-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TRACKAI-2061: Pass-through unconfigurable connection options #786
Changes from 2 commits
e48ebce
fa4c69e
5d55d0b
853bdd6
757bcc0
25d394e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -82,21 +82,21 @@ func expandConnection(d *schema.ResourceData, api *management.Management) (*mana | |
connection.Options, diagnostics = expandConnectionOptionsOkta(d, options) | ||
case management.ConnectionStrategyAD: | ||
connection.ShowAsButton = showAsButton | ||
connection.Options, diagnostics = expandConnectionOptionsAD(options) | ||
connection.Options, diagnostics = expandConnectionOptionsAD(d, options, api) | ||
case management.ConnectionStrategyAzureAD: | ||
connection.ShowAsButton = showAsButton | ||
connection.Options, diagnostics = expandConnectionOptionsAzureAD(d, options) | ||
connection.Options, diagnostics = expandConnectionOptionsAzureAD(d, options, api) | ||
case management.ConnectionStrategyEmail: | ||
connection.Options, diagnostics = expandConnectionOptionsEmail(options) | ||
case management.ConnectionStrategySAML: | ||
connection.ShowAsButton = showAsButton | ||
connection.Options, diagnostics = expandConnectionOptionsSAML(options) | ||
connection.Options, diagnostics = expandConnectionOptionsSAML(d, options, api) | ||
case management.ConnectionStrategyADFS: | ||
connection.ShowAsButton = showAsButton | ||
connection.Options, diagnostics = expandConnectionOptionsADFS(options) | ||
case management.ConnectionStrategyPingFederate: | ||
connection.ShowAsButton = showAsButton | ||
connection.Options, diagnostics = expandConnectionOptionsPingFederate(options) | ||
connection.Options, diagnostics = expandConnectionOptionsPingFederate(d, options, api) | ||
default: | ||
diagnostics = append(diagnostics, diag.Diagnostic{ | ||
Severity: diag.Error, | ||
|
@@ -542,7 +542,11 @@ func expandConnectionOptionsEmail(config cty.Value) (*management.ConnectionOptio | |
return options, diag.FromErr(err) | ||
} | ||
|
||
func expandConnectionOptionsAD(config cty.Value) (*management.ConnectionOptionsAD, diag.Diagnostics) { | ||
func expandConnectionOptionsAD( | ||
d *schema.ResourceData, | ||
config cty.Value, | ||
api *management.Management, | ||
) (*management.ConnectionOptionsAD, diag.Diagnostics) { | ||
options := &management.ConnectionOptionsAD{ | ||
DomainAliases: value.Strings(config.GetAttr("domain_aliases")), | ||
TenantDomain: value.String(config.GetAttr("tenant_domain")), | ||
|
@@ -555,6 +559,21 @@ func expandConnectionOptionsAD(config cty.Value) (*management.ConnectionOptionsA | |
BruteForceProtection: value.Bool(config.GetAttr("brute_force_protection")), | ||
} | ||
|
||
if !d.IsNewResource() { | ||
conn, err := api.Connection.Read(d.Id()) | ||
if err != nil { | ||
return options, diag.FromErr(err) | ||
} | ||
|
||
existingOptions := conn.Options.(*management.ConnectionOptionsAD) | ||
|
||
// Passing-through unconfigurable connection option values to prevent them from being erased on remote. | ||
options.Certs = existingOptions.Certs | ||
options.AgentIP = existingOptions.AgentIP | ||
options.AgentVersion = existingOptions.AgentVersion | ||
options.AgentMode = existingOptions.AgentMode | ||
} | ||
|
||
options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes")) | ||
if options.GetSetUserAttributes() == "on_each_login" { | ||
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI. | ||
|
@@ -569,6 +588,7 @@ func expandConnectionOptionsAD(config cty.Value) (*management.ConnectionOptionsA | |
func expandConnectionOptionsAzureAD( | ||
d *schema.ResourceData, | ||
config cty.Value, | ||
api *management.Management, | ||
) (*management.ConnectionOptionsAzureAD, diag.Diagnostics) { | ||
options := &management.ConnectionOptionsAzureAD{ | ||
ClientID: value.String(config.GetAttr("client_id")), | ||
|
@@ -588,6 +608,22 @@ func expandConnectionOptionsAzureAD( | |
TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")), | ||
} | ||
|
||
if !d.IsNewResource() { | ||
conn, err := api.Connection.Read(d.Id()) | ||
if err != nil { | ||
return options, diag.FromErr(err) | ||
} | ||
|
||
existingOptions := conn.Options.(*management.ConnectionOptionsAzureAD) | ||
|
||
// Passing-through unconfigurable connection option values to prevent them from being erased on remote. | ||
options.AppDomain = existingOptions.AppDomain | ||
options.Thumbprints = existingOptions.Thumbprints | ||
options.CertRolloverNotification = existingOptions.CertRolloverNotification | ||
options.Granted = existingOptions.Granted | ||
options.TenantID = existingOptions.TenantID | ||
} | ||
|
||
options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes")) | ||
if options.GetSetUserAttributes() == "on_each_login" { | ||
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI. | ||
|
@@ -657,7 +693,11 @@ func expandConnectionOptionsOkta( | |
return options, diag.FromErr(err) | ||
} | ||
|
||
func expandConnectionOptionsSAML(config cty.Value) (*management.ConnectionOptionsSAML, diag.Diagnostics) { | ||
func expandConnectionOptionsSAML( | ||
d *schema.ResourceData, | ||
config cty.Value, | ||
api *management.Management, | ||
) (*management.ConnectionOptionsSAML, diag.Diagnostics) { | ||
options := &management.ConnectionOptionsSAML{ | ||
Debug: value.Bool(config.GetAttr("debug")), | ||
SigningCert: value.String(config.GetAttr("signing_cert")), | ||
|
@@ -679,6 +719,24 @@ func expandConnectionOptionsSAML(config cty.Value) (*management.ConnectionOption | |
MetadataURL: value.String(config.GetAttr("metadata_url")), | ||
} | ||
|
||
if !d.IsNewResource() { | ||
conn, err := api.Connection.Read(d.Id()) | ||
if err != nil { | ||
return options, diag.FromErr(err) | ||
} | ||
|
||
existingOptions := conn.Options.(*management.ConnectionOptionsSAML) | ||
|
||
// Passing-through unconfigurable connection option values to prevent them from being erased on remote. | ||
options.BindingMethod = existingOptions.BindingMethod | ||
options.CertRolloverNotification = existingOptions.CertRolloverNotification | ||
options.AgentIP = existingOptions.AgentIP | ||
options.AgentVersion = existingOptions.AgentVersion | ||
options.AgentMode = existingOptions.AgentMode | ||
options.ExtGroups = existingOptions.ExtGroups | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Aren't these part of the "scopes" property already? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, these do not exist already. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am specifically referring to the 2 ext_* properties, see https://github.com/auth0/terraform-provider-auth0/blob/main/internal/auth0/connection/resource_test.go#L275-L276. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Seems that erroneously the scope tag is missing from these https://github.com/auth0/go-auth0/blob/main/management/connection.go#L896, so we can keep them like this for now. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah that's my bad I didn't realise these should be configured as scopes in the Go SDK |
||
options.ExtProfile = existingOptions.ExtProfile | ||
} | ||
|
||
options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes")) | ||
if options.GetSetUserAttributes() == "on_each_login" { | ||
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI. | ||
|
@@ -739,7 +797,9 @@ func expandConnectionOptionsADFS(config cty.Value) (*management.ConnectionOption | |
} | ||
|
||
func expandConnectionOptionsPingFederate( | ||
d *schema.ResourceData, | ||
config cty.Value, | ||
api *management.Management, | ||
) (*management.ConnectionOptionsPingFederate, diag.Diagnostics) { | ||
options := &management.ConnectionOptionsPingFederate{ | ||
SigningCert: value.String(config.GetAttr("signing_cert")), | ||
|
@@ -754,6 +814,40 @@ func expandConnectionOptionsPingFederate( | |
NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")), | ||
} | ||
|
||
if !d.IsNewResource() { | ||
conn, err := api.Connection.Read(d.Id()) | ||
if err != nil { | ||
return options, diag.FromErr(err) | ||
} | ||
|
||
existingOptions := conn.Options.(*management.ConnectionOptionsPingFederate) | ||
|
||
// Passing-through unconfigurable connection option values to prevent them from being erased on remote. | ||
options.APIEnableUsers = existingOptions.APIEnableUsers | ||
options.SignOutEndpoint = existingOptions.SignOutEndpoint | ||
options.Subject = existingOptions.Subject | ||
options.DisableSignout = existingOptions.DisableSignout | ||
options.UserIDAttribute = existingOptions.UserIDAttribute | ||
options.Debug = existingOptions.Debug | ||
options.ProtocolBinding = existingOptions.ProtocolBinding | ||
options.RequestTemplate = existingOptions.RequestTemplate | ||
options.BindingMethod = existingOptions.BindingMethod | ||
options.Thumbprints = existingOptions.Thumbprints | ||
options.Expires = existingOptions.Expires | ||
options.MetadataURL = existingOptions.MetadataURL | ||
options.FieldsMap = existingOptions.FieldsMap | ||
options.MetadataXML = existingOptions.MetadataXML | ||
options.EntityID = existingOptions.EntityID | ||
options.CertRolloverNotification = existingOptions.CertRolloverNotification | ||
options.SigningKey = existingOptions.SigningKey | ||
options.DecryptionKey = existingOptions.DecryptionKey | ||
options.AgentIP = existingOptions.AgentIP | ||
options.AgentVersion = existingOptions.AgentVersion | ||
options.AgentMode = existingOptions.AgentMode | ||
options.ExtGroups = existingOptions.ExtGroups | ||
options.ExtProfile = existingOptions.ExtProfile | ||
} | ||
|
||
options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes")) | ||
if options.GetSetUserAttributes() == "on_each_login" { | ||
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,7 +13,7 @@ import ( | |
"github.com/auth0/terraform-provider-auth0/internal/mutex" | ||
) | ||
|
||
const providerName = "Terraform-Provider-Auth0" | ||
const providerName = "Terraform-Provider-Auth0" //#nosec G101 -- provider name not secret | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Our CI's linting step started getting caught here |
||
|
||
var version = "dev" | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't really need to pass the API here in all these places and force another request to fetch the current details. We can add all the extra properties as read-only (Computed), and simply update all the expands to fetch those details as well and pass them through, effectively skipping the API call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These values don't have value to the end-user, they're useful for facilitating the operation of the connection. Exposing them through just pollutes the schema and could confuse end-users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, that makes sense. However the expand is now doing a bit too much, it would be nice to have these "supplements" in separate funcs within the main expand switch statement.