.ActivationCodeCheckMode != nil { + result.ActivationCodeCheckMode = types.StringValue(*in.ActivationCodeCheckMode) + } else { + result.ActivationCodeCheckMode = types.StringNull() + } + if in.AdminWebServicePcvRef != nil && in.AdminWebServicePcvRef.Id != nil && *in.AdminWebServicePcvRef.Id != "" { + result.AdminWebServicePcvRef = types.StringValue(*in.AdminWebServicePcvRef.Id) + } else { + result.AdminWebServicePcvRef = types.StringNull() + } + if in.AllowUnidentifiedClientExtensionGrants != nil { + result.AllowUnidentifiedClientExtensionGrants = types.BoolValue(*in.AllowUnidentifiedClientExtensionGrants) + } else { + result.AllowUnidentifiedClientExtensionGrants = types.BoolNull() + } + if in.AllowUnidentifiedClientROCreds != nil { + result.AllowUnidentifiedClientROCreds = types.BoolValue(*in.AllowUnidentifiedClientROCreds) + } else { + result.AllowUnidentifiedClientROCreds = types.BoolNull() + } + if in.AllowedOrigins != nil { + result.AllowedOrigins = flattenStringList(*in.AllowedOrigins) + } else { + result.AllowedOrigins = types.ListNull(types.StringType) + } + if in.ApprovedScopesAttribute != nil { + result.ApprovedScopesAttribute = types.StringValue(*in.ApprovedScopesAttribute) + } else { + result.ApprovedScopesAttribute = types.StringNull() + } + if in.AtmIdForOAuthGrantManagement != nil { + result.AtmIdForOAuthGrantManagement = types.StringValue(*in.AtmIdForOAuthGrantManagement) + } else { + result.AtmIdForOAuthGrantManagement = types.StringNull() + } + if in.AuthorizationCodeEntropy != nil { + result.AuthorizationCodeEntropy = types.NumberValue(big.NewFloat(float64(*in.AuthorizationCodeEntropy))) + } + if in.AuthorizationCodeTimeout != nil { + result.AuthorizationCodeTimeout = types.NumberValue(big.NewFloat(float64(*in.AuthorizationCodeTimeout))) + } + if in.BypassActivationCodeConfirmation != nil { + result.BypassActivationCodeConfirmation = types.BoolValue(*in.BypassActivationCodeConfirmation) + } + if in.BypassAuthorizationForApprovedGrants != nil { + result.BypassAuthorizationForApprovedGrants = types.BoolValue(*in.BypassAuthorizationForApprovedGrants) + } else { + result.BypassAuthorizationForApprovedGrants = types.BoolNull() + } + if in.ClientSecretRetentionPeriod != nil { + result.ClientSecretRetentionPeriod = types.NumberValue(big.NewFloat(float64(*in.ClientSecretRetentionPeriod))) + } else { + result.ClientSecretRetentionPeriod = types.NumberNull() + } + if in.DefaultScopeDescription != nil { + result.DefaultScopeDescription = types.StringValue(*in.DefaultScopeDescription) + } + if in.DevicePollingInterval != nil { + result.DevicePollingInterval = types.NumberValue(big.NewFloat(float64(*in.DevicePollingInterval))) + } + if in.DisallowPlainPKCE != nil { + result.DisallowPlainPKCE = types.BoolValue(*in.DisallowPlainPKCE) + } else { + result.DisallowPlainPKCE = types.BoolNull() + } + if in.ExclusiveScopeGroups != nil { + result.ExclusiveScopeGroups = flattenScopeGroupEntrys(in.ExclusiveScopeGroups) + } + if in.ExclusiveScopes != nil { + result.ExclusiveScopes = flattenScopeEntrys(in.ExclusiveScopes) + } + if in.IncludeIssuerInAuthorizationResponse != nil { + result.IncludeIssuerInAuthorizationResponse = types.BoolValue(*in.IncludeIssuerInAuthorizationResponse) + } else { + result.IncludeIssuerInAuthorizationResponse = types.BoolNull() + } + if in.JwtSecuredAuthorizationResponseModeLifetime != nil { + result.JwtSecuredAuthorizationResponseModeLifetime = types.NumberValue(big.NewFloat(float64(*in.JwtSecuredAuthorizationResponseModeLifetime))) + } else { + result.JwtSecuredAuthorizationResponseModeLifetime = types.NumberNull() + } + if in.ParReferenceLength != nil { + result.ParReferenceLength = types.NumberValue(big.NewFloat(float64(*in.ParReferenceLength))) + } else { + result.ParReferenceLength = types.NumberNull() + } + if in.ParReferenceTimeout != nil { + result.ParReferenceTimeout = types.NumberValue(big.NewFloat(float64(*in.ParReferenceTimeout))) + } else { + result.ParReferenceTimeout = types.NumberNull() + } + if in.ParStatus != nil { + result.ParStatus = types.StringValue(*in.ParStatus) + } else { + result.ParStatus = types.StringNull() + } + if in.PendingAuthorizationTimeout != nil { + result.PendingAuthorizationTimeout = types.NumberValue(big.NewFloat(float64(*in.PendingAuthorizationTimeout))) + } + if in.PersistentGrantContract != nil { + result.PersistentGrantContract = flattenPersistentGrantContract(in.PersistentGrantContract) + } + if in.PersistentGrantIdleTimeout != nil { + result.PersistentGrantIdleTimeout = types.NumberValue(big.NewFloat(float64(*in.PersistentGrantIdleTimeout))) + } else { + result.PersistentGrantIdleTimeout = types.NumberNull() + } + if in.PersistentGrantIdleTimeoutTimeUnit != nil { + result.PersistentGrantIdleTimeoutTimeUnit = types.StringValue(*in.PersistentGrantIdleTimeoutTimeUnit) + } else { + result.PersistentGrantIdleTimeoutTimeUnit = types.StringNull() + } + if in.PersistentGrantLifetime != nil { + result.PersistentGrantLifetime = types.NumberValue(big.NewFloat(float64(*in.PersistentGrantLifetime))) + } else { + result.PersistentGrantLifetime = types.NumberNull() + } + if in.PersistentGrantLifetimeUnit != nil { + result.PersistentGrantLifetimeUnit = types.StringValue(*in.PersistentGrantLifetimeUnit) + } else { + result.PersistentGrantLifetimeUnit = types.StringNull() + } + if in.PersistentGrantReuseGrantTypes != nil { + result.PersistentGrantReuseGrantTypes = flattenStringList(*in.PersistentGrantReuseGrantTypes) + } else { + result.PersistentGrantReuseGrantTypes = types.ListNull(types.StringType) + } + if in.RefreshRollingInterval != nil { + result.RefreshRollingInterval = types.NumberValue(big.NewFloat(float64(*in.RefreshRollingInterval))) + } + if in.RefreshTokenLength != nil { + result.RefreshTokenLength = types.NumberValue(big.NewFloat(float64(*in.RefreshTokenLength))) + } + if in.RefreshTokenRollingGracePeriod != nil { + result.RefreshTokenRollingGracePeriod = types.NumberValue(big.NewFloat(float64(*in.RefreshTokenRollingGracePeriod))) + } else { + result.RefreshTokenRollingGracePeriod = types.NumberNull() + } + if in.RegisteredAuthorizationPath != nil { + result.RegisteredAuthorizationPath = types.StringValue(*in.RegisteredAuthorizationPath) + } + if in.RollRefreshTokenValues != nil { + result.RollRefreshTokenValues = types.BoolValue(*in.RollRefreshTokenValues) + } else { + result.RollRefreshTokenValues = types.BoolNull() + } + if in.ScopeForOAuthGrantManagement != nil { + result.ScopeForOAuthGrantManagement = types.StringValue(*in.ScopeForOAuthGrantManagement) + } else { + result.ScopeForOAuthGrantManagement = types.StringNull() + } + if in.ScopeGroups != nil { + result.ScopeGroups = flattenScopeGroupEntrys(in.ScopeGroups) + } + if in.Scopes != nil { + result.Scopes = flattenScopeEntrys(in.Scopes) + } + if in.TokenEndpointBaseUrl != nil { + result.TokenEndpointBaseUrl = types.StringValue(*in.TokenEndpointBaseUrl) + } else { + result.TokenEndpointBaseUrl = types.StringNull() + } + if in.TrackUserSessionsForLogout != nil { + result.TrackUserSessionsForLogout = types.BoolValue(*in.TrackUserSessionsForLogout) + } else { + result.TrackUserSessionsForLogout = types.BoolNull() + } + if in.UserAuthorizationConsentAdapter != nil { + result.UserAuthorizationConsentAdapter = types.StringValue(*in.UserAuthorizationConsentAdapter) + } else { + result.UserAuthorizationConsentAdapter = types.StringNull() + } + if in.UserAuthorizationConsentPageSetting != nil { + result.UserAuthorizationConsentPageSetting = types.StringValue(*in.UserAuthorizationConsentPageSetting) + } else { + result.UserAuthorizationConsentPageSetting = types.StringNull() + } + if in.UserAuthorizationUrl != nil { + result.UserAuthorizationUrl = types.StringValue(*in.UserAuthorizationUrl) + } else { + result.UserAuthorizationUrl = types.StringNull() + } + + return &result +} + func flattenClient(in *pf.Client) *ClientData { result := ClientData{} if in.AllowAuthenticationApiInit != nil { @@ -462,6 +650,34 @@ func flattenGlobalAuthenticationSessionPolicy(in *pf.GlobalAuthenticationSession return &result } +func flattenMetadataUrl(in *pf.MetadataUrl) *MetadataUrlData { + result := MetadataUrlData{} + if in.CertView != nil { + result.CertView = flattenCertView(in.CertView) + } + if in.Id != nil { + result.Id = types.StringValue(*in.Id) + } else { + result.Id = types.StringNull() + } + if in.Name != nil { + result.Name = types.StringValue(*in.Name) + } + if in.Url != nil { + result.Url = types.StringValue(*in.Url) + } + if in.ValidateSignature != nil { + result.ValidateSignature = types.BoolValue(*in.ValidateSignature) + } else { + result.ValidateSignature = types.BoolNull() + } + if in.X509File != nil { + result.X509File = flattenX509File(in.X509File) + } + + return &result +} + func flattenRedirectValidationSettings(in *pf.RedirectValidationSettings) *RedirectValidationSettingsData { result := RedirectValidationSettingsData{} if in.RedirectValidationLocalSettings != nil { @@ -546,6 +762,87 @@ func flattenBinaryLdapAttributeSettings(in *pf.BinaryLdapAttributeSettings) *Bin return &result } +func flattenCertView(in *pf.CertView) *CertViewData { + result := CertViewData{} + if in.CryptoProvider != nil { + result.CryptoProvider = types.StringValue(*in.CryptoProvider) + } else { + result.CryptoProvider = types.StringNull() + } + if in.Expires != nil { + result.Expires = types.StringValue(*in.Expires) + } else { + result.Expires = types.StringNull() + } + if in.Id != nil { + result.Id = types.StringValue(*in.Id) + } else { + result.Id = types.StringNull() + } + if in.IssuerDN != nil { + result.IssuerDN = types.StringValue(*in.IssuerDN) + } else { + result.IssuerDN = types.StringNull() + } + if in.KeyAlgorithm != nil { + result.KeyAlgorithm = types.StringValue(*in.KeyAlgorithm) + } else { + result.KeyAlgorithm = types.StringNull() + } + if in.KeySize != nil { + result.KeySize = types.NumberValue(big.NewFloat(float64(*in.KeySize))) + } else { + result.KeySize = types.NumberNull() + } + if in.SerialNumber != nil { + result.SerialNumber = types.StringValue(*in.SerialNumber) + } else { + result.SerialNumber = types.StringNull() + } + if in.Sha1Fingerprint != nil { + result.Sha1Fingerprint = types.StringValue(*in.Sha1Fingerprint) + } else { + result.Sha1Fingerprint = types.StringNull() + } + if in.Sha256Fingerprint != nil { + result.Sha256Fingerprint = types.StringValue(*in.Sha256Fingerprint) + } else { + result.Sha256Fingerprint = types.StringNull() + } + if in.SignatureAlgorithm != nil { + result.SignatureAlgorithm = types.StringValue(*in.SignatureAlgorithm) + } else { + result.SignatureAlgorithm = types.StringNull() + } + if in.Status != nil { + result.Status = types.StringValue(*in.Status) + } else { + result.Status = types.StringNull() + } + if in.SubjectAlternativeNames != nil { + result.SubjectAlternativeNames = flattenStringList(*in.SubjectAlternativeNames) + } else { + result.SubjectAlternativeNames = types.ListNull(types.StringType) + } + if in.SubjectDN != nil { + result.SubjectDN = types.StringValue(*in.SubjectDN) + } else { + result.SubjectDN = types.StringNull() + } + if in.ValidFrom != nil { + result.ValidFrom = types.StringValue(*in.ValidFrom) + } else { + result.ValidFrom = types.StringNull() + } + if in.Version != nil { + result.Version = types.NumberValue(big.NewFloat(float64(*in.Version))) + } else { + result.Version = types.NumberNull() + } + + return &result +} + func flattenClientAuth(in *pf.ClientAuth) *ClientAuthData { result := ClientAuthData{} if in.ClientCertIssuerDn != nil { @@ -884,246 +1181,10 @@ func flattenParameterValues(in *pf.ParameterValues) *ParameterValuesData { return &result } -func flattenAuthorizationServerSettings(in *pf.AuthorizationServerSettings) *AuthorizationServerSettingsData { - result := AuthorizationServerSettingsData{} - if in.ActivationCodeCheckMode != nil { - result.ActivationCodeCheckMode = types.StringValue(*in.ActivationCodeCheckMode) - } else { - result.ActivationCodeCheckMode = types.StringNull() - } - if in.AdminWebServicePcvRef != nil && in.AdminWebServicePcvRef.Id != nil && *in.AdminWebServicePcvRef.Id != "" { - result.AdminWebServicePcvRef = types.StringValue(*in.AdminWebServicePcvRef.Id) - } else { - result.AdminWebServicePcvRef = types.StringNull() - } - if in.AllowUnidentifiedClientExtensionGrants != nil { - result.AllowUnidentifiedClientExtensionGrants = types.BoolValue(*in.AllowUnidentifiedClientExtensionGrants) - } else { - result.AllowUnidentifiedClientExtensionGrants = types.BoolNull() - } - if in.AllowUnidentifiedClientROCreds != nil { - result.AllowUnidentifiedClientROCreds = types.BoolValue(*in.AllowUnidentifiedClientROCreds) - } else { - result.AllowUnidentifiedClientROCreds = types.BoolNull() - } - if in.AllowedOrigins != nil { - result.AllowedOrigins = flattenStringList(*in.AllowedOrigins) - } else { - result.AllowedOrigins = types.ListNull(types.StringType) - } - if in.ApprovedScopesAttribute != nil { - result.ApprovedScopesAttribute = types.StringValue(*in.ApprovedScopesAttribute) - } else { - result.ApprovedScopesAttribute = types.StringNull() - } - if in.AtmIdForOAuthGrantManagement != nil { - result.AtmIdForOAuthGrantManagement = types.StringValue(*in.AtmIdForOAuthGrantManagement) - } else { - result.AtmIdForOAuthGrantManagement = types.StringNull() - } - if in.AuthorizationCodeEntropy != nil { - result.AuthorizationCodeEntropy = types.NumberValue(big.NewFloat(float64(*in.AuthorizationCodeEntropy))) - } - if in.AuthorizationCodeTimeout != nil { - result.AuthorizationCodeTimeout = types.NumberValue(big.NewFloat(float64(*in.AuthorizationCodeTimeout))) - } - if in.BypassActivationCodeConfirmation != nil { - result.BypassActivationCodeConfirmation = types.BoolValue(*in.BypassActivationCodeConfirmation) - } - if in.BypassAuthorizationForApprovedGrants != nil { - result.BypassAuthorizationForApprovedGrants = types.BoolValue(*in.BypassAuthorizationForApprovedGrants) - } else { - result.BypassAuthorizationForApprovedGrants = types.BoolNull() - } - if in.ClientSecretRetentionPeriod != nil { - result.ClientSecretRetentionPeriod = types.NumberValue(big.NewFloat(float64(*in.ClientSecretRetentionPeriod))) - } else { - result.ClientSecretRetentionPeriod = types.NumberNull() - } - if in.DefaultScopeDescription != nil { - result.DefaultScopeDescription = types.StringValue(*in.DefaultScopeDescription) - } - if in.DevicePollingInterval != nil { - result.DevicePollingInterval = types.NumberValue(big.NewFloat(float64(*in.DevicePollingInterval))) - } - if in.DisallowPlainPKCE != nil { - result.DisallowPlainPKCE = types.BoolValue(*in.DisallowPlainPKCE) - } else { - result.DisallowPlainPKCE = types.BoolNull() - } - if in.ExclusiveScopeGroups != nil { - result.ExclusiveScopeGroups = flattenScopeGroupEntrys(in.ExclusiveScopeGroups) - } - if in.ExclusiveScopes != nil { - result.ExclusiveScopes = flattenScopeEntrys(in.ExclusiveScopes) - } - if in.IncludeIssuerInAuthorizationResponse != nil { - result.IncludeIssuerInAuthorizationResponse = types.BoolValue(*in.IncludeIssuerInAuthorizationResponse) - } else { - result.IncludeIssuerInAuthorizationResponse = types.BoolNull() - } - if in.JwtSecuredAuthorizationResponseModeLifetime != nil { - result.JwtSecuredAuthorizationResponseModeLifetime = types.NumberValue(big.NewFloat(float64(*in.JwtSecuredAuthorizationResponseModeLifetime))) - } else { - result.JwtSecuredAuthorizationResponseModeLifetime = types.NumberNull() - } - if in.ParReferenceLength != nil { - result.ParReferenceLength = types.NumberValue(big.NewFloat(float64(*in.ParReferenceLength))) - } else { - result.ParReferenceLength = types.NumberNull() - } - if in.ParReferenceTimeout != nil { - result.ParReferenceTimeout = types.NumberValue(big.NewFloat(float64(*in.ParReferenceTimeout))) - } else { - result.ParReferenceTimeout = types.NumberNull() - } - if in.ParStatus != nil { - result.ParStatus = types.StringValue(*in.ParStatus) - } else { - result.ParStatus = types.StringNull() - } - if in.PendingAuthorizationTimeout != nil { - result.PendingAuthorizationTimeout = types.NumberValue(big.NewFloat(float64(*in.PendingAuthorizationTimeout))) - } - if in.PersistentGrantContract != nil { - result.PersistentGrantContract = flattenPersistentGrantContract(in.PersistentGrantContract) - } - if in.PersistentGrantIdleTimeout != nil { - result.PersistentGrantIdleTimeout = types.NumberValue(big.NewFloat(float64(*in.PersistentGrantIdleTimeout))) - } else { - result.PersistentGrantIdleTimeout = types.NumberNull() - } - if in.PersistentGrantIdleTimeoutTimeUnit != nil { - result.PersistentGrantIdleTimeoutTimeUnit = types.StringValue(*in.PersistentGrantIdleTimeoutTimeUnit) - } else { - result.PersistentGrantIdleTimeoutTimeUnit = types.StringNull() - } - if in.PersistentGrantLifetime != nil { - result.PersistentGrantLifetime = types.NumberValue(big.NewFloat(float64(*in.PersistentGrantLifetime))) - } else { - result.PersistentGrantLifetime = types.NumberNull() - } - if in.PersistentGrantLifetimeUnit != nil { - result.PersistentGrantLifetimeUnit = types.StringValue(*in.PersistentGrantLifetimeUnit) - } else { - result.PersistentGrantLifetimeUnit = types.StringNull() - } - if in.PersistentGrantReuseGrantTypes != nil { - result.PersistentGrantReuseGrantTypes = flattenStringList(*in.PersistentGrantReuseGrantTypes) - } else { - result.PersistentGrantReuseGrantTypes = types.ListNull(types.StringType) - } - if in.RefreshRollingInterval != nil { - result.RefreshRollingInterval = types.NumberValue(big.NewFloat(float64(*in.RefreshRollingInterval))) - } - if in.RefreshTokenLength != nil { - result.RefreshTokenLength = types.NumberValue(big.NewFloat(float64(*in.RefreshTokenLength))) - } - if in.RefreshTokenRollingGracePeriod != nil { - result.RefreshTokenRollingGracePeriod = types.NumberValue(big.NewFloat(float64(*in.RefreshTokenRollingGracePeriod))) - } else { - result.RefreshTokenRollingGracePeriod = types.NumberNull() - } - if in.RegisteredAuthorizationPath != nil { - result.RegisteredAuthorizationPath = types.StringValue(*in.RegisteredAuthorizationPath) - } - if in.RollRefreshTokenValues != nil { - result.RollRefreshTokenValues = types.BoolValue(*in.RollRefreshTokenValues) - } else { - result.RollRefreshTokenValues = types.BoolNull() - } - if in.ScopeForOAuthGrantManagement != nil { - result.ScopeForOAuthGrantManagement = types.StringValue(*in.ScopeForOAuthGrantManagement) - } else { - result.ScopeForOAuthGrantManagement = types.StringNull() - } - if in.ScopeGroups != nil { - result.ScopeGroups = flattenScopeGroupEntrys(in.ScopeGroups) - } - if in.Scopes != nil { - result.Scopes = flattenScopeEntrys(in.Scopes) - } - if in.TokenEndpointBaseUrl != nil { - result.TokenEndpointBaseUrl = types.StringValue(*in.TokenEndpointBaseUrl) - } else { - result.TokenEndpointBaseUrl = types.StringNull() - } - if in.TrackUserSessionsForLogout != nil { - result.TrackUserSessionsForLogout = types.BoolValue(*in.TrackUserSessionsForLogout) - } else { - result.TrackUserSessionsForLogout = types.BoolNull() - } - if in.UserAuthorizationConsentAdapter != nil { - result.UserAuthorizationConsentAdapter = types.StringValue(*in.UserAuthorizationConsentAdapter) - } else { - result.UserAuthorizationConsentAdapter = types.StringNull() - } - if in.UserAuthorizationConsentPageSetting != nil { - result.UserAuthorizationConsentPageSetting = types.StringValue(*in.UserAuthorizationConsentPageSetting) - } else { - result.UserAuthorizationConsentPageSetting = types.StringNull() - } - if in.UserAuthorizationUrl != nil { - result.UserAuthorizationUrl = types.StringValue(*in.UserAuthorizationUrl) - } else { - result.UserAuthorizationUrl = types.StringNull() - } - - return &result -} - -func flattenScopeEntrys(in *[]*pf.ScopeEntry) *[]*ScopeEntryData { - results := make([]*ScopeEntryData, 0) - for _, data := range *in { - results = append(results, flattenScopeEntry(data)) - } - return &results -} -func flattenScopeEntry(in *pf.ScopeEntry) *ScopeEntryData { - result := ScopeEntryData{} - if in.Description != nil { - result.Description = types.StringValue(*in.Description) - } - if in.Dynamic != nil { - result.Dynamic = types.BoolValue(*in.Dynamic) - } else { - result.Dynamic = types.BoolNull() - } - if in.Name != nil { - result.Name = types.StringValue(*in.Name) - } - - return &result -} - -func flattenScopeGroupEntrys(in *[]*pf.ScopeGroupEntry) *[]*ScopeGroupEntryData { - results := make([]*ScopeGroupEntryData, 0) - for _, data := range *in { - results = append(results, flattenScopeGroupEntry(data)) - } - return &results -} -func flattenScopeGroupEntry(in *pf.ScopeGroupEntry) *ScopeGroupEntryData { - result := ScopeGroupEntryData{} - if in.Description != nil { - result.Description = types.StringValue(*in.Description) - } - if in.Name != nil { - result.Name = types.StringValue(*in.Name) - } - if in.Scopes != nil { - result.Scopes = flattenStringList(*in.Scopes) - } else { - result.Scopes = types.ListNull(types.StringType) - } - - return &result -} - -func flattenPersistentGrantAttributes(in *[]*pf.PersistentGrantAttribute) *[]*PersistentGrantAttributeData { - results := make([]*PersistentGrantAttributeData, 0) - for _, data := range *in { - results = append(results, flattenPersistentGrantAttribute(data)) +func flattenPersistentGrantAttributes(in *[]*pf.PersistentGrantAttribute) *[]*PersistentGrantAttributeData { + results := []*PersistentGrantAttributeData{} + for _, data := range *in { + results = append(results, flattenPersistentGrantAttribute(data)) } return &results } @@ -1239,6 +1300,54 @@ func flattenRedirectValidationSettingsWhitelistEntry(in *pf.RedirectValidationSe return &result } +func flattenScopeEntrys(in *[]*pf.ScopeEntry) *[]*ScopeEntryData { + results := []*ScopeEntryData{} + for _, data := range *in { + results = append(results, flattenScopeEntry(data)) + } + return &results +} +func flattenScopeEntry(in *pf.ScopeEntry) *ScopeEntryData { + result := ScopeEntryData{} + if in.Description != nil { + result.Description = types.StringValue(*in.Description) + } + if in.Dynamic != nil { + result.Dynamic = types.BoolValue(*in.Dynamic) + } else { + result.Dynamic = types.BoolNull() + } + if in.Name != nil { + result.Name = types.StringValue(*in.Name) + } + + return &result +} + +func flattenScopeGroupEntrys(in *[]*pf.ScopeGroupEntry) *[]*ScopeGroupEntryData { + results := []*ScopeGroupEntryData{} + for _, data := range *in { + results = append(results, flattenScopeGroupEntry(data)) + } + return &results +} +func flattenScopeGroupEntry(in *pf.ScopeGroupEntry) *ScopeGroupEntryData { + result := ScopeGroupEntryData{} + if in.Description != nil { + result.Description = types.StringValue(*in.Description) + } + if in.Name != nil { + result.Name = types.StringValue(*in.Name) + } + if in.Scopes != nil { + result.Scopes = flattenStringList(*in.Scopes) + } else { + result.Scopes = types.ListNull(types.StringType) + } + + return &result +} + func flattenSourceTypeIdKey(in *pf.SourceTypeIdKey) *SourceTypeIdKeyData { result := SourceTypeIdKeyData{} if in.Id != nil { @@ -1253,6 +1362,25 @@ func flattenSourceTypeIdKey(in *pf.SourceTypeIdKey) *SourceTypeIdKeyData { return &result } +func flattenX509File(in *pf.X509File) *X509FileData { + result := X509FileData{} + if in.CryptoProvider != nil { + result.CryptoProvider = types.StringValue(*in.CryptoProvider) + } else { + result.CryptoProvider = types.StringNull() + } + if in.FileData != nil { + result.FileData = types.StringValue(*in.FileData) + } + if in.Id != nil { + result.Id = types.StringValue(*in.Id) + } else { + result.Id = types.StringNull() + } + + return &result +} + func flattenJdbcAttributeSources(in *[]*pf.AttributeSource) []JdbcAttributeSourceData { results := []JdbcAttributeSourceData{} for _, source := range *in { diff --git a/internal/framework/pingfederate_metadata_url.go b/internal/framework/pingfederate_metadata_url.go new file mode 100644 index 00000000..7b9ebec2 --- /dev/null +++ b/internal/framework/pingfederate_metadata_url.go @@ -0,0 +1,119 @@ +package framework + +import ( + "context" + "fmt" + + "github.com/iwarapter/pingfederate-sdk-go/services/metadataUrls" + + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &pingfederateMetadataUrlResource{} + _ resource.ResourceWithConfigure = &pingfederateMetadataUrlResource{} + _ resource.ResourceWithImportState = &pingfederateMetadataUrlResource{} +) + +type pingfederateMetadataUrlResource struct { + client *pfClient +} + +func NewMetadataUrlResource() resource.Resource { + return &pingfederateMetadataUrlResource{} +} + +func (r *pingfederateMetadataUrlResource) Schema(ctx context.Context, request resource.SchemaRequest, response *resource.SchemaResponse) { + response.Schema = resourceMetadataUrl() +} + +// Configure adds the client configured client to the resource. +func (r *pingfederateMetadataUrlResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*pfClient) +} + +// Metadata returns the resource type name. +func (r *pingfederateMetadataUrlResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_metadata_url" +} + +func (r *pingfederateMetadataUrlResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var data MetadataUrlData + resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + body, _, err := r.client.MetadataUrls.AddMetadataUrlWithContext(ctx, &metadataUrls.AddMetadataUrlInput{ + Body: *expandMetadataUrl(data), + }) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to create MetadataUrl, got error: %s", err)) + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, *flattenMetadataUrl(body))...) +} + +func (r *pingfederateMetadataUrlResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var data MetadataUrlData + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + body, _, err := r.client.MetadataUrls.GetMetadataUrlWithContext(ctx, &metadataUrls.GetMetadataUrlInput{Id: data.Id.ValueString()}) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to get MetadataUrl, got error: %s", err)) + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, *flattenMetadataUrl(body))...) +} + +func (r *pingfederateMetadataUrlResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var data MetadataUrlData + resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + body, _, err := r.client.MetadataUrls.UpdateMetadataUrlWithContext(ctx, &metadataUrls.UpdateMetadataUrlInput{ + Body: *expandMetadataUrl(data), + Id: data.Id.ValueString(), + }) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update MetadataUrl, got error: %s", err)) + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, *flattenMetadataUrl(body))...) +} + +func (r *pingfederateMetadataUrlResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var data MetadataUrlData + resp.Diagnostics.Append(req.State.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + _, _, err := r.client.MetadataUrls.DeleteMetadataUrlWithContext(ctx, &metadataUrls.DeleteMetadataUrlInput{Id: data.Id.ValueString()}) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete MetadataUrl, got error: %s", err)) + return + } + + resp.State.RemoveResource(ctx) +} + +func (r *pingfederateMetadataUrlResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/internal/framework/pingfederate_metadata_url_test.go b/internal/framework/pingfederate_metadata_url_test.go new file mode 100644 index 00000000..529b9547 --- /dev/null +++ b/internal/framework/pingfederate_metadata_url_test.go @@ -0,0 +1,167 @@ +package framework + +import ( + "context" + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/stretchr/testify/require" + + "github.com/stretchr/testify/assert" + + "github.com/iwarapter/pingfederate-sdk-go/services/metadataUrls" + + fresource "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + pf "github.com/iwarapter/pingfederate-sdk-go/pingfederate/models" +) + +func init() { + resource.AddTestSweepers("metadata_url", &resource.Sweeper{ + Name: "metadata_url", + Dependencies: []string{}, + F: func(r string) error { + results, _, err := pfc.MetadataUrls.GetMetadataUrls() + if err != nil { + return fmt.Errorf("unable to list metadata urls %s", err) + } + for _, item := range *results.Items { + _, _, err := pfc.MetadataUrls.DeleteMetadataUrl(&metadataUrls.DeleteMetadataUrlInput{Id: *item.Id}) + if err != nil { + return fmt.Errorf("unable to sweep metadata url %s because %s", *item.Id, err) + } + } + return nil + }, + }) +} + +func TestAccPingFederateMetadataUrlResource(t *testing.T) { + resourceName := "pingfederate_metadata_url.demo" + resource.ParallelTest(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + CheckDestroy: testAccCheckPingFederateMetadataUrlResourceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccPingFederateMetadataUrlResourceConfig("true"), + Check: resource.ComposeTestCheckFunc( + testAccCheckPingFederateMetadataUrlResourceExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", "acc_test_one"), + resource.TestCheckResourceAttr(resourceName, "url", "https://sptest.iamshowcase.com/testsp_metadata.xml"), + resource.TestCheckResourceAttr(resourceName, "validate_signature", "true"), + ), + }, + { + Config: testAccPingFederateMetadataUrlResourceConfig("false"), + Check: resource.ComposeTestCheckFunc( + testAccCheckPingFederateMetadataUrlResourceExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", "acc_test_one"), + resource.TestCheckResourceAttr(resourceName, "url", "https://sptest.iamshowcase.com/testsp_metadata.xml"), + resource.TestCheckResourceAttr(resourceName, "validate_signature", "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccCheckPingFederateMetadataUrlResourceDestroy(s *terraform.State) error { + return nil +} + +func testAccPingFederateMetadataUrlResourceConfig(configUpdate string) string { + return fmt.Sprintf(` +resource "pingfederate_metadata_url" "demo" { + id = "acc_test_one" + name = "acc_test_one" + url = "https://sptest.iamshowcase.com/testsp_metadata.xml" + validate_signature = %s +}`, configUpdate) +} + +func testAccCheckPingFederateMetadataUrlResourceExists(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" || rs.Primary.ID == "0" { + return fmt.Errorf("No rule ID is set") + } + + conn := pfc.MetadataUrls + result, _, err := conn.GetMetadataUrl(&metadataUrls.GetMetadataUrlInput{Id: rs.Primary.ID}) + + if err != nil { + return fmt.Errorf("Error: MetadataUrl (%s) not found", n) + } + + if *result.Name != rs.Primary.Attributes["name"] { + return fmt.Errorf("Error: MetadataUrl response (%s) didnt match state (%s)", *result.Name, rs.Primary.Attributes["name"]) + } + + return nil + } +} + +func Test_resourcePingFederateMetadataUrlResourceReadData(t *testing.T) { + cases := []struct { + Resource pf.MetadataUrl + }{ + { + Resource: pf.MetadataUrl{ + CertView: &pf.CertView{ + CryptoProvider: String("CryptoProvider"), + Expires: String("Expires"), + Id: String("Id"), + IssuerDN: String("IssuerDN"), + KeyAlgorithm: String("KeyAlgorithm"), + KeySize: Int(1), + SerialNumber: String("SerialNumber"), + Sha1Fingerprint: String("Sha1Fingerprint"), + Sha256Fingerprint: String("Sha256Fingerprint"), + SignatureAlgorithm: String("SignatureAlgorithm"), + Status: String("Status"), + SubjectAlternativeNames: &[]*string{String("SubjectAlternativeNames")}, + SubjectDN: String("SubjectDN"), + ValidFrom: String("ValidFrom"), + Version: Int(2), + }, + Id: String("Id"), + Name: String("Name"), + Url: String("Url"), + ValidateSignature: Bool(true), + X509File: &pf.X509File{ + CryptoProvider: String("CryptoProvider"), + FileData: String("FileData"), + Id: String("X509File"), + }, + }, + }, + } + for i, tc := range cases { + t.Run(fmt.Sprintf("tc:%v", i), func(t *testing.T) { + res := &pingfederateMetadataUrlResource{} + ctx := context.Background() + schResp := &fresource.SchemaResponse{} + res.Schema(ctx, fresource.SchemaRequest{}, schResp) + require.False(t, schResp.Diagnostics.HasError()) + + state := tfsdk.State{Schema: schResp.Schema} + require.False(t, state.Set(ctx, flattenMetadataUrl(&tc.Resource)).HasError()) + + check := MetadataUrlData{} + require.False(t, state.Get(ctx, &check).HasError()) + + resp := *expandMetadataUrl(check) + assert.Equal(t, tc.Resource, resp) + }) + } +} diff --git a/internal/framework/pingfederate_redirect_validation_settings_test.go b/internal/framework/pingfederate_redirect_validation_settings_test.go index 7e53f247..e0b1d68d 100644 --- a/internal/framework/pingfederate_redirect_validation_settings_test.go +++ b/internal/framework/pingfederate_redirect_validation_settings_test.go @@ -122,7 +122,7 @@ resource "pingfederate_redirect_validation_settings" "settings" { enable_target_resource_validation_for_sso = true white_list = [ { - valid_domain = "%s" + valid_domain = "%s" } ] } diff --git a/internal/framework/provider.go b/internal/framework/provider.go index 6e5f4a5e..8be7d6ea 100644 --- a/internal/framework/provider.go +++ b/internal/framework/provider.go @@ -126,6 +126,7 @@ func (p *pfprovider) Resources(_ context.Context) []func() resource.Resource { NewAuthenticationPolicyContractResource, NewAuthenticationSessionPolicyResource, NewGlobalAuthenticationSessionPolicyResource, + NewMetadataUrlResource, NewOauthAuthenticationPolicyContractMappingResource, NewOAuthClientResource, NewRedirectValidationResource, diff --git a/internal/framework/resource_schemas.go b/internal/framework/resource_schemas.go index dca8c0ac..2a5fa6d6 100644 --- a/internal/framework/resource_schemas.go +++ b/internal/framework/resource_schemas.go @@ -694,6 +694,45 @@ func resourceGlobalAuthenticationSessionPolicy() schema.Schema { } } +func resourceMetadataUrl() schema.Schema { + return schema.Schema{ + Description: `Metadata URL and corresponding Signature Verification Certificate.`, + Attributes: map[string]schema.Attribute{ + "cert_view": schema.SingleNestedAttribute{ + Description: `The Signature Verification Certificate details. This property is read-only and is always ignored on a POST or PUT.`, + Optional: true, + Attributes: singleCertView(), + }, + "id": schema.StringAttribute{ + Description: `The persistent, unique ID for the Metadata Url. It can be any combination of [a-z0-9._-]. This property is system-assigned if not specified.`, + Optional: true, + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + stringplanmodifier.RequiresReplace(), + }, + }, + "name": schema.StringAttribute{ + Description: `The name for the Metadata URL.`, + Required: true, + }, + "url": schema.StringAttribute{ + Description: `The Metadata URL.`, + Required: true, + }, + "validate_signature": schema.BoolAttribute{ + Description: `Perform Metadata Signature Validation. The default value is TRUE.`, + Optional: true, + }, + "x509file": schema.SingleNestedAttribute{ + Description: `Data of the Signature Verification Certificate for the Metadata URL.`, + Optional: true, + Attributes: singleX509File(), + }, + }, + } +} + func resourceRedirectValidationSettings() schema.Schema { return schema.Schema{ Description: `Settings for redirect validation for SSO, SLO and IdP discovery.`, @@ -948,6 +987,78 @@ func mapBinaryLdapAttributeSettings() map[string]schema.Attribute { } } +func singleCertView() map[string]schema.Attribute { + return map[string]schema.Attribute{ + "crypto_provider": schema.StringAttribute{ + Description: `Cryptographic Provider. This is only applicable if Hybrid HSM mode is true.`, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("LOCAL", "HSM"), + }, + }, + "expires": schema.StringAttribute{ + Description: `The end date up until which the item is valid, in ISO 8601 format (UTC).`, + Optional: true, + }, + "id": schema.StringAttribute{ + Description: `The persistent, unique ID for the certificate.`, + Optional: true, + }, + "issuer_dn": schema.StringAttribute{ + Description: `The issuer's distinguished name.`, + Optional: true, + }, + "key_algorithm": schema.StringAttribute{ + Description: `The public key algorithm.`, + Optional: true, + }, + "key_size": schema.NumberAttribute{ + Description: `The public key size.`, + Optional: true, + }, + "serial_number": schema.StringAttribute{ + Description: `The serial number assigned by the CA.`, + Optional: true, + }, + "sha1fingerprint": schema.StringAttribute{ + Description: `SHA-1 fingerprint in Hex encoding.`, + Optional: true, + }, + "sha256fingerprint": schema.StringAttribute{ + Description: `SHA-256 fingerprint in Hex encoding.`, + Optional: true, + }, + "signature_algorithm": schema.StringAttribute{ + Description: `The signature algorithm.`, + Optional: true, + }, + "status": schema.StringAttribute{ + Description: `Status of the item.`, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("VALID", "EXPIRED", "NOT_YET_VALID", "REVOKED"), + }, + }, + "subject_alternative_names": schema.ListAttribute{ + Description: `The subject alternative names (SAN).`, + Optional: true, + ElementType: types.StringType, + }, + "subject_dn": schema.StringAttribute{ + Description: `The subject's distinguished name.`, + Optional: true, + }, + "valid_from": schema.StringAttribute{ + Description: `The start date from which the item is valid, in ISO 8601 format (UTC).`, + Optional: true, + }, + "version": schema.NumberAttribute{ + Description: `The X.509 version to which the item conforms.`, + Optional: true, + }, + } +} + func singleClientAuth() map[string]schema.Attribute { return map[string]schema.Attribute{ "client_cert_issuer_dn": schema.StringAttribute{ @@ -1299,3 +1410,23 @@ func singleSourceTypeIdKey() map[string]schema.Attribute { }, } } + +func singleX509File() map[string]schema.Attribute { + return map[string]schema.Attribute{ + "crypto_provider": schema.StringAttribute{ + Description: `Cryptographic Provider. This is only applicable if Hybrid HSM mode is true.`, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("LOCAL", "HSM"), + }, + }, + "file_data": schema.StringAttribute{ + Description: `The certificate data in PEM format. New line characters should be omitted or encoded in this value.`, + Required: true, + }, + "id": schema.StringAttribute{ + Description: `The persistent, unique ID for the certificate. It can be any combination of [a-z0-9._-]. This property is system-assigned if not specified.`, + Optional: true, + }, + } +}