From a67fab9724d4da953c785d1177c69f0e4070cb3d Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 11:15:29 -0500 Subject: [PATCH 01/15] Adding attack protection resource, added to provider, updated Go SDK to 0.6.0 --- auth0/provider.go | 1 + auth0/resource_auth0_attack_protection.go | 342 ++++++++++++++++++++++ go.mod | 2 +- go.sum | 2 + 4 files changed, 346 insertions(+), 1 deletion(-) create mode 100644 auth0/resource_auth0_attack_protection.go diff --git a/auth0/provider.go b/auth0/provider.go index 06e0c0353..59ea8be21 100644 --- a/auth0/provider.go +++ b/auth0/provider.go @@ -77,6 +77,7 @@ func Provider() *schema.Provider { "auth0_organization": newOrganization(), "auth0_action": newAction(), "auth0_trigger_binding": newTriggerBinding(), + "auth0_attack_protection": newAttackProtection(), }, DataSourcesMap: map[string]*schema.Resource{ "auth0_client": newDataClient(), diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go new file mode 100644 index 000000000..0d5f9ca38 --- /dev/null +++ b/auth0/resource_auth0_attack_protection.go @@ -0,0 +1,342 @@ +package auth0 + +import ( + "fmt" + "net/http" + + "github.com/auth0/go-auth0/management" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" +) + +func newAttackProtection() *schema.Resource { + return &schema.Resource{ + Create: createAttackProtection, + Read: readAttackProtection, + Update: updateAttackProtection, + Delete: deleteAttackProtection, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "breached_password_protection": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Whether or not breached password detection is active.", + }, + "shields": { + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + "block", + "user_notification", + "admin_notification", + }, false), + }, + Optional: true, + MinItems: 0, + Description: "Action to take when a breached password is detected.", + }, + "admin_notification_frequency": { + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + "immediately", + "daily", + "weekly", + "monthly", + }, false), + }, + Optional: true, + MinItems: 0, + Description: "When \"admin_notification\" is enabled, determines how often email notifications are sent.", + }, + "method": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{ + "standard", "enhanced", + }, false), + Description: "The subscription level for breached password detection methods. Use \"enhanced\" to enable Credential Guard.", + }, + }, + }, + }, + "brute_force_protection": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Whether or not brute force attack protections are active.", + }, + "shields": { + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + "block", + "user_notification", + }, false), + }, + Optional: true, + MinItems: 0, + Description: "Action to take when a brute force protection threshold is violated.", + }, + "allowlist": { + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Optional: true, + MinItems: 0, + Description: "List of trusted IP addresses that will not have attack protection enforced against them.", + }, + "mode": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{ + "count_per_identifier_and_ip", "count_per_identifier", + }, false), + Description: "Account Lockout: Determines whether or not IP address is used when counting failed attempts.", + }, + "max_attempts": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + Description: "Maximum number of unsuccessful attempts.", + }, + }, + }, + }, + "suspicious_ip_throttling": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Whether or not suspicious IP throttling attack protections are active.", + }, + "shields": { + Type: schema.TypeList, + Optional: true, + MinItems: 0, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + "block", + "admin_notification", + }, false), + }, + Description: "Action to take when a suspicious IP throttling threshold is violated.", + }, + "allowlist": { + Type: schema.TypeList, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Optional: true, + MinItems: 0, + Description: "List of trusted IP addresses that will not have attack protection enforced against them.", + }, + "pre_login": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Description: "Configuration options that apply before every login attempt.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_attempts": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + Description: "Total number of attempts allowed per day.", + }, + "rate": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + Description: "Interval of time, given in milliseconds, at which new attempts are granted.", + }, + }, + }, + }, + "pre_user_registration": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Description: "Configuration options that apply before every user registration attempt.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_attempts": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + Description: "Total number of attempts allowed.", + }, + "rate": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + Description: "Interval of time, given in milliseconds, at which new attempts are granted.", + }, + }, + }, + }, + }, + }, + }, + }, + } +} + +func readAttackProtection(d *schema.ResourceData, m interface{}) error { + api := m.(*management.Management) + ipThrottling, err := api.AttackProtection.GetSuspiciousIPThrottling() + if err != nil { + if mErr, ok := err.(management.Error); ok { + if mErr.Status() == http.StatusNotFound { + d.SetId("") + return nil + } + } + return err + } + + d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)) + + bruteForce, err := api.AttackProtection.GetBruteForceProtection() + if err != nil { + if mErr, ok := err.(management.Error); ok { + if mErr.Status() == http.StatusNotFound { + d.SetId("") + return nil + } + } + return err + } + + d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)) + + breachedPasswords, err := api.AttackProtection.GetBreachedPasswordDetection() + if err != nil { + if mErr, ok := err.(management.Error); ok { + if mErr.Status() == http.StatusNotFound { + d.SetId("") + return nil + } + } + return err + } + + d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)) + + return nil +} + +func flattenSuspiciousIPThrottling(ipt *management.SuspiciousIPThrottling) []interface{} { + m := make(map[string]interface{}) + if ipt != nil { + m["enabled"] = ipt.Enabled + m["allow_list"] = ipt.AllowList + m["shields"] = ipt.Shields + m["pre_login"] = ipt.Stage.PreLogin + m["pre_user_registration"] = ipt.Stage.PreUserRegistration + } + return []interface{}{m} +} + +func flattenBruteForceProtection(bfp *management.BruteForceProtection) []interface{} { + m := make(map[string]interface{}) + if bfp != nil { + m["enabled"] = bfp.Enabled + m["max_attempts"] = bfp.MaxAttempts + m["mode"] = bfp.Mode + m["allow_list"] = bfp.AllowList + m["shields"] = bfp.Shields + } + return []interface{}{m} +} + +func flattenBreachedPasswordProtection(bpd *management.BreachedPasswordDetection) []interface{} { + m := make(map[string]interface{}) + if bpd != nil { + m["enabled"] = bpd.Enabled + m["admin_notification_frequency"] = bpd.AdminNotificationFrequency + m["method"] = bpd.Method + m["shields"] = bpd.Shields + } + return []interface{}{m} +} + +func updateAttackProtection(d *schema.ResourceData, m interface{}) error { + ipt := expandSuspiciousIPThrottling(d) + api := m.(*management.Management) + err := api.AttackProtection.UpdateSuspiciousIPThrottling(ipt) + if err != nil { + return err + } + + return readAttackProtection(d, m) +} + +func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.SuspiciousIPThrottling { + ipt := &management.SuspiciousIPThrottling{} + + List(d, "suspicious_ip_throttling", IsNewResource(), HasChange()).Elem(func(d ResourceData) { + shields := []string{} + for _, s := range d.Get("shields").([]interface{}) { + shields = append(shields, fmt.Sprintf("%s", s)) + } + + // allowlist := []string{} + // for _, a := range d.Get("shields").([]interface{}) { + // allowlist = append(shields, fmt.Sprintf("%s", a)) + // } + + ipt = &management.SuspiciousIPThrottling{ + Enabled: Bool(d, "enabled"), + Shields: &shields, + //AllowList: &allowlist, + Stage: &management.Stage{ + PreLogin: nil, + PreUserRegistration: nil, + }, + } + }) + + return ipt +} + +func createAttackProtection(d *schema.ResourceData, m interface{}) error { + d.SetId(resource.UniqueId()) + return updateAttackProtection(d, m) +} + +func deleteAttackProtection(d *schema.ResourceData, m interface{}) error { + d.SetId("") + return nil +} diff --git a/go.mod b/go.mod index 71c007c37..ee60717f5 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/auth0/terraform-provider-auth0 go 1.16 require ( - github.com/auth0/go-auth0 v0.5.0 + github.com/auth0/go-auth0 v0.6.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/terraform-plugin-sdk v1.16.1 ) diff --git a/go.sum b/go.sum index 752313e97..795973cc9 100644 --- a/go.sum +++ b/go.sum @@ -61,6 +61,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/auth0/go-auth0 v0.5.0 h1:GRXS+7yr4H7P726nwmXDtBC6LA8IcmlYHYjr3nkC98Y= github.com/auth0/go-auth0 v0.5.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= +github.com/auth0/go-auth0 v0.6.0 h1:deJQmRe4QdjOnmzGWbwtzdzMfpbHa05338jMlJ/WN/o= +github.com/auth0/go-auth0 v0.6.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= From f5aa993113836fa128a9b0dc682882e4fb9df929 Mon Sep 17 00:00:00 2001 From: Sergiu Ghitea Date: Tue, 1 Mar 2022 18:48:49 +0100 Subject: [PATCH 02/15] Some fixes during pair programming --- auth0/resource_auth0_attack_protection.go | 63 ++++++++++++++++------- 1 file changed, 45 insertions(+), 18 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 0d5f9ca38..c52195a9c 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -20,7 +20,7 @@ func newAttackProtection() *schema.Resource { State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ - "breached_password_protection": { + "breached_password_detection": { Type: schema.TypeList, Optional: true, MaxItems: 1, @@ -215,6 +215,7 @@ func newAttackProtection() *schema.Resource { func readAttackProtection(d *schema.ResourceData, m interface{}) error { api := m.(*management.Management) + ipThrottling, err := api.AttackProtection.GetSuspiciousIPThrottling() if err != nil { if mErr, ok := err.(management.Error); ok { @@ -226,7 +227,9 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)) + if err = d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)); err != nil { + return err + } bruteForce, err := api.AttackProtection.GetBruteForceProtection() if err != nil { @@ -239,7 +242,9 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)) + if err = d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)); err != nil { + return err + } breachedPasswords, err := api.AttackProtection.GetBreachedPasswordDetection() if err != nil { @@ -252,7 +257,9 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)) + if err = d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)); err != nil { + return err + } return nil } @@ -261,10 +268,20 @@ func flattenSuspiciousIPThrottling(ipt *management.SuspiciousIPThrottling) []int m := make(map[string]interface{}) if ipt != nil { m["enabled"] = ipt.Enabled - m["allow_list"] = ipt.AllowList + m["allowlist"] = ipt.AllowList m["shields"] = ipt.Shields - m["pre_login"] = ipt.Stage.PreLogin - m["pre_user_registration"] = ipt.Stage.PreUserRegistration + m["pre_login"] = []interface{}{ + map[string]int{ + "max_attempts": ipt.Stage.PreLogin.GetMaxAttempts(), + "rate": ipt.Stage.PreLogin.GetRate(), + }, + } + m["pre_user_registration"] = []interface{}{ + map[string]int{ + "max_attempts": ipt.Stage.PreUserRegistration.GetMaxAttempts(), + "rate": ipt.Stage.PreUserRegistration.GetRate(), + }, + } } return []interface{}{m} } @@ -275,7 +292,7 @@ func flattenBruteForceProtection(bfp *management.BruteForceProtection) []interfa m["enabled"] = bfp.Enabled m["max_attempts"] = bfp.MaxAttempts m["mode"] = bfp.Mode - m["allow_list"] = bfp.AllowList + m["allowlist"] = bfp.AllowList m["shields"] = bfp.Shields } return []interface{}{m} @@ -307,25 +324,35 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious ipt := &management.SuspiciousIPThrottling{} List(d, "suspicious_ip_throttling", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - shields := []string{} + var shields []string for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - // allowlist := []string{} - // for _, a := range d.Get("shields").([]interface{}) { - // allowlist = append(shields, fmt.Sprintf("%s", a)) - // } + var allowlist []string + for _, a := range d.Get("allowlist").([]interface{}) { + allowlist = append(allowlist, fmt.Sprintf("%s", a)) + } ipt = &management.SuspiciousIPThrottling{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - //AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, Stage: &management.Stage{ - PreLogin: nil, - PreUserRegistration: nil, + PreUserRegistration: &management.PreUserRegistration{}, + PreLogin: &management.PreLogin{}, }, } + + List(d, "pre_login").Elem(func(d ResourceData) { + ipt.Stage.PreLogin.MaxAttempts = Int(d, "max_attempts") + ipt.Stage.PreLogin.Rate = Int(d, "rate") + }) + + List(d, "pre_user_registration").Elem(func(d ResourceData) { + ipt.Stage.PreUserRegistration.MaxAttempts = Int(d, "max_attempts") + ipt.Stage.PreUserRegistration.Rate = Int(d, "rate") + }) }) return ipt From 3789ae599ae0f3e338efa67afa694db246811501 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 16:56:12 -0500 Subject: [PATCH 03/15] Adding docs, example and descriptions --- auth0/resource_auth0_attack_protection.go | 27 ++++---- docs/resources/attack_protection.md | 76 +++++++++++++++++++++++ example/attack_protection/main.tf | 17 +++++ 3 files changed, 108 insertions(+), 12 deletions(-) create mode 100644 docs/resources/attack_protection.md create mode 100644 example/attack_protection/main.tf diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 0d5f9ca38..1042df759 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -21,10 +21,11 @@ func newAttackProtection() *schema.Resource { }, Schema: map[string]*schema.Schema{ "breached_password_protection": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - MinItems: 1, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Description: "Breached password detection protects your applications from bad actors logging in with stolen credentials.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { @@ -74,10 +75,11 @@ func newAttackProtection() *schema.Resource { }, }, "brute_force_protection": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - MinItems: 1, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Description: "Brute-force protection safeguards against a single IP address attacking a single user account.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { @@ -126,10 +128,11 @@ func newAttackProtection() *schema.Resource { }, }, "suspicious_ip_throttling": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - MinItems: 1, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + MinItems: 1, + Description: "Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { diff --git a/docs/resources/attack_protection.md b/docs/resources/attack_protection.md new file mode 100644 index 000000000..226420b32 --- /dev/null +++ b/docs/resources/attack_protection.md @@ -0,0 +1,76 @@ +--- +layout: "auth0" +page_title: "Auth0: auth0_attack_protection" +description: |- + Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA. +--- + +# auth0_attack_protection + +Auth0 can detect attacks and stop malicious attempts to access your application such as blocking traffic from certain IPs and displaying CAPTCHA + +## Example Usage + +```hcl +resource "auth0_attack_protection" "attack_protection" { + suspicious_ip_throttling { + enabled = true + shields = ["block", "admin_notification"] + allowlist = ["127.0.0.1"] + pre_user_registration { + max_attempts = 1 + rate = 3600 + } + pre_login { + max_attempts = 1 + rate = 3600 + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `breached_password_detection` - (Optional) Breached password detection protects your applications from bad actors logging in with stolen credentials. +* `suspicious_ip_throttling` - (Optional) Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. +* `brute_force_protection` - (Optional) Safeguards against a single IP address attacking a single user account. + +### brute_force_protection + +The following arguments are supported for `brute_force_protection`: + +* `enabled` - (Optional) Boolean if feature enabled +* `shields` - (Optional) +* `allowlist` - (Optional) +* `mode` - (Optional) +* `max_attempts` - (Optional) Number of + +### suspicious_ip_throttling + +The following arguments are supported for `suspicious_ip_throttling`: + +* `enabled` - (Optional) Boolean if feature enabled +* `shields` - (Optional) +* `allowlist` - (Optional) +* `pre_login` - (Optional) +* `pre_user_registration` - (Optional) + +### brute_force_protection + +* `enabled` - (Optional) Boolean if feature enabled +* `shields` - (Optional) +* `allowlist` - (Optional) +* `mode` - (Optional) +* `max_attempts` - (Optional) + + +## Import + +As this is not a resource identifiable by an ID within the Auth0 Management API, guardian can be imported using a random +string. We recommend [Version 4 UUID](https://www.uuidgenerator.net/version4) e.g. + +```shell +$ terraform import auth0_guardian.default 24940d4b-4bd4-44e7-894e-f92e4de36a40 +``` \ No newline at end of file diff --git a/example/attack_protection/main.tf b/example/attack_protection/main.tf new file mode 100644 index 000000000..55a982f77 --- /dev/null +++ b/example/attack_protection/main.tf @@ -0,0 +1,17 @@ +provider "auth0" {} + +resource "auth0_attack_protection" "attack_protection" { + suspicious_ip_throttling { + enabled = true + shields = ["block", "admin_notification"] + allowlist = ["127.0.0.1"] + pre_user_registration { + max_attempts = 1 + rate = 3600 + } + pre_login { + max_attempts = 1 + rate = 3600 + } + } +} From fe8a69af1c287b1af6a18b0ad794ce1aa8e24681 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 17:13:30 -0500 Subject: [PATCH 04/15] Adding expand functions for breached password detection and brute force protection --- auth0/resource_auth0_attack_protection.go | 66 ++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 9111a3fbf..9a058ed1e 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -313,13 +313,26 @@ func flattenBreachedPasswordProtection(bpd *management.BreachedPasswordDetection } func updateAttackProtection(d *schema.ResourceData, m interface{}) error { - ipt := expandSuspiciousIPThrottling(d) api := m.(*management.Management) + + ipt := expandSuspiciousIPThrottling(d) err := api.AttackProtection.UpdateSuspiciousIPThrottling(ipt) if err != nil { return err } + bfp := expandBruteForceProtection(d) + err = api.AttackProtection.UpdateBruteForceProtection(bfp) + if err != nil { + return err + } + + bpd := expandBreachedPasswordDetection(d) + err = api.AttackProtection.UpdateBreachedPasswordDetection(bpd) + if err != nil { + return err + } + return readAttackProtection(d, m) } @@ -361,6 +374,57 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious return ipt } +func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForceProtection { + bfp := &management.BruteForceProtection{} + + List(d, "brute_force_protection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { + var shields []string + for _, s := range d.Get("shields").([]interface{}) { + shields = append(shields, fmt.Sprintf("%s", s)) + } + + var allowlist []string + for _, a := range d.Get("allowlist").([]interface{}) { + allowlist = append(allowlist, fmt.Sprintf("%s", a)) + } + + bfp = &management.BruteForceProtection{ + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, + Mode: String(d, "mode"), + MaxAttempts: Int(d, "max_attempts"), + } + }) + + return bfp +} + +func expandBreachedPasswordDetection(d *schema.ResourceData) *management.BreachedPasswordDetection { + bpd := &management.BreachedPasswordDetection{} + + List(d, "breached_password_detection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { + var shields []string + for _, s := range d.Get("shields").([]interface{}) { + shields = append(shields, fmt.Sprintf("%s", s)) + } + + var notificationFreq []string + for _, a := range d.Get("admin_notification_frequency").([]interface{}) { + notificationFreq = append(notificationFreq, fmt.Sprintf("%s", a)) + } + + bpd = &management.BreachedPasswordDetection{ + Enabled: Bool(d, "enabled"), + Shields: &shields, + Method: String(d, "method"), + AdminNotificationFrequency: ¬ificationFreq, + } + }) + + return bpd +} + func createAttackProtection(d *schema.ResourceData, m interface{}) error { d.SetId(resource.UniqueId()) return updateAttackProtection(d, m) From 4552c3b7b2bd51c2f1ac1f4f171f2ea7aa7151be Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 17:20:30 -0500 Subject: [PATCH 05/15] Adding more to documentation --- docs/resources/attack_protection.md | 31 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/docs/resources/attack_protection.md b/docs/resources/attack_protection.md index 226420b32..917689984 100644 --- a/docs/resources/attack_protection.md +++ b/docs/resources/attack_protection.md @@ -41,29 +41,28 @@ The following arguments are supported: The following arguments are supported for `brute_force_protection`: -* `enabled` - (Optional) Boolean if feature enabled -* `shields` - (Optional) -* `allowlist` - (Optional) -* `mode` - (Optional) -* `max_attempts` - (Optional) Number of +* `enabled` - (Optional) Whether or not brute force attack protections are active. +* `shields` - (Optional) Action to take when a brute force protection threshold is violated. Possible values: `block`, `user_notification`. +* `allowlist` - (Optional) List of trusted IP addresses that will not have attack protection enforced against them. +* `mode` - (Optional) Determines whether or not IP address is used when counting failed attempts. Possible values: `count_per_identifier_and_ip` or `count_per_identifier`. +* `max_attempts` - (Optional) Maximum number of unsuccessful attempts. ### suspicious_ip_throttling The following arguments are supported for `suspicious_ip_throttling`: -* `enabled` - (Optional) Boolean if feature enabled -* `shields` - (Optional) -* `allowlist` - (Optional) -* `pre_login` - (Optional) -* `pre_user_registration` - (Optional) +* `enabled` - (Optional) Whether or not suspicious IP throttling attack protections are active. +* `shields` - (Optional) Action to take when a suspicious IP throttling threshold is violated. Possible values: `block`, `admin_notification`. +* `allowlist` - (Optional) List of trusted IP addresses that will not have attack protection enforced against them. +* `pre_login` - (Optional) Configuration options that apply before every login attempt. +* `pre_user_registration` - (Optional) Configuration options that apply before every user registration attempt. -### brute_force_protection +### breached_password_protection -* `enabled` - (Optional) Boolean if feature enabled -* `shields` - (Optional) -* `allowlist` - (Optional) -* `mode` - (Optional) -* `max_attempts` - (Optional) +* `enabled` - (Optional) Whether or not breached password detection is active. +* `shields` - (Optional) Action to take when a breached password is detected. Possible values: `block`, `user_notification`, `admin_notification`. +* `admin_notification_frequency` - (Optional) When "admin_notification" is enabled, determines how often email notifications are sent. Possible values: `immediately`, `daily`, `weekly`, `monthly`. +* `method` - (Optional) The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`. ## Import From 73c245d473ff9c4a051f6e6683d7d05ff12b7cf1 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 17:42:38 -0500 Subject: [PATCH 06/15] Updating docs and example, fixing issue where nil would be sent instead of empty array --- auth0/resource_auth0_attack_protection.go | 36 +++++++++++------------ docs/resources/attack_protection.md | 29 +++++++++++++----- example/attack_protection/main.tf | 29 +++++++++++++----- 3 files changed, 60 insertions(+), 34 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 9a058ed1e..45ee828d6 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -340,20 +340,20 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious ipt := &management.SuspiciousIPThrottling{} List(d, "suspicious_ip_throttling", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var allowlist []string - for _, a := range d.Get("allowlist").([]interface{}) { - allowlist = append(allowlist, fmt.Sprintf("%s", a)) - } + // var allowlist []string + // for _, a := range d.Get("allowlist").([]interface{}) { + // allowlist = append(allowlist, fmt.Sprintf("%s", a)) + // } ipt = &management.SuspiciousIPThrottling{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + //AllowList: &allowlist, Stage: &management.Stage{ PreUserRegistration: &management.PreUserRegistration{}, PreLogin: &management.PreLogin{}, @@ -378,20 +378,20 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr bfp := &management.BruteForceProtection{} List(d, "brute_force_protection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var allowlist []string - for _, a := range d.Get("allowlist").([]interface{}) { - allowlist = append(allowlist, fmt.Sprintf("%s", a)) - } + // var allowlist []string + // for _, a := range d.Get("allowlist").([]interface{}) { + // allowlist = append(allowlist, fmt.Sprintf("%s", a)) + // } bfp = &management.BruteForceProtection{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + //AllowList: &allowlist, Mode: String(d, "mode"), MaxAttempts: Int(d, "max_attempts"), } @@ -404,12 +404,12 @@ func expandBreachedPasswordDetection(d *schema.ResourceData) *management.Breache bpd := &management.BreachedPasswordDetection{} List(d, "breached_password_detection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var notificationFreq []string + notificationFreq := []string{} for _, a := range d.Get("admin_notification_frequency").([]interface{}) { notificationFreq = append(notificationFreq, fmt.Sprintf("%s", a)) } diff --git a/docs/resources/attack_protection.md b/docs/resources/attack_protection.md index 917689984..678ce8483 100644 --- a/docs/resources/attack_protection.md +++ b/docs/resources/attack_protection.md @@ -15,17 +15,30 @@ Auth0 can detect attacks and stop malicious attempts to access your application resource "auth0_attack_protection" "attack_protection" { suspicious_ip_throttling { enabled = true - shields = ["block", "admin_notification"] - allowlist = ["127.0.0.1"] - pre_user_registration { - max_attempts = 1 - rate = 3600 - } + shields = ["admin_notification", "block"] + allowlist = ["192.168.1.1"] pre_login { - max_attempts = 1 - rate = 3600 + max_attempts = 100 + rate = 864000 + } + pre_user_registration { + max_attempts = 50 + rate = 1200 } } + brute_force_protection { + allowlist = ["127.0.0.1"] + enabled = true + max_attempts = 5 + mode = "count_per_identifier_and_ip" + shields = ["block", "user_notification"] + } + breached_password_detection { + admin_notification_frequency = ["daily"] + enabled = true + method = "standard" + shields = ["admin_notification", "block"] + } } ``` diff --git a/example/attack_protection/main.tf b/example/attack_protection/main.tf index 55a982f77..1406ada32 100644 --- a/example/attack_protection/main.tf +++ b/example/attack_protection/main.tf @@ -3,15 +3,28 @@ provider "auth0" {} resource "auth0_attack_protection" "attack_protection" { suspicious_ip_throttling { enabled = true - shields = ["block", "admin_notification"] - allowlist = ["127.0.0.1"] - pre_user_registration { - max_attempts = 1 - rate = 3600 - } + shields = ["admin_notification", "block"] + allowlist = ["192.168.1.1"] pre_login { - max_attempts = 1 - rate = 3600 + max_attempts = 100 + rate = 864000 + } + pre_user_registration { + max_attempts = 50 + rate = 1200 } } + brute_force_protection { + allowlist = ["127.0.0.1"] + enabled = true + max_attempts = 5 + mode = "count_per_identifier_and_ip" + shields = ["block", "user_notification"] + } + breached_password_detection { + admin_notification_frequency = ["daily"] + enabled = true + method = "standard" + shields = ["admin_notification", "block"] + } } From ed3a43da0ca92ab01116089eb66a4744939aea58 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 17:53:06 -0500 Subject: [PATCH 07/15] Removing commented-out code --- auth0/resource_auth0_attack_protection.go | 28 +++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 45ee828d6..c39f94d19 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -345,15 +345,15 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious shields = append(shields, fmt.Sprintf("%s", s)) } - // var allowlist []string - // for _, a := range d.Get("allowlist").([]interface{}) { - // allowlist = append(allowlist, fmt.Sprintf("%s", a)) - // } + allowlist := []string{} + for _, a := range d.Get("allowlist").([]interface{}) { + allowlist = append(allowlist, fmt.Sprintf("%s", a)) + } ipt = &management.SuspiciousIPThrottling{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - //AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, Stage: &management.Stage{ PreUserRegistration: &management.PreUserRegistration{}, PreLogin: &management.PreLogin{}, @@ -383,15 +383,15 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr shields = append(shields, fmt.Sprintf("%s", s)) } - // var allowlist []string - // for _, a := range d.Get("allowlist").([]interface{}) { - // allowlist = append(allowlist, fmt.Sprintf("%s", a)) - // } + allowlist := []string{} + for _, a := range d.Get("allowlist").([]interface{}) { + allowlist = append(allowlist, fmt.Sprintf("%s", a)) + } bfp = &management.BruteForceProtection{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - //AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, Mode: String(d, "mode"), MaxAttempts: Int(d, "max_attempts"), } From 44c26fdccf9ca4cd1b794d4a91c208dbb577b54f Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Tue, 1 Mar 2022 18:10:26 -0500 Subject: [PATCH 08/15] Checking if each subresource has changed --- auth0/resource_auth0_attack_protection.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index c39f94d19..f77038ad1 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -230,8 +230,10 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if err = d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)); err != nil { - return err + if changed := d.HasChange("suspicious_ip_throttling"); changed { + if err = d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)); err != nil { + return err + } } bruteForce, err := api.AttackProtection.GetBruteForceProtection() @@ -245,8 +247,10 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if err = d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)); err != nil { - return err + if changed := d.HasChange("brute_force_protection"); changed { + if err = d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)); err != nil { + return err + } } breachedPasswords, err := api.AttackProtection.GetBreachedPasswordDetection() @@ -260,8 +264,10 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if err = d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)); err != nil { - return err + if changed := d.HasChange("breached_password_detection"); changed { + if err = d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)); err != nil { + return err + } } return nil From 746271866e74cda348f6d5fe76ceb5f27812f738 Mon Sep 17 00:00:00 2001 From: Sergiu Ghitea Date: Wed, 2 Mar 2022 12:59:52 +0100 Subject: [PATCH 09/15] Update attack protection schema --- auth0/resource_auth0_attack_protection.go | 46 ++++++++--------------- 1 file changed, 16 insertions(+), 30 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index f77038ad1..4bdd27dc2 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -24,7 +24,7 @@ func newAttackProtection() *schema.Resource { Type: schema.TypeList, Optional: true, MaxItems: 1, - MinItems: 1, + Computed: true, Description: "Breached password detection protects your applications from bad actors logging in with stolen credentials.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -45,7 +45,6 @@ func newAttackProtection() *schema.Resource { }, false), }, Optional: true, - MinItems: 0, Description: "Action to take when a breached password is detected.", }, "admin_notification_frequency": { @@ -60,7 +59,6 @@ func newAttackProtection() *schema.Resource { }, false), }, Optional: true, - MinItems: 0, Description: "When \"admin_notification\" is enabled, determines how often email notifications are sent.", }, "method": { @@ -78,7 +76,7 @@ func newAttackProtection() *schema.Resource { Type: schema.TypeList, Optional: true, MaxItems: 1, - MinItems: 1, + Computed: true, Description: "Brute-force protection safeguards against a single IP address attacking a single user account.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -98,7 +96,6 @@ func newAttackProtection() *schema.Resource { }, false), }, Optional: true, - MinItems: 0, Description: "Action to take when a brute force protection threshold is violated.", }, "allowlist": { @@ -107,7 +104,6 @@ func newAttackProtection() *schema.Resource { Type: schema.TypeString, }, Optional: true, - MinItems: 0, Description: "List of trusted IP addresses that will not have attack protection enforced against them.", }, "mode": { @@ -130,8 +126,8 @@ func newAttackProtection() *schema.Resource { "suspicious_ip_throttling": { Type: schema.TypeList, Optional: true, + Computed: true, MaxItems: 1, - MinItems: 1, Description: "Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -144,7 +140,6 @@ func newAttackProtection() *schema.Resource { "shields": { Type: schema.TypeList, Optional: true, - MinItems: 0, Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ @@ -160,14 +155,12 @@ func newAttackProtection() *schema.Resource { Type: schema.TypeString, }, Optional: true, - MinItems: 0, Description: "List of trusted IP addresses that will not have attack protection enforced against them.", }, "pre_login": { Type: schema.TypeList, Optional: true, MaxItems: 1, - MinItems: 1, Description: "Configuration options that apply before every login attempt.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -190,7 +183,6 @@ func newAttackProtection() *schema.Resource { Type: schema.TypeList, Optional: true, MaxItems: 1, - MinItems: 1, Description: "Configuration options that apply before every user registration attempt.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -230,10 +222,8 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if changed := d.HasChange("suspicious_ip_throttling"); changed { - if err = d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)); err != nil { - return err - } + if err = d.Set("suspicious_ip_throttling", flattenSuspiciousIPThrottling(ipThrottling)); err != nil { + return err } bruteForce, err := api.AttackProtection.GetBruteForceProtection() @@ -247,10 +237,8 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if changed := d.HasChange("brute_force_protection"); changed { - if err = d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)); err != nil { - return err - } + if err = d.Set("brute_force_protection", flattenBruteForceProtection(bruteForce)); err != nil { + return err } breachedPasswords, err := api.AttackProtection.GetBreachedPasswordDetection() @@ -264,10 +252,8 @@ func readAttackProtection(d *schema.ResourceData, m interface{}) error { return err } - if changed := d.HasChange("breached_password_detection"); changed { - if err = d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)); err != nil { - return err - } + if err = d.Set("breached_password_detection", flattenBreachedPasswordProtection(breachedPasswords)); err != nil { + return err } return nil @@ -346,12 +332,12 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious ipt := &management.SuspiciousIPThrottling{} List(d, "suspicious_ip_throttling", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - shields := []string{} + var shields []string for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - allowlist := []string{} + var allowlist []string for _, a := range d.Get("allowlist").([]interface{}) { allowlist = append(allowlist, fmt.Sprintf("%s", a)) } @@ -361,8 +347,8 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious Shields: &shields, AllowList: &allowlist, Stage: &management.Stage{ - PreUserRegistration: &management.PreUserRegistration{}, PreLogin: &management.PreLogin{}, + PreUserRegistration: &management.PreUserRegistration{}, }, } @@ -384,12 +370,12 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr bfp := &management.BruteForceProtection{} List(d, "brute_force_protection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - shields := []string{} + var shields []string for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - allowlist := []string{} + var allowlist []string for _, a := range d.Get("allowlist").([]interface{}) { allowlist = append(allowlist, fmt.Sprintf("%s", a)) } @@ -410,12 +396,12 @@ func expandBreachedPasswordDetection(d *schema.ResourceData) *management.Breache bpd := &management.BreachedPasswordDetection{} List(d, "breached_password_detection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - shields := []string{} + var shields []string for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - notificationFreq := []string{} + var notificationFreq []string for _, a := range d.Get("admin_notification_frequency").([]interface{}) { notificationFreq = append(notificationFreq, fmt.Sprintf("%s", a)) } From 4c7e673307241d03436623e96b6793b32bed4dea Mon Sep 17 00:00:00 2001 From: Sergiu Ghitea Date: Wed, 2 Mar 2022 14:45:31 +0100 Subject: [PATCH 10/15] Add attack protection tests --- .../resource_auth0_attack_protection_test.go | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 auth0/resource_auth0_attack_protection_test.go diff --git a/auth0/resource_auth0_attack_protection_test.go b/auth0/resource_auth0_attack_protection_test.go new file mode 100644 index 000000000..76ee71149 --- /dev/null +++ b/auth0/resource_auth0_attack_protection_test.go @@ -0,0 +1,97 @@ +package auth0 + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" +) + +func TestAttackProtection(t *testing.T) { + resource.Test(t, resource.TestCase{ + Providers: map[string]terraform.ResourceProvider{ + "auth0": Provider(), + }, + Steps: []resource.TestStep{ + { + Config: testAttackProtectionCreate, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "breached_password_detection.0.enabled", "true"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "breached_password_detection.0.method", "standard"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.method", "true"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.max_attempts", "10"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.max_attempts", "10"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.mode", "count_per_identifier_and_ip"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.shields.#", "2"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "suspicious_ip_throttling.0.enabled", "true"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "suspicious_ip_throttling.0.pre_login.0.rate", "864000"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "suspicious_ip_throttling.0.pre_login.0.max_attempts", "100"), + ), + }, + { + Config: testAttackProtectionUpdate, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "breached_password_detection.0.enabled", "false"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "suspicious_ip_throttling.0.shields.0", "admin_notification"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.max_attempts", "11"), + ), + }, + }, + }) +} + +const testAttackProtectionCreate = ` +resource "auth0_attack_protection" "my_protection_tests" { + breached_password_detection { + enabled = true + method = "standard" + } + brute_force_protection { + enabled = true + max_attempts = 10 + mode = "count_per_identifier_and_ip" + shields = ["block", "user_notification"] + } + suspicious_ip_throttling { + enabled = true + shields = ["block", "admin_notification"] + allowlist = ["127.0.0.1"] + pre_login { + max_attempts = 100 + rate = 864000 + } + pre_user_registration { + max_attempts = 50 + rate = 1200 + } + } +} +` + +const testAttackProtectionUpdate = ` +resource "auth0_attack_protection" "my_protection_tests" { + breached_password_detection { + enabled = false + method = "standard" + } + brute_force_protection { + enabled = true + max_attempts = 11 + mode = "count_per_identifier_and_ip" + shields = ["block", "user_notification"] + } + suspicious_ip_throttling { + enabled = true + shields = ["admin_notification"] + allowlist = ["127.0.0.1"] + pre_login { + max_attempts = 100 + rate = 864000 + } + pre_user_registration { + max_attempts = 50 + rate = 1200 + } + } +} +` From 0011ef1d52d732dfd853b26a3c870a5c6a6a648c Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Wed, 2 Mar 2022 11:41:04 -0500 Subject: [PATCH 11/15] Continuing work on test s --- auth0/resource_auth0_attack_protection.go | 28 +++--- .../resource_auth0_attack_protection_test.go | 92 +++++++++++++++++++ 2 files changed, 106 insertions(+), 14 deletions(-) create mode 100644 auth0/resource_auth0_attack_protection_test.go diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index f77038ad1..35e0e8908 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -351,15 +351,15 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious shields = append(shields, fmt.Sprintf("%s", s)) } - allowlist := []string{} - for _, a := range d.Get("allowlist").([]interface{}) { - allowlist = append(allowlist, fmt.Sprintf("%s", a)) - } + // allowlist := []string{} + // for _, a := range d.Get("allowlist").([]interface{}) { + // allowlist = append(allowlist, fmt.Sprintf("%s", a)) + // } ipt = &management.SuspiciousIPThrottling{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + //AllowList: &allowlist, Stage: &management.Stage{ PreUserRegistration: &management.PreUserRegistration{}, PreLogin: &management.PreLogin{}, @@ -389,15 +389,15 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr shields = append(shields, fmt.Sprintf("%s", s)) } - allowlist := []string{} - for _, a := range d.Get("allowlist").([]interface{}) { - allowlist = append(allowlist, fmt.Sprintf("%s", a)) - } + // allowlist := []string{} + // for _, a := range d.Get("allowlist").([]interface{}) { + // allowlist = append(allowlist, fmt.Sprintf("%s", a)) + // } bfp = &management.BruteForceProtection{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + //AllowList: &allowlist, Mode: String(d, "mode"), MaxAttempts: Int(d, "max_attempts"), } diff --git a/auth0/resource_auth0_attack_protection_test.go b/auth0/resource_auth0_attack_protection_test.go new file mode 100644 index 000000000..26e5c8fad --- /dev/null +++ b/auth0/resource_auth0_attack_protection_test.go @@ -0,0 +1,92 @@ +package auth0 + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" +) + +func TestAccAttackProtection(t *testing.T) { + + resource.Test(t, resource.TestCase{ + Providers: map[string]terraform.ResourceProvider{ + "auth0": Provider(), + }, + Steps: []resource.TestStep{ + { + Config: testAccAttackProtectionCreate, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "suspicious_ip_throttling.0.enabled", "false"), + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "brute_force_protection.0.enabled", "false"), + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "breached_password_detection.0.enabled", "true"), + ), + }, + { + Config: testAccAttackProtectionConfigUpdate, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "suspicious_ip_throttling.0.enabled", "true"), + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "brute_force_protection.0.enabled", "true"), + resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "breached_password_detection.0.enabled", "true"), + ), + }, + // { + // Config: random.Template(testAccAttackProtectionConfigUpdateAgain, rand), + // Check: resource.ComposeTestCheckFunc( + // random.TestCheckResourceAttr("auth0_attack_protection.acc_test", "name", "Test Action {{.random}}", rand), + // resource.TestCheckResourceAttrSet("auth0_attack_protection.acc_test", "version_id"), + // resource.TestCheckResourceAttr("auth0_attack_protection.acc_test", "secrets.#", "0"), + // ), + // }, + }, + }) +} + +const testAccAttackProtectionCreate = ` + +resource "auth0_attack_protection" "acc_test" { + suspicious_ip_throttling { + enabled = false + } + brute_force_protection { + enabled = false + } + breached_password_detection { + admin_notification_frequency = ["daily"] + enabled = true + shields = ["admin_notification"] + } + } +` + +const testAccAttackProtectionConfigUpdate = ` + +resource "auth0_attack_protection" "attack_protection" { + suspicious_ip_throttling { + enabled = true + shields = ["admin_notification", "block"] + allowlist = ["192.168.1.1"] + pre_login { + max_attempts = 100 + rate = 864000 + } + pre_user_registration { + max_attempts = 50 + rate = 1200 + } + } + brute_force_protection { + allowlist = ["127.0.0.1"] + enabled = true + max_attempts = 5 + mode = "count_per_identifier_and_ip" + shields = ["block", "user_notification"] + } + breached_password_detection { + admin_notification_frequency = ["daily"] + enabled = true + method = "standard" + shields = ["admin_notification", "block"] + } + } +` From 506a13031d36718eaa74cf63280620b667e0c41a Mon Sep 17 00:00:00 2001 From: Sergiu Ghitea Date: Wed, 2 Mar 2022 18:26:57 +0100 Subject: [PATCH 12/15] Declare empty slices through literal in attack protection --- auth0/resource_auth0_attack_protection.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index 4bdd27dc2..ca1001cfb 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -332,12 +332,12 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious ipt := &management.SuspiciousIPThrottling{} List(d, "suspicious_ip_throttling", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var allowlist []string + allowlist := []string{} for _, a := range d.Get("allowlist").([]interface{}) { allowlist = append(allowlist, fmt.Sprintf("%s", a)) } @@ -370,12 +370,12 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr bfp := &management.BruteForceProtection{} List(d, "brute_force_protection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var allowlist []string + allowlist := []string{} for _, a := range d.Get("allowlist").([]interface{}) { allowlist = append(allowlist, fmt.Sprintf("%s", a)) } @@ -396,12 +396,12 @@ func expandBreachedPasswordDetection(d *schema.ResourceData) *management.Breache bpd := &management.BreachedPasswordDetection{} List(d, "breached_password_detection", IsNewResource(), HasChange()).Elem(func(d ResourceData) { - var shields []string + shields := []string{} for _, s := range d.Get("shields").([]interface{}) { shields = append(shields, fmt.Sprintf("%s", s)) } - var notificationFreq []string + notificationFreq := []string{} for _, a := range d.Get("admin_notification_frequency").([]interface{}) { notificationFreq = append(notificationFreq, fmt.Sprintf("%s", a)) } From 4cef5c6e1876275e9788fd8c223c5d9082801af4 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Thu, 3 Mar 2022 09:51:38 -0500 Subject: [PATCH 13/15] Fixing tests, uncommenting code, adding local referfence to local Go SDK --- auth0/resource_auth0_attack_protection.go | 12 ++++++------ auth0/resource_auth0_attack_protection_test.go | 5 ++--- go.mod | 2 ++ go.sum | 10 ++++++++++ 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/auth0/resource_auth0_attack_protection.go b/auth0/resource_auth0_attack_protection.go index be924aef3..ca1001cfb 100644 --- a/auth0/resource_auth0_attack_protection.go +++ b/auth0/resource_auth0_attack_protection.go @@ -343,9 +343,9 @@ func expandSuspiciousIPThrottling(d *schema.ResourceData) *management.Suspicious } ipt = &management.SuspiciousIPThrottling{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - //AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, Stage: &management.Stage{ PreLogin: &management.PreLogin{}, PreUserRegistration: &management.PreUserRegistration{}, @@ -381,9 +381,9 @@ func expandBruteForceProtection(d *schema.ResourceData) *management.BruteForcePr } bfp = &management.BruteForceProtection{ - Enabled: Bool(d, "enabled"), - Shields: &shields, - //AllowList: &allowlist, + Enabled: Bool(d, "enabled"), + Shields: &shields, + AllowList: &allowlist, Mode: String(d, "mode"), MaxAttempts: Int(d, "max_attempts"), } diff --git a/auth0/resource_auth0_attack_protection_test.go b/auth0/resource_auth0_attack_protection_test.go index 0379bc513..135378440 100644 --- a/auth0/resource_auth0_attack_protection_test.go +++ b/auth0/resource_auth0_attack_protection_test.go @@ -19,8 +19,7 @@ func TestAccAttackProtection(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "breached_password_detection.0.enabled", "true"), resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "breached_password_detection.0.method", "standard"), - resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.method", "true"), - resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.max_attempts", "10"), + resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.enabled", "true"), resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.max_attempts", "10"), resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.mode", "count_per_identifier_and_ip"), resource.TestCheckResourceAttr("auth0_attack_protection.my_protection_tests", "brute_force_protection.0.shields.#", "2"), @@ -55,7 +54,7 @@ resource "auth0_attack_protection" "my_protection_tests" { } suspicious_ip_throttling { enabled = true - shields = ["block", "admin_notification"] + shields = ["block","admin_notification"] allowlist = ["127.0.0.1"] pre_login { max_attempts = 100 diff --git a/go.mod b/go.mod index ee60717f5..013866e36 100644 --- a/go.mod +++ b/go.mod @@ -7,3 +7,5 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/terraform-plugin-sdk v1.16.1 ) + +replace github.com/auth0/go-auth0 => /Users/willvedder/code/go-auth0 diff --git a/go.sum b/go.sum index 795973cc9..75cb97091 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/PuerkitoBio/rehttp v1.0.0 h1:aJ7A7YI2lIvOxcJVeUZY4P6R7kKZtLeONjgyKGwOIu8= +github.com/PuerkitoBio/rehttp v1.0.0/go.mod h1:ItsOiHl4XeMOV3rzbZqQRjLc3QQxbE6391/9iNG7rE8= github.com/PuerkitoBio/rehttp v1.1.0 h1:JFZ7OeK+hbJpTxhNB0NDZT47AuXqCU0Smxfjtph7/Rs= github.com/PuerkitoBio/rehttp v1.1.0/go.mod h1:LUwKPoDbDIA2RL5wYZCNsQ90cx4OJ4AWBmq6KzWZL1s= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -68,6 +70,7 @@ github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA= +github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -231,6 +234,7 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -409,6 +413,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -417,6 +422,7 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -459,6 +465,7 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= @@ -468,6 +475,7 @@ golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fq golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -605,6 +613,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +gopkg.in/auth0.v5 v5.21.1 h1:aIqHBmnqaDv4eK2WSpTRsv2dEpT1jdHJPl+iwyDJNoo= +gopkg.in/auth0.v5 v5.21.1/go.mod h1:k1eJq1+II4rwUlecBabE7u4igEuzKUCEZAMa11PUfQk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 9e3d752209cc5a412ee1e73704582b36618c6372 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Thu, 3 Mar 2022 11:40:15 -0500 Subject: [PATCH 14/15] Updating Go SDK to v0.6.1 --- go.mod | 4 +--- go.sum | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 013866e36..2da608867 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,7 @@ module github.com/auth0/terraform-provider-auth0 go 1.16 require ( - github.com/auth0/go-auth0 v0.6.0 + github.com/auth0/go-auth0 v0.6.1 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/terraform-plugin-sdk v1.16.1 ) - -replace github.com/auth0/go-auth0 => /Users/willvedder/code/go-auth0 diff --git a/go.sum b/go.sum index 75cb97091..7f9415b34 100644 --- a/go.sum +++ b/go.sum @@ -65,6 +65,8 @@ github.com/auth0/go-auth0 v0.5.0 h1:GRXS+7yr4H7P726nwmXDtBC6LA8IcmlYHYjr3nkC98Y= github.com/auth0/go-auth0 v0.5.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= github.com/auth0/go-auth0 v0.6.0 h1:deJQmRe4QdjOnmzGWbwtzdzMfpbHa05338jMlJ/WN/o= github.com/auth0/go-auth0 v0.6.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= +github.com/auth0/go-auth0 v0.6.1 h1:D6WSxLQyr1+Ozn8qW0KJAKVcy1j7ZxbRoWdZQr0qT8s= +github.com/auth0/go-auth0 v0.6.1/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= From 931eea970c91da9a003135370b1b7ba857233999 Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Thu, 3 Mar 2022 11:45:05 -0500 Subject: [PATCH 15/15] Tidying the go.sum file --- go.sum | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/go.sum b/go.sum index 7f9415b34..4612e7e2c 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,6 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/PuerkitoBio/rehttp v1.0.0 h1:aJ7A7YI2lIvOxcJVeUZY4P6R7kKZtLeONjgyKGwOIu8= -github.com/PuerkitoBio/rehttp v1.0.0/go.mod h1:ItsOiHl4XeMOV3rzbZqQRjLc3QQxbE6391/9iNG7rE8= github.com/PuerkitoBio/rehttp v1.1.0 h1:JFZ7OeK+hbJpTxhNB0NDZT47AuXqCU0Smxfjtph7/Rs= github.com/PuerkitoBio/rehttp v1.1.0/go.mod h1:LUwKPoDbDIA2RL5wYZCNsQ90cx4OJ4AWBmq6KzWZL1s= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -61,10 +59,6 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/auth0/go-auth0 v0.5.0 h1:GRXS+7yr4H7P726nwmXDtBC6LA8IcmlYHYjr3nkC98Y= -github.com/auth0/go-auth0 v0.5.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= -github.com/auth0/go-auth0 v0.6.0 h1:deJQmRe4QdjOnmzGWbwtzdzMfpbHa05338jMlJ/WN/o= -github.com/auth0/go-auth0 v0.6.0/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= github.com/auth0/go-auth0 v0.6.1 h1:D6WSxLQyr1+Ozn8qW0KJAKVcy1j7ZxbRoWdZQr0qT8s= github.com/auth0/go-auth0 v0.6.1/go.mod h1:9rEJrEWFALKlt1VVCx1zToCG6+uddn4MLEgtKSRhlEU= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= @@ -72,7 +66,6 @@ github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -236,7 +229,6 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -415,7 +407,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -424,7 +415,6 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -467,7 +457,6 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= @@ -477,7 +466,6 @@ golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fq golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -615,8 +603,6 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -gopkg.in/auth0.v5 v5.21.1 h1:aIqHBmnqaDv4eK2WSpTRsv2dEpT1jdHJPl+iwyDJNoo= -gopkg.in/auth0.v5 v5.21.1/go.mod h1:k1eJq1+II4rwUlecBabE7u4igEuzKUCEZAMa11PUfQk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=