Skip to content

Commit

Permalink
Remove computed property from set_user_root_attributes
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught committed May 25, 2023
1 parent 5e9d15d commit 1e7aa67
Show file tree
Hide file tree
Showing 6 changed files with 362 additions and 158 deletions.
2 changes: 1 addition & 1 deletion docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,7 @@ Optional:
- `requires_username` (Boolean) Indicates whether the user is required to provide a username in addition to an email address.
- `scopes` (Set of String) Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: `basic_profile`, `ext_profile`, `ext_nested_groups`, etc.
- `scripts` (Map of String) A map of scripts used for an OAuth connection. Only accepts a `fetchUserProfile` script.
- `set_user_root_attributes` (String) Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'on_each_login' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on_first_login' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).
- `set_user_root_attributes` (String) Determines whether to sync user profile attributes (`name`, `given_name`, `family_name`, `nickname`, `picture`) at each login or only on the first login. Options include: `on_each_login`, `on_first_login`. Default value: `on_each_login`.
- `should_trust_email_verified_connection` (String) Choose how Auth0 sets the email_verified field in the user profile.
- `sign_in_endpoint` (String) SAML single login URL for the connection.
- `sign_out_endpoint` (String) SAML single logout URL for the connection.
Expand Down
5 changes: 5 additions & 0 deletions internal/auth0/connection/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,11 @@ func expandConnectionOptionsAD(config cty.Value) (*management.ConnectionOptionsA
BruteForceProtection: value.Bool(config.GetAttr("brute_force_protection")),
}

options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
if options.GetSetUserAttributes() == "on_each_login" {
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
}

var err error
options.UpstreamParams, err = value.MapFromJSON(config.GetAttr("upstream_params"))

Expand Down
6 changes: 5 additions & 1 deletion internal/auth0/connection/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -507,11 +507,15 @@ func flattenConnectionOptionsAzureAD(options *management.ConnectionOptionsAzureA
"api_enable_users": options.GetEnableUsersAPI(),
"max_groups_to_retrieve": options.GetMaxGroupsToRetrieve(),
"scopes": options.Scopes(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
}

m["set_user_root_attributes"] = options.GetSetUserAttributes()
if options.GetSetUserAttributes() == "" {
m["set_user_root_attributes"] = "on_each_login"
}

upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
if err != nil {
return nil, diag.FromErr(err)
Expand Down
58 changes: 58 additions & 0 deletions internal/auth0/connection/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,29 @@ func TestAccConnectionAzureAD(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
),
},
{
Config: acctest.ParseTestName(testAccConnectionADConfigUpdateSetUserRootAttributes, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "name", fmt.Sprintf("Acceptance-Test-Azure-AD-%s", t.Name())),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "strategy", "waad"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "show_as_button", "true"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.identity_api", "azure-active-directory-v1.0"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_id", "123456"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_secret", "123456"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.tenant_domain", "example.onmicrosoft.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain", "example.onmicrosoft.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain_aliases.#", "2"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.domain_aliases.*", "example.com"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.domain_aliases.*", "api.example.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.scopes.#", "3"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "basic_profile"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "ext_profile"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "ext_groups"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.set_user_root_attributes", "on_first_login"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.should_trust_email_verified_connection", "never_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
),
},
},
})
}
Expand Down Expand Up @@ -275,6 +298,41 @@ resource "auth0_connection" "azure_ad" {
}
`

const testAccConnectionADConfigUpdateSetUserRootAttributes = `
resource "auth0_connection" "azure_ad" {
name = "Acceptance-Test-Azure-AD-{{.testName}}"
strategy = "waad"
show_as_button = true
options {
identity_api = "azure-active-directory-v1.0"
client_id = "123456"
client_secret = "123456"
tenant_domain = "example.onmicrosoft.com"
domain = "example.onmicrosoft.com"
domain_aliases = [
"example.com",
"api.example.com"
]
use_wsfed = false
waad_protocol = "openid-connect"
waad_common_endpoint = false
api_enable_users = true
scopes = [
"basic_profile",
"ext_groups",
"ext_profile"
]
set_user_root_attributes = "on_first_login"
should_trust_email_verified_connection = "never_set_emails_as_verified"
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
}
}
`

func TestAccConnectionADFS(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
Expand Down
19 changes: 6 additions & 13 deletions internal/auth0/connection/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -503,19 +503,12 @@ var resourceSchema = map[string]*schema.Schema{
},

"set_user_root_attributes": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.StringInSlice([]string{
"on_each_login", "on_first_login",
}, false),
Description: "Determines whether the 'name', 'given_name', 'family_name', 'nickname', " +
"and 'picture' attributes can be independently updated when using an external IdP. " +
"Possible values are 'on_each_login' (default value, it configures the connection to " +
"automatically update the root attributes from the external IdP with each user login. " +
"When this setting is used, root attributes cannot be independently updated), " +
"'on_first_login' (configures the connection to only set the root attributes on " +
"first login, allowing them to be independently updated thereafter).",
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{"on_each_login", "on_first_login"}, false),
Description: "Determines whether to sync user profile attributes (`name`, `given_name`, " +
"`family_name`, `nickname`, `picture`) at each login or only on the first login. Options " +
"include: `on_each_login`, `on_first_login`. Default value: `on_each_login`.",
},
"non_persistent_attrs": {
Type: schema.TypeSet,
Expand Down
Loading

0 comments on commit 1e7aa67

Please sign in to comment.