add email mfa factor

auth0/resource_auth0_guardian.go

@@ -1,7 +1,6 @@
 package auth0
 
 import (
-	"fmt"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
@@ -92,20 +91,32 @@ func newGuardian() *schema.Resource {
 					},
 				},
 			},
+			"email": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 	}
 }
+
 func createGuardian(d *schema.ResourceData, m interface{}) error {
 	d.SetId(resource.UniqueId())
 	return updateGuardian(d, m)
 }
 
 func deleteGuardian(d *schema.ResourceData, m interface{}) error {
 	api := m.(*management.Management)
-	api.Guardian.MultiFactor.Phone.Enable(false)
+	if err := api.Guardian.MultiFactor.Phone.Enable(false); err != nil {
+		return err
+	}
+	if err := api.Guardian.MultiFactor.Email.Enable(false); err != nil {
+		return err
+	}
 	d.SetId("")
 	return nil
 }
+
 func updateGuardian(d *schema.ResourceData, m interface{}) (err error) {
 	api := m.(*management.Management)
 
@@ -118,24 +129,38 @@ func updateGuardian(d *schema.ResourceData, m interface{}) (err error) {
 			err = api.Guardian.MultiFactor.UpdatePolicy(&management.MultiFactorPolicies{p})
 		}
 	}
-	//TODO: Extend for other MFA types
+	if err := updatePhoneFactor(d, api); err != nil {
+		return err
+	}
+	if err := updateEmailFactor(d, api); err != nil {
+		return err
+	}
+	return readGuardian(d, m)
+}
+
+func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error {
 	ok, err := factorShouldBeUpdated(d, "phone")
 	if err != nil {
 		return err
 	}
 	if ok {
-		api.Guardian.MultiFactor.Phone.Enable(true)
-		if err := configurePhone(d, api); err != nil {
+		if err := api.Guardian.MultiFactor.Phone.Enable(true); err != nil {
 			return err
 		}
-	} else {
-		api.Guardian.MultiFactor.Phone.Enable(false)
+		return configurePhone(d, api)
 	}
-	return readGuardian(d, m)
+	return api.Guardian.MultiFactor.Phone.Enable(false)
 }
 
-func configurePhone(d *schema.ResourceData, api *management.Management) (err error) {
+func updateEmailFactor(d *schema.ResourceData, api *management.Management) error {
+	if changed := d.HasChange("email"); changed {
+		enabled := d.Get("email").(bool)
+		return api.Guardian.MultiFactor.Email.Enable(enabled)
+	}
+	return nil
+}
 
+func configurePhone(d *schema.ResourceData, api *management.Management) (err error) {
 	md := make(MapData)
 	List(d, "phone").Elem(func(d ResourceData) {
 		md.Set("provider", String(d, "provider", HasChange()))
@@ -241,6 +266,7 @@ func readGuardian(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	}
+
 	ok, err := factorShouldBeUpdated(d, "phone")
 	if err != nil {
 		return err
@@ -254,6 +280,16 @@ func readGuardian(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	}
+
+	factors, err := api.Guardian.MultiFactor.List()
+	if err != nil {
+		return err
+	}
+	for _, v := range factors {
+		if v.Name != nil && *v.Name == "email" {
+			d.Set("email", v.Enabled)
+		}
+	}
 	return nil
 }
 
@@ -308,19 +344,6 @@ func typeAssertToStringArray(from []interface{}) *[]string {
 	return &stringArray
 }
 
-func isFactorEnabled(factor string, api *management.Management) (*bool, error) {
-	mfs, err := api.Guardian.MultiFactor.List()
-	if err != nil {
-		return nil, err
-	}
-	for _, mf := range mfs {
-		if *mf.Name == factor {
-			return mf.Enabled, nil
-		}
-	}
-	return nil, fmt.Errorf("factor %s is not among the possible factors", factor)
-}
-
 // Determines if the factor should be updated. This depends on if it is in the state, if it is about to be added to the state.
 func factorShouldBeUpdated(d *schema.ResourceData, factor string) (bool, error) {
 	_, ok := d.GetOk(factor)

auth0/resource_auth0_guardian_test.go

@@ -86,6 +86,22 @@ func TestAccGuardian(t *testing.T) {
 					resource.TestCheckNoResourceAttr("auth0_guardian.foo", "phone"),
 				),
 			},
+
+			{
+				Config: testAccConfigureEmail,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "email", "true"),
+				),
+			},
+
+			{
+				Config: testAccConfigureEmailUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "email", "false"),
+				),
+			},
 		},
 	})
 }
@@ -161,3 +177,19 @@ resource "auth0_guardian" "foo" {
   policy = "all-applications"
 }
 `
+
+const testAccConfigureEmail = `
+
+resource "auth0_guardian" "foo" {
+  policy = "all-applications"
+  email  = true
+}
+`
+
+const testAccConfigureEmailUpdate = `
+
+resource "auth0_guardian" "foo" {
+  policy = "all-applications"
+  email  = false
+}
+`

docs/resources/guardian.md

@@ -2,7 +2,7 @@
 layout: "auth0"
 page_title: "Auth0: auth0_guardian"
 description: |-
-  With this reasource, you can configure some of the MFA options
+  With this resource, you can configure some of the MFA options
 ---
 
 # auth0_guardian
@@ -19,10 +19,11 @@ resource "auth0_guardian" "default" {
     provider      = "auth0"
     message_types = ["sms"]
     options {
-      enrollment_message   = "{{code}}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment"
-      verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}"
+      enrollment_message   = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
+      verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}."
     }
   }
+  email = true
 }
 ```
 
@@ -32,6 +33,7 @@ Arguments accepted by this resource include:
 
 * `policy` - (Required) String. Policy to use. Available options are `never`, `all-applications` and `confidence-score`. The option `confidence-score` means the trigger of MFA will be adaptive. See [Auth0 docs](https://auth0.com/docs/mfa/adaptive-mfa)
 * `phone` - (Optional) List(Resource). Configuration settings for the phone MFA. For details, see [Phone](#phone).
+* `email` - (Optional) Boolean. Indicates whether or not email MFA is enabled.
 
 ### Phone
 
@@ -42,7 +44,7 @@ Arguments accepted by this resource include:
 * `options`- (Required) List(Resource). Options for the various providers. See [Options](#options).
 
 ### Options
-`options` supports different arguments depending on the provider specificed in [Phone](#phone).
+`options` supports different arguments depending on the provider specified in [Phone](#phone).
 
 ### Auth0
 * `enrollment_message` (Optional) String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see [Auth0 docs](https://auth0.com/docs/mfa/customize-sms-or-voice-messages).

example/guardian/main.tf

@@ -0,0 +1,14 @@
+provider "auth0" {}
+
+resource "auth0_guardian" "guardian" {
+  email  = false
+  policy = "all-applications"
+  phone {
+    provider      = "auth0"
+    message_types = ["sms", "voice"]
+    options {
+      verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
+      enrollment_message   = "{{code}} is your verification code for {{tenant.friendly_name}}."
+    }
+  }
+}