auth0 · sergiught · Oct 12, 2022 · Oct 12, 2022 · sergiught · Oct 12, 2022
@@ -25,6 +25,11 @@ resource "auth0_custom_domain" "my_custom_domain" {
 - `domain` (String) Name of the custom domain.
 - `type` (String) Provisioning type for the custom domain. Options include `auth0_managed_certs` and `self_managed_certs`.
 
+### Optional
+
+- `custom_client_ip_header` (String) The HTTP header to fetch the client's IP address. Cannot be set on auth0_managed domains.
+- `tls_policy` (String) TLS policy for the custom domain. Available options are: `compatible` or `recommended`. Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. Cannot be set on self_managed domains.
+
 ### Read-Only
 
 - `id` (String) The ID of this resource.

@@ -5,7 +5,6 @@ import (
 	"net/http"
 
 	"github.com/auth0/go-auth0/management"
-	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -18,6 +17,7 @@ func newCustomDomain() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: createCustomDomain,
 		ReadContext:   readCustomDomain,
+		UpdateContext: updateCustomDomain,
 		DeleteContext: deleteCustomDomain,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -74,14 +74,34 @@ func newCustomDomain() *schema.Resource {
 					},
 				},
 			},
+			"custom_client_ip_header": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"cf-connecting-ip", "x-forwarded-for", "true-client-ip", "",
+				}, false),
+				Description: "The HTTP header to fetch the client's IP address. " +
+					"Cannot be set on auth0_managed domains.",
+			},
+			"tls_policy": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"compatible", "recommended",
+				}, false),
+				Description: "TLS policy for the custom domain. Available options are: `compatible` or `recommended`. " +
+					"Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. " +
+					"Cannot be set on self_managed domains.",
+			},
 		},
 	}
 }
 
 func createCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
 
-	customDomain := expandCustomDomain(d.GetRawConfig())
+	customDomain := expandCustomDomain(d)
 	if err := api.CustomDomain.Create(customDomain); err != nil {
 		return diag.FromErr(err)
 	}
@@ -109,6 +129,8 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}
 		d.Set("primary", customDomain.GetPrimary()),
 		d.Set("status", customDomain.GetStatus()),
 		d.Set("origin_domain_name", customDomain.GetOriginDomainName()),
+		d.Set("custom_client_ip_header", customDomain.GetCustomClientIPHeader()),
+		d.Set("tls_policy", customDomain.GetTLSPolicy()),
 	)
 
 	if customDomain.Verification != nil {
@@ -120,6 +142,21 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}
 	return diag.FromErr(result.ErrorOrNil())
 }
 
+func updateCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	api := m.(*management.Management)
+
+	customDomain := expandCustomDomain(d)
+	if err := api.CustomDomain.Update(d.Id(), customDomain); err != nil {
+		if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	return readCustomDomain(ctx, d, m)
+}
+
 func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
 
@@ -135,9 +172,18 @@ func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface
 	return nil
 }
 
-func expandCustomDomain(config cty.Value) *management.CustomDomain {
-	return &management.CustomDomain{
-		Domain: value.String(config.GetAttr("domain")),
-		Type:   value.String(config.GetAttr("type")),
+func expandCustomDomain(d *schema.ResourceData) *management.CustomDomain {
+	config := d.GetRawConfig()
+
+	customDomain := &management.CustomDomain{
+		TLSPolicy:            value.String(config.GetAttr("tls_policy")),
+		CustomClientIPHeader: value.String(config.GetAttr("custom_client_ip_header")),
 	}
+
+	if d.IsNewResource() {
+		customDomain.Domain = value.String(config.GetAttr("domain"))
+		customDomain.Type = value.String(config.GetAttr("type"))
+	}
+
+	return customDomain
 }
@@ -3,7 +3,6 @@ package provider
 import (
 	"fmt"
 	"log"
-	"os"
 	"strings"
 	"testing"
 
@@ -47,35 +46,135 @@ func init() {
 	})
 }
 
-func TestAccCustomDomain(t *testing.T) {
-	if os.Getenv("AUTH0_DOMAIN") != recorder.RecordingsDomain {
-		t.Skip()
-	}
+const testAccCreateSelfManagedCustomDomain = `
+resource "auth0_custom_domain" "my_custom_domain" {
+	domain = "{{.testName}}.auth.terraform-provider-auth0.com"
+	type = "self_managed_certs"
+}
+`
+
+const testAccUpdateSelfManagedCustomDomain = `
+resource "auth0_custom_domain" "my_custom_domain" {
+	domain = "{{.testName}}.auth.terraform-provider-auth0.com"
+	type = "self_managed_certs"
+	custom_client_ip_header = "true-client-ip"
+}
+`
+
+const testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader = `
+resource "auth0_custom_domain" "my_custom_domain" {
+	domain = "{{.testName}}.auth.terraform-provider-auth0.com"
+	type = "self_managed_certs"
+	custom_client_ip_header = ""
+}
+`
+
+const testAccCreateAuth0ManagedCustomDomain = `
+resource "auth0_custom_domain" "my_custom_domain" {
+	domain = "{{.testName}}.auth.terraform-provider-auth0.com"
+	type = "auth0_managed_certs"
+}
+`
 
+const testAccUpdateAuth0ManagedCustomDomain = `
+resource "auth0_custom_domain" "my_custom_domain" {
+	domain = "{{.testName}}.auth.terraform-provider-auth0.com"
+	type = "auth0_managed_certs"
+	tls_policy = "recommended"
+}
+`
+
+func TestAccCustomDomain(t *testing.T) {
 	httpRecorder := recorder.New(t)
 
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: testProviders(httpRecorder),
 		Steps: []resource.TestStep{
 			{
-				Config: template.ParseTestName(testAccCustomDomain, strings.ToLower(t.Name())),
+				Config: template.ParseTestName(testAccCreateSelfManagedCustomDomain, strings.ToLower(t.Name())),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"auth0_custom_domain.my_custom_domain",
+						"domain",
+						fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
+					),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomain, strings.ToLower(t.Name())),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"auth0_custom_domain.my_custom_domain",
+						"domain",
+						fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
+					),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", "true-client-ip"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader, strings.ToLower(t.Name())),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(
 						"auth0_custom_domain.my_custom_domain",
 						"domain",
-						fmt.Sprintf("%s.auth.uat.terraform-provider-auth0.com", strings.ToLower(t.Name())),
+						fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
+					),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccCreateAuth0ManagedCustomDomain, strings.ToLower(t.Name())),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"auth0_custom_domain.my_custom_domain",
+						"domain",
+						fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
 					),
 					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"),
 					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccUpdateAuth0ManagedCustomDomain, strings.ToLower(t.Name())),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"auth0_custom_domain.my_custom_domain",
+						"domain",
+						fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
+					),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
+					resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"),
 				),
 			},
 		},
 	})
 }
-
-const testAccCustomDomain = `
-resource "auth0_custom_domain" "my_custom_domain" {
-  domain = "{{.testName}}.auth.uat.terraform-provider-auth0.com"
-  type = "auth0_managed_certs"
-}
-`