Add direct push provider, fixes #534

docs/resources/guardian.md

@@ -139,7 +139,9 @@ Optional:
 
 - `amazon_sns` (Block List, Max: 1) Configuration for Amazon SNS. (see [below for nested schema](#nestedblock--push--amazon_sns))
 - `custom_app` (Block List, Max: 1) Configuration for the Guardian Custom App. (see [below for nested schema](#nestedblock--push--custom_app))
-- `provider` (String) Provider to use, one of `guardian`, `sns`.
+- `direct_apns` (Block List, Max: 1) Configuration for Guardian Direct mode Apple APNS. (see [below for nested schema](#nestedblock--push--direct_apns))
+- `direct_fcm` (Block List, Max: 1) Configuration for Guardian Direct mode Google FCM. (see [below for nested schema](#nestedblock--push--direct_fcm))
+- `provider` (String) Provider to use, one of `direct`, `guardian`, `sns`.
 
 <a id="nestedblock--push--amazon_sns"></a>
 ### Nested Schema for `push.amazon_sns`
@@ -163,6 +165,24 @@ Optional:
 - `google_app_link` (String) Google Store URL. Must be HTTPS or an empty string.
 
 
+<a id="nestedblock--push--direct_apns"></a>
+### Nested Schema for `push.direct_apns`
+
+Required:
+
+- `bundle_id` (String) The APNS Bundle ID.
+- `p12` (String) The base64 encoded certificate in P12 format.
+- `sandbox` (Boolean) Indicates whether sandbox mode is used.
+
+
+<a id="nestedblock--push--direct_fcm"></a>
+### Nested Schema for `push.direct_fcm`
+
+Required:
+
+- `server_key` (String) The FCM Server Key.
+
+
 
 <a id="nestedblock--webauthn_platform"></a>
 ### Nested Schema for `webauthn_platform`

go.mod

@@ -3,7 +3,7 @@ module github.com/auth0/terraform-provider-auth0
 go 1.20
 
 require (
-	github.com/auth0/go-auth0 v0.15.1
+	github.com/auth0/go-auth0 v0.17.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/terraform-plugin-docs v0.14.1

go.sum

@@ -29,8 +29,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/auth0/go-auth0 v0.15.1 h1:hKGo/7CIwFew02ss3H1PfVlR+koHUTJQgvOo4e/Kubs=
-github.com/auth0/go-auth0 v0.15.1/go.mod h1:dOC0GpAMAlymDv3j4FfPPw0urTNA+EpLpiCbusYq2kM=
+github.com/auth0/go-auth0 v0.17.0 h1:hKGo/7CIwFew02ss3H1PfVlR+koHUTJQgvOo4e/Kubs=
+github.com/auth0/go-auth0 v0.17.0/go.mod h1:dOC0GpAMAlymDv3j4FfPPw0urTNA+EpLpiCbusYq2kM=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -167,7 +167,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -281,8 +281,9 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -303,13 +304,13 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.4.0 h1:NF0gk8LVPg1Ml7SSbGyySuoxdsXitj7TvgvuRxIMc/M=
-golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec=
+golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
+golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -342,8 +343,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
@@ -354,8 +355,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

internal/auth0/guardian/expand.go

@@ -275,6 +275,18 @@ func updatePush(d *schema.ResourceData, api *management.Management) error {
 			}
 		}
 
+		if d.HasChange("push.0.direct_apns") {
+			if err = updateDirectAPNS(push.GetAttr("direct_apns"), api); err != nil {
+				return true
+			}
+		}
+
+		if d.HasChange("push.0.direct_fcm") {
+			if err = updateDirectFCM(push.GetAttr("direct_fcm"), api); err != nil {
+				return true
+			}
+		}
+
 		if d.HasChange("push.0.amazon_sns") {
 			if err = updateAmazonSNS(push.GetAttr("amazon_sns"), api); err != nil {
 				return true
@@ -323,3 +335,37 @@ func updateCustomApp(options cty.Value, api *management.Management) error {
 
 	return err
 }
+
+func updateDirectAPNS(options cty.Value, api *management.Management) error {
+	var err error
+
+	options.ForEachElement(func(_ cty.Value, config cty.Value) (stop bool) {
+		err = api.Guardian.MultiFactor.Push.UpdateDirectAPNS(
+			&management.MultiFactorPushDirectAPNS{
+				Sandbox:  value.Bool(config.GetAttr("sandbox")),
+				BundleID: value.String(config.GetAttr("bundle_id")),
+				P12:      value.String(config.GetAttr("p12")),
+			},
+		)
+
+		return stop
+	})
+
+	return err
+}
+
+func updateDirectFCM(options cty.Value, api *management.Management) error {
+	var err error
+
+	options.ForEachElement(func(_ cty.Value, config cty.Value) (stop bool) {
+		err = api.Guardian.MultiFactor.Push.UpdateDirectFCM(
+			&management.MultiFactorPushDirectFCM{
+				ServerKey: value.String(config.GetAttr("server_key")),
+			},
+		)
+
+		return stop
+	})
+
+	return err
+}

internal/auth0/guardian/flatten.go

@@ -181,6 +181,26 @@ func flattenPush(d *schema.ResourceData, enabled bool, api *management.Managemen
 		},
 	}
 
+	directAPNS, err := api.Guardian.MultiFactor.Push.DirectAPNS()
+	if err != nil {
+		return nil, err
+	}
+
+	pushData["direct_apns"] = []interface{}{
+		map[string]interface{}{
+			"sandbox":   directAPNS.GetSandbox(),
+			"p12":       d.Get("push.0.direct_apns.0.p12"), // Does not get read back
+			"bundle_id": directAPNS.GetBundleID(),
+			"enabled":   directAPNS.GetEnabled(),
+		},
+	}
+
+	pushData["direct_fcm"] = []interface{}{
+		map[string]interface{}{
+			"server_key": d.Get("push.0.direct_fcm.0.server_key"), // Does not get read back
+		},
+	}
+
 	if pushProvider.GetProvider() == "sns" {
 		amazonSNS, err := api.Guardian.MultiFactor.Push.AmazonSNS()
 		if err != nil {

internal/auth0/guardian/resource.go

@@ -278,8 +278,8 @@ func NewResource() *schema.Resource {
 						"provider": {
 							Type:         schema.TypeString,
 							Optional:     true,
-							ValidateFunc: validation.StringInSlice([]string{"guardian", "sns"}, false),
-							Description:  "Provider to use, one of `guardian`, `sns`.",
+							ValidateFunc: validation.StringInSlice([]string{"direct", "guardian", "sns"}, false),
+							Description:  "Provider to use, one of `direct`, `guardian`, `sns`.",
 						},
 						"amazon_sns": {
 							Type:         schema.TypeList,
@@ -348,6 +348,58 @@ func NewResource() *schema.Resource {
 								},
 							},
 						},
+						"direct_apns": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							Computed:     true,
+							MaxItems:     1,
+							RequiredWith: []string{"push.0.provider"},
+							Description:  "Configuration for Guardian Direct mode Apple APNS.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"sandbox": {
+										Type:        schema.TypeBool,
+										Required:    true,
+										Description: "Indicates whether sandbox mode is used.",
+									},
+									"bundle_id": {
+										Type:        schema.TypeString,
+										Required:    true,
+										Description: "The APNS Bundle ID.",
+									},
+									"p12": {
+										Type:        schema.TypeString,
+										Required:    true,
+										Sensitive:   true,
+										Description: "The base64 encoded certificate in P12 format.",
+									},
+									"enabled": {
+										Type:        schema.TypeBool,
+										Optional:    true,
+										Computed:    true,
+										Description: "Indicates if the provider is enabled.",
+									},
+								},
+							},
+						},
+						"direct_fcm": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							Computed:     true,
+							MaxItems:     1,
+							RequiredWith: []string{"push.0.provider"},
+							Description:  "Configuration for Guardian Direct mode Google FCM.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"server_key": {
+										Type:        schema.TypeString,
+										Required:    true,
+										Sensitive:   true,
+										Description: "The FCM Server Key.",
+									},
+								},
+							},
+						},
 					},
 				},
 			},

internal/auth0/guardian/resource_test.go

@@ -1,6 +1,8 @@
 package guardian_test
 
 import (
+	"fmt"
+	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -443,6 +445,38 @@ resource "auth0_guardian" "foo" {
 }
 `
 
+var testAccConfigurePushUpdateDirectAPNSConfigP12, _ = os.ReadFile("test/data/apns.p12")
+
+var testAccConfigurePushUpdateDirectAPNS string = fmt.Sprintf(`
+resource "auth0_guardian" "foo" {
+	policy = "all-applications"
+	push {
+		enabled  = true
+		provider = "direct"
+
+		direct_apns {
+			sandbox = false
+			bundle_id = "com.my.app"
+			p12 = "%s"
+		}
+	}
+}
+`, testAccConfigurePushUpdateDirectAPNSConfigP12)
+
+const testAccConfigurePushUpdateDirectFCM = `
+resource "auth0_guardian" "foo" {
+	policy = "all-applications"
+	push {
+		enabled  = true
+		provider = "direct"
+
+		direct_fcm {
+			server_key = "abc123"
+		}
+	}
+}
+`
+
 const testAccConfigurePushDelete = `
 resource "auth0_guardian" "foo" {
 	policy = "all-applications"
@@ -498,6 +532,29 @@ func TestAccGuardianPush(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.custom_app.0.google_app_link", "https://play.google.com/store/apps/details?id=com.my.app"),
 				),
 			},
+			{
+				Config: testAccConfigurePushUpdateDirectAPNS,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.#", "1"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.enabled", "true"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.provider", "direct"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.direct_apns.#", "1"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.direct_apns.0.sandbox", "false"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.direct_apns.0.bundle_id", "com.my.app"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.direct_apns.0.enabled", "true"),
+				),
+			},
+			{
+				Config: testAccConfigurePushUpdateDirectFCM,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "policy", "all-applications"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.#", "1"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.enabled", "true"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.provider", "direct"),
+					resource.TestCheckResourceAttr("auth0_guardian.foo", "push.0.direct_fcm.#", "1"),
+				),
+			},
 			{
 				Config: testAccConfigurePushDelete,
 				Check: resource.ComposeTestCheckFunc(