Skip to content

Commit

Permalink
[1/X] DXCDT-441: Reintroduce support for aws client addon (#655)
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught authored Jun 27, 2023
1 parent c0bb5c8 commit f40d60c
Show file tree
Hide file tree
Showing 10 changed files with 339 additions and 156 deletions.
19 changes: 19 additions & 0 deletions docs/data-sources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ data "auth0_client" "some-client-by-id" {

### Read-Only

- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
Expand Down Expand Up @@ -67,6 +68,24 @@ data "auth0_client" "some-client-by-id" {
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.

<a id="nestedatt--addons"></a>
### Nested Schema for `addons`

Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`

Read-Only:

- `lifetime_in_seconds` (Number)
- `principal` (String)
- `role` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

Expand Down
19 changes: 19 additions & 0 deletions docs/data-sources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ data "auth0_global_client" "global" {}

### Read-Only

- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
Expand Down Expand Up @@ -56,6 +57,24 @@ data "auth0_global_client" "global" {}
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.

<a id="nestedatt--addons"></a>
### Nested Schema for `addons`

Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`

Read-Only:

- `lifetime_in_seconds` (Number)
- `principal` (String)
- `role` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

Expand Down
19 changes: 19 additions & 0 deletions docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ resource "auth0_client" "my_client" {

### Optional

- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
Expand Down Expand Up @@ -129,6 +130,24 @@ resource "auth0_client" "my_client" {
- `id` (String) The ID of this resource.
- `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

<a id="nestedblock--addons"></a>
### Nested Schema for `addons`

Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`

Optional:

- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

Expand Down
19 changes: 19 additions & 0 deletions docs/resources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ PAGE

### Optional

- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
Expand Down Expand Up @@ -72,6 +73,24 @@ PAGE

- `id` (String) The ID of this resource.

<a id="nestedblock--addons"></a>
### Nested Schema for `addons`

Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`

Optional:

- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

Expand Down
4 changes: 3 additions & 1 deletion internal/acctest/acctest.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string
}

func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) schema.ConfigureContextFunc {
return func(ctx context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
return func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
domain := data.Get("domain").(string)
debug := data.Get("debug").(bool)

Expand All @@ -77,6 +77,8 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc

authenticationOption := management.WithStaticToken(apiToken)
if apiToken == "" {
ctx := context.Background()

authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
if audience != "" {
authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)
Expand Down
44 changes: 41 additions & 3 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@ func expandClient(d *schema.ResourceData) *management.Client {
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
// Addons: expandClientAddons(d), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
}

return client
Expand Down Expand Up @@ -236,6 +236,44 @@ func expandClientMetadata(d *schema.ResourceData) *map[string]interface{} {
return &newMetadataMap
}

func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {
if !d.HasChange("addons") {
return nil
}

var addons management.ClientAddons

d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))

return stop
})

if addons == (management.ClientAddons{}) {
return nil
}

return &addons
}

func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
var awsAddon management.AWSClientAddon

awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
awsAddon.Role = value.String(awsCfg.GetAttr("role"))
awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))

return stop
})

if awsAddon == (management.AWSClientAddon{}) {
return nil
}

return &awsAddon
}

func clientHasChange(c *management.Client) bool {
return c.String() != "{}"
}
22 changes: 22 additions & 0 deletions internal/auth0/client/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,25 @@ func flattenClientMobile(mobile *management.ClientMobile) []interface{} {

return []interface{}{m}
}

func flattenClientAddons(addons *management.ClientAddons) []interface{} {
if addons == nil {
return nil
}

m := map[string]interface{}{
"aws": nil,
}

if addons.GetAWS() != nil {
m["aws"] = []interface{}{
map[string]interface{}{
"principal": addons.GetAWS().GetPrincipal(),
"role": addons.GetAWS().GetRole(),
"lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
},
}
}

return []interface{}{m}
}
39 changes: 38 additions & 1 deletion internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,43 @@ func NewResource() *schema.Resource {
Description: "List containing a map of the public cert of the signing key and the public cert " +
"of the signing key in PKCS7.",
},
"addons": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Description: "Addons enabled for this client and their associated configurations.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"aws": {
Type: schema.TypeList,
Optional: true,
Computed: true,
MaxItems: 1,
Description: "AWS Addon configuration.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"principal": {
Description: "AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.",
Type: schema.TypeString,
Optional: true,
},
"role": {
Description: "AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.",
Type: schema.TypeString,
Optional: true,
},
"lifetime_in_seconds": {
Description: "AWS token lifetime in seconds.",
Type: schema.TypeInt,
ValidateFunc: validation.IntBetween(900, 43200),
Optional: true,
},
},
},
},
},
},
},
},
}
}
Expand Down Expand Up @@ -541,7 +578,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag
d.Set("jwt_configuration", flattenClientJwtConfiguration(client.GetJWTConfiguration())),
d.Set("refresh_token", flattenClientRefreshTokenConfiguration(client.GetRefreshToken())),
d.Set("encryption_key", client.GetEncryptionKey()),
// D.Set("addons", flattenClientAddons(client.Addons)), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
d.Set("addons", flattenClientAddons(client.Addons)),
d.Set("mobile", flattenClientMobile(client.GetMobile())),
d.Set("initiate_login_uri", client.GetInitiateLoginURI()),
d.Set("signing_keys", client.SigningKeys),
Expand Down
Loading

0 comments on commit f40d60c

Please sign in to comment.