Merge branch 'main' into main

.github/workflows/main.yml

@@ -19,6 +19,9 @@ jobs:
           go-version-file: go.mod
           check-latest: true
 
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
       - name: Check that docs were generated
         run: make check-docs
 

CHANGELOG.md

@@ -1,3 +1,10 @@
+## v1.9.1
+
+ENHANCEMENTS:
+- `resource/auth0_prompt_screen_renderer`: Update docs & unit tests related to auth0_prompt_screen_renderer  (`EA` Release) ([#1101](https://github.com/auth0/terraform-provider-auth0/pull/1101/))
+- `resource/auth0_flow_vault_connection`: Update `setup` & `ready` attributes schema for auth0_flow_vault_connection ([#1103](https://github.com/auth0/terraform-provider-auth0/pull/1103/))
+
+
 ## v1.9.0
 
 FEATURES:

docs/data-sources/connection.md

@@ -313,6 +313,7 @@ Read-Only:
 - `client_authorize_query` (String)
 - `client_id` (String)
 - `client_protocol` (String)
+- `enabled` (Boolean)
 
 
 <a id="nestedobjatt--options--mfa"></a>

docs/resources/connection.md

@@ -934,6 +934,7 @@ Optional:
 - `client_authorize_query` (String)
 - `client_id` (String)
 - `client_protocol` (String)
+- `enabled` (Boolean)
 
 
 <a id="nestedblock--options--mfa"></a>

docs/resources/flow_vault_connection.md

@@ -37,12 +37,12 @@ resource "auth0_flow_vault_connection" "my_connection" {
 - `account_name` (String) Custom account name of the vault connection.
 - `environment` (String) Environment of the vault connection.
 - `fingerprint` (String) Fingerprint of the vault connection.
-- `ready` (Boolean) Indicates if the vault connection is configured.
 - `setup` (Map of String, Sensitive) Configuration of the vault connection. (Mapping information must be provided as key/value pairs)
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
+- `ready` (Boolean) Indicates if the vault connection is configured.
 
 ## Import
 

docs/resources/prompt_custom_text.md

@@ -48,7 +48,7 @@ resource "auth0_prompt_custom_text" "example" {
 ### Required
 
 - `body` (String) JSON containing the custom texts. You can check the options for each prompt [here](https://auth0.com/docs/customize/universal-login-pages/customize-login-text-prompts#prompt-values).
-- `language` (String) Language of the custom text. Options include: `ar`, `ar-EG`, `ar-SA`, `az`, `bg`, `bs`, `ca-ES`, `cs`, `cy`, `da`, `de`, `el`, `en`, `es`, `es-AR`, `es-MX`, `et`, `eu-ES`, `fa`, `fi`, `fr`, `fr-CA`, `fr-FR`, `gl-ES`, `he`, `hi`, `hr`, `hu`, `hy`, `id`, `is`, `it`, `ja`, `ko`, `lt`, `lv`, `ms`, `nb`, `nl`, `nn`, `no`, `pl`, `pt`, `pt-BR`, `pt-PT`, `ro`, `ru`, `sk`, `sl`, `sq`, `sr`, `sv`, `th`, `tl`, `tr`, `uk`, `ur`, `vi`, `zh-CN`, `zh-HK`, `zh-TW`.
+- `language` (String) Language of the custom text. Options include: `am`, `ar`, `ar-EG`, `ar-SA`, `az`, `bg`, `bn`, `bs`, `ca-ES`, `cnr`, `cs`, `cy`, `da`, `de`, `el`, `en`, `en-CA`, `es`, `es-419`, `es-AR`, `es-MX`, `et`, `eu-ES`, `fa`, `fi`, `fr`, `fr-CA`, `fr-FR`, `gl-ES`, `gu`, `he`, `hi`, `hr`, `hu`, `hy`, `id`, `is`, `it`, `ja`, `ka`, `kk`, `kn`, `ko`, `lt`, `lv`, `mk`, `ml`, `mn`, `mr`, `ms`, `my`, `nb`, `nl`, `nn`, `no`, `pa`, `pl`, `pt`, `pt-BR`, `pt-PT`, `ro`, `ru`, `sk`, `sl`, `so`, `sq`, `sr`, `sv`, `sw`, `ta`, `te`, `th`, `tl`, `tr`, `uk`, `ur`, `vi`, `zgh`, `zh-CN`, `zh-HK`, `zh-TW`.
 - `prompt` (String) The term `prompt` is used to refer to a specific step in the login flow. Options include: `captcha`, `common`, `consent`, `custom-form`, `customized-consent`, `device-flow`, `email-otp-challenge`, `email-verification`, `invitation`, `login`, `login-email-verification`, `login-id`, `login-password`, `login-passwordless`, `logout`, `mfa`, `mfa-email`, `mfa-otp`, `mfa-phone`, `mfa-push`, `mfa-recovery-code`, `mfa-sms`, `mfa-voice`, `mfa-webauthn`, `organizations`, `passkeys`, `phone-identifier-challenge`, `phone-identifier-enrollment`, `reset-password`, `signup`, `signup-id`, `signup-password`, `status`.
 
 ### Read-Only

docs/resources/prompt_screen_renderer.md

@@ -1,12 +1,12 @@
 ---
 page_title: "Resource: auth0_prompt_screen_renderer"
 description: |-
-  With this resource, you can Configure the render settings for a specific screen.You can read more about this.
+  With this resource, you can Configure the render settings for a specific screen.You can read more about this here https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens.
 ---
 
 # Resource: auth0_prompt_screen_renderer
 
-With this resource, you can Configure the render settings for a specific screen.You can read more about this.
+With this resource, you can Configure the render settings for a specific screen.You can read more about this [here](https://auth0.com/docs/customize/login-pages/advanced-customizations/getting-started/configure-acul-screens).
 
 ## Example Usage
 
@@ -57,8 +57,8 @@ resource "auth0_prompt_screen_renderer" "prompt_screen_renderer" {
 
 ### Required
 
-- `prompt_type` (String) The prompt that you are configuring settings for. Options are: `signup-id`, `signup`, `signup-password`, `login`, `login-id`, `login-password`, `login-passwordless`, `login-email-verification`, `phone-identifier-enrollment`, `phone-identifier-challenge`, `email-identifier-challenge`, `reset-password`, `custom-form`, `consent`, `customized-consent`, `logout`, `mfa-push`, `mfa-otp`, `mfa-voice`, `mfa-phone`, `mfa-webauthn`, `mfa-sms`, `mfa-email`, `mfa-recovery-code`, `mfa`, `status`, `device-flow`, `email-verification`, `email-otp-challenge`, `organizations`, `invitation`, `common`, `passkeys`, `captcha`.
-- `screen_name` (String) The screen that you are configuring settings for. Options are: `login`, `login-id`, `login-password`, `signup`, `signup-id`, `signup-password`, `login-passwordless-sms-otp`, `login-passwordless-email-code`, `login-passwordless-email-link`, `login-email-verification`, `phone-identifier-enrollment`, `phone-identifier-challenge`, `email-identifier-challenge`, `reset-password-request`, `reset-password-email`, `reset-password`, `reset-password-success`, `reset-password-error`, `reset-password-mfa-email-challenge`, `reset-password-mfa-otp-challenge`, `reset-password-mfa-phone-challenge`, `reset-password-mfa-push-challenge-push`, `reset-password-mfa-recovery-code-challenge`, `reset-password-mfa-sms-challenge`, `reset-password-mfa-voice-challenge`, `reset-password-mfa-webauthn-platform-challenge`, `reset-password-mfa-webauthn-roaming-challenge`, `custom-form`, `consent`, `customized-consent`, `logout`, `logout-complete`, `logout-aborted`, `mfa-push-welcome`, `mfa-push-enrollment-qr`, `mfa-push-enrollment-code`, `mfa-push-success`, `mfa-push-challenge-push`, `mfa-push-list`, `mfa-otp-enrollment-qr`, `mfa-otp-enrollment-code`, `mfa-otp-challenge`, `mfa-voice-enrollment`, `mfa-voice-challenge`, `mfa-phone-challenge`, `mfa-phone-enrollment`, `mfa-webauthn-platform-enrollment`, `mfa-webauthn-roaming-enrollment`, `mfa-webauthn-platform-challenge`, `mfa-webauthn-roaming-challenge`, `mfa-webauthn-change-key-nickname`, `mfa-webauthn-enrollment-success`, `mfa-webauthn-error`, `mfa-webauthn-not-available-error`, `mfa-country-codes`, `mfa-sms-enrollment`, `mfa-sms-challenge`, `mfa-sms-list`, `mfa-email-challenge`, `mfa-email-list`, `mfa-recovery-code-enrollment`, `mfa-recovery-code-challenge`, `mfa-detect-browser-capabilities`, `mfa-enroll-result`, `mfa-login-options`, `mfa-begin-enroll-options`, `status`, `device-code-activation`, `device-code-activation-allowed`, `device-code-activation-denied`, `device-code-confirmation`, `email-verification-result`, `email-otp-challenge`, `organization-selection`, `organization-picker`, `accept-invitation`, `redeem-ticket`, `passkey-enrollment`, `passkey-enrollment-local`, `interstitial-captcha`.
+- `prompt_type` (String) The prompt that you are configuring settings for. Options are: `signup-id`, `signup-password`, `login-id`, `login-password`, `login-passwordless`, `phone-identifier-enrollment`, `phone-identifier-challenge`, `email-identifier-challenge`, `passkeys`, `captcha`.
+- `screen_name` (String) The screen that you are configuring settings for. Options are: `signup-id`, `signup-password`, `login-id`, `login-password`, `login-passwordless-sms-otp`, `login-passwordless-email-code`, `phone-identifier-enrollment`, `phone-identifier-challenge`, `email-identifier-challenge`, `passkey-enrollment`, `passkey-enrollment-local`, `interstitial-captcha`.
 
 ### Optional
 

internal/auth0/connection/expand.go

@@ -932,6 +932,7 @@ func expandConnectionOptionsSAML(_ *schema.ResourceData, config cty.Value) (inte
 
 	config.GetAttr("idp_initiated").ForEachElement(func(_ cty.Value, idp cty.Value) (stop bool) {
 		options.IdpInitiated = &management.ConnectionOptionsSAMLIdpInitiated{
+			Enabled:              value.Bool(idp.GetAttr("enabled")),
 			ClientID:             value.String(idp.GetAttr("client_id")),
 			ClientProtocol:       value.String(idp.GetAttr("client_protocol")),
 			ClientAuthorizeQuery: value.String(idp.GetAttr("client_authorize_query")),
@@ -1015,6 +1016,7 @@ func expandConnectionOptionsPingFederate(_ *schema.ResourceData, config cty.Valu
 
 	config.GetAttr("idp_initiated").ForEachElement(func(_ cty.Value, idp cty.Value) (stop bool) {
 		options.IdpInitiated = &management.ConnectionOptionsSAMLIdpInitiated{
+			Enabled:              value.Bool(idp.GetAttr("enabled")),
 			ClientID:             value.String(idp.GetAttr("client_id")),
 			ClientProtocol:       value.String(idp.GetAttr("client_protocol")),
 			ClientAuthorizeQuery: value.String(idp.GetAttr("client_authorize_query")),

internal/auth0/connection/flatten.go

@@ -1012,6 +1012,7 @@ func flattenConnectionOptionsSAML(
 	if options.IdpInitiated != nil {
 		optionsMap["idp_initiated"] = []interface{}{
 			map[string]interface{}{
+				"enabled":                options.IdpInitiated.GetEnabled(),
 				"client_id":              options.IdpInitiated.GetClientID(),
 				"client_protocol":        options.IdpInitiated.GetClientProtocol(),
 				"client_authorize_query": options.IdpInitiated.GetClientAuthorizeQuery(),
@@ -1069,6 +1070,7 @@ func flattenConnectionOptionsPingFederate(
 		"upstream_params":          upstreamParams,
 		"idp_initiated": []map[string]interface{}{
 			{
+				"enabled":                options.GetIdpInitiated().GetEnabled(),
 				"client_id":              options.GetIdpInitiated().GetClientID(),
 				"client_protocol":        options.GetIdpInitiated().GetClientProtocol(),
 				"client_authorize_query": options.GetIdpInitiated().GetClientAuthorizeQuery(),

internal/auth0/connection/resource_test.go

@@ -2218,6 +2218,7 @@ func TestAccConnectionSAML(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.strategy_version", "2"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.entity_id", ""),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_authorize_query", "type=code&timeout=30"),
+					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.enabled", "true"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.fields_map", "{\"email\":[\"emailaddress\",\"nameidentifier\"],\"family_name\":\"surname\",\"name\":[\"name\",\"nameidentifier\"]}"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.metadata_url", ""),
 					resource.TestCheckResourceAttrSet("auth0_connection.my_connection", "options.0.metadata_xml"),
@@ -2300,6 +2301,7 @@ resource "auth0_connection" "my_connection" {
 		})
 
 		idp_initiated {
+			enabled = true
 			client_id              = "client_id"
 			client_protocol        = "samlp"
 			client_authorize_query = "type=code&timeout=30"
@@ -2371,6 +2373,7 @@ resource "auth0_connection" "my_connection" {
 		})
 
 		idp_initiated {
+			enabled = true
 			client_id              = "client_id"
 			client_protocol        = "samlp"
 			client_authorize_query = "type=code&timeout=60"
@@ -2468,6 +2471,7 @@ func TestAccConnectionPingFederate(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.#", "1"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_id", "client_id"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_protocol", "samlp"),
+					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.enabled", "true"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_authorize_query", "type=code&timeout=30"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
 				),
@@ -2498,6 +2502,7 @@ func TestAccConnectionPingFederate(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.#", "1"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_id", "client_id"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_protocol", "samlp"),
+					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.enabled", "true"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.idp_initiated.0.client_authorize_query", "type=code&timeout=60"),
 					resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", ""),
 				),
@@ -2554,6 +2559,7 @@ EOF
 			}
 		})
 		idp_initiated {
+			enabled = true
 			client_id = "client_id"
 			client_protocol = "samlp"
 			client_authorize_query = "type=code&timeout=30"
@@ -2604,6 +2610,7 @@ EOF
 		set_user_root_attributes = "on_each_login"
 		non_persistent_attrs = ["gender","hair_color"]
 		idp_initiated {
+			enabled = true
 			client_id = "client_id"
 			client_protocol = "samlp"
 			client_authorize_query = "type=code&timeout=60"

internal/auth0/connection/schema.go

@@ -597,6 +597,7 @@ var optionsSchema = &schema.Schema{
 			"set_user_root_attributes": {
 				Type:         schema.TypeString,
 				Optional:     true,
+				Computed:     true,
 				ValidateFunc: validation.StringInSlice([]string{"on_each_login", "on_first_login"}, false),
 				Description: "Determines whether to sync user profile attributes (`name`, `given_name`, " +
 					"`family_name`, `nickname`, `picture`) at each login or only on the first login. Options " +
@@ -777,6 +778,11 @@ var optionsSchema = &schema.Schema{
 					"with the properties: `client_id`, `client_protocol`, and `client_authorize_query`.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"enabled": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 						"client_id": {
 							Type:     schema.TypeString,
 							Optional: true,

internal/auth0/flow/expand.go

@@ -48,10 +48,6 @@ func expandVaultConnection(data *schema.ResourceData) (*management.FlowVaultConn
 		vaultConnection.AccountName = value.String(cfg.GetAttr("account_name"))
 	}
 
-	if data.HasChange("ready") {
-		vaultConnection.Ready = value.Bool(cfg.GetAttr("ready"))
-	}
-
 	return vaultConnection, nil
 }
 

internal/auth0/flow/flatten.go

@@ -34,7 +34,6 @@ func flattenVaultConnection(data *schema.ResourceData, vaultConnection *manageme
 		data.Set("name", vaultConnection.GetName()),
 		data.Set("app_id", vaultConnection.GetAppID()),
 		data.Set("environment", vaultConnection.GetEnvironment()),
-		data.Set("setup", vaultConnection.GetSetup()),
 		data.Set("account_name", vaultConnection.GetAccountName()),
 		data.Set("ready", vaultConnection.GetReady()),
 		data.Set("fingerprint", vaultConnection.GetFingerprint()),

internal/auth0/flow/resource_vault_connection.go

@@ -68,9 +68,7 @@ func NewVaultConnectionResource() *schema.Resource {
 				Optional:    true,
 				Description: "Configuration of the vault connection. (Mapping information must be provided as key/value pairs)",
 				Sensitive:   true,
-				Elem: &schema.Schema{
-					Type: schema.TypeString,
-				},
+				Elem:        schema.TypeString,
 			},
 			"account_name": {
 				Type:        schema.TypeString,
@@ -79,7 +77,7 @@ func NewVaultConnectionResource() *schema.Resource {
 			},
 			"ready": {
 				Type:        schema.TypeBool,
-				Optional:    true,
+				Computed:    true,
 				Description: "Indicates if the vault connection is configured.",
 			},
 			"fingerprint": {