Skip to content

Commit

Permalink
Reintroduce support for azure blob client addon
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught committed Jun 26, 2023
1 parent 85600fb commit 52cdcf0
Show file tree
Hide file tree
Showing 9 changed files with 443 additions and 29 deletions.
21 changes: 21 additions & 0 deletions docs/data-sources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ data "auth0_client" "some-client-by-id" {
Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -85,6 +86,26 @@ Read-Only:
- `role` (String)


<a id="nestedobjatt--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Read-Only:

- `account_name` (String)
- `blob_delete` (Boolean)
- `blob_name` (String)
- `blob_read` (Boolean)
- `blob_write` (Boolean)
- `container_delete` (Boolean)
- `container_list` (Boolean)
- `container_name` (String)
- `container_read` (Boolean)
- `container_write` (Boolean)
- `expiration` (Number)
- `signed_identifier` (String)
- `storage_access_key` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/data-sources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ data "auth0_global_client" "global" {}
Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -74,6 +75,26 @@ Read-Only:
- `role` (String)


<a id="nestedobjatt--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Read-Only:

- `account_name` (String)
- `blob_delete` (Boolean)
- `blob_name` (String)
- `blob_read` (Boolean)
- `blob_write` (Boolean)
- `container_delete` (Boolean)
- `container_list` (Boolean)
- `container_name` (String)
- `container_read` (Boolean)
- `container_write` (Boolean)
- `expiration` (Number)
- `signed_identifier` (String)
- `storage_access_key` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ resource "auth0_client" "my_client" {
Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -147,6 +148,26 @@ Optional:
- `role` (String) AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo`.


<a id="nestedblock--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Optional:

- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
- `blob_name` (String) Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container.
- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
- `container_name` (String) Container to request a token for. e.g. `my-container`.
- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
- `storage_access_key` (String) Access key associated with this storage account.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/resources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ PAGE
Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -90,6 +91,26 @@ Optional:
- `role` (String) AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo`.


<a id="nestedblock--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Optional:

- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
- `blob_name` (String) Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container.
- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
- `container_name` (String) Container to request a token for. e.g. `my-container`.
- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
- `storage_access_key` (String) Access key associated with this storage account.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
40 changes: 32 additions & 8 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {

d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))

addons.AzureBlob = expandClientAddonAzureBlob(addonsCfg.GetAttr("azure_blob"))
return stop
})

Expand All @@ -260,20 +260,44 @@ func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
var awsAddon management.AWSClientAddon

awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
awsAddon.Role = value.String(awsCfg.GetAttr("role"))
awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))
awsAddon = management.AWSClientAddon{
Principal: value.String(awsCfg.GetAttr("principal")),
Role: value.String(awsCfg.GetAttr("role")),
LifetimeInSeconds: value.Int(awsCfg.GetAttr("lifetime_in_seconds")),
}

return stop
})

if awsAddon == (management.AWSClientAddon{}) {
return nil
}

return &awsAddon
}

func expandClientAddonAzureBlob(azureCfg cty.Value) *management.AzureBlobClientAddon {
var azureAddon management.AzureBlobClientAddon

azureCfg.ForEachElement(func(_ cty.Value, azureCfg cty.Value) (stop bool) {
azureAddon = management.AzureBlobClientAddon{
AccountName: value.String(azureCfg.GetAttr("account_name")),
StorageAccessKey: value.String(azureCfg.GetAttr("storage_access_key")),
ContainerName: value.String(azureCfg.GetAttr("container_name")),
BlobName: value.String(azureCfg.GetAttr("blob_name")),
Expiration: value.Int(azureCfg.GetAttr("expiration")),
SignedIdentifier: value.String(azureCfg.GetAttr("signed_identifier")),
BlobRead: value.Bool(azureCfg.GetAttr("blob_read")),
BlobWrite: value.Bool(azureCfg.GetAttr("blob_write")),
BlobDelete: value.Bool(azureCfg.GetAttr("blob_delete")),
ContainerRead: value.Bool(azureCfg.GetAttr("container_read")),
ContainerWrite: value.Bool(azureCfg.GetAttr("container_write")),
ContainerDelete: value.Bool(azureCfg.GetAttr("container_delete")),
ContainerList: value.Bool(azureCfg.GetAttr("container_list")),
}

return stop
})

return &azureAddon
}

func clientHasChange(c *management.Client) bool {
return c.String() != "{}"
}
41 changes: 32 additions & 9 deletions internal/auth0/client/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,17 +94,40 @@ func flattenClientAddons(addons *management.ClientAddons) []interface{} {
return nil
}

aws := map[string]interface{}{
"principal": addons.GetAWS().GetPrincipal(),
"role": addons.GetAWS().GetRole(),
"lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
m := map[string]interface{}{
"aws": nil,
"azure_blob": nil,
}

return []interface{}{
map[string]interface{}{
"aws": []interface{}{
aws,
if addons.GetAWS() != nil {
m["aws"] = []interface{}{
map[string]interface{}{
"principal": addons.GetAWS().GetPrincipal(),
"role": addons.GetAWS().GetRole(),
"lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
},
},
}
}

if addons.GetAzureBlob() != nil {
m["azure_blob"] = []interface{}{
map[string]interface{}{
"account_name": addons.GetAzureBlob().GetAccountName(),
"storage_access_key": addons.GetAzureBlob().GetStorageAccessKey(),
"container_name": addons.GetAzureBlob().GetContainerName(),
"blob_name": addons.GetAzureBlob().GetBlobName(),
"expiration": addons.GetAzureBlob().GetExpiration(),
"signed_identifier": addons.GetAzureBlob().GetSignedIdentifier(),
"blob_read": addons.GetAzureBlob().GetBlobRead(),
"blob_write": addons.GetAzureBlob().GetBlobWrite(),
"blob_delete": addons.GetAzureBlob().GetBlobDelete(),
"container_read": addons.GetAzureBlob().GetContainerRead(),
"container_write": addons.GetAzureBlob().GetContainerWrite(),
"container_delete": addons.GetAzureBlob().GetContainerDelete(),
"container_list": addons.GetAzureBlob().GetContainerList(),
},
}
}

return []interface{}{m}
}
93 changes: 93 additions & 0 deletions internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,7 @@ func NewResource() *schema.Resource {
"aws": {
Type: schema.TypeList,
Optional: true,
Computed: true,
MaxItems: 1,
Description: "AWS Addon configuration.",
Elem: &schema.Resource{
Expand All @@ -514,6 +515,98 @@ func NewResource() *schema.Resource {
},
},
},
"azure_blob": {
Type: schema.TypeList,
Optional: true,
Computed: true,
MaxItems: 1,
Description: "Azure Blob Storage Addon configuration.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"account_name": {
Description: "Your Azure storage account name. Usually first segment in your " +
"Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would " +
"be the account name `acme-org`.",
Type: schema.TypeString,
Optional: true,
},
"storage_access_key": {
Description: "Access key associated with this storage account.",
Type: schema.TypeString,
Optional: true,
},
"container_name": {
Description: "Container to request a token for. e.g. `my-container`.",
Type: schema.TypeString,
Optional: true,
},
"blob_name": {
Description: "Entity to request a token for. e.g. `my-blob`. If blank the " +
"computed SAS will apply to the entire storage container.",
Type: schema.TypeString,
Optional: true,
},
"expiration": {
Description: "Expiration in minutes for the generated token (default of 5 minutes).",
Type: schema.TypeInt,
ValidateFunc: validation.IntAtLeast(0),
Optional: true,
},
"signed_identifier": {
Description: "Shared access policy identifier defined in your storage account resource.",
Type: schema.TypeString,
Optional: true,
},
"blob_read": {
Description: "Indicates if the issued token has permission to read the " +
"content, properties, metadata and block list. Use the blob as the " +
"source of a copy operation.",
Type: schema.TypeBool,
Optional: true,
},
"blob_write": {
Description: "Indicates if the issued token has permission to create or " +
"write content, properties, metadata, or block list. Snapshot or lease " +
"the blob. Resize the blob (page blob only). Use the blob as the " +
"destination of a copy operation within the same account.",
Type: schema.TypeBool,
Optional: true,
},
"blob_delete": {
Description: "Indicates if the issued token has permission to delete the blob.",
Type: schema.TypeBool,
Optional: true,
},
"container_read": {
Description: "Indicates if the issued token has permission to read the " +
"content, properties, metadata or block list of any blob in the " +
"container. Use any blob in the container as the source of a copy operation.",
Type: schema.TypeBool,
Optional: true,
},
"container_write": {
Description: "Indicates that for any blob in the container if the issued " +
"token has permission to create or write content, properties, metadata, " +
"or block list. Snapshot or lease the blob. Resize the blob " +
"(page blob only). Use the blob as the destination of a copy operation " +
"within the same account.",
Type: schema.TypeBool,
Optional: true,
},
"container_delete": {
Description: "Indicates if issued token has permission to delete any blob in " +
"the container.",
Type: schema.TypeBool,
Optional: true,
},
"container_list": {
Description: "Indicates if the issued token has permission to list blobs in the container.",
Type: schema.TypeBool,
Optional: true,
},
},
},
},
},
},
},
Expand Down
Loading

0 comments on commit 52cdcf0

Please sign in to comment.