Skip to content

Commit

Permalink
Skip is_token_endpoint_ip_header_trusted on client create
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught committed Jul 8, 2023
1 parent 78752c7 commit 0609c84
Show file tree
Hide file tree
Showing 8 changed files with 671 additions and 38 deletions.
2 changes: 1 addition & 1 deletion docs/data-sources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ data "auth0_client" "some-client-by-id" {
- `id` (String) The ID of this resource.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute will get updated only after the client gets created.
- `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (List of Object) Additional configuration for native mobile apps. (see [below for nested schema](#nestedatt--mobile))
Expand Down
2 changes: 1 addition & 1 deletion docs/data-sources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ data "auth0_global_client" "global" {}
- `id` (String) The ID of this resource.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute will get updated only after the client gets created.
- `jwt_configuration` (List of Object) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedatt--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (List of Object) Additional configuration for native mobile apps. (see [below for nested schema](#nestedatt--mobile))
Expand Down
2 changes: 1 addition & 1 deletion docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ resource "auth0_client" "my_client" {
- `grant_types` (List of String) Types of grants that this client is authorized to use.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute will get updated only after the client gets created.
- `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (Block List, Max: 1) Additional configuration for native mobile apps. (see [below for nested schema](#nestedblock--mobile))
Expand Down
2 changes: 1 addition & 1 deletion docs/resources/global_client.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ PAGE
- `grant_types` (List of String) Types of grants that this client is authorized to use.
- `initiate_login_uri` (String) Initiate login URI. Must be HTTPS or an empty string.
- `is_first_party` (Boolean) Indicates whether this client is a first-party client.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted.
- `is_token_endpoint_ip_header_trusted` (Boolean) Indicates whether the token endpoint IP header is trusted. This attribute will get updated only after the client gets created.
- `jwt_configuration` (Block List, Max: 1) Configuration settings for the JWTs issued for this client. (see [below for nested schema](#nestedblock--jwt_configuration))
- `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- `mobile` (Block List, Max: 1) Additional configuration for native mobile apps. (see [below for nested schema](#nestedblock--mobile))
Expand Down
69 changes: 36 additions & 33 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,39 +14,42 @@ func expandClient(d *schema.ResourceData) *management.Client {
config := d.GetRawConfig()

client := &management.Client{
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
IsTokenEndpointIPHeaderTrusted: value.Bool(config.GetAttr("is_token_endpoint_ip_header_trusted")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
TokenEndpointAuthMethod: value.String(config.GetAttr("token_endpoint_auth_method")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(d),
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
TokenEndpointAuthMethod: value.String(config.GetAttr("token_endpoint_auth_method")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(d),
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
}

if !d.IsNewResource() {
client.IsTokenEndpointIPHeaderTrusted = value.Bool(config.GetAttr("is_token_endpoint_ip_header_trusted"))
}

return client
Expand Down
2 changes: 1 addition & 1 deletion internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ func NewResource() *schema.Resource {
Type: schema.TypeBool,
Optional: true,
Computed: true,
Description: "Indicates whether the token endpoint IP header is trusted.",
Description: "Indicates whether the token endpoint IP header is trusted. This attribute will get updated only after the client gets created.",
},
"oidc_conformant": {
Type: schema.TypeBool,
Expand Down
52 changes: 52 additions & 0 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/plancheck"

"github.com/auth0/terraform-provider-auth0/internal/acctest"
)
Expand Down Expand Up @@ -970,3 +971,54 @@ func TestAccClientMetadataBehavior(t *testing.T) {
},
})
}

const testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue = `
resource "auth0_client" "my_client" {
name = "Test IP Header Trusted - {{.testName}}"
is_token_endpoint_ip_header_trusted = true
# token_endpoint_auth_method = "client_secret_post"
}
resource "auth0_client_credentials" "my_client-credentials" {
client_id = auth0_client.my_client.id
authentication_method = "client_secret_post"
}
`

func TestAccClientGetsCreatedWithoutSettingIsTokenEndpointIPHeaderTrustedOnCreate(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
ExpectNonEmptyPlan: true,
ConfigPlanChecks: resource.ConfigPlanChecks{
PostApplyPostRefresh: []plancheck.PlanCheck{
plancheck.ExpectResourceAction("auth0_client.my_client", plancheck.ResourceActionUpdate),
},
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "false"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client-credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client-credentials", "authentication_method", "client_secret_post"),
),
},
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
ConfigPlanChecks: resource.ConfigPlanChecks{
PostApplyPostRefresh: []plancheck.PlanCheck{
plancheck.ExpectEmptyPlan(),
},
},
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client-credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client-credentials", "authentication_method", "client_secret_post"),
),
},
},
})
}
Loading

0 comments on commit 0609c84

Please sign in to comment.