Readonly permissions field to user (#572)

* Adding read-only permissions field to user resource and data source * Typeset and rolling-back doc change * Regenerating docs, regenerating test recordings * Regenerating another test * Regenerating another test * Update internal/auth0/user/resource.go Co-authored-by: Sergiu Ghitea <[email protected]> * Update internal/auth0/user/resource.go Co-authored-by: Sergiu Ghitea <[email protected]> * Update internal/auth0/user/resource.go Co-authored-by: Sergiu Ghitea <[email protected]> * Regenerating docs --------- Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]>
auth0 · May 10, 2023 · 839c31a · 839c31a
1 parent 49f9644
commit 839c31a
Show file tree

Hide file tree

Showing 9 changed files with 5,967 additions and 4,490 deletions.
diff --git a/docs/data-sources/user.md b/docs/data-sources/user.md
@@ -37,6 +37,7 @@ data "auth0_user" "my_user" {
 - `name` (String) Name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
 - `nickname` (String) Preferred nickname or alias of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
 - `password` (String) Initial password for this user. Required for non-passwordless connections (SMS and email).
+- `permissions` (Set of Object) List of API permissions granted to the user. (see [below for nested schema](#nestedatt--permissions))
 - `phone_number` (String) Phone number for the user; follows the E.164 recommendation. Used for SMS connections.
 - `phone_verified` (Boolean) Indicates whether the phone number has been verified.
 - `picture` (String) Picture of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
@@ -45,4 +46,14 @@ data "auth0_user" "my_user" {
 - `username` (String) Username of the user. Only valid if the connection requires a username.
 - `verify_email` (Boolean) Indicates whether the user will receive a verification email after creation. Overrides behavior of `email_verified` parameter.
 
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `description` (String)
+- `name` (String)
+- `resource_server_identifier` (String)
+- `resource_server_name` (String)
+
 
diff --git a/docs/resources/user.md b/docs/resources/user.md
@@ -60,6 +60,17 @@ resource "auth0_role" "admin" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
+- `permissions` (Set of Object) List of API permissions granted to the user. (see [below for nested schema](#nestedatt--permissions))
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `description` (String)
+- `name` (String)
+- `resource_server_identifier` (String)
+- `resource_server_name` (String)
 
 ## Import
 

diff --git a/internal/auth0/user/data_source_test.go b/internal/auth0/user/data_source_test.go
@@ -66,6 +66,7 @@ func TestAccDataSourceUser(t *testing.T) {
 					resource.TestCheckResourceAttr("data.auth0_user.test", "nickname", strings.ToLower(t.Name())),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "picture", "https://www.example.com/picture.jpg"),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "roles.#", "2"),
+					resource.TestCheckResourceAttr("data.auth0_user.test", "permissions.#", "0"),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "user_metadata", `{"baz":"qux","foo":"bar"}`),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "app_metadata", `{"baz":"qux","foo":"bar"}`),
 				),

diff --git a/internal/auth0/user/resource.go b/internal/auth0/user/resource.go
@@ -154,6 +154,35 @@ func NewResource() *schema.Resource {
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Description: "Set of IDs of roles assigned to the user.",
 			},
+			"permissions": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Description: "List of API permissions granted to the user.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of permission.",
+						},
+						"description": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Description of the permission.",
+						},
+						"resource_server_identifier": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Resource server identifier associated with the permission.",
+						},
+						"resource_server_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of resource server that the permission is associated with.",
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -210,6 +239,12 @@ func readUser(ctx context.Context, d *schema.ResourceData, m interface{}) diag.D
 	}
 	result = multierror.Append(result, d.Set("roles", flattenUserRoles(roleList)))
 
+	permissions, err := api.User.Permissions(user.GetID())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	result = multierror.Append(result, d.Set("permissions", flattenUserPermissions(permissions)))
+
 	return diag.FromErr(result.ErrorOrNil())
 }
 
@@ -378,6 +413,19 @@ func flattenUserRoles(roleList *management.RoleList) []interface{} {
 	return roles
 }
 
+func flattenUserPermissions(permissionList *management.PermissionList) []interface{} {
+	var permissions []interface{}
+	for _, p := range permissionList.Permissions {
+		permissions = append(permissions, map[string]string{
+			"name":                       p.GetName(),
+			"resource_server_identifier": p.GetResourceServerIdentifier(),
+			"description":                p.GetDescription(),
+			"resource_server_name":       p.GetResourceServerName(),
+		})
+	}
+	return permissions
+}
+
 func validateUser(user *management.User) error {
 	validations := []validateUserFunc{
 		validateNoUsernameAndPasswordSimultaneously(),

diff --git a/internal/auth0/user/resource_test.go b/internal/auth0/user/resource_test.go
@@ -172,6 +172,7 @@ func TestAccUser(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_user.user", "user_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "app_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "roles.#", "0"),
+					resource.TestCheckResourceAttr("auth0_user.user", "permissions.#", "0"),
 				),
 			},
 			{
@@ -204,6 +205,7 @@ func TestAccUser(t *testing.T) {
 				Config: acctest.ParseTestName(testAccUserUpdateRemovingMetadata, strings.ToLower(t.Name())),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("auth0_user.user", "roles.#", "0"),
+					resource.TestCheckResourceAttr("auth0_user.user", "permissions.#", "0"),
 					resource.TestCheckResourceAttr("auth0_user.user", "user_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "app_metadata", ""),
 				),