Remove computed property from set_user_root_attributes

auth0 · May 25, 2023 · 69be967 · 69be967
1 parent 622a7e4
commit 69be967
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 16 deletions.
diff --git a/docs/resources/connection.md b/docs/resources/connection.md
@@ -332,7 +332,7 @@ resource "auth0_connection" "azure_ad" {
       "ext_groups",
       "ext_profile"
     ]
-    set_user_root_attributes               = "on_each_login"
+    set_user_root_attributes               = "on_first_login" # Remove this property if you want these to sync on each login.
     should_trust_email_verified_connection = "never_set_emails_as_verified"
     upstream_params = jsonencode({
       "screen_name" : {
@@ -675,7 +675,7 @@ Optional:
 - `requires_username` (Boolean) Indicates whether the user is required to provide a username in addition to an email address.
 - `scopes` (Set of String) Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: `basic_profile`, `ext_profile`, `ext_nested_groups`, etc.
 - `scripts` (Map of String) A map of scripts used for an OAuth connection. Only accepts a `fetchUserProfile` script.
-- `set_user_root_attributes` (String) Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'on_each_login' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on_first_login' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).
+- `set_user_root_attributes` (String) Determines whether to sync user profile attributes (`name`, `given_name`, `family_name`, `nickname`, `picture`) at each login or only on the first login. Options include: `on_each_login`, `on_first_login`. Default value: `on_each_login`. For Microsoft Azure AD connections (`strategy = waad`), remove this property from your config to have the user profile attributes sync at each login.
 - `should_trust_email_verified_connection` (String) Choose how Auth0 sets the email_verified field in the user profile.
 - `sign_in_endpoint` (String) SAML single login URL for the connection.
 - `sign_out_endpoint` (String) SAML single logout URL for the connection.

diff --git a/examples/resources/auth0_connection/resource_with_azure_ad.tf b/examples/resources/auth0_connection/resource_with_azure_ad.tf
@@ -24,7 +24,7 @@ resource "auth0_connection" "azure_ad" {
       "ext_groups",
       "ext_profile"
     ]
-    set_user_root_attributes               = "on_each_login"
+    set_user_root_attributes               = "on_first_login" # Remove this property if you want these to sync on each login.
     should_trust_email_verified_connection = "never_set_emails_as_verified"
     upstream_params = jsonencode({
       "screen_name" : {

diff --git a/internal/auth0/connection/schema.go b/internal/auth0/connection/schema.go
@@ -503,19 +503,14 @@ var resourceSchema = map[string]*schema.Schema{
 				},
 
 				"set_user_root_attributes": {
-					Type:     schema.TypeString,
-					Optional: true,
-					Computed: true,
-					ValidateFunc: validation.StringInSlice([]string{
-						"on_each_login", "on_first_login",
-					}, false),
-					Description: "Determines whether the 'name', 'given_name', 'family_name', 'nickname', " +
-						"and 'picture' attributes can be independently updated when using an external IdP. " +
-						"Possible values are 'on_each_login' (default value, it configures the connection to " +
-						"automatically update the root attributes from the external IdP with each user login. " +
-						"When this setting is used, root attributes cannot be independently updated), " +
-						"'on_first_login' (configures the connection to only set the root attributes on " +
-						"first login, allowing them to be independently updated thereafter).",
+					Type:         schema.TypeString,
+					Optional:     true,
+					ValidateFunc: validation.StringInSlice([]string{"on_each_login", "on_first_login"}, false),
+					Description: "Determines whether to sync user profile attributes (`name`, `given_name`, " +
+						"`family_name`, `nickname`, `picture`) at each login or only on the first login. Options " +
+						"include: `on_each_login`, `on_first_login`. Default value: `on_each_login`. For Microsoft " +
+						"Azure AD connections (`strategy = waad`), remove this property from your config to have the " +
+						"user profile attributes sync at each login.",
 				},
 				"non_persistent_attrs": {
 					Type:     schema.TypeSet,