TF Generate - enforce that CLI and TF provider domains match

internal/cli/terraform.go

@@ -177,6 +177,11 @@ func generateTerraformCmdRun(cli *cli, inputs *terraformInputs) func(cmd *cobra.
 		}
 
 		if terraformProviderCredentialsAreAvailable() {
+			err := checkTerraformProviderAndCLIDomainsMatch(cli.Config.DefaultTenant)
+			if err != nil {
+				return err
+			}
+
 			err = ansi.Spinner("Generating Terraform configuration", func() error {
 				return generateTerraformResourceConfig(cmd.Context(), inputs.OutputDIR)
 			})
@@ -351,6 +356,14 @@ func terraformProviderCredentialsAreAvailable() bool {
 	return (domain != "" && clientID != "" && clientSecret != "") || (domain != "" && apiToken != "")
 }
 
+func checkTerraformProviderAndCLIDomainsMatch(currentCLIDomain string) error {
+	providerDomain := os.Getenv("AUTH0_DOMAIN")
+	if providerDomain == currentCLIDomain {
+		return nil
+	}
+	return fmt.Errorf("Terraform provider tenant domain '%s' does not match current CLI tenant '%s'", providerDomain, currentCLIDomain)
+}
+
 func deduplicateResourceNames(data importDataList) importDataList {
 	nameMap := map[string]int{}
 	deduplicatedList := importDataList{}

internal/cli/terraform_test.go

@@ -518,3 +518,22 @@ func TestSanitizeResourceName(t *testing.T) {
 		})
 	}
 }
+
+func TestCheckTerraformProviderAndCLIDomainsMatch(t *testing.T) {
+	t.Run("it should return no error if provided domain and TF provider env var domain match", func(t *testing.T) {
+		domain := "travel0.us.auth0.com"
+
+		os.Setenv("AUTH0_DOMAIN", domain)
+		err := checkTerraformProviderAndCLIDomainsMatch(domain)
+		assert.NoError(t, err)
+		os.Unsetenv("AUTH0_DOMAIN")
+	})
+
+	t.Run("it should return an error if provided domain and TF provider env var domain do not match", func(t *testing.T) {
+		os.Setenv("AUTH0_DOMAIN", "different-tenant.eu.auth0.com")
+		err := checkTerraformProviderAndCLIDomainsMatch("travel0.us.auth0.com")
+		assert.Error(t, err)
+		assert.Equal(t, err.Error(), "Terraform provider tenant domain 'different-tenant.eu.auth0.com' does not match current CLI tenant 'travel0.us.auth0.com'")
+		os.Unsetenv("AUTH0_DOMAIN")
+	})
+}

test/integration/terraform-test-cases.yaml

@@ -64,3 +64,10 @@ tests:
     stderr:
       contains:
         - "unsupported resource type: auth0_computer"
+
+  005 - it errors if AUTH0_DOMAIN values for provider and CLI do not match:
+    command: AUTH0_DOMAIN=some-other-domain.us.auth0.com auth0 tf generate --output-dir tmp-tf-gen
+    exit-code: 1
+    stderr:
+      contains:
+        - "Terraform provider tenant domain 'some-other-domain.us.auth0.com' does not match current CLI tenant '"