auth0 · willvedd · May 10, 2023 · May 9, 2023 · May 9, 2023 · May 9, 2023
@@ -37,6 +37,7 @@ data "auth0_user" "my_user" {
 - `name` (String) Name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
 - `nickname` (String) Preferred nickname or alias of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
 - `password` (String) Initial password for this user. Required for non-passwordless connections (SMS and email).
+- `permissions` (List of Object) Configuration settings for the credentials for the email provider. (see [below for nested schema](#nestedatt--permissions))
 - `phone_number` (String) Phone number for the user; follows the E.164 recommendation. Used for SMS connections.
 - `phone_verified` (Boolean) Indicates whether the phone number has been verified.
 - `picture` (String) Picture of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
@@ -45,4 +46,12 @@ data "auth0_user" "my_user" {
 - `username` (String) Username of the user. Only valid if the connection requires a username.
 - `verify_email` (Boolean) Indicates whether the user will receive a verification email after creation. Overrides behavior of `email_verified` parameter.
 
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `name` (String)
+- `resource_server_identifier` (String)
+
 
diff --git a/docs/index.md b/docs/index.md
@@ -33,17 +33,14 @@ better alternative.
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- `domain` (String) Your Auth0 domain name. It can also be sourced from the `AUTH0_DOMAIN` environment variable.
-
 ### Optional
 
 - `api_token` (String) Your Auth0 [management api access token](https://auth0.com/docs/security/tokens/access-tokens/management-api-access-tokens). It can also be sourced from the `AUTH0_API_TOKEN` environment variable. It can be used instead of `client_id` + `client_secret`. If both are specified, `api_token` will be used over `client_id` + `client_secret` fields.
 - `audience` (String) Your Auth0 audience when using a custom domain. It can also be sourced from the `AUTH0_AUDIENCE` environment variable.
 - `client_id` (String) Your Auth0 client ID. It can also be sourced from the `AUTH0_CLIENT_ID` environment variable.
 - `client_secret` (String) Your Auth0 client secret. It can also be sourced from the `AUTH0_CLIENT_SECRET` environment variable.
 - `debug` (Boolean) Indicates whether to turn on debug mode.
+- `domain` (String) Your Auth0 domain name. It can also be sourced from the `AUTH0_DOMAIN` environment variable.
 
 ## Environment Variables
 

@@ -60,6 +60,15 @@ resource "auth0_role" "admin" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
+- `permissions` (List of Object) Configuration settings for the credentials for the email provider. (see [below for nested schema](#nestedatt--permissions))
+
+<a id="nestedatt--permissions"></a>
+### Nested Schema for `permissions`
+
+Read-Only:
+
+- `name` (String)
+- `resource_server_identifier` (String)
 
 ## Import
 

@@ -66,6 +66,7 @@ func TestAccDataSourceUser(t *testing.T) {
 					resource.TestCheckResourceAttr("data.auth0_user.test", "nickname", strings.ToLower(t.Name())),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "picture", "https://www.example.com/picture.jpg"),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "roles.#", "2"),
+					resource.TestCheckResourceAttr("data.auth0_user.test", "permissions.#", "0"),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "user_metadata", `{"baz":"qux","foo":"bar"}`),
 					resource.TestCheckResourceAttr("data.auth0_user.test", "app_metadata", `{"baz":"qux","foo":"bar"}`),
 				),

@@ -153,6 +153,25 @@ func NewResource() *schema.Resource {
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Description: "Set of IDs of roles assigned to the user.",
 			},
+			"permissions": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Configuration settings for the credentials for the email provider.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of permission.",
+						},
+						"resource_server_identifier": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Resource server identifier associated with permission.",
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -209,6 +228,12 @@ func readUser(ctx context.Context, d *schema.ResourceData, m interface{}) diag.D
 	}
 	result = multierror.Append(result, d.Set("roles", flattenUserRoles(roleList)))
 
+	permissions, err := api.User.Permissions(*user.ID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	result = multierror.Append(result, d.Set("permissions", flattenUserPermissions(permissions)))
+
 	return diag.FromErr(result.ErrorOrNil())
 }
 
@@ -377,6 +402,17 @@ func flattenUserRoles(roleList *management.RoleList) []interface{} {
 	return roles
 }
 
+func flattenUserPermissions(permissionList *management.PermissionList) []interface{} {
+	var permissions []interface{}
+	for _, p := range permissionList.Permissions {
+		permissions = append(permissions, map[string]string{
+			"name":                       p.GetName(),
+			"resource_server_identifier": p.GetResourceServerIdentifier(),
+		})
+	}
+	return permissions
+}
+
 func validateUser(user *management.User) error {
 	validations := []validateUserFunc{
 		validateNoUsernameAndPasswordSimultaneously(),

@@ -172,6 +172,7 @@ func TestAccUser(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_user.user", "user_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "app_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "roles.#", "0"),
+					resource.TestCheckResourceAttr("auth0_user.user", "permissions.#", "0"),
 				),
 			},
 			{
@@ -204,6 +205,7 @@ func TestAccUser(t *testing.T) {
 				Config: acctest.ParseTestName(testAccUserUpdateRemovingMetadata, strings.ToLower(t.Name())),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("auth0_user.user", "roles.#", "0"),
+					resource.TestCheckResourceAttr("auth0_user.user", "permissions.#", "0"),
 					resource.TestCheckResourceAttr("auth0_user.user", "user_metadata", ""),
 					resource.TestCheckResourceAttr("auth0_user.user", "app_metadata", ""),
 				),