Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GH-587: Remove computed property from set_user_root_attributes #602

Merged
merged 1 commit into from
May 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,7 @@ Optional:
- `requires_username` (Boolean) Indicates whether the user is required to provide a username in addition to an email address.
- `scopes` (Set of String) Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: `basic_profile`, `ext_profile`, `ext_nested_groups`, etc.
- `scripts` (Map of String) A map of scripts used for an OAuth connection. Only accepts a `fetchUserProfile` script.
- `set_user_root_attributes` (String) Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'on_each_login' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on_first_login' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).
- `set_user_root_attributes` (String) Determines whether to sync user profile attributes (`name`, `given_name`, `family_name`, `nickname`, `picture`) at each login or only on the first login. Options include: `on_each_login`, `on_first_login`. Default value: `on_each_login`.
- `should_trust_email_verified_connection` (String) Choose how Auth0 sets the email_verified field in the user profile.
- `sign_in_endpoint` (String) SAML single login URL for the connection.
- `sign_out_endpoint` (String) SAML single logout URL for the connection.
Expand Down
6 changes: 5 additions & 1 deletion internal/auth0/connection/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -584,11 +584,15 @@ func expandConnectionOptionsAzureAD(
EnableUsersAPI: value.Bool(config.GetAttr("api_enable_users")),
LogoURL: value.String(config.GetAttr("icon_url")),
IdentityAPI: value.String(config.GetAttr("identity_api")),
SetUserAttributes: value.String(config.GetAttr("set_user_root_attributes")),
NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
}

options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
if options.GetSetUserAttributes() == "on_each_login" {
options.SetUserAttributes = nil // This needs to be omitted to have the toggle enabled in the UI.
}

expandConnectionOptionsScopes(d, options)

var err error
Expand Down
6 changes: 5 additions & 1 deletion internal/auth0/connection/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -507,11 +507,15 @@ func flattenConnectionOptionsAzureAD(options *management.ConnectionOptionsAzureA
"api_enable_users": options.GetEnableUsersAPI(),
"max_groups_to_retrieve": options.GetMaxGroupsToRetrieve(),
"scopes": options.Scopes(),
"set_user_root_attributes": options.GetSetUserAttributes(),
"non_persistent_attrs": options.GetNonPersistentAttrs(),
"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
}

m["set_user_root_attributes"] = options.GetSetUserAttributes()
if options.GetSetUserAttributes() == "" {
m["set_user_root_attributes"] = "on_each_login"
}

upstreamParams, err := structure.FlattenJsonToString(options.UpstreamParams)
if err != nil {
return nil, diag.FromErr(err)
Expand Down
58 changes: 58 additions & 0 deletions internal/auth0/connection/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,29 @@ func TestAccConnectionAzureAD(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
),
},
{
Config: acctest.ParseTestName(testAccConnectionADConfigUpdateSetUserRootAttributes, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "name", fmt.Sprintf("Acceptance-Test-Azure-AD-%s", t.Name())),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "strategy", "waad"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "show_as_button", "true"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.identity_api", "azure-active-directory-v1.0"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_id", "123456"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_secret", "123456"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.tenant_domain", "example.onmicrosoft.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain", "example.onmicrosoft.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain_aliases.#", "2"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.domain_aliases.*", "example.com"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.domain_aliases.*", "api.example.com"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.scopes.#", "3"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "basic_profile"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "ext_profile"),
resource.TestCheckTypeSetElemAttr("auth0_connection.azure_ad", "options.0.scopes.*", "ext_groups"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.set_user_root_attributes", "on_first_login"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.should_trust_email_verified_connection", "never_set_emails_as_verified"),
resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
),
},
},
})
}
Expand Down Expand Up @@ -275,6 +298,41 @@ resource "auth0_connection" "azure_ad" {
}
`

const testAccConnectionADConfigUpdateSetUserRootAttributes = `
resource "auth0_connection" "azure_ad" {
name = "Acceptance-Test-Azure-AD-{{.testName}}"
strategy = "waad"
show_as_button = true
options {
identity_api = "azure-active-directory-v1.0"
client_id = "123456"
client_secret = "123456"
tenant_domain = "example.onmicrosoft.com"
domain = "example.onmicrosoft.com"
domain_aliases = [
"example.com",
"api.example.com"
]
use_wsfed = false
waad_protocol = "openid-connect"
waad_common_endpoint = false
api_enable_users = true
scopes = [
"basic_profile",
"ext_groups",
"ext_profile"
]
set_user_root_attributes = "on_first_login"
should_trust_email_verified_connection = "never_set_emails_as_verified"
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
}
}
`

func TestAccConnectionADFS(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
Expand Down
19 changes: 6 additions & 13 deletions internal/auth0/connection/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -503,19 +503,12 @@ var resourceSchema = map[string]*schema.Schema{
},

"set_user_root_attributes": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we keep this as computed we won't be able to actually remove it from the update so we can have it use default for WAAD conns.

ValidateFunc: validation.StringInSlice([]string{
"on_each_login", "on_first_login",
}, false),
Description: "Determines whether the 'name', 'given_name', 'family_name', 'nickname', " +
"and 'picture' attributes can be independently updated when using an external IdP. " +
"Possible values are 'on_each_login' (default value, it configures the connection to " +
"automatically update the root attributes from the external IdP with each user login. " +
"When this setting is used, root attributes cannot be independently updated), " +
"'on_first_login' (configures the connection to only set the root attributes on " +
"first login, allowing them to be independently updated thereafter).",
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{"on_each_login", "on_first_login"}, false),
Description: "Determines whether to sync user profile attributes (`name`, `given_name`, " +
"`family_name`, `nickname`, `picture`) at each login or only on the first login. Options " +
"include: `on_each_login`, `on_first_login`. Default value: `on_each_login`.",
},
"non_persistent_attrs": {
Type: schema.TypeSet,
Expand Down
Loading