Add fed_metadata_xml and other missing fields to adfs connection

docs/resources/connection.md

@@ -618,7 +618,7 @@ resource "auth0_connection" "okta" {
 
 Optional:
 
-- `adfs_server` (String) ADFS Metadata source.
+- `adfs_server` (String) ADFS URL where to fetch the metadata source.
 - `allowed_audiences` (Set of String) List of allowed audiences.
 - `api_enable_users` (Boolean) Enable API Access to users.
 - `app_id` (String) App ID.
@@ -641,6 +641,7 @@ Optional:
 - `enable_script_context` (Boolean) Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled).
 - `enabled_database_customization` (Boolean) Set to `true` to use a legacy user store.
 - `entity_id` (String) Custom Entity ID for the connection.
+- `fed_metadata_xml` (String) Federation Metadata for the ADFS connection.
 - `fields_map` (String) If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
 - `forward_request_info` (Boolean) Specifies whether or not request info should be forwarded to sms gateway.
 - `from` (String) Address to use as the sender.

internal/provider/resource_auth0_connection.go

@@ -537,7 +537,12 @@ var connectionSchema = map[string]*schema.Schema{
 				"adfs_server": {
 					Type:        schema.TypeString,
 					Optional:    true,
-					Description: "ADFS Metadata source.",
+					Description: "ADFS URL where to fetch the metadata source.",
+				},
+				"fed_metadata_xml": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					Description: "Federation Metadata for the ADFS connection.",
 				},
 				"community_base_url": {
 					Type:        schema.TypeString,

internal/provider/resource_auth0_connection_test.go

@@ -350,6 +350,30 @@ func TestAccConnectionADFS(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
 					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
 					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "always_set_emails_as_verified"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccConnectionADFSConfigUpdate, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "name", fmt.Sprintf("Acceptance-Test-ADFS-%s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "strategy", "adfs"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "show_as_button", "true"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.tenant_domain", "example.auth0.com"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.#", "1"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.0", "example.com"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.icon_url", "https://example.com/logo.svg"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.adfs_server", ""),
+					resource.TestCheckResourceAttrSet("auth0_connection.adfs", "options.0.fed_metadata_xml"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.api_enable_users", "false"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.set_user_root_attributes", "on_each_login"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.#", "2"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "never_set_emails_as_verified"),
+					resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
 				),
 			},
 		},
@@ -367,9 +391,69 @@ resource "auth0_connection" "adfs" {
 		domain_aliases = ["example.com"]
 		icon_url = "https://example.com/logo.svg"
 		adfs_server = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/b5ed4fc037bcf7be0a8953033a3c3ffa1be17083/test/data/federation_metadata.xml"
+		sign_in_endpoint = "https://adfs.provider/wsfed"
 		api_enable_users = false
 		set_user_root_attributes = "on_each_login"
 		non_persistent_attrs = ["gender","hair_color"]
+		should_trust_email_verified_connection = "always_set_emails_as_verified"
+		upstream_params = jsonencode({
+			"screen_name": {
+				"alias": "login_hint"
+			}
+		})
+	}
+}
+`
+
+const testAccConnectionADFSConfigUpdate = `
+resource "auth0_connection" "adfs" {
+	name     = "Acceptance-Test-ADFS-{{.testName}}"
+	strategy = "adfs"
+	show_as_button = true
+
+	options {
+		tenant_domain = "example.auth0.com"
+		domain_aliases = ["example.com"]
+		icon_url = "https://example.com/logo.svg"
+		adfs_server = ""
+		fed_metadata_xml = <<EOF
+<?xml version="1.0" encoding="utf-8"?>
+<EntityDescriptor entityID="https://example.com"
+                  xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+    <RoleDescriptor xsi:type="fed:ApplicationServiceType"
+                    protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706"
+                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                    xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
+        <fed:TargetScopes>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://adfs.provider/</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:TargetScopes>
+        <fed:ApplicationServiceEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://adfs.provider/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:ApplicationServiceEndpoint>
+        <fed:PassiveRequestorEndpoint>
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>https://adfs.provider/wsfed</wsa:Address>
+            </wsa:EndpointReference>
+        </fed:PassiveRequestorEndpoint>
+    </RoleDescriptor>
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                             Location="https://adfs.provider/sign_out"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                             Location="https://adfs.provider/sign_in"/>
+    </IDPSSODescriptor>
+</EntityDescriptor>
+
+EOF
+		sign_in_endpoint = "https://adfs.provider/wsfed"
+		api_enable_users = false
+		should_trust_email_verified_connection = "never_set_emails_as_verified"
+		set_user_root_attributes = "on_each_login"
+		non_persistent_attrs = ["gender","hair_color"]
 		upstream_params = jsonencode({
 			"screen_name": {
 				"alias": "login_hint"

internal/provider/structure_auth0_connection.go

@@ -526,13 +526,16 @@ func flattenConnectionOptionsAzureAD(options *management.ConnectionOptionsAzureA
 
 func flattenConnectionOptionsADFS(options *management.ConnectionOptionsADFS) (interface{}, diag.Diagnostics) {
 	m := map[string]interface{}{
-		"tenant_domain":            options.GetTenantDomain(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"icon_url":                 options.GetLogoURL(),
-		"adfs_server":              options.GetADFSServer(),
-		"api_enable_users":         options.GetEnableUsersAPI(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
+		"tenant_domain":                          options.GetTenantDomain(),
+		"domain_aliases":                         options.GetDomainAliases(),
+		"icon_url":                               options.GetLogoURL(),
+		"adfs_server":                            options.GetADFSServer(),
+		"fed_metadata_xml":                       options.GetFedMetadataXML(),
+		"sign_in_endpoint":                       options.GetSignInEndpoint(),
+		"api_enable_users":                       options.GetEnableUsersAPI(),
+		"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
+		"set_user_root_attributes":               options.GetSetUserAttributes(),
+		"non_persistent_attrs":                   options.GetNonPersistentAttrs(),
 	}
 
 	upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
@@ -1273,7 +1276,10 @@ func expandConnectionOptionsADFS(config cty.Value) (*management.ConnectionOption
 		DomainAliases:      value.Strings(config.GetAttr("domain_aliases")),
 		LogoURL:            value.String(config.GetAttr("icon_url")),
 		ADFSServer:         value.String(config.GetAttr("adfs_server")),
+		FedMetadataXML:     value.String(config.GetAttr("fed_metadata_xml")),
+		SignInEndpoint:     value.String(config.GetAttr("sign_in_endpoint")),
 		EnableUsersAPI:     value.Bool(config.GetAttr("api_enable_users")),
+		TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
 		SetUserAttributes:  value.String(config.GetAttr("set_user_root_attributes")),
 		NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
 	}