From c9c09f2d765675c2b31433d26d2d8ef4f23f0bfa Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 26 Sep 2023 10:49:49 -0400 Subject: [PATCH] TF Generate - enforce that CLI and TF provider domains match (#858) Adding checks if domains match, tests Co-authored-by: Will Vedder --- internal/cli/terraform.go | 13 +++++++++++++ internal/cli/terraform_test.go | 19 +++++++++++++++++++ test/integration/terraform-test-cases.yaml | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/internal/cli/terraform.go b/internal/cli/terraform.go index 27157440a..6b9a1272a 100644 --- a/internal/cli/terraform.go +++ b/internal/cli/terraform.go @@ -177,6 +177,11 @@ func generateTerraformCmdRun(cli *cli, inputs *terraformInputs) func(cmd *cobra. } if terraformProviderCredentialsAreAvailable() { + err := checkTerraformProviderAndCLIDomainsMatch(cli.Config.DefaultTenant) + if err != nil { + return err + } + err = ansi.Spinner("Generating Terraform configuration", func() error { return generateTerraformResourceConfig(cmd.Context(), inputs.OutputDIR) }) @@ -351,6 +356,14 @@ func terraformProviderCredentialsAreAvailable() bool { return (domain != "" && clientID != "" && clientSecret != "") || (domain != "" && apiToken != "") } +func checkTerraformProviderAndCLIDomainsMatch(currentCLIDomain string) error { + providerDomain := os.Getenv("AUTH0_DOMAIN") + if providerDomain == currentCLIDomain { + return nil + } + return fmt.Errorf("Terraform provider tenant domain '%s' does not match current CLI tenant '%s'", providerDomain, currentCLIDomain) +} + func deduplicateResourceNames(data importDataList) importDataList { nameMap := map[string]int{} deduplicatedList := importDataList{} diff --git a/internal/cli/terraform_test.go b/internal/cli/terraform_test.go index 3c9499186..73d7b6247 100644 --- a/internal/cli/terraform_test.go +++ b/internal/cli/terraform_test.go @@ -518,3 +518,22 @@ func TestSanitizeResourceName(t *testing.T) { }) } } + +func TestCheckTerraformProviderAndCLIDomainsMatch(t *testing.T) { + t.Run("it should return no error if provided domain and TF provider env var domain match", func(t *testing.T) { + domain := "travel0.us.auth0.com" + + os.Setenv("AUTH0_DOMAIN", domain) + err := checkTerraformProviderAndCLIDomainsMatch(domain) + assert.NoError(t, err) + os.Unsetenv("AUTH0_DOMAIN") + }) + + t.Run("it should return an error if provided domain and TF provider env var domain do not match", func(t *testing.T) { + os.Setenv("AUTH0_DOMAIN", "different-tenant.eu.auth0.com") + err := checkTerraformProviderAndCLIDomainsMatch("travel0.us.auth0.com") + assert.Error(t, err) + assert.Equal(t, err.Error(), "Terraform provider tenant domain 'different-tenant.eu.auth0.com' does not match current CLI tenant 'travel0.us.auth0.com'") + os.Unsetenv("AUTH0_DOMAIN") + }) +} diff --git a/test/integration/terraform-test-cases.yaml b/test/integration/terraform-test-cases.yaml index 9eb475867..e2dff653d 100644 --- a/test/integration/terraform-test-cases.yaml +++ b/test/integration/terraform-test-cases.yaml @@ -64,3 +64,10 @@ tests: stderr: contains: - "unsupported resource type: auth0_computer" + + 005 - it errors if AUTH0_DOMAIN values for provider and CLI do not match: + command: AUTH0_DOMAIN=some-other-domain.us.auth0.com auth0 tf generate --output-dir tmp-tf-gen + exit-code: 1 + stderr: + contains: + - "Terraform provider tenant domain 'some-other-domain.us.auth0.com' does not match current CLI tenant '"