-
Notifications
You must be signed in to change notification settings - Fork 88
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DXCDT-442:
auth0_connection_database resource (#647)
* Initial commit, tests passing for auth0 connection * Making strategy inferred, expanding entire connection now * types file into base * Removing notes * Renaming package name * Generated docs * Moving into existing connection package * Regenerating docs, additional renamings * Regenerating docs * Recording test * Cloning schema * Pulling-out description into parameter * Fixing flattening of configuration property * Fixing warning text * Renaming package name --------- Co-authored-by: Will Vedder <[email protected]>
- Loading branch information
Showing
13 changed files
with
1,515 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,187 @@ | ||
| --- | ||
| page_title: "Resource: auth0_connection_database" | ||
| description: |- | ||
| Auth0 provides database connections to authenticate users with an email/username and password. These credentials are securely stored in the Auth0 user store or in your own database. You can use this resource to create and manage database connections. | ||
| --- | ||
|
|
||
| # Resource: auth0_connection_database | ||
|
|
||
| Auth0 provides database connections to authenticate users with an email/username and password. These credentials are securely stored in the Auth0 user store or in your own database. You can use this resource to create and manage database connections. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| # This is an example of an Auth0 connection. | ||
| resource "auth0_connection_database" "my_connection" { | ||
| name = "Example-Connection" | ||
| is_domain_connection = true | ||
| strategy = "auth0" | ||
| metadata = { | ||
| key1 = "foo" | ||
| key2 = "bar" | ||
| } | ||
| password_policy = "excellent" | ||
| brute_force_protection = true | ||
| enabled_database_customization = true | ||
| import_mode = false | ||
| requires_username = true | ||
| disable_signup = false | ||
| custom_scripts = { | ||
| get_user = <<EOF | ||
| function getByEmail(email, callback) { | ||
| return callback(new Error("Whoops!")); | ||
| } | ||
| EOF | ||
| } | ||
| configuration = { | ||
| foo = "bar" | ||
| bar = "baz" | ||
| } | ||
| upstream_params = jsonencode({ | ||
| "screen_name" : { | ||
| "alias" : "login_hint" | ||
| } | ||
| }) | ||
| password_history { | ||
| enable = true | ||
| size = 3 | ||
| } | ||
| password_no_personal_info { | ||
| enable = true | ||
| } | ||
| password_dictionary { | ||
| enable = true | ||
| dictionary = ["password", "admin", "1234"] | ||
| } | ||
| password_complexity_options { | ||
| min_length = 12 | ||
| } | ||
| validation { | ||
| username { | ||
| min = 10 | ||
| max = 40 | ||
| } | ||
| } | ||
| mfa { | ||
| active = true | ||
| return_enroll_settings = true | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `name` (String) Name of the connection. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `brute_force_protection` (Boolean) Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address. | ||
| - `configuration` (Map of String, Sensitive) A case-sensitive map of key value pairs used as configuration variables for the `custom_script`. | ||
| - `custom_scripts` (Map of String) A map of scripts used to integrate with a custom database. | ||
| - `disable_self_service_change_password` (Boolean) Indicates whether to remove the forgot password link within the New Universal Login. | ||
| - `disable_signup` (Boolean) Indicates whether to allow user sign-ups to your application. | ||
| - `display_name` (String) Name used in login screen. | ||
| - `enable_script_context` (Boolean) Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled). | ||
| - `enabled_database_customization` (Boolean) Set to `true` to use a legacy user store. | ||
| - `import_mode` (Boolean) Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store. | ||
| - `is_domain_connection` (Boolean) Indicates whether the connection is domain level. | ||
| - `metadata` (Map of String) Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed. | ||
| - `mfa` (Block List, Max: 1) Configuration options for multifactor authentication. (see [below for nested schema](#nestedblock--mfa)) | ||
| - `non_persistent_attrs` (Set of String) If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here. | ||
| - `password_complexity_options` (Block List, Max: 1) Configuration settings for password complexity. (see [below for nested schema](#nestedblock--password_complexity_options)) | ||
| - `password_dictionary` (Block List, Max: 1) Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. (see [below for nested schema](#nestedblock--password_dictionary)) | ||
| - `password_history` (Block List) Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. (see [below for nested schema](#nestedblock--password_history)) | ||
| - `password_no_personal_info` (Block List, Max: 1) Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's `name`, `username`, `nickname`, `user_metadata.name`, `user_metadata.first`, `user_metadata.last`, user's `email`, or first part of the user's `email`. (see [below for nested schema](#nestedblock--password_no_personal_info)) | ||
| - `password_policy` (String) Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include `none`, `low`, `fair`, `good`, `excellent`. | ||
| - `realms` (List of String) Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm. | ||
| - `requires_username` (Boolean) Indicates whether the user is required to provide a username in addition to an email address. | ||
| - `set_user_root_attributes` (String) Determines whether to sync user profile attributes (`name`, `given_name`, `family_name`, `nickname`, `picture`) at each login or only on the first login. Options include: `on_each_login`, `on_first_login`. Default value: `on_each_login`. | ||
| - `show_as_button` (Boolean) Display connection as a button. Only available on enterprise connections. | ||
| - `upstream_params` (String) You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user. | ||
| - `validation` (Block List, Max: 1) Validation of the minimum and maximum values allowed for a user to have as username. (see [below for nested schema](#nestedblock--validation)) | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `enabled_clients` (Set of String) IDs of the clients for which the connection is enabled. | ||
| - `id` (String) The ID of this resource. | ||
| - `strategy` (String) Type of the connection, which indicates the identity provider. | ||
|
|
||
| <a id="nestedblock--mfa"></a> | ||
| ### Nested Schema for `mfa` | ||
|
|
||
| Optional: | ||
|
|
||
| - `active` (Boolean) Indicates whether multifactor authentication is enabled for this connection. | ||
| - `return_enroll_settings` (Boolean) Indicates whether multifactor authentication enrollment settings will be returned. | ||
|
|
||
|
|
||
| <a id="nestedblock--password_complexity_options"></a> | ||
| ### Nested Schema for `password_complexity_options` | ||
|
|
||
| Optional: | ||
|
|
||
| - `min_length` (Number) Minimum number of characters allowed in passwords. | ||
|
|
||
|
|
||
| <a id="nestedblock--password_dictionary"></a> | ||
| ### Nested Schema for `password_dictionary` | ||
|
|
||
| Optional: | ||
|
|
||
| - `dictionary` (Set of String) Customized contents of the password dictionary. By default, the password dictionary contains a list of the [10,000 most common passwords](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt); your customized content is used in addition to the default password dictionary. Matching is not case-sensitive. | ||
| - `enable` (Boolean) Indicates whether the password dictionary check is enabled for this connection. | ||
|
|
||
|
|
||
| <a id="nestedblock--password_history"></a> | ||
| ### Nested Schema for `password_history` | ||
|
|
||
| Optional: | ||
|
|
||
| - `enable` (Boolean) | ||
| - `size` (Number) | ||
|
|
||
|
|
||
| <a id="nestedblock--password_no_personal_info"></a> | ||
| ### Nested Schema for `password_no_personal_info` | ||
|
|
||
| Optional: | ||
|
|
||
| - `enable` (Boolean) | ||
|
|
||
|
|
||
| <a id="nestedblock--validation"></a> | ||
| ### Nested Schema for `validation` | ||
|
|
||
| Optional: | ||
|
|
||
| - `username` (Block List, Max: 1) Specifies the `min` and `max` values of username length. (see [below for nested schema](#nestedblock--validation--username)) | ||
|
|
||
| <a id="nestedblock--validation--username"></a> | ||
| ### Nested Schema for `validation.username` | ||
|
|
||
| Optional: | ||
|
|
||
| - `max` (Number) | ||
| - `min` (Number) | ||
|
|
||
| ## Import | ||
|
|
||
| Import is supported using the following syntax: | ||
|
|
||
| ```shell | ||
| # Connections can be imported using their ID. | ||
| # | ||
| # Example: | ||
| terraform import auth0_connection_database.my_connection con_a17f21fdb24d48a0 | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # Connections can be imported using their ID. | ||
| # | ||
| # Example: | ||
| terraform import auth0_connection_database.my_connection con_a17f21fdb24d48a0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # This is an example of an Auth0 connection. | ||
|
|
||
| resource "auth0_connection_database" "my_connection" { | ||
| name = "Example-Connection" | ||
| is_domain_connection = true | ||
| strategy = "auth0" | ||
| metadata = { | ||
| key1 = "foo" | ||
| key2 = "bar" | ||
| } | ||
|
|
||
| password_policy = "excellent" | ||
| brute_force_protection = true | ||
| enabled_database_customization = true | ||
| import_mode = false | ||
| requires_username = true | ||
| disable_signup = false | ||
| custom_scripts = { | ||
| get_user = <<EOF | ||
| function getByEmail(email, callback) { | ||
| return callback(new Error("Whoops!")); | ||
| } | ||
| EOF | ||
| } | ||
| configuration = { | ||
| foo = "bar" | ||
| bar = "baz" | ||
| } | ||
| upstream_params = jsonencode({ | ||
| "screen_name" : { | ||
| "alias" : "login_hint" | ||
| } | ||
| }) | ||
|
|
||
| password_history { | ||
| enable = true | ||
| size = 3 | ||
| } | ||
|
|
||
| password_no_personal_info { | ||
| enable = true | ||
| } | ||
|
|
||
| password_dictionary { | ||
| enable = true | ||
| dictionary = ["password", "admin", "1234"] | ||
| } | ||
|
|
||
| password_complexity_options { | ||
| min_length = 12 | ||
| } | ||
|
|
||
| validation { | ||
| username { | ||
| min = 10 | ||
| max = 40 | ||
| } | ||
| } | ||
|
|
||
| mfa { | ||
| active = true | ||
| return_enroll_settings = true | ||
| } | ||
| } |
Oops, something went wrong.