Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dasmeta/terraform-auth0-modules
Terraform modules from DasMeta to manage auth0 setup
https://github.com/dasmeta/terraform-auth0-modules
auth0 terraform
Last synced: 2 months ago
JSON representation
Terraform modules from DasMeta to manage auth0 setup
- Host: GitHub
- URL: https://github.com/dasmeta/terraform-auth0-modules
- Owner: dasmeta
- License: apache-2.0
- Created: 2022-10-26T08:42:57.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-13T12:58:38.000Z (11 months ago)
- Last Synced: 2024-03-13T14:06:22.594Z (11 months ago)
- Topics: auth0, terraform
- Language: HCL
- Homepage: https://www.dasmeta.com
- Size: 147 KB
- Stars: 5
- Watchers: 2
- Forks: 9
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-auth0-modules
### This module allow you to create and manage clients, resource servers(api), client grants, connections, email providers and rules and roles, tenants as part of a Terraform deployment.
## Example
[Auth0 multi resources create] (https://github.com/dasmeta/terraform-auth0-modules/tree/main/examples)
## Using credentials from clients in actions
If you need the credentials from one of the managed `clients` for one of your `actions` you can refer to them like this:
```
actions = {
"test" = {
code = file("${path.module}/actions-code/test.js")
name = "test"
deploy = false
client_secrets = [
{
name = "CLIENT_ID"
client = "Frontend (Test)"
output = "client_id"
}
]
}
}
...
clients = {
"Frontend (Test)" = {
name = "Frontend (Test)"
app_type = "non_interactive"
},
...
```
`name` is the name of the secret which will be created.
`client` is the name of the client which is already managed by this module.
`output` is the name of the output field of the client. The value of the secret is read from this output.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.5.6 |
| [auth0](#requirement\_auth0) | ~> 1.0.0 |
## Providers
| Name | Version |
|------|---------|
| [auth0](#provider\_auth0) | ~> 1.0.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [action](#module\_action) | ./modules/auth0-action | n/a |
| [auth0-auth-db](#module\_auth0-auth-db) | ./modules/auth0-auth-db | n/a |
| [auth0-email](#module\_auth0-email) | ./modules/auth0-email | n/a |
| [auth0-goa](#module\_auth0-goa) | ./modules/auth0-auth-google | n/a |
| [auth0-guardian](#module\_auth0-guardian) | ./modules/auth0-guardian | n/a |
| [auth0-org](#module\_auth0-org) | ./modules/auth0-org | n/a |
| [auth0-tenant](#module\_auth0-tenant) | ./modules/auth0-tenant | n/a |
| [auth0\_api](#module\_auth0\_api) | ./modules/auth0-api | n/a |
| [auth0\_client](#module\_auth0\_client) | ./modules/auth0-client | n/a |
| [auth0\_role](#module\_auth0\_role) | ./modules/auth0-role | n/a |
| [auth0\_users](#module\_auth0\_users) | ./modules/auth0-user/ | n/a |
## Resources
| Name | Type |
|------|------|
| [auth0_client_grant.my_client_grant](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/client_grant) | resource |
| [auth0_prompt.my_prompt](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/prompt) | resource |
| [auth0_trigger_actions.trigger_binding](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/trigger_actions) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [actions](#input\_actions) | Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic. |
list(object({
name = string
code = string
runtime = optional(string, "node16")
supported_triggers = optional(any, {
id = "post-change-password"
version = "v2"
})
dependencies = optional(list(any), [])
deploy = optional(bool, false)
client_secrets = optional(list(object({
name = string
client = string
output = string
})), [])
secrets = optional(list(object({
name = string
value = string
})), [])
})) | `[]` | no |
| [apis](#input\_apis) | With this resource, you can set up APIs that can be consumed from your authorized applications. | list(object({
name = string
scopes = list(any)
identifier = string
enforce_policies = optional(bool, true)
signing_alg = optional(string, "RS256")
skip_consent_for_verifiable_first_party_clients = optional(bool, true)
token_lifetime = optional(number, 86400)
token_lifetime_for_web = optional(number, 7200)
token_dialect = optional(string, null)
allow_offline_access = optional(bool, false)
})) | `[]` | no |
| [client-id](#input\_client-id) | Auth0 client id | `string` | n/a | yes |
| [client-secret](#input\_client-secret) | Auth0 client secret | `string` | n/a | yes |
| [client\_grants](#input\_client\_grants) | Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. | `any` | `[]` | no |
| [clients](#input\_clients) | With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. | list(object({
name = string
app_type = string
cross_origin_auth = optional(bool, false)
allowed_logout_urls = optional(list(string), [])
allowed_origins = optional(list(string), [])
callbacks = optional(list(string), [])
web_origins = optional(list(string), [])
organization_usage = optional(string, null)
organization_require_behavior = optional(string, null)
custom_login_page_on = optional(bool, false)
custom_login_page = optional(string, " ")
token_endpoint_auth_method = optional(string, "none")
grant_types = optional(list(string), ["client_credentials"])
token_endpoint_auth_method = optional(string, "client_secret_post")
logo_uri = optional(string, null)
sso = optional(bool, false)
jwt_configuration = optional(any, {
alg = "RS256"
lifetime_in_seconds = "36000"
secret_encoded = "false"
})
refresh_token = optional(any, {
expiration_type = "non-expiring"
idle_token_lifetime = "2592000"
infinite_idle_token_lifetime = "true"
infinite_token_lifetime = "true"
leeway = "0"
rotation_type = "non-rotating"
token_lifetime = "31557600"
})
})) | `[]` | no |
| [db\_connections](#input\_db\_connections) | With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers database authentication methods. | list(object({
name = string
password_policy = optional(string, "good")
password_history = optional(any, { enable = true, size = 3 })
password_no_personal_info = optional(bool, true)
password_dictionary = optional(any, { enable = true, dictionary = [] })
brute_force_protection = optional(bool, true)
custom_scripts = optional(any, {})
enabled_database_customization = optional(bool, false)
custom_scripts_configuration = optional(any, {})
})) | `[]` | no |
| [domain](#input\_domain) | Auth0 domain | `string` | n/a | yes |
| [emails](#input\_emails) | With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. | list(object({
name = string
default_from_address = string
access_key_id = optional(string, null)
secret_access_key = optional(string, null)
region = optional(string, null)
api_key = optional(string, null)
email_template = optional(any, {})
})) | `[]` | no |
| [google](#input\_google) | With Auth0, you can define sources of users, otherwise known as connections, which may include identity provider Google authentication methods. | `any` | `[]` | no |
| [mfa](#input\_mfa) | Multi-Factor Authentication works by requiring additional factors during the login process to prevent unauthorized access. | list(object({
policy = optional(string, "all-applications")
email = optional(bool, false)
otp = optional(bool, false)
recovery_code = optional(bool, false)
webauthn_roaming = optional(list(any), [])
phone = optional(list(any), [])
push = optional(list(any), [])
duo = optional(list(any), [])
})) | `[]` | no |
| [orgs](#input\_orgs) | The Organizations feature represents a broad update to the Auth0 platform that allows our business-to-business (B2B) customers to better manage their partners and customer | list(object({
name = string
display_name = string
branding = optional(list(any), [])
connections = optional(list(any), [])
})) | `[]` | no |
| [prompts](#input\_prompts) | With this resource, you can manage your Auth0 prompts, including choosing the login experience version. | `any` | `[]` | no |
| [roles](#input\_roles) | With this resource, you can create and manage collections of permissions that can be assigned to users, which are otherwise known as roles. | `list(any)` | [
{
"description": "Administrator role",
"name": "Administrator",
"permissions": []
}
]
| no |
| [tenant](#input\_tenant) | With this resource, you can manage Auth0 tenants | list(object({
friendly_name = string
allowed_logout_urls = optional(list(string), [])
default_audience = optional(string, null)
picture_url = optional(string, null)
enabled_locales = optional(list(string), null)
change_password = optional(list(any), [])
guardian_mfa_page = optional(list(any), [])
default_redirection_uri = string
sandbox_version = string
error_page = optional(list(any), [])
default_directory = optional(string, null)
support_email = optional(string, null)
support_url = optional(string, null)
session_lifetime = optional(number, 168)
idle_session_lifetime = optional(number, 72)
session_cookie = optional(string, "persistent")
universal_login = optional(any, [])
flags = optional(any, {
allow_legacy_delegation_grant_types = "false"
allow_legacy_ro_grant_types = "false"
allow_legacy_tokeninfo_endpoint = "false"
dashboard_insights_view = "false"
dashboard_log_streams_next = "false"
disable_clickjack_protection_headers = "false"
disable_fields_map_fix = "false"
disable_management_api_sms_obfuscation = "false"
enable_adfs_waad_email_verification = "false"
enable_apis_section = "false"
enable_client_connections = "false"
enable_custom_domain_in_emails = "false"
enable_dynamic_client_registration = "false"
enable_idtoken_api2 = "false"
enable_legacy_logs_search_v2 = "false"
enable_legacy_profile = "false"
enable_pipeline2 = "false"
enable_public_signup_user_exists_error = "false"
no_disclose_enterprise_connections = "false"
revoke_refresh_token_grant = "false"
universal_login = "true"
use_scope_descriptions_for_consent = "false"
})
})) | `[]` | no |
| [users](#input\_users) | n/a | list(object({
name = string
email = string
roles = list(string)
password = string
})) | `[]` | no |
## Outputs
| Name | Description |
|------|-------------|
| [client\_credentials](#output\_client\_credentials) | Client credentials for each client created. |