add email mfa factor #499
add email mfa factor #499
Conversation
First time contributing to a Terraform provider, comments/feedback would be very much welcome! @apamildner I'm conscious it potentially makes the code a bit less coherent, if you believe that to be the case then more than happy to work on getting this PR into a better state. I also wanted to ask about the ignored errors on the management client when updating |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice job! I understand what you mean by not following my "idea" of how this resource should be extended, but as you say it is just a simple boolean so I think this looks good. Thanks for pointing out the error that i had missed to handle, it should of course be dealt with. I added some comments on the code and also found some small typos I had missed, would be great if you could solve them while you're at it 馃憤
auth0/resource_auth0_guardian.go
Outdated
@@ -103,6 +108,9 @@ func createGuardian(d *schema.ResourceData, m interface{}) error { | |||
func deleteGuardian(d *schema.ResourceData, m interface{}) error { | |||
api := m.(*management.Management) | |||
api.Guardian.MultiFactor.Phone.Enable(false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As you mentioned - I probably forgot to handle the error here so you can definitely add it in this PR 馃憤
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, it seems like isFactorEnabled
function is unused (also my bad), might just remove it in this PR 馃憤
if err != nil { | ||
return err | ||
} | ||
for _, v := range factors { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it more readable to avoid the switch here? I think it could be just
if v.Name != nil && *v.Name == "email"{
d.Set("email", v.Enabled)
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went for switch
here thinking that it'll be a bit more concise in terms of syntax once one-time-password
& recovery-code
get added. Would you say you feel strongly about this point re: the readability aspect? If so then happy to change :).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see what you mean, I think we can leave the switch there 馃憤 But isn't there still a possible null pointer error here that is not adressed by your code? If v.Name == nil
that is. Or is it handled by the switch logic of Golang maybe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd agree that @apamildner 's if statement is slightly clearer. If and when one-time-password and recovery-code get added, a switch will likely make more sense.
@@ -19,10 +19,11 @@ resource "auth0_guardian" "default" { | |||
provider = "auth0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not part of your code but might just clean it up: I'm unable to comment on the specific line, but this file has a typo at line 5 which could be adressed: With this reasource, you can configure some of the MFA options -> With this resource, you can configure some of the MFA options
@apamildner |
I left a response, but otherwise I think this one should be ready to merge! I cannot do that though since I'm not a maintainer, just a contributor. |
5ebd83f
to
f01555e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solid addition, thank you! Would also be great for you to create an example file: example/guardian/main.tf
with something like:
provider "auth0" {}
resource "auth0_guardian" "guardian"{
email = false
policy = "all-applications"
phone{
provider = "auth0"
message_types = ["sms","voice"]
options{
verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
enrollment_message = "{{code}} is your verification code for {{tenant.friendly_name}}."
}
}
}
This is what allowed me to verify this branch locally and serves as a reference to folks. But otherwise, looks good to me. Happy to merge once this and that one stylistic change is made.
@willvedd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for the contribution! Solid work here! 馃挭馃徎
return readGuardian(d, m) | ||
} | ||
|
||
func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could probably simplify the logic inside this func as follows:
func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { | |
func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error { | |
ok, err := factorShouldBeUpdated(d, "phone") | |
if err != nil { | |
return err | |
} | |
if ok { | |
if err := configurePhone(d, api); err != nil { | |
return err | |
} | |
} | |
return api.Guardian.MultiFactor.Phone.Enable(ok) | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely easier on the eyes with reducing the nesting, thanks for raising it about this & the other func! Had to change this one slightly, as phone needs to be enabled before it's configured. Also added api.Guardian.MultiFactor.Phone.Enable(false) for the negative case, as this means it's not present/being removed from state and we need to toggle it off.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes sense, thanks @phil-f ! Awesome work here
auth0/resource_auth0_guardian.go
Outdated
if err := api.Guardian.MultiFactor.Email.Enable(enabled); err != nil { | ||
return err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can return here directly and remove 1 extra indentation level.
if err := api.Guardian.MultiFactor.Email.Enable(enabled); err != nil { | |
return err | |
} | |
return api.Guardian.MultiFactor.Email.Enable(enabled) |
func isFactorEnabled(factor string, api *management.Management) (*bool, error) { | ||
mfs, err := api.Guardian.MultiFactor.List() | ||
if err != nil { | ||
return nil, err | ||
} | ||
for _, mf := range mfs { | ||
if *mf.Name == factor { | ||
return mf.Enabled, nil | ||
} | ||
} | ||
return nil, fmt.Errorf("factor %s is not among the possible factors", factor) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for removing this unused method! 馃憤馃徎
@@ -42,7 +44,7 @@ Arguments accepted by this resource include: | |||
* `options`- (Required) List(Resource). Options for the various providers. See [Options](#options). | |||
|
|||
### Options | |||
`options` supports different arguments depending on the provider specificed in [Phone](#phone). | |||
`options` supports different arguments depending on the provider specified in [Phone](#phone). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome, thanks for fixing these typos!
@@ -0,0 +1,14 @@ | |||
provider "auth0" {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a much needed example:) Thanks!
@sergiughf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!
Proposed Changes
email
mfa factorAcceptance Test Output
Click to expand
Community Note