From a1af05d22a741c19ebc8f49480b632c5ccee69b2 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Mon, 27 May 2024 14:40:27 +0530 Subject: [PATCH 1/2] (GH-919) Update role permission and permissions documentation --- docs/resources/role_permission.md | 51 ++++++++++++++++++ docs/resources/role_permissions.md | 54 ++++++++++++++++++- .../resources/auth0_role_permission/import.sh | 6 +++ .../auth0_role_permission/resource.tf | 37 +++++++++++++ .../auth0_role_permissions/import.sh | 4 ++ .../auth0_role_permissions/resource.tf | 40 ++++++++++++++ 6 files changed, 191 insertions(+), 1 deletion(-) create mode 100644 examples/resources/auth0_role_permission/import.sh create mode 100644 examples/resources/auth0_role_permission/resource.tf create mode 100644 examples/resources/auth0_role_permissions/import.sh create mode 100644 examples/resources/auth0_role_permissions/resource.tf diff --git a/docs/resources/role_permission.md b/docs/resources/role_permission.md index 5db61869f..81bed8a1b 100644 --- a/docs/resources/role_permission.md +++ b/docs/resources/role_permission.md @@ -12,7 +12,47 @@ With this resource, you can manage role permissions (1-1). permissions assigned to a role. To avoid potential issues, it is recommended not to use this resource in conjunction with the `auth0_role_permissions` resource when managing permissions for the same role id. +## Example Usage +```terraform +# Example: +resource "auth0_resource_server" "resource_server" { + name = "test" + identifier = "test.example.com" + signing_alg = "RS256" + token_lifetime = 86400 + token_lifetime_for_web = 7200 + enforce_policies = true + skip_consent_for_verifiable_first_party_clients = true + allow_offline_access = false + token_dialect = "access_token" +} +resource "auth0_resource_server_scopes" "resource_server_scopes" { + resource_server_identifier = auth0_resource_server.resource_server.identifier + + scopes { + name = "access:store_contrib" + } + + scopes { + name = "access:store_read" + } + + scopes { + name = "access:serve_read" + } +} + +resource "auth0_role" "my_role" { + name = "My Role" +} + +resource "auth0_role_permission" "permission" { + role_id = auth0_role.my_role.id + resource_server_identifier = auth0_resource_server.resource_server.identifier + permission = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name +} +``` ## Schema @@ -29,4 +69,15 @@ with the `auth0_role_permissions` resource when managing permissions for the sam - `id` (String) The ID of this resource. - `resource_server_name` (String) Name of the resource server that the permission is associated with. +## Import + +Import is supported using the following syntax: +```shell +# This resource can be imported by specifying the +# role ID, resource identifier, and permission name separated by "::" (note the double colon) +# :::: +# +# Example: +terraform import auth0_role_permission.permission "rol_XXXXXXXXXXXXX::https://example.com::read:foo" +``` diff --git a/docs/resources/role_permissions.md b/docs/resources/role_permissions.md index 3aed6ccdf..e6afcba3d 100644 --- a/docs/resources/role_permissions.md +++ b/docs/resources/role_permissions.md @@ -12,7 +12,50 @@ With this resource, you can manage role permissions (1-many). appends a permission to a role. To avoid potential issues, it is recommended not to use this resource in conjunction with the `auth0_role_permission` resource when managing permissions for the same role id. - +## Example Usage + +```terraform +# Example: +resource "auth0_resource_server" "resource_server" { + name = "test" + identifier = "test.example.com" + signing_alg = "RS256" + token_lifetime = 86400 + token_lifetime_for_web = 7200 + enforce_policies = true + skip_consent_for_verifiable_first_party_clients = true + allow_offline_access = false + token_dialect = "access_token" +} +resource "auth0_resource_server_scopes" "resource_server_scopes" { + resource_server_identifier = auth0_resource_server.resource_server.identifier + + scopes { + name = "access:store_contrib" + } + + scopes { + name = "access:store_read" + } + + scopes { + name = "access:serve_read" + } +} + +resource "auth0_role" "my_role" { + name = "My Role" +} + +resource "auth0_role_permissions" "all_role_permissions" { + role_id = auth0_role.my_role.id + + permissions { + name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name + resource_server_identifier = auth0_resource_server.resource_server.identifier + } +} +``` ## Schema @@ -39,4 +82,13 @@ Read-Only: - `description` (String) Description of the permission. - `resource_server_name` (String) Name of resource server that the permission is associated with. +## Import + +Import is supported using the following syntax: +```shell +# This resource can be imported by specifying the role ID +# +# Example: +terraform import auth0_role_permissions.all_role_permissions "rol_XXXXXXXXXXXX" +``` diff --git a/examples/resources/auth0_role_permission/import.sh b/examples/resources/auth0_role_permission/import.sh new file mode 100644 index 000000000..28fe53912 --- /dev/null +++ b/examples/resources/auth0_role_permission/import.sh @@ -0,0 +1,6 @@ +# This resource can be imported by specifying the +# role ID, resource identifier, and permission name separated by "::" (note the double colon) +# :::: +# +# Example: +terraform import auth0_role_permission.permission "rol_XXXXXXXXXXXXX::https://example.com::read:foo" diff --git a/examples/resources/auth0_role_permission/resource.tf b/examples/resources/auth0_role_permission/resource.tf new file mode 100644 index 000000000..41bcaa07c --- /dev/null +++ b/examples/resources/auth0_role_permission/resource.tf @@ -0,0 +1,37 @@ +# Example: +resource "auth0_resource_server" "resource_server" { + name = "test" + identifier = "test.example.com" + signing_alg = "RS256" + token_lifetime = 86400 + token_lifetime_for_web = 7200 + enforce_policies = true + skip_consent_for_verifiable_first_party_clients = true + allow_offline_access = false + token_dialect = "access_token" +} +resource "auth0_resource_server_scopes" "resource_server_scopes" { + resource_server_identifier = auth0_resource_server.resource_server.identifier + + scopes { + name = "access:store_contrib" + } + + scopes { + name = "access:store_read" + } + + scopes { + name = "access:serve_read" + } +} + +resource "auth0_role" "my_role" { + name = "My Role" +} + +resource "auth0_role_permission" "permission" { + role_id = auth0_role.my_role.id + resource_server_identifier = auth0_resource_server.resource_server.identifier + permission = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name +} diff --git a/examples/resources/auth0_role_permissions/import.sh b/examples/resources/auth0_role_permissions/import.sh new file mode 100644 index 000000000..9f9cd8cbe --- /dev/null +++ b/examples/resources/auth0_role_permissions/import.sh @@ -0,0 +1,4 @@ +# This resource can be imported by specifying the role ID +# +# Example: +terraform import auth0_role_permissions.all_role_permissions "rol_XXXXXXXXXXXX" diff --git a/examples/resources/auth0_role_permissions/resource.tf b/examples/resources/auth0_role_permissions/resource.tf new file mode 100644 index 000000000..d9dd3d810 --- /dev/null +++ b/examples/resources/auth0_role_permissions/resource.tf @@ -0,0 +1,40 @@ +# Example: +resource "auth0_resource_server" "resource_server" { + name = "test" + identifier = "test.example.com" + signing_alg = "RS256" + token_lifetime = 86400 + token_lifetime_for_web = 7200 + enforce_policies = true + skip_consent_for_verifiable_first_party_clients = true + allow_offline_access = false + token_dialect = "access_token" +} +resource "auth0_resource_server_scopes" "resource_server_scopes" { + resource_server_identifier = auth0_resource_server.resource_server.identifier + + scopes { + name = "access:store_contrib" + } + + scopes { + name = "access:store_read" + } + + scopes { + name = "access:serve_read" + } +} + +resource "auth0_role" "my_role" { + name = "My Role" +} + +resource "auth0_role_permissions" "all_role_permissions" { + role_id = auth0_role.my_role.id + + permissions { + name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name + resource_server_identifier = auth0_resource_server.resource_server.identifier + } +} From 014e6bc435418994b3cb888f44f942a6df6d8a34 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Mon, 27 May 2024 17:16:49 +0530 Subject: [PATCH 2/2] resolved issues --- docs/resources/role_permission.md | 35 ++++++++++--------- docs/resources/role_permissions.md | 33 ++++++++--------- .../auth0_role_permission/resource.tf | 35 ++++++++++--------- .../auth0_role_permissions/resource.tf | 33 ++++++++--------- 4 files changed, 68 insertions(+), 68 deletions(-) diff --git a/docs/resources/role_permission.md b/docs/resources/role_permission.md index 81bed8a1b..208e68332 100644 --- a/docs/resources/role_permission.md +++ b/docs/resources/role_permission.md @@ -17,29 +17,24 @@ with the `auth0_role_permissions` resource when managing permissions for the sam ```terraform # Example: resource "auth0_resource_server" "resource_server" { - name = "test" - identifier = "test.example.com" - signing_alg = "RS256" - token_lifetime = 86400 - token_lifetime_for_web = 7200 - enforce_policies = true - skip_consent_for_verifiable_first_party_clients = true - allow_offline_access = false - token_dialect = "access_token" + name = "test" + identifier = "test.example.com" } + resource "auth0_resource_server_scopes" "resource_server_scopes" { resource_server_identifier = auth0_resource_server.resource_server.identifier scopes { - name = "access:store_contrib" + name = "store:create" } - scopes { - name = "access:store_read" + name = "store:read" + } + scopes { + name = "store:update" } - scopes { - name = "access:serve_read" + name = "store:delete" } } @@ -47,10 +42,18 @@ resource "auth0_role" "my_role" { name = "My Role" } -resource "auth0_role_permission" "permission" { +locals { + scopesList = [ + for scope in auth0_resource_server_scopes.resource_server_scopes.scopes : scope.name + ] +} + +resource "auth0_role_permission" "my_role_perm" { + for_each = toset(local.scopesList) + role_id = auth0_role.my_role.id resource_server_identifier = auth0_resource_server.resource_server.identifier - permission = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name + permission = each.value } ``` diff --git a/docs/resources/role_permissions.md b/docs/resources/role_permissions.md index e6afcba3d..9d75fa43e 100644 --- a/docs/resources/role_permissions.md +++ b/docs/resources/role_permissions.md @@ -17,29 +17,23 @@ with the `auth0_role_permission` resource when managing permissions for the same ```terraform # Example: resource "auth0_resource_server" "resource_server" { - name = "test" - identifier = "test.example.com" - signing_alg = "RS256" - token_lifetime = 86400 - token_lifetime_for_web = 7200 - enforce_policies = true - skip_consent_for_verifiable_first_party_clients = true - allow_offline_access = false - token_dialect = "access_token" + name = "test" + identifier = "test.example.com" } resource "auth0_resource_server_scopes" "resource_server_scopes" { resource_server_identifier = auth0_resource_server.resource_server.identifier scopes { - name = "access:store_contrib" + name = "store:create" } - scopes { - name = "access:store_read" + name = "store:read" + } + scopes { + name = "store:update" } - scopes { - name = "access:serve_read" + name = "store:delete" } } @@ -47,12 +41,15 @@ resource "auth0_role" "my_role" { name = "My Role" } -resource "auth0_role_permissions" "all_role_permissions" { +resource "auth0_role_permissions" "my_role_perms" { role_id = auth0_role.my_role.id - permissions { - name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name - resource_server_identifier = auth0_resource_server.resource_server.identifier + dynamic "permissions" { + for_each = auth0_resource_server_scopes.resource_server_scopes.scopes + content { + name = permissions.value.name + resource_server_identifier = auth0_resource_server.resource_server.identifier + } } } ``` diff --git a/examples/resources/auth0_role_permission/resource.tf b/examples/resources/auth0_role_permission/resource.tf index 41bcaa07c..21156b8a8 100644 --- a/examples/resources/auth0_role_permission/resource.tf +++ b/examples/resources/auth0_role_permission/resource.tf @@ -1,28 +1,23 @@ # Example: resource "auth0_resource_server" "resource_server" { - name = "test" - identifier = "test.example.com" - signing_alg = "RS256" - token_lifetime = 86400 - token_lifetime_for_web = 7200 - enforce_policies = true - skip_consent_for_verifiable_first_party_clients = true - allow_offline_access = false - token_dialect = "access_token" + name = "test" + identifier = "test.example.com" } + resource "auth0_resource_server_scopes" "resource_server_scopes" { resource_server_identifier = auth0_resource_server.resource_server.identifier scopes { - name = "access:store_contrib" + name = "store:create" } - scopes { - name = "access:store_read" + name = "store:read" + } + scopes { + name = "store:update" } - scopes { - name = "access:serve_read" + name = "store:delete" } } @@ -30,8 +25,16 @@ resource "auth0_role" "my_role" { name = "My Role" } -resource "auth0_role_permission" "permission" { +locals { + scopesList = [ + for scope in auth0_resource_server_scopes.resource_server_scopes.scopes : scope.name + ] +} + +resource "auth0_role_permission" "my_role_perm" { + for_each = toset(local.scopesList) + role_id = auth0_role.my_role.id resource_server_identifier = auth0_resource_server.resource_server.identifier - permission = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name + permission = each.value } diff --git a/examples/resources/auth0_role_permissions/resource.tf b/examples/resources/auth0_role_permissions/resource.tf index d9dd3d810..72ca773a1 100644 --- a/examples/resources/auth0_role_permissions/resource.tf +++ b/examples/resources/auth0_role_permissions/resource.tf @@ -1,28 +1,22 @@ # Example: resource "auth0_resource_server" "resource_server" { - name = "test" - identifier = "test.example.com" - signing_alg = "RS256" - token_lifetime = 86400 - token_lifetime_for_web = 7200 - enforce_policies = true - skip_consent_for_verifiable_first_party_clients = true - allow_offline_access = false - token_dialect = "access_token" + name = "test" + identifier = "test.example.com" } resource "auth0_resource_server_scopes" "resource_server_scopes" { resource_server_identifier = auth0_resource_server.resource_server.identifier scopes { - name = "access:store_contrib" + name = "store:create" } - scopes { - name = "access:store_read" + name = "store:read" + } + scopes { + name = "store:update" } - scopes { - name = "access:serve_read" + name = "store:delete" } } @@ -30,11 +24,14 @@ resource "auth0_role" "my_role" { name = "My Role" } -resource "auth0_role_permissions" "all_role_permissions" { +resource "auth0_role_permissions" "my_role_perms" { role_id = auth0_role.my_role.id - permissions { - name = tolist(auth0_resource_server_scopes.resource_server_scopes.scopes)[0].name - resource_server_identifier = auth0_resource_server.resource_server.identifier + dynamic "permissions" { + for_each = auth0_resource_server_scopes.resource_server_scopes.scopes + content { + name = permissions.value.name + resource_server_identifier = auth0_resource_server.resource_server.identifier + } } }