Add addons.samlp.issuer field to client resource (#334)

Feat: client: add samlp issuer
auth0 · Oct 12, 2022 · 4be47cb · 4be47cb
1 parent ca8a3e0
commit 4be47cb
Show file tree

Hide file tree

Showing 9 changed files with 51 additions and 32 deletions.
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
@@ -112,6 +112,7 @@ Read-Only:
 - `destination` (String)
 - `digest_algorithm` (String)
 - `include_attribute_name_format` (Boolean)
+- `issuer` (String)
 - `lifetime_in_seconds` (Number)
 - `logout` (Map of String)
 - `map_identities` (Boolean)

diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
@@ -101,6 +101,7 @@ Read-Only:
 - `destination` (String)
 - `digest_algorithm` (String)
 - `include_attribute_name_format` (Boolean)
+- `issuer` (String)
 - `lifetime_in_seconds` (Number)
 - `logout` (Map of String)
 - `map_identities` (Boolean)

diff --git a/docs/resources/client.md b/docs/resources/client.md
@@ -61,6 +61,7 @@ resource "auth0_client" "my_client" {
   addons {
     samlp {
       audience = "https://example.com/saml"
+      issuer   = "https://example.com"
       mappings = {
         email = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
         name  = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
@@ -178,6 +179,7 @@ Optional:
 - `destination` (String) Destination of the SAML Response. If not specified, it will be `AssertionConsumerUrl` of SAMLRequest or callback URL if there was no SAMLRequest.
 - `digest_algorithm` (String) Algorithm used to calculate the digest of the SAML Assertion or response. Options include `sha1` and `sha256`. Defaults to `sha1`.
 - `include_attribute_name_format` (Boolean) Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to `true`.
+- `issuer` (String) Issuer of the SAML Assertion.
 - `lifetime_in_seconds` (Number) Number of seconds during which the token is valid.
 - `logout` (Map of String) Configuration settings for logout.
 - `map_identities` (Boolean) Indicates whether or not to add additional identity information in the token, such as the provider used and the `access_token`, if available. Defaults to `true`.

diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
@@ -117,6 +117,7 @@ Optional:
 - `destination` (String) Destination of the SAML Response. If not specified, it will be `AssertionConsumerUrl` of SAMLRequest or callback URL if there was no SAMLRequest.
 - `digest_algorithm` (String) Algorithm used to calculate the digest of the SAML Assertion or response. Options include `sha1` and `sha256`. Defaults to `sha1`.
 - `include_attribute_name_format` (Boolean) Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to `true`.
+- `issuer` (String) Issuer of the SAML Assertion.
 - `lifetime_in_seconds` (Number) Number of seconds during which the token is valid.
 - `logout` (Map of String) Configuration settings for logout.
 - `map_identities` (Boolean) Indicates whether or not to add additional identity information in the token, such as the provider used and the `access_token`, if available. Defaults to `true`.

diff --git a/examples/resources/auth0_client/resource.tf b/examples/resources/auth0_client/resource.tf
@@ -48,6 +48,7 @@ resource "auth0_client" "my_client" {
   addons {
     samlp {
       audience = "https://example.com/saml"
+      issuer   = "https://example.com"
       mappings = {
         email = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
         name  = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

diff --git a/internal/provider/resource_auth0_client.go b/internal/provider/resource_auth0_client.go
@@ -463,6 +463,11 @@ func newClient() *schema.Resource {
 											"validate SAML requests. If set, SAML requests will be required to " +
 											"be signed. A sample value would be `-----BEGIN PUBLIC KEY-----\\nMIGf...bpP/t3\\n+JGNGIRMj1hF1rnb6QIDAQAB\\n-----END PUBLIC KEY-----\\n`.",
 									},
+									"issuer": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: "Issuer of the SAML Assertion.",
+									},
 								},
 							},
 						},

diff --git a/internal/provider/resource_auth0_client_test.go b/internal/provider/resource_auth0_client_test.go
@@ -813,6 +813,7 @@ resource "auth0_client" "my_client" {
 		}
 
 		samlp {
+			issuer = "https://tableau-server-test.domain.eu.com/api/v1"
 			audience = "https://tableau-server-test.domain.eu.com/audience-different"
 			destination = "https://tableau-server-test.domain.eu.com/destination"
 			digest_algorithm = "sha256"
@@ -854,6 +855,7 @@ resource "auth0_client" "my_client" {
 		}
 
 		samlp {
+			issuer = "https://tableau-server-test.domain.eu.com/api/v3"
 			audience = "https://tableau-server-test.domain.eu.com/audience-different"
 			destination = "https://tableau-server-test.domain.eu.com/destination"
 			digest_algorithm = "sha256"
@@ -904,6 +906,7 @@ func TestAccClientSSOIntegrationWithSAML(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v1"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"),
@@ -937,6 +940,7 @@ func TestAccClientSSOIntegrationWithSAML(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key", "wer"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.firebase.private_key_id", "qwreerwerwe"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.issuer", "https://tableau-server-test.domain.eu.com/api/v3"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "https://tableau-server-test.domain.eu.com/audience-different"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "https://tableau-server-test.domain.eu.com/destination"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.digest_algorithm", "sha256"),

diff --git a/internal/provider/structure_auth0_client.go b/internal/provider/structure_auth0_client.go
@@ -237,6 +237,9 @@ func expandClientAddons(d *schema.ResourceData) map[string]interface{} {
 		samlp := make(map[string]interface{})
 
 		samlpConfig.ForEachElement(func(_ cty.Value, samlpConfig cty.Value) (stop bool) {
+			if issuer := value.String(samlpConfig.GetAttr("issuer")); issuer != nil {
+				samlp["issuer"] = issuer
+			}
 			if audience := value.String(samlpConfig.GetAttr("audience")); audience != nil {
 				samlp["audience"] = audience
 			}
@@ -436,6 +439,7 @@ func flattenClientAddons(addons map[string]interface{}) []interface{} {
 		samlp := v.(map[string]interface{})
 
 		samlpMap := map[string]interface{}{
+			"issuer":                             samlp["issuer"],
 			"audience":                           samlp["audience"],
 			"recipient":                          samlp["recipient"],
 			"mappings":                           samlp["mappings"],