diff --git a/go.mod b/go.mod index d0bb9bce..b59f793a 100644 --- a/go.mod +++ b/go.mod @@ -106,3 +106,5 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/auth0/go-auth0 => ../go-auth0 diff --git a/internal/auth0/tenant/expand.go b/internal/auth0/tenant/expand.go index c1b00412..5f2d41c0 100644 --- a/internal/auth0/tenant/expand.go +++ b/internal/auth0/tenant/expand.go @@ -15,7 +15,11 @@ func expandTenant(data *schema.ResourceData) *management.Tenant { sessionLifetime := data.Get("session_lifetime").(float64) // Handling separately to preserve default values not honored by `d.GetRawConfig()`. idleSessionLifetime := data.Get("idle_session_lifetime").(float64) // Handling separately to preserve default values not honored by `d.GetRawConfig()`. + ephemeralSessionLifetime := data.Get("ephemeral_session_lifetime").(float64) // Handling separately to preserve default values not honored by `d.GetRawConfig()`. + idleEphemeralSessionLifetime := data.Get("idle_ephemeral_session_lifetime").(float64) // Handling separately to preserve default values not honored by `d.GetRawConfig()`. + + tenant := management.Tenant{ DefaultAudience: value.String(config.GetAttr("default_audience")), DefaultDirectory: value.String(config.GetAttr("default_directory")), @@ -26,6 +30,7 @@ func expandTenant(data *schema.ResourceData) *management.Tenant { SupportURL: value.String(config.GetAttr("support_url")), AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")), SessionLifetime: &sessionLifetime, + EphemeralSessionLifetime: &ephemeralSessionLifetime, SandboxVersion: value.String(config.GetAttr("sandbox_version")), EnabledLocales: value.Strings(config.GetAttr("enabled_locales")), Flags: expandTenantFlags(config.GetAttr("flags")), @@ -45,6 +50,10 @@ func expandTenant(data *schema.ResourceData) *management.Tenant { if data.IsNewResource() || data.HasChange("idle_session_lifetime") { tenant.IdleSessionLifetime = &idleSessionLifetime } + if data.IsNewResource() || data.HasChange("idle_ephemeral_session_lifetime") { + tenant.IdleEphemeralSessionLifetime = &idleEphemeralSessionLifetime + } + return &tenant } diff --git a/internal/auth0/tenant/flatten.go b/internal/auth0/tenant/flatten.go index cda3aeae..afe7c0a0 100644 --- a/internal/auth0/tenant/flatten.go +++ b/internal/auth0/tenant/flatten.go @@ -22,6 +22,8 @@ func flattenTenant(data *schema.ResourceData, tenant *management.Tenant) error { data.Set("allowed_logout_urls", tenant.GetAllowedLogoutURLs()), data.Set("session_lifetime", tenant.GetSessionLifetime()), data.Set("idle_session_lifetime", tenant.GetIdleSessionLifetime()), + data.Set("ephemeral_session_lifetime", tenant.GetEphemeralSessionLifetime()), + data.Set("idle_ephemeral_session_lifetime", tenant.GetIdleEphemeralSessionLifetime()), data.Set("sandbox_version", tenant.GetSandboxVersion()), data.Set("enabled_locales", tenant.GetEnabledLocales()), data.Set("flags", flattenTenantFlags(tenant.GetFlags())), @@ -45,6 +47,14 @@ func flattenTenant(data *schema.ResourceData, tenant *management.Tenant) error { result = multierror.Append(result, data.Set("session_lifetime", sessionLifetimeDefault)) } + if tenant.GetIdleEphemeralSessionLifetime() == 0 { + result = multierror.Append(result, data.Set("idle_ephemeral_session_lifetime", idleSessionLifetimeDefault)) + } + if tenant.GetEphemeralSessionLifetime() == 0 { + result = multierror.Append(result, data.Set("ephemeral_session_lifetime", sessionLifetimeDefault)) + } + + if tenant.GetACRValuesSupported() == nil { result = multierror.Append(result, data.Set("disable_acr_values_supported", true), diff --git a/internal/auth0/tenant/flatten_test.go b/internal/auth0/tenant/flatten_test.go index b1baa44e..330d37c7 100644 --- a/internal/auth0/tenant/flatten_test.go +++ b/internal/auth0/tenant/flatten_test.go @@ -101,4 +101,18 @@ func TestFlattenTenant(t *testing.T) { assert.NoError(t, err) assert.Equal(t, mockResourceData.Get("error_page"), []interface{}{}) }) + + t.Run("it sets ephemeral session values correctly when returned by the API", func(t *testing.T) { + tenant := management.Tenant{ + EphemeralSessionLifetime: auth0.Float64(1.5), + IdleEphemeralSessionLifetime: auth0.Float64(0.25), + } + + err := flattenTenant(mockResourceData, &tenant) + + assert.NoError(t, err) + assert.Equal(t, 1.5, mockResourceData.Get("ephemeral_session_lifetime")) + assert.Equal(t, 0.25, mockResourceData.Get("idle_ephemeral_session_lifetime")) + }) + } diff --git a/internal/auth0/tenant/resource.go b/internal/auth0/tenant/resource.go index 5ea90750..8aa11cfa 100644 --- a/internal/auth0/tenant/resource.go +++ b/internal/auth0/tenant/resource.go @@ -24,6 +24,9 @@ import ( const ( idleSessionLifetimeDefault = 72.00 sessionLifetimeDefault = 168.00 + ephemeralSessionLifetimeDefault = 1.00 // 1 hour + idleEphemeralSessionLifetimeDefault = 1.00 // 1 hour + ) // NewResource will return a new auth0_tenant resource. @@ -108,6 +111,21 @@ func NewResource() *schema.Resource { ValidateFunc: validation.FloatAtLeast(0.01), Description: "Number of hours during which a session can be inactive before the user must log in again.", }, + "ephemeral_session_lifetime": { + Type: schema.TypeFloat, + Optional: true, + Default: ephemeralSessionLifetimeDefault, + ValidateFunc: validation.FloatAtLeast(0.0167), + Description: "Number of hours an ephemeral (non-persistent) session will stay valid.", + }, + "idle_ephemeral_session_lifetime": { + Type: schema.TypeFloat, + Optional: true, + Default: idleEphemeralSessionLifetimeDefault, + ValidateFunc: validation.FloatAtLeast(0.0167), + Description: "Number of hours for which an ephemeral (non-persistent) session can be inactive before the user must log in again.", + }, + "enabled_locales": { Type: schema.TypeList, Elem: &schema.Schema{Type: schema.TypeString}, diff --git a/internal/auth0/tenant/resource_test.go b/internal/auth0/tenant/resource_test.go index 3c19e5b5..dce6cb8b 100644 --- a/internal/auth0/tenant/resource_test.go +++ b/internal/auth0/tenant/resource_test.go @@ -39,8 +39,10 @@ resource "auth0_tenant" "my_tenant" { default_redirection_uri = "https://example.com/login" allowed_logout_urls = [ "https://mycompany.org/logoutCallback" ] session_lifetime = 720 - sandbox_version = "16" + sandbox_version = "18" idle_session_lifetime = 72 + ephemeral_session_lifetime = 48 + idle_ephemeral_session_lifetime = 36 enabled_locales = ["en", "de", "fr"] disable_acr_values_supported = true @@ -176,7 +178,7 @@ resource "auth0_tenant" "my_tenant" { support_url = "https://mycompany.org/support" allowed_logout_urls = [] session_lifetime = 720 - sandbox_version = "16" + sandbox_version = "18" idle_session_lifetime = 72 enabled_locales = ["de", "fr"] @@ -231,7 +233,7 @@ resource "auth0_tenant" "my_tenant" { support_url = "https://mycompany.org/support" allowed_logout_urls = [] session_lifetime = 720 - sandbox_version = "16" + sandbox_version = "18" idle_session_lifetime = 72 allow_organization_name_in_authentication_api = true @@ -336,8 +338,10 @@ func TestAccTenant_Main(t *testing.T) { resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "support_url", "https://mycompany.org/support"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "allowed_logout_urls.0", "https://mycompany.org/logoutCallback"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "session_lifetime", "720"), - resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "sandbox_version", "16"), + resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "sandbox_version", "18"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "idle_session_lifetime", "72"), + resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "ephemeral_session_lifetime", "48"), + resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "idle_ephemeral_session_lifetime", "36"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "enabled_locales.#", "3"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "enabled_locales.0", "en"), resource.TestCheckResourceAttr("auth0_tenant.my_tenant", "enabled_locales.1", "de"),