auth0_attack_protection: Brute-force protection allowlist is not updated in Tenant

BrettNL commented 3 months ago

Checklist

[X] I have looked into the README and have not found a suitable solution or answer.
[X] I have looked into the documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have upgraded to the latest version of this provider and the issue still persists.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

When configuring attack protection for a Tenant, the allowlist entries for Brute-force protection is not updated in the Tenant. This causes constant terraform plan and terraform apply output which displays adding the IPs to the allow list.

Expectation

The allowlist for Brute-force protection is updated in the Tenant as indicated by terraform apply.

Reproduction

Given a Tenant with a valid Enterprise subscription, and the following terraform code:

resource "auth0_attack_protection" "attack_protection" {
  brute_force_protection {
    enabled      = true
    allowlist    = ["8.8.8.8", "8.8.4.4"]
    max_attempts = 6
    mode         = "count_per_identifier_and_ip"
  }
}

when I run terraform apply, then I expect to see "8.8.8.8" and "8.8.4.4" in the allowlist in the Auth0 UI.

Auth0 Terraform Provider version

1.4.6

Terraform version

v1.2.0

developerkunal commented 1 month ago

Hi @BrettNL ,

I hope you're having a great day!

I attempted to replicate the issue on my end, but I wasn't able to encounter it while using your resource configuration. Could you provide me with more information about the issue so that I can assist you further?

developerkunal commented 1 month ago

Hi @BrettNL,

I hope you're having a great day!

I will be closing this issue. If you have any questions or queries, please feel free to reopen the issue or create a new one.

Thank you!

BrettNL commented 1 month ago

Hi @developerkunal! I missed your reply last week.

I think an update was made in the Terraform Provider code or in some backend code in Auth0. From our internal deployment logs, I could see the issue was present on a pipeline run on 2024-04-17T09:01:42Z, but a subsequent run 30 minutes later at 2024-04-17T09:36:53Z did not show the issue was present anymore.

We did not make any updates to our Terraform code during that week, so I had to conclude that maybe there was an update somewhere in Auth0 that might've fixed this behaviour.

I agree this issue can be closed. Thanks for looking into this.

auth0 / terraform-provider-auth0