Add an advanced example

examples/e2e/README.md

@@ -0,0 +1,64 @@
+# End-to-end Configuration Example
+
+This example demonstrates how to manage configurations across different environments (development and production) using Cloudentity Configuration as Code (CAC).
+
+## Directory Structure
+
+```
+e2e/
+├── dev/
+│   └── .env      # Development environment variables
+├── prod/
+│   └── .env      # Production environment variables 
+├── config.yaml   # Main configuration file with profiles
+├── data/         # Production configuration files
+│   └── workspaces/
+│       └── customer-apps/
+└── data-dev/     # Development configuration files
+    └── workspaces/
+        └── customer-apps/
+```
+
+## Usage
+
+### Pull Configurations
+
+To pull configuration from development environment:
+
+```bash
+export $(xargs < dev/.env) && cac pull --config config.yaml --workspace customer-apps --profile dev
+```
+
+To pull configuration from production environment:
+
+```bash
+export $(xargs < prod/.env) && cac pull --config config.yaml --workspace customer-apps
+```
+
+### Compare Environments
+
+To compare development and production configurations:
+
+```bash
+export $(xargs < prod/.env) && cac diff --config config.yaml --source dev --target prod --workspace customer-apps
+```
+
+### Promote Changes
+
+To promote changes from development to production:
+
+1. Review the differences:
+```bash
+export $(xargs < prod/.env) && cac diff --config config.yaml --source dev --target prod --workspace customer-apps
+```
+
+2. Push the changes to production:
+```bash
+export $(xargs < prod/.env) && cac push --config config.yaml --workspace customer-apps --method patch
+```
+
+## Configuration File Structure
+
+The `config.yaml` file contains profiles for both development and production environments. The default profile is used for production, while the `dev` profile is used for development environment.
+
+Check the main [README.md](../../README.md) for more details about configuration options and available

examples/e2e/base/workspaces/customer-apps/clients/OAuth2_Demo_Portal.yaml

@@ -0,0 +1,86 @@
+id: customer-apps-demo
+application_type: web
+application_types:
+- server_web
+audience:
+- customer-apps-demo
+authorization_details_types: []
+authorization_signed_response_alg: RS256
+backchannel_logout_session_required: false
+backchannel_user_code_parameter: false
+client_id_issued_at: 1758231235
+client_name: OAuth2 Demo Portal
+client_secret_expires_at: 0
+client_status: active
+client_type: oauth2
+default_acr_values: []
+dpop_bound_access_tokens: false
+dynamically_registered: false
+fdx:
+  contacts: []
+  duration_period: 0
+  duration_type: []
+  intermediaries: []
+  lookback_period: 0
+  registry_references: []
+grant_types:
+- authorization_code
+hashed_rotated_secrets: []
+id_token_signed_response_alg: RS256
+introspection_endpoint_auth_method: client_secret_basic
+jwks:
+  keys: []
+obbr:
+  webhook_uris: []
+post_logout_redirect_uris: []
+redirect_uris:
+- https://{{ env "TENANT_ID" }}.eu.authz.cloudentity.io/{{ env "TENANT_ID" }}/customer-apps/demo
+registration_token:
+  expires_in: 0
+request_object_signing_alg: any
+request_uris: []
+require_pushed_authorization_requests: false
+response_types:
+- id_token
+- code
+- token
+revocation_endpoint_auth_method: client_secret_basic
+rotated_secrets: []
+saml_allowed_attributes: []
+saml_metadata:
+  AdditionalMetadataLocations: []
+  AttributeAuthorityDescriptors: []
+  AuthnAuthorityDescriptors: []
+  CacheDuration: 0
+  IDPSSODescriptors: []
+  PDPDescriptors: []
+  RoleDescriptors: []
+  SPSSODescriptors: []
+  ValidUntil: 0001-01-01T00:00:00.000Z
+saml_override_attributes: false
+saml_signing_hash: sha-256
+scopes:
+- email
+- introspect_tokens
+- list_clients_with_access
+- manage_consents
+- offline_access
+- openid
+- profile
+- revoke_client_access
+- revoke_tokens
+- view_consents
+subject_type: public
+system: false
+tls_client_certificate_bound_access_tokens: false
+token_endpoint_auth_method: client_secret_basic
+token_exchange:
+  actor_claims: []
+token_ttls:
+  access_token_ttl: 1h0m0s
+  authorization_code_ttl: 10m0s
+  id_token_ttl: 1h0m0s
+  refresh_token_ttl: 168h0m0s
+trusted: false
+use_custom_token_ttls: false
+userinfo_signed_response_alg: none

examples/e2e/base/workspaces/customer-apps/clients/SAML_Demo_Portal.yaml

@@ -0,0 +1,109 @@
+id: customer-apps-saml-demo
+application_type: web
+application_types:
+- server_web
+audience:
+- customer-apps-saml-demo
+authorization_details_types: []
+authorization_signed_response_alg: RS256
+backchannel_logout_session_required: false
+backchannel_user_code_parameter: false
+client_name: SAML Demo Portal
+client_secret_expires_at: 0
+client_status: active
+client_type: saml
+default_acr_values: []
+dpop_bound_access_tokens: false
+dynamically_registered: false
+fdx:
+  contacts: []
+  duration_period: 0
+  duration_type: []
+  intermediaries: []
+  lookback_period: 0
+  registry_references: []
+grant_types:
+- authorization_code
+hashed_rotated_secrets: []
+id_token_signed_response_alg: RS256
+introspection_endpoint_auth_method: client_secret_basic
+jwks:
+  keys: []
+obbr:
+  webhook_uris: []
+post_logout_redirect_uris: []
+registration_token:
+  expires_in: 0
+request_object_signing_alg: any
+request_uris: []
+require_pushed_authorization_requests: false
+revocation_endpoint_auth_method: client_secret_basic
+rotated_secrets: []
+saml_allowed_attributes: []
+saml_metadata:
+  AdditionalMetadataLocations: []
+  AttributeAuthorityDescriptors: []
+  AuthnAuthorityDescriptors: []
+  CacheDuration: 0
+  EntityID: https://postmance-dev.eu.authz.cloudentity.io/postmance-dev/customer-apps/saml/demo
+  IDPSSODescriptors: []
+  PDPDescriptors: []
+  RoleDescriptors: []
+  SPSSODescriptors:
+  - ArtifactResolutionServices: []
+    AssertionConsumerServices:
+    - Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+      Index: 1
+      IsDefault: false
+      Location: https://postmance-dev.eu.authz.cloudentity.io/postmance-dev/customer-apps/saml/demo
+    - Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
+      Index: 2
+      IsDefault: false
+      Location: https://postmance-dev.eu.authz.cloudentity.io/postmance-dev/customer-apps/saml/demo
+    AttributeConsumingServices: []
+    AuthnRequestsSigned: true
+    CacheDuration: 0
+    ContactPeople: []
+    KeyDescriptors:
+    - EncryptionMethods:
+      - Algorithm: "http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+      - Algorithm: "http://www.w3.org/2001/04/xmlenc#aes192-cbc"
+      - Algorithm: "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
+      - Algorithm: "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+      KeyInfo:
+        X509Data:
+          X509Certificates:
+          - Data: MIIC6jCCAdKgAwIBAgIGAZVrYwqeMA0GCSqGSIb3DQEBCwUAMDYxNDAyBgNVBAMMK09TUkJ1LVJmSVUzZTVaTzZ0TndBSTRLRGRqSG1aSXpIaXY1eDhLaF8yUWMwHhcNMjUwMzA2MTIxNjQ3WhcNMjUxMjMxMTIxNjQ3WjA2MTQwMgYDVQQDDCtPU1JCdS1SZklVM2U1Wk82dE53QUk0S0RkakhtWkl6SGl2NXg4S2hfMlFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFCEjSeg3LDKrI/xWD13jpptxjeaiL1FMc2Xso+2jJa0dJrlN7eErSDpIcGF40BopSJcmb5va6BgjzzFoA7NA9uGfNLnkLAx8Qs81aERhxDuufy8iNqq0B2uqIhN9XCESQLyYNfoe7N26OXLgOgeBUlJOnUo+H27JdIn6TrVlp+tyBQBj5D2MDAzlgVoI3qCTWrTQKGwMGxzkQ0Oeq52WiHu2ONMbN1N7MM7UT1yXDp4DQcll5OrwTLDC/lF8Ow5td9Kf+FfiDHh/iZFlrm4XZ5tr15fcL82ld9Bh3Z5D0Y/6KEmyOJXo3DGYh3v3Hz+I3SrBcdI86hPrF0dxHc0WQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAU8k/l1M7UkLCstV4jHiMzhz4FKRrzBxlkFzfp5EQm9McMW0K9I43XEEh6fdbM37iug2LBp/80KeHJrI0cApflhnXQ6GqkXeyqb0wD9mqU1Mjhw3xWYfxAaeg2MmwpaXX8+bDCHXUDgBdPQDzOlEAS1iqQ4vLX+b8sh6RFXSGlKm/jF13zpKB1krIdoTNAfk+JOrsjpHJ/o8aAk4FiwnPGfrE7QLoHZ8zrUK0HuufEIIUMSsmLb3XAksuvzxKEXdYflsFoa0eV8MiWVcRCImYidzx1ih65ZnGE5WmWUCPJairScnM49K9sAaMvEBmyLYp6xeS3OcCQ5jF50EZTn2WR
+      Use: encryption
+    - EncryptionMethods: []
+      KeyInfo:
+        X509Data:
+          X509Certificates:
+          - Data: MIIC6jCCAdKgAwIBAgIGAZVrYwqeMA0GCSqGSIb3DQEBCwUAMDYxNDAyBgNVBAMMK09TUkJ1LVJmSVUzZTVaTzZ0TndBSTRLRGRqSG1aSXpIaXY1eDhLaF8yUWMwHhcNMjUwMzA2MTIxNjQ3WhcNMjUxMjMxMTIxNjQ3WjA2MTQwMgYDVQQDDCtPU1JCdS1SZklVM2U1Wk82dE53QUk0S0RkakhtWkl6SGl2NXg4S2hfMlFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFCEjSeg3LDKrI/xWD13jpptxjeaiL1FMc2Xso+2jJa0dJrlN7eErSDpIcGF40BopSJcmb5va6BgjzzFoA7NA9uGfNLnkLAx8Qs81aERhxDuufy8iNqq0B2uqIhN9XCESQLyYNfoe7N26OXLgOgeBUlJOnUo+H27JdIn6TrVlp+tyBQBj5D2MDAzlgVoI3qCTWrTQKGwMGxzkQ0Oeq52WiHu2ONMbN1N7MM7UT1yXDp4DQcll5OrwTLDC/lF8Ow5td9Kf+FfiDHh/iZFlrm4XZ5tr15fcL82ld9Bh3Z5D0Y/6KEmyOJXo3DGYh3v3Hz+I3SrBcdI86hPrF0dxHc0WQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAU8k/l1M7UkLCstV4jHiMzhz4FKRrzBxlkFzfp5EQm9McMW0K9I43XEEh6fdbM37iug2LBp/80KeHJrI0cApflhnXQ6GqkXeyqb0wD9mqU1Mjhw3xWYfxAaeg2MmwpaXX8+bDCHXUDgBdPQDzOlEAS1iqQ4vLX+b8sh6RFXSGlKm/jF13zpKB1krIdoTNAfk+JOrsjpHJ/o8aAk4FiwnPGfrE7QLoHZ8zrUK0HuufEIIUMSsmLb3XAksuvzxKEXdYflsFoa0eV8MiWVcRCImYidzx1ih65ZnGE5WmWUCPJairScnM49K9sAaMvEBmyLYp6xeS3OcCQ5jF50EZTn2WR
+      Use: signing
+    ManageNameIDServices: []
+    NameIDFormats:
+    - ""
+    ProtocolSupportEnumeration: urn:oasis:names:tc:SAML:2.0:protocol
+    SingleLogoutServices: []
+    ValidUntil: 2025-09-20T21:33:55.647Z
+    WantAssertionsSigned: true
+  ValidUntil: 2025-09-20T21:33:55.647Z
+saml_override_attributes: false
+saml_service_provider_id: https://postmance-dev.eu.authz.cloudentity.io/postmance-dev/customer-apps/saml/demo
+saml_signing_hash: sha-256
+scopes: []
+subject_type: public
+system: false
+tls_client_certificate_bound_access_tokens: false
+token_endpoint_auth_method: client_secret_basic
+token_exchange:
+  actor_claims: []
+token_ttls:
+  access_token_ttl: 1h0m0s
+  authorization_code_ttl: 10m0s
+  id_token_ttl: 1h0m0s
+  refresh_token_ttl: 168h0m0s
+trusted: false
+use_custom_token_ttls: false
+userinfo_signed_response_alg: none

examples/e2e/base/workspaces/customer-apps/clients/User_Portal.yaml

@@ -0,0 +1,96 @@
+id: customer-apps
+application_type: web
+application_types:
+- single_page
+- mobile_desktop
+audience:
+- customer-apps
+authorization_details_types: []
+authorization_signed_response_alg: RS256
+backchannel_logout_session_required: false
+backchannel_user_code_parameter: false
+client_name: User Portal
+client_secret_expires_at: 0
+client_status: active
+client_type: oauth2
+default_acr_values: []
+dpop_bound_access_tokens: false
+dynamically_registered: false
+fdx:
+  contacts: []
+  duration_period: 0
+  duration_type: []
+  intermediaries: []
+  lookback_period: 0
+  registry_references: []
+grant_types:
+- authorization_code
+hashed_rotated_secrets: []
+id_token_signed_response_alg: RS256
+introspection_endpoint_auth_method: none
+jwks:
+  keys: []
+obbr:
+  webhook_uris: []
+post_logout_redirect_uris: []
+redirect_uris:
+- https://{{ env "TENANT_ID" }}.eu.authz.cloudentity.io/{{ env "TENANT_ID" }}/customer-apps/app/callback
+- https://{{ env "TENANT_ID" }}.eu.authz.cloudentity.io/{{ env "TENANT_ID" }}/customer-apps/app/silent
+registration_token:
+  expires_in: 0
+request_object_signing_alg: any
+request_uris: []
+require_pushed_authorization_requests: false
+response_types:
+- token
+- id_token
+- code
+- code id_token
+- token id_token
+- token code
+- token id_token code
+revocation_endpoint_auth_method: none
+rotated_secrets: []
+saml_allowed_attributes: []
+saml_metadata:
+  AdditionalMetadataLocations: []
+  AttributeAuthorityDescriptors: []
+  AuthnAuthorityDescriptors: []
+  CacheDuration: 0
+  IDPSSODescriptors: []
+  PDPDescriptors: []
+  RoleDescriptors: []
+  SPSSODescriptors: []
+  ValidUntil: 0001-01-01T00:00:00.000Z
+saml_override_attributes: false
+saml_signing_hash: sha-256
+scopes:
+- email
+- introspect_tokens
+- list_clients_with_access
+- manage_consents
+- manage_sessions
+- manage_ss_profile
+- manage_tokens
+- offline_access
+- openid
+- profile
+- revoke_client_access
+- revoke_tokens
+- view_consents
+- view_sessions
+- view_ss_profile
+subject_type: public
+system: true
+tls_client_certificate_bound_access_tokens: false
+token_endpoint_auth_method: none
+token_exchange:
+  actor_claims: []
+token_ttls:
+  access_token_ttl: 1h0m0s
+  authorization_code_ttl: 10m0s
+  id_token_ttl: 1h0m0s
+  refresh_token_ttl: 168h0m0s
+trusted: true
+use_custom_token_ttls: false
+userinfo_signed_response_alg: none