Implement auth0_encryption_key_manager resource using the framework

Author: acwest

docs/data-sources/provider.md

@@ -0,0 +1,20 @@
+---
+page_title: "Data Source: auth0_provider"
+description: |-
+  A data source for retrieving basic information about the provider.
+---
+
+# Data Source: auth0_provider
+
+A data source for retrieving basic information about the provider.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `provider_version` (String) The version of the provider.
+
+

docs/resources/encryption_key_manager.md

@@ -1,12 +1,12 @@
 ---
 page_title: "Resource: auth0_encryption_key_manager"
 description: |-
-  Resource to allow the rekeying of your tenant master key.
+  A resource for managing the tenant root key.
 ---
 
 # Resource: auth0_encryption_key_manager
 
-Resource to allow the rekeying of your tenant master key.
+A resource for managing the tenant root key.
 
 ## Example Usage
 
@@ -50,13 +50,12 @@ resource "auth0_encryption_key_manager" "my_key_manager" {
 
 ### Optional
 
-- `customer_provided_root_key` (Block List, Max: 1) This attribute is used for provisioning the customer provided root key. To initiate the provisioning process, create a new empty `customer_provided_root_key` block. After applying this, the `public_wrapping_key` can be retreived from the resource, and the new root key should be generated by the customer and wrapped with the wrapping key, then base64-encoded and added as the `wrapped_key` attribute. (see [below for nested schema](#nestedblock--customer_provided_root_key))
+- `customer_provided_root_key` (Block, Optional) This attribute is used for provisioning the customer provided root key. To initiate the provisioning process, create a new empty `customer_provided_root_key` block. After applying this, the `public_wrapping_key` can be retreived from the resource, and the new root key should be generated by the customer and wrapped with the wrapping key, then base64-encoded and added as the `wrapped_key` attribute. (see [below for nested schema](#nestedblock--customer_provided_root_key))
 - `key_rotation_id` (String) If this value is changed, the encryption keys will be rotated. A UUID is recommended for the `key_rotation_id`.
 
 ### Read-Only
 
-- `encryption_keys` (List of Object) All encryption keys. (see [below for nested schema](#nestedatt--encryption_keys))
-- `id` (String) The ID of this resource.
+- `encryption_keys` (Attributes List) All encryption keys. (see [below for nested schema](#nestedatt--encryption_keys))
 
 <a id="nestedblock--customer_provided_root_key"></a>
 ### Nested Schema for `customer_provided_root_key`
@@ -82,11 +81,11 @@ Read-Only:
 
 Read-Only:
 
-- `created_at` (String)
-- `key_id` (String)
-- `parent_key_id` (String)
-- `state` (String)
-- `type` (String)
-- `updated_at` (String)
+- `created_at` (String) The ISO 8601 formatted date the customer provided root key was created.
+- `key_id` (String) The key ID of the customer provided root key.
+- `parent_key_id` (String) The key ID of the parent wrapping key.
+- `state` (String) The state of the encryption key. One of `pre-activation`, `active`, `deactivated`, or `destroyed`.
+- `type` (String) The type of the encryption key. One of `customer-provided-root-key`, `environment-root-key`, or `tenant-master-key`.
+- `updated_at` (String) The ISO 8601 formatted date the customer provided root key was updated.
 
 

go.mod

@@ -52,6 +52,7 @@ require (
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.21.0 // indirect
 	github.com/hashicorp/terraform-json v0.22.1 // indirect
+	github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect

go.sum

@@ -113,6 +113,8 @@ github.com/hashicorp/terraform-plugin-docs v0.19.4 h1:G3Bgo7J22OMtegIgn8Cd/CaSey
 github.com/hashicorp/terraform-plugin-docs v0.19.4/go.mod h1:4pLASsatTmRynVzsjEhbXZ6s7xBlUw/2Kt0zfrq8HxA=
 github.com/hashicorp/terraform-plugin-framework v1.12.0 h1:7HKaueHPaikX5/7cbC1r9d1m12iYHY+FlNZEGxQ42CQ=
 github.com/hashicorp/terraform-plugin-framework v1.12.0/go.mod h1:N/IOQ2uYjW60Jp39Cp3mw7I/OpC/GfZ0385R0YibmkE=
+github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0 h1:v3DapR8gsp3EM8fKMh6up9cJUFQ2iRaFsYLP8UJnCco=
+github.com/hashicorp/terraform-plugin-framework-timetypes v0.5.0/go.mod h1:c3PnGE9pHBDfdEVG9t1S1C9ia5LW+gkFR0CygXlM8ak=
 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 h1:bxZfGo9DIUoLLtHMElsu+zwqI4IsMZQBRRy4iLzZJ8E=
 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0/go.mod h1:wGeI02gEhj9nPANU62F2jCaHjXulejm/X+af4PdZaNo=
 github.com/hashicorp/terraform-plugin-go v0.24.0 h1:2WpHhginCdVhFIrWHxDEg6RBn3YaWzR2o6qUeIEat2U=

internal/acctest/acctest.go

@@ -7,27 +7,31 @@ import (
 	"testing"
 
 	"github.com/auth0/go-auth0/management"
+	"github.com/hashicorp/terraform-plugin-framework/provider"
+	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"gopkg.in/dnaeon/go-vcr.v3/recorder"
 
 	"github.com/auth0/terraform-provider-auth0/internal/config"
-	"github.com/auth0/terraform-provider-auth0/internal/provider"
+	frameworkError "github.com/auth0/terraform-provider-auth0/internal/framework/error"
+	frameworkProvider "github.com/auth0/terraform-provider-auth0/internal/framework/provider"
+	internalProvider "github.com/auth0/terraform-provider-auth0/internal/provider"
 )
 
 // Test checks to see if http recordings are enabled and runs the tests
 // in parallel if they are, otherwise it simply wraps resource.Test.
 func Test(t *testing.T, testCase resource.TestCase) {
 	if httpRecordingsAreEnabled() {
 		httpRecorder := newHTTPRecorder(t)
-		testCase.ProviderFactories = testFactoriesWithHTTPRecordings(httpRecorder)
+		testCase.ProtoV6ProviderFactories = testProviderFactoriesWithHTTPRecordings(httpRecorder)
 		resource.ParallelTest(t, testCase)
 
 		return
 	}
 
-	testCase.ProviderFactories = TestFactories()
+	testCase.ProtoV6ProviderFactories = TestProviderFactories()
 	resource.Test(t, testCase)
 }
 
@@ -36,23 +40,29 @@ func httpRecordingsAreEnabled() bool {
 	return httpRecordings == "true" || httpRecordings == "1" || httpRecordings == "on"
 }
 
-// TestFactories returns the configured auth0 provider used in testing.
-func TestFactories() map[string]func() (*schema.Provider, error) {
-	return map[string]func() (*schema.Provider, error){
-		"auth0": func() (*schema.Provider, error) {
-			return provider.New(), nil
+// TestProviderFactories returns the configured auth0 provider used in testing for the framework.
+func TestProviderFactories() map[string]func() (tfprotov6.ProviderServer, error) {
+	// Set descriptions to support Markdown syntax for SDK resources,
+	// this will be used in document generation.
+	schema.DescriptionKind = schema.StringMarkdown
+	return map[string]func() (tfprotov6.ProviderServer, error){
+		"auth0": func() (tfprotov6.ProviderServer, error) {
+			return frameworkProvider.MuxServer(internalProvider.New(), frameworkProvider.New())
 		},
 	}
 }
 
-func testFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string]func() (*schema.Provider, error) {
-	return map[string]func() (*schema.Provider, error){
-		"auth0": func() (*schema.Provider, error) {
-			auth0Provider := provider.New()
-
-			auth0Provider.ConfigureContextFunc = configureTestProviderWithHTTPRecordings(httpRecorder)
-
-			return auth0Provider, nil
+func testProviderFactoriesWithHTTPRecordings(httpRecorder *recorder.Recorder) map[string]func() (tfprotov6.ProviderServer, error) {
+	// Set descriptions to support Markdown syntax for SDK resources,
+	// this will be used in document generation.
+	schema.DescriptionKind = schema.StringMarkdown
+	return map[string]func() (tfprotov6.ProviderServer, error){
+		"auth0": func() (tfprotov6.ProviderServer, error) {
+			sdkProvider := internalProvider.New()
+			sdkProvider.ConfigureContextFunc = configureTestProviderWithHTTPRecordings(httpRecorder)
+			fwkProvider := frameworkProvider.New()
+			fwkProvider.SetConfigureFunc(configureTestFrameworkProviderWithHTTPRecordings(httpRecorder))
+			return frameworkProvider.MuxServer(sdkProvider, fwkProvider)
 		},
 	}
 }
@@ -96,3 +106,71 @@ func configureTestProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) sc
 		return config.New(apiClient), nil
 	}
 }
+
+func configureTestFrameworkProviderWithHTTPRecordings(httpRecorder *recorder.Recorder) func(context.Context, provider.ConfigureRequest, *provider.ConfigureResponse) {
+	return func(ctx context.Context, request provider.ConfigureRequest, response *provider.ConfigureResponse) {
+		domain := os.Getenv("AUTH0_DOMAIN")
+		debugStr := os.Getenv("AUTH0_DEBUG")
+		debug := (debugStr == "1" || debugStr == "true" || debugStr == "TRUE" || debugStr == "on" || debugStr == "ON")
+
+		var data config.FrameworkProviderModel
+		response.Diagnostics.Append(request.Config.Get(ctx, &data)...)
+
+		if data.Domain.ValueString() != "" {
+			domain = data.Domain.ValueString()
+		}
+		if !data.Debug.IsNull() && !data.Debug.IsUnknown() {
+			debug = data.Debug.ValueBool()
+		}
+
+		clientOptions := []management.Option{
+			management.WithStaticToken("insecure"),
+			management.WithClient(httpRecorder.GetDefaultClient()),
+			management.WithDebug(debug),
+			management.WithRetries(3, []int{http.StatusTooManyRequests, http.StatusInternalServerError}),
+		}
+
+		if domain != RecordingsDomain {
+			clientID := os.Getenv("AUTH0_CLIENT_ID")
+			clientSecret := os.Getenv("AUTH0_CLIENT_SECRET")
+			apiToken := os.Getenv("AUTH0_API_TOKEN")
+			audience := os.Getenv("AUTH0_AUDIENCE")
+
+			if data.ClientID.ValueString() != "" {
+				clientID = data.ClientID.ValueString()
+			}
+			if data.ClientSecret.ValueString() != "" {
+				clientSecret = data.ClientSecret.ValueString()
+			}
+			if data.APIToken.ValueString() != "" {
+				apiToken = data.APIToken.ValueString()
+			}
+			if data.Audience.ValueString() != "" {
+				audience = data.Audience.ValueString()
+			}
+
+			authenticationOption := management.WithStaticToken(apiToken)
+			if apiToken == "" {
+				ctx := context.Background()
+
+				authenticationOption = management.WithClientCredentials(ctx, clientID, clientSecret)
+				if audience != "" {
+					authenticationOption = management.WithClientCredentialsAndAudience(ctx, clientID, clientSecret, audience)
+				}
+			}
+
+			clientOptions = append(clientOptions, authenticationOption)
+		}
+
+		apiClient, err := management.New(domain, clientOptions...)
+		if err != nil {
+			response.Diagnostics.Append(frameworkError.Diagnostics(err)...)
+		}
+
+		if !response.Diagnostics.HasError() {
+			config := config.New(apiClient)
+			response.ResourceData = config
+			response.DataSourceData = config
+		}
+	}
+}

internal/auth0/client/resource_test.go

@@ -21,7 +21,7 @@ resource "auth0_client" "my_client" {
 
 func TestAccClientInitiateLoginUriValidation(t *testing.T) {
 	resource.UnitTest(t, resource.TestCase{
-		ProviderFactories: acctest.TestFactories(),
+		ProtoV6ProviderFactories: acctest.TestProviderFactories(),
 		Steps: []resource.TestStep{
 			{
 				Config:      acctest.ParseTestName(testAccClientValidationOnInitiateLoginURIWithHTTP, t.Name()),
@@ -44,7 +44,7 @@ resource "auth0_client" "my_client" {
 
 func TestAccClientMobileValidationError(t *testing.T) {
 	resource.UnitTest(t, resource.TestCase{
-		ProviderFactories: acctest.TestFactories(),
+		ProtoV6ProviderFactories: acctest.TestProviderFactories(),
 		Steps: []resource.TestStep{
 			{
 				Config:      acctest.ParseTestName(testAccClientValidationOnMobile, t.Name()),

internal/auth0/connection/data_source_test.go

@@ -55,7 +55,7 @@ data "auth0_connection" "test" {
 
 func TestAccDataSourceConnectionRequiredArguments(t *testing.T) {
 	resource.UnitTest(t, resource.TestCase{
-		ProviderFactories: acctest.TestFactories(),
+		ProtoV6ProviderFactories: acctest.TestProviderFactories(),
 		Steps: []resource.TestStep{
 			{
 				Config:      `data "auth0_connection" "test" { }`,