Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-519: Improve DX for managing is_token_endpoint_ip_header_trusted on auth0_client resource #796

Merged
merged 2 commits into from
Aug 30, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/data-sources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ data "auth0_client" "some-client-by-id" {
- `id` (String) The ID of this resource.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `client_secret_post` or `client_secret_basic`. Setting this property when creating the resource, will default the authentication method to `client_secret_post`. To changethe authentication method to `client_secret_basic` use the `auth0_client_credentials` resource.
willvedd marked this conversation as resolved.
Show resolved Hide resolved
- `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (List of Object) Additional configuration for native mobile apps. (see [below for nested schema](#nestedatt--mobile))
Expand Down
2 changes: 1 addition & 1 deletion docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ resource "auth0_client" "my_client" {
- `grant_types` (List of String) Types of grants that this client is authorized to use.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `client_secret_post` or `client_secret_basic`. Setting this property when creating the resource, will default the authentication method to `client_secret_post`. To changethe authentication method to `client_secret_basic` use the `auth0_client_credentials` resource.
willvedd marked this conversation as resolved.
Show resolved Hide resolved
- `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (Block List, Max: 1) Additional configuration for native mobile apps. (see [below for nested schema](#nestedblock--mobile))
Expand Down
71 changes: 36 additions & 35 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,41 +13,42 @@ func expandClient(data *schema.ResourceData) *management.Client {
config := data.GetRawConfig()

client := &management.Client{
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(data),
ClientMetadata: expandClientMetadata(data),
RefreshToken: expandClientRefreshToken(data),
JWTConfiguration: expandClientJWTConfiguration(data),
Addons: expandClientAddons(data),
NativeSocialLogin: expandClientNativeSocialLogin(data),
Mobile: expandClientMobile(data),
}

if !data.IsNewResource() {
client.IsTokenEndpointIPHeaderTrusted = value.Bool(config.GetAttr("is_token_endpoint_ip_header_trusted"))
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
IsTokenEndpointIPHeaderTrusted: value.Bool(config.GetAttr("is_token_endpoint_ip_header_trusted")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(data),
ClientMetadata: expandClientMetadata(data),
RefreshToken: expandClientRefreshToken(data),
JWTConfiguration: expandClientJWTConfiguration(data),
Addons: expandClientAddons(data),
NativeSocialLogin: expandClientNativeSocialLogin(data),
Mobile: expandClientMobile(data),
}

if data.IsNewResource() && client.IsTokenEndpointIPHeaderTrusted != nil {
client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
}

return client
Expand Down
11 changes: 7 additions & 4 deletions internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,13 @@ func NewResource() *schema.Resource {
Description: "Indicates whether this client is a first-party client.",
},
"is_token_endpoint_ip_header_trusted": {
Type: schema.TypeBool,
Optional: true,
Computed: true,
Description: "Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.",
Type: schema.TypeBool,
Optional: true,
Computed: true,
Description: "Indicates whether the token endpoint IP header is trusted. Requires the authentication " +
"method to be set to `client_secret_post` or `client_secret_basic`. Setting this property when " +
"creating the resource, will default the authentication method to `client_secret_post`. To change" +
willvedd marked this conversation as resolved.
Show resolved Hide resolved
"the authentication method to `client_secret_basic` use the `auth0_client_credentials` resource.",
},
"oidc_conformant": {
Type: schema.TypeBool,
Expand Down
44 changes: 24 additions & 20 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ import (
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/plancheck"
"github.com/hashicorp/terraform-plugin-testing/terraform"
"github.com/stretchr/testify/assert"

"github.com/auth0/terraform-provider-auth0/internal/acctest"
)
Expand Down Expand Up @@ -2100,44 +2101,47 @@ resource "auth0_client" "my_client" {

is_token_endpoint_ip_header_trusted = true
}
`

const testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate = `
resource "auth0_client" "my_client" {
name = "Test IP Header Trusted - {{.testName}}"

is_token_endpoint_ip_header_trusted = true
}

resource "auth0_client_credentials" "my_client-credentials" {
resource "auth0_client_credentials" "my_client_credentials" {
client_id = auth0_client.my_client.id

authentication_method = "client_secret_post"
}
`

func TestAccClientGetsCreatedWithoutSettingIsTokenEndpointIPHeaderTrustedOnCreate(t *testing.T) {
func TestAccClientGetsCreatedWithIsTokenEndpointIPHeaderTrustedEnabled(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
ExpectNonEmptyPlan: true,
ConfigPlanChecks: resource.ConfigPlanChecks{
PostApplyPostRefresh: []plancheck.PlanCheck{
plancheck.ExpectResourceAction("auth0_client.my_client", plancheck.ResourceActionUpdate),
},
},
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "false"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client-credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client-credentials", "authentication_method", "client_secret_post"),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
),
},
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
ConfigPlanChecks: resource.ConfigPlanChecks{
PostApplyPostRefresh: []plancheck.PlanCheck{
plancheck.ExpectEmptyPlan(),
},
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client-credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client-credentials", "authentication_method", "client_secret_post"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "client_secret_post"),
),
},
},
Expand Down
Loading