Skip to content

Commit

Permalink
Add some missing things (#562)
Browse files Browse the repository at this point in the history
  • Loading branch information
@BeryJu
BeryJu authored Sep 4, 2024
2 parents e8a3b5e + 4b27818 commit 6007dac
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .github/FUNDING.yml
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
github: [BeryJu]
custom: https://goauthentik.io/pricing/
3 changes: 3 additions & 0 deletions docs/resources/provider_saml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,13 @@ resource "authentik_application" "name" {
- `http://www.w3.org/2001/04/xmldsig-more#sha384`
- `http://www.w3.org/2001/04/xmlenc#sha512`
Defaults to `http://www.w3.org/2001/04/xmlenc#sha256`.
- `encryption_kp` (String)
- `issuer` (String) Defaults to `authentik`.
- `name_id_mapping` (String)
- `property_mappings` (List of String)
- `session_valid_not_on_or_after` (String) Defaults to `minutes=86400`.
- `sign_assertion` (Boolean) Defaults to `true`.
- `sign_response` (Boolean) Defaults to `false`.
- `signature_algorithm` (String) Allowed values:
- `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
- `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
Expand Down
1 change: 1 addition & 0 deletions docs/resources/source_saml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ resource "authentik_source_saml" "name" {
- `http://www.w3.org/2001/04/xmlenc#sha512`
Defaults to `http://www.w3.org/2001/04/xmlenc#sha256`.
- `enabled` (Boolean) Defaults to `true`.
- `encryption_kp` (String)
- `enrollment_flow` (String)
- `issuer` (String)
- `name_id_policy` (String) Allowed values:
Expand Down
24 changes: 24 additions & 0 deletions internal/provider/resource_provider_saml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,24 @@ func resourceProviderSAML() *schema.Resource {
Type: schema.TypeString,
Optional: true,
},
"sign_assertion": {
Type: schema.TypeBool,
Default: true,
Optional: true,
},
"sign_response": {
Type: schema.TypeBool,
Default: false,
Optional: true,
},
"verification_kp": {
Type: schema.TypeString,
Optional: true,
},
"encryption_kp": {
Type: schema.TypeString,
Optional: true,
},
"sp_binding": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -151,6 +165,8 @@ func resourceProviderSAMLSchemaToProvider(d *schema.ResourceData) *api.SAMLProvi
SignatureAlgorithm: api.SignatureAlgorithmEnum(d.Get("signature_algorithm").(string)).Ptr(),
SpBinding: api.SpBindingEnum(d.Get("sp_binding").(string)).Ptr(),
PropertyMappings: castSlice[string](d.Get("property_mappings").([]interface{})),
SignAssertion: api.PtrBool(d.Get("sign_assertion").(bool)),
SignResponse: api.PtrBool(d.Get("sign_response").(bool)),
}

if s, sok := d.GetOk("authentication_flow"); sok && s.(string) != "" {
Expand All @@ -159,6 +175,9 @@ func resourceProviderSAMLSchemaToProvider(d *schema.ResourceData) *api.SAMLProvi
if s, sok := d.GetOk("name_id_mapping"); sok && s.(string) != "" {
r.NameIdMapping.Set(api.PtrString(s.(string)))
}
if s, sok := d.GetOk("encryption_kp"); sok && s.(string) != "" {
r.EncryptionKp.Set(api.PtrString(s.(string)))
}
if s, sok := d.GetOk("signing_kp"); sok && s.(string) != "" {
r.SigningKp.Set(api.PtrString(s.(string)))
}
Expand Down Expand Up @@ -210,6 +229,8 @@ func resourceProviderSAMLRead(ctx context.Context, d *schema.ResourceData, m int
setWrapper(d, "assertion_valid_not_before", res.AssertionValidNotBefore)
setWrapper(d, "assertion_valid_not_on_or_after", res.AssertionValidNotOnOrAfter)
setWrapper(d, "session_valid_not_on_or_after", res.SessionValidNotOnOrAfter)
setWrapper(d, "sign_assertion", res.SignAssertion)
setWrapper(d, "sign_response", res.SignResponse)
if res.NameIdMapping.IsSet() {
setWrapper(d, "name_id_mapping", res.NameIdMapping.Get())
}
Expand All @@ -219,6 +240,9 @@ func resourceProviderSAMLRead(ctx context.Context, d *schema.ResourceData, m int
if res.VerificationKp.IsSet() {
setWrapper(d, "verification_kp", res.VerificationKp.Get())
}
if res.EncryptionKp.IsSet() {
setWrapper(d, "encryption_kp", res.EncryptionKp.Get())
}
setWrapper(d, "digest_algorithm", res.DigestAlgorithm)
setWrapper(d, "signature_algorithm", res.SignatureAlgorithm)
setWrapper(d, "default_relay_state", res.DefaultRelayState)
Expand Down
22 changes: 16 additions & 6 deletions internal/provider/resource_source_saml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ func resourceSourceSAML() *schema.Resource {
Type: schema.TypeString,
Optional: true,
},
"encryption_kp": {
Type: schema.TypeString,
Optional: true,
},
"digest_algorithm": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -135,12 +139,12 @@ func resourceSourceSAML() *schema.Resource {

func resourceSourceSAMLSchemaToSource(d *schema.ResourceData) *api.SAMLSourceRequest {
r := api.SAMLSourceRequest{
Name: d.Get("name").(string),
Slug: d.Get("slug").(string),
Enabled: api.PtrBool(d.Get("enabled").(bool)),
UserPathTemplate: api.PtrString(d.Get("user_path_template").(string)),
PolicyEngineMode: api.PolicyEngineMode(d.Get("policy_engine_mode").(string)).Ptr(),
UserMatchingMode: api.UserMatchingModeEnum(d.Get("user_matching_mode").(string)).Ptr(),
Name: d.Get("name").(string),
Slug: d.Get("slug").(string),
Enabled: api.PtrBool(d.Get("enabled").(bool)),
UserPathTemplate: api.PtrString(d.Get("user_path_template").(string)),
PolicyEngineMode: api.PolicyEngineMode(d.Get("policy_engine_mode").(string)).Ptr(),
UserMatchingMode: api.UserMatchingModeEnum(d.Get("user_matching_mode").(string)).Ptr(),

PreAuthenticationFlow: d.Get("pre_authentication_flow").(string),

Expand All @@ -167,6 +171,9 @@ func resourceSourceSAMLSchemaToSource(d *schema.ResourceData) *api.SAMLSourceReq
if s, sok := d.GetOk("signing_kp"); sok && s.(string) != "" {
r.SigningKp.Set(api.PtrString(s.(string)))
}
if s, sok := d.GetOk("encryption_kp"); sok && s.(string) != "" {
r.EncryptionKp.Set(api.PtrString(s.(string)))
}
return &r
}

Expand Down Expand Up @@ -219,6 +226,9 @@ func resourceSourceSAMLRead(ctx context.Context, d *schema.ResourceData, m inter
if res.SigningKp.IsSet() {
setWrapper(d, "signing_kp", res.SigningKp.Get())
}
if res.EncryptionKp.IsSet() {
setWrapper(d, "encryption_kp", res.EncryptionKp.Get())
}
setWrapper(d, "digest_algorithm", res.DigestAlgorithm)
setWrapper(d, "signature_algorithm", res.SignatureAlgorithm)
setWrapper(d, "temporary_user_delete_after", res.TemporaryUserDeleteAfter)
Expand Down

0 comments on commit 6007dac

Please sign in to comment.