Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ESD-25022: Redesign how mfa types get enabled within the guardian resource #423

Merged
merged 1 commit into from
Jan 4, 2023

Conversation

sergiught
Copy link
Contributor

@sergiught sergiught commented Jan 4, 2023

🔧 Changes

In this PR we are redesigning how the enable/disable mechanism works for mfa types within the auth0_guardian resource.

Previously we used to toggle them on/off implicitly based purely on whether the mfa block was present or not.

E.g.

resource "auth0_guardian" "my_guardian" {
  policy        = "all-applications"

  webauthn_platform {}
}

The above would enable WebAuthn with FIDO Device Biometrics MFA.

To provide a better developer experience and to fix a couple of obscure bugs related to the diffing mechanism when out of bounds changes are made (push-notification wasn't showing correctly diffs), we are introducing an enabled element to each mfa block.

E.g.

resource "auth0_guardian" "my_guardian" {
  policy        = "all-applications"

  webauthn_platform {
    enabled = true
  }
}

Note: The high amount of lines changed shown is mostly due to the test recordings, so don't get alarmed! 😅

📚 References

🔬 Testing

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@codecov-commenter
Copy link

Codecov Report

Base: 86.79% // Head: 87.01% // Increases project coverage by +0.21% 🎉

Coverage data is based on head (f09d9d0) compared to base (33f3c12).
Patch coverage: 81.48% of modified lines in pull request are covered.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #423      +/-   ##
==========================================
+ Coverage   86.79%   87.01%   +0.21%     
==========================================
  Files          41       41              
  Lines        9036     9116      +80     
==========================================
+ Hits         7843     7932      +89     
+ Misses        924      910      -14     
- Partials      269      274       +5     
Impacted Files Coverage Δ
internal/provider/structure_auth0_guardian.go 73.95% <78.77%> (+5.00%) ⬆️
internal/provider/resource_auth0_guardian.go 93.69% <88.23%> (+1.85%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@sergiught sergiught self-assigned this Jan 4, 2023
@sergiught sergiught marked this pull request as ready for review January 4, 2023 07:52
@sergiught sergiught requested a review from a team as a code owner January 4, 2023 07:52
@@ -39,12 +39,18 @@ func newGuardian() *schema.Resource {
"webauthn_roaming": {
Type: schema.TypeList,
Optional: true,
Computed: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are adding the computed property to all mfa objects as some of their attributes are already set by the API when a new tenant is created and we want to avoid needing to specify all of them just to get started.

"provider": {
Type: schema.TypeString,
Required: true,
Optional: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are changing some of the nested properties on mfa types from Required to Optional so we can allow simply setting an mfa type to disabled without needing to specify extra attributes.

),
},
{
Config: testAccGuardianEmailDelete,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
resource.TestCheckResourceAttr("auth0_guardian.foo", "email", "false"),
resource.TestCheckResourceAttr("auth0_guardian.foo", "otp", "false"),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These can be removed as the mfa types are computed, and values will get ready from the API.

Copy link
Contributor

@willvedd willvedd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work. I agree that the more explicit behavior via the enabled property is a step in the right direction for the provider.

@sergiught sergiught merged commit 59a1577 into main Jan 4, 2023
@sergiught sergiught deleted the patch/ESD-25022-guardian-refactor branch January 4, 2023 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants