Merge pull request #20 from authsignal/AUT-2035

AUT-2035: adding authenticator settings fields

docs/data-sources/action_configuration.md

@@ -28,7 +28,10 @@ data "authsignal_action_configuration" "test" {
 
 ### Read-Only
 
-- `default_user_action_result` (String) The default action behavior if no rules match. (i.e 'CHALLENGE')
+- `default_user_action_result` (String) The default action behavior if no rules match. (i.e 'CHALLENGE').
+- `default_verification_method` (String) Ignore the user's preference and choose which authenticator the Pre-built UI will present by default.
 - `last_action_created_at` (String) The date of when an action was last tracked for any user.
 - `messaging_templates` (String) Optional messaging templates to be shown in Authsignal's pre-built UI.
+- `prompt_to_enroll_verification_methods` (List of String) If this is set then users will be prompted to add a passkey after a challenge is completed.
 - `tenant_id` (String) The ID of your tenant. This can be found in the admin portal.
+- `verification_methods` (List of String) A list of permitted authenticators that can be used if the result of the action is 'CHALLENGE'.

docs/data-sources/rule.md

@@ -39,4 +39,4 @@ data "authsignal_rule" "test" {
 - `prompt_to_enroll_verification_methods` (List of String) If this is set then users will be prompted to add a passkey after a challenge is completed.
 - `tenant_id` (String) The ID of your tenant. This can be found in the admin portal.
 - `type` (String) The result that the rule should return when the conditions are met. (e.g. ALLOW, CHALLENGE)
-- `verification_methods` (List of String) A list of permitted authenticators that can be used if the type of the rule is 'CHALLENGE'
+- `verification_methods` (List of String) A list of permitted authenticators that can be used if the type of the rule is 'CHALLENGE'.

docs/resources/action_configuration.md

@@ -17,6 +17,14 @@ description: |-
 resource "authsignal_action_configuration" "terraform-provider-test" {
   action_code                = "terraform-provider-test"
   default_user_action_result = "BLOCK"
+  messaging_templates = jsonencode({
+    "en" : {
+      "defaultTemplate" : "hello world!"
+    }
+  })
+  verification_methods                  = ["EMAIL_OTP", "PASSKEY", "AUTHENTICATOR_APP"]
+  default_verification_method           = "AUTHENTICATOR_APP"
+  prompt_to_enroll_verification_methods = ["PASSKEY"]
 }
 ```
 
@@ -26,11 +34,14 @@ resource "authsignal_action_configuration" "terraform-provider-test" {
 ### Required
 
 - `action_code` (String) The name of the action that users perform which you will track. (e.g 'login')
-- `default_user_action_result` (String) The default action behavior if no rules match. (i.e 'CHALLENGE')
+- `default_user_action_result` (String) The default action behavior if no rules match. (i.e 'CHALLENGE').
 
 ### Optional
 
+- `default_verification_method` (String) Ignore the user's preference and choose which authenticator the Pre-built UI will present by default.
 - `messaging_templates` (String) Optional messaging templates to be shown in Authsignal's pre-built UI.
+- `prompt_to_enroll_verification_methods` (List of String) If this is set then users will be prompted to add a passkey after a challenge is completed.
+- `verification_methods` (List of String) A list of permitted authenticators that can be used if the result of the action is 'CHALLENGE'.
 
 ### Read-Only
 

docs/resources/rule.md

@@ -62,7 +62,7 @@ resource "authsignal_rule" "test" {
 - `default_verification_method` (String) Ignore the user's preference and choose which authenticator the Pre-built UI will present by default.
 - `description` (String) A description of the rule.
 - `prompt_to_enroll_verification_methods` (List of String) If this is set then users will be prompted to add a passkey after a challenge is completed.
-- `verification_methods` (List of String) A list of permitted authenticators that can be used if the type of the rule is 'CHALLENGE'
+- `verification_methods` (List of String) A list of permitted authenticators that can be used if the type of the rule is 'CHALLENGE'.
 
 ### Read-Only
 

examples/resources/authsignal_action_configuration/resource.tf

@@ -2,4 +2,12 @@
 resource "authsignal_action_configuration" "terraform-provider-test" {
   action_code                = "terraform-provider-test"
   default_user_action_result = "BLOCK"
+  messaging_templates = jsonencode({
+    "en" : {
+      "defaultTemplate" : "hello world!"
+    }
+  })
+  verification_methods                  = ["EMAIL_OTP", "PASSKEY", "AUTHENTICATOR_APP"]
+  default_verification_method           = "AUTHENTICATOR_APP"
+  prompt_to_enroll_verification_methods = ["PASSKEY"]
 }

go.mod

@@ -3,7 +3,7 @@ module github.com/authsignal/terraform-provider-authsignal
 go 1.22.0
 
 require (
-	github.com/authsignal/authsignal-management-go/v2 v2.1.0
+	github.com/authsignal/authsignal-management-go/v2 v2.2.0
 	github.com/hashicorp/terraform-plugin-docs v0.18.0
 	github.com/hashicorp/terraform-plugin-framework v1.7.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0

go.sum

@@ -19,8 +19,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/authsignal/authsignal-management-go/v2 v2.1.0 h1:dg2RaLru412uE2O+18WPGq5io44BC7pgkYCi2qC4+pE=
-github.com/authsignal/authsignal-management-go/v2 v2.1.0/go.mod h1:vRrL3bs794IPmy6BMbbmYCyf/QydU8Bg5cgZpCc4G9Q=
+github.com/authsignal/authsignal-management-go/v2 v2.2.0 h1:o8IcYTxGOCsiSzkVDUgXiDLsKa5++b7dBo0HZqC901A=
+github.com/authsignal/authsignal-management-go/v2 v2.2.0/go.mod h1:vRrL3bs794IPmy6BMbbmYCyf/QydU8Bg5cgZpCc4G9Q=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=

internal/provider/action_configuration_data_source.go

@@ -26,11 +26,14 @@ type actionConfigurationDataSource struct {
 }
 
 type actionConfigurationDataSourceModel struct {
-	ActionCode              types.String `tfsdk:"action_code"`
-	TenantId                types.String `tfsdk:"tenant_id"`
-	DefaultUserActionResult types.String `tfsdk:"default_user_action_result"`
-	LastActionCreatedAt     types.String `tfsdk:"last_action_created_at"`
-	MessagingTemplates      types.String `tfsdk:"messaging_templates"`
+	ActionCode                        types.String `tfsdk:"action_code"`
+	TenantId                          types.String `tfsdk:"tenant_id"`
+	DefaultUserActionResult           types.String `tfsdk:"default_user_action_result"`
+	LastActionCreatedAt               types.String `tfsdk:"last_action_created_at"`
+	MessagingTemplates                types.String `tfsdk:"messaging_templates"`
+	VerificationMethods               types.List   `tfsdk:"verification_methods"`
+	PromptToEnrollVerificationMethods types.List   `tfsdk:"prompt_to_enroll_verification_methods"`
+	DefaultVerificationMethod         types.String `tfsdk:"default_verification_method"`
 }
 
 func (d *actionConfigurationDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
@@ -45,7 +48,7 @@ func (d *actionConfigurationDataSource) Schema(_ context.Context, _ datasource.S
 				Required:    true,
 			},
 			"default_user_action_result": schema.StringAttribute{
-				Description: "The default action behavior if no rules match. (i.e 'CHALLENGE')",
+				Description: "The default action behavior if no rules match. (i.e 'CHALLENGE').",
 				Computed:    true,
 			},
 			"last_action_created_at": schema.StringAttribute{
@@ -60,6 +63,20 @@ func (d *actionConfigurationDataSource) Schema(_ context.Context, _ datasource.S
 				Description: "Optional messaging templates to be shown in Authsignal's pre-built UI.",
 				Computed:    true,
 			},
+			"verification_methods": schema.ListAttribute{
+				ElementType: types.StringType,
+				Description: "A list of permitted authenticators that can be used if the result of the action is 'CHALLENGE'.",
+				Computed:    true,
+			},
+			"prompt_to_enroll_verification_methods": schema.ListAttribute{
+				ElementType: types.StringType,
+				Description: "If this is set then users will be prompted to add a passkey after a challenge is completed.",
+				Computed:    true,
+			},
+			"default_verification_method": schema.StringAttribute{
+				Description: "Ignore the user's preference and choose which authenticator the Pre-built UI will present by default.",
+				Computed:    true,
+			},
 		},
 	}
 }
@@ -83,6 +100,18 @@ func (d *actionConfigurationDataSource) Read(ctx context.Context, req datasource
 		return
 	}
 
+	verificationMethodsList, diags := types.ListValueFrom(ctx, types.StringType, actionConfiguration.VerificationMethods)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	promptToEnrollVerificationMethodsList, diags := types.ListValueFrom(ctx, types.StringType, actionConfiguration.PromptToEnrollVerificationMethods)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
 	messagingTemplatesJson, err := json.Marshal(actionConfiguration.MessagingTemplates)
 	if err != nil {
 		resp.Diagnostics.AddError(
@@ -93,14 +122,24 @@ func (d *actionConfigurationDataSource) Read(ctx context.Context, req datasource
 	}
 
 	actionConfigurationState := actionConfigurationDataSourceModel{
-		ActionCode:              types.StringValue(actionConfiguration.ActionCode),
-		TenantId:                types.StringValue(actionConfiguration.TenantId),
-		DefaultUserActionResult: types.StringValue(actionConfiguration.DefaultUserActionResult),
-		LastActionCreatedAt:     types.StringValue(actionConfiguration.LastActionCreatedAt),
+		ActionCode:                        types.StringValue(actionConfiguration.ActionCode),
+		TenantId:                          types.StringValue(actionConfiguration.TenantId),
+		DefaultUserActionResult:           types.StringValue(actionConfiguration.DefaultUserActionResult),
+		LastActionCreatedAt:               types.StringValue(actionConfiguration.LastActionCreatedAt),
+		VerificationMethods:               verificationMethodsList,
+		PromptToEnrollVerificationMethods: promptToEnrollVerificationMethodsList,
 	}
 
 	if actionConfiguration.MessagingTemplates != nil {
 		actionConfigurationState.MessagingTemplates = types.StringValue(string(messagingTemplatesJson))
+	} else {
+		actionConfigurationState.MessagingTemplates = types.StringNull()
+	}
+
+	if len(actionConfiguration.DefaultVerificationMethod) > 0 {
+		actionConfigurationState.DefaultVerificationMethod = types.StringValue(actionConfiguration.DefaultVerificationMethod)
+	} else {
+		actionConfigurationState.DefaultVerificationMethod = types.StringNull()
 	}
 
 	diags2 := resp.State.Set(ctx, &actionConfigurationState)

internal/provider/action_configuration_data_source_test.go

@@ -17,6 +17,10 @@ func TestAccActionConfigurationDataSource(t *testing.T) {
 					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "action_code", "helloworld"),
 					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "tenant_id", "ec3910e7-ab32-479e-b58b-36a122631d58"),
 					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "default_user_action_result", "ALLOW"),
+					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "messaging_templates", `{"en":{"defaultTemplate":"hello world 123"}}`),
+					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "verification_methods.0", "EMAIL_OTP"),
+					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "verification_methods.1", "AUTHENTICATOR_APP"),
+					resource.TestCheckResourceAttr("data.authsignal_action_configuration.helloworld", "default_verification_method", "AUTHENTICATOR_APP"),
 				),
 			},
 		},