Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2/X] DXCDT-441: Reintroduce support for azure blob client addon #656

Merged
merged 1 commit into from
Jun 27, 2023
Merged

[2/X] DXCDT-441: Reintroduce support for azure blob client addon #656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions docs/data-sources/client.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ data "auth0_client" "some-client-by-id" {
Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -85,6 +86,26 @@ Read-Only:
- `role` (String)


<a id="nestedobjatt--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Read-Only:

- `account_name` (String)
- `blob_delete` (Boolean)
- `blob_name` (String)
- `blob_read` (Boolean)
- `blob_write` (Boolean)
- `container_delete` (Boolean)
- `container_list` (Boolean)
- `container_name` (String)
- `container_read` (Boolean)
- `container_write` (Boolean)
- `expiration` (Number)
- `signed_identifier` (String)
- `storage_access_key` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/data-sources/global_client.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ data "auth0_global_client" "global" {}
Read-Only:

- `aws` (List of Object) (see [below for nested schema](#nestedobjatt--addons--aws))
- `azure_blob` (List of Object) (see [below for nested schema](#nestedobjatt--addons--azure_blob))

<a id="nestedobjatt--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -74,6 +75,26 @@ Read-Only:
- `role` (String)


<a id="nestedobjatt--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Read-Only:

- `account_name` (String)
- `blob_delete` (Boolean)
- `blob_name` (String)
- `blob_read` (Boolean)
- `blob_write` (Boolean)
- `container_delete` (Boolean)
- `container_list` (Boolean)
- `container_name` (String)
- `container_read` (Boolean)
- `container_write` (Boolean)
- `expiration` (Number)
- `signed_identifier` (String)
- `storage_access_key` (String)



<a id="nestedatt--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/resources/client.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ resource "auth0_client" "my_client" {
Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -147,6 +148,26 @@ Optional:
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.


<a id="nestedblock--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Optional:

- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL, for example `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
- `blob_name` (String) Entity to request a token for, such as `my-blob`. If blank the computed SAS will apply to the entire storage container.
- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
- `container_name` (String) Container to request a token for, such as `my-container`.
- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
- `storage_access_key` (String, Sensitive) Access key associated with this storage account.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
21 changes: 21 additions & 0 deletions docs/resources/global_client.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ PAGE
Optional:

- `aws` (Block List, Max: 1) AWS Addon configuration. (see [below for nested schema](#nestedblock--addons--aws))
- `azure_blob` (Block List, Max: 1) Azure Blob Storage Addon configuration. (see [below for nested schema](#nestedblock--addons--azure_blob))

<a id="nestedblock--addons--aws"></a>
### Nested Schema for `addons.aws`
Expand All @@ -90,6 +91,26 @@ Optional:
- `role` (String) AWS role ARN, for example `arn:aws:iam::010616021751:role/foo`.


<a id="nestedblock--addons--azure_blob"></a>
### Nested Schema for `addons.azure_blob`

Optional:

- `account_name` (String) Your Azure storage account name. Usually first segment in your Azure storage URL, for example `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
- `blob_delete` (Boolean) Indicates if the issued token has permission to delete the blob.
- `blob_name` (String) Entity to request a token for, such as `my-blob`. If blank the computed SAS will apply to the entire storage container.
- `blob_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- `blob_write` (Boolean) Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `container_delete` (Boolean) Indicates if issued token has permission to delete any blob in the container.
- `container_list` (Boolean) Indicates if the issued token has permission to list blobs in the container.
- `container_name` (String) Container to request a token for, such as `my-container`.
- `container_read` (Boolean) Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- `container_write` (Boolean) Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- `expiration` (Number) Expiration in minutes for the generated token (default of 5 minutes).
- `signed_identifier` (String) Shared access policy identifier defined in your storage account resource.
- `storage_access_key` (String, Sensitive) Access key associated with this storage account.



<a id="nestedblock--jwt_configuration"></a>
### Nested Schema for `jwt_configuration`
Expand Down
40 changes: 32 additions & 8 deletions internal/auth0/client/expand.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ func expandClientAddons(d *schema.ResourceData) *management.ClientAddons {

d.GetRawConfig().GetAttr("addons").ForEachElement(func(_ cty.Value, addonsCfg cty.Value) (stop bool) {
addons.AWS = expandClientAddonAWS(addonsCfg.GetAttr("aws"))

addons.AzureBlob = expandClientAddonAzureBlob(addonsCfg.GetAttr("azure_blob"))
return stop
})

Expand All @@ -260,20 +260,44 @@ func expandClientAddonAWS(awsCfg cty.Value) *management.AWSClientAddon {
var awsAddon management.AWSClientAddon

awsCfg.ForEachElement(func(_ cty.Value, awsCfg cty.Value) (stop bool) {
awsAddon.Principal = value.String(awsCfg.GetAttr("principal"))
awsAddon.Role = value.String(awsCfg.GetAttr("role"))
awsAddon.LifetimeInSeconds = value.Int(awsCfg.GetAttr("lifetime_in_seconds"))
awsAddon = management.AWSClientAddon{
Principal: value.String(awsCfg.GetAttr("principal")),
Role: value.String(awsCfg.GetAttr("role")),
LifetimeInSeconds: value.Int(awsCfg.GetAttr("lifetime_in_seconds")),
}

return stop
})

if awsAddon == (management.AWSClientAddon{}) {
return nil
}

return &awsAddon
}

func expandClientAddonAzureBlob(azureCfg cty.Value) *management.AzureBlobClientAddon {
var azureAddon management.AzureBlobClientAddon

azureCfg.ForEachElement(func(_ cty.Value, azureCfg cty.Value) (stop bool) {
azureAddon = management.AzureBlobClientAddon{
AccountName: value.String(azureCfg.GetAttr("account_name")),
StorageAccessKey: value.String(azureCfg.GetAttr("storage_access_key")),
ContainerName: value.String(azureCfg.GetAttr("container_name")),
BlobName: value.String(azureCfg.GetAttr("blob_name")),
Expiration: value.Int(azureCfg.GetAttr("expiration")),
SignedIdentifier: value.String(azureCfg.GetAttr("signed_identifier")),
BlobRead: value.Bool(azureCfg.GetAttr("blob_read")),
BlobWrite: value.Bool(azureCfg.GetAttr("blob_write")),
BlobDelete: value.Bool(azureCfg.GetAttr("blob_delete")),
ContainerRead: value.Bool(azureCfg.GetAttr("container_read")),
ContainerWrite: value.Bool(azureCfg.GetAttr("container_write")),
ContainerDelete: value.Bool(azureCfg.GetAttr("container_delete")),
ContainerList: value.Bool(azureCfg.GetAttr("container_list")),
}

return stop
})

return &azureAddon
}

func clientHasChange(c *management.Client) bool {
return c.String() != "{}"
}
23 changes: 22 additions & 1 deletion internal/auth0/client/flatten.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,8 @@ func flattenClientAddons(addons *management.ClientAddons) []interface{} {
}

m := map[string]interface{}{
"aws": nil,
"aws": nil,
"azure_blob": nil,
}

if addons.GetAWS() != nil {
Expand All @@ -108,5 +109,25 @@ func flattenClientAddons(addons *management.ClientAddons) []interface{} {
}
}

if addons.GetAzureBlob() != nil {
m["azure_blob"] = []interface{}{
map[string]interface{}{
"account_name": addons.GetAzureBlob().GetAccountName(),
"storage_access_key": addons.GetAzureBlob().GetStorageAccessKey(),
"container_name": addons.GetAzureBlob().GetContainerName(),
"blob_name": addons.GetAzureBlob().GetBlobName(),
"expiration": addons.GetAzureBlob().GetExpiration(),
"signed_identifier": addons.GetAzureBlob().GetSignedIdentifier(),
"blob_read": addons.GetAzureBlob().GetBlobRead(),
"blob_write": addons.GetAzureBlob().GetBlobWrite(),
"blob_delete": addons.GetAzureBlob().GetBlobDelete(),
"container_read": addons.GetAzureBlob().GetContainerRead(),
"container_write": addons.GetAzureBlob().GetContainerWrite(),
"container_delete": addons.GetAzureBlob().GetContainerDelete(),
"container_list": addons.GetAzureBlob().GetContainerList(),
},
}
}

return []interface{}{m}
}
93 changes: 93 additions & 0 deletions internal/auth0/client/resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,99 @@ func NewResource() *schema.Resource {
},
},
},
"azure_blob": {
Type: schema.TypeList,
Optional: true,
Computed: true,
MaxItems: 1,
Description: "Azure Blob Storage Addon configuration.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"account_name": {
Description: "Your Azure storage account name. Usually first segment in your " +
"Azure storage URL, for example `https://acme-org.blob.core.windows.net` would " +
"be the account name `acme-org`.",
Type: schema.TypeString,
Optional: true,
},
"storage_access_key": {
Description: "Access key associated with this storage account.",
Type: schema.TypeString,
Optional: true,
Sensitive: true,
},
"container_name": {
Description: "Container to request a token for, such as `my-container`.",
Type: schema.TypeString,
Optional: true,
},
"blob_name": {
Description: "Entity to request a token for, such as `my-blob`. If blank the " +
"computed SAS will apply to the entire storage container.",
Type: schema.TypeString,
Optional: true,
},
"expiration": {
Description: "Expiration in minutes for the generated token (default of 5 minutes).",
Type: schema.TypeInt,
ValidateFunc: validation.IntAtLeast(0),
Optional: true,
},
"signed_identifier": {
Description: "Shared access policy identifier defined in your storage account resource.",
Type: schema.TypeString,
Optional: true,
},
"blob_read": {
Description: "Indicates if the issued token has permission to read the " +
"content, properties, metadata and block list. Use the blob as the " +
"source of a copy operation.",
Type: schema.TypeBool,
Optional: true,
},
"blob_write": {
Description: "Indicates if the issued token has permission to create or " +
"write content, properties, metadata, or block list. Snapshot or lease " +
"the blob. Resize the blob (page blob only). Use the blob as the " +
"destination of a copy operation within the same account.",
Type: schema.TypeBool,
Optional: true,
},
"blob_delete": {
Description: "Indicates if the issued token has permission to delete the blob.",
Type: schema.TypeBool,
Optional: true,
},
"container_read": {
Description: "Indicates if the issued token has permission to read the " +
"content, properties, metadata or block list of any blob in the " +
"container. Use any blob in the container as the source of a copy operation.",
Type: schema.TypeBool,
Optional: true,
},
"container_write": {
Description: "Indicates that for any blob in the container if the issued " +
"token has permission to create or write content, properties, metadata, " +
"or block list. Snapshot or lease the blob. Resize the blob " +
"(page blob only). Use the blob as the destination of a copy operation " +
"within the same account.",
Type: schema.TypeBool,
Optional: true,
},
"container_delete": {
Description: "Indicates if issued token has permission to delete any blob in " +
"the container.",
Type: schema.TypeBool,
Optional: true,
},
"container_list": {
Description: "Indicates if the issued token has permission to list blobs in the container.",
Type: schema.TypeBool,
Optional: true,
},
},
},
},
},
},
},
Expand Down
46 changes: 46 additions & 0 deletions internal/auth0/client/resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -753,6 +753,31 @@ resource "auth0_client" "my_client" {
}
`

const testAccUpdateClientWithAddonsAzureBlob = `
resource "auth0_client" "my_client" {
name = "Acceptance Test - SSO Integration - {{.testName}}"
app_type = "sso_integration"

addons {
azure_blob {
account_name = "acmeorg"
storage_access_key = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=="
container_name = "my-container"
blob_name = "my-blob"
expiration = 10
signed_identifier = "id123"
blob_read = true
blob_write = true
blob_delete = true
container_read = true
container_write = true
container_delete = true
container_list = true
}
}
}
`

func TestAccClientAddons(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
Expand All @@ -767,6 +792,27 @@ func TestAccClientAddons(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.aws.0.lifetime_in_seconds", "32000"),
),
},
{
Config: acctest.ParseTestName(testAccUpdateClientWithAddonsAzureBlob, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - SSO Integration - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.account_name", "acmeorg"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.storage_access_key", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=="),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.container_name", "my-container"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.blob_name", "my-blob"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.expiration", "10"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.signed_identifier", "id123"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.blob_read", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.blob_write", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.blob_delete", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.container_read", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.container_write", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.container_delete", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.azure_blob.0.container_list", "true"),
),
},
},
})
}
Expand Down
Loading
Loading