From c5402b75826faf74ef04a54e019a3661c136c319 Mon Sep 17 00:00:00 2001 From: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com> Date: Mon, 26 Jun 2023 12:04:42 +0200 Subject: [PATCH] Reintroduce support for aws client addon --- docs/data-sources/client.md | 19 ++ docs/data-sources/global_client.md | 19 ++ docs/resources/client.md | 19 ++ docs/resources/global_client.md | 19 ++ internal/acctest/acctest.go | 4 +- internal/auth0/client/expand.go | 44 ++++- internal/auth0/client/flatten.go | 20 +++ internal/auth0/client/resource.go | 38 +++- internal/auth0/client/resource_test.go | 164 ++---------------- test/data/recordings/TestAccClientAddons.yaml | 146 ++++++++++++++++ 10 files changed, 336 insertions(+), 156 deletions(-) create mode 100644 test/data/recordings/TestAccClientAddons.yaml diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md index 6df1ee423..65308fa37 100644 --- a/docs/data-sources/client.md +++ b/docs/data-sources/client.md @@ -32,6 +32,7 @@ data "auth0_client" "some-client-by-id" { ### Read-Only +- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons)) - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. @@ -67,6 +68,24 @@ data "auth0_client" "some-client-by-id" { - `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic). - `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode. + +### Nested Schema for `addons` + +Read-Only: + +- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws)) + + +### Nested Schema for `addons.aws` + +Read-Only: + +- `lifetime_in_seconds` (Number) +- `principal` (String) +- `role` (String) + + + ### Nested Schema for `jwt_configuration` diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md index 539319a84..3b5dbabf3 100644 --- a/docs/data-sources/global_client.md +++ b/docs/data-sources/global_client.md @@ -19,6 +19,7 @@ data "auth0_global_client" "global" {} ### Read-Only +- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons)) - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. @@ -56,6 +57,24 @@ data "auth0_global_client" "global" {} - `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic). - `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode. + +### Nested Schema for `addons` + +Read-Only: + +- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws)) + + +### Nested Schema for `addons.aws` + +Read-Only: + +- `lifetime_in_seconds` (Number) +- `principal` (String) +- `role` (String) + + + ### Nested Schema for `jwt_configuration` diff --git a/docs/resources/client.md b/docs/resources/client.md index 5d575b593..2220937b2 100644 --- a/docs/resources/client.md +++ b/docs/resources/client.md @@ -89,6 +89,7 @@ resource "auth0_client" "my_client" { ### Optional +- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons)) - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. @@ -129,6 +130,24 @@ resource "auth0_client" "my_client" { - `id` (String) The ID of this resource. - `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7. + +### Nested Schema for `addons` + +Optional: + +- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws)) + + +### Nested Schema for `addons.aws` + +Optional: + +- `lifetime_in_seconds` (Number) AWS token lifetime in seconds. +- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`. +- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`. + + + ### Nested Schema for `jwt_configuration` diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md index 61e1c7ebe..78b4c9e1b 100644 --- a/docs/resources/global_client.md +++ b/docs/resources/global_client.md @@ -31,6 +31,7 @@ PAGE ### Optional +- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons)) - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout. - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. @@ -72,6 +73,24 @@ PAGE - `id` (String) The ID of this resource. + +### Nested Schema for `addons` + +Optional: + +- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws)) + + +### Nested Schema for `addons.aws` + +Optional: + +- `lifetime_in_seconds` (Number) AWS token lifetime in seconds. +- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`. +- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`. + + + ### Nested Schema for `jwt_configuration` diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go index f100b071c..e68b29b48 100644 --- a/internal/acctest/acctest.go +++ b/internal/acctest/acctest.go @@ -58,7 +58,7 @@ func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string } func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) schema.ConfigureContextFunc { - return func(ctx context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) { + return func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) { domain := data.Get("domain").(string) debug := data.Get("debug").(bool) @@ -77,6 +77,8 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc authenticationOption := management.WithStaticToken(apiToken) if apiToken == "" { + ctx := context.Background() + authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret) if audience != "" { authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience) diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go index 2f7d79236..3556a7898 100644 --- a/internal/auth0/client/expand.go +++ b/internal/auth0/client/expand.go @@ -42,9 +42,9 @@ func expandClient(d *schema.ResourceData) *management.Client { ClientMetadata: expandClientMetadata(d), RefreshToken: expandClientRefreshToken(d), JWTConfiguration: expandClientJWTConfiguration(d), - // Addons: expandClientAddons(d), TODO: DXCDT-441 Add new go-auth0 v1-beta types. - NativeSocialLogin: expandClientNativeSocialLogin(d), - Mobile: expandClientMobile(d), + Addons: expandClientAddons(d), + NativeSocialLogin: expandClientNativeSocialLogin(d), + Mobile: expandClientMobile(d), } return client @@ -236,6 +236,44 @@ func expandClientMetadata(d *schema.ResourceData) *map[string]interface{} { return &newMetadataMap } +func expandClientAddons(d *schema.ResourceData) *management.ClientAddons { + if !d.HasChange("addons") { + return nil + } + + var addons management.ClientAddons + + d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) { + addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws")) + + return stop + }) + + if addons == (management.ClientAddons{}) { + return nil + } + + return &addons +} + +func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon { + var awsAddon management.AWSClientAddon + + awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) { + awsAddon.Principal = value.String(awsCfg.GetAttr("principal")) + awsAddon.Role = value.String(awsCfg.GetAttr("role")) + awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds")) + + return stop + }) + + if awsAddon == (management.AWSClientAddon{}) { + return nil + } + + return &awsAddon +} + func clientHasChange(c *management.Client) bool { return c.String() != "{}" } diff --git a/internal/auth0/client/flatten.go b/internal/auth0/client/flatten.go index 0e4c072e3..4969eb28e 100644 --- a/internal/auth0/client/flatten.go +++ b/internal/auth0/client/flatten.go @@ -88,3 +88,23 @@ func flattenClientMobile(mobile *management.ClientMobile) []interface{} { return []interface{}{m} } + +func flattenClientAddons(addons *management.ClientAddons) []interface{} { + if addons == nil { + return nil + } + + aws := map[string]interface{}{ + "principal": addons.GetAWS().GetPrincipal(), + "role": addons.GetAWS().GetRole(), + "lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(), + } + + return []interface{}{ + map[string]interface{}{ + "aws": []interface{}{ + aws, + }, + }, + } +} diff --git a/internal/auth0/client/resource.go b/internal/auth0/client/resource.go index ff3dab9dd..2bc91380f 100644 --- a/internal/auth0/client/resource.go +++ b/internal/auth0/client/resource.go @@ -481,6 +481,42 @@ func NewResource() *schema.Resource { Description: "List containing a map of the public cert of the signing key and the public cert " + "of the signing key in PKCS7.", }, + "addons": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "Addons enabled for this client and their associated configurations.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "aws": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "AWS Addon configuration.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "principal": { + Description: "AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.", + Type: schema.TypeString, + Optional: true, + }, + "role": { + Description: "AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.", + Type: schema.TypeString, + Optional: true, + }, + "lifetime_in_seconds": { + Description: "AWS token lifetime in seconds.", + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(900, 43200), + Optional: true, + }, + }, + }, + }, + }, + }, + }, }, } } @@ -541,7 +577,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag d.Set("jwt_configuration", flattenClientJwtConfiguration(client.GetJWTConfiguration())), d.Set("refresh_token", flattenClientRefreshTokenConfiguration(client.GetRefreshToken())), d.Set("encryption_key", client.GetEncryptionKey()), - // D.Set("addons", flattenClientAddons(client.Addons)), TODO: DXCDT-441 Add new go-auth0 v1-beta types. + d.Set("addons", flattenClientAddons(client.Addons)), d.Set("mobile", flattenClientMobile(client.GetMobile())), d.Set("initiate_login_uri", client.GetInitiateLoginURI()), d.Set("signing_keys", client.SigningKeys), diff --git a/internal/auth0/client/resource_test.go b/internal/auth0/client/resource_test.go index a3d7944ac..c9812c5cf 100644 --- a/internal/auth0/client/resource_test.go +++ b/internal/auth0/client/resource_test.go @@ -577,7 +577,7 @@ func TestAccClient(t *testing.T) { resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "false"), resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"), resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"), - + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"), resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "4"), @@ -636,7 +636,7 @@ func TestAccClient(t *testing.T) { resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"), resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"), resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"), - + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"), resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "5"), @@ -703,7 +703,7 @@ func TestAccClient(t *testing.T) { resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"), resource.TestCheckResourceAttr("auth0_client.my_client", "cross_origin_auth", "false"), resource.TestCheckResourceAttr("auth0_client.my_client", "mobile.#", "0"), - + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "native_social_login.#", "0"), resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"), resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "0"), @@ -738,171 +738,33 @@ func TestAccClient(t *testing.T) { }) } -const testAccCreateClientWithAddons = ` -resource "auth0_client" "my_client" { - name = "Acceptance Test - SSO Integration - {{.testName}}" - app_type = "sso_integration" - - addons { - firebase = { - client_email = "john.doe@example.com" - lifetime_in_seconds = 1 - private_key = "wer" - private_key_id = "qwreerwerwe" - } - - samlp { - issuer = "https://tableau-server-test.domain.eu.com/api/v1" - audience = "https://tableau-server-test.domain.eu.com/audience-different" - destination = "https://tableau-server-test.domain.eu.com/destination" - digest_algorithm = "sha256" - lifetime_in_seconds = 3600 - name_identifier_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" - name_identifier_probes = [ - "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" - ] - create_upn_claim = false - passthrough_claims_with_no_mapping = false - map_unknown_claims_as_is = false - map_identities = false - recipient = "https://tableau-server-test.domain.eu.com/recipient-different" - signing_cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n" - mappings = { - email = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" - name = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" - } - logout = { - callback = "https://example.com/callback" - slo_enabled = true - } - } - } -} -` - -const testAccCreateClientWithAddonsAndEmptyFields = ` +const testAccCreateClientWithAddonsAWS = ` resource "auth0_client" "my_client" { name = "Acceptance Test - SSO Integration - {{.testName}}" app_type = "sso_integration" addons { - firebase = { - client_email = "john.doe@example.com" - lifetime_in_seconds = 1 - private_key = "wer" - private_key_id = "qwreerwerwe" - } - - samlp { - issuer = "https://tableau-server-test.domain.eu.com/api/v3" - audience = "https://tableau-server-test.domain.eu.com/audience-different" - destination = "https://tableau-server-test.domain.eu.com/destination" - digest_algorithm = "sha256" - lifetime_in_seconds = 3600 - name_identifier_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" - name_identifier_probes = [] - create_upn_claim = false - passthrough_claims_with_no_mapping = false - map_unknown_claims_as_is = false - map_identities = false - recipient = "https://tableau-server-test.domain.eu.com/recipient-different" - signing_cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n" - mappings = {} - logout = {} + aws { + principal = "arn:aws:iam::010616021751:saml-provider/idpname" + role = "arn:aws:iam::010616021751:role/foo" + lifetime_in_seconds = 32000 } } } ` -const testAccCreateClientWithAddonsRemovedFromConfig = ` -resource "auth0_client" "my_client" { - name = "Acceptance Test - SSO Integration - {{.testName}}" - app_type = "sso_integration" - - # Unfortunately we can't set firebase and - # samlp addons set above, to empty. - # This is because we don't have properly - # defined structs for them in the Go SDK - # and neither here in the terraform provider. -} -` - -func TestAccClientSSOIntegrationWithSAML(t *testing.T) { - t.Skip() - +func TestAccClientAddons(t *testing.T) { acctest.Test(t, resource.TestCase{ Steps: []resource.TestStep{ { - Config: acctest.ParseTestName(testAccCreateClientWithAddons, t.Name()), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())), - resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.client_email", "john.doe@example.com"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.lifetime_in_seconds", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.lifetime_in_seconds", "3600"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_format", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.0", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.create_upn_claim", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.passthrough_claims_with_no_mapping", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_unknown_claims_as_is", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_identities", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "https://tableau-server-test.domain.eu.com/recipient-different"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.signing_cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.%", "2"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.%", "2"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.callback", "https://example.com/callback"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.slo_enabled", "true"), - ), - }, - { - Config: acctest.ParseTestName(testAccCreateClientWithAddonsAndEmptyFields, t.Name()), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())), - resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.client_email", "john.doe@example.com"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.lifetime_in_seconds", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v3"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.lifetime_in_seconds", "3600"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_format", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.name_identifier_probes.#", "0"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.create_upn_claim", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.passthrough_claims_with_no_mapping", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_unknown_claims_as_is", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.map_identities", "false"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "https://tableau-server-test.domain.eu.com/recipient-different"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.signing_cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.mappings.%", "0"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.logout.%", "0"), - ), - }, - { - Config: acctest.ParseTestName(testAccCreateClientWithAddonsRemovedFromConfig, t.Name()), + Config: acctest.ParseTestName(testAccCreateClientWithAddonsAWS, t.Name()), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())), resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"), resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.%", "4"), - resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"), + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.principal", "arn:aws:iam::010616021751:saml-provider/idpname"), + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.role", "arn:aws:iam::010616021751:role/foo"), + resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.lifetime_in_seconds", "32000"), ), }, }, diff --git a/test/data/recordings/TestAccClientAddons.yaml b/test/data/recordings/TestAccClientAddons.yaml new file mode 100644 index 000000000..59726611b --- /dev/null +++ b/test/data/recordings/TestAccClientAddons.yaml @@ -0,0 +1,146 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 249 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"name":"Acceptance Test - SSO Integration - TestAccClientAddons","app_type":"sso_integration","addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}}} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0-SDK/latest + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: false + body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 926.172ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 5 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + null + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0-SDK/latest + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 112.954083ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 5 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + null + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0-SDK/latest + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"name":"Acceptance Test - SSO Integration - TestAccClientAddons","client_id":"T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"aws":{"principal":"arn:aws:iam::010616021751:saml-provider/idpname","role":"arn:aws:iam::010616021751:role/foo","lifetime_in_seconds":32000}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 118.992834ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: terraform-provider-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0-SDK/latest + url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/T8mmXrIWvY8fOozSWa6jsyDAcilJ05ia + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 211.839791ms