auth0 · sergiught · Jun 27, 2023 · Jun 27, 2023
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
@@ -32,6 +32,7 @@ data "auth0_client" "some-client-by-id" {
 
 ### Read-Only
 
+- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
 - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -67,6 +68,24 @@ data "auth0_client" "some-client-by-id" {
 - `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
 - `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.
 
+<a id="nestedatt--addons"></a>
+### Nested Schema for `addons`
+
+Read-Only:
+
+- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+
+<a id="nestedobjatt--addons--aws"></a>
+### Nested Schema for `addons.aws`
+
+Read-Only:
+
+- `lifetime_in_seconds` (Number)
+- `principal` (String)
+- `role` (String)
+
+
+
 <a id="nestedatt--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
@@ -19,6 +19,7 @@ data "auth0_global_client" "global" {}
 
 ### Read-Only
 
+- `addons` (List of Object) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedatt--addons))
 - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -56,6 +57,24 @@ data "auth0_global_client" "global" {}
 - `token_endpoint_auth_method` (String) Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
 - `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.
 
+<a id="nestedatt--addons"></a>
+### Nested Schema for `addons`
+
+Read-Only:
+
+- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+
+<a id="nestedobjatt--addons--aws"></a>
+### Nested Schema for `addons.aws`
+
+Read-Only:
+
+- `lifetime_in_seconds` (Number)
+- `principal` (String)
+- `role` (String)
+
+
+
 <a id="nestedatt--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

diff --git a/docs/resources/client.md b/docs/resources/client.md
@@ -89,6 +89,7 @@ resource "auth0_client" "my_client" {
 
 ### Optional
 
+- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
 - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -129,6 +130,24 @@ resource "auth0_client" "my_client" {
 - `id` (String) The ID of this resource.
 - `signing_keys` (List of Map of String, Sensitive) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
 
+<a id="nestedblock--addons"></a>
+### Nested Schema for `addons`
+
+Optional:
+
+- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+
+<a id="nestedblock--addons--aws"></a>
+### Nested Schema for `addons.aws`
+
+Optional:
+
+- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
+- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
+- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
+
+
+
 <a id="nestedblock--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
@@ -31,6 +31,7 @@ PAGE
 
 ### Optional
 
+- `addons` (Block List, Max: 1) Addons enabled for this client and their associated configurations. (see [below for nested schema](#nestedblock--addons))
 - `allowed_clients` (List of String) List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
 - `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
 - `allowed_origins` (List of String) URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
@@ -72,6 +73,24 @@ PAGE
 
 - `id` (String) The ID of this resource.
 
+<a id="nestedblock--addons"></a>
+### Nested Schema for `addons`
+
+Optional:
+
+- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+
+<a id="nestedblock--addons--aws"></a>
+### Nested Schema for `addons.aws`
+
+Optional:
+
+- `lifetime_in_seconds` (Number) AWS token lifetime in seconds.
+- `principal` (String) AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.
+- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
+
+
+
 <a id="nestedblock--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go
@@ -58,7 +58,7 @@ func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string
 }
 
 func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) schema.ConfigureContextFunc {
-	return func(ctx context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
+	return func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) {
 		domain := data.Get("domain").(string)
 		debug := data.Get("debug").(bool)
 
@@ -77,6 +77,8 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc
 
 			authenticationOption := management.WithStaticToken(apiToken)
 			if apiToken == "" {
+				ctx := context.Background()
+
 				authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
 				if audience != "" {
 					authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)

diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go
@@ -42,9 +42,9 @@ func expandClient(d *schema.ResourceData) *management.Client {
 		ClientMetadata:                 expandClientMetadata(d),
 		RefreshToken:                   expandClientRefreshToken(d),
 		JWTConfiguration:               expandClientJWTConfiguration(d),
-		// Addons:                         expandClientAddons(d), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
-		NativeSocialLogin: expandClientNativeSocialLogin(d),
-		Mobile:            expandClientMobile(d),
+		Addons:                         expandClientAddons(d),
+		NativeSocialLogin:              expandClientNativeSocialLogin(d),
+		Mobile:                         expandClientMobile(d),
 	}
 
 	return client
@@ -236,6 +236,44 @@ func expandClientMetadata(d *schema.ResourceData) *map[string]interface{} {
 	return &newMetadataMap
 }
 
+func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {
+	if !d.HasChange("addons") {
+		return nil
+	}
+
+	var addons management.ClientAddons
+
+	d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
+		addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))
+
+		return stop
+	})
+
+	if addons == (management.ClientAddons{}) {
+		return nil
+	}
+
+	return &addons
+}
+
+func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
+	var awsAddon management.AWSClientAddon
+
+	awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
+		awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
+		awsAddon.Role = value.String(awsCfg.GetAttr("role"))
+		awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))
+
+		return stop
+	})
+
+	if awsAddon == (management.AWSClientAddon{}) {
+		return nil
+	}
+
+	return &awsAddon
+}
+
 func clientHasChange(c *management.Client) bool {
 	return c.String() != "{}"
 }
diff --git a/internal/auth0/client/flatten.go b/internal/auth0/client/flatten.go
@@ -88,3 +88,25 @@ func flattenClientMobile(mobile *management.ClientMobile) []interface{} {
 
 	return []interface{}{m}
 }
+
+func flattenClientAddons(addons *management.ClientAddons) []interface{} {
+	if addons == nil {
+		return nil
+	}
+
+	m := map[string]interface{}{
+		"aws": nil,
+	}
+
+	if addons.GetAWS() != nil {
+		m["aws"] = []interface{}{
+			map[string]interface{}{
+				"principal":           addons.GetAWS().GetPrincipal(),
+				"role":                addons.GetAWS().GetRole(),
+				"lifetime_in_seconds": addons.GetAWS().GetLifetimeInSeconds(),
+			},
+		}
+	}
+
+	return []interface{}{m}
+}
diff --git a/internal/auth0/client/resource.go b/internal/auth0/client/resource.go
@@ -481,6 +481,43 @@ func NewResource() *schema.Resource {
 				Description: "List containing a map of the public cert of the signing key and the public cert " +
 					"of the signing key in PKCS7.",
 			},
+			"addons": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				MaxItems:    1,
+				Description: "Addons enabled for this client and their associated configurations.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"aws": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Computed:    true,
+							MaxItems:    1,
+							Description: "AWS Addon configuration.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"principal": {
+										Description: "AWS principal ARN, for example `arn:aws:iam::010616021751:saml-provider/idpname`.",
+										Type:        schema.TypeString,
+										Optional:    true,
+									},
+									"role": {
+										Description: "AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.",
+										Type:        schema.TypeString,
+										Optional:    true,
+									},
+									"lifetime_in_seconds": {
+										Description:  "AWS token lifetime in seconds.",
+										Type:         schema.TypeInt,
+										ValidateFunc: validation.IntBetween(900, 43200),
+										Optional:     true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -541,7 +578,7 @@ func readClient(ctx context.Context, d *schema.ResourceData, m interface{}) diag
 		d.Set("jwt_configuration", flattenClientJwtConfiguration(client.GetJWTConfiguration())),
 		d.Set("refresh_token", flattenClientRefreshTokenConfiguration(client.GetRefreshToken())),
 		d.Set("encryption_key", client.GetEncryptionKey()),
-		// D.Set("addons", flattenClientAddons(client.Addons)), TODO: DXCDT-441 Add new go-auth0 v1-beta types.
+		d.Set("addons", flattenClientAddons(client.Addons)),
 		d.Set("mobile", flattenClientMobile(client.GetMobile())),
 		d.Set("initiate_login_uri", client.GetInitiateLoginURI()),
 		d.Set("signing_keys", client.SigningKeys),