[10/X] Refactor resource server resources to allow for empty fields (#…

…345)

* Refactor resource server resources to allow for empty fields

* [11/X] Refactor tenant resource to allow for empty fields (#346)

* Refactor tenant resource to allow for empty fields

* [12/X] Refactor custom domain resource to allow for empty fields (#347)

* Refactor custom domain resource to allow for empty fields

* [13/X] Refactor user resource to allow for empty fields (#348)

* Refactor user resource to allow for empty fields

* [14/X] Refactor role and rule resources to allow for empty fields (#349)

* Refactor role and rule resources to allow for empty fields

* [15/X] Refactor log stream resource to allow for empty fields (#350)

* Refactor log stream resource to allow for empty fields

* [16/X] Refactor prompts resource to allow for empty fields (#351)

* Refactor prompts resource to allow for empty fields

* [17/X] Refactor hooks resource to allow for empty fields (#352)

Refactor hooks resource to allow for empty fields

* Fix small issue with log stream filters

* Adding user_id back in to tests

Co-authored-by: Will Vedder <will.vedder@okta.com>

Co-authored-by: Will Vedder <will.vedder@okta.com>

* Removing default audience string replace

* Removing unncessary check

Co-authored-by: Will Vedder <will.vedder@okta.com>

Co-authored-by: Will Vedder <will.vedder@okta.com>

docs/resources/resource_server.md

@@ -35,11 +35,14 @@ resource "auth0_resource_server" "my_resource_server" {
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Required
+
+- `identifier` (String) Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
+
 ### Optional
 
 - `allow_offline_access` (Boolean) Indicates whether refresh tokens can be issued for this resource server.
 - `enforce_policies` (Boolean) Indicates whether authorization polices are enforced.
-- `identifier` (String) Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
 - `name` (String) Friendly name for the resource server. Cannot include `<` or `>` characters.
 - `options` (Map of String) Used to store additional metadata.
 - `scopes` (Block Set) List of permissions (scopes) used by this resource server. (see [below for nested schema](#nestedblock--scopes))

internal/provider/resource_auth0_custom_domain.go

@@ -4,12 +4,14 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/auth0/go-auth0"
 	"github.com/auth0/go-auth0/management"
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+
+	"github.com/auth0/terraform-provider-auth0/internal/value"
 )
 
 func newCustomDomain() *schema.Resource {
@@ -77,36 +79,36 @@ func newCustomDomain() *schema.Resource {
 }
 
 func createCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	customDomain := expandCustomDomain(d)
 	api := m.(*management.Management)
+
+	customDomain := expandCustomDomain(d.GetRawConfig())
 	if err := api.CustomDomain.Create(customDomain); err != nil {
 		return diag.FromErr(err)
 	}
 
-	d.SetId(auth0.StringValue(customDomain.ID))
+	d.SetId(customDomain.GetID())
 
 	return readCustomDomain(ctx, d, m)
 }
 
 func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
+
 	customDomain, err := api.CustomDomain.Read(d.Id())
 	if err != nil {
-		if mErr, ok := err.(management.Error); ok {
-			if mErr.Status() == http.StatusNotFound {
-				d.SetId("")
-				return nil
-			}
+		if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
+			d.SetId("")
+			return nil
 		}
 		return diag.FromErr(err)
 	}
 
 	result := multierror.Append(
-		d.Set("domain", customDomain.Domain),
-		d.Set("type", customDomain.Type),
-		d.Set("primary", customDomain.Primary),
-		d.Set("status", customDomain.Status),
-		d.Set("origin_domain_name", customDomain.OriginDomainName),
+		d.Set("domain", customDomain.GetDomain()),
+		d.Set("type", customDomain.GetType()),
+		d.Set("primary", customDomain.GetPrimary()),
+		d.Set("status", customDomain.GetStatus()),
+		d.Set("origin_domain_name", customDomain.GetOriginDomainName()),
 	)
 
 	if customDomain.Verification != nil {
@@ -120,21 +122,22 @@ func readCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}
 
 func deleteCustomDomain(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
+
 	if err := api.CustomDomain.Delete(d.Id()); err != nil {
-		if mErr, ok := err.(management.Error); ok {
-			if mErr.Status() == http.StatusNotFound {
-				d.SetId("")
-				return nil
-			}
+		if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
+			d.SetId("")
+			return nil
 		}
+		return diag.FromErr(err)
 	}
 
+	d.SetId("")
 	return nil
 }
 
-func expandCustomDomain(d *schema.ResourceData) *management.CustomDomain {
+func expandCustomDomain(config cty.Value) *management.CustomDomain {
 	return &management.CustomDomain{
-		Domain: String(d, "domain"),
-		Type:   String(d, "type"),
+		Domain: value.String(config.GetAttr("domain")),
+		Type:   value.String(config.GetAttr("type")),
 	}
 }

internal/provider/resource_auth0_custom_domain_verification.go

@@ -55,6 +55,7 @@ func newCustomDomainVerification() *schema.Resource {
 
 func createCustomDomainVerification(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
+
 	err := resource.RetryContext(ctx, d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
 		customDomainVerification, err := api.CustomDomain.Verify(d.Get("custom_domain_id").(string))
 		if err != nil {
@@ -74,7 +75,7 @@ func createCustomDomainVerification(ctx context.Context, d *schema.ResourceData,
 		// The cname_api_key field is only given once: when verification
 		// succeeds for the first time. Therefore, we set it on the resource in
 		// the creation routine only, and never touch it again.
-		if err := d.Set("cname_api_key", customDomainVerification.CNAMEAPIKey); err != nil {
+		if err := d.Set("cname_api_key", customDomainVerification.GetCNAMEAPIKey()); err != nil {
 			return resource.NonRetryableError(err)
 		}
 
@@ -89,20 +90,19 @@ func createCustomDomainVerification(ctx context.Context, d *schema.ResourceData,
 
 func readCustomDomainVerification(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	api := m.(*management.Management)
+
 	customDomain, err := api.CustomDomain.Read(d.Id())
 	if err != nil {
-		if mErr, ok := err.(management.Error); ok {
-			if mErr.Status() == http.StatusNotFound {
-				d.SetId("")
-				return nil
-			}
+		if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
+			d.SetId("")
+			return nil
 		}
 		return diag.FromErr(err)
 	}
 
 	result := multierror.Append(
 		d.Set("custom_domain_id", customDomain.GetID()),
-		d.Set("origin_domain_name", customDomain.OriginDomainName),
+		d.Set("origin_domain_name", customDomain.GetOriginDomainName()),
 	)
 
 	return diag.FromErr(result.ErrorOrNil())

internal/provider/resource_auth0_hook.go

@@ -12,6 +12,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+
+	"github.com/auth0/terraform-provider-auth0/internal/value"
 )
 
 func newHook() *schema.Resource {
@@ -79,8 +81,9 @@ func newHook() *schema.Resource {
 }
 
 func createHook(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	hook := expandHook(d)
 	api := m.(*management.Management)
+
+	hook := expandHook(d)
 	if err := api.Hook.Create(hook); err != nil {
 		return diag.FromErr(err)
 	}
@@ -181,42 +184,36 @@ func checkForUntrackedHookSecrets(ctx context.Context, d *schema.ResourceData, m
 
 func upsertHookSecrets(ctx context.Context, d *schema.ResourceData, m interface{}) error {
 	if d.IsNewResource() || d.HasChange("secrets") {
-		hookSecrets := expandHookSecrets(d)
 		api := m.(*management.Management)
-		return api.Hook.ReplaceSecrets(d.Id(), hookSecrets)
+
+		hookSecrets := value.MapOfStrings(d.GetRawConfig().GetAttr("secrets"))
+		if hookSecrets == nil {
+			return nil
+		}
+
+		return api.Hook.ReplaceSecrets(d.Id(), *hookSecrets)
 	}
 
 	return nil
 }
 
 func expandHook(d *schema.ResourceData) *management.Hook {
+	config := d.GetRawConfig()
+
 	hook := &management.Hook{
-		Name:      String(d, "name"),
-		Script:    String(d, "script"),
-		TriggerID: String(d, "trigger_id", IsNewResource()),
-		Enabled:   Bool(d, "enabled"),
+		Name:         value.String(config.GetAttr("name")),
+		Script:       value.String(config.GetAttr("script")),
+		Enabled:      value.Bool(config.GetAttr("enabled")),
+		Dependencies: value.MapOfStrings(config.GetAttr("dependencies")),
 	}
 
-	if deps := Map(d, "dependencies"); deps != nil {
-		hook.Dependencies = &deps
+	if d.IsNewResource() {
+		hook.TriggerID = value.String(config.GetAttr("trigger_id"))
 	}
 
 	return hook
 }
 
-func expandHookSecrets(d *schema.ResourceData) management.HookSecrets {
-	hookSecrets := management.HookSecrets{}
-	secrets := Map(d, "secrets")
-
-	for key, value := range secrets {
-		if strVal, ok := value.(string); ok {
-			hookSecrets[key] = strVal
-		}
-	}
-
-	return hookSecrets
-}
-
 func validateHookName() schema.SchemaValidateDiagFunc {
 	hookNameValidation := validation.StringMatch(
 		regexp.MustCompile(`^[^\s-][\w -]+[^\s-]$`),

internal/provider/resource_auth0_hook_test.go

@@ -17,6 +17,17 @@ func TestAccHook(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: testProviders(httpRecorder),
 		Steps: []resource.TestStep{
+			{
+				Config: testAccHookEmpty,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "name", "pre-user-reg-hook"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "script", "function (user, context, callback) { callback(null, { user }); }"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "trigger_id", "pre-user-registration"),
+					resource.TestCheckResourceAttrSet("auth0_hook.my_hook", "enabled"),
+					resource.TestCheckNoResourceAttr("auth0_hook.my_hook", "secrets"),
+					resource.TestCheckNoResourceAttr("auth0_hook.my_hook", "dependencies"),
+				),
+			},
 			{
 				Config: fmt.Sprintf(testAccHookCreate, ""),
 				Check: resource.ComposeTestCheckFunc(
@@ -30,6 +41,14 @@ func TestAccHook(t *testing.T) {
 	})
 }
 
+const testAccHookEmpty = `
+resource "auth0_hook" "my_hook" {
+  name = "pre-user-reg-hook"
+  script = "function (user, context, callback) { callback(null, { user }); }"
+  trigger_id = "pre-user-registration"
+}
+`
+
 const testAccHookCreate = `
 resource "auth0_hook" "my_hook" {
   name = "pre-user-reg-hook"
@@ -81,6 +100,17 @@ func TestAccHookSecrets(t *testing.T) {
 					resource.TestCheckNoResourceAttr("auth0_hook.my_hook", "secrets.bar"),
 				),
 			},
+			{
+				Config: fmt.Sprintf(testAccHookCreate, testAccHookSecretsEmpty),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "name", "pre-user-reg-hook"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "script", "function (user, context, callback) { callback(null, { user }); }"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "trigger_id", "pre-user-registration"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "enabled", "true"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "secrets.%", "0"),
+					resource.TestCheckResourceAttr("auth0_hook.my_hook", "dependencies.%", "0"),
+				),
+			},
 		},
 	})
 }
@@ -113,6 +143,11 @@ const testAccHookSecretsUpdateAndRemoval = `
   }
 `
 
+const testAccHookSecretsEmpty = `
+  dependencies = {}
+  secrets = {}
+`
+
 func TestHookNameRegexp(t *testing.T) {
 	for givenHookName, expectedError := range map[string]bool{
 		"my-hook-1":                 false,