Skip to content

Commit

Permalink
DXCDT-353: Add fed_metadata_xml and other missing fields to adfs conn…
Browse files Browse the repository at this point in the history
…ection (#458)
  • Loading branch information
sergiught authored Jan 31, 2023
1 parent 3f245b6 commit 54eb445
Show file tree
Hide file tree
Showing 5 changed files with 266 additions and 26 deletions.
3 changes: 2 additions & 1 deletion docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,7 @@ resource "auth0_connection" "okta" {

Optional:

- `adfs_server` (String) ADFS Metadata source.
- `adfs_server` (String) ADFS URL where to fetch the metadata source.
- `allowed_audiences` (Set of String) List of allowed audiences.
- `api_enable_users` (Boolean) Enable API Access to users.
- `app_id` (String) App ID.
Expand All @@ -641,6 +641,7 @@ Optional:
- `enable_script_context` (Boolean) Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled).
- `enabled_database_customization` (Boolean) Set to `true` to use a legacy user store.
- `entity_id` (String) Custom Entity ID for the connection.
- `fed_metadata_xml` (String) Federation Metadata for the ADFS connection.
- `fields_map` (String) If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- `forward_request_info` (Boolean) Specifies whether or not request info should be forwarded to sms gateway.
- `from` (String) Address to use as the sender.
Expand Down
7 changes: 6 additions & 1 deletion internal/provider/resource_auth0_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,12 @@ var connectionSchema = map[string]*schema.Schema{
"adfs_server": {
Type: schema.TypeString,
Optional: true,
Description: "ADFS Metadata source.",
Description: "ADFS URL where to fetch the metadata source.",
},
"fed_metadata_xml": {
Type: schema.TypeString,
Optional: true,
Description: "Federation Metadata for the ADFS connection.",
},
"community_base_url": {
Type: schema.TypeString,
Expand Down
84 changes: 84 additions & 0 deletions internal/provider/resource_auth0_connection_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,30 @@ func TestAccConnectionADFS(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "always_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
),
},
{
Config: template.ParseTestName(testAccConnectionADFSConfigUpdate, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_connection.adfs", "name", fmt.Sprintf("Acceptance-Test-ADFS-%s", t.Name())),
resource.TestCheckResourceAttr("auth0_connection.adfs", "strategy", "adfs"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "show_as_button", "true"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.tenant_domain", "example.auth0.com"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.0", "example.com"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.icon_url", "https://example.com/logo.svg"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.adfs_server", ""),
resource.TestCheckResourceAttrSet("auth0_connection.adfs", "options.0.fed_metadata_xml"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.api_enable_users", "false"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.set_user_root_attributes", "on_each_login"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.#", "2"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "never_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
),
},
},
Expand All @@ -367,9 +391,69 @@ resource "auth0_connection" "adfs" {
domain_aliases = ["example.com"]
icon_url = "https://example.com/logo.svg"
adfs_server = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/b5ed4fc037bcf7be0a8953033a3c3ffa1be17083/test/data/federation_metadata.xml"
sign_in_endpoint = "https://adfs.provider/wsfed"
api_enable_users = false
set_user_root_attributes = "on_each_login"
non_persistent_attrs = ["gender","hair_color"]
should_trust_email_verified_connection = "always_set_emails_as_verified"
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
}
}
`

const testAccConnectionADFSConfigUpdate = `
resource "auth0_connection" "adfs" {
name = "Acceptance-Test-ADFS-{{.testName}}"
strategy = "adfs"
show_as_button = true
options {
tenant_domain = "example.auth0.com"
domain_aliases = ["example.com"]
icon_url = "https://example.com/logo.svg"
adfs_server = ""
fed_metadata_xml = <<EOF
<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor entityID="https://example.com"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<RoleDescriptor xsi:type="fed:ApplicationServiceType"
protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
<fed:TargetScopes>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/</wsa:Address>
</wsa:EndpointReference>
</fed:TargetScopes>
<fed:ApplicationServiceEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:ApplicationServiceEndpoint>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</RoleDescriptor>
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://adfs.provider/sign_out"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://adfs.provider/sign_in"/>
</IDPSSODescriptor>
</EntityDescriptor>
EOF
sign_in_endpoint = "https://adfs.provider/wsfed"
api_enable_users = false
should_trust_email_verified_connection = "never_set_emails_as_verified"
set_user_root_attributes = "on_each_login"
non_persistent_attrs = ["gender","hair_color"]
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
Expand Down
20 changes: 13 additions & 7 deletions internal/provider/structure_auth0_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -526,13 +526,16 @@ func flattenConnectionOptionsAzureAD(options *management.ConnectionOptionsAzureA

func flattenConnectionOptionsADFS(options *management.ConnectionOptionsADFS) (interface{}, diag.Diagnostics) {
m := map[string]interface{}{
"tenant_domain": options.GetTenantDomain(),
"domain_aliases": options.GetDomainAliases(),
"icon_url": options.GetLogoURL(),
"adfs_server": options.GetADFSServer(),
"api_enable_users": options.GetEnableUsersAPI(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
"tenant_domain": options.GetTenantDomain(),
"domain_aliases": options.GetDomainAliases(),
"icon_url": options.GetLogoURL(),
"adfs_server": options.GetADFSServer(),
"fed_metadata_xml": options.GetFedMetadataXML(),
"sign_in_endpoint": options.GetSignInEndpoint(),
"api_enable_users": options.GetEnableUsersAPI(),
"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
}

upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
Expand Down Expand Up @@ -1273,7 +1276,10 @@ func expandConnectionOptionsADFS(config cty.Value) (*management.ConnectionOption
DomainAliases: value.Strings(config.GetAttr("domain_aliases")),
LogoURL: value.String(config.GetAttr("icon_url")),
ADFSServer: value.String(config.GetAttr("adfs_server")),
FedMetadataXML: value.String(config.GetAttr("fed_metadata_xml")),
SignInEndpoint: value.String(config.GetAttr("sign_in_endpoint")),
EnableUsersAPI: value.Bool(config.GetAttr("api_enable_users")),
TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
SetUserAttributes: value.String(config.GetAttr("set_user_root_attributes")),
NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
}
Expand Down
Loading

0 comments on commit 54eb445

Please sign in to comment.