From c5402b75826faf74ef04a54e019a3661c136c319 Mon Sep 17 00:00:00 2001
From: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>
Date: Mon, 26 Jun 2023 12:04:42 +0200
Subject: [PATCH] Reintroduce support for aws client addon
---
docs/data-sources/client.md | 19 ++
docs/data-sources/global_client.md | 19 ++
docs/resources/client.md | 19 ++
docs/resources/global_client.md | 19 ++
internal/acctest/acctest.go | 4 +-
internal/auth0/client/expand.go | 44 ++++-
internal/auth0/client/flatten.go | 20 +++
internal/auth0/client/resource.go | 38 +++-
internal/auth0/client/resource_test.go | 164 ++----------------
test/data/recordings/TestAccClientAddons.yaml | 146 ++++++++++++++++
10 files changed, 336 insertions(+), 156 deletions(-)
create mode 100644 test/data/recordings/TestAccClientAddons.yaml
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
index 6df1ee423..65308fa37 100644
--- a/docs/data-sources/client.md
+++ b/docs/data-sources/client.md
@@ -32,6 +32,7 @@ data "auth0_client" "some-client-by-id" {
### Read-Only
+- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -67,6 +68,24 @@ data "auth0_client" "some-client-by-id" {
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.
+
+### Nested Schema for `addons`
+
+Read-Only:
+
+- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+
+
+### Nested Schema for `addons.aws`
+
+Read-Only:
+
+- `lifetime_in_seconds` (Number)
+- `principal` (String)
+- `role` (String)
+
+
+
### Nested Schema for `jwt_configuration`
diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
index 539319a84..3b5dbabf3 100644
--- a/docs/data-sources/global_client.md
+++ b/docs/data-sources/global_client.md
@@ -19,6 +19,7 @@ data "auth0_global_client" "global" {}
### Read-Only
+- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -56,6 +57,24 @@ data "auth0_global_client" "global" {}
- `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.
+
+### Nested Schema for `addons`
+
+Read-Only:
+
+- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+
+
+### Nested Schema for `addons.aws`
+
+Read-Only:
+
+- `lifetime_in_seconds` (Number)
+- `principal` (String)
+- `role` (String)
+
+
+
### Nested Schema for `jwt_configuration`
diff --git a/docs/resources/client.md b/docs/resources/client.md
index 5d575b593..2220937b2 100644
--- a/docs/resources/client.md
+++ b/docs/resources/client.md
@@ -89,6 +89,7 @@ resource "auth0_client" "my_client" {
### Optional
+- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -129,6 +130,24 @@ resource "auth0_client" "my_client" {
- `id` (String) The ID of this resource.
- `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
+
+### Nested Schema for `addons`
+
+Optional:
+
+- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+
+
+### Nested Schema for `addons.aws`
+
+Optional:
+
+- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
+- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
+- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
+
+
+
### Nested Schema for `jwt_configuration`
diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
index 61e1c7ebe..78b4c9e1b 100644
--- a/docs/resources/global_client.md
+++ b/docs/resources/global_client.md
@@ -31,6 +31,7 @@ PAGE
### Optional
+- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
- `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -72,6 +73,24 @@ PAGE
- `id` (String) The ID of this resource.
+
+### Nested Schema for `addons`
+
+Optional:
+
+- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+
+
+### Nested Schema for `addons.aws`
+
+Optional:
+
+- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
+- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
+- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
+
+
+
### Nested Schema for `jwt_configuration`
diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go
index f100b071c..e68b29b48 100644
--- a/internal/acctest/acctest.go
+++ b/internal/acctest/acctest.go
@@ -58,7 +58,7 @@ func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string
}
func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) schema.ConfigureContextFunc {
- return func(ctx context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
+ return func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
domain := data.Get("domain").(string)
debug := data.Get("debug").(bool)
@@ -77,6 +77,8 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc
authenticationOption := management.WithStaticToken(apiToken)
if apiToken == "" {
+ ctx := context.Background()
+
authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
if audience != "" {
authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)
diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go
index 2f7d79236..3556a7898 100644
--- a/internal/auth0/client/expand.go
+++ b/internal/auth0/client/expand.go
@@ -42,9 +42,9 @@ func expandClient(d *schema.ResourceData) *management.Client {
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
- // Addons: expandClientAddons(d), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
- NativeSocialLogin: expandClientNativeSocialLogin(d),
- Mobile: expandClientMobile(d),
+ Addons: expandClientAddons(d),
+ NativeSocialLogin: expandClientNativeSocialLogin(d),
+ Mobile: expandClientMobile(d),
}
return client
@@ -236,6 +236,44 @@ func expandClientMetadata(d *schema.ResourceData) *map[string]interface{} {
return &newMetadataMap
}
+func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {
+ if !d.HasChange("addons") {
+ return nil
+ }
+
+ var addons management.ClientAddons
+
+ d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
+ addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))
+
+ return stop
+ })
+
+ if addons == (management.ClientAddons{}) {
+ return nil
+ }
+
+ return &addons
+}
+
+func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
+ var awsAddon management.AWSClientAddon
+
+ awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
+ awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
+ awsAddon.Role = value.String(awsCfg.GetAttr("role"))
+ awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))
+
+ return stop
+ })
+
+ if awsAddon == (management.AWSClientAddon{}) {
+ return nil
+ }
+
+ return &awsAddon
+}
+
func clientHasChange(c *management.Client) bool {
return c.String() != "{}"
}
diff --git a/internal/auth0/client/flatten.go b/internal/auth0/client/flatten.go
index 0e4c072e3..4969eb28e 100644
--- a/internal/auth0/client/flatten.go
+++ b/internal/auth0/client/flatten.go
@@ -88,3 +88,23 @@ func flattenClientMobile(mobile *management.ClientMobile) []interface{} {
return []interface{}{m}
}
+
+func flattenClientAddons(addons *management.ClientAddons) []interface{} {
+ if addons == nil {
+ return nil
+ }
+
+ aws := map[string]interface{}{
+ "principal": addons.GetAWS().GetPrincipal(),
+ "role": addons.GetAWS().GetRole(),
+ "lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
+ }
+
+ return []interface{}{
+ map[string]interface{}{
+ "aws": []interface{}{
+ aws,
+ },
+ },
+ }
+}
diff --git a/internal/auth0/client/resource.go b/internal/auth0/client/resource.go
index ff3dab9dd..2bc91380f 100644
--- a/internal/auth0/client/resource.go
+++ b/internal/auth0/client/resource.go
@@ -481,6 +481,42 @@ func NewResource() *schema.Resource {
Description: "List containing a map of the public cert of the signing key and the public cert " +
"of the signing key in PKCS7.",
},
+ "addons": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Addons enabled for this client and their associated configurations.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "aws": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "AWS Addon configuration.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "principal": {
+ Description: "AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.",
+ Type: schema.TypeString,
+ Optional: true,
+ },
+ "role": {
+ Description: "AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.",
+ Type: schema.TypeString,
+ Optional: true,
+ },
+ "lifetime_in_seconds": {
+ Description: "AWS token lifetime in seconds.",
+ Type: schema.TypeInt,
+ ValidateFunc: validation.IntBetween(900, 43200),
+ Optional: true,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
},
}
}
@@ -541,7 +577,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag
d.Set("jwt_configuration", flattenClientJwtConfiguration(client.GetJWTConfiguration())),
d.Set("refresh_token", flattenClientRefreshTokenConfiguration(client.GetRefreshToken())),
d.Set("encryption_key", client.GetEncryptionKey()),
- // D.Set("addons", flattenClientAddons(client.Addons)), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
+ d.Set("addons", flattenClientAddons(client.Addons)),
d.Set("mobile", flattenClientMobile(client.GetMobile())),
d.Set("initiate_login_uri", client.GetInitiateLoginURI()),
d.Set("signing_keys", client.SigningKeys),
diff --git a/internal/auth0/client/resource_test.go b/internal/auth0/client/resource_test.go
index a3d7944ac..c9812c5cf 100644
--- a/internal/auth0/client/resource_test.go
+++ b/internal/auth0/client/resource_test.go
@@ -577,7 +577,7 @@ func TestAccClient(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"),
-
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "4"),
@@ -636,7 +636,7 @@ func TestAccClient(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"),
-
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "5"),
@@ -703,7 +703,7 @@ func TestAccClient(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"),
-
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"),
resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "0"),
@@ -738,171 +738,33 @@ func TestAccClient(t *testing.T) {
})
}
-const testAccCreateClientWithAddons = `
-resource "auth0_client" "my_client" {
- name = "Acceptance Test - SSO Integration - {{.testName}}"
- app_type = "sso_integration"
-
- addons {
- firebase = {
- client_email = "john.doe@example.com"
- lifetime_in_seconds = 1
- private_key = "wer"
- private_key_id = "qwreerwerwe"
- }
-
- samlp {
- issuer = "https://tableau-server-test.domain.eu.com/api/v1"
- audience = "https://tableau-server-test.domain.eu.com/audience-different"
- destination = "https://tableau-server-test.domain.eu.com/destination"
- digest_algorithm = "sha256"
- lifetime_in_seconds = 3600
- name_identifier_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- name_identifier_probes = [
- "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- ]
- create_upn_claim = false
- passthrough_claims_with_no_mapping = false
- map_unknown_claims_as_is = false
- map_identities = false
- recipient = "https://tableau-server-test.domain.eu.com/recipient-different"
- signing_cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
- mappings = {
- email = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- name = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
- }
- logout = {
- callback = "https://example.com/callback"
- slo_enabled = true
- }
- }
- }
-}
-`
-
-const testAccCreateClientWithAddonsAndEmptyFields = `
+const testAccCreateClientWithAddonsAWS = `
resource "auth0_client" "my_client" {
name = "Acceptance Test - SSO Integration - {{.testName}}"
app_type = "sso_integration"
addons {
- firebase = {
- client_email = "john.doe@example.com"
- lifetime_in_seconds = 1
- private_key = "wer"
- private_key_id = "qwreerwerwe"
- }
-
- samlp {
- issuer = "https://tableau-server-test.domain.eu.com/api/v3"
- audience = "https://tableau-server-test.domain.eu.com/audience-different"
- destination = "https://tableau-server-test.domain.eu.com/destination"
- digest_algorithm = "sha256"
- lifetime_in_seconds = 3600
- name_identifier_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- name_identifier_probes = []
- create_upn_claim = false
- passthrough_claims_with_no_mapping = false
- map_unknown_claims_as_is = false
- map_identities = false
- recipient = "https://tableau-server-test.domain.eu.com/recipient-different"
- signing_cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
- mappings = {}
- logout = {}
+ aws {
+ principal = "arn:aws:iam::010616021751:saml-provider/idpname"
+ role = "arn:aws:iam::010616021751:role/foo"
+ lifetime_in_seconds = 32000
}
}
}
`
-const testAccCreateClientWithAddonsRemovedFromConfig = `
-resource "auth0_client" "my_client" {
- name = "Acceptance Test - SSO Integration - {{.testName}}"
- app_type = "sso_integration"
-
- # Unfortunately we can't set firebase and
- # samlp addons set above, to empty.
- # This is because we don't have properly
- # defined structs for them in the Go SDK
- # and neither here in the terraform provider.
-}
-`
-
-func TestAccClientSSOIntegrationWithSAML(t *testing.T) {
- t.Skip()
-
+func TestAccClientAddons(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
- Config: acctest.ParseTestName(testAccCreateClientWithAddons, t.Name()),
- Check: resource.ComposeTestCheckFunc(
- resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())),
- resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.client_email", "john.doe@example.com"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.lifetime_in_seconds", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.lifetime_in_seconds", "3600"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_format", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.0", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.create_upn_claim", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.passthrough_claims_with_no_mapping", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_unknown_claims_as_is", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_identities", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "https://tableau-server-test.domain.eu.com/recipient-different"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.signing_cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.%", "2"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.%", "2"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.callback", "https://example.com/callback"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.slo_enabled", "true"),
- ),
- },
- {
- Config: acctest.ParseTestName(testAccCreateClientWithAddonsAndEmptyFields, t.Name()),
- Check: resource.ComposeTestCheckFunc(
- resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())),
- resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.client_email", "john.doe@example.com"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.lifetime_in_seconds", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v3"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.lifetime_in_seconds", "3600"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_format", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.#", "0"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.create_upn_claim", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.passthrough_claims_with_no_mapping", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_unknown_claims_as_is", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_identities", "false"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "https://tableau-server-test.domain.eu.com/recipient-different"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.signing_cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.%", "0"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.%", "0"),
- ),
- },
- {
- Config: acctest.ParseTestName(testAccCreateClientWithAddonsRemovedFromConfig, t.Name()),
+ Config: acctest.ParseTestName(testAccCreateClientWithAddonsAWS, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"),
- resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"),
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.principal", "arn:aws:iam::010616021751:saml-provider/idpname"),
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.role", "arn:aws:iam::010616021751:role/foo"),
+ resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.lifetime_in_seconds", "32000"),
),
},
},
diff --git a/test/data/recordings/TestAccClientAddons.yaml b/test/data/recordings/TestAccClientAddons.yaml
new file mode 100644
index 000000000..59726611b
--- /dev/null
+++ b/test/data/recordings/TestAccClientAddons.yaml
@@ -0,0 +1,146 @@
+---
+version: 2
+interactions:
+ - id: 0
+ request:
+ proto: HTTP/1.1
+ proto_major: 1
+ proto_minor: 1
+ content_length: 249
+ transfer_encoding: []
+ trailer: {}
+ host: terraform-provider-auth0-dev.eu.auth0.com
+ remote_addr: ""
+ request_uri: ""
+ body: |
+ {"name":"Acceptance Test - SSO Integration - TestAccClientAddons","app_type":"sso_integration","addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}}}
+ form: {}
+ headers:
+ Content-Type:
+ - application/json
+ User-Agent:
+ - Go-Auth0-SDK/latest
+ url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients
+ method: POST
+ response:
+ proto: HTTP/2.0
+ proto_major: 2
+ proto_minor: 0
+ transfer_encoding: []
+ trailer: {}
+ content_length: -1
+ uncompressed: false
+ body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+ headers:
+ Content-Type:
+ - application/json; charset=utf-8
+ status: 201 Created
+ code: 201
+ duration: 926.172ms
+ - id: 1
+ request:
+ proto: HTTP/1.1
+ proto_major: 1
+ proto_minor: 1
+ content_length: 5
+ transfer_encoding: []
+ trailer: {}
+ host: terraform-provider-auth0-dev.eu.auth0.com
+ remote_addr: ""
+ request_uri: ""
+ body: |
+ null
+ form: {}
+ headers:
+ Content-Type:
+ - application/json
+ User-Agent:
+ - Go-Auth0-SDK/latest
+ url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia
+ method: GET
+ response:
+ proto: HTTP/2.0
+ proto_major: 2
+ proto_minor: 0
+ transfer_encoding: []
+ trailer: {}
+ content_length: -1
+ uncompressed: true
+ body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+ headers:
+ Content-Type:
+ - application/json; charset=utf-8
+ status: 200 OK
+ code: 200
+ duration: 112.954083ms
+ - id: 2
+ request:
+ proto: HTTP/1.1
+ proto_major: 1
+ proto_minor: 1
+ content_length: 5
+ transfer_encoding: []
+ trailer: {}
+ host: terraform-provider-auth0-dev.eu.auth0.com
+ remote_addr: ""
+ request_uri: ""
+ body: |
+ null
+ form: {}
+ headers:
+ Content-Type:
+ - application/json
+ User-Agent:
+ - Go-Auth0-SDK/latest
+ url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia
+ method: GET
+ response:
+ proto: HTTP/2.0
+ proto_major: 2
+ proto_minor: 0
+ transfer_encoding: []
+ trailer: {}
+ content_length: -1
+ uncompressed: true
+ body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+ headers:
+ Content-Type:
+ - application/json; charset=utf-8
+ status: 200 OK
+ code: 200
+ duration: 118.992834ms
+ - id: 3
+ request:
+ proto: HTTP/1.1
+ proto_major: 1
+ proto_minor: 1
+ content_length: 0
+ transfer_encoding: []
+ trailer: {}
+ host: terraform-provider-auth0-dev.eu.auth0.com
+ remote_addr: ""
+ request_uri: ""
+ body: ""
+ form: {}
+ headers:
+ Content-Type:
+ - application/json
+ User-Agent:
+ - Go-Auth0-SDK/latest
+ url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia
+ method: DELETE
+ response:
+ proto: HTTP/2.0
+ proto_major: 2
+ proto_minor: 0
+ transfer_encoding: []
+ trailer: {}
+ content_length: 0
+ uncompressed: false
+ body: ""
+ headers:
+ Content-Type:
+ - application/json; charset=utf-8
+ status: 204 No Content
+ code: 204
+ duration: 211.839791ms