add email mfa factor #499
add email mfa factor #499
Conversation
|
First time contributing to a Terraform provider, comments/feedback would be very much welcome! @apamildner I'm conscious it potentially makes the code a bit less coherent, if you believe that to be the case then more than happy to work on getting this PR into a better state. I also wanted to ask about the ignored errors on the management client when updating |
There was a problem hiding this comment.
Nice job! I understand what you mean by not following my "idea" of how this resource should be extended, but as you say it is just a simple boolean so I think this looks good. Thanks for pointing out the error that i had missed to handle, it should of course be dealt with. I added some comments on the code and also found some small typos I had missed, would be great if you could solve them while you're at it 馃憤
auth0/resource_auth0_guardian.go
Outdated
| @@ -103,6 +108,9 @@ func createGuardian(d *schema.ResourceData, m interface{}) error { | |||
| func deleteGuardian(d *schema.ResourceData, m interface{}) error { | |||
| api := m.(*management.Management) | |||
| api.Guardian.MultiFactor.Phone.Enable(false) | |||
There was a problem hiding this comment.
As you mentioned - I probably forgot to handle the error here so you can definitely add it in this PR 馃憤
There was a problem hiding this comment.
Also, it seems like isFactorEnabled function is unused (also my bad), might just remove it in this PR 馃憤
| if err != nil { | ||
| return err | ||
| } | ||
| for _, v := range factors { |
There was a problem hiding this comment.
Isn't it more readable to avoid the switch here? I think it could be just
if v.Name != nil && *v.Name == "email"{
d.Set("email", v.Enabled)
}There was a problem hiding this comment.
I went for switch here thinking that it'll be a bit more concise in terms of syntax once one-time-password & recovery-code get added. Would you say you feel strongly about this point re: the readability aspect? If so then happy to change :).
There was a problem hiding this comment.
I see what you mean, I think we can leave the switch there 馃憤 But isn't there still a possible null pointer error here that is not adressed by your code? If v.Name == nil that is. Or is it handled by the switch logic of Golang maybe?
There was a problem hiding this comment.
I'd agree that @apamildner 's if statement is slightly clearer. If and when one-time-password and recovery-code get added, a switch will likely make more sense.
| @@ -19,10 +19,11 @@ resource "auth0_guardian" "default" { | |||
| provider = "auth0" | |||
There was a problem hiding this comment.
Not part of your code but might just clean it up: I'm unable to comment on the specific line, but this file has a typo at line 5 which could be adressed: With this reasource, you can configure some of the MFA options -> With this resource, you can configure some of the MFA options
|
@apamildner |
|
I left a response, but otherwise I think this one should be ready to merge! I cannot do that though since I'm not a maintainer, just a contributor. |
willvedd
force-pushed
the
feature/add-email-mfa-factor
branch
from
5ebd83f
to
f01555e
Compare
There was a problem hiding this comment.
Solid addition, thank you! Would also be great for you to create an example file: example/guardian/main.tf with something like:
provider "auth0" {}
resource "auth0_guardian" "guardian"{
email = false
policy = "all-applications"
phone{
provider = "auth0"
message_types = ["sms","voice"]
options{
verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
enrollment_message = "{{code}} is your verification code for {{tenant.friendly_name}}."
}
}
}
This is what allowed me to verify this branch locally and serves as a reference to folks. But otherwise, looks good to me. Happy to merge once this and that one stylistic change is made.
|
@willvedd |
| return readGuardian(d, m) | ||
| } | ||
|
|
||
| func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { |
There was a problem hiding this comment.
We could probably simplify the logic inside this func as follows:
| func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { | |
| func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { | |
| ok, err := factorShouldBeUpdated(d, "phone") | |
| if err != nil { | |
| return err | |
| } | |
| if ok { | |
| if err := configurePhone(d, api); err != nil { | |
| return err | |
| } | |
| } | |
| return api.Guardian.MultiFactor.Phone.Enable(ok) | |
| } |
There was a problem hiding this comment.
Definitely easier on the eyes with reducing the nesting, thanks for raising it about this & the other func! Had to change this one slightly, as phone needs to be enabled before it's configured. Also added api.Guardian.MultiFactor.Phone.Enable(false) for the negative case, as this means it's not present/being removed from state and we need to toggle it off.
There was a problem hiding this comment.
That makes sense, thanks @phil-f ! Awesome work here
auth0/resource_auth0_guardian.go
Outdated
| if err := api.Guardian.MultiFactor.Email.Enable(enabled); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
We can return here directly and remove 1 extra indentation level.
| if err := api.Guardian.MultiFactor.Email.Enable(enabled); err != nil { | |
| return err | |
| } | |
| return api.Guardian.MultiFactor.Email.Enable(enabled) |
| func isFactorEnabled(factor string, api *management.Management) (*bool, error) { | ||
| mfs, err := api.Guardian.MultiFactor.List() | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| for _, mf := range mfs { | ||
| if *mf.Name == factor { | ||
| return mf.Enabled, nil | ||
| } | ||
| } | ||
| return nil, fmt.Errorf("factor %s is not among the possible factors", factor) | ||
| } | ||
|
|
There was a problem hiding this comment.
Thanks for removing this unused method! 馃憤馃徎
| @@ -42,7 +44,7 @@ Arguments accepted by this resource include: | |||
| * `options`- (Required) List(Resource). Options for the various providers. See [Options](#options). | |||
|
|
|||
| ### Options | |||
| `options` supports different arguments depending on the provider specificed in [Phone](#phone). | |||
| `options` supports different arguments depending on the provider specified in [Phone](#phone). | |||
There was a problem hiding this comment.
This is awesome, thanks for fixing these typos!
| @@ -0,0 +1,14 @@ | |||
| provider "auth0" {} | |||
There was a problem hiding this comment.
This was a much needed example:) Thanks!
|
@sergiughf |
Proposed Changes
emailmfa factorAcceptance Test Output
Click to expand
Community Note