DXCDT-249: Add client_aliases to client resource (#367)

Add client_aliases to client resource
auth0 · Oct 17, 2022 · 3cefe0b · 3cefe0b
1 parent 297a31b
commit 3cefe0b
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 38 deletions.
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
@@ -38,6 +38,7 @@ data "auth0_client" "some-client-by-id" {
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
 - `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
 - `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
+- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon.
 - `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
 - `client_secret` (String) Secret for the client. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string.
 - `cross_origin_auth` (Boolean) Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).

diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
@@ -25,6 +25,7 @@ data "auth0_global_client" "global" {}
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
 - `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
 - `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
+- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon.
 - `client_id` (String) The ID of the client.
 - `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
 - `client_secret` (String) Secret for the client. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string.

diff --git a/docs/resources/client.md b/docs/resources/client.md
@@ -100,6 +100,7 @@ resource "auth0_client" "my_client" {
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
 - `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
 - `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
+- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon.
 - `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
 - `client_secret_rotation_trigger` (Map of String) Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
 - `cross_origin_auth` (Boolean) Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).

diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
@@ -37,6 +37,7 @@ PAGE
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
 - `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
 - `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
+- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon.
 - `client_id` (String) The ID of the client.
 - `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
 - `client_secret` (String, Sensitive) Secret for the client. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string.

diff --git a/internal/provider/resource_auth0_client.go b/internal/provider/resource_auth0_client.go
@@ -55,6 +55,14 @@ func newClient() *schema.Resource {
 				Description: "Custom metadata for the rotation. " +
 					"For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).",
 			},
+			"client_aliases": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional:    true,
+				Description: "List of audiences/realms for SAML protocol. Used by the wsfed addon.",
+			},
 			"app_type": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -752,6 +760,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag
 	result := multierror.Append(
 		d.Set("client_id", client.GetClientID()),
 		d.Set("client_secret", client.GetClientSecret()),
+		d.Set("client_aliases", client.GetClientAliases()),
 		d.Set("name", client.GetName()),
 		d.Set("description", client.GetDescription()),
 		d.Set("app_type", client.GetAppType()),

diff --git a/internal/provider/resource_auth0_client_test.go b/internal/provider/resource_auth0_client_test.go
@@ -573,6 +573,7 @@ resource "auth0_client" "my_client" {
 	is_token_endpoint_ip_header_trusted = true
 	oidc_conformant = true
 	cross_origin_auth = false
+	client_aliases = [ "https://example.com/audience" ]
 	callbacks = [ "https://example.com/callback" ]
 	allowed_origins = [ "https://example.com" ]
 	allowed_clients = [ "https://allowed.example.com" ]
@@ -605,6 +606,7 @@ resource "auth0_client" "my_client" {
 	is_token_endpoint_ip_header_trusted = true
 	oidc_conformant = true
 	cross_origin_auth = true
+	client_aliases = [ ]
 	callbacks = [ ]
 	allowed_origins = [ ]
 	allowed_clients = [ ]
@@ -669,6 +671,7 @@ func TestAccClient(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.rotation_type", "non-rotating"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.token_lifetime", "2592000"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "client_secret_rotation_trigger"),
+					resource.TestCheckNoResourceAttr("auth0_client.my_client", "client_aliases"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "callbacks"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "allowed_logout_urls"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "allowed_origins"),
@@ -727,6 +730,8 @@ func TestAccClient(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.rotation_type", "non-rotating"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.token_lifetime", "2592000"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "client_secret_rotation_trigger"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "client_aliases.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "client_aliases.0", "https://example.com/audience"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "callbacks.#", "1"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "callbacks.0", "https://example.com/callback"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "allowed_logout_urls.#", "1"),
@@ -786,6 +791,7 @@ func TestAccClient(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.rotation_type", "non-rotating"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "refresh_token.0.token_lifetime", "2592000"),
 					resource.TestCheckNoResourceAttr("auth0_client.my_client", "client_secret_rotation_trigger"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "client_aliases.#", "0"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "callbacks.#", "0"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "allowed_logout_urls.#", "0"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "allowed_origins.#", "0"),

diff --git a/internal/provider/structure_auth0_client.go b/internal/provider/structure_auth0_client.go
@@ -21,6 +21,7 @@ func expandClient(d *schema.ResourceData) *management.Client {
 		IsFirstParty:                   value.Bool(config.GetAttr("is_first_party")),
 		IsTokenEndpointIPHeaderTrusted: value.Bool(config.GetAttr("is_token_endpoint_ip_header_trusted")),
 		OIDCConformant:                 value.Bool(config.GetAttr("oidc_conformant")),
+		ClientAliases:                  value.Strings(config.GetAttr("client_aliases")),
 		Callbacks:                      value.Strings(config.GetAttr("callbacks")),
 		AllowedLogoutURLs:              value.Strings(config.GetAttr("allowed_logout_urls")),
 		AllowedOrigins:                 value.Strings(config.GetAttr("allowed_origins")),