search

auth0 / terraform-provider-auth0

The Auth0 Terraform Provider is the official plugin for managing Auth0 tenant configuration through the Terraform tool.
https://registry.terraform.io/providers/auth0/auth0/latest/docs
Mozilla Public License 2.0
167 stars 86 forks source link

Support BYOK in Terraform provider #1041

Closed acwest closed 1 month ago

acwest commented 1 month ago

This PR brings support of the Bring Your Own Key (BYOK) functionality in the Auth0 Management API.

πŸ”§ Changes

A new block customer_provided_root_key has been added to the auth0_encryption_key_manager resource. When this block is added, this initiates the process of adding a customer provided root key to the tenant. The block will at this point be filled with attributes from the Auth0 tenant key_id, type, state, created_at, and updated_at which describe the new key, as well as public_wrapping_key and wrapping_algorithm, which will be used by the customer to wrap the new key they generate in their KSM/HSM. Once the key is generated and wrapped, the Base64 encoded key is supplied by the customer in the wrapped_key attribute. If the customer_provided_root_key block is removed, the key provisioning is stopped and Auth0 reverts to using a root key generated internally.

πŸ“š References

Customer Managed Keys

API Docuimentation

πŸ”¬ Testing

πŸ“ Checklist

codecov-commenter commented 1 month ago

Codecov Report

Attention: Patch coverage is 84.10042% with 38 lines in your changes missing coverage. Please review.

Project coverage is 89.37%. Comparing base (3abe81a) to head (e4e8838).

Files with missing lines Patch % Lines
internal/auth0/encryptionkeymanager/resource.go 79.12% 26 Missing and 12 partials :warning:
Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041/graphs/tree.svg?width=650&height=150&src=pr&token=geObb1Hn9E&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0)](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0) ```diff @@ Coverage Diff @@ ## main #1041 +/- ## ========================================== - Coverage 89.43% 89.37% -0.07% ========================================== Files 125 126 +1 Lines 17244 17462 +218 ========================================== + Hits 15423 15606 +183 - Misses 1293 1317 +24 - Partials 528 539 +11 ``` | [Files with missing lines](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0) | Coverage Ξ” | | |---|---|---| | [internal/auth0/encryptionkeymanager/flatten.go](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041?src=pr&el=tree&filepath=internal%2Fauth0%2Fencryptionkeymanager%2Fflatten.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0#diff-aW50ZXJuYWwvYXV0aDAvZW5jcnlwdGlvbmtleW1hbmFnZXIvZmxhdHRlbi5nbw==) | `100.00% <100.00%> (ΓΈ)` | | | [internal/wait/wait.go](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041?src=pr&el=tree&filepath=internal%2Fwait%2Fwait.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0#diff-aW50ZXJuYWwvd2FpdC93YWl0Lmdv) | `100.00% <100.00%> (ΓΈ)` | | | [internal/auth0/encryptionkeymanager/resource.go](https://app.codecov.io/gh/auth0/terraform-provider-auth0/pull/1041?src=pr&el=tree&filepath=internal%2Fauth0%2Fencryptionkeymanager%2Fresource.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=auth0#diff-aW50ZXJuYWwvYXV0aDAvZW5jcnlwdGlvbmtleW1hbmFnZXIvcmVzb3VyY2UuZ28=) | `83.92% <79.12%> (-8.85%)` | :arrow_down: |