Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-353: Add fed_metadata_xml and other missing fields to adfs connection #458

Merged
merged 1 commit into from
Jan 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,7 @@ resource "auth0_connection" "okta" {

Optional:

- `adfs_server` (String) ADFS Metadata source.
- `adfs_server` (String) ADFS URL where to fetch the metadata source.
- `allowed_audiences` (Set of String) List of allowed audiences.
- `api_enable_users` (Boolean) Enable API Access to users.
- `app_id` (String) App ID.
Expand All @@ -641,6 +641,7 @@ Optional:
- `enable_script_context` (Boolean) Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled).
- `enabled_database_customization` (Boolean) Set to `true` to use a legacy user store.
- `entity_id` (String) Custom Entity ID for the connection.
- `fed_metadata_xml` (String) Federation Metadata for the ADFS connection.
- `fields_map` (String) If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- `forward_request_info` (Boolean) Specifies whether or not request info should be forwarded to sms gateway.
- `from` (String) Address to use as the sender.
Expand Down
7 changes: 6 additions & 1 deletion internal/provider/resource_auth0_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,12 @@ var connectionSchema = map[string]*schema.Schema{
"adfs_server": {
Type: schema.TypeString,
Optional: true,
Description: "ADFS Metadata source.",
Description: "ADFS URL where to fetch the metadata source.",
},
"fed_metadata_xml": {
Type: schema.TypeString,
Optional: true,
Description: "Federation Metadata for the ADFS connection.",
},
"community_base_url": {
Type: schema.TypeString,
Expand Down
84 changes: 84 additions & 0 deletions internal/provider/resource_auth0_connection_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,30 @@ func TestAccConnectionADFS(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "always_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
),
},
{
Config: template.ParseTestName(testAccConnectionADFSConfigUpdate, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_connection.adfs", "name", fmt.Sprintf("Acceptance-Test-ADFS-%s", t.Name())),
resource.TestCheckResourceAttr("auth0_connection.adfs", "strategy", "adfs"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "show_as_button", "true"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.tenant_domain", "example.auth0.com"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.domain_aliases.0", "example.com"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.icon_url", "https://example.com/logo.svg"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.adfs_server", ""),
resource.TestCheckResourceAttrSet("auth0_connection.adfs", "options.0.fed_metadata_xml"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.api_enable_users", "false"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.set_user_root_attributes", "on_each_login"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.#", "2"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.0", "gender"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.non_persistent_attrs.1", "hair_color"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.should_trust_email_verified_connection", "never_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.adfs", "options.0.sign_in_endpoint", "https://adfs.provider/wsfed"),
),
},
},
Expand All @@ -367,9 +391,69 @@ resource "auth0_connection" "adfs" {
domain_aliases = ["example.com"]
icon_url = "https://example.com/logo.svg"
adfs_server = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/b5ed4fc037bcf7be0a8953033a3c3ffa1be17083/test/data/federation_metadata.xml"
sign_in_endpoint = "https://adfs.provider/wsfed"
api_enable_users = false
set_user_root_attributes = "on_each_login"
non_persistent_attrs = ["gender","hair_color"]
should_trust_email_verified_connection = "always_set_emails_as_verified"
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
}
}
`

const testAccConnectionADFSConfigUpdate = `
resource "auth0_connection" "adfs" {
name = "Acceptance-Test-ADFS-{{.testName}}"
strategy = "adfs"
show_as_button = true

options {
tenant_domain = "example.auth0.com"
domain_aliases = ["example.com"]
icon_url = "https://example.com/logo.svg"
adfs_server = ""
fed_metadata_xml = <<EOF
<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor entityID="https://example.com"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<RoleDescriptor xsi:type="fed:ApplicationServiceType"
protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
<fed:TargetScopes>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/</wsa:Address>
</wsa:EndpointReference>
</fed:TargetScopes>
<fed:ApplicationServiceEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:ApplicationServiceEndpoint>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://adfs.provider/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</RoleDescriptor>
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://adfs.provider/sign_out"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://adfs.provider/sign_in"/>
</IDPSSODescriptor>
</EntityDescriptor>

EOF
sign_in_endpoint = "https://adfs.provider/wsfed"
api_enable_users = false
should_trust_email_verified_connection = "never_set_emails_as_verified"
set_user_root_attributes = "on_each_login"
non_persistent_attrs = ["gender","hair_color"]
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
Expand Down
20 changes: 13 additions & 7 deletions internal/provider/structure_auth0_connection.go
Original file line number Diff line number Diff line change
Expand Up @@ -526,13 +526,16 @@ func flattenConnectionOptionsAzureAD(options *management.ConnectionOptionsAzureA

func flattenConnectionOptionsADFS(options *management.ConnectionOptionsADFS) (interface{}, diag.Diagnostics) {
m := map[string]interface{}{
"tenant_domain": options.GetTenantDomain(),
"domain_aliases": options.GetDomainAliases(),
"icon_url": options.GetLogoURL(),
"adfs_server": options.GetADFSServer(),
"api_enable_users": options.GetEnableUsersAPI(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
"tenant_domain": options.GetTenantDomain(),
"domain_aliases": options.GetDomainAliases(),
"icon_url": options.GetLogoURL(),
"adfs_server": options.GetADFSServer(),
"fed_metadata_xml": options.GetFedMetadataXML(),
"sign_in_endpoint": options.GetSignInEndpoint(),
"api_enable_users": options.GetEnableUsersAPI(),
"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
}

upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
Expand Down Expand Up @@ -1273,7 +1276,10 @@ func expandConnectionOptionsADFS(config cty.Value) (*management.ConnectionOption
DomainAliases: value.Strings(config.GetAttr("domain_aliases")),
LogoURL: value.String(config.GetAttr("icon_url")),
ADFSServer: value.String(config.GetAttr("adfs_server")),
FedMetadataXML: value.String(config.GetAttr("fed_metadata_xml")),
SignInEndpoint: value.String(config.GetAttr("sign_in_endpoint")),
EnableUsersAPI: value.Bool(config.GetAttr("api_enable_users")),
TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
SetUserAttributes: value.String(config.GetAttr("set_user_root_attributes")),
NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
}
Expand Down
Loading