[2/X] DXCDT-461: Remove scope field from resource server resource (#708)

docs/data-sources/resource_server.md

@@ -27,7 +27,7 @@ data "auth0_resource_server" "some-resource-server-by-id" {
 
 ### Optional
 
-- `identifier` (String) The unique identifier for the resource server. If not provided, `resource_server_id` must be set.
+- `identifier` (String) Unique identifier for the resource server. Used as the audience parameter for authorization calls. If not provided, `resource_server_id` must be set.
 - `resource_server_id` (String) The ID of the resource server. If not provided, `identifier` must be set.
 
 ### Read-Only
@@ -51,6 +51,6 @@ data "auth0_resource_server" "some-resource-server-by-id" {
 Read-Only:
 
 - `description` (String)
-- `value` (String)
+- `name` (String)
 
 

docs/resources/resource_server.md

@@ -44,7 +44,6 @@ resource "auth0_resource_server" "my_resource_server" {
 - `allow_offline_access` (Boolean) Indicates whether refresh tokens can be issued for this resource server.
 - `enforce_policies` (Boolean) If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
 - `name` (String) Friendly name for the resource server. Cannot include `<` or `>` characters.
-- `scopes` (Block Set, Deprecated) List of permissions (scopes) used by this resource server. Managing scopes through the `scopes` attribute is deprecated and it will be removed in a future major version. Migrate to the `auth0_resource_server_scope` or `auth0_resource_server_scopes` resources to manage role scopes instead. Check the [MIGRATION GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md#resource-server-scopes) for more info. (see [below for nested schema](#nestedblock--scopes))
 - `signing_alg` (String) Algorithm used to sign JWTs. Options include `HS256` and `RS256`.
 - `signing_secret` (String) Secret used to sign tokens when using symmetric algorithms (HS256).
 - `skip_consent_for_verifiable_first_party_clients` (Boolean) Indicates whether to skip user consent for applications flagged as first party.
@@ -57,17 +56,6 @@ resource "auth0_resource_server" "my_resource_server" {
 
 - `id` (String) The ID of this resource.
 
-<a id="nestedblock--scopes"></a>
-### Nested Schema for `scopes`
-
-Required:
-
-- `value` (String) Name of the permission (scope). Examples include `read:appointments` or `delete:appointments`.
-
-Optional:
-
-- `description` (String) Description of the permission (scope).
-
 ## Import
 
 Import is supported using the following syntax:

internal/auth0/client/resource_grant_test.go

@@ -9,84 +9,106 @@ import (
 	"github.com/auth0/terraform-provider-auth0/internal/acctest"
 )
 
-const testAccClientGrantAuxConfig = `
+const testAccGivenAClientAndAResourceServerWithScopes = `
 resource "auth0_client" "my_client" {
-	name = "Acceptance Test - Client Grant - {{.testName}}"
+	name                 = "Acceptance Test - Client Grant - {{.testName}}"
 	custom_login_page_on = true
-	is_first_party = true
+	is_first_party       = true
 }
 
 resource "auth0_resource_server" "my_resource_server" {
-	name = "Acceptance Test - Client Grant - {{.testName}}"
+	name       = "Acceptance Test - Client Grant - {{.testName}}"
 	identifier = "https://uat.tf.terraform-provider-auth0.com/client-grant/{{.testName}}"
+}
+
+resource "auth0_resource_server_scopes" "my_api_scopes" {
+	depends_on = [ auth0_resource_server.my_resource_server ]
+
+	resource_server_identifier = auth0_resource_server.my_resource_server.identifier
+
 	scopes {
-		value = "create:foo"
+		name        = "create:foo"
 		description = "Create foos"
 	}
+
 	scopes {
-		value = "create:bar"
+		name        = "create:bar"
 		description = "Create bars"
 	}
 }
 `
 
-const testAccClientGrantConfigCreate = testAccClientGrantAuxConfig + `
+const testAccClientGrantConfigCreate = testAccGivenAClientAndAResourceServerWithScopes + `
 resource "auth0_client_grant" "my_client_grant" {
-	client_id = "${auth0_client.my_client.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ ]
+	depends_on = [ auth0_resource_server_scopes.my_api_scopes ]
+
+	client_id = auth0_client.my_client.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ ]
 }
 `
 
-const testAccClientGrantConfigUpdate = testAccClientGrantAuxConfig + `
+const testAccClientGrantConfigUpdate = testAccGivenAClientAndAResourceServerWithScopes + `
 resource "auth0_client_grant" "my_client_grant" {
-	client_id = "${auth0_client.my_client.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ "create:foo" ]
+	depends_on = [ auth0_resource_server_scopes.my_api_scopes ]
+
+	client_id = auth0_client.my_client.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ "create:foo" ]
 }
 `
 
-const testAccClientGrantConfigUpdateAgain = testAccClientGrantAuxConfig + `
+const testAccClientGrantConfigUpdateAgain = testAccGivenAClientAndAResourceServerWithScopes + `
 resource "auth0_client_grant" "my_client_grant" {
-	client_id = "${auth0_client.my_client.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ ]
+	depends_on = [ auth0_resource_server_scopes.my_api_scopes ]
+
+	client_id = auth0_client.my_client.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ ]
 }
 `
 
-const testAccClientGrantConfigUpdateChangeClient = testAccClientGrantAuxConfig + `
+const testAccClientGrantConfigUpdateChangeClient = testAccGivenAClientAndAResourceServerWithScopes + `
 resource "auth0_client" "my_client_alt" {
-	name = "Acceptance Test - Client Grant Alt - {{.testName}}"
+	depends_on = [ auth0_resource_server_scopes.my_api_scopes ]
+
+	name                 = "Acceptance Test - Client Grant Alt - {{.testName}}"
 	custom_login_page_on = true
-	is_first_party = true
+	is_first_party       = true
 }
 
 resource "auth0_client_grant" "my_client_grant" {
-	client_id = "${auth0_client.my_client_alt.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ ]
+	depends_on = [ auth0_client.my_client_alt ]
+
+	client_id = auth0_client.my_client_alt.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ ]
 }
 `
 
-const testAccAlreadyExistingGrantWillNotConflict = testAccClientGrantAuxConfig + `
+const testAccAlreadyExistingGrantWillNotConflict = testAccGivenAClientAndAResourceServerWithScopes + `
 resource "auth0_client" "my_client_alt" {
-	name = "Acceptance Test - Client Grant Alt - {{.testName}}"
+	depends_on = [ auth0_resource_server_scopes.my_api_scopes ]
+
+	name                 = "Acceptance Test - Client Grant Alt - {{.testName}}"
 	custom_login_page_on = true
-	is_first_party = true
+	is_first_party       = true
 }
 
 resource "auth0_client_grant" "my_client_grant" {
-	client_id = "${auth0_client.my_client_alt.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ ]
+	depends_on = [ auth0_client.my_client_alt ]
+
+	client_id = auth0_client.my_client_alt.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ ]
 }
 
 resource "auth0_client_grant" "no_conflict_client_grant" {
 	depends_on = [ auth0_client_grant.my_client_grant ]
 
-	client_id = "${auth0_client.my_client_alt.id}"
-	audience = "${auth0_resource_server.my_resource_server.identifier}"
-	scope = [ ]
+	client_id = auth0_client.my_client_alt.id
+	audience  = auth0_resource_server.my_resource_server.identifier
+	scope     = [ ]
 }
 `
 

internal/auth0/resourceserver/data_source.go

@@ -23,20 +23,41 @@ func NewDataSource() *schema.Resource {
 
 func dataSourceSchema() map[string]*schema.Schema {
 	dataSourceSchema := internalSchema.TransformResourceToDataSource(internalSchema.Clone(NewResource().Schema))
+
 	dataSourceSchema["resource_server_id"] = &schema.Schema{
 		Type:         schema.TypeString,
 		Optional:     true,
 		Description:  "The ID of the resource server. If not provided, `identifier` must be set.",
 		AtLeastOneOf: []string{"resource_server_id", "identifier"},
 	}
 
-	internalSchema.SetExistingAttributesAsOptional(dataSourceSchema, "identifier")
-	dataSourceSchema["identifier"].Description = "The unique identifier for the resource server. " +
-		"If not provided, `resource_server_id` must be set."
-	dataSourceSchema["identifier"].AtLeastOneOf = []string{"resource_server_id", "identifier"}
+	dataSourceSchema["identifier"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Optional: true,
+		Description: "Unique identifier for the resource server. Used as the audience parameter " +
+			"for authorization calls. If not provided, `resource_server_id` must be set. ",
+		AtLeastOneOf: []string{"resource_server_id", "identifier"},
+	}
 
-	dataSourceSchema["scopes"].Deprecated = ""
-	dataSourceSchema["scopes"].Description = "List of permissions (scopes) used by this resource server."
+	dataSourceSchema["scopes"] = &schema.Schema{
+		Type:        schema.TypeSet,
+		Computed:    true,
+		Description: "List of permissions (scopes) used by this resource server.",
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"name": {
+					Type:        schema.TypeString,
+					Computed:    true,
+					Description: "Name of the permission (scope). Examples include `read:appointments` or `delete:appointments`.",
+				},
+				"description": {
+					Type:        schema.TypeString,
+					Computed:    true,
+					Description: "Description of the permission (scope).",
+				},
+			},
+		},
+	}
 
 	return dataSourceSchema
 }