-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add custom_client_ip_header and tls_policy to custom_domain resource #335
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,6 @@ import ( | |
"net/http" | ||
|
||
"github.com/auth0/go-auth0/management" | ||
"github.com/hashicorp/go-cty/cty" | ||
"github.com/hashicorp/go-multierror" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
|
@@ -18,6 +17,7 @@ func newCustomDomain() *schema.Resource { | |
return &schema.Resource{ | ||
CreateContext: createCustomDomain, | ||
ReadContext: readCustomDomain, | ||
UpdateContext: updateCustomDomain, | ||
DeleteContext: deleteCustomDomain, | ||
Importer: &schema.ResourceImporter{ | ||
StateContext: schema.ImportStatePassthroughContext, | ||
|
@@ -74,14 +74,34 @@ func newCustomDomain() *schema.Resource { | |
}, | ||
}, | ||
}, | ||
"custom_client_ip_header": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validation.StringInSlice([]string{ | ||
"cf-connecting-ip", "x-forwarded-for", "true-client-ip", "", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We're adding as well validation as this field can only have certain values. |
||
}, false), | ||
Description: "The HTTP header to fetch the client's IP address. " + | ||
"Cannot be set on auth0_managed domains.", | ||
}, | ||
"tls_policy": { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We're adding this field as well for completeness as the PATCH endpoint accepts it as well. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I was planning to add this field in my next PR but good to have them both here! |
||
Type: schema.TypeString, | ||
Computed: true, | ||
Optional: true, | ||
ValidateFunc: validation.StringInSlice([]string{ | ||
"compatible", "recommended", | ||
}, false), | ||
Description: "TLS policy for the custom domain. Available options are: `compatible` or `recommended`. " + | ||
"Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. " + | ||
"Cannot be set on self_managed domains.", | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func createCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
api := m.(*management.Management) | ||
|
||
customDomain := expandCustomDomain(d.GetRawConfig()) | ||
customDomain := expandCustomDomain(d) | ||
if err := api.CustomDomain.Create(customDomain); err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
@@ -109,6 +129,8 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{} | |
d.Set("primary", customDomain.GetPrimary()), | ||
d.Set("status", customDomain.GetStatus()), | ||
d.Set("origin_domain_name", customDomain.GetOriginDomainName()), | ||
d.Set("custom_client_ip_header", customDomain.GetCustomClientIPHeader()), | ||
d.Set("tls_policy", customDomain.GetTLSPolicy()), | ||
) | ||
|
||
if customDomain.Verification != nil { | ||
|
@@ -120,6 +142,21 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{} | |
return diag.FromErr(result.ErrorOrNil()) | ||
} | ||
|
||
func updateCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
api := m.(*management.Management) | ||
|
||
customDomain := expandCustomDomain(d) | ||
if err := api.CustomDomain.Update(d.Id(), customDomain); err != nil { | ||
if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound { | ||
d.SetId("") | ||
return nil | ||
} | ||
return diag.FromErr(err) | ||
} | ||
|
||
return readCustomDomain(ctx, d, m) | ||
} | ||
|
||
func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
api := m.(*management.Management) | ||
|
||
|
@@ -135,9 +172,18 @@ func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface | |
return nil | ||
} | ||
|
||
func expandCustomDomain(config cty.Value) *management.CustomDomain { | ||
return &management.CustomDomain{ | ||
Domain: value.String(config.GetAttr("domain")), | ||
Type: value.String(config.GetAttr("type")), | ||
func expandCustomDomain(d *schema.ResourceData) *management.CustomDomain { | ||
config := d.GetRawConfig() | ||
|
||
customDomain := &management.CustomDomain{ | ||
TLSPolicy: value.String(config.GetAttr("tls_policy")), | ||
CustomClientIPHeader: value.String(config.GetAttr("custom_client_ip_header")), | ||
} | ||
|
||
if d.IsNewResource() { | ||
customDomain.Domain = value.String(config.GetAttr("domain")) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We still wanna make sure the domain and type can only be set on a new resource but are not getting sent on the PATCH. |
||
customDomain.Type = value.String(config.GetAttr("type")) | ||
} | ||
|
||
return customDomain | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,6 @@ package provider | |
import ( | ||
"fmt" | ||
"log" | ||
"os" | ||
"strings" | ||
"testing" | ||
|
||
|
@@ -47,35 +46,135 @@ func init() { | |
}) | ||
} | ||
|
||
func TestAccCustomDomain(t *testing.T) { | ||
if os.Getenv("AUTH0_DOMAIN") != recorder.RecordingsDomain { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It turns out we didn't really need to run these tests only on the predefined recordings, we can run them on the live tenant on demand as well without anything breaking as we're not going through the verification. |
||
t.Skip() | ||
} | ||
const testAccCreateSelfManagedCustomDomain = ` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Refactoring the tests so they're covering more cases. |
||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.terraform-provider-auth0.com" | ||
type = "self_managed_certs" | ||
} | ||
` | ||
|
||
const testAccUpdateSelfManagedCustomDomain = ` | ||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.terraform-provider-auth0.com" | ||
type = "self_managed_certs" | ||
custom_client_ip_header = "true-client-ip" | ||
} | ||
` | ||
|
||
const testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader = ` | ||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.terraform-provider-auth0.com" | ||
type = "self_managed_certs" | ||
custom_client_ip_header = "" | ||
} | ||
` | ||
|
||
const testAccCreateAuth0ManagedCustomDomain = ` | ||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.terraform-provider-auth0.com" | ||
type = "auth0_managed_certs" | ||
} | ||
` | ||
|
||
const testAccUpdateAuth0ManagedCustomDomain = ` | ||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.terraform-provider-auth0.com" | ||
type = "auth0_managed_certs" | ||
tls_policy = "recommended" | ||
} | ||
` | ||
|
||
func TestAccCustomDomain(t *testing.T) { | ||
httpRecorder := recorder.New(t) | ||
|
||
resource.Test(t, resource.TestCase{ | ||
ProviderFactories: testProviders(httpRecorder), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: template.ParseTestName(testAccCustomDomain, strings.ToLower(t.Name())), | ||
Config: template.ParseTestName(testAccCreateSelfManagedCustomDomain, strings.ToLower(t.Name())), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"auth0_custom_domain.my_custom_domain", | ||
"domain", | ||
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""), | ||
), | ||
}, | ||
{ | ||
Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomain, strings.ToLower(t.Name())), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"auth0_custom_domain.my_custom_domain", | ||
"domain", | ||
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", "true-client-ip"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""), | ||
), | ||
}, | ||
{ | ||
Config: template.ParseTestName(testAccUpdateSelfManagedCustomDomainWithEmptyClientIPHeader, strings.ToLower(t.Name())), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"auth0_custom_domain.my_custom_domain", | ||
"domain", | ||
fmt.Sprintf("%s.auth.uat.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "self_managed_certs"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", ""), | ||
), | ||
}, | ||
{ | ||
Config: template.ParseTestName(testAccCreateAuth0ManagedCustomDomain, strings.ToLower(t.Name())), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"auth0_custom_domain.my_custom_domain", | ||
"domain", | ||
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"), | ||
), | ||
}, | ||
{ | ||
Config: template.ParseTestName(testAccUpdateAuth0ManagedCustomDomain, strings.ToLower(t.Name())), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"auth0_custom_domain.my_custom_domain", | ||
"domain", | ||
fmt.Sprintf("%s.auth.terraform-provider-auth0.com", strings.ToLower(t.Name())), | ||
), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "type", "auth0_managed_certs"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "status", "pending_verification"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "origin_domain_name", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "primary", "true"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "verification.#", "1"), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "custom_client_ip_header", ""), | ||
resource.TestCheckResourceAttr("auth0_custom_domain.my_custom_domain", "tls_policy", "recommended"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
const testAccCustomDomain = ` | ||
resource "auth0_custom_domain" "my_custom_domain" { | ||
domain = "{{.testName}}.auth.uat.terraform-provider-auth0.com" | ||
type = "auth0_managed_certs" | ||
} | ||
` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're adding an update command as well because the
custom_client_ip_header
andtls_policy
fields can be updated without recreating the custom domain entity.