Reintroduce support for azure blob client addon

auth0 · Jun 27, 2023 · 19b987a · 19b987a
1 parent f40d60c
commit 19b987a
Show file tree

Hide file tree

Showing 9 changed files with 485 additions and 21 deletions.
diff --git a/docs/data-sources/client.md b/docs/data-sources/client.md
@@ -74,6 +74,8 @@ data "auth0_client" "some-client-by-id" {
 Read-Only:
 
 - `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))
+- `azure_sb` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_sb))
 
 <a id="nestedobjatt--addons--aws"></a>
 ### Nested Schema for `addons.aws`
@@ -85,6 +87,38 @@ Read-Only:
 - `role` (String)
 
 
+<a id="nestedobjatt--addons--azure_blob"></a>
+### Nested Schema for `addons.azure_blob`
+
+Read-Only:
+
+- `account_name` (String)
+- `blob_delete` (Boolean)
+- `blob_name` (String)
+- `blob_read` (Boolean)
+- `blob_write` (Boolean)
+- `container_delete` (Boolean)
+- `container_list` (Boolean)
+- `container_name` (String)
+- `container_read` (Boolean)
+- `container_write` (Boolean)
+- `expiration` (Number)
+- `signed_identifier` (String)
+- `storage_access_key` (String)
+
+
+<a id="nestedobjatt--addons--azure_sb"></a>
+### Nested Schema for `addons.azure_sb`
+
+Read-Only:
+
+- `entity_path` (String)
+- `expiration` (Number)
+- `namespace` (String)
+- `sas_key` (String)
+- `sas_key_name` (String)
+
+
 
 <a id="nestedatt--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`

diff --git a/docs/data-sources/global_client.md b/docs/data-sources/global_client.md
@@ -63,6 +63,8 @@ data "auth0_global_client" "global" {}
 Read-Only:
 
 - `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
+- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))
+- `azure_sb` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_sb))
 
 <a id="nestedobjatt--addons--aws"></a>
 ### Nested Schema for `addons.aws`
@@ -74,6 +76,38 @@ Read-Only:
 - `role` (String)
 
 
+<a id="nestedobjatt--addons--azure_blob"></a>
+### Nested Schema for `addons.azure_blob`
+
+Read-Only:
+
+- `account_name` (String)
+- `blob_delete` (Boolean)
+- `blob_name` (String)
+- `blob_read` (Boolean)
+- `blob_write` (Boolean)
+- `container_delete` (Boolean)
+- `container_list` (Boolean)
+- `container_name` (String)
+- `container_read` (Boolean)
+- `container_write` (Boolean)
+- `expiration` (Number)
+- `signed_identifier` (String)
+- `storage_access_key` (String)
+
+
+<a id="nestedobjatt--addons--azure_sb"></a>
+### Nested Schema for `addons.azure_sb`
+
+Read-Only:
+
+- `entity_path` (String)
+- `expiration` (Number)
+- `namespace` (String)
+- `sas_key` (String)
+- `sas_key_name` (String)
+
+
 
 <a id="nestedatt--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`

diff --git a/docs/resources/client.md b/docs/resources/client.md
@@ -136,6 +136,8 @@ resource "auth0_client" "my_client" {
 Optional:
 
 - `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))
+- `azure_sb` (Block List, Max: 1) Azure Storage Bus Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_sb))
 
 <a id="nestedblock--addons--aws"></a>
 ### Nested Schema for `addons.aws`
@@ -147,6 +149,38 @@ Optional:
 - `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
 
 
+<a id="nestedblock--addons--azure_blob"></a>
+### Nested Schema for `addons.azure_blob`
+
+Optional:
+
+- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL, for example `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
+- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
+- `blob_name` (String) Entity to request a token for, such as `my-blob`. If blank the computed SAS will apply to the entire storage container.
+- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
+- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
+- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
+- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
+- `container_name` (String) Container to request a token for, such as `my-container`.
+- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
+- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
+- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
+- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
+- `storage_access_key` (String, Sensitive) Access key associated with this storage account.
+
+
+<a id="nestedblock--addons--azure_sb"></a>
+### Nested Schema for `addons.azure_sb`
+
+Optional:
+
+- `entity_path` (String) Entity you want to request a token for, such as `my-queue`.
+- `expiration` (Number) Optional expiration in minutes for the generated token. Defaults to 5 minutes.
+- `namespace` (String) Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example `https://acme-org.servicebus.windows.net` would be `acme-org`).
+- `sas_key` (String, Sensitive) Primary Key associated with your shared access policy.
+- `sas_key_name` (String) Your shared access policy name defined in your Service Bus entity.
+
+
 
 <a id="nestedblock--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`

diff --git a/docs/resources/global_client.md b/docs/resources/global_client.md
@@ -79,6 +79,8 @@ PAGE
 Optional:
 
 - `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
+- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))
+- `azure_sb` (Block List, Max: 1) Azure Storage Bus Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_sb))
 
 <a id="nestedblock--addons--aws"></a>
 ### Nested Schema for `addons.aws`
@@ -90,6 +92,38 @@ Optional:
 - `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.
 
 
+<a id="nestedblock--addons--azure_blob"></a>
+### Nested Schema for `addons.azure_blob`
+
+Optional:
+
+- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL, for example `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
+- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
+- `blob_name` (String) Entity to request a token for, such as `my-blob`. If blank the computed SAS will apply to the entire storage container.
+- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
+- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
+- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
+- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
+- `container_name` (String) Container to request a token for, such as `my-container`.
+- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
+- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
+- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
+- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
+- `storage_access_key` (String, Sensitive) Access key associated with this storage account.
+
+
+<a id="nestedblock--addons--azure_sb"></a>
+### Nested Schema for `addons.azure_sb`
+
+Optional:
+
+- `entity_path` (String) Entity you want to request a token for, such as `my-queue`.
+- `expiration` (Number) Optional expiration in minutes for the generated token. Defaults to 5 minutes.
+- `namespace` (String) Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example `https://acme-org.servicebus.windows.net` would be `acme-org`).
+- `sas_key` (String, Sensitive) Primary Key associated with your shared access policy.
+- `sas_key_name` (String) Your shared access policy name defined in your Service Bus entity.
+
+
 
 <a id="nestedblock--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`

diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go
@@ -245,7 +245,7 @@ func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {
 
 	d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
 		addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))
-
+		addons.AzureBlob = expandClientAddonAzureBlob(addonsCfg.GetAttr("azure_blob"))
 		return stop
 	})
 
@@ -260,20 +260,44 @@ func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
 	var awsAddon management.AWSClientAddon
 
 	awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
-		awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
-		awsAddon.Role = value.String(awsCfg.GetAttr("role"))
-		awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))
+		awsAddon = management.AWSClientAddon{
+			Principal:         value.String(awsCfg.GetAttr("principal")),
+			Role:              value.String(awsCfg.GetAttr("role")),
+			LifetimeInSeconds: value.Int(awsCfg.GetAttr("lifetime_in_seconds")),
+		}
 
 		return stop
 	})
 
-	if awsAddon == (management.AWSClientAddon{}) {
-		return nil
-	}
-
 	return &awsAddon
 }
 
+func expandClientAddonAzureBlob(azureCfg cty.Value) *management.AzureBlobClientAddon {
+	var azureAddon management.AzureBlobClientAddon
+
+	azureCfg.ForEachElement(func(_ cty.Value, azureCfg cty.Value) (stop bool) {
+		azureAddon = management.AzureBlobClientAddon{
+			AccountName:      value.String(azureCfg.GetAttr("account_name")),
+			StorageAccessKey: value.String(azureCfg.GetAttr("storage_access_key")),
+			ContainerName:    value.String(azureCfg.GetAttr("container_name")),
+			BlobName:         value.String(azureCfg.GetAttr("blob_name")),
+			Expiration:       value.Int(azureCfg.GetAttr("expiration")),
+			SignedIdentifier: value.String(azureCfg.GetAttr("signed_identifier")),
+			BlobRead:         value.Bool(azureCfg.GetAttr("blob_read")),
+			BlobWrite:        value.Bool(azureCfg.GetAttr("blob_write")),
+			BlobDelete:       value.Bool(azureCfg.GetAttr("blob_delete")),
+			ContainerRead:    value.Bool(azureCfg.GetAttr("container_read")),
+			ContainerWrite:   value.Bool(azureCfg.GetAttr("container_write")),
+			ContainerDelete:  value.Bool(azureCfg.GetAttr("container_delete")),
+			ContainerList:    value.Bool(azureCfg.GetAttr("container_list")),
+		}
+
+		return stop
+	})
+
+	return &azureAddon
+}
+
 func clientHasChange(c *management.Client) bool {
 	return c.String() != "{}"
 }
diff --git a/internal/auth0/client/flatten.go b/internal/auth0/client/flatten.go
@@ -95,7 +95,8 @@ func flattenClientAddons(addons *management.ClientAddons) []interface{} {
 	}
 
 	m := map[string]interface{}{
-		"aws": nil,
+		"aws":        nil,
+		"azure_blob": nil,
 	}
 
 	if addons.GetAWS() != nil {
@@ -108,5 +109,25 @@ func flattenClientAddons(addons *management.ClientAddons) []interface{} {
 		}
 	}
 
+	if addons.GetAzureBlob() != nil {
+		m["azure_blob"] = []interface{}{
+			map[string]interface{}{
+				"account_name":       addons.GetAzureBlob().GetAccountName(),
+				"storage_access_key": addons.GetAzureBlob().GetStorageAccessKey(),
+				"container_name":     addons.GetAzureBlob().GetContainerName(),
+				"blob_name":          addons.GetAzureBlob().GetBlobName(),
+				"expiration":         addons.GetAzureBlob().GetExpiration(),
+				"signed_identifier":  addons.GetAzureBlob().GetSignedIdentifier(),
+				"blob_read":          addons.GetAzureBlob().GetBlobRead(),
+				"blob_write":         addons.GetAzureBlob().GetBlobWrite(),
+				"blob_delete":        addons.GetAzureBlob().GetBlobDelete(),
+				"container_read":     addons.GetAzureBlob().GetContainerRead(),
+				"container_write":    addons.GetAzureBlob().GetContainerWrite(),
+				"container_delete":   addons.GetAzureBlob().GetContainerDelete(),
+				"container_list":     addons.GetAzureBlob().GetContainerList(),
+			},
+		}
+	}
+
 	return []interface{}{m}
 }
diff --git a/internal/auth0/client/resource.go b/internal/auth0/client/resource.go
@@ -515,6 +515,99 @@ func NewResource() *schema.Resource {
 								},
 							},
 						},
+						"azure_blob": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Computed:    true,
+							MaxItems:    1,
+							Description: "Azure Blob Storage Addon configuration.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"account_name": {
+										Description: "Your Azure storage account name. Usually first segment in your " +
+											"Azure storage URL, for example `https://acme-org.blob.core.windows.net` would " +
+											"be the account name `acme-org`.",
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"storage_access_key": {
+										Description: "Access key associated with this storage account.",
+										Type:        schema.TypeString,
+										Optional:    true,
+										Sensitive:   true,
+									},
+									"container_name": {
+										Description: "Container to request a token for, such as `my-container`.",
+										Type:        schema.TypeString,
+										Optional:    true,
+									},
+									"blob_name": {
+										Description: "Entity to request a token for, such as `my-blob`. If blank the " +
+											"computed SAS will apply to the entire storage container.",
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"expiration": {
+										Description:  "Expiration in minutes for the generated token (default of 5 minutes).",
+										Type:         schema.TypeInt,
+										ValidateFunc: validation.IntAtLeast(0),
+										Optional:     true,
+									},
+									"signed_identifier": {
+										Description: "Shared access policy identifier defined in your storage account resource.",
+										Type:        schema.TypeString,
+										Optional:    true,
+									},
+									"blob_read": {
+										Description: "Indicates if the issued token has permission to read the " +
+											"content, properties, metadata and block list. Use the blob as the " +
+											"source of a copy operation.",
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"blob_write": {
+										Description: "Indicates if the issued token has permission to create or " +
+											"write content, properties, metadata, or block list. Snapshot or lease " +
+											"the blob. Resize the blob (page blob only). Use the blob as the " +
+											"destination of a copy operation within the same account.",
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"blob_delete": {
+										Description: "Indicates if the issued token has permission to delete the blob.",
+										Type:        schema.TypeBool,
+										Optional:    true,
+									},
+									"container_read": {
+										Description: "Indicates if the issued token has permission to read the " +
+											"content, properties, metadata or block list of any blob in the " +
+											"container. Use any blob in the container as the source of a copy operation.",
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"container_write": {
+										Description: "Indicates that for any blob in the container if the issued " +
+											"token has permission to create or write content, properties, metadata, " +
+											"or block list. Snapshot or lease the blob. Resize the blob " +
+											"(page blob only). Use the blob as the destination of a copy operation " +
+											"within the same account.",
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"container_delete": {
+										Description: "Indicates if issued token has permission to delete any blob in " +
+											"the container.",
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"container_list": {
+										Description: "Indicates if the issued token has permission to list blobs in the container.",
+										Type:        schema.TypeBool,
+										Optional:    true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},