Attachment Resources, e.g. auth0_role_permission_attachment and auth0_user_role_attachment about terraform-provider-auth0 HOT 5 CLOSED

If users cannot/not be managed by Terraform, we cannot use auth0_user resources.

However, if attachment resources exist, we can attach roles to existing users without creating or managing users with Terraform resources.

This may be achieved by calling Assign users to a role API.

So I have the intention to implement this.

from terraform-provider-auth0.

Hey Auth0 Team! Do we have an ETA on this feature? I'm currently blocked on my TF implementation as I need auth0_role_permission_attachment

from terraform-provider-auth0.

Hey @josecsotomorales 👋🏻

While the DX right now might not be the best depending on your use case as we don't have a direct 1:1 resource with a relationship between roles and permissions and as well one between this and users, you should not be blocked in managing such associations with the current version of the provider.

You can achieve this by using the auth0_role and auth0_user resources, e.g.

resource "auth0_resource_server" "my_resource_server" {
  name        = "My Resource Server (Managed by Terraform)"
  identifier  = "my-resource-server-identifier"
  signing_alg = "RS256"

  token_lifetime                                  = 86400
  skip_consent_for_verifiable_first_party_clients = true
  enforce_policies                                = true

  scopes {
    value       = "read:something"
    description = "read something"
  }
}

resource "auth0_user" "my_user" {
  connection_name = "Username-Password-Authentication"
  user_id         = "auth0|1234567890"
  email           = "[email protected]"
  password        = "passpass$12$12"
  nickname        = "testnick"
  username        = "testnick"
  roles           = [auth0_role.my_role.id]
}

resource "auth0_role" "my_role" {
  name        = "My Role - (Managed by Terraform)"
  description = "Role Description..."

  permissions {
    resource_server_identifier = auth0_resource_server.my_resource_server.identifier
    name                       = "read:something"
  }
}

It would help to get clarification from your side as to what exactly is blocking you.

from terraform-provider-auth0.

Hey @sergiught! Thanks for the quick response, for my use case I have 3 roles predefined (Viewer, Editor, Admin), I'm creating multiple resource servers and what I need is to assign permissions to those existing roles, what the provider currently does is that creates a role and assign permissions to it, so for each resource server I will need to create a role, similar to that code snippet you posted, I was looking for auth0_role_permission_attachment to just assign the permissions to the existing roles, hope this explains what I'm trying to achieve.

from terraform-provider-auth0.

Hey folks this is now available in the latest release https://github.com/auth0/terraform-provider-auth0/releases/tag/v0.47.0.

Documentation:

• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/role_permission
• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/role_permissions
• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/user_role
• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/user_roles
• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/user_permission
• https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/user_permissions

Migration guide:

• https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md

Let us know if you encounter any issues with the new attachment resources!

Appreciate everyones patience while we worked on adding the new features.

from terraform-provider-auth0.