From 9166375c80e54abdacd524af10d3a1c77b1e3345 Mon Sep 17 00:00:00 2001
From: Michael Parker <michael@parker.gg>
Date: Fri, 24 Sep 2021 10:55:50 -0500
Subject: [PATCH] fix: bool attributes for keycloak_openid_client resource were
 swapped (#600)

---
 provider/resource_keycloak_openid_client.go   |  8 +--
 .../resource_keycloak_openid_client_test.go   | 65 +++++++++++++++++++
 2 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/provider/resource_keycloak_openid_client.go b/provider/resource_keycloak_openid_client.go
index 3028b7026..e95348dd1 100644
--- a/provider/resource_keycloak_openid_client.go
+++ b/provider/resource_keycloak_openid_client.go
@@ -296,8 +296,8 @@ func getOpenidClientFromData(data *schema.ResourceData) (*keycloak.OpenidClient,
 			ClientSessionMaxLifespan:             data.Get("client_session_max_lifespan").(string),
 			UseRefreshTokens:                     keycloak.KeycloakBoolQuoted(data.Get("use_refresh_tokens").(bool)),
 			BackchannelLogoutUrl:                 data.Get("backchannel_logout_url").(string),
-			BackchannelLogoutRevokeOfflineTokens: keycloak.KeycloakBoolQuoted(data.Get("backchannel_logout_session_required").(bool)),
-			BackchannelLogoutSessionRequired:     keycloak.KeycloakBoolQuoted(data.Get("backchannel_logout_revoke_offline_sessions").(bool)),
+			BackchannelLogoutRevokeOfflineTokens: keycloak.KeycloakBoolQuoted(data.Get("backchannel_logout_revoke_offline_sessions").(bool)),
+			BackchannelLogoutSessionRequired:     keycloak.KeycloakBoolQuoted(data.Get("backchannel_logout_session_required").(bool)),
 			ExtraConfig:                          getExtraConfigFromData(data),
 		},
 		ValidRedirectUris: validRedirectUris,
@@ -392,8 +392,8 @@ func setOpenidClientData(keycloakClient *keycloak.KeycloakClient, data *schema.R
 	data.Set("client_session_idle_timeout", client.Attributes.ClientSessionIdleTimeout)
 	data.Set("client_session_max_lifespan", client.Attributes.ClientSessionMaxLifespan)
 	data.Set("backchannel_logout_url", client.Attributes.BackchannelLogoutUrl)
-	data.Set("backchannel_logout_session_required", client.Attributes.BackchannelLogoutRevokeOfflineTokens)
-	data.Set("backchannel_logout_revoke_offline_sessions", client.Attributes.BackchannelLogoutSessionRequired)
+	data.Set("backchannel_logout_revoke_offline_sessions", client.Attributes.BackchannelLogoutRevokeOfflineTokens)
+	data.Set("backchannel_logout_session_required", client.Attributes.BackchannelLogoutSessionRequired)
 	setExtraConfigData(data, client.Attributes.ExtraConfig)
 
 	if client.AuthorizationServicesEnabled {
diff --git a/provider/resource_keycloak_openid_client_test.go b/provider/resource_keycloak_openid_client_test.go
index 25ee059c7..56062d66a 100644
--- a/provider/resource_keycloak_openid_client_test.go
+++ b/provider/resource_keycloak_openid_client_test.go
@@ -209,6 +209,30 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) {
 	})
 }
 
+func TestAccKeycloakOpenidClient_backChannel(t *testing.T) {
+	t.Parallel()
+
+	clientId := acctest.RandomWithPrefix("tf-acc")
+	backchannelLogoutUrl := fmt.Sprintf("https://%s.com", acctest.RandString(10))
+	backchannelLogoutSessionRequired := randomBool()
+	backchannelLogoutRevokeOfflineSessions := !backchannelLogoutSessionRequired
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: testAccProviderFactories,
+		PreCheck:          func() { testAccPreCheck(t) },
+		CheckDestroy:      testAccCheckKeycloakOpenidClientDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testKeycloakOpenidClient_backchannel(clientId, backchannelLogoutUrl, backchannelLogoutSessionRequired, backchannelLogoutRevokeOfflineSessions),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"),
+					testAccCheckKeycloakOpenidClientHasBackchannelSettings("keycloak_openid_client.client", backchannelLogoutUrl, backchannelLogoutSessionRequired, backchannelLogoutRevokeOfflineSessions),
+				),
+			},
+		},
+	})
+}
+
 func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) {
 	t.Parallel()
 	clientId := acctest.RandomWithPrefix("tf-acc")
@@ -587,6 +611,29 @@ func testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol(resourceName stri
 	}
 }
 
+func testAccCheckKeycloakOpenidClientHasBackchannelSettings(resourceName, backchannelLogoutUrl string, backchannelLogoutSessionRequired, backchannelLogoutRevokeOfflineSessions bool) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client, err := getOpenidClientFromState(s, resourceName)
+		if err != nil {
+			return err
+		}
+
+		if client.Attributes.BackchannelLogoutUrl != backchannelLogoutUrl {
+			return fmt.Errorf("expected openid client to have backchannel logout url %s, got %s", backchannelLogoutUrl, client.Attributes.BackchannelLogoutUrl)
+		}
+
+		if bool(client.Attributes.BackchannelLogoutSessionRequired) != backchannelLogoutSessionRequired {
+			return fmt.Errorf("expected openid client to have backchannel session required bool %t, got %t", backchannelLogoutSessionRequired, bool(client.Attributes.BackchannelLogoutSessionRequired))
+		}
+
+		if bool(client.Attributes.BackchannelLogoutRevokeOfflineTokens) != backchannelLogoutRevokeOfflineSessions {
+			return fmt.Errorf("expected openid client to have backchannel revoke offline sessions bool %t, got %t", backchannelLogoutRevokeOfflineSessions, bool(client.Attributes.BackchannelLogoutRevokeOfflineTokens))
+		}
+
+		return nil
+	}
+}
+
 func testAccCheckKeycloakOpenidClientExistsWithCorrectLifespan(resourceName string, accessTokenLifespan string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client, err := getOpenidClientFromState(s, resourceName)
@@ -1078,6 +1125,24 @@ resource "keycloak_openid_client" "client" {
 	`, testAccRealm.Realm, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.DirectAccessGrantsEnabled, openidClient.ServiceAccountsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl, openidClient.BaseUrl, *openidClient.RootUrl, openidClient.Attributes.BackchannelLogoutUrl, openidClient.Attributes.BackchannelLogoutSessionRequired, openidClient.Attributes.BackchannelLogoutRevokeOfflineTokens)
 }
 
+func testKeycloakOpenidClient_backchannel(clientId, backchannelLogoutUrl string, backchannelLogoutSessionRequired, backchannelLogoutRevokeOfflineSessions bool) string {
+	return fmt.Sprintf(`
+data "keycloak_realm" "realm" {
+	realm = "%s"
+}
+
+resource "keycloak_openid_client" "client" {
+	client_id   = "%s"
+	realm_id    = data.keycloak_realm.realm.id
+	access_type = "CONFIDENTIAL"
+
+	backchannel_logout_url                     = "%s"
+	backchannel_logout_session_required        = %t
+	backchannel_logout_revoke_offline_sessions = %t
+}
+	`, testAccRealm.Realm, clientId, backchannelLogoutUrl, backchannelLogoutSessionRequired, backchannelLogoutRevokeOfflineSessions)
+}
+
 func testKeycloakOpenidClient_secret(clientId, clientSecret string) string {
 	return fmt.Sprintf(`
 data "keycloak_realm" "realm" {