Add auth0_encryption_key_manager resource to allow rekeying of encryption keys #1031

acwest · 2024-09-20T21:02:27Z

This PR brings support of the Control Your Own Key (CYOK) functionality in the Auth0 Management API.

🔧 Changes

A new resource has been added, auth0_encryption_key_manager which contains a single optional attribute key_rotation_id which if changed, causes the encryption key hierarchy to be rekeyed.

📚 References

Customer Managed Keys

API Documentation

🔬 Testing

📝 Checklist

All new/changed/fixed functionality is covered by tests (or N/A)
I have added documentation for all new/changed functionality (or N/A)

codecov-commenter · 2024-09-20T21:05:12Z

Codecov Report

Attention: Patch coverage is 93.87755% with 6 lines in your changes missing coverage. Please review.

Project coverage is 90.27%. Comparing base (12d9a01) to head (ca1536e).

Files with missing lines	Patch %	Lines
internal/auth0/encryptionkeymanager/resource.go	92.77%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1031      +/-   ##
==========================================
+ Coverage   90.25%   90.27%   +0.02%     
==========================================
  Files         112      114       +2     
  Lines       16350    16448      +98     
==========================================
+ Hits        14757    14849      +92     
- Misses       1118     1122       +4     
- Partials      475      477       +2

Files with missing lines	Coverage Δ
internal/auth0/encryptionkeymanager/flatten.go	`100.00% <100.00%> (ø)`
internal/provider/provider.go	`100.00% <ø> (ø)`
internal/auth0/encryptionkeymanager/resource.go	`92.77% <92.77%> (ø)`

…ion keys

internal/auth0/encryptionkeymanager/resource.go

internal/provider/provider.go

…ys (auth0#1031) * Add auth0_encryption_key resource to allow rekeying of tenant encryption keys * Slight renaming, and use key_rotation_id instead of rekey attribute * Rename auth0_encryption_key to auth0_encryption_key_manager

…ys (auth0#1031) * Add auth0_encryption_key resource to allow rekeying of tenant encryption keys * Slight renaming, and use key_rotation_id instead of rekey attribute * Rename auth0_encryption_key to auth0_encryption_key_manager Signed-off-by: BryanLewis-AtOkta <[email protected]>

… for Verify. Patch: Removed MinItems validation for precedence on Connection Resource (auth0#1017) * Removed min/max validation on precendence slice * reverted maxItems validation Add support for all languages for Universal Login (auth0#1016) * Fetch list of languages from CDN instead of hardcoding them * Updated linting --------- Co-authored-by: KunalOfficial <[email protected]> Add Support for `auth0_prompt_screen_partial` and `auth0_prompt_screen_partials` in Prompt Resources (auth0#1013) * Add-Support-for-Prompt-Screen-Partials * Add auth0_prompt_screen_partial Resource and Required Docs * Fix Linting * Updated Go-auth0 Version 1.9.0 to 1.10.0 * Added Testcases for other insertionpoints as well * Fixed Linting * Added More testcases * Correct depends on for datasource of prompt partials Bump github.com/hashicorp/terraform-plugin-testing from 1.9.0 to 1.10.0 (auth0#999) Bumps [github.com/hashicorp/terraform-plugin-testing](https://github.com/hashicorp/terraform-plugin-testing) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-testing/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-testing/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-plugin-testing@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-testing dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Add Organizations for Client Credentials (auth0#1009) * Updated schema and added relevant test cases for client with default_organization * Added test recordings * Updated the resource schema and added new test recordinging * Added validation on required arguments * Fixed linting and updated test recording * Deleted a test recording * Updated go.mod Add Sorting to `screen_partials` Flattening Logic to Resolve Indexing Issues with Prompt Screen Partials (auth0#1019) * Change screen_partials to TypeSet for consistent ordering in prompt screen partials * Add Sorting to screen_partials Flattening Logic to Resolve Indexing Issues Add changelog for v1.6.0 (auth0#1020) * Added the changelog * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> --------- Co-authored-by: KunalOfficial <[email protected]> Patch: default_organization on Client Creds (auth0#1021) * Updated flow of importing default_organization * Updated logic for handling default Orgs * Updated test recordings * Updated the conditional check Add changelog for v1.6.1 (auth0#1022) * Added changelog * linting fixes * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> --------- Co-authored-by: KunalOfficial <[email protected]> Add HRI related changes to Terraform provider (auth0#1015) * Add HRI related changes to Terraform provider * Fix broken HasChange behaviour * Change ConflictWith to explicit validation in code * Move validation to plan instead of apply * Fix validation for default resources Add strategy_version support to all connections that use it (auth0#1024) * ESD-39527: Add strategy_version support to all connections that use it * Update go-auth0 dependency * Add examples for strategy_version Add user_id_attribute support to AzureAD connection options (auth0#1028) Add user_id_attribute to AzureAD connection options Bump github.com/auth0/go-auth0 from 1.10.1-0.20240920131149-720c3a081e03 to 1.11.0 (auth0#1036) Bump github.com/auth0/go-auth0 Bumps [github.com/auth0/go-auth0](https://github.com/auth0/go-auth0) from 1.10.1-0.20240920131149-720c3a081e03 to 1.11.0. - [Release notes](https://github.com/auth0/go-auth0/releases) - [Changelog](https://github.com/auth0/go-auth0/blob/main/CHANGELOG.md) - [Commits](https://github.com/auth0/go-auth0/commits/v1.11.0) --- updated-dependencies: - dependency-name: github.com/auth0/go-auth0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Added some minor updates Updated recordings docs updated Add auth0_encryption_keys resource to allow rekeying of encryption keys (auth0#1031) * Add auth0_encryption_key resource to allow rekeying of tenant encryption keys * Slight renaming, and use key_rotation_id instead of rekey attribute * Rename auth0_encryption_key to auth0_encryption_key_manager Add new resource to manage Organization Client Grants (auth0#1027) * Added new resource and data source for org client grants * minor refactoring * Added test case * Updated test recordings * Updated the test name * Fix some timing issues in resourceserver, and add terraform version to server logs * Remove unneeded lint config * rebased * minor refactoring * Added test case * Updated test recordings * Updated the test name * Fix some timing issues in resourceserver, and add terraform version to server logs * Remove unneeded lint config --------- Co-authored-by: A. Craig West <[email protected]> Add support for Form, Flow and Flow Vault Connection (auth0#1039) * form resource * flow resource * flow resource, data source added * update forms * update flow * update go-auth0 v1.11.0 * added flow vault connection * Added flow expand/flatten + tests + recordings * update flow vault connection * form, flow vault connection added unit test, recordings * form, flow vault connection doc update * form, flow vault connection examples added * form, flow vault connection examples added example, data source * form, flow vault connection examples docs updated * lint fix * form, flow unit test added * form flatten unit test added * lint * Updated recordings --------- Co-authored-by: kushalshit27 <[email protected]> PATCH: Ensure Removal of Insertion Points in `auth0_prompt_screen_partial` Resource (auth0#1043) Fix: Ensure Removal of Insertion Points in Resource API Support BYOK in Terraform provider (auth0#1041) Co-authored-by: KunalOfficial <[email protected]> Bump github.com/auth0/go-auth0 from 1.11.0 to 1.11.1 (auth0#1042) Bumps [github.com/auth0/go-auth0](https://github.com/auth0/go-auth0) from 1.11.0 to 1.11.1. - [Release notes](https://github.com/auth0/go-auth0/releases) - [Changelog](https://github.com/auth0/go-auth0/blob/main/CHANGELOG.md) - [Commits](auth0/go-auth0@v1.11.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/auth0/go-auth0 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Add changelog for 1.7.0 (auth0#1044) * Added changelog for 1.7.0 * Added further changes * removed . * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * removed . * minor refactor --------- Co-authored-by: KunalOfficial <[email protected]> Fix docs for user_id_attribute for AzureAD connection options (auth0#1047) ESD-40277: Fix docs for user_id_attribute for AzureAD connection options PATCH: Add graceful error handling for `auth0_organization` data source when using client grants (auth0#1049) * Added check on tenants which has insufficient scopes and return a empty slice * Updated test case * minor refactoring * minor refactor * linting * linting Updated example for Form (auth0#1046) * Updated example for form PATCH: Implemented checkpoint pagination for retrieving Role users (auth0#1048) * Implemented checkpoint pagination on role users * added tests Add changelog for 1.7.1 (auth0#1050) * Added changelog * refac * refac * refac * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * Added changelog * refac * refac * refac * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * refac * Apply suggestions from code review Co-authored-by: KunalOfficial <[email protected]> * Added changelog * refac * refac * refac * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> * refac * Added changelog * Update CHANGELOG.md Co-authored-by: KunalOfficial <[email protected]> --------- Co-authored-by: KunalOfficial <[email protected]> Fix: Updated `TestAccConnectionAzureAD` test recording (auth0#1052) Updated recording + auth0 version bump Added a check on provider's configuration for required env vars (auth0#1053) * Added a check on provider's configuration for reqd env vars * Added linting

acwest marked this pull request as ready for review September 20, 2024 21:05

acwest requested a review from a team as a code owner September 20, 2024 21:05

acwest force-pushed the DXCDT-655-add-cyok-rekey branch 3 times, most recently from 9a71b69 to 4039d95 Compare September 26, 2024 13:57

acwest added 3 commits October 1, 2024 11:28

Add auth0_encryption_key resource to allow rekeying of tenant encrypt…

4e8de34

…ion keys

Slight renaming, and use key_rotation_id instead of rekey attribute

65d4b1a

Rename auth0_encryption_key to auth0_encryption_key_manager

ca1536e

acwest force-pushed the DXCDT-655-add-cyok-rekey branch from 3c2d16f to ca1536e Compare October 1, 2024 15:30

duedares-rvj reviewed Oct 1, 2024

View reviewed changes

internal/auth0/encryptionkeymanager/resource.go Show resolved Hide resolved

duedares-rvj reviewed Oct 1, 2024

View reviewed changes

internal/provider/provider.go Show resolved Hide resolved

duedares-rvj approved these changes Oct 3, 2024

View reviewed changes

acwest merged commit 1a3b628 into main Oct 3, 2024
9 checks passed

acwest deleted the DXCDT-655-add-cyok-rekey branch October 3, 2024 13:59

acwest restored the DXCDT-655-add-cyok-rekey branch October 7, 2024 14:18

duedares-rvj changed the title ~~Add auth0_encryption_keys resource to allow rekeying of encryption keys~~ Add auth0_encryption_key_manager resource to allow rekeying of encryption keys Oct 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add auth0_encryption_key_manager resource to allow rekeying of encryption keys #1031

Add auth0_encryption_key_manager resource to allow rekeying of encryption keys #1031

acwest commented Sep 20, 2024 •

edited

Loading

codecov-commenter commented Sep 20, 2024 •

edited

Loading

Add auth0_encryption_key_manager resource to allow rekeying of encryption keys #1031

Add auth0_encryption_key_manager resource to allow rekeying of encryption keys #1031

Conversation

acwest commented Sep 20, 2024 • edited Loading

🔧 Changes

📚 References

🔬 Testing

📝 Checklist

codecov-commenter commented Sep 20, 2024 • edited Loading

Codecov Report

acwest commented Sep 20, 2024 •

edited

Loading

codecov-commenter commented Sep 20, 2024 •

edited

Loading