Allow url fields to be set to empty

auth0 · Jan 29, 2023 · a497558 · a497558
1 parent 24917da
commit a497558
Show file tree

Hide file tree

Showing 16 changed files with 103 additions and 85 deletions.
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
@@ -50,7 +50,7 @@ data "auth0_client" "some-client-by-id" {
 - `form_template` (String) HTML form template to be used for WS-Federation.
 - `grant_types` (List of String) Types of grants that this client is authorized to use.
 - `id` (String) The ID of this resource.
-- `initiate_login_uri` (String) Initiate login URI, must be HTTPS.
+- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
 - `is_first_party` (Boolean) Indicates whether this client is a first-party client.
 - `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
 - `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration))

diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
@@ -38,7 +38,7 @@ data "auth0_global_client" "global" {}
 - `form_template` (String) HTML form template to be used for WS-Federation.
 - `grant_types` (List of String) Types of grants that this client is authorized to use.
 - `id` (String) The ID of this resource.
-- `initiate_login_uri` (String) Initiate login URI, must be HTTPS.
+- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
 - `is_first_party` (Boolean) Indicates whether this client is a first-party client.
 - `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
 - `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration))

diff --git a/docs/index.md b/docs/index.md
@@ -33,17 +33,14 @@ better alternative.
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- `domain` (String) Your Auth0 domain name. It can also be sourced from the `AUTH0_DOMAIN` environment variable.
-
 ### Optional
 
 - `api_token` (String) Your Auth0 [management api access token](https://auth0.com/docs/security/tokens/access-tokens/management-api-access-tokens). It can also be sourced from the `AUTH0_API_TOKEN` environment variable. It can be used instead of `client_id` + `client_secret`. If both are specified, `api_token` will be used over `client_id` + `client_secret` fields.
 - `audience` (String) Your Auth0 audience when using a custom domain. It can also be sourced from the `AUTH0_AUDIENCE` environment variable.
 - `client_id` (String) Your Auth0 client ID. It can also be sourced from the `AUTH0_CLIENT_ID` environment variable.
 - `client_secret` (String) Your Auth0 client secret. It can also be sourced from the `AUTH0_CLIENT_SECRET` environment variable.
 - `debug` (Boolean) Indicates whether to turn on debug mode.
+- `domain` (String) Your Auth0 domain name. It can also be sourced from the `AUTH0_DOMAIN` environment variable.
 
 ## Environment Variables
 

diff --git a/docs/resources/client.md b/docs/resources/client.md
@@ -111,7 +111,7 @@ resource "auth0_client" "my_client" {
 - `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client.
 - `form_template` (String) HTML form template to be used for WS-Federation.
 - `grant_types` (List of String) Types of grants that this client is authorized to use.
-- `initiate_login_uri` (String) Initiate login URI, must be HTTPS.
+- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
 - `is_first_party` (Boolean) Indicates whether this client is a first-party client.
 - `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
 - `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration))

diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
@@ -50,7 +50,7 @@ PAGE
 - `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client.
 - `form_template` (String) HTML form template to be used for WS-Federation.
 - `grant_types` (List of String) Types of grants that this client is authorized to use.
-- `initiate_login_uri` (String) Initiate login URI, must be HTTPS.
+- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
 - `is_first_party` (Boolean) Indicates whether this client is a first-party client.
 - `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
 - `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration))

diff --git a/docs/resources/guardian.md b/docs/resources/guardian.md
@@ -159,8 +159,8 @@ Required:
 Optional:
 
 - `app_name` (String) Custom Application Name.
-- `apple_app_link` (String) Apple App Store URL.
-- `google_app_link` (String) Google Store URL.
+- `apple_app_link` (String) Apple App Store URL. Must be HTTPS or an empty string.
+- `google_app_link` (String) Google Store URL. Must be HTTPS or an empty string.
 
 
 

diff --git a/docs/resources/tenant.md b/docs/resources/tenant.md
@@ -73,7 +73,7 @@ resource "auth0_tenant" "my_tenant" {
 - `change_password` (Block List, Max: 1) Configuration settings for change password page. (see [below for nested schema](#nestedblock--change_password))
 - `default_audience` (String) API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
 - `default_directory` (String) Name of the connection to be used for Password Grant exchanges. Options include `auth0-adldap`, `ad`, `auth0`, `email`, `sms`, `waad`, and `adfs`.
-- `default_redirection_uri` (String) The default absolute redirection URI, must be https and cannot contain a fragment.
+- `default_redirection_uri` (String) The default absolute redirection URI. Must be HTTPS or an empty string.
 - `enabled_locales` (List of String) Supported locales for the user interface. The first locale in the list will be used to set the default locale.
 - `error_page` (Block List, Max: 1) Configuration settings for error pages. (see [below for nested schema](#nestedblock--error_page))
 - `flags` (Block List, Max: 1) Configuration settings for tenant flags. (see [below for nested schema](#nestedblock--flags))

diff --git a/internal/provider/resource_auth0_client.go b/internal/provider/resource_auth0_client.go
@@ -9,6 +9,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+
+	internalValidation "github.com/auth0/terraform-provider-auth0/internal/validation"
 )
 
 func newClient() *schema.Resource {
@@ -51,9 +53,9 @@ func newClient() *schema.Resource {
 				Type:     schema.TypeMap,
 				Optional: true,
 				Description: "Custom metadata for the rotation. " +
-				"The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. " +
-				"For example, the map could contain the user making the change, the date of the change, and a text reason for the change. " +
-				"For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).",
+					"The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. " +
+					"For example, the map could contain the user making the change, the date of the change, and a text reason for the change. " +
+					"For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).",
 			},
 			"client_aliases": {
 				Type: schema.TypeList,
@@ -608,8 +610,8 @@ func newClient() *schema.Resource {
 			"initiate_login_uri": {
 				Type:         schema.TypeString,
 				Optional:     true,
-				ValidateFunc: validation.IsURLWithHTTPS,
-				Description:  "Initiate login URI, must be HTTPS.",
+				ValidateFunc: internalValidation.IsURLWithHTTPSorEmptyString,
+				Description:  "Initiate login URI. Must be HTTPS or an empty string.",
 			},
 			"native_social_login": {
 				Type:     schema.TypeList,

diff --git a/internal/provider/resource_auth0_client_test.go b/internal/provider/resource_auth0_client_test.go
@@ -584,7 +584,7 @@ resource "auth0_client" "my_client" {
 	custom_login_page = ""
 	form_template = ""
 	token_endpoint_auth_method = "client_secret_post"
-	initiate_login_uri = "https://example.com/login-uri"
+	initiate_login_uri = ""
 	logo_uri = "https://another-example.com/logoUri"
 	organization_require_behavior = "no_prompt"
 	organization_usage = "deny"
@@ -748,7 +748,7 @@ func TestAccClient(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "custom_login_page", ""),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "form_template", ""),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "token_endpoint_auth_method", "client_secret_post"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "initiate_login_uri", "https://example.com/login-uri"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "initiate_login_uri", ""),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "logo_uri", "https://another-example.com/logoUri"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "organization_require_behavior", "no_prompt"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "organization_usage", "deny"),

diff --git a/internal/provider/resource_auth0_guardian.go b/internal/provider/resource_auth0_guardian.go
@@ -9,6 +9,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+
+	internalValidation "github.com/auth0/terraform-provider-auth0/internal/validation"
 )
 
 func newGuardian() *schema.Resource {
@@ -333,14 +335,14 @@ func newGuardian() *schema.Resource {
 									"apple_app_link": {
 										Type:         schema.TypeString,
 										Optional:     true,
-										ValidateFunc: validation.IsURLWithHTTPS,
-										Description:  "Apple App Store URL.",
+										ValidateFunc: internalValidation.IsURLWithHTTPSorEmptyString,
+										Description:  "Apple App Store URL. Must be HTTPS or an empty string.",
 									},
 									"google_app_link": {
 										Type:         schema.TypeString,
 										Optional:     true,
-										ValidateFunc: validation.IsURLWithHTTPS,
-										Description:  "Google Store URL.",
+										ValidateFunc: internalValidation.IsURLWithHTTPSorEmptyString,
+										Description:  "Google Store URL. Must be HTTPS or an empty string.",
 									},
 								},
 							},

diff --git a/internal/provider/resource_auth0_tenant.go b/internal/provider/resource_auth0_tenant.go
@@ -351,14 +351,11 @@ func newTenant() *schema.Resource {
 				},
 			},
 			"default_redirection_uri": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-				ValidateFunc: validation.All(
-					internalValidation.IsURLWithNoFragment,
-					validation.IsURLWithScheme([]string{"https"}),
-				),
-				Description: "The default absolute redirection URI, must be https and cannot contain a fragment.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: internalValidation.IsURLWithHTTPSorEmptyString,
+				Description:  "The default absolute redirection URI. Must be HTTPS or an empty string.",
 			},
 			"session_cookie": {
 				Type:        schema.TypeList,

diff --git a/internal/provider/resource_auth0_tenant_test.go b/internal/provider/resource_auth0_tenant_test.go
@@ -64,6 +64,7 @@ func TestAccTenant(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "flags.0.use_scope_descriptions_for_consent", "false"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "allowed_logout_urls.#", "0"),
 					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "session_cookie.0.mode", "persistent"),
+					resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "default_redirection_uri", ""),
 				),
 			},
 			{
@@ -165,7 +166,7 @@ resource "auth0_tenant" "my_tenant" {
 			page_background = "#000000"
 		}
 	}
-	default_redirection_uri = "https://example.com/login"
+	default_redirection_uri = ""
 	session_cookie {
 		mode = "persistent"
 	}

diff --git a/internal/validation/validation.go b/internal/validation/validation.go
@@ -1,38 +1,17 @@
 package validation
 
 import (
-	"fmt"
-	"net/url"
-)
-
-// IsURLWithNoFragment is a SchemaValidateFunc which tests if the provided value
-// is of type string and a valid URL with no fragment.
-func IsURLWithNoFragment(i interface{}, k string) (warnings []string, errors []error) {
-	v, ok := i.(string)
-	if !ok {
-		errors = append(errors, fmt.Errorf("expected type of %q to be string", k))
-		return
-	}
-
-	if v == "" {
-		errors = append(errors, fmt.Errorf("expected %q url to not be empty, got %v", k, i))
-		return
-	}
+	"strings"
 
-	u, err := url.Parse(v)
-	if err != nil {
-		errors = append(errors, fmt.Errorf("expected %q to be a valid url, got %v: %+v", k, v, err))
-		return
-	}
-
-	if u.Host == "" {
-		errors = append(errors, fmt.Errorf("expected %q to have a host, got %v", k, v))
-		return
-	}
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
 
-	if u.Fragment != "" {
-		errors = append(errors, fmt.Errorf("expected %q to have a url with an empty fragment. %s", k, v))
+func IsURLWithHTTPSorEmptyString(i interface{}, s string) ([]string, []error) {
+	_, errors := validation.IsURLWithHTTPS(i, s)
+	for _, err := range errors {
+		if !strings.Contains(err.Error(), "url to not be empty") {
+			return nil, errors
+		}
 	}
-
-	return
+	return nil, nil
 }
diff --git a/internal/validation/validation_test.go b/internal/validation/validation_test.go
@@ -1,18 +1,58 @@
 package validation
 
-import "testing"
+import (
+	"fmt"
+	"testing"
 
-func TestIsURLWithNoFragment(t *testing.T) {
-	for url, valid := range map[string]bool{
-		"http://example.com":      true,
-		"http://example.com/foo":  true,
-		"http://example.com#foo":  false,
-		"https://example.com/foo": true,
-		"https://example.com#foo": false,
-	} {
-		_, err := IsURLWithNoFragment(url, "url")
-		if err != nil && valid {
-			t.Errorf("IsURLWithNoFragment(%s) produced an unexpected error", url)
-		}
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsURLWithHTTPSorEmptyString(t *testing.T) {
+	var testCases = []struct {
+		inputURL       string
+		expectedErrors []string
+	}{
+		{
+			inputURL: "http://example.com",
+			expectedErrors: []string{
+				"expected \"theTestURL\" to have a url with schema of: \"https\", got http://example.com",
+			},
+		},
+		{
+			inputURL: "http://example.com/foo",
+			expectedErrors: []string{
+				"expected \"theTestURL\" to have a url with schema of: \"https\", got http://example.com/foo",
+			},
+		},
+		{
+			inputURL: "http://example.com#foo",
+			expectedErrors: []string{
+				"expected \"theTestURL\" to have a url with schema of: \"https\", got http://example.com#foo",
+			},
+		},
+		{
+			inputURL:       "https://example.com/foo",
+			expectedErrors: nil,
+		},
+		{
+			inputURL:       "https://example.com#foo",
+			expectedErrors: nil,
+		},
+		{
+			inputURL:       "",
+			expectedErrors: nil,
+		},
+	}
+
+	for i, testCase := range testCases {
+		t.Run(fmt.Sprintf("test case #%d", i), func(t *testing.T) {
+			var errorsAsString []string
+			_, actualErrors := IsURLWithHTTPSorEmptyString(testCase.inputURL, "theTestURL")
+			for _, actualError := range actualErrors {
+				errorsAsString = append(errorsAsString, actualError.Error())
+			}
+
+			assert.Equal(t, testCase.expectedErrors, errorsAsString)
+		})
 	}
 }