Terraform-provider-forgerock

terraform-provider-forgerock introduces Forgerock OAuth2 client creation functionality to terraform.

Table of Contents

• Principles
• Local run
• Build project
• Provider configuration
• Resource configuration
  • Public client (Front to Back)
  • Private client (Back to Back)
  • Resource complet field list
• Example
• Run tests
• Contribution

Principles

Terraform-provider-forgerock is a terraform provider that allows you to create Forgerock OAuth2 clients through ForgeRock APIs.

Local run

To start the provider in debug mode, you can use Visual Studio Code:

• Navigate to the /example directory.
• Create a terraform.tfvars file (do not track in Git) and fill it out.
• Press F5.
• Execute the command provided in the console after the provider starts.

Build project

To build your project run these commands:

go mod tidy
go build

Provider configuration

To configure the provider you need to add the following code to your terraform file:

terraform {
  required_providers {
    forgerock = {
        source = "michelin/forgerock"
    }
  }
}

provider "forgerock" {
  username      = var.username
  password      = var.password
  forgerock_api = var.forgerock_api
  realm_path    = var.realm_path
  mail_sender = {
    send_client_secret_mail = true
    smtp_server             = "smtp.example.com"
    smtp_port               = 587
    sender_email            = "[email protected]"
    sender_username         = "username"
    sender_password         = "password"
  }
}

Resource configuration

We provide a set of default configurations for several types of clients:

• Public client (authentication code flow)
• Private client (client secret)

Public client (code flow)

resource "forgerock_oauth2Client" "myPublicClient" {

  name = "my_public_client"
  admin_mail = "[email protected]"

  advanced_oauth2_client_config = {
    token_endpoint_auth_method = "none"
    grant_types                = ["authorization_code", "refresh_token"]
    is_consent_implied = true
  }

  core_open_id_client_config = {
    post_logout_redirect_uri = ["http://localhost:4200"]
  }

  core_oauth2_client_config = {
    status = "Active"
    scopes = ["profile", "email", "openid"]
    redirection_uris = ["http://localhost:4200", "https://anotherurl.com"]
    client_type = "Public"
  }
}

Private client (client secret)

resource "forgerock_oauth2Client" "myPrivateClient" {

  name = "my_private_client"
  admin_mail = "[email protected]"
  user_password_version = 0

  advanced_oauth2_client_config = {
    token_endpoint_auth_method = "none"
    grant_types = ["client_credentials"]
    is_consent_implied = true
  }

  core_open_id_client_config = {
    post_logout_redirect_uri = [""]
  }

  core_oauth2_client_config = {
    status = "Active"
    scopes = ["profile", "email", "openid"]
    redirection_uris = [""]
    client_type = "Confidential"
  }
}

Example

You can find a complete example here

Run tests

We provide some unit tests and integration tests. From the root directory, you can :

• Run all of them:

go test -v ./...       

• Run only the unit tests:

go test -v -tags=unit_tests ./...       

• Run only the integration tests:

go test -v -tags=integration_tests ./...       

Resource complete field list

If you want to customize the default configuration given above you can refer to the following documentation