Add duo support to guardian resource

auth0 · Jul 3, 2022 · ced0d67 · ced0d67
1 parent f79ffca
commit ced0d67
Show file tree

Hide file tree

Showing 9 changed files with 1,115 additions and 60 deletions.
diff --git a/auth0/resource_auth0_guardian.go b/auth0/resource_auth0_guardian.go
@@ -163,6 +163,29 @@ func newGuardian() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"duo": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				MinItems: 0,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"integration_key": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"secret_key": {
+							Type:      schema.TypeString,
+							Required:  true,
+							Sensitive: true,
+						},
+						"hostname": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -229,6 +252,17 @@ func readGuardian(ctx context.Context, d *schema.ResourceData, m interface{}) di
 
 				result = multierror.Append(result, d.Set("webauthn_platform", webAuthnPlatform))
 			}
+		case "duo":
+			result = multierror.Append(result, d.Set("duo", nil))
+
+			if factor.GetEnabled() {
+				duo, err := flattenDUO(api)
+				if err != nil {
+					return diag.FromErr(err)
+				}
+
+				result = multierror.Append(result, d.Set("duo", duo))
+			}
 		}
 	}
 
@@ -261,6 +295,10 @@ func updateGuardian(ctx context.Context, d *schema.ResourceData, m interface{})
 		return diag.FromErr(err)
 	}
 
+	if err := updateDUO(d, api); err != nil {
+		return diag.FromErr(err)
+	}
+
 	return readGuardian(ctx, d, m)
 }
 
@@ -279,6 +317,12 @@ func deleteGuardian(ctx context.Context, d *schema.ResourceData, m interface{})
 	if err := api.Guardian.MultiFactor.WebAuthnRoaming.Enable(false); err != nil {
 		return diag.FromErr(err)
 	}
+	if err := api.Guardian.MultiFactor.WebAuthnPlatform.Enable(false); err != nil {
+		return diag.FromErr(err)
+	}
+	if err := api.Guardian.MultiFactor.DUO.Enable(false); err != nil {
+		return diag.FromErr(err)
+	}
 
 	d.SetId("")
 

diff --git a/auth0/resource_auth0_guardian_test.go b/auth0/resource_auth0_guardian_test.go
@@ -366,3 +366,47 @@ resource "auth0_guardian" "foo" {
 	policy = "all-applications"
 }
 `
+
+func TestAccGuardianDUO(t *testing.T) {
+	httpRecorder := configureHTTPRecorder(t)
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: testProviders(httpRecorder),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfigureDUOCreate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "duo.#", "1"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "duo.0.hostname", "api-hostname"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "duo.0.secret_key", "someSecret"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "duo.0.integration_key", "someKey"),
+				),
+			},
+			{
+				Config: testAccConfigureDUODelete,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "duo.#", "0"),
+				),
+			},
+		},
+	})
+}
+
+const testAccConfigureDUOCreate = `
+resource "auth0_guardian" "foo" {
+	policy = "all-applications"
+	duo {
+		integration_key = "someKey"
+		secret_key = "someSecret"
+		hostname = "api-hostname"
+	}
+}
+`
+
+const testAccConfigureDUODelete = `
+resource "auth0_guardian" "foo" {
+	policy = "all-applications"
+}
+`
diff --git a/auth0/structure_auth0_guardian.go b/auth0/structure_auth0_guardian.go
@@ -108,6 +108,21 @@ func flattenWebAuthnPlatform(api *management.Management) ([]interface{}, error)
 	return []interface{}{m}, nil
 }
 
+func flattenDUO(api *management.Management) ([]interface{}, error) {
+	duoSettings, err := api.Guardian.MultiFactor.DUO.Read()
+	if err != nil {
+		return nil, err
+	}
+
+	m := map[string]interface{}{
+		"integration_key": duoSettings.GetIntegrationKey(),
+		"secret_key":      duoSettings.GetSecretKey(),
+		"hostname":        duoSettings.GetHostname(),
+	}
+
+	return []interface{}{m}, nil
+}
+
 func updatePolicy(d *schema.ResourceData, api *management.Management) error {
 	if d.HasChange("policy") {
 		multiFactorPolicies := management.MultiFactorPolicies{}
@@ -314,3 +329,23 @@ func updateWebAuthnPlatform(d *schema.ResourceData, api *management.Management)
 
 	return api.Guardian.MultiFactor.WebAuthnPlatform.Enable(false)
 }
+
+func updateDUO(d *schema.ResourceData, api *management.Management) error {
+	if factorShouldBeUpdated(d, "duo") {
+		if err := api.Guardian.MultiFactor.DUO.Enable(true); err != nil {
+			return err
+		}
+
+		var duoSettings management.MultiFactorDUOSettings
+
+		List(d, "duo").Elem(func(d ResourceData) {
+			duoSettings.SecretKey = String(d, "secret_key")
+			duoSettings.Hostname = String(d, "hostname")
+			duoSettings.IntegrationKey = String(d, "integration_key")
+		})
+
+		return api.Guardian.MultiFactor.DUO.Update(&duoSettings)
+	}
+
+	return api.Guardian.MultiFactor.DUO.Enable(false)
+}