From 08d80f852463e097feeca42a53d48514d0ffed37 Mon Sep 17 00:00:00 2001 From: Evangelos Karvounis Date: Wed, 5 Jul 2023 15:44:24 +0300 Subject: [PATCH 1/3] feat: add SignatureSigningMethod and SignatureDigestMethod to AdminSAMLSetting struct --- CHANGELOG.md | 3 +++ admin_setting_saml.go | 2 ++ admin_setting_saml_integration_test.go | 2 ++ 3 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 559fc0fac..2e1e9446c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # UNRELEASED +## Enhancements +* Adds `SignatureSigningMethod` and `SignatureDigestMethod` fields in `AdminSAMLSetting` struct by @karvounis-form3 + # v1.29.0 ## Enhancements diff --git a/admin_setting_saml.go b/admin_setting_saml.go index e35d5e9f4..639ab4f2b 100644 --- a/admin_setting_saml.go +++ b/admin_setting_saml.go @@ -49,6 +49,8 @@ type AdminSAMLSetting struct { AuthnRequestsSigned bool `jsonapi:"attr,authn-requests-signed"` WantAssertionsSigned bool `jsonapi:"attr,want-assertions-signed"` PrivateKey string `jsonapi:"attr,private-key"` + SignatureSigningMethod string `jsonapi:"attr,signature-signing-method"` + SignatureDigestMethod string `jsonapi:"attr,signature-digest-method"` } // Read returns the SAML settings. diff --git a/admin_setting_saml_integration_test.go b/admin_setting_saml_integration_test.go index d998b1f99..29a30f1cf 100644 --- a/admin_setting_saml_integration_test.go +++ b/admin_setting_saml_integration_test.go @@ -37,6 +37,8 @@ func TestAdminSettings_SAML_Read(t *testing.T) { assert.NotNil(t, samlSettings.AuthnRequestsSigned) assert.NotNil(t, samlSettings.WantAssertionsSigned) assert.NotNil(t, samlSettings.PrivateKey) + assert.NotNil(t, samlSettings.SignatureSigningMethod) + assert.NotNil(t, samlSettings.SignatureDigestMethod) } func TestAdminSettings_SAML_Update(t *testing.T) { From f0d010611b8e34bf5f713a2f67e3fa03d411b9b7 Mon Sep 17 00:00:00 2001 From: Evangelos Karvounis Date: Wed, 5 Jul 2023 15:59:46 +0300 Subject: [PATCH 2/3] chore: add PR URL to changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e1e9446c..92b867db1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # UNRELEASED ## Enhancements -* Adds `SignatureSigningMethod` and `SignatureDigestMethod` fields in `AdminSAMLSetting` struct by @karvounis-form3 +* Adds `SignatureSigningMethod` and `SignatureDigestMethod` fields in `AdminSAMLSetting` struct by @karvounis-form3 [#731](https://github.com/hashicorp/go-tfe/pull/731) # v1.29.0 From a9dbadc226abbbde853cd6687c4a176171993ac3 Mon Sep 17 00:00:00 2001 From: Evangelos Karvounis Date: Wed, 5 Jul 2023 18:39:56 +0300 Subject: [PATCH 3/3] feat: add missing options from AdminSAMLSettingsUpdateOptions struct --- CHANGELOG.md | 1 + admin_setting_saml.go | 13 ++++++-- admin_setting_saml_integration_test.go | 42 ++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 92b867db1..e0e38821b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Enhancements * Adds `SignatureSigningMethod` and `SignatureDigestMethod` fields in `AdminSAMLSetting` struct by @karvounis-form3 [#731](https://github.com/hashicorp/go-tfe/pull/731) +* Adds `Certificate`, `PrivateKey`, `TeamManagementEnabled`, `AuthnRequestsSigned`, `WantAssertionsSigned`, `SignatureSigningMethod`, `SignatureDigestMethod` fields in `AdminSAMLSettingsUpdateOptions` struct by @karvounis-form3 [#731](https://github.com/hashicorp/go-tfe/pull/731) # v1.29.0 diff --git a/admin_setting_saml.go b/admin_setting_saml.go index 639ab4f2b..424ac92d7 100644 --- a/admin_setting_saml.go +++ b/admin_setting_saml.go @@ -33,6 +33,9 @@ type AdminSAMLSetting struct { ID string `jsonapi:"primary,saml-settings"` Enabled bool `jsonapi:"attr,enabled"` Debug bool `jsonapi:"attr,debug"` + AuthnRequestsSigned bool `jsonapi:"attr,authn-requests-signed"` + WantAssertionsSigned bool `jsonapi:"attr,want-assertions-signed"` + TeamManagementEnabled bool `jsonapi:"attr,team-management-enabled"` OldIDPCert string `jsonapi:"attr,old-idp-cert"` IDPCert string `jsonapi:"attr,idp-cert"` SLOEndpointURL string `jsonapi:"attr,slo-endpoint-url"` @@ -44,10 +47,7 @@ type AdminSAMLSetting struct { SSOAPITokenSessionTimeout int `jsonapi:"attr,sso-api-token-session-timeout"` ACSConsumerURL string `jsonapi:"attr,acs-consumer-url"` MetadataURL string `jsonapi:"attr,metadata-url"` - TeamManagementEnabled bool `jsonapi:"attr,team-management-enabled"` Certificate string `jsonapi:"attr,certificate"` - AuthnRequestsSigned bool `jsonapi:"attr,authn-requests-signed"` - WantAssertionsSigned bool `jsonapi:"attr,want-assertions-signed"` PrivateKey string `jsonapi:"attr,private-key"` SignatureSigningMethod string `jsonapi:"attr,signature-signing-method"` SignatureDigestMethod string `jsonapi:"attr,signature-digest-method"` @@ -76,6 +76,8 @@ type AdminSAMLSettingsUpdateOptions struct { Enabled *bool `jsonapi:"attr,enabled,omitempty"` Debug *bool `jsonapi:"attr,debug,omitempty"` IDPCert *string `jsonapi:"attr,idp-cert,omitempty"` + Certificate *string `jsonapi:"attr,certificate,omitempty"` + PrivateKey *string `jsonapi:"attr,private-key,omitempty"` SLOEndpointURL *string `jsonapi:"attr,slo-endpoint-url,omitempty"` SSOEndpointURL *string `jsonapi:"attr,sso-endpoint-url,omitempty"` AttrUsername *string `jsonapi:"attr,attr-username,omitempty"` @@ -83,6 +85,11 @@ type AdminSAMLSettingsUpdateOptions struct { AttrSiteAdmin *string `jsonapi:"attr,attr-site-admin,omitempty"` SiteAdminRole *string `jsonapi:"attr,site-admin-role,omitempty"` SSOAPITokenSessionTimeout *int `jsonapi:"attr,sso-api-token-session-timeout,omitempty"` + TeamManagementEnabled *bool `jsonapi:"attr,team-management-enabled,omitempty"` + AuthnRequestsSigned *bool `jsonapi:"attr,authn-requests-signed,omitempty"` + WantAssertionsSigned *bool `jsonapi:"attr,want-assertions-signed,omitempty"` + SignatureSigningMethod *string `jsonapi:"attr,signature-signing-method,omitempty"` + SignatureDigestMethod *string `jsonapi:"attr,signature-digest-method,omitempty"` } // Update updates the SAML settings. diff --git a/admin_setting_saml_integration_test.go b/admin_setting_saml_integration_test.go index 29a30f1cf..bf759a4e4 100644 --- a/admin_setting_saml_integration_test.go +++ b/admin_setting_saml_integration_test.go @@ -60,6 +60,48 @@ func TestAdminSettings_SAML_Update(t *testing.T) { require.NoError(t, err) assert.Equal(t, enabled, samlSettings.Enabled) assert.Equal(t, debug, samlSettings.Debug) + assert.Empty(t, samlSettings.PrivateKey) + + t.Run("with certificate defined", func(t *testing.T) { + cert := "testCert" + pKey := "testPrivateKey" + signatureSigningMethod := "SHA1" + signatureDigestMethod := "SHA1" + samlSettingsUpd, err := client.Admin.Settings.SAML.Update(ctx, AdminSAMLSettingsUpdateOptions{ + Certificate: String(cert), + PrivateKey: String(pKey), + SignatureSigningMethod: String(signatureSigningMethod), + SignatureDigestMethod: String(signatureDigestMethod), + }) + require.NoError(t, err) + assert.Equal(t, cert, samlSettingsUpd.Certificate) + assert.NotNil(t, samlSettingsUpd.PrivateKey) + assert.Equal(t, signatureSigningMethod, samlSettingsUpd.SignatureSigningMethod) + assert.Equal(t, signatureDigestMethod, samlSettingsUpd.SignatureDigestMethod) + }) + + t.Run("with team management enabled", func(t *testing.T) { + samlSettingsUpd, err := client.Admin.Settings.SAML.Update(ctx, AdminSAMLSettingsUpdateOptions{ + Enabled: Bool(true), + TeamManagementEnabled: Bool(true), + }) + require.NoError(t, err) + assert.True(t, samlSettingsUpd.TeamManagementEnabled) + }) + + t.Run("with invalid signature digest method", func(t *testing.T) { + _, err := client.Admin.Settings.SAML.Update(ctx, AdminSAMLSettingsUpdateOptions{ + SignatureDigestMethod: String("SHA1234"), + }) + require.Error(t, err) + }) + + t.Run("with invalid signature signing method", func(t *testing.T) { + _, err := client.Admin.Settings.SAML.Update(ctx, AdminSAMLSettingsUpdateOptions{ + SignatureSigningMethod: String("SHA1234"), + }) + require.Error(t, err) + }) } func TestAdminSettings_SAML_RevokeIdpCert(t *testing.T) {