Skip to content

feat: add code_mfa_enabled support to ory_project_config#127

Merged
KT-Doan merged 2 commits intomainfrom
feat/code-mfa-enabled
Mar 17, 2026
Merged

feat: add code_mfa_enabled support to ory_project_config#127
KT-Doan merged 2 commits intomainfrom
feat/code-mfa-enabled

Conversation

@KT-Doan
Copy link
Copy Markdown
Collaborator

@KT-Doan KT-Doan commented Mar 17, 2026
edited
Loading

Description

Add the missing code_mfa_enabled attribute to the ory_project_config resource, allowing users to configure the code method as a second factor for MFA via Terraform.

This was reported in #122 — the mfa_enabled setting under selfservice->methods->code was not exposed in the provider.

Related Issues

Fixes #122

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Checklist

  • I have read the CONTRIBUTING guide
  • My code follows the existing code style
  • I have added tests that prove my fix/feature works
  • I have updated documentation as needed
  • All new and existing tests pass (make test)
  • I have run the linter (make format)

Testing

  • Unit tests
  • Acceptance tests
  • Manual testing

Changes

  • Model: Added CodeMFAEnabled field (tfsdk:"code_mfa_enabled")
  • Schema: Added code_mfa_enabled boolean attribute with description
  • Write (buildPatches): Maps to API path /services/identity/config/selfservice/methods/code/mfa_enabled
  • Read (readProjectConfig): Reads from selfservice.methods.code.mfa_enabled
  • Tests: Added TestAccProjectConfigResource_codeMFA with create, import, update, and no-diff verification steps
  • Examples: Updated ory_project_config example to show code_mfa_enabled usage
  • Docs: Auto-regenerated via make format

Acceptance Test Results

=== RUN   TestAccProjectConfigResource_codeMFA
--- PASS: TestAccProjectConfigResource_codeMFA (10.03s)

Pre-commit Checks

  • make build — pass
  • make format — pass (0 lint issues)
  • make test-short — pass (all unit tests pass)
  • make sec — pass (govulncheck, gosec, gitleaks all clean)
  • make sec-trivy — pass (no vulnerabilities)

Usage

resource "ory_project_config" "main" {
  enable_code      = true
  code_mfa_enabled = true
}

@KT-Doan
feat: add code_mfa_enabled support to ory_project_config
0809866 
Add the missing `code_mfa_enabled` attribute to the `ory_project_config`
resource, allowing users to configure the code method as a second factor
for MFA via Terraform.

Closes #122
Copilot AI review requested due to automatic review settings March 17, 2026 05:02
@KT-Doan KT-Doan self-assigned this Mar 17, 2026
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for configuring code-based MFA (selfservice.methods.code.mfa_enabled) via the ory_project_config Terraform resource.

Changes:

  • Exposes new code_mfa_enabled boolean in the resource model and schema.
  • Maps the attribute to the corresponding Ory Identity config write/read paths.
  • Adds acceptance coverage plus example + generated docs updates.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
internal/resources/projectconfig/resource.go Adds the code_mfa_enabled schema/model field and wire-up to API patch/read mappings.
internal/resources/projectconfig/resource_test.go Adds an acceptance test covering create/import/update and plan-only verification.
internal/resources/projectconfig/testdata/code_mfa.tf.tmpl Introduces test config template for toggling code_mfa_enabled.
examples/resources/ory_project_config/resource.tf Documents usage of code_mfa_enabled in the example config.
docs/resources/project_config.md Updates generated docs to include code_mfa_enabled and example snippet.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@KT-Doan
fix: address review comments on test clarity
d33f28c 
- Add comment explaining why import ignores config fields (by design)
- Add explicit ExpectNonEmptyPlan: false for no-diff assertion
- Fix alignment in code_mfa.tf.tmpl template
@KT-Doan KT-Doan requested a review from Copilot March 17, 2026 05:33
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Terraform support for configuring selfservice.methods.code.mfa_enabled via a new code_mfa_enabled attribute on the ory_project_config resource (fixing the gap reported in #122).

Changes:

  • Added code_mfa_enabled to the resource model/schema and wired it to API read/write mappings.
  • Added acceptance test coverage for create/import/update/no-diff behavior.
  • Updated example and generated docs to include the new attribute.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
internal/resources/projectconfig/testdata/code_mfa.tf.tmpl Adds acceptance-test template to configure code_mfa_enabled.
internal/resources/projectconfig/resource_test.go Adds acceptance test validating CRUD/import and no-perpetual-diff for code_mfa_enabled.
internal/resources/projectconfig/resource.go Extends model/schema and maps code_mfa_enabled to the Ory config paths for read/write.
examples/resources/ory_project_config/resource.tf Updates example usage to demonstrate code_mfa_enabled.
docs/resources/project_config.md Updates generated docs and example snippet to include code_mfa_enabled.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@KT-Doan KT-Doan merged commit 1e32940 into main Mar 17, 2026
10 checks passed
@KT-Doan KT-Doan deleted the feat/code-mfa-enabled branch March 17, 2026 07:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lovelinuxalot lovelinuxalot lovelinuxalot approved these changes

Assignees

@KT-Doan KT-Doan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing setting for mfa_enabled under code

3 participants

@KT-Doan @lovelinuxalot