From b68f3197bada801a48746ee12b0028a5fb37a43f Mon Sep 17 00:00:00 2001 From: adresan Date: Thu, 23 Jan 2020 21:37:52 +0100 Subject: [PATCH 1/4] add admin_url to openid client resource --- keycloak/openid_client.go | 1 + provider/resource_keycloak_openid_client.go | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/keycloak/openid_client.go b/keycloak/openid_client.go index 6d997d2df..5e8f94108 100644 --- a/keycloak/openid_client.go +++ b/keycloak/openid_client.go @@ -43,6 +43,7 @@ type OpenidClient struct { AuthorizationServicesEnabled bool `json:"authorizationServicesEnabled"` ValidRedirectUris []string `json:"redirectUris"` WebOrigins []string `json:"webOrigins"` + AdminUrl string `json:"adminUrl"` FullScopeAllowed bool `json:"fullScopeAllowed"` Attributes OpenidClientAttributes `json:"attributes"` AuthorizationSettings *OpenidClientAuthorizationSettings `json:"authorizationSettings,omitempty"` diff --git a/provider/resource_keycloak_openid_client.go b/provider/resource_keycloak_openid_client.go index 069d7143a..825f3e823 100644 --- a/provider/resource_keycloak_openid_client.go +++ b/provider/resource_keycloak_openid_client.go @@ -86,6 +86,10 @@ func resourceKeycloakOpenidClient() *schema.Resource { Set: schema.HashString, Optional: true, }, + "admin_url": { + Type: schema.TypeString, + Optional: true, + }, "service_accounts_enabled": { Type: schema.TypeBool, Optional: true, @@ -177,6 +181,7 @@ func getOpenidClientFromData(data *schema.ResourceData) (*keycloak.OpenidClient, }, ValidRedirectUris: validRedirectUris, WebOrigins: webOrigins, + AdminUrl: data.Get("admin_url").(string), } if !openidClient.ImplicitFlowEnabled && !openidClient.StandardFlowEnabled { @@ -235,6 +240,7 @@ func setOpenidClientData(keycloakClient *keycloak.KeycloakClient, data *schema.R data.Set("service_accounts_enabled", client.ServiceAccountsEnabled) data.Set("valid_redirect_uris", client.ValidRedirectUris) data.Set("web_origins", client.WebOrigins) + data.Set("admin_url", client.AdminUrl) data.Set("authorization_services_enabled", client.AuthorizationServicesEnabled) data.Set("full_scope_allowed", client.FullScopeAllowed) From 68bbee801e60c7a5cc2be4b16bc73c2b5e712b21 Mon Sep 17 00:00:00 2001 From: adresan Date: Thu, 23 Jan 2020 22:08:36 +0100 Subject: [PATCH 2/4] add test for admin_url openid client attribute --- .../resource_keycloak_openid_client_test.go | 51 ++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/provider/resource_keycloak_openid_client_test.go b/provider/resource_keycloak_openid_client_test.go index 81e623005..7140424d6 100644 --- a/provider/resource_keycloak_openid_client_test.go +++ b/provider/resource_keycloak_openid_client_test.go @@ -120,6 +120,23 @@ func TestAccKeycloakOpenidClient_accessType(t *testing.T) { }, }) } +func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { + realmName := "terraform-" + acctest.RandString(10) + clientId := "terraform-" + acctest.RandString(10) + adminUrl := "https://www.example.com/admin" + + resource.Test(t, resource.TestCase{ + Providers: testAccProviders, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenidClient_adminUrl(realmName, clientId, adminUrl), + Check: testAccCheckKeycloakOpenidClientAdminUrl("keycloak_openid_client.client", adminUrl), + }, + }, + }) +} func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { realm := "terraform-" + acctest.RandString(10) @@ -147,6 +164,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { ServiceAccountsEnabled: serviceAccountsEnabled, ValidRedirectUris: []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)}, WebOrigins: []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)}, + AdminUrl: acctest.RandString(20), } standardFlowEnabled, implicitFlowEnabled = implicitFlowEnabled, standardFlowEnabled @@ -164,6 +182,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { ServiceAccountsEnabled: !serviceAccountsEnabled, ValidRedirectUris: []string{acctest.RandString(10), acctest.RandString(10)}, WebOrigins: []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)}, + AdminUrl: acctest.RandString(20), } resource.Test(t, resource.TestCase{ @@ -193,6 +212,21 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { }) } +func testAccCheckKeycloakOpenidClientAdminUrl(resourceName string, adminUrl string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client, err := getOpenidClientFromState(s, resourceName) + if err != nil { + return err + } + + if client.AdminUrl != adminUrl { + return fmt.Errorf("expected openid client to have adminUrl set to %s, but got %s", adminUrl, client.AdminUrl) + } + + return nil + } +} + func TestAccKeycloakOpenidClient_secret(t *testing.T) { realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) @@ -567,6 +601,20 @@ resource "keycloak_openid_client" "client" { `, realm, clientId, accessType) } +func testKeycloakOpenidClient_adminUrl(realm, clientId, adminUrl string) string { + return fmt.Sprintf(` +resource "keycloak_realm" "realm" { + realm = "%s" +} +resource "keycloak_openid_client" "client" { + client_id = "%s" + realm_id = "${keycloak_realm.realm.id}" + admin_url = "%s" + access_type = "PUBLIC" +} + `, realm, clientId, adminUrl) +} + func testKeycloakOpenidClient_pkceChallengeMethod(realm, clientId, pkceChallengeMethod string) string { return fmt.Sprintf(` @@ -689,8 +737,9 @@ resource "keycloak_openid_client" "client" { valid_redirect_uris = %s web_origins = %s + admin_url = "%s" } - `, openidClient.RealmId, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.ServiceAccountsEnabled, openidClient.DirectAccessGrantsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins)) + `, openidClient.RealmId, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.ServiceAccountsEnabled, openidClient.DirectAccessGrantsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl) } func testKeycloakOpenidClient_secret(realm, clientId, clientSecret string) string { From 6c8842f224e84beeddd06cde734ea4c249459e36 Mon Sep 17 00:00:00 2001 From: adresan Date: Thu, 23 Jan 2020 22:52:11 +0100 Subject: [PATCH 3/4] add doc for admin_url openid client attribute --- docs/resources/keycloak_openid_client.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/resources/keycloak_openid_client.md b/docs/resources/keycloak_openid_client.md index 6c69c8b16..c160d96e7 100644 --- a/docs/resources/keycloak_openid_client.md +++ b/docs/resources/keycloak_openid_client.md @@ -53,6 +53,7 @@ should be treated with the same care as a password. If omitted, Keycloak will ge wildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled` is set to `true`. - `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins. +- `admin_url` - (Optional) URL to the admin interface of the client. - `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``. - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token. From ba52b70498dac2bb83f69c79696964713ce95ae0 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Mon, 27 Jan 2020 09:35:22 -0600 Subject: [PATCH 4/4] fix test variable order --- provider/resource_keycloak_openid_client_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/resource_keycloak_openid_client_test.go b/provider/resource_keycloak_openid_client_test.go index 771531b4b..f3b9ac142 100644 --- a/provider/resource_keycloak_openid_client_test.go +++ b/provider/resource_keycloak_openid_client_test.go @@ -790,7 +790,7 @@ resource "keycloak_openid_client" "client" { admin_url = "%s" base_url = "%s" } - `, openidClient.RealmId, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.ServiceAccountsEnabled, openidClient.DirectAccessGrantsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl, openidClient.BaseUrl) + `, openidClient.RealmId, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.DirectAccessGrantsEnabled, openidClient.ServiceAccountsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl, openidClient.BaseUrl) } func testKeycloakOpenidClient_secret(realm, clientId, clientSecret string) string {