From 483152e01ec218ac2741defae9953052166e1ac3 Mon Sep 17 00:00:00 2001 From: Rajat Bajaj Date: Mon, 14 Oct 2024 18:09:28 +0530 Subject: [PATCH] PATCH: Add graceful error handling for `auth0_organization` data source when using client grants (#1049) * Added check on tenants which has insufficient scopes and return a empty slice * Updated test case * minor refactoring * minor refactor * linting * linting --- internal/auth0/organization/data_source.go | 4 + .../auth0/organization/data_source_test.go | 22 + ...taSourceOrganizationInsufficientScope.yaml | 423 ++++++++++++++++++ 3 files changed, 449 insertions(+) create mode 100644 test/data/recordings/TestAccDataSourceOrganizationInsufficientScope.yaml diff --git a/internal/auth0/organization/data_source.go b/internal/auth0/organization/data_source.go index 75e297984..5d3068a26 100644 --- a/internal/auth0/organization/data_source.go +++ b/internal/auth0/organization/data_source.go @@ -2,6 +2,7 @@ package organization import ( "context" + "strings" "github.com/auth0/go-auth0/management" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -195,6 +196,9 @@ func fetchAllOrganizationClientGrants( ) ([]*management.ClientGrant, error) { clientGrantList, err := api.Organization.ClientGrants(ctx, organizationID) if err != nil { + if strings.Contains(err.Error(), "Insufficient scope") { + return []*management.ClientGrant{}, nil + } return nil, err } diff --git a/internal/auth0/organization/data_source_test.go b/internal/auth0/organization/data_source_test.go index 38d0a8345..7f82f3b08 100644 --- a/internal/auth0/organization/data_source_test.go +++ b/internal/auth0/organization/data_source_test.go @@ -117,3 +117,25 @@ func TestAccDataSourceOrganization(t *testing.T) { }, }) } + +func TestAccDataSourceOrganizationInsufficientScope(t *testing.T) { + acctest.Test(t, resource.TestCase{ + PreventPostDestroyRefresh: true, + Steps: []resource.TestStep{ + { + // Uncomment the below code to test functionality against a non enabled tenants and record it. + //PreConfig: func() { + // // Add your env variables here. + // _ = os.Setenv("AUTH0_DOMAIN", "some-domain-name") + // _ = os.Setenv("AUTH0_CLIENT_ID", "some-client-id") + // _ = os.Setenv("AUTH0_CLIENT_SECRET", "some-client-secret") + // },. + Config: `data "auth0_organization" "test" { + organization_id = "org_P0nITxTkwnKQvD22" + }`, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.auth0_organization.test", "grant_ids.#", "0")), + }, + }, + }) +} diff --git a/test/data/recordings/TestAccDataSourceOrganizationInsufficientScope.yaml b/test/data/recordings/TestAccDataSourceOrganizationInsufficientScope.yaml new file mode 100644 index 000000000..d5743d386 --- /dev/null +++ b/test/data/recordings/TestAccDataSourceOrganizationInsufficientScope.yaml @@ -0,0 +1,423 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"id":"org_P0nITxTkwnKQvD22","name":"integration-test-org-better","display_name":"Integration Test Updated Organization","branding":{"logo_url":"https://example.com/logo.png","colors":{"page_background":"#AA1166","primary":"#00FFAA"}},"metadata":{"FOO":"bar"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 342.892042ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/enabled_connections?include_totals=true&page=0&per_page=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"enabled_connections":[],"start":0,"limit":0,"total":0}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 350.456292ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/members?fields=user_id&include_fields=true&include_totals=true&per_page=50&take=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 14 + uncompressed: false + body: '{"members":[]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 353.623125ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/client-grants?include_totals=true&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"statusCode":403,"error":"Forbidden","message":"Insufficient scope, expected any of: read:organization_client_grants","errorCode":"insufficient_scope"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 403 Forbidden + code: 403 + duration: 312.830666ms + - id: 4 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"id":"org_P0nITxTkwnKQvD22","name":"integration-test-org-better","display_name":"Integration Test Updated Organization","branding":{"logo_url":"https://example.com/logo.png","colors":{"page_background":"#AA1166","primary":"#00FFAA"}},"metadata":{"FOO":"bar"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 447.941834ms + - id: 5 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/enabled_connections?include_totals=true&page=0&per_page=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"enabled_connections":[],"start":0,"limit":0,"total":0}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 383.67775ms + - id: 6 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/members?fields=user_id&include_fields=true&include_totals=true&per_page=50&take=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 14 + uncompressed: false + body: '{"members":[]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 366.776834ms + - id: 7 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/client-grants?include_totals=true&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"statusCode":403,"error":"Forbidden","message":"Insufficient scope, expected any of: read:organization_client_grants","errorCode":"insufficient_scope"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 403 Forbidden + code: 403 + duration: 325.221ms + - id: 8 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"id":"org_P0nITxTkwnKQvD22","name":"integration-test-org-better","display_name":"Integration Test Updated Organization","branding":{"logo_url":"https://example.com/logo.png","colors":{"page_background":"#AA1166","primary":"#00FFAA"}},"metadata":{"FOO":"bar"}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 361.434708ms + - id: 9 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/enabled_connections?include_totals=true&page=0&per_page=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"enabled_connections":[],"start":0,"limit":0,"total":0}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 353.844583ms + - id: 10 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/members?fields=user_id&include_fields=true&include_totals=true&per_page=50&take=100 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 14 + uncompressed: false + body: '{"members":[]}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 357.018083ms + - id: 11 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.11.1 + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/organizations/org_P0nITxTkwnKQvD22/client-grants?include_totals=true&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"statusCode":403,"error":"Forbidden","message":"Insufficient scope, expected any of: read:organization_client_grants","errorCode":"insufficient_scope"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 403 Forbidden + code: 403 + duration: 331.718458ms