Add deprecation messages

MIGRATION_GUIDE.md

@@ -1,5 +1,88 @@
 # Migration Guide
 
+## Upgrading from v0.49.0 → v0.50.0
+
+There are deprecations in this update. Please ensure you read this guide thoroughly and prepare your potential
+automated workflows before upgrading.
+
+### Deprecations
+
+- [Auth0 Pages](#auth0-pages)
+
+#### Auth0 Pages
+
+The `custom_login_page` on the `auth0_global_client` and the `change_password`, `guardian_mfa_page` and `error_page`
+fields on the `auth0_tenant` have been deprecated in favour of managing them on a brand new `auth0_pages` resource.
+To ensure a smooth transition when we eventually remove the capability to manage the custom 
+Auth0 pages through the `auth0_global_client` and `auth0_tenant` resources, we recommend proactively migrating to the 
+newly introduced `auth0_pages` resource. This will help you stay prepared for future changes.
+
+<table>
+<tr>
+<th>Before (v0.49.0)</th>
+<th>After (v0.50.0)</th>
+</tr>
+<tr>
+<td>
+
+```terraform
+resource "auth0_global_client" "global" {
+  custom_login_page_on = true
+  custom_login_page    = "<html>My Custom Login Page</html>"
+}
+
+resource "auth0_tenant" "my_tenant" {
+  change_password {
+    enabled = true
+    html    = "<html>My Custom Reset Password Page</html>"
+  }
+
+  guardian_mfa_page {
+    enabled = true
+    html    = "<html>My Custom MFA Page</html>"
+  }
+
+  error_page {
+    html          = "<html>My Custom Error Page</html>"
+    show_log_link = true
+    url           = "https://example.com/errors"
+  }
+}
+```
+
+</td>
+<td>
+
+```terraform
+resource "auth0_pages" "my_pages" {
+  login {
+    enabled = true
+    html    = "<html><body>My Custom Login Page</body></html>"
+  }
+
+  change_password {
+    enabled = true
+    html    = "<html><body>My Custom Reset Password Page</body></html>"
+  }
+
+  guardian_mfa {
+    enabled = true
+    html    = "<html><body>My Custom MFA Page</body></html>"
+  }
+
+  error {
+    show_log_link = true
+    html          = "<html><body>My Custom Error Page</body></html>"
+    url           = "https://example.com"
+  }
+}
+```
+
+</td>
+</tr>
+</table>
+
+
 ## Upgrading from v0.48.0 → v0.49.0
 
 There are deprecations in this update. Please ensure you read this guide thoroughly and prepare your potential

docs/data-sources/tenant.md

@@ -20,16 +20,16 @@ data "auth0_tenant" "my_tenant" {}
 ### Read-Only
 
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
-- `change_password` (List of Object) Configuration settings for change password page. (see [below for nested schema](#nestedatt--change_password))
+- `change_password` (List of Object) Configuration settings for change password page.  This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedatt--change_password))
 - `default_audience` (String) API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
 - `default_directory` (String) Name of the connection to be used for Password Grant exchanges. Options include `auth0-adldap`, `ad`, `auth0`, `email`, `sms`, `waad`, and `adfs`.
 - `default_redirection_uri` (String) The default absolute redirection URI. Must be HTTPS or an empty string.
 - `domain` (String) Your Auth0 domain name.
 - `enabled_locales` (List of String) Supported locales for the user interface. The first locale in the list will be used to set the default locale.
-- `error_page` (List of Object) Configuration settings for error pages. (see [below for nested schema](#nestedatt--error_page))
+- `error_page` (List of Object) Configuration settings for error pages. This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedatt--error_page))
 - `flags` (List of Object) Configuration settings for tenant flags. (see [below for nested schema](#nestedatt--flags))
 - `friendly_name` (String) Friendly name for the tenant.
-- `guardian_mfa_page` (List of Object) Configuration settings for the Guardian MFA page. (see [below for nested schema](#nestedatt--guardian_mfa_page))
+- `guardian_mfa_page` (List of Object) Configuration settings for the Guardian MFA page.  This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedatt--guardian_mfa_page))
 - `id` (String) The ID of this resource.
 - `idle_session_lifetime` (Number) Number of hours during which a session can be inactive before the user must log in again.
 - `management_api_identifier` (String) The identifier value of the built-in Management API resource server, which can be used as an audience when configuring client grants.

docs/resources/pages.md

@@ -0,0 +1,103 @@
+---
+page_title: "Resource: auth0_pages"
+description: |-
+  With this resource you can manage custom HTML for the Login, Reset Password, Multi-Factor Authentication and Error pages.
+---
+
+# Resource: auth0_pages
+
+With this resource you can manage custom HTML for the Login, Reset Password, Multi-Factor Authentication and Error pages.
+
+## Example Usage
+
+```terraform
+resource "auth0_pages" "my_pages" {
+  login {
+    enabled = true
+    html    = "<html><body>My Custom Login Page</body></html>"
+  }
+
+  change_password {
+    enabled = true
+    html    = "<html><body>My Custom Reset Password Page</body></html>"
+  }
+
+  guardian_mfa {
+    enabled = true
+    html    = "<html><body>My Custom MFA Page</body></html>"
+  }
+
+  error {
+    show_log_link = true
+    html          = "<html><body>My Custom Error Page</body></html>"
+    url           = "https://example.com"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `change_password` (Block List, Max: 1) Configuration settings for customizing the Password Reset page. (see [below for nested schema](#nestedblock--change_password))
+- `error` (Block List, Max: 1) Configuration settings for the Error pages. (see [below for nested schema](#nestedblock--error))
+- `guardian_mfa` (Block List, Max: 1) Configuration settings for customizing the Guardian Multi-Factor Authentication page. (see [below for nested schema](#nestedblock--guardian_mfa))
+- `login` (Block List, Max: 1) Configuration settings for customizing the Login page. (see [below for nested schema](#nestedblock--login))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--change_password"></a>
+### Nested Schema for `change_password`
+
+Required:
+
+- `enabled` (Boolean) Indicates whether to use the custom Reset Password HTML (`true`) or the default Auth0 page (`false`). Defaults to `false`.
+- `html` (String) Customized content for the Reset Password page. HTML format with supported [Liquid syntax](https://github.com/Shopify/liquid/wiki/Liquid-for-Designers).
+
+
+<a id="nestedblock--error"></a>
+### Nested Schema for `error`
+
+Required:
+
+- `html` (String) Customized content for the Error page. HTML format with supported [Liquid syntax](https://github.com/Shopify/liquid/wiki/Liquid-for-Designers).
+- `show_log_link` (Boolean) Indicates whether to show the link to logs as part of the default error page. Defaults to `true`.
+
+Optional:
+
+- `url` (String) URL to redirect to when an error occurs, instead of showing the default error page.
+
+
+<a id="nestedblock--guardian_mfa"></a>
+### Nested Schema for `guardian_mfa`
+
+Required:
+
+- `enabled` (Boolean) Indicates whether to use the custom Guardian MFA HTML (`true`) or the default Auth0 page (`false`). Defaults to `false`.
+- `html` (String) Customized content for the Guardian MFA page. HTML format with supported [Liquid syntax](https://github.com/Shopify/liquid/wiki/Liquid-for-Designers).
+
+
+<a id="nestedblock--login"></a>
+### Nested Schema for `login`
+
+Required:
+
+- `enabled` (Boolean) Indicates whether to use the custom Login page HTML (`true`) or the default Auth0 page (`false`). Defaults to `false`.
+- `html` (String) Customized content for the Login page. HTML format with supported [Liquid syntax](https://github.com/Shopify/liquid/wiki/Liquid-for-Designers).
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# As this is not a resource identifiable by an ID within the Auth0 Management API,
+# pages can be imported using a random string.
+#
+# We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4)
+#
+# Example:
+terraform import auth0_pages.my_pages 22f4f21b-017a-319d-92e7-2291c1ca36c4
+```

docs/resources/tenant.md

@@ -70,15 +70,15 @@ resource "auth0_tenant" "my_tenant" {
 ### Optional
 
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
-- `change_password` (Block List, Max: 1) Configuration settings for change password page. (see [below for nested schema](#nestedblock--change_password))
+- `change_password` (Block List, Max: 1, Deprecated) Configuration settings for change password page.  This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedblock--change_password))
 - `default_audience` (String) API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
 - `default_directory` (String) Name of the connection to be used for Password Grant exchanges. Options include `auth0-adldap`, `ad`, `auth0`, `email`, `sms`, `waad`, and `adfs`.
 - `default_redirection_uri` (String) The default absolute redirection URI. Must be HTTPS or an empty string.
 - `enabled_locales` (List of String) Supported locales for the user interface. The first locale in the list will be used to set the default locale.
-- `error_page` (Block List, Max: 1) Configuration settings for error pages. (see [below for nested schema](#nestedblock--error_page))
+- `error_page` (Block List, Max: 1, Deprecated) Configuration settings for error pages. This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedblock--error_page))
 - `flags` (Block List, Max: 1) Configuration settings for tenant flags. (see [below for nested schema](#nestedblock--flags))
 - `friendly_name` (String) Friendly name for the tenant.
-- `guardian_mfa_page` (Block List, Max: 1) Configuration settings for the Guardian MFA page. (see [below for nested schema](#nestedblock--guardian_mfa_page))
+- `guardian_mfa_page` (Block List, Max: 1, Deprecated) Configuration settings for the Guardian MFA page.  This attribute has been deprecated in favour of the newly introduced `auth0_pages` resource and it will be removed in a future version. Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info. (see [below for nested schema](#nestedblock--guardian_mfa_page))
 - `idle_session_lifetime` (Number) Number of hours during which a session can be inactive before the user must log in again.
 - `picture_url` (String) URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
 - `sandbox_version` (String) Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0's functionality.

examples/resources/auth0_pages/import.sh

@@ -0,0 +1,7 @@
+# As this is not a resource identifiable by an ID within the Auth0 Management API,
+# pages can be imported using a random string.
+#
+# We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4)
+#
+# Example:
+terraform import auth0_pages.my_pages 22f4f21b-017a-319d-92e7-2291c1ca36c4

examples/resources/auth0_pages/resource.tf

@@ -0,0 +1,22 @@
+resource "auth0_pages" "my_pages" {
+  login {
+    enabled = true
+    html    = "<html><body>My Custom Login Page</body></html>"
+  }
+
+  change_password {
+    enabled = true
+    html    = "<html><body>My Custom Reset Password Page</body></html>"
+  }
+
+  guardian_mfa {
+    enabled = true
+    html    = "<html><body>My Custom MFA Page</body></html>"
+  }
+
+  error {
+    show_log_link = true
+    html          = "<html><body>My Custom Error Page</body></html>"
+    url           = "https://example.com"
+  }
+}

internal/auth0/client/global_data_source.go

@@ -15,6 +15,9 @@ func NewGlobalDataSource() *schema.Resource {
 		ReadContext: readDataGlobalClient,
 		Schema:      globalDataSourceSchema(),
 		Description: "Retrieve a tenant's global Auth0 application client.",
+		DeprecationMessage: "This resource has been deprecated in favour of the newly introduced `auth0_pages` " +
+			"resource and it will be removed in a future version." +
+			"Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info.",
 	}
 }
 

internal/auth0/client/global_resource.go

@@ -16,6 +16,9 @@ func NewGlobalResource() *schema.Resource {
 	client.Description = "Use a tenant's global Auth0 Application client."
 	client.CreateContext = createGlobalClient
 	client.DeleteContext = deleteGlobalClient
+	client.DeprecationMessage = "This resource has been deprecated in favour of the newly introduced `auth0_pages` " +
+		"resource and it will be removed in a future version." +
+		"Check the [MIGRATION_GUIDE](https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md) for more info."
 
 	exclude := []string{"client_secret_rotation_trigger"}
 

internal/auth0/page/expand.go

@@ -0,0 +1,43 @@
+package page
+
+import (
+	"github.com/auth0/go-auth0/management"
+	"github.com/hashicorp/go-cty/cty"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/auth0/terraform-provider-auth0/internal/auth0/tenant"
+	"github.com/auth0/terraform-provider-auth0/internal/value"
+)
+
+func expandLoginPage(data *schema.ResourceData) *management.Client {
+	if !data.HasChange("login") {
+		return nil
+	}
+
+	var clientWithLoginPage *management.Client
+
+	data.GetRawConfig().GetAttr("login").ForEachElement(func(_ cty.Value, cfg cty.Value) (stop bool) {
+		clientWithLoginPage = &management.Client{
+			CustomLoginPageOn: value.Bool(cfg.GetAttr("enabled")),
+			CustomLoginPage:   value.String(cfg.GetAttr("html")),
+		}
+
+		return stop
+	})
+
+	return clientWithLoginPage
+}
+
+func expandTenantPages(cfg cty.Value) *management.Tenant {
+	tenantPages := &management.Tenant{
+		ChangePassword:  tenant.ExpandTenantChangePassword(cfg.GetAttr("change_password")),
+		GuardianMFAPage: tenant.ExpandTenantGuardianMFAPage(cfg.GetAttr("guardian_mfa")),
+		ErrorPage:       tenant.ExpandTenantErrorPage(cfg.GetAttr("error")),
+	}
+
+	if tenantPages.String() == "{}" {
+		return nil
+	}
+
+	return tenantPages
+}

internal/auth0/page/flatten.go

@@ -0,0 +1,14 @@
+package page
+
+import (
+	"github.com/auth0/go-auth0/management"
+)
+
+func flattenLoginPage(clientWithLoginPage *management.Client) []interface{} {
+	return []interface{}{
+		map[string]interface{}{
+			"enabled": clientWithLoginPage.GetCustomLoginPageOn(),
+			"html":    clientWithLoginPage.GetCustomLoginPage(),
+		},
+	}
+}