ESD-32354: Add disable_self_service_change_password to AD connection …

…options (#874)
auth0 · Nov 14, 2023 · 443d088 · 443d088
1 parent ec17aa7
commit 443d088
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 66 deletions.
diff --git a/docs/resources/connection.md b/docs/resources/connection.md
@@ -281,9 +281,10 @@ resource "auth0_connection" "ad" {
   show_as_button = true
 
   options {
-    brute_force_protection = true
-    tenant_domain          = "example.com"
-    icon_url               = "https://example.com/assets/logo.png"
+    disable_self_service_change_password = true
+    brute_force_protection               = true
+    tenant_domain                        = "example.com"
+    icon_url                             = "https://example.com/assets/logo.png"
     domain_aliases = [
       "example.com",
       "api.example.com"

diff --git a/examples/resources/auth0_connection/resource_with_ad.tf b/examples/resources/auth0_connection/resource_with_ad.tf
@@ -5,9 +5,10 @@ resource "auth0_connection" "ad" {
   show_as_button = true
 
   options {
-    brute_force_protection = true
-    tenant_domain          = "example.com"
-    icon_url               = "https://example.com/assets/logo.png"
+    disable_self_service_change_password = true
+    brute_force_protection               = true
+    tenant_domain                        = "example.com"
+    icon_url                             = "https://example.com/assets/logo.png"
     domain_aliases = [
       "example.com",
       "api.example.com"

diff --git a/internal/auth0/connection/expand.go b/internal/auth0/connection/expand.go
@@ -545,15 +545,16 @@ func expandConnectionOptionsEmail(_ *schema.ResourceData, config cty.Value) (int
 
 func expandConnectionOptionsAD(_ *schema.ResourceData, config cty.Value) (interface{}, diag.Diagnostics) {
 	options := &management.ConnectionOptionsAD{
-		DomainAliases:        value.Strings(config.GetAttr("domain_aliases")),
-		TenantDomain:         value.String(config.GetAttr("tenant_domain")),
-		LogoURL:              value.String(config.GetAttr("icon_url")),
-		IPs:                  value.Strings(config.GetAttr("ips")),
-		CertAuth:             value.Bool(config.GetAttr("use_cert_auth")),
-		Kerberos:             value.Bool(config.GetAttr("use_kerberos")),
-		DisableCache:         value.Bool(config.GetAttr("disable_cache")),
-		NonPersistentAttrs:   value.Strings(config.GetAttr("non_persistent_attrs")),
-		BruteForceProtection: value.Bool(config.GetAttr("brute_force_protection")),
+		DomainAliases:                    value.Strings(config.GetAttr("domain_aliases")),
+		TenantDomain:                     value.String(config.GetAttr("tenant_domain")),
+		LogoURL:                          value.String(config.GetAttr("icon_url")),
+		IPs:                              value.Strings(config.GetAttr("ips")),
+		CertAuth:                         value.Bool(config.GetAttr("use_cert_auth")),
+		Kerberos:                         value.Bool(config.GetAttr("use_kerberos")),
+		DisableCache:                     value.Bool(config.GetAttr("disable_cache")),
+		NonPersistentAttrs:               value.Strings(config.GetAttr("non_persistent_attrs")),
+		BruteForceProtection:             value.Bool(config.GetAttr("brute_force_protection")),
+		DisableSelfServiceChangePassword: value.Bool(config.GetAttr("disable_self_service_change_password")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))

diff --git a/internal/auth0/connection/flatten.go b/internal/auth0/connection/flatten.go
@@ -678,17 +678,18 @@ func flattenConnectionOptionsAD(
 	}
 
 	optionsMap := map[string]interface{}{
-		"tenant_domain":            options.GetTenantDomain(),
-		"domain_aliases":           options.GetDomainAliases(),
-		"icon_url":                 options.GetLogoURL(),
-		"ips":                      options.GetIPs(),
-		"use_cert_auth":            options.GetCertAuth(),
-		"use_kerberos":             options.GetKerberos(),
-		"disable_cache":            options.GetDisableCache(),
-		"brute_force_protection":   options.GetBruteForceProtection(),
-		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
-		"set_user_root_attributes": options.GetSetUserAttributes(),
-		"upstream_params":          upstreamParams,
+		"tenant_domain":                        options.GetTenantDomain(),
+		"domain_aliases":                       options.GetDomainAliases(),
+		"icon_url":                             options.GetLogoURL(),
+		"ips":                                  options.GetIPs(),
+		"use_cert_auth":                        options.GetCertAuth(),
+		"use_kerberos":                         options.GetKerberos(),
+		"disable_cache":                        options.GetDisableCache(),
+		"brute_force_protection":               options.GetBruteForceProtection(),
+		"non_persistent_attrs":                 options.GetNonPersistentAttrs(),
+		"set_user_root_attributes":             options.GetSetUserAttributes(),
+		"disable_self_service_change_password": options.GetDisableSelfServiceChangePassword(),
+		"upstream_params":                      upstreamParams,
 	}
 
 	if options.GetSetUserAttributes() == "" {

diff --git a/internal/auth0/connection/resource_test.go b/internal/auth0/connection/resource_test.go
@@ -180,6 +180,7 @@ func TestAccConnectionAD(t *testing.T) {
 					resource.TestCheckTypeSetElemAttr("auth0_connection.ad", "options.0.non_persistent_attrs.*", "ethnicity"),
 					resource.TestCheckTypeSetElemAttr("auth0_connection.ad", "options.0.non_persistent_attrs.*", "gender"),
 					resource.TestCheckResourceAttr("auth0_connection.ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
+					resource.TestCheckResourceAttr("auth0_connection.ad", "options.0.disable_self_service_change_password", "false"),
 				),
 			},
 			{
@@ -199,6 +200,7 @@ func TestAccConnectionAD(t *testing.T) {
 					resource.TestCheckTypeSetElemAttr("auth0_connection.ad", "options.0.non_persistent_attrs.*", "ethnicity"),
 					resource.TestCheckTypeSetElemAttr("auth0_connection.ad", "options.0.non_persistent_attrs.*", "gender"),
 					resource.TestCheckResourceAttr("auth0_connection.ad", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
+					resource.TestCheckResourceAttr("auth0_connection.ad", "options.0.disable_self_service_change_password", "true"),
 				),
 			},
 		},
@@ -211,6 +213,7 @@ resource "auth0_connection" "ad" {
 	strategy = "ad"
 	show_as_button = true
 	options {
+		disable_self_service_change_password = false
 		brute_force_protection = true
 		tenant_domain = "example.com"
 		domain_aliases = [
@@ -235,6 +238,7 @@ resource "auth0_connection" "ad" {
 	strategy = "ad"
 	show_as_button = true
 	options {
+		disable_self_service_change_password = true
 		brute_force_protection = true
 		tenant_domain = "example.com"
 		domain_aliases = [