add email mfa factor

[phil-f]

Proposed Changes

• Adds the email mfa factor

Acceptance Test Output

Click to expand

$ make testacc TESTS=TestAccGuardian
==> Checking that code complies with gofmt requirements...
?       github.com/alexkappa/terraform-provider-auth0   [no test files]
=== RUN   TestAccGuardian
--- PASS: TestAccGuardian (93.45s)
PASS
coverage: 11.6% of statements
ok      github.com/alexkappa/terraform-provider-auth0/auth0     93.861s coverage: 11.6% of statements
?       github.com/alexkappa/terraform-provider-auth0/auth0/internal/debug      [no test files]
?       github.com/alexkappa/terraform-provider-auth0/auth0/internal/digitalocean       [no test files]
testing: warning: no tests to run
PASS
coverage: 0.0% of statements
ok      github.com/alexkappa/terraform-provider-auth0/auth0/internal/hash       1.796s  coverage: 0.0% of statements [no tests to run]
testing: warning: no tests to run
PASS
coverage: 0.0% of statements
ok      github.com/alexkappa/terraform-provider-auth0/auth0/internal/random     2.075s  coverage: 0.0% of statements [no tests to run]
testing: warning: no tests to run
PASS
coverage: 0.0% of statements
ok      github.com/alexkappa/terraform-provider-auth0/auth0/internal/validation 0.215s  coverage: 0.0% of statements [no tests to run]
?       github.com/alexkappa/terraform-provider-auth0/version   [no test files]
...

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

[phil-f]

First time contributing to a Terraform provider, comments/feedback would be very much welcome!

@apamildner
Would be great to get your feedback on this too if possible, seeing as this builds on your PR. I wasn't able to implement it in the same way as phone, due to the fact that email is just a simple bool rather than having additional config like phone does.

I'm conscious it potentially makes the code a bit less coherent, if you believe that to be the case then more than happy to work on getting this PR into a better state.

I also wanted to ask about the ignored errors on the management client when updating phone, is that intentional? I left it alone as I wasn't sure.

[apamildner]

Nice job! I understand what you mean by not following my "idea" of how this resource should be extended, but as you say it is just a simple boolean so I think this looks good. Thanks for pointing out the error that i had missed to handle, it should of course be dealt with. I added some comments on the code and also found some small typos I had missed, would be great if you could solve them while you're at it 👍

[apamildner]

As you mentioned - I probably forgot to handle the error here so you can definitely add it in this PR 👍

[apamildner]

Also, it seems like isFactorEnabled function is unused (also my bad), might just remove it in this PR 👍

[apamildner]

Isn't it more readable to avoid the switch here? I think it could be just

if v.Name != nil && *v.Name == "email"{
    d.Set("email", v.Enabled)
}

[phil-f]

I went for switch here thinking that it'll be a bit more concise in terms of syntax once one-time-password & recovery-code get added. Would you say you feel strongly about this point re: the readability aspect? If so then happy to change :).

[apamildner]

I see what you mean, I think we can leave the switch there 👍 But isn't there still a possible null pointer error here that is not adressed by your code? If v.Name == nil that is. Or is it handled by the switch logic of Golang maybe?

[willvedd]

I'd agree that @apamildner 's if statement is slightly clearer. If and when one-time-password and recovery-code get added, a switch will likely make more sense.

[apamildner]

Not part of your code but might just clean it up: I'm unable to comment on the specific line, but this file has a typo at line 5 which could be adressed: With this reasource, you can configure some of the MFA options -> With this resource, you can configure some of the MFA options

[phil-f]

@apamildner
Thanks for such swift feedback, much appreciated! I've addressed those points & added one comment re: the switch statement.

[apamildner]

I left a response, but otherwise I think this one should be ready to merge! I cannot do that though since I'm not a maintainer, just a contributor.

[willvedd]

Solid addition, thank you! Would also be great for you to create an example file: example/guardian/main.tf with something like:

provider "auth0" {}

resource "auth0_guardian" "guardian"{
  email = false
  policy = "all-applications"
  phone{
    provider  = "auth0"
    message_types = ["sms","voice"]
    options{
      verification_message = "{{code}} is your verification code for {{tenant.friendly_name}}. Please enter this code to verify your enrollment."
      enrollment_message = "{{code}} is your verification code for {{tenant.friendly_name}}."
    }
  }
}

This is what allowed me to verify this branch locally and serves as a reference to folks. But otherwise, looks good to me. Happy to merge once this and that one stylistic change is made.

[phil-f]

@willvedd
Thanks for the feedback! Good point about the example, have added it now & changed the switch to an if statement.

[sergiught]

Thanks a lot for the contribution! Solid work here! 💪🏻

[sergiught]

We could probably simplify the logic inside this func as follows:

Suggested change

	func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error {
	func updatePhoneFactor(d *schema.ResourceData, api *management.Management) error {
	ok, err := factorShouldBeUpdated(d, "phone")
	if err != nil {
	return err
	}
	if ok {
	if err := configurePhone(d, api); err != nil {
	return err
	}
	}
	return api.Guardian.MultiFactor.Phone.Enable(ok)
	}

[phil-f]

Definitely easier on the eyes with reducing the nesting, thanks for raising it about this & the other func! Had to change this one slightly, as phone needs to be enabled before it's configured. Also added api.Guardian.MultiFactor.Phone.Enable(false) for the negative case, as this means it's not present/being removed from state and we need to toggle it off.

[sergiught]

That makes sense, thanks @phil-f ! Awesome work here

[sergiught]

We can return here directly and remove 1 extra indentation level.

Suggested change

	if err := api.Guardian.MultiFactor.Email.Enable(enabled); err != nil {
	return err
	}
	return api.Guardian.MultiFactor.Email.Enable(enabled)

[sergiught]

Thanks for removing this unused method! 👍🏻

[sergiught]

This is awesome, thanks for fixing these typos!

[sergiught]

This was a much needed example:) Thanks!

[phil-f]

@sergiughf
Thanks for the review :). I've applied the changes now & commented on one of them that I had to tweak slightly.

[willvedd]

Great work!