Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement auth0_encryption_key_manager resource using the framework
Browse files Browse the repository at this point in the history
acwest committed Oct 28, 2024

Verified

This commit was signed with the committer’s verified signature.
acwest A. Craig West
1 parent 2a46719 commit 8144093
Showing 29 changed files with 3,245 additions and 3,139 deletions.
21 changes: 10 additions & 11 deletions docs/resources/encryption_key_manager.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
---
page_title: "Resource: auth0_encryption_key_manager"
description: |-
Resource to allow the rekeying of your tenant master key.
A resource for managing the tenant root key.
---

# Resource: auth0_encryption_key_manager

Resource to allow the rekeying of your tenant master key.
A resource for managing the tenant root key.

## Example Usage

@@ -50,13 +50,12 @@ resource "auth0_encryption_key_manager" "my_key_manager" {

### Optional

- `customer_provided_root_key` (Block List, Max: 1) This attribute is used for provisioning the customer provided root key. To initiate the provisioning process, create a new empty `customer_provided_root_key` block. After applying this, the `public_wrapping_key` can be retreived from the resource, and the new root key should be generated by the customer and wrapped with the wrapping key, then base64-encoded and added as the `wrapped_key` attribute. (see [below for nested schema](#nestedblock--customer_provided_root_key))
- `customer_provided_root_key` (Block, Optional) This attribute is used for provisioning the customer provided root key. To initiate the provisioning process, create a new empty `customer_provided_root_key` block. After applying this, the `public_wrapping_key` can be retreived from the resource, and the new root key should be generated by the customer and wrapped with the wrapping key, then base64-encoded and added as the `wrapped_key` attribute. (see [below for nested schema](#nestedblock--customer_provided_root_key))
- `key_rotation_id` (String) If this value is changed, the encryption keys will be rotated. A UUID is recommended for the `key_rotation_id`.

### Read-Only

- `encryption_keys` (List of Object) All encryption keys. (see [below for nested schema](#nestedatt--encryption_keys))
- `id` (String) The ID of this resource.
- `encryption_keys` (Attributes List) All encryption keys. (see [below for nested schema](#nestedatt--encryption_keys))

<a id="nestedblock--customer_provided_root_key"></a>
### Nested Schema for `customer_provided_root_key`
@@ -82,11 +81,11 @@ Read-Only:

Read-Only:

- `created_at` (String)
- `key_id` (String)
- `parent_key_id` (String)
- `state` (String)
- `type` (String)
- `updated_at` (String)
- `created_at` (String) The ISO 8601 formatted date the customer provided root key was created.
- `key_id` (String) The key ID of the customer provided root key.
- `parent_key_id` (String) The key ID of the parent wrapping key.
- `state` (String) The state of the encryption key. One of `pre-activation`, `active`, `deactivated`, or `destroyed`.
- `type` (String) The type of the encryption key. One of `customer-provided-root-key`, `environment-root-key`, or `tenant-master-key`.
- `updated_at` (String) The ISO 8601 formatted date the customer provided root key was updated.


1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -52,6 +52,7 @@ require (
github.com/hashicorp/logutils v1.0.0 // indirect
github.com/hashicorp/terraform-exec v0.21.0 // indirect
github.com/hashicorp/terraform-json v0.22.1 // indirect
github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0 // indirect
github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
github.com/hashicorp/terraform-svchost v0.1.1 // indirect
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -113,6 +113,8 @@ github.com/hashicorp/terraform-plugin-docs v0.19.4 h1:G3Bgo7J22OMtegIgn8Cd/CaSey
github.com/hashicorp/terraform-plugin-docs v0.19.4/go.mod h1:4pLASsatTmRynVzsjEhbXZ6s7xBlUw/2Kt0zfrq8HxA=
github.com/hashicorp/terraform-plugin-framework v1.12.0 h1:7HKaueHPaikX5/7cbC1r9d1m12iYHY+FlNZEGxQ42CQ=
github.com/hashicorp/terraform-plugin-framework v1.12.0/go.mod h1:N/IOQ2uYjW60Jp39Cp3mw7I/OpC/GfZ0385R0YibmkE=
github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0 h1:v3DapR8gsp3EM8fKMh6up9cJUFQ2iRaFsYLP8UJnCco=
github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0/go.mod h1:c3PnGE9pHBDfdEVG9t1S1C9ia5LW+gkFR0CygXlM8ak=
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 h1:bxZfGo9DIUoLLtHMElsu+zwqI4IsMZQBRRy4iLzZJ8E=
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0/go.mod h1:wGeI02gEhj9nPANU62F2jCaHjXulejm/X+af4PdZaNo=
github.com/hashicorp/terraform-plugin-go v0.24.0 h1:2WpHhginCdVhFIrWHxDEg6RBn3YaWzR2o6qUeIEat2U=
110 changes: 94 additions & 16 deletions internal/acctest/acctest.go
Original file line number Diff line number Diff line change
@@ -7,27 +7,31 @@ import (
"testing"

"github.com/auth0/go-auth0/management"
"github.com/hashicorp/terraform-plugin-framework/provider"
"github.com/hashicorp/terraform-plugin-go/tfprotov6"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"gopkg.in/dnaeon/go-vcr.v3/recorder"

"github.com/auth0/terraform-provider-auth0/internal/config"
"github.com/auth0/terraform-provider-auth0/internal/provider"
frameworkError "github.com/auth0/terraform-provider-auth0/internal/framework/error"
frameworkProvider "github.com/auth0/terraform-provider-auth0/internal/framework/provider"
internalProvider "github.com/auth0/terraform-provider-auth0/internal/provider"
)

// Test checks to see if http recordings are enabled and runs the tests
// in parallel if they are, otherwise it simply wraps resource.Test.
func Test(t *testing.T, testCase resource.TestCase) {
if httpRecordingsAreEnabled() {
httpRecorder := newHTTPRecorder(t)
testCase.ProviderFactories = testFactoriesWithHTTPRecordings(httpRecorder)
testCase.ProtoV6ProviderFactories = testProviderFactoriesWithHTTPRecordings(httpRecorder)
resource.ParallelTest(t, testCase)

return
}

testCase.ProviderFactories = TestFactories()
testCase.ProtoV6ProviderFactories = TestProviderFactories()
resource.Test(t, testCase)
}

@@ -36,23 +40,29 @@ func httpRecordingsAreEnabled() bool {
return httpRecordings == "true" || httpRecordings == "1" || httpRecordings == "on"
}

// TestFactories returns the configured auth0 provider used in testing.
func TestFactories() map[string]func() (*schema.Provider, error) {
return map[string]func() (*schema.Provider, error){
"auth0": func() (*schema.Provider, error) {
return provider.New(), nil
// TestProviderFactories returns the configured auth0 provider used in testing for the framework.
func TestProviderFactories() map[string]func() (tfprotov6.ProviderServer, error) {
// Set descriptions to support Markdown syntax for SDK resources,
// this will be used in document generation.
schema.DescriptionKind = schema.StringMarkdown
return map[string]func() (tfprotov6.ProviderServer, error){
"auth0": func() (tfprotov6.ProviderServer, error) {
return frameworkProvider.MuxServer(internalProvider.New(), frameworkProvider.New())
},
}
}

func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string]func() (*schema.Provider, error) {
return map[string]func() (*schema.Provider, error){
"auth0": func() (*schema.Provider, error) {
auth0Provider := provider.New()

auth0Provider.ConfigureContextFunc = configureTestProviderWithHTTPRecordings(httpRecorder)

return auth0Provider, nil
func testProviderFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string]func() (tfprotov6.ProviderServer, error) {
// Set descriptions to support Markdown syntax for SDK resources,
// this will be used in document generation.
schema.DescriptionKind = schema.StringMarkdown
return map[string]func() (tfprotov6.ProviderServer, error){
"auth0": func() (tfprotov6.ProviderServer, error) {
sdkProvider := internalProvider.New()
sdkProvider.ConfigureContextFunc = configureTestProviderWithHTTPRecordings(httpRecorder)
fwkProvider := frameworkProvider.New()
fwkProvider.SetConfigureFunc(configureTestFrameworkProviderWithHTTPRecordings(httpRecorder))
return frameworkProvider.MuxServer(sdkProvider, fwkProvider)
},
}
}
@@ -96,3 +106,71 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc
return config.New(apiClient), nil
}
}

func configureTestFrameworkProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) func(context.Context, provider.ConfigureRequest, *provider.ConfigureResponse) {
return func(ctx context.Context, request provider.ConfigureRequest, response *provider.ConfigureResponse) {
domain := os.Getenv("AUTH0_DOMAIN")
debugStr := os.Getenv("AUTH0_DEBUG")
debug := (debugStr == "1" || debugStr == "true" || debugStr == "TRUE" || debugStr == "on" || debugStr == "ON")

var data config.FrameworkProviderModel
response.Diagnostics.Append(request.Config.Get(ctx, &data)...)

if data.Domain.ValueString() != "" {
domain = data.Domain.ValueString()
}
if !data.Debug.IsNull() && !data.Debug.IsUnknown() {
debug = data.Debug.ValueBool()
}

clientOptions := []management.Option{
management.WithStaticToken("insecure"),
management.WithClient(httpRecorder.GetDefaultClient()),
management.WithDebug(debug),
management.WithRetries(3, []int{http.StatusTooManyRequests, http.StatusInternalServerError}),
}

if domain != RecordingsDomain {
clientID := os.Getenv("AUTH0_CLIENT_ID")
clientSecret := os.Getenv("AUTH0_CLIENT_SECRET")
apiToken := os.Getenv("AUTH0_API_TOKEN")
audience := os.Getenv("AUTH0_AUDIENCE")

if data.ClientID.ValueString() != "" {
clientID = data.ClientID.ValueString()
}
if data.ClientSecret.ValueString() != "" {
clientSecret = data.ClientSecret.ValueString()
}
if data.APIToken.ValueString() != "" {
apiToken = data.APIToken.ValueString()
}
if data.Audience.ValueString() != "" {
audience = data.Audience.ValueString()
}

authenticationOption := management.WithStaticToken(apiToken)
if apiToken == "" {
ctx := context.Background()

authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
if audience != "" {
authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)
}
}

clientOptions = append(clientOptions, authenticationOption)
}

apiClient, err := management.New(domain, clientOptions...)
if err != nil {
response.Diagnostics.Append(frameworkError.Diagnostics(err)...)
}

if !response.Diagnostics.HasError() {
config := config.New(apiClient)
response.ResourceData = config
response.DataSourceData = config
}
}
}
4 changes: 2 additions & 2 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ resource "auth0_client" "my_client" {

func TestAccClientInitiateLoginUriValidation(t *testing.T) {
resource.UnitTest(t, resource.TestCase{
ProviderFactories: acctest.TestFactories(),
ProtoV6ProviderFactories: acctest.TestProviderFactories(),
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccClientValidationOnInitiateLoginURIWithHTTP, t.Name()),
@@ -44,7 +44,7 @@ resource "auth0_client" "my_client" {

func TestAccClientMobileValidationError(t *testing.T) {
resource.UnitTest(t, resource.TestCase{
ProviderFactories: acctest.TestFactories(),
ProtoV6ProviderFactories: acctest.TestProviderFactories(),
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccClientValidationOnMobile, t.Name()),
2 changes: 1 addition & 1 deletion internal/auth0/connection/data_source_test.go
Original file line number Diff line number Diff line change
@@ -55,7 +55,7 @@ data "auth0_connection" "test" {

func TestAccDataSourceConnectionRequiredArguments(t *testing.T) {
resource.UnitTest(t, resource.TestCase{
ProviderFactories: acctest.TestFactories(),
ProtoV6ProviderFactories: acctest.TestProviderFactories(),
Steps: []resource.TestStep{
{
Config: `data "auth0_connection" "test" { }`,
65 changes: 0 additions & 65 deletions internal/auth0/encryptionkeymanager/flatten.go

This file was deleted.

Loading

0 comments on commit 8144093

Please sign in to comment.