fix pkce_s256_required update. Add tests for pkce_required and pkce_s…

…256_required
authlete · Jun 8, 2023 · bbb6c67 · bbb6c67
1 parent fdeb20d
commit bbb6c67
Show file tree

Hide file tree

Showing 3 changed files with 229 additions and 1 deletion.
diff --git a/internal/provider/client.go b/internal/provider/client.go
@@ -343,7 +343,7 @@ func clientUpdate(ctx context.Context, d *schema.ResourceData, meta interface{})
 		existingClient.SetPkceRequired(d.Get("pkce_required").(bool))
 	}
 	if d.HasChange("pkce_s256_required") {
-		existingClient.SetPkceRequired(d.Get("pkce_s256_required").(bool))
+		existingClient.SetPkceS256Required(d.Get("pkce_s256_required").(bool))
 	}
 	if d.HasChange("id_token_sign_alg") {
 		if NotZeroString(d, "id_token_sign_alg") {

diff --git a/internal/provider/client_test.go b/internal/provider/client_test.go
@@ -446,6 +446,100 @@ func TestClientAllAttributes23(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"client_id", "client_secret"},
 			},
+			{
+				Config: stateUpdatedClientState23,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_id_alias", "terraform_client"),
+					resource.TestCheckResourceAttrSet("authlete_client.client1", "client_id"),
+					resource.TestCheckResourceAttrSet("authlete_client.client1", "client_secret"),
+
+					resource.TestCheckResourceAttr("authlete_client.client1", "developer", "test"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_id_alias", "terraform_client"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_id_alias_enabled", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_type", "CONFIDENTIAL"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "redirect_uris.#", "2"),
+					resource.TestCheckTypeSetElemAttr("authlete_client.client1", "redirect_uris.*", "https://www.authlete.com/cb"),
+					resource.TestCheckTypeSetElemAttr("authlete_client.client1", "redirect_uris.*", "http://localhost:3000/cb"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "response_types.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "grant_types.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "application_type", "WEB"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "contacts.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_name", "Authlete client"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_names.#", "3"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "logo_uri", "https://example.authlete.com/cli/logo.png"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "logo_uris.#", "3"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_uri", "https://example.authlete.com/cli/"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "client_uris.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "policy_uri", "https://example.authlete.com/cli/policy.html"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "policy_uris.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "tos_uri", "https://example.authlete.com/cli/tos.html"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "tos_uris.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "jwks_uri", "https://example.authlete.com/jwks/"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "subject_type", "PUBLIC"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "id_token_sign_alg", "RS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "id_token_encryption_alg", "RSA_OAEP_256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "id_token_encryption_enc", "A128CBC_HS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "user_info_sign_alg", "RS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "user_info_encryption_alg", "RSA_OAEP_256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "user_info_encryption_enc", "A128CBC_HS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_sign_alg", "RS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_encryption_alg", "RSA_OAEP_256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_encryption_enc", "A128CBC_HS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "token_auth_method", "PRIVATE_KEY_JWT"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "token_auth_sign_alg", "ES256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "default_max_age", "123"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "default_acrs.#", "2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "auth_time_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "login_uri", "https://login.example.com"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_uris.#", "1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_uris.0", "https://example.authlete.com/cli/req_obj.json"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "description", "this is the description of the client"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "descriptions.#", "1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "descriptions.0.tag", "fr"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "descriptions.0.value", "c'est la description du client"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "requestable_scopes_enabled", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "requestable_scopes.0", "openid"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "requestable_scopes.1", "profile"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "access_token_duration", "100"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "refresh_token_duration", "300"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "tls_client_auth_subject_dn", "CN=Example, OU=OP, O=Authlete, C=GB"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "tls_client_certificate_bound_access_tokens", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "self_signed_certificate_key_id", "kid1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "software_id", "id1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "software_version", "ver1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_sign_alg", "PS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_encryption_alg", "RSA_OAEP_256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_encryption_enc", "A128CBC_HS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "bc_delivery_mode", "PUSH"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "bc_notification_endpoint", "https://example.authlete.com/ciba_cb"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "bc_request_sign_alg", "PS256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "bc_user_code_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "dynamically_registered", "false"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_details_types.0", "str1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_details_types.1", "str2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "authorization_details_types.2", "str3"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "par_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_object_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "attributes.0.key", "key1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "attributes.1.key", "key2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "attributes.0.value", "val1"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "attributes.1.value", "val2"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "custom_metadata", "{\"k1\":\"val1\"}"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "front_channel_request_object_encryption_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_object_encryption_alg_match_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "request_object_encryption_enc_match_required", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "digest_algorithm", "SHA-256"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "single_access_token_per_subject", "true"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "pkce_required", "false"),
+					resource.TestCheckResourceAttr("authlete_client.client1", "pkce_s256_required", "true"),
+				),
+			},
+			{
+				ResourceName:            "authlete_client.client1",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"client_id", "client_secret"},
+			},
 		},
 	})
 }

diff --git a/internal/provider/constants_test.go b/internal/provider/constants_test.go
@@ -1519,6 +1519,140 @@ resource "authlete_client" "client1" {
     pkce_s256_required = false
 }
 `
+
+const stateUpdatedClientState23 = `
+provider "authlete" {
+}
+
+
+resource "authlete_client" "client1" {
+	developer = "test"
+	client_id_alias = "terraform_client"
+	client_id_alias_enabled = true
+	client_type = "CONFIDENTIAL"
+	redirect_uris = [ "https://www.authlete.com/cb", "http://localhost:3000/cb" ]
+	response_types = [ "CODE", "CODE_ID_TOKEN" ]
+	grant_types = [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ]
+	application_type = "WEB"
+	contacts = [ "[email protected]", "[email protected]" ]
+	client_name = "Authlete client"
+	client_names {
+		tag = "pt_BR"
+		value = "Cliente Portugues"
+	}
+	client_names {
+		tag = "en"
+		value = "Client English"
+	}
+	client_names {
+		tag = "jp"
+		value = "APIクライアント"
+	}
+	logo_uri = "https://example.authlete.com/cli/logo.png"
+	logo_uris {
+		tag = "pt_BR"
+		value = "https://example.authlete.com/cli/logo_pt.png"
+	}
+	logo_uris {
+		tag = "en"
+		value = "https://example.authlete.com/cli/logo_en.png"
+	}
+	logo_uris {
+		tag = "jp"
+		value = "https://example.authlete.com/cli/logo_jp.png"
+	}
+	client_uri = "https://example.authlete.com/cli/"
+	client_uris {
+		tag = "en_GB"
+		value = "https://example.authlete.com/cli/en/GB/"
+	}
+	client_uris {
+		tag = "de_CH"
+		value = "https://example.authlete.com/cli/de/CH/"
+	}
+	policy_uri = "https://example.authlete.com/cli/policy.html"
+	policy_uris {
+		tag = "es"
+		value = "https://example.authlete.com/cli/es/policy.html"
+	}
+	policy_uris {
+		tag = "de_CH"
+		value = "https://example.authlete.com/cli/de/CH/policy.html"
+	}
+	tos_uri = "https://example.authlete.com/cli/tos.html"
+	tos_uris {
+		tag = "es_MX"
+		value = "https://example.authlete.com/cli/es/MX/tos.html"
+	}
+	tos_uris {
+		tag = "fr"
+		value = "https://example.authlete.com/cli/fr/tos.html"
+	}
+	jwks_uri = "https://example.authlete.com/jwks/"
+	subject_type = "PUBLIC"
+	id_token_sign_alg = "RS256"
+	id_token_encryption_alg = "RSA_OAEP_256"
+	id_token_encryption_enc = "A128CBC_HS256"
+	user_info_sign_alg = "RS256"
+	user_info_encryption_alg = "RSA_OAEP_256"
+	user_info_encryption_enc = "A128CBC_HS256"
+	request_sign_alg = "RS256"
+	request_encryption_alg = "RSA_OAEP_256"
+	request_encryption_enc = "A128CBC_HS256"
+	token_auth_method = "PRIVATE_KEY_JWT"
+	token_auth_sign_alg = "ES256"
+	default_max_age = 123
+	default_acrs = ["loa2", "loa3" ]
+	auth_time_required = true
+	login_uri = "https://login.example.com"
+	request_uris = ["https://example.authlete.com/cli/req_obj.json"]
+	description = "this is the description of the client"
+	
+	descriptions {
+		tag = "fr"
+		value = "c'est la description du client"
+	}
+	requestable_scopes_enabled = true
+	
+	requestable_scopes = ["openid", "profile"]
+	access_token_duration = 100
+	refresh_token_duration = 300
+	tls_client_auth_subject_dn = "CN=Example, OU=OP, O=Authlete, C=GB"
+	tls_client_certificate_bound_access_tokens = true
+	self_signed_certificate_key_id = "kid1"
+	software_id = "id1"
+	software_version = "ver1"
+	authorization_sign_alg = "PS256"
+	authorization_encryption_alg = "RSA_OAEP_256"
+	authorization_encryption_enc = "A128CBC_HS256"
+	bc_delivery_mode = "PUSH"
+	bc_notification_endpoint = "https://example.authlete.com/ciba_cb"
+	bc_request_sign_alg = "PS256"
+	bc_user_code_required = true
+	dynamically_registered = false
+	authorization_details_types = ["str1", "str2", "str3"]
+	par_required = true
+	request_object_required = true
+	attributes {
+		key = "key1"
+		value = "val1"
+	}
+	attributes {
+		key = "key2"
+		value = "val2"
+	}
+	custom_metadata = "{\"k1\":\"val1\"}"
+	
+	front_channel_request_object_encryption_required = true
+	request_object_encryption_alg_match_required = true
+	request_object_encryption_enc_match_required = true
+	digest_algorithm = "SHA-256"
+	single_access_token_per_subject = true
+    pkce_required = false
+    pkce_s256_required = true
+}
+`
+
 const clientSecretSupportClientTests = `
 provider "authlete" {
 }