Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-563: Add support for customize_mfa_in_postlogin_action tenant setting #871

Merged
merged 1 commit into from
Oct 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/data-sources/tenant.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ data "auth0_tenant" "my_tenant" {}

- `allow_organization_name_in_authentication_api` (Boolean) Whether to accept an organization name instead of an ID on auth endpoints.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `customize_mfa_in_postlogin_action` (Boolean) Whether to enable flexible factors for MFA in the PostLogin action.
- `default_audience` (String) API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- `default_directory` (String) Name of the connection to be used for Password Grant exchanges. Options include `auth0-adldap`, `ad`, `auth0`, `email`, `sms`, `waad`, and `adfs`.
- `default_redirection_uri` (String) The default absolute redirection URI. Must be HTTPS or an empty string.
Expand Down
1 change: 1 addition & 0 deletions docs/resources/tenant.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ resource "auth0_tenant" "my_tenant" {

- `allow_organization_name_in_authentication_api` (Boolean) Whether to accept an organization name instead of an ID on auth endpoints.
- `allowed_logout_urls` (List of String) URLs that Auth0 may redirect to after logout.
- `customize_mfa_in_postlogin_action` (Boolean) Whether to enable flexible factors for MFA in the PostLogin action.
- `default_audience` (String) API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.
- `default_directory` (String) Name of the connection to be used for Password Grant exchanges. Options include `auth0-adldap`, `ad`, `auth0`, `email`, `sms`, `waad`, and `adfs`.
- `default_redirection_uri` (String) The default absolute redirection URI. Must be HTTPS or an empty string.
Expand Down
31 changes: 16 additions & 15 deletions internal/auth0/tenant/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,22 @@ func expandTenant(data *schema.ResourceData) *management.Tenant {
idleSessionLifetime := data.Get("idle_session_lifetime").(float64) // Handling separately to preserve default values not honored by `d.GetRawConfig()`.

tenant := &management.Tenant{
DefaultAudience: value.String(config.GetAttr("default_audience")),
DefaultDirectory: value.String(config.GetAttr("default_directory")),
DefaultRedirectionURI: value.String(config.GetAttr("default_redirection_uri")),
FriendlyName: value.String(config.GetAttr("friendly_name")),
PictureURL: value.String(config.GetAttr("picture_url")),
SupportEmail: value.String(config.GetAttr("support_email")),
SupportURL: value.String(config.GetAttr("support_url")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
SessionLifetime: &sessionLifetime,
SandboxVersion: value.String(config.GetAttr("sandbox_version")),
EnabledLocales: value.Strings(config.GetAttr("enabled_locales")),
Flags: expandTenantFlags(config.GetAttr("flags")),
SessionCookie: expandTenantSessionCookie(config.GetAttr("session_cookie")),
Sessions: expandTenantSessions(config.GetAttr("sessions")),
AllowOrgNameInAuthAPI: value.Bool(config.GetAttr("allow_organization_name_in_authentication_api")),
DefaultAudience: value.String(config.GetAttr("default_audience")),
DefaultDirectory: value.String(config.GetAttr("default_directory")),
DefaultRedirectionURI: value.String(config.GetAttr("default_redirection_uri")),
FriendlyName: value.String(config.GetAttr("friendly_name")),
PictureURL: value.String(config.GetAttr("picture_url")),
SupportEmail: value.String(config.GetAttr("support_email")),
SupportURL: value.String(config.GetAttr("support_url")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
SessionLifetime: &sessionLifetime,
SandboxVersion: value.String(config.GetAttr("sandbox_version")),
EnabledLocales: value.Strings(config.GetAttr("enabled_locales")),
Flags: expandTenantFlags(config.GetAttr("flags")),
SessionCookie: expandTenantSessionCookie(config.GetAttr("session_cookie")),
Sessions: expandTenantSessions(config.GetAttr("sessions")),
AllowOrgNameInAuthAPI: value.Bool(config.GetAttr("allow_organization_name_in_authentication_api")),
CustomizeMFAInPostLoginAction: value.Bool(config.GetAttr("customize_mfa_in_postlogin_action")),
}

if data.IsNewResource() || data.HasChange("idle_session_lifetime") {
Expand Down
1 change: 1 addition & 0 deletions internal/auth0/tenant/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ func flattenTenant(data *schema.ResourceData, tenant *management.Tenant) error {
data.Set("session_cookie", flattenTenantSessionCookie(tenant.GetSessionCookie())),
data.Set("sessions", flattenTenantSessions(tenant.GetSessions())),
data.Set("allow_organization_name_in_authentication_api", tenant.GetAllowOrgNameInAuthAPI()),
data.Set("customize_mfa_in_postlogin_action", tenant.GetCustomizeMFAInPostLoginAction()),
)

if tenant.GetIdleSessionLifetime() == 0 {
Expand Down
6 changes: 6 additions & 0 deletions internal/auth0/tenant/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,12 @@ func NewResource() *schema.Resource {
Computed: true,
Description: "Whether to accept an organization name instead of an ID on auth endpoints.",
},
"customize_mfa_in_postlogin_action": {
Type: schema.TypeBool,
Optional: true,
Computed: true,
Description: "Whether to enable flexible factors for MFA in the PostLogin action.",
},
},
}
}
Expand Down
4 changes: 4 additions & 0 deletions internal/auth0/tenant/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ func TestAccTenant(t *testing.T) {
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "session_cookie.0.mode", "non-persistent"),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "sessions.0.oidc_logout_prompt_enabled", "false"),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "allow_organization_name_in_authentication_api", "false"),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "customize_mfa_in_postlogin_action", "false"),
),
},
{
Expand All @@ -62,6 +63,7 @@ func TestAccTenant(t *testing.T) {
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "default_redirection_uri", ""),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "sessions.0.oidc_logout_prompt_enabled", "true"),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "allow_organization_name_in_authentication_api", "true"),
resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "customize_mfa_in_postlogin_action", "true"),
),
},
{
Expand Down Expand Up @@ -97,6 +99,7 @@ resource "auth0_tenant" "my_tenant" {
enabled_locales = ["en", "de", "fr"]

allow_organization_name_in_authentication_api = false
customize_mfa_in_postlogin_action = false

flags {
disable_clickjack_protection_headers = true
Expand Down Expand Up @@ -134,6 +137,7 @@ resource "auth0_tenant" "my_tenant" {
enabled_locales = ["de", "fr"]

allow_organization_name_in_authentication_api = true
customize_mfa_in_postlogin_action = true

flags {
enable_public_signup_user_exists_error = true
Expand Down
Loading
Loading