diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md deleted file mode 100644 index b99ed0d7d..000000000 --- a/docs/data-sources/global_client.md +++ /dev/null @@ -1,472 +0,0 @@ ---- -page_title: "Data Source: auth0_global_client" -description: |- - Retrieve a tenant's global Auth0 application client. - !> This resource has been deprecated in favor of the auth0_pages resource and it will be removed in a future version.Check the MIGRATION_GUIDE https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client for more info. ---- - -# Data Source: auth0_global_client - -Retrieve a tenant's global Auth0 application client. - -!> This resource has been deprecated in favor of the `auth0_pages` resource and it will be removed in a future version.Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client) for more info. - -## Example Usage - -```terraform -data "auth0_global_client" "global" {} -``` - - -## Schema - -### Read-Only - -- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons)) -- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. -- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. -- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. -- `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. -- `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. -- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon. -- `client_id` (String) The ID of the client. -- `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`. -- `client_secret` (String) Secret for the client. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on the `auth0_client_credentials` resource instead, to allow managing it directly or use the `auth0_client` data source to read this property. -- `cross_origin_auth` (Boolean) Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coa_toggle_enabled` feature flag to be enabled on the tenant by the support team. -- `cross_origin_loc` (String) URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page. -- `custom_login_page` (String) The content (HTML, CSS, JS) of the custom login page. -- `custom_login_page_on` (Boolean) Indicates whether a custom login page is to be used. -- `description` (String) Description of the purpose of the client. -- `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client. -- `form_template` (String) HTML form template to be used for WS-Federation. -- `grant_types` (List of String) Types of grants that this client is authorized to use. -- `id` (String) The ID of this resource. -- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string. -- `is_first_party` (Boolean) Indicates whether this client is a first-party client. -- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created. -- `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration)) -- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. -- `mobile` (List of Object) Additional configuration for native mobile apps. (see [below for nested schema](#nestedatt--mobile)) -- `name` (String) Name of the client. -- `native_social_login` (List of Object) Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `app_type`. (see [below for nested schema](#nestedatt--native_social_login)) -- `oidc_backchannel_logout_urls` (Set of String) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. -- `oidc_conformant` (Boolean) Indicates whether this client will conform to strict OIDC specifications. -- `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. -- `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`. -- `refresh_token` (List of Object) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedatt--refresh_token)) -- `signing_keys` (List of Map of String) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7. -- `sso` (Boolean) Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false). -- `sso_disabled` (Boolean) Indicates whether or not SSO is disabled. -- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to the `auth0_client_credentials` resource to manage a client's authentication method instead. Check the [MIGRATION GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#client-authentication-method) on how to do that. -- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode. - - -### Nested Schema for `addons` - -Read-Only: - -- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws)) -- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob)) -- `azure_sb` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_sb)) -- `box` (List of Object) (see [below for nested schema](#nestedobjatt--addons--box)) -- `cloudbees` (List of Object) (see [below for nested schema](#nestedobjatt--addons--cloudbees)) -- `concur` (List of Object) (see [below for nested schema](#nestedobjatt--addons--concur)) -- `dropbox` (List of Object) (see [below for nested schema](#nestedobjatt--addons--dropbox)) -- `echosign` (List of Object) (see [below for nested schema](#nestedobjatt--addons--echosign)) -- `egnyte` (List of Object) (see [below for nested schema](#nestedobjatt--addons--egnyte)) -- `firebase` (List of Object) (see [below for nested schema](#nestedobjatt--addons--firebase)) -- `layer` (List of Object) (see [below for nested schema](#nestedobjatt--addons--layer)) -- `mscrm` (List of Object) (see [below for nested schema](#nestedobjatt--addons--mscrm)) -- `newrelic` (List of Object) (see [below for nested schema](#nestedobjatt--addons--newrelic)) -- `office365` (List of Object) (see [below for nested schema](#nestedobjatt--addons--office365)) -- `rms` (List of Object) (see [below for nested schema](#nestedobjatt--addons--rms)) -- `salesforce` (List of Object) (see [below for nested schema](#nestedobjatt--addons--salesforce)) -- `salesforce_api` (List of Object) (see [below for nested schema](#nestedobjatt--addons--salesforce_api)) -- `salesforce_sandbox_api` (List of Object) (see [below for nested schema](#nestedobjatt--addons--salesforce_sandbox_api)) -- `samlp` (List of Object) (see [below for nested schema](#nestedobjatt--addons--samlp)) -- `sap_api` (List of Object) (see [below for nested schema](#nestedobjatt--addons--sap_api)) -- `sentry` (List of Object) (see [below for nested schema](#nestedobjatt--addons--sentry)) -- `sharepoint` (List of Object) (see [below for nested schema](#nestedobjatt--addons--sharepoint)) -- `slack` (List of Object) (see [below for nested schema](#nestedobjatt--addons--slack)) -- `springcm` (List of Object) (see [below for nested schema](#nestedobjatt--addons--springcm)) -- `sso_integration` (List of Object) (see [below for nested schema](#nestedobjatt--addons--sso_integration)) -- `wams` (List of Object) (see [below for nested schema](#nestedobjatt--addons--wams)) -- `wsfed` (List of Object) (see [below for nested schema](#nestedobjatt--addons--wsfed)) -- `zendesk` (List of Object) (see [below for nested schema](#nestedobjatt--addons--zendesk)) -- `zoom` (List of Object) (see [below for nested schema](#nestedobjatt--addons--zoom)) - - -### Nested Schema for `addons.aws` - -Read-Only: - -- `lifetime_in_seconds` (Number) -- `principal` (String) -- `role` (String) - - - -### Nested Schema for `addons.azure_blob` - -Read-Only: - -- `account_name` (String) -- `blob_delete` (Boolean) -- `blob_name` (String) -- `blob_read` (Boolean) -- `blob_write` (Boolean) -- `container_delete` (Boolean) -- `container_list` (Boolean) -- `container_name` (String) -- `container_read` (Boolean) -- `container_write` (Boolean) -- `expiration` (Number) -- `signed_identifier` (String) -- `storage_access_key` (String) - - - -### Nested Schema for `addons.azure_sb` - -Read-Only: - -- `entity_path` (String) -- `expiration` (Number) -- `namespace` (String) -- `sas_key` (String) -- `sas_key_name` (String) - - - -### Nested Schema for `addons.box` - -Read-Only: - - - - -### Nested Schema for `addons.cloudbees` - -Read-Only: - - - - -### Nested Schema for `addons.concur` - -Read-Only: - - - - -### Nested Schema for `addons.dropbox` - -Read-Only: - - - - -### Nested Schema for `addons.echosign` - -Read-Only: - -- `domain` (String) - - - -### Nested Schema for `addons.egnyte` - -Read-Only: - -- `domain` (String) - - - -### Nested Schema for `addons.firebase` - -Read-Only: - -- `client_email` (String) -- `lifetime_in_seconds` (Number) -- `private_key` (String) -- `private_key_id` (String) -- `secret` (String) - - - -### Nested Schema for `addons.layer` - -Read-Only: - -- `expiration` (Number) -- `key_id` (String) -- `principal` (String) -- `private_key` (String) -- `provider_id` (String) - - - -### Nested Schema for `addons.mscrm` - -Read-Only: - -- `url` (String) - - - -### Nested Schema for `addons.newrelic` - -Read-Only: - -- `account` (String) - - - -### Nested Schema for `addons.office365` - -Read-Only: - -- `connection` (String) -- `domain` (String) - - - -### Nested Schema for `addons.rms` - -Read-Only: - -- `url` (String) - - - -### Nested Schema for `addons.salesforce` - -Read-Only: - -- `entity_id` (String) - - - -### Nested Schema for `addons.salesforce_api` - -Read-Only: - -- `client_id` (String) -- `community_name` (String) -- `community_url_section` (String) -- `principal` (String) - - - -### Nested Schema for `addons.salesforce_sandbox_api` - -Read-Only: - -- `client_id` (String) -- `community_name` (String) -- `community_url_section` (String) -- `principal` (String) - - - -### Nested Schema for `addons.samlp` - -Read-Only: - -- `audience` (String) -- `authn_context_class_ref` (String) -- `binding` (String) -- `create_upn_claim` (Boolean) -- `destination` (String) -- `digest_algorithm` (String) -- `include_attribute_name_format` (Boolean) -- `issuer` (String) -- `lifetime_in_seconds` (Number) -- `logout` (List of Object) (see [below for nested schema](#nestedobjatt--addons--samlp--logout)) -- `map_identities` (Boolean) -- `map_unknown_claims_as_is` (Boolean) -- `mappings` (Map of String) -- `name_identifier_format` (String) -- `name_identifier_probes` (List of String) -- `passthrough_claims_with_no_mapping` (Boolean) -- `recipient` (String) -- `sign_response` (Boolean) -- `signature_algorithm` (String) -- `signing_cert` (String) -- `typed_attributes` (Boolean) - - -### Nested Schema for `addons.samlp.logout` - -Read-Only: - -- `callback` (String) -- `slo_enabled` (Boolean) - - - - -### Nested Schema for `addons.sap_api` - -Read-Only: - -- `client_id` (String) -- `name_identifier_format` (String) -- `scope` (String) -- `service_password` (String) -- `token_endpoint_url` (String) -- `username_attribute` (String) - - - -### Nested Schema for `addons.sentry` - -Read-Only: - -- `base_url` (String) -- `org_slug` (String) - - - -### Nested Schema for `addons.sharepoint` - -Read-Only: - -- `external_url` (List of String) -- `url` (String) - - - -### Nested Schema for `addons.slack` - -Read-Only: - -- `team` (String) - - - -### Nested Schema for `addons.springcm` - -Read-Only: - -- `acs_url` (String) - - - -### Nested Schema for `addons.sso_integration` - -Read-Only: - -- `name` (String) -- `version` (String) - - - -### Nested Schema for `addons.wams` - -Read-Only: - -- `master_key` (String) - - - -### Nested Schema for `addons.wsfed` - -Read-Only: - - - - -### Nested Schema for `addons.zendesk` - -Read-Only: - -- `account_name` (String) - - - -### Nested Schema for `addons.zoom` - -Read-Only: - -- `account` (String) - - - - -### Nested Schema for `jwt_configuration` - -Read-Only: - -- `alg` (String) -- `lifetime_in_seconds` (Number) -- `scopes` (Map of String) -- `secret_encoded` (Boolean) - - - -### Nested Schema for `mobile` - -Read-Only: - -- `android` (List of Object) (see [below for nested schema](#nestedobjatt--mobile--android)) -- `ios` (List of Object) (see [below for nested schema](#nestedobjatt--mobile--ios)) - - -### Nested Schema for `mobile.android` - -Read-Only: - -- `app_package_name` (String) -- `sha256_cert_fingerprints` (List of String) - - - -### Nested Schema for `mobile.ios` - -Read-Only: - -- `app_bundle_identifier` (String) -- `team_id` (String) - - - - -### Nested Schema for `native_social_login` - -Read-Only: - -- `apple` (List of Object) (see [below for nested schema](#nestedobjatt--native_social_login--apple)) -- `facebook` (List of Object) (see [below for nested schema](#nestedobjatt--native_social_login--facebook)) - - -### Nested Schema for `native_social_login.apple` - -Read-Only: - -- `enabled` (Boolean) - - - -### Nested Schema for `native_social_login.facebook` - -Read-Only: - -- `enabled` (Boolean) - - - - -### Nested Schema for `refresh_token` - -Read-Only: - -- `expiration_type` (String) -- `idle_token_lifetime` (Number) -- `infinite_idle_token_lifetime` (Boolean) -- `infinite_token_lifetime` (Boolean) -- `leeway` (Number) -- `rotation_type` (String) -- `token_lifetime` (Number) - - diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md deleted file mode 100644 index b415602d8..000000000 --- a/docs/resources/global_client.md +++ /dev/null @@ -1,492 +0,0 @@ ---- -page_title: "Resource: auth0_global_client" -description: |- - Use a tenant's global Auth0 Application client. - !> This resource has been deprecated in favor of the newly introduced auth0_pages resource and it will be removed in a future version. Check the MIGRATION_GUIDE https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client for more info. ---- - -# Resource: auth0_global_client - -Use a tenant's global Auth0 Application client. - -!> This resource has been deprecated in favor of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client) for more info. - -## Example Usage - -```terraform -resource "auth0_global_client" "global" { - // Auth0 Universal Login - Custom Login Page - custom_login_page_on = true - custom_login_page = < - My Custom Login Page - - I should probably have a login form here - - -PAGE - callbacks = ["http://somehostname.com/a/callback"] -} -``` - - -## Schema - -### Optional - -- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons)) -- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. -- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. -- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. -- `app_type` (String) Type of application the client represents. Possible values are: `native`, `spa`, `regular_web`, `non_interactive`, `sso_integration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. -- `callbacks` (List of String) URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. -- `client_aliases` (List of String) List of audiences/realms for SAML protocol. Used by the wsfed addon. -- `client_id` (String) The ID of the client. -- `client_metadata` (Map of String) Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`. -- `client_secret` (String, Sensitive, Deprecated) Secret for the client. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on the `auth0_client_credentials` resource instead, to allow managing it directly or use the `auth0_client` data source to read this property. -- `client_secret_rotation_trigger` (Map of String, Deprecated) Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret). Migrate to the `auth0_client_credentials` resource to manage a client's secret directly instead. Refer to the [client secret rotation guide](Refer to the [client secret rotation guide](https://registry.terraform.io/providers/auth0/auth0/latest/docs/guides/client_secret_rotation) for instructions on how to rotate client secrets with zero downtime. -- `cross_origin_auth` (Boolean) Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coa_toggle_enabled` feature flag to be enabled on the tenant by the support team. -- `cross_origin_loc` (String) URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page. -- `custom_login_page` (String) The content (HTML, CSS, JS) of the custom login page. -- `custom_login_page_on` (Boolean) Indicates whether a custom login page is to be used. -- `description` (String) Description of the purpose of the client. -- `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client. -- `form_template` (String) HTML form template to be used for WS-Federation. -- `grant_types` (List of String) Types of grants that this client is authorized to use. -- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string. -- `is_first_party` (Boolean) Indicates whether this client is a first-party client. -- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created. -- `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration)) -- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. -- `mobile` (Block List, Max: 1) Additional configuration for native mobile apps. (see [below for nested schema](#nestedblock--mobile)) -- `name` (String) Name of the client. -- `native_social_login` (Block List, Max: 1) Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `app_type`. (see [below for nested schema](#nestedblock--native_social_login)) -- `oidc_backchannel_logout_urls` (Set of String) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. -- `oidc_conformant` (Boolean) Indicates whether this client will conform to strict OIDC specifications. -- `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. -- `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`. -- `refresh_token` (Block List, Max: 1) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedblock--refresh_token)) -- `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7. -- `sso` (Boolean) Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false). -- `sso_disabled` (Boolean) Indicates whether or not SSO is disabled. -- `token_endpoint_auth_method` (String, Deprecated) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to the `auth0_client_credentials` resource to manage a client's authentication method instead. Check the [MIGRATION GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#client-authentication-method) on how to do that. -- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode. - -### Read-Only - -- `id` (String) The ID of this resource. - - -### Nested Schema for `addons` - -Optional: - -- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws)) -- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob)) -- `azure_sb` (Block List, Max: 1) Azure Storage Bus Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_sb)) -- `box` (Block List, Max: 1) Box SSO indicator (no configuration settings needed for Box SSO). (see [below for nested schema](#nestedblock--addons--box)) -- `cloudbees` (Block List, Max: 1) CloudBees SSO indicator (no configuration settings needed for CloudBees SSO). (see [below for nested schema](#nestedblock--addons--cloudbees)) -- `concur` (Block List, Max: 1) Concur SSO indicator (no configuration settings needed for Concur SSO). (see [below for nested schema](#nestedblock--addons--concur)) -- `dropbox` (Block List, Max: 1) Dropbox SSO indicator (no configuration settings needed for Dropbox SSO). (see [below for nested schema](#nestedblock--addons--dropbox)) -- `echosign` (Block List, Max: 1) Adobe EchoSign SSO configuration. (see [below for nested schema](#nestedblock--addons--echosign)) -- `egnyte` (Block List, Max: 1) Egnyte SSO configuration. (see [below for nested schema](#nestedblock--addons--egnyte)) -- `firebase` (Block List, Max: 1) Google Firebase addon configuration. (see [below for nested schema](#nestedblock--addons--firebase)) -- `layer` (Block List, Max: 1) Layer addon configuration. (see [below for nested schema](#nestedblock--addons--layer)) -- `mscrm` (Block List, Max: 1) Microsoft Dynamics CRM SSO configuration. (see [below for nested schema](#nestedblock--addons--mscrm)) -- `newrelic` (Block List, Max: 1) New Relic SSO configuration. (see [below for nested schema](#nestedblock--addons--newrelic)) -- `office365` (Block List, Max: 1) Microsoft Office 365 SSO configuration. (see [below for nested schema](#nestedblock--addons--office365)) -- `rms` (Block List, Max: 1) Active Directory Rights Management Service SSO configuration. (see [below for nested schema](#nestedblock--addons--rms)) -- `salesforce` (Block List, Max: 1) Salesforce SSO configuration. (see [below for nested schema](#nestedblock--addons--salesforce)) -- `salesforce_api` (Block List, Max: 1) Salesforce API addon configuration. (see [below for nested schema](#nestedblock--addons--salesforce_api)) -- `salesforce_sandbox_api` (Block List, Max: 1) Salesforce Sandbox addon configuration. (see [below for nested schema](#nestedblock--addons--salesforce_sandbox_api)) -- `samlp` (Block List, Max: 1) Configuration settings for a SAML add-on. (see [below for nested schema](#nestedblock--addons--samlp)) -- `sap_api` (Block List, Max: 1) SAP API addon configuration. (see [below for nested schema](#nestedblock--addons--sap_api)) -- `sentry` (Block List, Max: 1) Sentry SSO configuration. (see [below for nested schema](#nestedblock--addons--sentry)) -- `sharepoint` (Block List, Max: 1) SharePoint SSO configuration. (see [below for nested schema](#nestedblock--addons--sharepoint)) -- `slack` (Block List, Max: 1) Slack team or workspace name usually first segment in your Slack URL, for example `https://acme-org.slack.com` would be `acme-org`. (see [below for nested schema](#nestedblock--addons--slack)) -- `springcm` (Block List, Max: 1) SpringCM SSO configuration. (see [below for nested schema](#nestedblock--addons--springcm)) -- `sso_integration` (Block List, Max: 1) Generic SSO configuration. (see [below for nested schema](#nestedblock--addons--sso_integration)) -- `wams` (Block List, Max: 1) Windows Azure Mobile Services addon configuration. (see [below for nested schema](#nestedblock--addons--wams)) -- `wsfed` (Block List, Max: 1) WS-Fed (WIF) addon indicator. Actual configuration is stored in `callback` and `client_aliases` properties on the client. (see [below for nested schema](#nestedblock--addons--wsfed)) -- `zendesk` (Block List, Max: 1) Zendesk SSO configuration. (see [below for nested schema](#nestedblock--addons--zendesk)) -- `zoom` (Block List, Max: 1) Zoom SSO configuration. (see [below for nested schema](#nestedblock--addons--zoom)) - - -### Nested Schema for `addons.aws` - -Optional: - -- `lifetime_in_seconds` (Number) AWS token lifetime in seconds. -- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`. -- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`. - - - -### Nested Schema for `addons.azure_blob` - -Optional: - -- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL, for example `https://acme-org.blob.core.windows.net` would be the account name `acme-org`. -- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob. -- `blob_name` (String) Entity to request a token for, such as `my-blob`. If blank the computed SAS will apply to the entire storage container. -- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation. -- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account. -- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container. -- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container. -- `container_name` (String) Container to request a token for, such as `my-container`. -- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation. -- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account. -- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes). -- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource. -- `storage_access_key` (String, Sensitive) Access key associated with this storage account. - - - -### Nested Schema for `addons.azure_sb` - -Optional: - -- `entity_path` (String) Entity you want to request a token for, such as `my-queue`. -- `expiration` (Number) Optional expiration in minutes for the generated token. Defaults to 5 minutes. -- `namespace` (String) Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example `https://acme-org.servicebus.windows.net` would be `acme-org`). -- `sas_key` (String, Sensitive) Primary Key associated with your shared access policy. -- `sas_key_name` (String) Your shared access policy name defined in your Service Bus entity. - - - -### Nested Schema for `addons.box` - - - -### Nested Schema for `addons.cloudbees` - - - -### Nested Schema for `addons.concur` - - - -### Nested Schema for `addons.dropbox` - - - -### Nested Schema for `addons.echosign` - -Optional: - -- `domain` (String) Your custom domain found in your EchoSign URL, for example `https://acme-org.echosign.com` would be `acme-org`. - - - -### Nested Schema for `addons.egnyte` - -Optional: - -- `domain` (String) Your custom domain found in your Egnyte URL, for example `https://acme-org.echosign.com` would be `acme-org`. - - - -### Nested Schema for `addons.firebase` - -Optional: - -- `client_email` (String) ID of the Service Account you have created (shown as `client_email` in the generated JSON file, SDK v3+ tokens only). -- `lifetime_in_seconds` (Number) Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only). -- `private_key` (String, Sensitive) Private Key for signing the token (SDK v3+ tokens only). -- `private_key_id` (String, Sensitive) Optional ID of the private key to obtain the `kid` header claim from the issued token (SDK v3+ tokens only). -- `secret` (String, Sensitive) Google Firebase Secret. (SDK v2 only). - - - -### Nested Schema for `addons.layer` - -Required: - -- `key_id` (String, Sensitive) Authentication Key identifier used to sign the Layer token. -- `private_key` (String, Sensitive) Private key for signing the Layer token. -- `provider_id` (String) Provider ID of your Layer account. - -Optional: - -- `expiration` (Number) Optional expiration in minutes for the generated token. Defaults to 5 minutes. -- `principal` (String) Name of the property used as the unique user ID in Layer. If not specified `user_id` is used. - - - -### Nested Schema for `addons.mscrm` - -Optional: - -- `url` (String) Microsoft Dynamics CRM application URL. - - - -### Nested Schema for `addons.newrelic` - -Optional: - -- `account` (String) Your New Relic Account ID found in your New Relic URL after the `/accounts/` path, for example `https://rpm.newrelic.com/accounts/123456/query` would be `123456`. - - - -### Nested Schema for `addons.office365` - -Optional: - -- `connection` (String) Optional Auth0 database connection for testing an already-configured Office 365 tenant. -- `domain` (String) Your Office 365 domain name, for example `acme-org.com`. - - - -### Nested Schema for `addons.rms` - -Optional: - -- `url` (String) URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it. - - - -### Nested Schema for `addons.salesforce` - -Optional: - -- `entity_id` (String) Arbitrary logical URL that identifies the Saleforce resource, for example `https://acme-org.com`. - - - -### Nested Schema for `addons.salesforce_api` - -Optional: - -- `client_id` (String, Sensitive) Consumer Key assigned by Salesforce to the Connected App. -- `community_name` (String) Community name. -- `community_url_section` (String) Community URL section. -- `principal` (String, Sensitive) Name of the property in the user object that maps to a Salesforce username, for example `email`. - - - -### Nested Schema for `addons.salesforce_sandbox_api` - -Optional: - -- `client_id` (String, Sensitive) Consumer Key assigned by Salesforce to the Connected App. -- `community_name` (String) Community name. -- `community_url_section` (String) Community URL section. -- `principal` (String, Sensitive) Name of the property in the user object that maps to a Salesforce username, for example `email`. - - - -### Nested Schema for `addons.samlp` - -Optional: - -- `audience` (String) Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest. -- `authn_context_class_ref` (String) Class reference of the authentication context. -- `binding` (String) Protocol binding used for SAML logout responses. -- `create_upn_claim` (Boolean) Indicates whether a UPN claim should be created. Defaults to `true`. -- `destination` (String) Destination of the SAML Response. If not specified, it will be `AssertionConsumerUrl` of SAMLRequest or callback URL if there was no SAMLRequest. -- `digest_algorithm` (String) Algorithm used to calculate the digest of the SAML Assertion or response. Options include `sha1` and `sha256`. Defaults to `sha1`. -- `include_attribute_name_format` (Boolean) Indicates whether or not we should infer the NameFormat based on the attribute name. If set to `false`, the attribute NameFormat is not set in the assertion. Defaults to `true`. -- `issuer` (String) Issuer of the SAML Assertion. -- `lifetime_in_seconds` (Number) Number of seconds during which the token is valid. Defaults to `3600` seconds. -- `logout` (Block List, Max: 1) Configuration settings for logout. (see [below for nested schema](#nestedblock--addons--samlp--logout)) -- `map_identities` (Boolean) Indicates whether or not to add additional identity information in the token, such as the provider used and the `access_token`, if available. Defaults to `true`. -- `map_unknown_claims_as_is` (Boolean) Indicates whether to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to `false`. -- `mappings` (Map of String) Mappings between the Auth0 user profile property name (`name`) and the output attributes on the SAML attribute in the assertion (`value`). -- `name_identifier_format` (String) Format of the name identifier. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`. -- `name_identifier_probes` (List of String) Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds. -- `passthrough_claims_with_no_mapping` (Boolean) Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to `true`. -- `recipient` (String) Recipient of the SAML Assertion (SubjectConfirmationData). Default is `AssertionConsumerUrl` on SAMLRequest or callback URL if no SAMLRequest was sent. -- `sign_response` (Boolean) Indicates whether or not the SAML Response should be signed instead of the SAML Assertion. -- `signature_algorithm` (String) Algorithm used to sign the SAML Assertion or response. Options include `rsa-sha1` and `rsa-sha256`. Defaults to `rsa-sha1`. -- `signing_cert` (String) Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be `-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n`. -- `typed_attributes` (Boolean) Indicates whether or not we should infer the `xs:type` of the element. Types include `xs:string`, `xs:boolean`, `xs:double`, and `xs:anyType`. When set to `false`, all `xs:type` are `xs:anyType`. Defaults to `true`. - - -### Nested Schema for `addons.samlp.logout` - -Optional: - -- `callback` (String) The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses. -- `slo_enabled` (Boolean) Controls whether Auth0 should notify service providers of session termination. - - - - -### Nested Schema for `addons.sap_api` - -Optional: - -- `client_id` (String) If activated in the OAuth 2.0 client configuration (transaction `SOAUTH2) the SAML attribute `client_id` must be set and equal the `client_id` form parameter of the access token request. -- `name_identifier_format` (String) NameID element of the Subject which can be used to express the user's identity. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`. -- `scope` (String) Requested scope for SAP APIs. -- `service_password` (String, Sensitive) Service account password to use to authenticate API calls to the token endpoint. -- `token_endpoint_url` (String) The OAuth2 token endpoint URL of your SAP OData server. -- `username_attribute` (String) Name of the property in the user object that maps to a SAP username, for example `email`. - - - -### Nested Schema for `addons.sentry` - -Optional: - -- `base_url` (String) URL prefix only if running Sentry Community Edition, otherwise leave empty. -- `org_slug` (String) Generated slug for your Sentry organization. Found in your Sentry URL, for example `https://sentry.acme.com/acme-org/` would be `acme-org`. - - - -### Nested Schema for `addons.sharepoint` - -Optional: - -- `external_url` (List of String) External SharePoint application URLs if exposed to the Internet. -- `url` (String) Internal SharePoint application URL. - - - -### Nested Schema for `addons.slack` - -Optional: - -- `team` (String) Slack team name. - - - -### Nested Schema for `addons.springcm` - -Optional: - -- `acs_url` (String) SpringCM ACS URL, for example `https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx`. - - - -### Nested Schema for `addons.sso_integration` - -Optional: - -- `name` (String) SSO integration name. -- `version` (String) SSO integration version installed. - - - -### Nested Schema for `addons.wams` - -Optional: - -- `master_key` (String, Sensitive) Your master key for Windows Azure Mobile Services. - - - -### Nested Schema for `addons.wsfed` - - - -### Nested Schema for `addons.zendesk` - -Optional: - -- `account_name` (String) Zendesk account name. Usually the first segment in your Zendesk URL, for example `https://acme-org.zendesk.com` would be `acme-org`. - - - -### Nested Schema for `addons.zoom` - -Optional: - -- `account` (String) Zoom account name. Usually the first segment of your Zoom URL, for example `https://acme-org.zoom.us` would be `acme-org`. - - - - -### Nested Schema for `jwt_configuration` - -Optional: - -- `alg` (String) Algorithm used to sign JWTs. -- `lifetime_in_seconds` (Number) Number of seconds during which the JWT will be valid. -- `scopes` (Map of String) Permissions (scopes) included in JWTs. -- `secret_encoded` (Boolean) Indicates whether the client secret is Base64-encoded. - - - -### Nested Schema for `mobile` - -Optional: - -- `android` (Block List, Max: 1) Configuration settings for Android native apps. (see [below for nested schema](#nestedblock--mobile--android)) -- `ios` (Block List, Max: 1) Configuration settings for i0S native apps. (see [below for nested schema](#nestedblock--mobile--ios)) - - -### Nested Schema for `mobile.android` - -Optional: - -- `app_package_name` (String) -- `sha256_cert_fingerprints` (List of String) - - - -### Nested Schema for `mobile.ios` - -Optional: - -- `app_bundle_identifier` (String) -- `team_id` (String) - - - - -### Nested Schema for `native_social_login` - -Optional: - -- `apple` (Block List, Max: 1) (see [below for nested schema](#nestedblock--native_social_login--apple)) -- `facebook` (Block List, Max: 1) (see [below for nested schema](#nestedblock--native_social_login--facebook)) - - -### Nested Schema for `native_social_login.apple` - -Optional: - -- `enabled` (Boolean) - - - -### Nested Schema for `native_social_login.facebook` - -Optional: - -- `enabled` (Boolean) - - - - -### Nested Schema for `refresh_token` - -Required: - -- `expiration_type` (String) Options include `expiring`, `non-expiring`. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is `rotating`, this must be set to `expiring`. -- `rotation_type` (String) Options include `rotating`, `non-rotating`. When `rotating`, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - -Optional: - -- `idle_token_lifetime` (Number) The time in seconds after which inactive refresh tokens will expire. -- `infinite_idle_token_lifetime` (Boolean) Whether inactive refresh tokens should remain valid indefinitely. -- `infinite_token_lifetime` (Boolean) Whether refresh tokens should remain valid indefinitely. If false, `token_lifetime` should also be set. -- `leeway` (Number) The amount of time in seconds in which a refresh token may be reused without triggering reuse detection. -- `token_lifetime` (Number) The absolute lifetime of a refresh token in seconds. - -## Import - -Import is supported using the following syntax: - -```shell -# The auth0_global_client can be imported using the global client's ID. -# -# You can find the ID of the global client by going to the -# [API Explorer](https://auth0.com/docs/api/management/v2#!/Clients/get_clients) -# and fetching the clients that have `"global": true`. -# -# Example: -terraform import auth0_global_client.global XaiyAXXXYdXXXXnqjj8HXXXXXT5titww -``` diff --git a/examples/data-sources/auth0_global_client/data-source.tf b/examples/data-sources/auth0_global_client/data-source.tf deleted file mode 100644 index 719490f29..000000000 --- a/examples/data-sources/auth0_global_client/data-source.tf +++ /dev/null @@ -1 +0,0 @@ -data "auth0_global_client" "global" {} diff --git a/examples/resources/auth0_global_client/import.sh b/examples/resources/auth0_global_client/import.sh deleted file mode 100644 index 0337a3f3f..000000000 --- a/examples/resources/auth0_global_client/import.sh +++ /dev/null @@ -1,8 +0,0 @@ -# The auth0_global_client can be imported using the global client's ID. -# -# You can find the ID of the global client by going to the -# [API Explorer](https://auth0.com/docs/api/management/v2#!/Clients/get_clients) -# and fetching the clients that have `"global": true`. -# -# Example: -terraform import auth0_global_client.global XaiyAXXXYdXXXXnqjj8HXXXXXT5titww diff --git a/examples/resources/auth0_global_client/resource.tf b/examples/resources/auth0_global_client/resource.tf deleted file mode 100644 index 4ab346bb1..000000000 --- a/examples/resources/auth0_global_client/resource.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "auth0_global_client" "global" { - // Auth0 Universal Login - Custom Login Page - custom_login_page_on = true - custom_login_page = < - My Custom Login Page - - I should probably have a login form here - - -PAGE - callbacks = ["http://somehostname.com/a/callback"] -} diff --git a/internal/auth0/client/global_data_source.go b/internal/auth0/client/global_data_source.go deleted file mode 100644 index 5bda15434..000000000 --- a/internal/auth0/client/global_data_source.go +++ /dev/null @@ -1,38 +0,0 @@ -package client - -import ( - "context" - - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - internalSchema "github.com/auth0/terraform-provider-auth0/internal/schema" -) - -// NewGlobalDataSource will return a new auth0_global_client data source. -func NewGlobalDataSource() *schema.Resource { - resource := &schema.Resource{ - ReadContext: readDataGlobalClient, - Schema: globalDataSourceSchema(), - Description: "Retrieve a tenant's global Auth0 application client. ", - DeprecationMessage: "This resource has been deprecated in favor of the `auth0_pages` resource and it will be removed in a future version." + - "Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client) for more info.", - } - - resource.Description = resource.Description + "\n\n!> " + resource.DeprecationMessage - - return resource -} - -func globalDataSourceSchema() map[string]*schema.Schema { - dataSourceSchema := internalSchema.TransformResourceToDataSource(NewResource().Schema) - delete(dataSourceSchema, "client_secret_rotation_trigger") - return dataSourceSchema -} - -func readDataGlobalClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - if err := readGlobalClientID(ctx, d, m); err != nil { - return err - } - return readClient(ctx, d, m) -} diff --git a/internal/auth0/client/global_data_source_test.go b/internal/auth0/client/global_data_source_test.go deleted file mode 100644 index b695bb5e5..000000000 --- a/internal/auth0/client/global_data_source_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package client_test - -import ( - "fmt" - "testing" - - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - - "github.com/auth0/terraform-provider-auth0/internal/acctest" -) - -const testAccDataGlobalClientConfig = ` -%v -data auth0_global_client global { -} -` - -func TestAccDataGlobalClient(t *testing.T) { - acctest.Test(t, resource.TestCase{ - Steps: []resource.TestStep{ - { - Config: testAccGlobalClientConfigWithCustomLogin, - }, - { - Config: fmt.Sprintf(testAccDataGlobalClientConfig, testAccGlobalClientConfigWithCustomLogin), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.auth0_global_client.global", "custom_login_page", "TEST123"), - resource.TestCheckResourceAttr("data.auth0_global_client.global", "custom_login_page_on", "true"), - resource.TestCheckResourceAttrSet("data.auth0_global_client.global", "client_id"), - resource.TestCheckResourceAttr("data.auth0_global_client.global", "app_type", ""), - resource.TestCheckResourceAttr("data.auth0_global_client.global", "name", "All Applications"), - ), - }, - }, - }) -} diff --git a/internal/auth0/client/global_resource.go b/internal/auth0/client/global_resource.go deleted file mode 100644 index 1a77e4b2c..000000000 --- a/internal/auth0/client/global_resource.go +++ /dev/null @@ -1,84 +0,0 @@ -package client - -import ( - "context" - - "github.com/auth0/go-auth0/management" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - "github.com/auth0/terraform-provider-auth0/internal/config" -) - -// NewGlobalResource will return a new auth0_global_client resource. -func NewGlobalResource() *schema.Resource { - client := NewResource() - client.Description = "Use a tenant's global Auth0 Application client." - client.CreateContext = createGlobalClient - client.DeleteContext = deleteGlobalClient - client.DeprecationMessage = "This resource has been deprecated in favor of the newly introduced `auth0_pages` " + - "resource and it will be removed in a future version. " + - "Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#global-client) for more info." - - client.Description = client.Description + "\n\n!> " + client.DeprecationMessage - - exclude := []string{"client_secret_rotation_trigger"} - - // Mark all values computed and optional, - // because the global client has already - // been created for all tenants. - for key := range client.Schema { - // Exclude certain fields from - // being marked as computed. - if in(key, exclude) { - continue - } - - client.Schema[key].Required = false - client.Schema[key].Optional = true - client.Schema[key].Computed = true - } - - return client -} - -func in(needle string, haystack []string) bool { - for i := 0; i < len(haystack); i++ { - if needle == haystack[i] { - return true - } - } - return false -} - -func createGlobalClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - if err := readGlobalClientID(ctx, d, m); err != nil { - return err - } - return updateClient(ctx, d, m) -} - -func readGlobalClientID(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { - api := m.(*config.Config).GetAPI() - - clients, err := api.Client.List( - ctx, - management.Parameter("is_global", "true"), - management.IncludeFields("client_id"), - ) - if err != nil { - return diag.FromErr(err) - } - - if len(clients.Clients) == 0 { - return diag.Errorf("No auth0 global client found.") - } - - d.SetId(clients.Clients[0].GetClientID()) - return nil -} - -func deleteGlobalClient(_ context.Context, d *schema.ResourceData, _ interface{}) diag.Diagnostics { - d.SetId("") - return nil -} diff --git a/internal/auth0/client/global_resource_test.go b/internal/auth0/client/global_resource_test.go deleted file mode 100644 index fb617c478..000000000 --- a/internal/auth0/client/global_resource_test.go +++ /dev/null @@ -1,77 +0,0 @@ -package client_test - -import ( - "errors" - "testing" - - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" - - "github.com/auth0/terraform-provider-auth0/internal/acctest" -) - -const testAccGlobalClientConfigEmpty = ` -` - -const testAccGlobalClientConfigDefault = ` -resource "auth0_global_client" "global" { -} -` - -const testAccGlobalClientConfigWithCustomLogin = ` -resource "auth0_global_client" "global" { - custom_login_page = "TEST123" - custom_login_page_on = true -} -` - -const testAccGlobalClientConfigNoCustomLogin = ` -resource "auth0_global_client" "global" { - custom_login_page_on = false -} -` - -func TestAccGlobalClient(t *testing.T) { - acctest.Test(t, resource.TestCase{ - Steps: []resource.TestStep{ - { - Config: testAccGlobalClientConfigWithCustomLogin, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrSet("auth0_global_client.global", "client_id"), - resource.TestCheckResourceAttrSet("auth0_global_client.global", "client_secret"), - resource.TestCheckResourceAttr("auth0_global_client.global", "custom_login_page", "TEST123"), - resource.TestCheckResourceAttr("auth0_global_client.global", "custom_login_page_on", "true"), - ), - }, - { - Config: testAccGlobalClientConfigEmpty, - Check: resource.ComposeTestCheckFunc( - func(state *terraform.State) error { - for _, m := range state.Modules { - if len(m.Resources) > 0 { - if _, ok := m.Resources["auth0_global_client.global"]; ok { - return errors.New("auth0_global_client.global exists when it should have been removed") - } - } - } - return nil - }, - ), - }, - { - Config: testAccGlobalClientConfigDefault, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("auth0_global_client.global", "custom_login_page", "TEST123"), - resource.TestCheckResourceAttr("auth0_global_client.global", "custom_login_page_on", "true"), - ), - }, - - { - Config: testAccGlobalClientConfigNoCustomLogin, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("auth0_global_client.global", "custom_login_page_on", "false"), - ), - }, - }, - }) -} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index ddc74deb0..c9b4c01a5 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -97,7 +97,6 @@ func New() *schema.Provider { "auth0_client": client.NewResource(), "auth0_client_credentials": client.NewCredentialsResource(), "auth0_client_grant": client.NewGrantResource(), - "auth0_global_client": client.NewGlobalResource(), "auth0_connection": connection.NewResource(), "auth0_connection_client": connection.NewClientResource(), "auth0_connection_clients": connection.NewClientsResource(), @@ -138,7 +137,6 @@ func New() *schema.Provider { "auth0_branding": branding.NewDataSource(), "auth0_branding_theme": branding.NewThemeDataSource(), "auth0_client": client.NewDataSource(), - "auth0_global_client": client.NewGlobalDataSource(), "auth0_connection": connection.NewDataSource(), "auth0_custom_domain": customdomain.NewDataSource(), "auth0_organization": organization.NewDataSource(),