Skip to content

Commit

Permalink
Add custom_client_ip_header and tls_policy to custom_domain resource (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
cv711 authored Oct 12, 2022
1 parent 4be47cb commit c48755f
Show file tree
Hide file tree
Showing 4 changed files with 852 additions and 164 deletions.
5 changes: 5 additions & 0 deletions docs/resources/custom_domain.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ resource "auth0_custom_domain" "my_custom_domain" {
- `domain` (String) Name of the custom domain.
- `type` (String) Provisioning type for the custom domain. Options include `auth0_managed_certs` and `self_managed_certs`.

### Optional

- `custom_client_ip_header` (String) The HTTP header to fetch the client's IP address. Cannot be set on auth0_managed domains.
- `tls_policy` (String) TLS policy for the custom domain. Available options are: `compatible` or `recommended`. Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. Cannot be set on self_managed domains.

### Read-Only

- `id` (String) The ID of this resource.
Expand Down
58 changes: 52 additions & 6 deletions internal/provider/resource_auth0_custom_domain.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"net/http"

"github.com/auth0/go-auth0/management"
"github.com/hashicorp/go-cty/cty"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
Expand All @@ -18,6 +17,7 @@ func newCustomDomain() *schema.Resource {
return &schema.Resource{
CreateContext: createCustomDomain,
ReadContext: readCustomDomain,
UpdateContext: updateCustomDomain,
DeleteContext: deleteCustomDomain,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
Expand Down Expand Up @@ -74,14 +74,34 @@ func newCustomDomain() *schema.Resource {
},
},
},
"custom_client_ip_header": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{
"cf-connecting-ip", "x-forwarded-for", "true-client-ip", "",
}, false),
Description: "The HTTP header to fetch the client's IP address. " +
"Cannot be set on auth0_managed domains.",
},
"tls_policy": {
Type: schema.TypeString,
Computed: true,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{
"compatible", "recommended",
}, false),
Description: "TLS policy for the custom domain. Available options are: `compatible` or `recommended`. " +
"Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. " +
"Cannot be set on self_managed domains.",
},
},
}
}

func createCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
api := m.(*management.Management)

customDomain := expandCustomDomain(d.GetRawConfig())
customDomain := expandCustomDomain(d)
if err := api.CustomDomain.Create(customDomain); err != nil {
return diag.FromErr(err)
}
Expand Down Expand Up @@ -109,6 +129,8 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}
d.Set("primary", customDomain.GetPrimary()),
d.Set("status", customDomain.GetStatus()),
d.Set("origin_domain_name", customDomain.GetOriginDomainName()),
d.Set("custom_client_ip_header", customDomain.GetCustomClientIPHeader()),
d.Set("tls_policy", customDomain.GetTLSPolicy()),
)

if customDomain.Verification != nil {
Expand All @@ -120,6 +142,21 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}
return diag.FromErr(result.ErrorOrNil())
}

func updateCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
api := m.(*management.Management)

customDomain := expandCustomDomain(d)
if err := api.CustomDomain.Update(d.Id(), customDomain); err != nil {
if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
d.SetId("")
return nil
}
return diag.FromErr(err)
}

return readCustomDomain(ctx, d, m)
}

func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
api := m.(*management.Management)

Expand All @@ -135,9 +172,18 @@ func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface
return nil
}

func expandCustomDomain(config cty.Value) *management.CustomDomain {
return &management.CustomDomain{
Domain: value.String(config.GetAttr("domain")),
Type: value.String(config.GetAttr("type")),
func expandCustomDomain(d *schema.ResourceData) *management.CustomDomain {
config := d.GetRawConfig()

customDomain := &management.CustomDomain{
TLSPolicy: value.String(config.GetAttr("tls_policy")),
CustomClientIPHeader: value.String(config.GetAttr("custom_client_ip_header")),
}

if d.IsNewResource() {
customDomain.Domain = value.String(config.GetAttr("domain"))
customDomain.Type = value.String(config.GetAttr("type"))
}

return customDomain
}
127 changes: 113 additions & 14 deletions internal/provider/resource_auth0_custom_domain_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package provider
import (
"fmt"
"log"
"os"
"strings"
"testing"

Expand Down Expand Up @@ -47,35 +46,135 @@ func init() {
})
}

func TestAccCustomDomain(t *testing.T) {
if os.Getenv("AUTH0_DOMAIN") != recorder.RecordingsDomain {
t.Skip()
}
const testAccCreateSelfManagedCustomDomain = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.terraform-provider-auth0.com"
type = "self_managed_certs"
}
`

const testAccUpdateSelfManagedCustomDomain = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.terraform-provider-auth0.com"
type = "self_managed_certs"
custom_client_ip_header = "true-client-ip"
}
`

const testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.terraform-provider-auth0.com"
type = "self_managed_certs"
custom_client_ip_header = ""
}
`

const testAccCreateAuth0ManagedCustomDomain = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.terraform-provider-auth0.com"
type = "auth0_managed_certs"
}
`

const testAccUpdateAuth0ManagedCustomDomain = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.terraform-provider-auth0.com"
type = "auth0_managed_certs"
tls_policy = "recommended"
}
`

func TestAccCustomDomain(t *testing.T) {
httpRecorder := recorder.New(t)

resource.Test(t, resource.TestCase{
ProviderFactories: testProviders(httpRecorder),
Steps: []resource.TestStep{
{
Config: template.ParseTestName(testAccCustomDomain, strings.ToLower(t.Name())),
Config: template.ParseTestName(testAccCreateSelfManagedCustomDomain, strings.ToLower(t.Name())),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"auth0_custom_domain.my_custom_domain",
"domain",
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
),
},
{
Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomain, strings.ToLower(t.Name())),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"auth0_custom_domain.my_custom_domain",
"domain",
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", "true-client-ip"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
),
},
{
Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader, strings.ToLower(t.Name())),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"auth0_custom_domain.my_custom_domain",
"domain",
fmt.Sprintf("%s.auth.uat.terraform-provider-auth0.com", strings.ToLower(t.Name())),
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""),
),
},
{
Config: template.ParseTestName(testAccCreateAuth0ManagedCustomDomain, strings.ToLower(t.Name())),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"auth0_custom_domain.my_custom_domain",
"domain",
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"),
),
},
{
Config: template.ParseTestName(testAccUpdateAuth0ManagedCustomDomain, strings.ToLower(t.Name())),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(
"auth0_custom_domain.my_custom_domain",
"domain",
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())),
),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""),
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"),
),
},
},
})
}

const testAccCustomDomain = `
resource "auth0_custom_domain" "my_custom_domain" {
domain = "{{.testName}}.auth.uat.terraform-provider-auth0.com"
type = "auth0_managed_certs"
}
`
Loading

0 comments on commit c48755f

Please sign in to comment.