auth0 · sergiught · Feb 14, 2023 · Feb 14, 2023 · Feb 14, 2023
@@ -0,0 +1,83 @@
+---
+page_title: "Data Source: auth0_attack_protection"
+description: |-
+  Use this data source to access information about the tenant's attack protection settings.
+---
+
+# Data Source: auth0_attack_protection
+
+Use this data source to access information about the tenant's attack protection settings.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `breached_password_detection` (List of Object) Breached password detection protects your applications from bad actors logging in with stolen credentials. (see [below for nested schema](#nestedatt--breached_password_detection))
+- `brute_force_protection` (List of Object) Brute-force protection safeguards against a single IP address attacking a single user account. (see [below for nested schema](#nestedatt--brute_force_protection))
+- `id` (String) The ID of this resource.
+- `suspicious_ip_throttling` (List of Object) Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. (see [below for nested schema](#nestedatt--suspicious_ip_throttling))
+
+<a id="nestedatt--breached_password_detection"></a>
+### Nested Schema for `breached_password_detection`
+
+Read-Only:
+
+- `admin_notification_frequency` (Set of String)
+- `enabled` (Boolean)
+- `method` (String)
+- `pre_user_registration` (List of Object) (see [below for nested schema](#nestedobjatt--breached_password_detection--pre_user_registration))
+- `shields` (Set of String)
+
+<a id="nestedobjatt--breached_password_detection--pre_user_registration"></a>
+### Nested Schema for `breached_password_detection.pre_user_registration`
+
+Read-Only:
+
+- `shields` (Set of String)
+
+
+
+<a id="nestedatt--brute_force_protection"></a>
+### Nested Schema for `brute_force_protection`
+
+Read-Only:
+
+- `allowlist` (Set of String)
+- `enabled` (Boolean)
+- `max_attempts` (Number)
+- `mode` (String)
+- `shields` (Set of String)
+
+
+<a id="nestedatt--suspicious_ip_throttling"></a>
+### Nested Schema for `suspicious_ip_throttling`
+
+Read-Only:
+
+- `allowlist` (Set of String)
+- `enabled` (Boolean)
+- `pre_login` (List of Object) (see [below for nested schema](#nestedobjatt--suspicious_ip_throttling--pre_login))
+- `pre_user_registration` (List of Object) (see [below for nested schema](#nestedobjatt--suspicious_ip_throttling--pre_user_registration))
+- `shields` (Set of String)
+
+<a id="nestedobjatt--suspicious_ip_throttling--pre_login"></a>
+### Nested Schema for `suspicious_ip_throttling.pre_login`
+
+Read-Only:
+
+- `max_attempts` (Number)
+- `rate` (Number)
+
+
+<a id="nestedobjatt--suspicious_ip_throttling--pre_user_registration"></a>
+### Nested Schema for `suspicious_ip_throttling.pre_user_registration`
+
+Read-Only:
+
+- `max_attempts` (Number)
+- `rate` (Number)
+
+
@@ -0,0 +1,29 @@
+package attackprotection
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	internalSchema "github.com/auth0/terraform-provider-auth0/internal/schema"
+)
+
+// NewDataSource will return a new auth0_attack_protection data source.
+func NewDataSource() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: readAttackProtectionForDataSource,
+		Description: "Use this data source to access information about the tenant's attack protection settings.",
+		Schema:      dataSourceSchema(),
+	}
+}
+
+func dataSourceSchema() map[string]*schema.Schema {
+	return internalSchema.TransformResourceToDataSource(NewResource().Schema)
+}
+
+func readAttackProtectionForDataSource(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	data.SetId(resource.UniqueId())
+	return readAttackProtection(ctx, data, meta)
+}
@@ -0,0 +1,93 @@
+package attackprotection_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/auth0/terraform-provider-auth0/internal/provider"
+	"github.com/auth0/terraform-provider-auth0/internal/recorder"
+)
+
+const testAccDataSourceAttackProtection = `
+resource "auth0_attack_protection" "my_protection" {
+	breached_password_detection {
+		enabled = true
+		shields = ["admin_notification","block"]
+		admin_notification_frequency = ["daily", "monthly"]
+		method = "standard"
+
+		pre_user_registration {
+			shields = ["block"]
+		}
+	}
+
+	brute_force_protection {
+		enabled = true
+		shields = ["user_notification","block"]
+		allowlist = ["127.0.0.1"]
+		max_attempts = 5
+		mode = "count_per_identifier"
+	}
+
+	suspicious_ip_throttling {
+		enabled = true
+		shields = ["block", "admin_notification"]
+		allowlist = ["127.0.0.1"]
+		pre_login {
+			max_attempts = 5
+			rate = 34560
+		}
+		pre_user_registration {
+			max_attempts = 5
+			rate = 34561
+		}
+	}
+}
+
+data "auth0_attack_protection" "test" {
+	depends_on = [ auth0_attack_protection.my_protection ]
+}
+`
+
+func TestAccDataSourceAttackProtection(t *testing.T) {
+	httpRecorder := recorder.New(t)
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: provider.TestFactories(httpRecorder),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAttackProtection,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "breached_password_detection.#", "1"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "breached_password_detection.0.%", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "breached_password_detection.0.enabled", "true"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "breached_password_detection.0.shields.*", "admin_notification"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "breached_password_detection.0.shields.*", "block"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "breached_password_detection.0.admin_notification_frequency.*", "daily"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "breached_password_detection.0.admin_notification_frequency.*", "monthly"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "breached_password_detection.0.method", "standard"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "breached_password_detection.0.pre_user_registration.0.shields.*", "block"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "brute_force_protection.#", "1"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "brute_force_protection.0.%", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "brute_force_protection.0.enabled", "true"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "brute_force_protection.0.shields.*", "block"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "brute_force_protection.0.shields.*", "user_notification"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "brute_force_protection.0.allowlist.*", "127.0.0.1"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "brute_force_protection.0.mode", "count_per_identifier"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "brute_force_protection.0.max_attempts", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.#", "1"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.%", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.enabled", "true"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.shields.*", "block"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.shields.*", "admin_notification"),
+					resource.TestCheckTypeSetElemAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.allowlist.*", "127.0.0.1"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.pre_login.0.max_attempts", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.pre_login.0.rate", "34560"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.pre_user_registration.0.max_attempts", "5"),
+					resource.TestCheckResourceAttr("data.auth0_attack_protection.test", "suspicious_ip_throttling.0.pre_user_registration.0.rate", "34561"),
+				),
+			},
+		},
+	})
+}
@@ -1,4 +1,4 @@
-package provider
+package attackprotection
 
 import (
 	"context"
@@ -14,7 +14,8 @@ import (
 	"github.com/auth0/terraform-provider-auth0/internal/value"
 )
 
-func newAttackProtection() *schema.Resource {
+// NewResource will return a new auth0_attack_protection resource.
+func NewResource() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: createAttackProtection,
 		ReadContext:   readAttackProtection,

@@ -1,10 +1,11 @@
-package provider
+package attackprotection_test
 
 import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 
+	"github.com/auth0/terraform-provider-auth0/internal/provider"
 	"github.com/auth0/terraform-provider-auth0/internal/recorder"
 )
 
@@ -58,7 +59,7 @@ func TestAccAttackProtectionBreachedPasswordDetection(t *testing.T) {
 	httpRecorder := recorder.New(t)
 
 	resource.Test(t, resource.TestCase{
-		ProviderFactories: TestFactories(httpRecorder),
+		ProviderFactories: provider.TestFactories(httpRecorder),
 		Steps: []resource.TestStep{
 			{
 				Config: testAccBreachedPasswordDetectionEnable,
@@ -162,7 +163,7 @@ func TestAccAttackProtectionBruteForceProtection(t *testing.T) {
 	httpRecorder := recorder.New(t)
 
 	resource.Test(t, resource.TestCase{
-		ProviderFactories: TestFactories(httpRecorder),
+		ProviderFactories: provider.TestFactories(httpRecorder),
 		Steps: []resource.TestStep{
 			{
 				Config: testAccBruteForceProtectionEnable,
@@ -266,7 +267,7 @@ func TestAccAttackProtectionSuspiciousIPThrottling(t *testing.T) {
 	httpRecorder := recorder.New(t)
 
 	resource.Test(t, resource.TestCase{
-		ProviderFactories: TestFactories(httpRecorder),
+		ProviderFactories: provider.TestFactories(httpRecorder),
 		Steps: []resource.TestStep{
 			{
 				Config: testAccSuspiciousIPThrottlingEnable,

@@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/meta"
 
+	"github.com/auth0/terraform-provider-auth0/internal/auth0/attackprotection"
 	"github.com/auth0/terraform-provider-auth0/internal/auth0/client"
 	"github.com/auth0/terraform-provider-auth0/internal/auth0/connection"
 	"github.com/auth0/terraform-provider-auth0/internal/auth0/organization"
@@ -109,18 +110,19 @@ func New() *schema.Provider {
 			"auth0_organization_member":        organization.NewMemberResource(),
 			"auth0_action":                     newAction(),
 			"auth0_trigger_binding":            newTriggerBinding(),
-			"auth0_attack_protection":          newAttackProtection(),
+			"auth0_attack_protection":          attackprotection.NewResource(),
 			"auth0_branding_theme":             newBrandingTheme(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"auth0_client":          client.NewDataSource(),
-			"auth0_global_client":   client.NewGlobalDataSource(),
-			"auth0_connection":      connection.NewDataSource(),
-			"auth0_organization":    organization.NewDataSource(),
-			"auth0_resource_server": resourceserver.NewDataSource(),
-			"auth0_tenant":          tenant.NewDataSource(),
-			"auth0_user":            user.NewDataSource(),
-			"auth0_role":            role.NewDataSource(),
+			"auth0_client":            client.NewDataSource(),
+			"auth0_global_client":     client.NewGlobalDataSource(),
+			"auth0_connection":        connection.NewDataSource(),
+			"auth0_organization":      organization.NewDataSource(),
+			"auth0_resource_server":   resourceserver.NewDataSource(),
+			"auth0_tenant":            tenant.NewDataSource(),
+			"auth0_user":              user.NewDataSource(),
+			"auth0_role":              role.NewDataSource(),
+			"auth0_attack_protection": attackprotection.NewDataSource(),
 		},
 	}