Skip to content
This repository was archived by the owner on Mar 8, 2022. It is now read-only.

Commit 5a45cad

Browse files
alexkappaalexkappa
authored
Merge pull request #153 from alexkappa/add-client-secret-roatation
Add support for client secret rotation
2 parents 0ff7e2c + 1edc3d6 commit 5a45cad

File tree

2 files changed

+76
-7
lines changed

2 files changed

+76
-7
lines changed

auth0/resource_auth0_client.go

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,10 @@ func newClient() *schema.Resource {
3838
Computed: true,
3939
Sensitive: true,
4040
},
41+
"client_secret_rotation_trigger": {
42+
Type: schema.TypeMap,
43+
Optional: true,
44+
},
4145
"app_type": {
4246
Type: schema.TypeString,
4347
Optional: true,
@@ -509,10 +513,18 @@ func readClient(d *schema.ResourceData, m interface{}) error {
509513
func updateClient(d *schema.ResourceData, m interface{}) error {
510514
c := buildClient(d)
511515
api := m.(*management.Management)
512-
err := api.Client.Update(d.Id(), c)
516+
if clientHasChange(c) {
517+
err := api.Client.Update(d.Id(), c)
518+
if err != nil {
519+
return err
520+
}
521+
}
522+
d.Partial(true)
523+
err := rotateClientSecret(d, m)
513524
if err != nil {
514525
return err
515526
}
527+
d.Partial(false)
516528
return readClient(d, m)
517529
}
518530

@@ -642,3 +654,20 @@ func buildClientAddon(d map[string]interface{}) map[string]interface{} {
642654
}
643655
return addon
644656
}
657+
658+
func rotateClientSecret(d *schema.ResourceData, m interface{}) error {
659+
if d.HasChange("client_secret_rotation_trigger") {
660+
api := m.(*management.Management)
661+
c, err := api.Client.RotateSecret(d.Id())
662+
if err != nil {
663+
return err
664+
}
665+
d.Set("client_secret", c.ClientSecret)
666+
}
667+
d.SetPartial("client_secret_rotation_trigger")
668+
return nil
669+
}
670+
671+
func clientHasChange(c *management.Client) bool {
672+
return c.String() != "{}"
673+
}

auth0/resource_auth0_client_test.go

Lines changed: 46 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -100,20 +100,20 @@ func TestAccClientZeroValueCheck(t *testing.T) {
100100
},
101101
Steps: []resource.TestStep{
102102
{
103-
Config: testAccClientConfig_create,
103+
Config: testAccClientConfigCreate,
104104
Check: resource.ComposeTestCheckFunc(
105105
resource.TestCheckResourceAttr("auth0_client.my_client", "name", "Application - Acceptance Test - Zero Value Check"),
106106
resource.TestCheckResourceAttr("auth0_client.my_client", "is_first_party", "false"),
107107
),
108108
},
109109
{
110-
Config: testAccClientConfig_update,
110+
Config: testAccClientConfigUpdate,
111111
Check: resource.ComposeTestCheckFunc(
112112
resource.TestCheckResourceAttr("auth0_client.my_client", "is_first_party", "true"),
113113
),
114114
},
115115
{
116-
Config: testAccClientConfig_update_again,
116+
Config: testAccClientConfigUpdateAgain,
117117
Check: resource.ComposeTestCheckFunc(
118118
resource.TestCheckResourceAttr("auth0_client.my_client", "is_first_party", "false"),
119119
),
@@ -122,23 +122,63 @@ func TestAccClientZeroValueCheck(t *testing.T) {
122122
})
123123
}
124124

125-
const testAccClientConfig_create = `
125+
const testAccClientConfigCreate = `
126126
resource "auth0_client" "my_client" {
127127
name = "Application - Acceptance Test - Zero Value Check"
128128
is_first_party = false
129129
}
130130
`
131131

132-
const testAccClientConfig_update = `
132+
const testAccClientConfigUpdate = `
133133
resource "auth0_client" "my_client" {
134134
name = "Application - Acceptance Test - Zero Value Check"
135135
is_first_party = true
136136
}
137137
`
138138

139-
const testAccClientConfig_update_again = `
139+
const testAccClientConfigUpdateAgain = `
140140
resource "auth0_client" "my_client" {
141141
name = "Application - Acceptance Test - Zero Value Check"
142142
is_first_party = false
143143
}
144144
`
145+
146+
func TestAccClientRotateSecret(t *testing.T) {
147+
148+
resource.Test(t, resource.TestCase{
149+
Providers: map[string]terraform.ResourceProvider{
150+
"auth0": Provider(),
151+
},
152+
Steps: []resource.TestStep{
153+
{
154+
Config: testAccClientConfigRotateSecret,
155+
Check: resource.ComposeTestCheckFunc(
156+
resource.TestCheckResourceAttr("auth0_client.my_client", "name", "Application - Acceptance Test - Rotate Secret"),
157+
),
158+
},
159+
{
160+
Config: testAccClientConfigRotateSecretUpdate,
161+
Check: resource.ComposeTestCheckFunc(
162+
resource.TestCheckResourceAttr("auth0_client.my_client", "client_secret_rotation_trigger.triggered_at", "2018-01-02T23:12:01Z"),
163+
resource.TestCheckResourceAttr("auth0_client.my_client", "client_secret_rotation_trigger.triggered_by", "alex"),
164+
),
165+
},
166+
},
167+
})
168+
}
169+
170+
const testAccClientConfigRotateSecret = `
171+
resource "auth0_client" "my_client" {
172+
name = "Application - Acceptance Test - Rotate Secret"
173+
}
174+
`
175+
176+
const testAccClientConfigRotateSecretUpdate = `
177+
resource "auth0_client" "my_client" {
178+
name = "Application - Acceptance Test - Rotate Secret"
179+
client_secret_rotation_trigger = {
180+
triggered_at = "2018-01-02T23:12:01Z"
181+
triggered_by = "alex"
182+
}
183+
}
184+
`

0 commit comments

Comments
 (0)