Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reintroduce support for aws client addon
Browse files Browse the repository at this point in the history
sergiught committed Jun 26, 2023
1 parent 565a0c4 commit c5402b7
Showing 10 changed files with 336 additions and 156 deletions.
19 changes: 19 additions & 0 deletions docs/data-sources/client.md
Original file line number Diff line number Diff line change
@@ -32,6 +32,7 @@ data "auth0_client" "some-client-by-id" {

### Read-Only

- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -67,6 +68,24 @@ data "auth0_client" "some-client-by-id" {
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.

<a id="nestedatt--addons"></a>
### Nested Schema for `addons`

Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`

Read-Only:

- `lifetime_in_seconds` (Number)
- `principal` (String)
- `role` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

19 changes: 19 additions & 0 deletions docs/data-sources/global_client.md
Original file line number Diff line number Diff line change
@@ -19,6 +19,7 @@ data "auth0_global_client" "global" {}

### Read-Only

- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -56,6 +57,24 @@ data "auth0_global_client" "global" {}
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.

<a id="nestedatt--addons"></a>
### Nested Schema for `addons`

Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`

Read-Only:

- `lifetime_in_seconds` (Number)
- `principal` (String)
- `role` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

19 changes: 19 additions & 0 deletions docs/resources/client.md
Original file line number Diff line number Diff line change
@@ -89,6 +89,7 @@ resource "auth0_client" "my_client" {

### Optional

- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -129,6 +130,24 @@ resource "auth0_client" "my_client" {
- `id` (String) The ID of this resource.
- `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

<a id="nestedblock--addons"></a>
### Nested Schema for `addons`

Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`

Optional:

- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

19 changes: 19 additions & 0 deletions docs/resources/global_client.md
Original file line number Diff line number Diff line change
@@ -31,6 +31,7 @@ PAGE

### Optional

- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -72,6 +73,24 @@ PAGE

- `id` (String) The ID of this resource.

<a id="nestedblock--addons"></a>
### Nested Schema for `addons`

Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`

Optional:

- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`

4 changes: 3 additions & 1 deletion internal/acctest/acctest.go
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@ func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string
}

func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) schema.ConfigureContextFunc {
return func(ctx context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
return func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
domain := data.Get("domain").(string)
debug := data.Get("debug").(bool)

@@ -77,6 +77,8 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc

authenticationOption := management.WithStaticToken(apiToken)
if apiToken == "" {
ctx := context.Background()

authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
if audience != "" {
authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)
44 changes: 41 additions & 3 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
@@ -42,9 +42,9 @@ func expandClient(d *schema.ResourceData) *management.Client {
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
// Addons: expandClientAddons(d), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
}

return client
@@ -236,6 +236,44 @@ func expandClientMetadata(d *schema.ResourceData) *map[string]interface{} {
return &newMetadataMap
}

func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {
if !d.HasChange("addons") {
return nil
}

var addons management.ClientAddons

d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))

return stop
})

if addons == (management.ClientAddons{}) {
return nil
}

return &addons
}

func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
var awsAddon management.AWSClientAddon

awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
awsAddon.Role = value.String(awsCfg.GetAttr("role"))
awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))

return stop
})

if awsAddon == (management.AWSClientAddon{}) {
return nil
}

return &awsAddon
}

func clientHasChange(c *management.Client) bool {
return c.String() != "{}"
}
20 changes: 20 additions & 0 deletions internal/auth0/client/flatten.go
Original file line number Diff line number Diff line change
@@ -88,3 +88,23 @@ func flattenClientMobile(mobile *management.ClientMobile) []interface{} {

return []interface{}{m}
}

func flattenClientAddons(addons *management.ClientAddons) []interface{} {
if addons == nil {
return nil
}

aws := map[string]interface{}{
"principal": addons.GetAWS().GetPrincipal(),
"role": addons.GetAWS().GetRole(),
"lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
}

return []interface{}{
map[string]interface{}{
"aws": []interface{}{
aws,
},
},
}
}
38 changes: 37 additions & 1 deletion internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
@@ -481,6 +481,42 @@ func NewResource() *schema.Resource {
Description: "List containing a map of the public cert of the signing key and the public cert " +
"of the signing key in PKCS7.",
},
"addons": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Description: "Addons enabled for this client and their associated configurations.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"aws": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Description: "AWS Addon configuration.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"principal": {
Description: "AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.",
Type: schema.TypeString,
Optional: true,
},
"role": {
Description: "AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.",
Type: schema.TypeString,
Optional: true,
},
"lifetime_in_seconds": {
Description: "AWS token lifetime in seconds.",
Type: schema.TypeInt,
ValidateFunc: validation.IntBetween(900, 43200),
Optional: true,
},
},
},
},
},
},
},
},
}
}
@@ -541,7 +577,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag
d.Set("jwt_configuration", flattenClientJwtConfiguration(client.GetJWTConfiguration())),
d.Set("refresh_token", flattenClientRefreshTokenConfiguration(client.GetRefreshToken())),
d.Set("encryption_key", client.GetEncryptionKey()),
// D.Set("addons", flattenClientAddons(client.Addons)), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
d.Set("addons", flattenClientAddons(client.Addons)),
d.Set("mobile", flattenClientMobile(client.GetMobile())),
d.Set("initiate_login_uri", client.GetInitiateLoginURI()),
d.Set("signing_keys", client.SigningKeys),
Loading

0 comments on commit c5402b7

Please sign in to comment.