From 94a3dcae835fd6f274b51e5148aaa9b58b8e2d9e Mon Sep 17 00:00:00 2001 From: christopherhaerem Date: Tue, 17 Sep 2024 08:22:36 +0200 Subject: [PATCH] Refactor userclient resource and userclientservice - Removed the "bankid_login_enabled" field from the userclient resource and userclientservice. - Updated the example usage in the userclient documentation. --- docs/resources/userclient.md | 5 +- elvidapiclient/userclientservice.go | 1 - resource_userclient.go | 8 --- terraform-tester.tf | 92 ++++++++++++++--------------- 4 files changed, 48 insertions(+), 58 deletions(-) diff --git a/docs/resources/userclient.md b/docs/resources/userclient.md index 838d7f6..fe3084b 100644 --- a/docs/resources/userclient.md +++ b/docs/resources/userclient.md @@ -3,6 +3,7 @@ This resource manages a useclient (Authorization code openid-connect-client). ## Example Usage + ```hcl resource "elvid_userclient" "userclient" { client_name = "example-userclient" @@ -10,10 +11,8 @@ resource "elvid_userclient" "userclient" { domains = ["http://localhost:{port}", "https://examplesystem.dev-elvia.io"] redirect_uri_paths = ["/callback.html"] post_logout_redirect_uri_paths = ["/index.htm"] - bankid_login_enabled = true local_login_enabled = true elvia_ad_login_enabled = false - hafslund_ad_login_enabled = false test_user_login_enabled = false require_client_secret = false always_include_user_claims_in_id_token = true @@ -23,4 +22,4 @@ resource "elvid_userclient" "userclient" { } ``` -->Usage for this in Elvia is mostly done indirectly through a module. \ No newline at end of file +->Usage for this in Elvia is mostly done indirectly through a module. diff --git a/elvidapiclient/userclientservice.go b/elvidapiclient/userclientservice.go index e6f2594..317e5a7 100644 --- a/elvidapiclient/userclientservice.go +++ b/elvidapiclient/userclientservice.go @@ -101,7 +101,6 @@ type UserClient struct { Domains []string `json:"Domains"` RedirectUriPaths []string `json:"RedirectUriPaths"` PostLogoutRedirectUriPaths []string `json:"PostLogoutRedirectUriPaths"` - BankIDLoginEnabled bool `json:"BankIDLoginEnabled"` IdPortenLoginEnabled bool `json:"IdPortenLoginEnabled"` LocalLoginEnabled bool `json:"LocalLoginEnabled"` ElviaADLoginEnabled bool `json:"ElviaADLoginEnabled"` diff --git a/resource_userclient.go b/resource_userclient.go index 099e909..f956d8f 100644 --- a/resource_userclient.go +++ b/resource_userclient.go @@ -60,12 +60,6 @@ func resourceUserClient() *schema.Resource { }, Description: "The path part of a PostLogoutRedirectUri, each of these will be combined with each of the domains. After logout ElvID is only allowed to send the user back to the client with one of these uris.", }, - "bankid_login_enabled": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: false, - Description: "Enable to allow user to log in with BankID.", - }, "idporten_login_enabled": &schema.Schema{ Type: schema.TypeBool, Optional: true, @@ -219,7 +213,6 @@ func resourceUserClientRead(d *schema.ResourceData, m interface{}) error { d.Set("domains", userClient.Domains) d.Set("redirect_uri_paths", userClient.RedirectUriPaths) d.Set("post_logout_redirect_uri_paths", userClient.PostLogoutRedirectUriPaths) - d.Set("bankid_login_enabled", userClient.BankIDLoginEnabled) d.Set("idporten_login_enabled", userClient.IdPortenLoginEnabled) d.Set("local_login_enabled", userClient.LocalLoginEnabled) d.Set("elvia_ad_login_enabled", userClient.ElviaADLoginEnabled) @@ -278,7 +271,6 @@ func ReadUserClientFromResourceData(d *schema.ResourceData) *elvidapiclient.User Domains: getStringArrayFromResourceSet(d, "domains"), RedirectUriPaths: getStringArrayFromResourceSet(d, "redirect_uri_paths"), PostLogoutRedirectUriPaths: getStringArrayFromResourceSet(d, "post_logout_redirect_uri_paths"), - BankIDLoginEnabled: d.Get("bankid_login_enabled").(bool), IdPortenLoginEnabled: d.Get("idporten_login_enabled").(bool), LocalLoginEnabled: d.Get("local_login_enabled").(bool), ElviaADLoginEnabled: d.Get("elvia_ad_login_enabled").(bool), diff --git a/terraform-tester.tf b/terraform-tester.tf index e228789..179c3a2 100644 --- a/terraform-tester.tf +++ b/terraform-tester.tf @@ -11,6 +11,7 @@ provider "elvid" { } provider "vault" { + address = "https://vault.dev-elvia.io" auth_login { path = "auth/approle/login" @@ -23,23 +24,22 @@ provider "vault" { ## User client # resource "elvid_userclient" "userclient" { -# client_name = "test" -# scopes = ["louvre.imageapi.useraccess", "profile", "openid", "ad_groups"] -# domains = var.domains[var.environment] -# redirect_uri_paths = ["/callback.html"] -# post_logout_redirect_uri_paths = ["/index.htm"] -# bankid_login_enabled = true -# local_login_enabled = true -# idporten_login_enabled = true -# elvia_ad_login_enabled = true -# test_user_login_enabled = false -# require_client_secret = false -# access_token_life_time = 3598 -# always_include_user_claims_in_id_token = true -# client_name_language_key = null -# allow_use_of_refresh_tokens = false -# one_time_usage_for_refresh_tokens = true -# refresh_token_life_time = 2592000 +# client_name = "test" +# scopes = ["louvre.imageapi.useraccess", "profile", "openid", "ad_groups"] +# domains = var.domains[var.environment] +# redirect_uri_paths = ["/callback.html"] +# post_logout_redirect_uri_paths = ["/index.htm"] +# local_login_enabled = true +# idporten_login_enabled = true +# elvia_ad_login_enabled = true +# test_user_login_enabled = false +# require_client_secret = false +# access_token_life_time = 3598 +# always_include_user_claims_in_id_token = true +# client_name_language_key = null +# allow_use_of_refresh_tokens = false +# one_time_usage_for_refresh_tokens = true +# refresh_token_life_time = 2592000 # } # output "userclient" { @@ -48,38 +48,38 @@ provider "vault" { ## Machine client -resource "elvid_machineclient" "machineclient10" { - name = "2024-06-08-6" - test_user_login_enabled = true - access_token_life_time = 3511 - scopes = ["elvid.verifydeployment"] - client_claims { - type = "client_dna_topics_read" - values = ["topic1"] - } - client_claims { - type = "client_edna_topics_write" - values = ["topicA", "topicB", "D"] - } - lifecycle { - - prevent_destroy = true - - } -} +# resource "elvid_machineclient" "machineclient10" { +# name = "2024-06-08-6" +# test_user_login_enabled = true +# access_token_life_time = 3511 +# scopes = ["elvid.verifydeployment"] +# client_claims { +# type = "client_dna_topics_read" +# values = ["topic1"] +# } +# client_claims { +# type = "client_edna_topics_write" +# values = ["topicA", "topicB", "D"] +# } +# lifecycle { + +# prevent_destroy = true + +# } +# } -resource "elvid_clientsecret" "clientsecret" { - client_id = elvid_machineclient.machineclient10.id - resource_taint_version = "2" -} +# resource "elvid_clientsecret" "clientsecret" { +# client_id = elvid_machineclient.machineclient10.id +# resource_taint_version = "2" +# } -output "machineclient" { - value = elvid_machineclient.machineclient10.client_id -} +# output "machineclient" { +# value = elvid_machineclient.machineclient10.client_id +# } -output "clientsecret" { - value = nonsensitive(elvid_clientsecret.clientsecret.secret_value) -} +# output "clientsecret" { +# value = nonsensitive(elvid_clientsecret.clientsecret.secret_value) +# } ## API scope # resource "elvid_apiscope" "apiscope" {