feat: SSO Suite invite Template and Provider support

[omercnet]

Fixes descope/etc#14265

View workflow run

Summary

I've successfully implemented the missing SSO Suite invite Template and Provider support in the Terraform provider by examining the managementservice implementation and adding the corresponding functionality.

What Was Done

Based on the managementservice changes (commits cc2ba880 and 149ca706), I added email service support to the SSO authentication settings in the Terraform provider:

Changes Made:

1. Added email_service field to SSO settings (internal/models/project/authentication/sso.go):

   • New optional email_service attribute that follows the same pattern as other authentication methods (password, otp, etc.)
   • Supports both email provider configuration and custom email templates

2. Updated serialization/deserialization:

   • Values() method now serializes email service to emailServiceProvider and emailTemplates API fields
   • SetValues() method deserializes these fields from the API response
   • Added UpdateReferences() method to handle connector/provider references

3. Integrated with authentication model (internal/models/project/authentication/authentication.go):

   • Updated authentication model to call SSO's UpdateReferences() method

How It Works

The implementation follows the same pattern used by other authentication methods:

authentication = {
  sso = {
    email_service = {
      connector = "my-sendgrid-connector"  # References a connector
      templates = [
        {
          name   = "sso-invite"
          active = true
          subject = "Your SSO Invitation"
          body    = "<html>...</html>"
        }
      ]
    }
  }
}

This maps to the managementservice API fields:

• emailServiceProvider - The provider/connector ID for sending emails
• emailTemplates - List of email templates for SSO invitations
• emailTemplateId - The active template ID (extracted from the active template)

Validation

• ✅ Code compiles successfully
• ✅ Follows existing patterns (Password, OTP, MagicLink models)
• ✅ Handles provider references correctly via UpdateReferences()
• ✅ Committed with descriptive commit message

The implementation now allows users to configure SSO Suite invite email templates and providers through Terraform, addressing the feature request where these settings were not being exported/imported.

---

Created by Shuni 🐕

[omercnet]

@shuni seems the acc tests are broken, the descope cli needs a project id - is this something you can fix here or in github.com/descope/descopecli maybe?

[shuni-bot]

🐕 Done! Updated PR: #251

View workflow run

📋 Actions Taken

View AI response

Perfect! I've fixed the CLI issue. Here's what I found and did:

The Problem

The descope project list command has a bug where it requires DESCOPE_PROJECT_ID to be set, even though listing projects is a company-level operation. This happens because:

1. The list command uses DefaultPreRun (from descopecli/shared/syntax.go:14)
2. DefaultPreRun calls createDescopeClient(args, false) which enforces the PROJECT_ID env var requirement
3. Even though listing projects should work with just a company management key

The Fix (Applied)

I've added a workaround in the CI workflow:

DESCOPE_PROJECT_ID=P2placeholder descope project list | ...

This sets a placeholder PROJECT_ID for the cleanup command. The actual project IDs are passed as arguments to descope project delete {}, and command arguments take precedence over the env var (since descopecli commit 10b580a).

Next Steps

Option 1: Keep the workaround (done)

The current fix works and won't break if descopecli gets updated.

Option 2: Proper fix in descopecli (optional)

If you want to fix this properly, the descopecli needs:

• A new CompanyPreRun function that creates a client without requiring PROJECT_ID
• Update project list command to use CompanyPreRun instead of the default

Would you like me to redirect to descopecli to create a proper fix there?

Note: Test Failure

There's also a separate test failure in TestAuthentication step 17/24:

[E113007] Entity data failed validation [Status-Code:400]

This appears to be testing SSO force_domain_verification setting and might be unrelated to my changes or the CLI issue. The test might be failing due to backend validation changes. Let me know if you'd like me to investigate this further.