chore: updates

FusionAuth · May 3, 2022 · b408298 · b408298
1 parent 586dd58
commit b408298
Show file tree

Hide file tree

Showing 38 changed files with 889 additions and 96 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17
+          go-version: 1.18
       - name: Import GPG key
         id: import_gpg
         uses: paultyng/[email protected]

diff --git a/docs/resources/api_key.md b/docs/resources/api_key.md
@@ -29,6 +29,7 @@ resource "fusionauth_api_key" "example" {
 * `key_id` - (Optional) The Id to use for the new Form. If not specified a secure random UUID will be generated.
 * `key` - (Optional) API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.
 * `description` - (Optional) Description of the key.
+* `ip_access_control_list_id` - (Optional) The Id of the IP Access Control List limiting access to this API key.
 * `permissions_endpoints` - (Required) The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.
 * `lambda_reconcile_id` - (Optional) Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.
     - `endpoint` - (Optional)

diff --git a/docs/resources/application.md b/docs/resources/application.md
@@ -83,6 +83,8 @@ resource "fusionauth_application" "Forum"{
 * `application_id` - (Optional) The Id to use for the new Application. If not specified a secure random UUID will be generated.
 * `tenant_id` - (Required)
 * `authentication_token_configuration_enabled` - (Optional) Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
+* `access_control_configuration` - (Optional)
+    - `ui_ip_access_control_list_id` - (Optional) The Id of the IP Access Control List limiting access to this application.
 * `clean_speak_configuration` - (Optional)
     - `application_ids` - (Optional) An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
     - `username_moderation` - (Optional)
@@ -180,7 +182,17 @@ resource "fusionauth_application" "Forum"{
 * `verify_registration` - (Optional) Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
 * `webhook_ids` - (Optional) An array of Webhook Ids. For Webhooks that are not already configured for All Applications, specifying an Id on this request will indicate the associated Webhook should handle events for this application.
 * `email_configuration` - (Optional)
-    - `email_verification_template_id` - (Optional) New configuration per application to specify a more specific template.
-    - `forgot_password_template_id` - (Optional) New configuration per application to specify a more specific template.
-    - `passwordless_email_template_id` - (Optional) New configuration per application to specify a more specific template.
-    - `set_password_email_template_id` - (Optional) New configuration per application to specify a more specific template.
+    - `email_verification_template_id` - (Optional) The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `email_update_template_id` - (Optional) The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `email_verified_template_id` - (Optional) The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `forgot_password_template_id` - (Optional) The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `login_id_in_use_on_create_template_id` - (Optional) The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `login_id_in_use_on_update_template_id` - (Optional) The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `login_new_device_template_id` - (Optional) The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `login_suspicious_template_id` - (Optional) The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `passwordless_email_template_id` - (Optional) The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `password_reset_success_template_id` - (Optional) The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `password_update_template_id` - (Optional) The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `set_password_email_template_id` - (Optional) The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `two_factor_method_add_template_id` - (Optional) The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
+    - `two_factor_method_remove_template_id` - (Optional) The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
diff --git a/docs/resources/idp_apple.md b/docs/resources/idp_apple.md
@@ -45,4 +45,8 @@ resource "fusionauth_idp_apple" "apple" {
 * `scope` - (Optional) The top-level space separated scope that you are requesting from Apple.
 * `services_id` - (Required) The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.
 * `team_id` - (Required) The Apple App ID Prefix, or Team ID found in your Apple Developer Account which has been configured for Sign in with Apple.
-* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_external_jwt.md b/docs/resources/idp_external_jwt.md
@@ -43,4 +43,8 @@ resource "fusionauth_idp_external_jwt" "jwt" {
 * `oauth2_authorization_endpoint` - (Optional) The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
 * `oauth2_token_endpoint` - (Optional) TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
 * `unique_identity_claim` - (Required) The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
-* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_facebook.md b/docs/resources/idp_facebook.md
@@ -63,4 +63,8 @@ resource "fusionauth_idp_facebook" "facebook" {
     - `UsePopup` - When logging in use a popup window and the Facebook javascript library.
     - `UseRedirect` - When logging in use the Facebook OAuth redirect login flow.
 * `permissions` - (Optional) The top-level permissions that your application is asking of the user’s Facebook account.
-  Permission values are documented at [Facebook Login API](https://developers.facebook.com/docs/permissions/reference)
+  Permission values are documented at [Facebook Login API](https://developers.facebook.com/docs/permissions/reference)
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_google.md b/docs/resources/idp_google.md
@@ -44,4 +44,8 @@ resource "fusionauth_idp_google" "google" {
 * `lambda_reconcile_id` - (Optional) The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
 * `scope` - (Optional) The top-level scope that you are requesting from Google.
 * `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
-* `login_method` - (Optional) The login method to use for this Identity Provider.
+* `login_method` - (Optional) The login method to use for this Identity Provider.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_open_id_connect.md b/docs/resources/idp_open_id_connect.md
@@ -60,4 +60,8 @@ resource "fusionauth_idp_open_id_connect" "OpenID" {
 * `oauth2_scope` - (Optional) The top-level scope that you are requesting from the OpenID Connect identity provider.
 * `oauth2_token_endpoint` - (Optional) The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
 * `oauth2_user_info_endpoint` - (Optional) The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
-* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_saml_v2.md b/docs/resources/idp_saml_v2.md
@@ -58,3 +58,8 @@ resource "fusionauth_idp_saml_v2" "Saml" {
 * `xml_signature_canonicalization_method` - (Optional) The XML signature canonicalization method used when digesting and signing the SAML request.
 * `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
 * `post_request` - (Optional) Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
+
diff --git a/docs/resources/idp_samlv2_idp_initiated.md b/docs/resources/idp_samlv2_idp_initiated.md
@@ -37,3 +37,8 @@ resource "fusionauth_idp_saml_v2_idp_initated" "Saml" {
 * `name` - (Required) The name of this OpenID Connect identity provider. This is only used for display purposes.
 * `use_name_for_email` - (Optional) Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the `email_claim` property must be set. 
 * `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
+
diff --git a/docs/resources/idp_sony_psn.md b/docs/resources/idp_sony_psn.md
@@ -45,4 +45,8 @@ resource "fusionauth_idp_sony_psn" "sony_psn" {
 * `enabled` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
 * `lambda_reconcile_id` - (Optional) The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
 * `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
-* `scope` - (Optional) The top-level scope that you are requesting from Sony PlayStation Network.
+* `scope` - (Optional) The top-level scope that you are requesting from Sony PlayStation Network.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.
diff --git a/docs/resources/idp_steam.md b/docs/resources/idp_steam.md
@@ -42,4 +42,8 @@ resource "fusionauth_idp_steam" "steam" {
 * `lambda_reconcile_id` - (Optional) The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
 * `linking_strategy` - (Optional) The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
 * `scope` - (Optional) The top-level scope that you are requesting from Steam.
-* `web_api_key` - (Required) The top-level web API key to use with the Steam Identity Provider when retrieving the player summary info. This value is retrieved from the Steam developer website when you setup your Steam developer account.
+* `web_api_key` - (Required) The top-level web API key to use with the Steam Identity Provider when retrieving the player summary info. This value is retrieved from the Steam developer website when you setup your Steam developer account.
+* `tenant_configuration` - (Optional) The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
+    - `tenant_id` - (Optional) The unique Id of the tenant that this configuration applies to.
+    - `limit_user_link_count_enabled` - (Optional) When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
+    - `limit_user_link_count_maximum_links` - (Optional) Determines if this provider is enabled. If it is false then it will be disabled globally.