diff --git a/Makefile b/Makefile index 63e8829..45823f9 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ test: -p 80:80/tcp \ -p 443:443/tcp \ -p 27017:27017/tcp \ - ghcr.io/jippi/docker-pritunl:1.30.3236.80 + ghcr.io/jippi/docker-pritunl:1.32.3602.80 sleep 20 @@ -26,4 +26,4 @@ test: PRITUNL_SECRET=tfacctest_secret \ go test -v -cover -count 1 ./internal/provider - @docker rm tf_pritunl_acc_test -f \ No newline at end of file + @docker rm tf_pritunl_acc_test -f diff --git a/docs/resources/server.md b/docs/resources/server.md index c39b9af..b8d1ca1 100644 --- a/docs/resources/server.md +++ b/docs/resources/server.md @@ -44,6 +44,7 @@ description: |- - **network_start** (String) Starting network address for the bridged VPN client IP addresses. Must be in the subnet of the server network. - **network_wg** (String) Network address for the private network that will be created for clients. This network cannot conflict with any existing local networks - **organization_ids** (List of String) The list of attached organizations to the server. +- **sso_auth** (Boolean) Require client to authenticate with single sign-on provider on each connection using web browser. Requires client to have access to Pritunl web server port and running updated Pritunl Client. Single sign-on provider must already be configured for this feature to work properly. - **otp_auth** (Boolean) Enables two-step authentication using Google Authenticator. Verification code is entered as the user password when connecting - **ping_interval** (Number) Interval to ping client - **ping_timeout** (Number) Timeout for client ping. Must be greater then ping interval diff --git a/internal/pritunl/client.go b/internal/pritunl/client.go index 218e8ba..3e0d70b 100644 --- a/internal/pritunl/client.go +++ b/internal/pritunl/client.go @@ -291,6 +291,10 @@ func (c client) CreateServer(serverData map[string]interface{}) (*Server, error) isWgEnabled := serverStruct.NetworkWG != "" && serverStruct.PortWG > 0 serverStruct.WG = isWgEnabled + if v, ok := serverData["sso_auth"]; ok { + serverStruct.SsoAuth = v.(bool) + } + if v, ok := serverData["otp_auth"]; ok { serverStruct.OtpAuth = v.(bool) } diff --git a/internal/pritunl/server.go b/internal/pritunl/server.go index c467043..6dba450 100644 --- a/internal/pritunl/server.go +++ b/internal/pritunl/server.go @@ -50,6 +50,7 @@ type Server struct { VxLan bool `json:"vxlan,omitempty"` DnsMapping bool `json:"dns_mapping,omitempty"` PreConnectMsg string `json:"pre_connect_msg,omitempty"` + SsoAuth bool `json:"sso_auth,omitempty"` OtpAuth bool `json:"otp_auth,omitempty"` MssFix int `json:"mss_fix,omitempty"` LzoCompression bool `json:"lzo_compression,omitempty"` diff --git a/internal/provider/resource_server.go b/internal/provider/resource_server.go index e7315d4..1bf62b6 100644 --- a/internal/provider/resource_server.go +++ b/internal/provider/resource_server.go @@ -176,6 +176,12 @@ func resourceServer() *schema.Resource { Optional: true, Description: "Enter list of DNS servers applied on the client", }, + "sso_auth": { + Type: schema.TypeBool, + Required: false, + Optional: true, + Description: "Require client to authenticate with single sign-on provider on each connection using web browser. Requires client to have access to Pritunl web server port and running updated Pritunl Client. Single sign-on provider must already be configured for this feature to work properly", + }, "otp_auth": { Type: schema.TypeBool, Required: false, @@ -503,6 +509,7 @@ func resourceReadServer(ctx context.Context, d *schema.ResourceData, meta interf d.Set("dns_servers", server.DnsServers) d.Set("network_wg", server.NetworkWG) d.Set("port_wg", server.PortWG) + d.Set("sso_auth", server.SsoAuth) d.Set("otp_auth", server.OtpAuth) d.Set("ipv6", server.IPv6) d.Set("dh_param_bits", server.DhParamBits) @@ -623,6 +630,7 @@ func resourceCreateServer(ctx context.Context, d *schema.ResourceData, meta inte "dns_servers": d.Get("dns_servers"), "network_wg": d.Get("network_wg"), "port_wg": d.Get("port_wg"), + "sso_auth": d.Get("sso_auth"), "otp_auth": d.Get("otp_auth"), "ipv6": d.Get("ipv6"), "dh_param_bits": d.Get("dh_param_bits"), @@ -774,6 +782,10 @@ func resourceUpdateServer(ctx context.Context, d *schema.ResourceData, meta inte isWgEnabled := server.NetworkWG != "" && server.PortWG > 0 server.WG = isWgEnabled + if d.HasChange("sso_auth") { + server.SsoAuth = d.Get("sso_auth").(bool) + } + if d.HasChange("otp_auth") { server.OtpAuth = d.Get("otp_auth").(bool) } diff --git a/internal/provider/resource_server_test.go b/internal/provider/resource_server_test.go index 23c6e13..c42696c 100644 --- a/internal/provider/resource_server_test.go +++ b/internal/provider/resource_server_test.go @@ -53,6 +53,57 @@ func TestGetServer_basic(t *testing.T) { }) } +func TestGetServer_with_sso_auth(t *testing.T) { + var serverId string + + resource.Test(t, resource.TestCase{ + PreCheck: func() { preCheck(t) }, + ProviderFactories: providerFactories, + CheckDestroy: testGetServerDestroy, + Steps: []resource.TestStep{ + { + Config: testGetServerWithActiveSsoAuth("tfacc-server1"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("pritunl_server.test", "name", "tfacc-server1"), + resource.TestCheckResourceAttr("pritunl_server.test", "sso_auth", "true"), + + // extract serverId for future use + func(s *terraform.State) error { + serverId = s.RootModule().Resources["pritunl_server.test"].Primary.Attributes["id"] + return nil + }, + ), + }, + importStep("pritunl_server.test"), + { + Config: testGetServerSimpleConfig("tfacc-server2"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("pritunl_server.test", "name", "tfacc-server2"), + resource.TestCheckResourceAttr("pritunl_server.test", "sso_auth", "false"), + ), + }, + importStep("pritunl_server.test"), + { + Config: testGetServerWithDeactiveSsoAuth("tfacc-server3"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("pritunl_server.test", "name", "tfacc-server3"), + resource.TestCheckResourceAttr("pritunl_server.test", "sso_auth", "false"), + ), + }, + importStep("pritunl_server.test"), + // test importing + { + ResourceName: "pritunl_server.test", + ImportStateIdFunc: func(*terraform.State) (string, error) { + return serverId, nil + }, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestGetServer_with_attached_organization(t *testing.T) { var serverId string @@ -428,6 +479,24 @@ resource "pritunl_server" "test" { `, name) } +func testGetServerWithActiveSsoAuth(name string) string { + return fmt.Sprintf(` +resource "pritunl_server" "test" { + name = "%[1]s" + sso_auth = true +} +`, name) +} + +func testGetServerWithDeactiveSsoAuth(name string) string { + return fmt.Sprintf(` +resource "pritunl_server" "test" { + name = "%[1]s" + sso_auth = false +} +`, name) +} + func testGetServerSimpleConfigWithAttachedOrganization(name, organizationName string) string { return fmt.Sprintf(` resource "pritunl_organization" "test" { @@ -468,7 +537,7 @@ func testGetServerSimpleConfigWithAttachedRoute(name, route string) string { return fmt.Sprintf(` resource "pritunl_server" "test" { name = "%[1]s" - + route { network = "%[2]s" comment = "tfacc-route" @@ -482,7 +551,7 @@ func testGetServerSimpleConfigWithAFewAttachedRoutes(name, route1, route2, route return fmt.Sprintf(` resource "pritunl_server" "test" { name = "%[1]s" - + route { network = "%[2]s" comment = "tfacc-route" @@ -497,7 +566,7 @@ resource "pritunl_server" "test" { network = "%[4]s" comment = "tfacc-route" net_gateway = true - } + } } `, name, route1, route2, route3) }