feat(terraform-provider): add agama and config data sources (#12855)

* fix: update terraform

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: add agama check

1. Agama Syntax Check Data Source (jans_agama_syntax_check)
Validates Agama DSL code syntax before deployment
Uses the /api/v1/agama/syntax-check/{qname} endpoint
Returns valid (boolean) and message (string) for syntax validation results
2. Database Configuration Data Source (jans_database_configuration)
Retrieves database schema for non-LDAP backends (PostgreSQL, etc.)
Uses the /api/v1/config/database endpoint
Returns structured table/field information with deterministic ordering
Also provides raw JSON for advanced processing

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: address comments

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

---------

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

Author: moabu

terraform-provider-jans/docs/data-sources/agama_repository.md

@@ -0,0 +1,41 @@
+---
+page_title: "jans_agama_repository Data Source - terraform-provider-jans"
+subcategory: ""
+description: |-
+  Data source for retrieving Agama flow repositories from Janssen server
+---
+
+# jans_agama_repository (Data Source)
+
+Data source for retrieving Agama flow repositories from the Janssen server.
+Agama is a domain-specific language for building authentication flows.
+
+## Example Usage
+
+```terraform
+data "jans_agama_repository" "all" {
+}
+
+output "agama_repos" {
+  value = data.jans_agama_repository.all.repositories
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `repositories` (List of Object) List of Agama repositories (see [below for nested schema](#nestedatt--repositories))
+
+<a id="nestedatt--repositories"></a>
+
+### Nested Schema for `repositories`
+
+Read-Only:
+
+- `description` (String) Description of the repository
+- `metadata` (String) Repository metadata as JSON string
+- `name` (String) Repository name
+- `url` (String) Repository URL

terraform-provider-jans/docs/data-sources/agama_syntax_check.md

@@ -0,0 +1,52 @@
+---
+page_title: "jans_agama_syntax_check Data Source - terraform-provider-jans"
+subcategory: ""
+description: |-
+  Data source for validating Agama flow code syntax
+---
+
+# jans_agama_syntax_check (Data Source)
+
+Data source for validating Agama DSL code syntax. This allows you to check if
+Agama flow code is syntactically correct before deploying it.
+
+Agama is a domain-specific language (DSL) for building authentication flows
+in the Janssen identity platform.
+
+## Example Usage
+
+```terraform
+data "jans_agama_syntax_check" "my_flow" {
+  flow_name = "my.authentication.Flow"
+  code      = <<-EOT
+    Flow my.authentication.Flow
+      Basepath ""
+      
+    in = { name: "" }
+    
+    Finish in.name
+  EOT
+}
+
+output "is_valid" {
+  value = data.jans_agama_syntax_check.my_flow.valid
+}
+
+output "validation_message" {
+  value = data.jans_agama_syntax_check.my_flow.message
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `code` (String) The Agama DSL code to validate
+- `flow_name` (String) The name of the Agama flow to check
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `message` (String) Syntax check result message. Empty or 'Syntax is OK' for valid code
+- `valid` (Boolean) Whether the Agama code syntax is valid

terraform-provider-jans/docs/data-sources/database_configuration.md

@@ -0,0 +1,54 @@
+---
+page_title: "jans_database_configuration Data Source - terraform-provider-jans"
+subcategory: ""
+description: |-
+  Data source for retrieving database schema configuration
+---
+
+# jans_database_configuration (Data Source)
+
+Data source for retrieving the database schema configuration from the Janssen server.
+This provides information about all database tables and their field definitions,
+useful for understanding the data model of non-LDAP database backends.
+
+## Example Usage
+
+```terraform
+data "jans_database_configuration" "all" {
+}
+
+output "table_count" {
+  value = length(data.jans_database_configuration.all.tables)
+}
+
+output "schema_json" {
+  value = data.jans_database_configuration.all.schema_json
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `schema_json` (String) Full database schema as JSON string for advanced processing
+- `tables` (List of Object) List of database tables and their schema (see [below for nested schema](#nestedatt--tables))
+
+<a id="nestedatt--tables"></a>
+### Nested Schema for `tables`
+
+Read-Only:
+
+- `fields` (List of Object) List of fields in the table (see [below for nested schema](#nestedatt--tables--fields))
+- `name` (String) Table name
+
+<a id="nestedatt--tables--fields"></a>
+### Nested Schema for `tables.fields`
+
+Read-Only:
+
+- `def_name` (String) Default/definition name of the field
+- `multi_valued` (Boolean) Whether the field supports multiple values
+- `name` (String) Field name in the database
+- `type` (String) Field data type (varchar, timestamp, jsonb, etc.)

terraform-provider-jans/docs/data-sources/feature_flags.md

@@ -0,0 +1,30 @@
+---
+page_title: "jans_feature_flags Data Source - terraform-provider-jans"
+subcategory: ""
+description: |-
+  Data source for retrieving feature flags configured for Janssen authorization server
+---
+
+# jans_feature_flags (Data Source)
+
+Data source for retrieving feature flags configured for Janssen authorization server.
+Feature flags control which features are enabled or disabled in the auth server.
+
+## Example Usage
+
+```terraform
+data "jans_feature_flags" "all" {
+}
+
+output "enabled_features" {
+  value = data.jans_feature_flags.all.flags
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `flags` (List of String) List of feature flags enabled on the Janssen authorization server
+- `id` (String) The ID of this resource.

terraform-provider-jans/docs/data-sources/service_status.md

@@ -0,0 +1,38 @@
+---
+page_title: "jans_service_status Data Source - terraform-provider-jans"
+subcategory: ""
+description: |-
+  Data source for retrieving service status from Janssen server
+---
+
+# jans_service_status (Data Source)
+
+Data source for retrieving detailed service status information from the Janssen server.
+This provides granular health information about individual services.
+
+## Example Usage
+
+```terraform
+data "jans_service_status" "all" {
+}
+
+output "service_status" {
+  value = data.jans_service_status.all.status
+}
+
+data "jans_service_status" "auth" {
+  service = "jans-auth"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `service` (String) Service name to check status. Use 'all' to get status of all services. Default: "all"
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `status` (Map of String) Map of service names to their status (Running, Down, Not present)

terraform-provider-jans/jans/agama_repository.go

@@ -0,0 +1,30 @@
+package jans
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+type AgamaRepository struct {
+	Name        string          `json:"name,omitempty"`
+	Description string          `json:"description,omitempty"`
+	URL         string          `json:"url,omitempty"`
+	Metadata    json.RawMessage `json:"metadata,omitempty"`
+}
+
+func (c *Client) GetAgamaRepositories(ctx context.Context) ([]AgamaRepository, error) {
+
+	token, err := c.ensureToken(ctx, "https://jans.io/oauth/config/agama-repo.readonly")
+	if err != nil {
+		return nil, fmt.Errorf("failed to get token: %w", err)
+	}
+
+	var repos []AgamaRepository
+
+	if err := c.get(ctx, "/jans-config-api/api/v1/agama-repo", token, "https://jans.io/oauth/config/agama-repo.readonly", &repos); err != nil {
+		return nil, fmt.Errorf("failed to get agama repositories: %w", err)
+	}
+
+	return repos, nil
+}

terraform-provider-jans/jans/agama_syntax_check.go

@@ -0,0 +1,64 @@
+package jans
+
+import (
+        "context"
+        "fmt"
+        "net/url"
+        "strings"
+)
+
+type AgamaSyntaxCheckResult struct {
+        FlowName string `json:"flow_name,omitempty"`
+        Code     string `json:"code,omitempty"`
+        Valid    bool   `json:"valid,omitempty"`
+        Message  string `json:"message,omitempty"`
+}
+
+func (c *Client) CheckAgamaSyntax(ctx context.Context, flowName string, code string) (*AgamaSyntaxCheckResult, error) {
+
+        flowName = strings.TrimSpace(flowName)
+        if flowName == "" {
+                return nil, fmt.Errorf("flowName must be provided")
+        }
+
+        code = strings.TrimSpace(code)
+        if code == "" {
+                return nil, fmt.Errorf("code must be provided")
+        }
+
+        token, err := c.ensureToken(ctx, "https://jans.io/oauth/config/agama.readonly")
+        if err != nil {
+                return nil, fmt.Errorf("failed to get token: %w", err)
+        }
+
+        path := fmt.Sprintf("/jans-config-api/api/v1/agama/syntax-check/%s", url.PathEscape(flowName))
+
+        var message string
+        if err := c.postText(ctx, path, token, code, &message); err != nil {
+                return nil, fmt.Errorf("syntax check request failed: %w", err)
+        }
+
+        result := &AgamaSyntaxCheckResult{
+                FlowName: flowName,
+                Code:     code,
+                Valid:    message == "" || strings.Contains(message, "Syntax is OK"),
+                Message:  message,
+        }
+
+        return result, nil
+}
+
+func (c *Client) postText(ctx context.Context, path, token, req string, resp any) error {
+
+        params := requestParams{
+                method:      "POST",
+                path:        path,
+                contentType: "text/plain",
+                accept:      "application/json",
+                token:       token,
+                payload:     []byte(req),
+                resp:        resp,
+        }
+
+        return c.request(ctx, params)
+}

terraform-provider-jans/jans/app_configuration.go

@@ -128,6 +128,12 @@ type AppConfiguration struct {
         IntrospectionEndpoint                                     string                                `schema:"introspection_endpoint" json:"introspectionEndpoint"`
         ParEndpoint                                               string                                `schema:"par_endpoint" json:"parEndpoint"`
         RequirePar                                                bool                                  `schema:"require_par" json:"requirePar"`
+        ParForbidPublicClient                                     bool                                  `schema:"par_forbid_public_client" json:"parForbidPublicClient"`
+        JwtGrantAllowUserByUidInAssertion                         bool                                  `schema:"jwt_grant_allow_user_by_uid_in_assertion" json:"jwtGrantAllowUserByUidInAssertion"`
+        AllowClientAssertionAudWithoutStrictIssuerMatch           bool                                  `schema:"allow_client_assertion_aud_without_strict_issuer_match" json:"allowClientAssertionAudWithoutStrictIssuerMatch"`
+        SkipSessionAuthnTimeCheckDuringPromptLogin                bool                                  `schema:"skip_session_authn_time_check_during_prompt_login" json:"skipSessionAuthnTimeCheckDuringPromptLogin"`
+        SessionAuthnTimeCheckDuringPromptLoginThresholdMs         int                                   `schema:"session_authn_time_check_during_prompt_login_threshold_ms" json:"sessionAuthnTimeCheckDuringPromptLoginThresholdMs"`
+        UppercaseResponseKeysInAccountAccessConsent               bool                                  `schema:"uppercase_response_keys_in_account_access_consent" json:"uppercaseResponseKeysInAccountAccessConsent"`
         DeviceAuthzEndpoint                                       string                                `schema:"device_authz_endpoint" json:"deviceAuthzEndpoint"`
         MtlsAuthorizationEndpoint                                 string                                `schema:"mtls_authorization_endpoint" json:"mtlsAuthorizationEndpoint"`
         MtlsAuthorizationChallengeEndpoint                        string                                `schema:"mtls_authorization_challenge_endpoint" json:"mtlsAuthorizationChallengeEndpoint"`

terraform-provider-jans/jans/database_configuration.go

@@ -0,0 +1,30 @@
+package jans
+
+import (
+        "context"
+        "fmt"
+)
+
+type DatabaseSchemaField struct {
+        Name        string `json:"name,omitempty"`
+        DefName     string `json:"defName,omitempty"`
+        Type        string `json:"type,omitempty"`
+        MultiValued bool   `json:"multiValued,omitempty"`
+}
+
+type DatabaseSchema map[string]map[string]DatabaseSchemaField
+
+func (c *Client) GetDatabaseSchema(ctx context.Context) (DatabaseSchema, error) {
+
+        token, err := c.ensureToken(ctx, "https://jans.io/oauth/config/database.readonly")
+        if err != nil {
+                return nil, fmt.Errorf("failed to get token: %w", err)
+        }
+
+        var schema DatabaseSchema
+        if err := c.get(ctx, "/jans-config-api/api/v1/config/database", token, "https://jans.io/oauth/config/database.readonly", &schema); err != nil {
+                return nil, fmt.Errorf("failed to get database schema: %w", err)
+        }
+
+        return schema, nil
+}

terraform-provider-jans/jans/feature_flags.go

@@ -0,0 +1,22 @@
+package jans
+
+import (
+	"context"
+	"fmt"
+)
+
+func (c *Client) GetFeatureFlags(ctx context.Context) ([]string, error) {
+
+	token, err := c.ensureToken(ctx, "https://jans.io/oauth/jans-auth-server/config/properties.readonly")
+	if err != nil {
+		return nil, fmt.Errorf("failed to get token: %w", err)
+	}
+
+	var flags []string
+
+	if err := c.get(ctx, "/jans-config-api/api/v1/jans-auth-server/config/feature-flags", token, "https://jans.io/oauth/jans-auth-server/config/properties.readonly", &flags); err != nil {
+		return nil, fmt.Errorf("failed to get feature flags: %w", err)
+	}
+
+	return flags, nil
+}