From 8c751a3100d4b5b43b9bac60058db3f9ad33e25d Mon Sep 17 00:00:00 2001 From: Tom Rutsaert Date: Thu, 24 Feb 2022 11:54:32 +0100 Subject: [PATCH] added support for NameIdPolicyFormat Transient on the saml idp provider resource --- ...esource_keycloak_saml_identity_provider.go | 1 + ...ce_keycloak_saml_identity_provider_test.go | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/provider/resource_keycloak_saml_identity_provider.go b/provider/resource_keycloak_saml_identity_provider.go index 1008985d1..09fab31f8 100644 --- a/provider/resource_keycloak_saml_identity_provider.go +++ b/provider/resource_keycloak_saml_identity_provider.go @@ -14,6 +14,7 @@ var nameIdPolicyFormats = map[string]string{ "Kerberos": "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", "X.509 Subject Name": "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "Unspecified": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "Transient": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", } var signatureAlgorithms = []string{ diff --git a/provider/resource_keycloak_saml_identity_provider_test.go b/provider/resource_keycloak_saml_identity_provider_test.go index 33531a6bf..130e901bb 100644 --- a/provider/resource_keycloak_saml_identity_provider_test.go +++ b/provider/resource_keycloak_saml_identity_provider_test.go @@ -48,6 +48,24 @@ func TestAccKeycloakSamlIdentityProvider_customProviderId(t *testing.T) { }) } +func TestAccKeycloakSamlIdentityProvider_nameIdPolicyFormatTransient(t *testing.T) { + t.Parallel() + + samlName := acctest.RandomWithPrefix("tf-acc") + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakSamlIdentityProviderDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakSamlIdentityProvider_withNameIdPolicyFormat(samlName, "Transient"), + Check: testAccCheckKeycloakSamlIdentityProviderHasNameIdPolicyFormatValue("keycloak_saml_identity_provider.saml", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"), + }, + }, + }) +} + func TestAccKeycloakSamlIdentityProvider_extraConfig(t *testing.T) { t.Parallel() @@ -240,6 +258,21 @@ func testAccCheckKeycloakSamlIdentityProviderHasCustomConfigValue(resourceName, } } +func testAccCheckKeycloakSamlIdentityProviderHasNameIdPolicyFormatValue(resourceName, nameIdPolicyFormatValue string) resource.TestCheckFunc { + return func(s *terraform.State) error { + fetchedSaml, err := getKeycloakSamlIdentityProviderFromState(s, resourceName) + if err != nil { + return err + } + + if fetchedSaml.Config.NameIDPolicyFormat != nameIdPolicyFormatValue { + return fmt.Errorf("expected saml provider to have config with nameIdPolicyFormat with a value %s, but value was %s", nameIdPolicyFormatValue, fetchedSaml.Config.NameIDPolicyFormat) + } + + return nil + } +} + func testAccCheckKeycloakSamlIdentityProviderDestroy() resource.TestCheckFunc { return func(s *terraform.State) error { for _, rs := range s.RootModule().Resources { @@ -308,6 +341,23 @@ resource "keycloak_saml_identity_provider" "saml" { `, testAccRealm.Realm, saml, providerId) } +func testKeycloakSamlIdentityProvider_withNameIdPolicyFormat(saml, nameIdPolicyFormat string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_saml_identity_provider" "saml" { + realm = data.keycloak_realm.realm.id + alias = "%s" + name_id_policy_format = "%s" + principal_type = "ATTRIBUTE" + entity_id = "https://example.com/entity_id" + single_sign_on_service_url = "https://example.com/auth" +} + `, testAccRealm.Realm, saml, nameIdPolicyFormat) +} + func testKeycloakSamlIdentityProvider_extra_config(alias, configKey, configValue string) string { return fmt.Sprintf(` data "keycloak_realm" "realm" {