Fix set_user_root_attributes attribute on enterprise connections

auth0 · Jun 5, 2023 · 3a2e11c · 3a2e11c
1 parent 92759d1
commit 3a2e11c
Show file tree

Hide file tree

Showing 8 changed files with 873 additions and 451 deletions.
diff --git a/internal/auth0/connection/expand.go b/internal/auth0/connection/expand.go
@@ -331,12 +331,16 @@ func expandConnectionOptionsGoogleApps(
 		Domain:             value.String(config.GetAttr("domain")),
 		TenantDomain:       value.String(config.GetAttr("tenant_domain")),
 		EnableUsersAPI:     value.Bool(config.GetAttr("api_enable_users")),
-		SetUserAttributes:  value.String(config.GetAttr("set_user_root_attributes")),
 		NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
 		DomainAliases:      value.Strings(config.GetAttr("domain_aliases")),
 		LogoURL:            value.String(config.GetAttr("icon_url")),
 	}
 
+	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
+	if options.GetSetUserAttributes() == "on_each_login" {
+		options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
+	}
+
 	expandConnectionOptionsScopes(d, options)
 
 	var err error
@@ -555,11 +559,15 @@ func expandConnectionOptionsAD(config cty.Value) (*management.ConnectionOptionsA
 		CertAuth:             value.Bool(config.GetAttr("use_cert_auth")),
 		Kerberos:             value.Bool(config.GetAttr("use_kerberos")),
 		DisableCache:         value.Bool(config.GetAttr("disable_cache")),
-		SetUserAttributes:    value.String(config.GetAttr("set_user_root_attributes")),
 		NonPersistentAttrs:   value.Strings(config.GetAttr("non_persistent_attrs")),
 		BruteForceProtection: value.Bool(config.GetAttr("brute_force_protection")),
 	}
 
+	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
+	if options.GetSetUserAttributes() == "on_each_login" {
+		options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
+	}
+
 	var err error
 	options.UpstreamParams, err = value.MapFromJSON(config.GetAttr("upstream_params"))
 
@@ -673,13 +681,17 @@ func expandConnectionOptionsSAML(config cty.Value) (*management.ConnectionOption
 		RequestTemplate:    value.String(config.GetAttr("request_template")),
 		UserIDAttribute:    value.String(config.GetAttr("user_id_attribute")),
 		LogoURL:            value.String(config.GetAttr("icon_url")),
-		SetUserAttributes:  value.String(config.GetAttr("set_user_root_attributes")),
 		NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
 		EntityID:           value.String(config.GetAttr("entity_id")),
 		MetadataXML:        value.String(config.GetAttr("metadata_xml")),
 		MetadataURL:        value.String(config.GetAttr("metadata_url")),
 	}
 
+	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
+	if options.GetSetUserAttributes() == "on_each_login" {
+		options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
+	}
+
 	config.GetAttr("idp_initiated").ForEachElement(func(_ cty.Value, idp cty.Value) (stop bool) {
 		options.IdpInitiated = &management.ConnectionOptionsSAMLIdpInitiated{
 			ClientID:             value.String(idp.GetAttr("client_id")),
@@ -720,10 +732,14 @@ func expandConnectionOptionsADFS(config cty.Value) (*management.ConnectionOption
 		SignInEndpoint:     value.String(config.GetAttr("sign_in_endpoint")),
 		EnableUsersAPI:     value.Bool(config.GetAttr("api_enable_users")),
 		TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
-		SetUserAttributes:  value.String(config.GetAttr("set_user_root_attributes")),
 		NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
 	}
 
+	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
+	if options.GetSetUserAttributes() == "on_each_login" {
+		options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
+	}
+
 	var err error
 	options.UpstreamParams, err = value.MapFromJSON(config.GetAttr("upstream_params"))
 
@@ -744,7 +760,11 @@ func expandConnectionOptionsPingFederate(
 		SignatureAlgorithm:  value.String(config.GetAttr("signature_algorithm")),
 		PingFederateBaseURL: value.String(config.GetAttr("ping_federate_base_url")),
 		NonPersistentAttrs:  value.Strings(config.GetAttr("non_persistent_attrs")),
-		SetUserAttributes:   value.String(config.GetAttr("set_user_root_attributes")),
+	}
+
+	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
+	if options.GetSetUserAttributes() == "on_each_login" {
+		options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
 	}
 
 	config.GetAttr("idp_initiated").ForEachElement(func(_ cty.Value, idp cty.Value) (stop bool) {

diff --git a/internal/auth0/connection/flatten.go b/internal/auth0/connection/flatten.go
@@ -204,16 +204,20 @@ func flattenConnectionOptionsGoogleApps(
 	options *management.ConnectionOptionsGoogleApps,
 ) (interface{}, diag.Diagnostics) {
 	m := map[string]interface{}{
-		"client_id":                options.GetClientID(),
-		"client_secret":            options.GetClientSecret(),
-		"domain":                   options.GetDomain(),
-		"tenant_domain":            options.GetTenantDomain(),
-		"api_enable_users":         options.GetEnableUsersAPI(),
-		"scopes":                   options.Scopes(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"icon_url":                 options.GetLogoURL(),
+		"client_id":            options.GetClientID(),
+		"client_secret":        options.GetClientSecret(),
+		"domain":               options.GetDomain(),
+		"tenant_domain":        options.GetTenantDomain(),
+		"api_enable_users":     options.GetEnableUsersAPI(),
+		"scopes":               options.Scopes(),
+		"non_persistent_attrs": options.GetNonPersistentAttrs(),
+		"domain_aliases":       options.GetDomainAliases(),
+		"icon_url":             options.GetLogoURL(),
+	}
+
+	m["set_user_root_attributes"] = options.GetSetUserAttributes()
+	if options.GetSetUserAttributes() == "" {
+		m["set_user_root_attributes"] = "on_each_login"
 	}
 
 	upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
@@ -470,16 +474,20 @@ func flattenConnectionOptionsEmail(options *management.ConnectionOptionsEmail) (
 
 func flattenConnectionOptionsAD(options *management.ConnectionOptionsAD) (interface{}, diag.Diagnostics) {
 	m := map[string]interface{}{
-		"tenant_domain":            options.GetTenantDomain(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"icon_url":                 options.GetLogoURL(),
-		"ips":                      options.GetIPs(),
-		"use_cert_auth":            options.GetCertAuth(),
-		"use_kerberos":             options.GetKerberos(),
-		"disable_cache":            options.GetDisableCache(),
-		"brute_force_protection":   options.GetBruteForceProtection(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
+		"tenant_domain":          options.GetTenantDomain(),
+		"domain_aliases":         options.GetDomainAliases(),
+		"icon_url":               options.GetLogoURL(),
+		"ips":                    options.GetIPs(),
+		"use_cert_auth":          options.GetCertAuth(),
+		"use_kerberos":           options.GetKerberos(),
+		"disable_cache":          options.GetDisableCache(),
+		"brute_force_protection": options.GetBruteForceProtection(),
+		"non_persistent_attrs":   options.GetNonPersistentAttrs(),
+	}
+
+	m["set_user_root_attributes"] = options.GetSetUserAttributes()
+	if options.GetSetUserAttributes() == "" {
+		m["set_user_root_attributes"] = "on_each_login"
 	}
 
 	upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
@@ -535,10 +543,14 @@ func flattenConnectionOptionsADFS(options *management.ConnectionOptionsADFS) (in
 		"sign_in_endpoint":                       options.GetSignInEndpoint(),
 		"api_enable_users":                       options.GetEnableUsersAPI(),
 		"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
-		"set_user_root_attributes":               options.GetSetUserAttributes(),
 		"non_persistent_attrs":                   options.GetNonPersistentAttrs(),
 	}
 
+	m["set_user_root_attributes"] = options.GetSetUserAttributes()
+	if options.GetSetUserAttributes() == "" {
+		m["set_user_root_attributes"] = "on_each_login"
+	}
+
 	upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
 	if err != nil {
 		return nil, diag.FromErr(err)
@@ -553,25 +565,29 @@ func flattenConnectionOptionsSAML(
 	options *management.ConnectionOptionsSAML,
 ) (interface{}, diag.Diagnostics) {
 	m := map[string]interface{}{
-		"signing_cert":             options.GetSigningCert(),
-		"protocol_binding":         options.GetProtocolBinding(),
-		"debug":                    options.GetDebug(),
-		"tenant_domain":            options.GetTenantDomain(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"sign_in_endpoint":         options.GetSignInEndpoint(),
-		"sign_out_endpoint":        options.GetSignOutEndpoint(),
-		"disable_sign_out":         options.GetDisableSignOut(),
-		"signature_algorithm":      options.GetSignatureAlgorithm(),
-		"digest_algorithm":         options.GetDigestAglorithm(),
-		"sign_saml_request":        options.GetSignSAMLRequest(),
-		"icon_url":                 options.GetLogoURL(),
-		"request_template":         options.GetRequestTemplate(),
-		"user_id_attribute":        options.GetUserIDAttribute(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
-		"entity_id":                options.GetEntityID(),
-		"metadata_url":             options.GetMetadataURL(),
-		"metadata_xml":             d.Get("options.0.metadata_xml").(string), // Does not get read back.
+		"signing_cert":         options.GetSigningCert(),
+		"protocol_binding":     options.GetProtocolBinding(),
+		"debug":                options.GetDebug(),
+		"tenant_domain":        options.GetTenantDomain(),
+		"domain_aliases":       options.GetDomainAliases(),
+		"sign_in_endpoint":     options.GetSignInEndpoint(),
+		"sign_out_endpoint":    options.GetSignOutEndpoint(),
+		"disable_sign_out":     options.GetDisableSignOut(),
+		"signature_algorithm":  options.GetSignatureAlgorithm(),
+		"digest_algorithm":     options.GetDigestAglorithm(),
+		"sign_saml_request":    options.GetSignSAMLRequest(),
+		"icon_url":             options.GetLogoURL(),
+		"request_template":     options.GetRequestTemplate(),
+		"user_id_attribute":    options.GetUserIDAttribute(),
+		"non_persistent_attrs": options.GetNonPersistentAttrs(),
+		"entity_id":            options.GetEntityID(),
+		"metadata_url":         options.GetMetadataURL(),
+		"metadata_xml":         d.Get("options.0.metadata_xml").(string), // Does not get read back.
+	}
+
+	m["set_user_root_attributes"] = options.GetSetUserAttributes()
+	if options.GetSetUserAttributes() == "" {
+		m["set_user_root_attributes"] = "on_each_login"
 	}
 
 	if options.IdpInitiated != nil {
@@ -617,17 +633,21 @@ func flattenConnectionOptionsPingFederate(
 	}
 
 	m := map[string]interface{}{
-		"signing_cert":             signingCert,
-		"tenant_domain":            options.GetTenantDomain(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"sign_in_endpoint":         options.GetSignInEndpoint(),
-		"signature_algorithm":      options.GetSignatureAlgorithm(),
-		"digest_algorithm":         options.GetDigestAlgorithm(),
-		"sign_saml_request":        options.GetSignSAMLRequest(),
-		"ping_federate_base_url":   options.GetPingFederateBaseURL(),
-		"icon_url":                 options.GetLogoURL(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
+		"signing_cert":           signingCert,
+		"tenant_domain":          options.GetTenantDomain(),
+		"domain_aliases":         options.GetDomainAliases(),
+		"sign_in_endpoint":       options.GetSignInEndpoint(),
+		"signature_algorithm":    options.GetSignatureAlgorithm(),
+		"digest_algorithm":       options.GetDigestAlgorithm(),
+		"sign_saml_request":      options.GetSignSAMLRequest(),
+		"ping_federate_base_url": options.GetPingFederateBaseURL(),
+		"icon_url":               options.GetLogoURL(),
+		"non_persistent_attrs":   options.GetNonPersistentAttrs(),
+	}
+
+	m["set_user_root_attributes"] = options.GetSetUserAttributes()
+	if options.GetSetUserAttributes() == "" {
+		m["set_user_root_attributes"] = "on_each_login"
 	}
 
 	m["idp_initiated"] = []interface{}{