Merge pull request #13 from iain-raidiam/master

Fixes #11 support for pingaccess_auth_token_management

CHANGELOG.md

@@ -12,6 +12,7 @@ FEATURES:
 * **New DataSource:** `pingaccess_keypair` ([#4](https://github.com/iwarapter/terraform-provider-pingaccess/issues/4))
 * **New Resource:** `pingaccess_access_token_validator`
 * **New Resource:** `pingaccess_keypair` ([#4](https://github.com/iwarapter/terraform-provider-pingaccess/issues/4))
+* * **New Resource:** `pingaccess_auth_token_management` ([#11](https://github.com/iwarapter/terraform-provider-pingaccess/issues/11))
 
 BUG FIXES:
 

docs/resources/pingaccess_auth_token_management.md

@@ -0,0 +1,22 @@
+Provides a auth token management.
+
+## Example Usage
+```terraform
+{!../pingaccess/test_cases/auth_token_management.tf!}
+```
+
+## Argument Attributes
+
+The following arguments are supported:
+
+- [`key_roll_enabled`](#key_roll_enabled) - The issuer value to include in auth tokens. PingAccess inserts this value as the iss claim within the auth tokens.
+
+- [`key_roll_period_in_hours`](#key_roll_period_in_hours) - This field is true if key rollover is enabled. When false, PingAccess will not rollover keys at the configured interval.
+
+- [`issuer`](#issuer) - The interval (in hours) at which PingAccess will roll the keys. Key rollover updates keys at regular intervals to ensure the security of signed auth tokens.
+
+- [`signing_algorithm`](#signing_algorithm) - The signing algorithm used when creating signed auth tokens.
+
+### Attributes Reference
+
+No additional attributes are provided.

mkdocs.yml

@@ -6,6 +6,7 @@ nav:
       - pingaccess_trusted_certificate_group: data_sources/pingaccess_trusted_certificate_group.md
     - Supported Resources:
       - pingaccess_access_token_validator: resources/pingaccess_access_token_validator.md
+      - pingaccess_auth_token_management: resources/pingaccess_auth_token_management.md
       - pingaccess_application: resources/pingaccess_application.md
       - pingaccess_application_resource: resources/pingaccess_application_resource.md
       - pingaccess_certificate: resources/pingaccess_certificate.md

pingaccess/provider.go

@@ -42,6 +42,7 @@ func Provider() terraform.ResourceProvider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"pingaccess_access_token_validator":          resourcePingAccessAccessTokenValidator(),
+			"pingaccess_auth_token_management":           resourcePingAccessAuthTokenManagement(),
 			"pingaccess_certificate":                     resourcePingAccessCertificate(),
 			"pingaccess_identity_mapping":                resourcePingAccessIdentityMapping(),
 			"pingaccess_keypair":                         resourcePingAccessKeyPair(),

pingaccess/resource_pingaccess_auth_token_management.go

@@ -0,0 +1,109 @@
+package pingaccess
+
+import (
+	"fmt"
+
+	pa "github.com/iwarapter/pingaccess-sdk-go/pingaccess"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourcePingAccessAuthTokenManagement() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePingAccessAuthTokenManagementCreate,
+		Read:   resourcePingAccessAuthTokenManagementRead,
+		Update: resourcePingAccessAuthTokenManagementUpdate,
+		Delete: resourcePingAccessAuthTokenManagementDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: resourcePingAccessAuthTokenManagementSchema(),
+	}
+}
+
+func resourcePingAccessAuthTokenManagementSchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"issuer": &schema.Schema{
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "PingAccessAuthToken",
+			Description: "The issuer value to include in auth tokens. PingAccess inserts this value as the iss claim within the auth tokens.",
+		},
+		"key_roll_enabled": &schema.Schema{
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "This field is true if key rollover is enabled. When false, PingAccess will not rollover keys at the configured interval.",
+		},
+		"key_roll_period_in_hours": &schema.Schema{
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Default:     24,
+			Description: "The interval (in hours) at which PingAccess will roll the keys. Key rollover updates keys at regular intervals to ensure the security of signed auth tokens.",
+		},
+		"signing_algorithm": &schema.Schema{
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "P-256",
+			Description: "The signing algorithm used when creating signed auth tokens.",
+		},
+	}
+}
+
+func resourcePingAccessAuthTokenManagementCreate(d *schema.ResourceData, m interface{}) error {
+	d.SetId("auth_token_management")
+	return resourcePingAccessAuthTokenManagementUpdate(d, m)
+}
+
+func resourcePingAccessAuthTokenManagementRead(d *schema.ResourceData, m interface{}) error {
+	svc := m.(*pa.Client).AuthTokenManagements
+	result, _, err := svc.GetAuthTokenManagementCommand()
+	if err != nil {
+		return fmt.Errorf("Error reading auth token management settings: %s", err)
+	}
+
+	return resourcePingAccessAuthTokenManagementReadResult(d, result)
+}
+
+func resourcePingAccessAuthTokenManagementUpdate(d *schema.ResourceData, m interface{}) error {
+	svc := m.(*pa.Client).AuthTokenManagements
+	input := pa.UpdateAuthTokenManagementCommandInput{
+		Body: *resourcePingAccessAuthTokenManagementReadData(d),
+	}
+	result, _, err := svc.UpdateAuthTokenManagementCommand(&input)
+	if err != nil {
+		return fmt.Errorf("Error updating auth token management settings: %s", err.Error())
+	}
+
+	d.SetId("auth_token_management")
+	return resourcePingAccessAuthTokenManagementReadResult(d, result)
+}
+
+func resourcePingAccessAuthTokenManagementDelete(d *schema.ResourceData, m interface{}) error {
+	svc := m.(*pa.Client).AuthTokenManagements
+	_, err := svc.DeleteAuthTokenManagementCommand()
+	if err != nil {
+		return fmt.Errorf("Error resetting auth token management: %s", err)
+	}
+	return nil
+}
+
+func resourcePingAccessAuthTokenManagementReadResult(d *schema.ResourceData, input *pa.AuthTokenManagementView) (err error) {
+	setResourceDataString(d, "issuer", input.Issuer)
+	setResourceDataBool(d, "key_roll_enabled", input.KeyRollEnabled)
+	setResourceDataInt(d, "key_roll_period_in_hours", input.KeyRollPeriodInHours)
+	setResourceDataString(d, "signing_algorithm", input.SigningAlgorithm)
+	return nil
+}
+
+func resourcePingAccessAuthTokenManagementReadData(d *schema.ResourceData) *pa.AuthTokenManagementView {
+	atm := &pa.AuthTokenManagementView{
+		Issuer:               String(d.Get("issuer").(string)),
+		KeyRollEnabled:       Bool(d.Get("key_roll_enabled").(bool)),
+		KeyRollPeriodInHours: Int(d.Get("key_roll_period_in_hours").(int)),
+		SigningAlgorithm:     String(d.Get("signing_algorithm").(string)),
+	}
+
+	return atm
+}

pingaccess/resource_pingaccess_auth_token_management_test.go

@@ -0,0 +1,103 @@
+package pingaccess
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+	pa "github.com/iwarapter/pingaccess-sdk-go/pingaccess"
+)
+
+func TestAccPingAccessAuthTokenManagement(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPingAccessAuthTokenManagementDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPingAccessAuthTokenManagementConfig("PingAccessAuthToken"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPingAccessAuthTokenManagementExists("pingaccess_auth_token_management.demo"),
+				),
+			},
+			{
+				Config: testAccPingAccessAuthTokenManagementConfig("PingAccessAuthToken2"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPingAccessAuthTokenManagementExists("pingaccess_auth_token_management.demo"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckPingAccessAuthTokenManagementDestroy(s *terraform.State) error {
+	return nil
+}
+
+func testAccPingAccessAuthTokenManagementConfig(issuer string) string {
+	return fmt.Sprintf(`
+	resource "pingaccess_auth_token_management" "demo" {
+		key_roll_enabled = true
+    key_roll_period_in_hours = 24
+  	issuer = "%s"
+  	signing_algorithm = "P-256"
+	}`, issuer)
+}
+
+func testAccCheckPingAccessAuthTokenManagementExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" || rs.Primary.ID == "0" {
+			return fmt.Errorf("No auth token management ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*pa.Client).AuthTokenManagements
+		result, _, err := conn.GetAuthTokenManagementCommand()
+
+		if err != nil {
+			return fmt.Errorf("Error: AuthTokenManagement (%s) not found", n)
+		}
+
+		if *result.Issuer != rs.Primary.Attributes["issuer"] {
+			return fmt.Errorf("Error: AuthTokenManagement response (%s) didnt match state (%s)", *result.Issuer, rs.Primary.Attributes["issuer"])
+		}
+
+		return nil
+	}
+}
+
+func Test_resourcePingAccessAuthTokenManagementReadData(t *testing.T) {
+	cases := []struct {
+		AuthTokenManagementView pa.AuthTokenManagementView
+	}{
+		{
+			AuthTokenManagementView: pa.AuthTokenManagementView{
+				Issuer:               String("PingAccessAuthTokenDemo"),
+				KeyRollEnabled:       Bool(false),
+				KeyRollPeriodInHours: Int(23),
+				SigningAlgorithm:     String("P-512"),
+			},
+		},
+	}
+	for i, tc := range cases {
+		t.Run(fmt.Sprintf("tc:%v", i), func(t *testing.T) {
+
+			resourceSchema := resourcePingAccessAuthTokenManagementSchema()
+			resourceLocalData := schema.TestResourceDataRaw(t, resourceSchema, map[string]interface{}{})
+			resourcePingAccessAuthTokenManagementReadResult(resourceLocalData, &tc.AuthTokenManagementView)
+
+			if got := *resourcePingAccessAuthTokenManagementReadData(resourceLocalData); !cmp.Equal(got, tc.AuthTokenManagementView) {
+				t.Errorf("resourcePingAccessAuthTokenManagementReadData() = %v", cmp.Diff(got, tc.AuthTokenManagementView))
+			}
+
+			resourcePingAccessAuthTokenManagementReadResult(resourceLocalData, &tc.AuthTokenManagementView)
+		})
+	}
+}

pingaccess/test_cases/auth_token_management.tf

@@ -0,0 +1,6 @@
+resource "pingaccess_auth_token_management" "demo" {
+  key_roll_enabled = true
+  key_roll_period_in_hours = 24
+  issuer = "PingAccessAuthToken"
+  signing_algorithm = "P-256"
+}