frontegg / terraform-provider-frontegg Goto Github PK

View Code? Open in Web Editor NEW

8.0 2.0 16.0 1.08 MB

Terraform Provider for Frontegg

License: Mozilla Public License 2.0

Makefile 0.26% Go 99.74%

terraform-provider-frontegg's Introduction

Terraform Provider for Frontegg

This repository contains a Terraform provider for the [Frontegg] user management platform.

Requirements

Terraform >= 1.0.3
Go >= 1.20 pay attention to install platform compatible version

Using the provider

See the Terraform Registry: https://registry.terraform.io/providers/frontegg/frontegg/latest.

Importing existing resources

Workspaces

To import an existing workspace, first add a shim resource definition to your Terraform project:

# main.tf
resource "frontegg_workspace" "example" {}

Then run terraform import, specifying the address of the resource you declared above (frontegg_workspace.example) and your workspace ID (i.e., your API client ID):

$ terraform import frontegg_workspace.example 65e2d503-c187-4d55-8ba5-816bd4a15f96
frontegg_workspace.example: Importing from ID "65e2d503-c187-4d55-8ba5-816bd4a15f96"...
frontegg_workspace.example: Import prepared!
  Prepared frontegg_workspace for import
frontegg_workspace.example: Refreshing state... [id=65e2d503-c187-4d55-8ba5-816bd4a15f96]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Next, run terraform state show to show the configuration values Terraform has imported:

$ terraform state show frontegg_workspace.example
# frontegg_workspace.example:
resource "frontegg_workspace" "example" {
    allowed_origins     = [
        "https://yourcompany.com",
    ]
    backend_stack       = "Python"
    country             = "US"
    frontegg_domain     = "yourcompany.frontegg.com"
    # ...
}

Finally, you can copy that output back into your main.tf file (or equivalent). Beware that you may need to manually remove some output properties from the resource, like jwt_public_key.

You should verify that terraform plan reports no diffs.

Roles, permissions, and permission categories

The procedure is the same as above, except that it is tricky to discover the ID for the role, permission, or permission category. IDs for these objects are UUIDs.

You can either query the Frontegg API yourself to find these IDs, or you can use your browser's developer tools to sniff the IDs out of the network requests as you browse the Frontegg Portal.

Contact us

Please note that this provider may not offer full support for all Frontegg capabilities. If you require assistance or support for a specific functionality, please contact us at [email protected].

terraform-provider-frontegg's People

Contributors

Stargazers

Watchers

Forkers

afterthought stratticweb uripre okera benesch antifuchs crimson8 necaris cove mariusgiger sdemjanenko jubrad rjobanp materializeinc matthewarthur ph14

terraform-provider-frontegg's Issues

Defining hook throws 401

Defined this hook throws 401

resource "frontegg_webhook" "user_webhooks" {
enabled = true
name = "Example webhook"
description = "An example of a webhook"
url = var.frontegg_webhook_url
secret = var.secret_value
events = [
"frontegg.user.deleted"
]
}

Errors upgrading from 0.2.33 -> 0.2.34

Hi we are seeing the following issues when upgrading from 0.2.33 -> 0.2.34

Terraform version

❯ terraform -v
Terraform v1.1.9
on linux_amd64
+ provider registry.terraform.io/frontegg/frontegg v0.2.34
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v4.29.0
+ provider registry.terraform.io/hashicorp/cloudinit v2.2.0
+ provider registry.terraform.io/hashicorp/helm v2.6.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.13.1
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/tls v4.0.2

Your version of Terraform is out of date! The latest version
is 1.2.8. You can update by downloading from https://www.terraform.io/downloads.html

Errors

╷
│ Error: frontegg missing required email template ResetPhoneNumber
│ 
│   with module.frontegg.frontegg_workspace.workspace,
│   on modules/frontegg/main.tf line 1, in resource "frontegg_workspace" "workspace":
│    1: resource "frontegg_workspace" "workspace" {
│ 
╵
╷
│ Error: restclient: request failed: GET https://api.frontegg.com/identity/resources/roles/v1: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[746ac271498f27c4-SLC] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 06 Sep 2022 22:49:44 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[a5e4b006-baf3-4ea2-ad95-cad431a69660] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}
│ 
│   with module.frontegg.frontegg_role.admin,
│   on modules/frontegg/permissions.tf line 100, in resource "frontegg_role" "admin":
│  100: resource "frontegg_role" "admin" {
│ 
╵     on; charset=utf-8] Date:[Tue, 06 Sep 2022 22:48:46 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] E
╷
│ Error: restclient: request failed: GET https://api.frontegg.com/identity/resources/roles/v1: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[746ac26f0d2a27c4-SLC] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 06 Sep 2022 22:49:43 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[af66f455-3b0a-4f20-a0fc-be63cbf2c2de] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}
│ 
│   with module.frontegg.frontegg_role.read-only,
│   on modules/frontegg/permissions.tf line 121, in resource "frontegg_role" "read-only":
│  121: resource "frontegg_role" "read-only" {
│ 
╵
╷
│ Error: restclient: request failed: GET https://api.frontegg.com/identity/resources/roles/v1: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[746ac271498c27c4-SLC] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 06 Sep 2022 22:49:44 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[49cb3bb5-eb1a-493c-a606-56896514efc0] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}
│ 
│   with module.frontegg.frontegg_role.editor-full,
│   on modules/frontegg/permissions.tf line 137, in resource "frontegg_role" "editor-full":
│  137: resource "frontegg_role" "editor-full" {
│ 
╵
╷
│ Error: restclient: request failed: GET https://api.frontegg.com/identity/resources/roles/v1: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[746ac271498827c4-SLC] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 06 Sep 2022 22:49:44 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[438a6e8f-387f-433b-a8da-bba1883f00e6] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}
│ 
│   with module.frontegg.frontegg_role.editor-dashboard,
│   on modules/frontegg/permissions.tf line 157, in resource "frontegg_role" "editor-dashboard":
│  157: resource "frontegg_role" "editor-dashboard" {
│ 
╵
╷
│ Error: restclient: request failed: GET https://api.frontegg.com/identity/resources/roles/v1: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[746ac267aeb827c4-SLC] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 06 Sep 2022 22:49:42 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[9b3fdb6d-5fbb-4973-b6be-886e9998d3ae] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}
│ 
│   with module.frontegg.frontegg_role.csv-downloader,
│   on modules/frontegg/permissions.tf line 176, in resource "frontegg_role" "csv-downloader":
│  176: resource "frontegg_role" "csv-downloader" {
│ 
╵

Terraform configuration files

resource "frontegg_workspace" "workspace" {
  name                = "Pocus ${var.environment}"
  country             = "US"
  backend_stack       = "Node"
  frontend_stack      = "React"
  custom_domain       = var.custom_domain
  frontegg_domain     = "pocus-${var.environment}.frontegg.com"
  allowed_origins     = var.allowed_origins
  open_saas_installed = false

  admin_portal {
    enable_account_settings    = false
    enable_api_tokens          = false
    enable_audit_logs          = false
    enable_personal_api_tokens = false
    enable_privacy             = true
    enable_profile             = false
    enable_roles               = true
    enable_security            = true
    enable_sso                 = true
    enable_subscriptions       = false
    enable_usage               = false
    enable_users               = true
    enable_webhooks            = false

    palette {
      success        = "#2CA744"
      info           = "#5587C0"
      warning        = "#F6AD55"
      error          = "#FC8181"
      primary        = "#6B46C1"
      primary_text   = "#FFFFFF"
      secondary      = "#FBFBFC"
      secondary_text = "#3C4A5A"
    }
  }

  auth_policy {
    allow_unverified_users       = false
    allow_signups                = false
    enable_api_tokens            = false
    enable_roles                 = true
    jwt_algorithm                = "RS256"
    jwt_access_token_expiration  = 43200   # 12 hours
    jwt_refresh_token_expiration = 2592000 # 30 days
    same_site_cookie_policy      = "none"
  }

  mfa_policy {
    allow_remember_device = true
    device_expiration     = 604800 # 7 days
    enforce               = "off"
  }

  saml {
    acs_url      = "https://${var.custom_domain}/auth/saml/callback"
    sp_entity_id = "pocus"
    redirect_url = var.pocus_frontend_url
  }

  password_policy {
    allow_passphrases = false
    min_length        = 8
    max_length        = 128
    min_tests         = 4
    min_phrase_length = 8
    history           = 0
  }

  /* magic_code_email { */
  /*   from_address         = "[email protected]" */
  /*   from_name            = "Pocus" */
  /*   subject              = "Pocus Login Verification Code" */
  /*   html_template        = file("${path.module}/emails/magic-code.html") */
  /*   redirect_url         = "" */
  /*   success_redirect_url = "" */
  /* } */

  /* magic_link_email { */
  /*   from_address         = "[email protected]" */
  /*   from_name            = "Pocus" */
  /*   subject              = "Your Magic 🪄 Login Link" */
  /*   html_template        = file("${path.module}/emails/magic-link.html") */
  /*   redirect_url         = "${var.pocus_frontend_url}/account/login/magic-link" */
  /*   success_redirect_url = "" */
  /* } */

  /* new_device_connected_email { */
  /*   from_address         = "[email protected]" */
  /*   from_name            = "Pocus" */
  /*   subject              = "Successful sign-in from new device" */
  /*   html_template        = file("${path.module}/emails/new-device-connected.html") */
  /*   redirect_url         = "" */
  /*   success_redirect_url = "" */
  /* } */

  pwned_password_email {
    from_address         = "[email protected]"
    from_name            = "Pocus"
    subject              = "Time to change your password"
    html_template        = file("${path.module}/emails/pwned-password.html")
    redirect_url         = ""
    success_redirect_url = ""
  }

  reset_password_email {
    from_address         = "[email protected]"
    from_name            = "Pocus"
    subject              = "Reset your Pocus password"
    html_template        = file("${path.module}/emails/reset-password.html")
    redirect_url         = "${var.pocus_frontend_url}/account/reset-password"
    success_redirect_url = ""
  }

  /* reset_phone_number_email { */
  /*   from_address         = "[email protected]" */
  /*   from_name            = "Pocus" */
  /*   subject              = "Reset your Pocus phone number" */
  /*   html_template        = file("${path.module}/emails/reset-phone-number.html") */
  /*   redirect_url         = "${var.pocus_frontend_url}/account/reset-phone-number" */
  /*   success_redirect_url = "" */
  /* } */

  user_activation_email {
    from_address         = "[email protected]"
    from_name            = "Pocus"
    subject              = "Activate your Pocus account"
    html_template        = file("${path.module}/emails/user-activation.html")
    redirect_url         = "${var.pocus_frontend_url}/account/activate"
    success_redirect_url = ""
  }

  user_invitation_email {
    from_address         = "[email protected]"
    from_name            = "Pocus"
    subject              = "You've been invited to join a Pocus workspace"
    html_template        = file("${path.module}/emails/user-invitation.html")
    redirect_url         = "${var.pocus_frontend_url}/account/invitation/accept"
    success_redirect_url = ""
  }

  /* user_used_invitation_email { */
  /*   from_address         = "[email protected]" */
  /*   from_name            = "Pocus" */
  /*   subject              = "Yay! Someone used your Pocus invite link" */
  /*   html_template        = file("${path.module}/emails/user-used-invitation.html") */
  /*   redirect_url         = "" */
  /*   success_redirect_url = "" */
  /* } */
}

resource "frontegg_webhook" "terraform_webhook" {
  enabled     = true
  name        = "Terraform Webhook"
  description = "Hook from terraform"
  url         = "${var.pocus_api_url}/frontegg/webhook"
  // Frontegg shows a constantly changing value (but if we lifecyle ignore_changes, secret gets cleared out)
  secret = var.hook_secret
  events = [
    "frontegg.tenant.created",
    "frontegg.tenant.updated",
    "frontegg.tenant.deleted",
    "frontegg.user.created",
    // "frontegg.user.updated", TODO: enable this once its working
    "frontegg.user.activated",
    "frontegg.user.invitedToTenant",
    "frontegg.user.removedFromTenant",
    "frontegg.user.deleted",
  ]
}

data "frontegg_permission" "frontegg_secure_all" {
  key = "fe.secure.*"
}
data "frontegg_permission" "frontegg_secure_read_all" {
  key = "fe.secure.read.*"
}
data "frontegg_permission" "frontegg_connectivity_all" {
  key = "fe.connectivity.*"
}


resource "frontegg_permission_category" "pocus_default" {
  name        = "Pocus Default"
  description = "Default fallback permissions for pocus operations"
}
resource "frontegg_permission" "pocus_default_write" {
  key         = "pocus.default.write"
  name        = "Pocus Default Write"
  description = "Fallback permission for graphqul mutations without any other permissions set"
  category_id = resource.frontegg_permission_category.pocus_default.id
}

resource "frontegg_permission_category" "pocus_realtime_actions" {
  name        = "Pocus Realtime Actions"
  description = "Allows invoke realtime actions"
}

resource "frontegg_permission" "pocus_real_time_actions_invoke" {
  key         = "pocus.realtime_actions.invoke"
  name        = "Pocus Realtime Actions Invoke"
  description = "Permission to invoke realtime actions on Pocus"
  category_id = frontegg_permission_category.pocus_realtime_actions.id
}

resource "frontegg_permission_category" "pocus_score_editor" {
  name        = "Pocus Score Editor"
  description = "Allows users to edit scores and signals"
}
resource "frontegg_permission" "pocus_score_read" {
  key         = "pocus.score.read"
  name        = "Pocus Score Read"
  description = "Permission to read scores and signals"
  category_id = resource.frontegg_permission_category.pocus_score_editor.id
}
resource "frontegg_permission" "pocus_score_write" {
  key         = "pocus.score.write"
  name        = "Pocus Score Write"
  description = "Permission to edit scores and signals"
  category_id = resource.frontegg_permission_category.pocus_score_editor.id
}

resource "frontegg_permission_category" "pocus_csv" {
  name        = "Pocus CSV"
  description = "Permissions for exporting Pocus CSVs"
}
resource "frontegg_permission" "pocus_csv_export" {
  key         = "pocus.csv.export"
  name        = "Pocus CSV Export"
  description = "Permission to export csv data"
  category_id = resource.frontegg_permission_category.pocus_csv.id
}


resource "frontegg_permission_category" "pocus_dashboard" {
  name        = "Pocus Dashboard"
  description = "Permissions for Pocus Dashboard data"
}
resource "frontegg_permission" "pocus_dashboard_read" {
  key         = "pocus.dashboard.read"
  name        = "Pocus Dashboard Read"
  description = "Permission to read dashboard data"
  category_id = resource.frontegg_permission_category.pocus_dashboard.id
}
resource "frontegg_permission" "pocus_dashboard_write" {
  key         = "pocus.dashboard.write"
  name        = "Pocus Dashboard Write"
  description = "Permission to write dashboard data"
  category_id = resource.frontegg_permission_category.pocus_dashboard.id
}


resource "frontegg_permission_category" "pocus_drilldown" {
  name        = "Pocus Drilldown"
  description = "Permissions for Pocus Drilldown data"
}
resource "frontegg_permission" "pocus_drilldown_read" {
  key         = "pocus.drilldown.read"
  name        = "Pocus Drilldown Read"
  description = "Permission to read drilldown data"
  category_id = resource.frontegg_permission_category.pocus_drilldown.id
}
resource "frontegg_permission" "pocus_drilldown_write" {
  key         = "pocus.drilldown.write"
  name        = "Pocus Drilldown Write"
  description = "Permission to write drilldown data"
  category_id = resource.frontegg_permission_category.pocus_drilldown.id
}


resource "frontegg_role" "admin" {
  name        = "Admin"
  key         = "admin"
  default     = true
  description = "User with full access to account"
  level       = 0
  permission_ids = [
    data.frontegg_permission.frontegg_connectivity_all.id,
    data.frontegg_permission.frontegg_secure_all.id,
    resource.frontegg_permission.pocus_default_write.id,
    resource.frontegg_permission.pocus_csv_export.id,
    resource.frontegg_permission.pocus_dashboard_read.id,
    resource.frontegg_permission.pocus_dashboard_write.id,
    resource.frontegg_permission.pocus_drilldown_read.id,
    resource.frontegg_permission.pocus_drilldown_write.id,
    resource.frontegg_permission.pocus_score_read.id,
    resource.frontegg_permission.pocus_score_write.id,
    frontegg_permission.pocus_real_time_actions_invoke.id,
  ]
}

resource "frontegg_role" "read-only" {
  name        = "Read Only"
  key         = "read-only"
  default     = false
  description = "User with read-only access to account"
  level       = 0
  permission_ids = [
    data.frontegg_permission.frontegg_connectivity_all.id,
    data.frontegg_permission.frontegg_secure_read_all.id,
    resource.frontegg_permission.pocus_dashboard_read.id,
    resource.frontegg_permission.pocus_drilldown_read.id,
    resource.frontegg_permission.pocus_score_read.id,
    frontegg_permission.pocus_real_time_actions_invoke.id,
  ]
}

resource "frontegg_role" "editor-full" {
  name        = "Full Editor"
  key         = "editor-full"
  default     = false
  description = "Can view and edit everything but not invite users"
  level       = 0
  permission_ids = [
    data.frontegg_permission.frontegg_connectivity_all.id,
    data.frontegg_permission.frontegg_secure_read_all.id,
    resource.frontegg_permission.pocus_default_write.id,
    resource.frontegg_permission.pocus_dashboard_read.id,
    resource.frontegg_permission.pocus_dashboard_write.id,
    resource.frontegg_permission.pocus_drilldown_read.id,
    resource.frontegg_permission.pocus_drilldown_write.id,
    resource.frontegg_permission.pocus_score_read.id,
    resource.frontegg_permission.pocus_score_write.id,
    frontegg_permission.pocus_real_time_actions_invoke.id,
  ]
}

resource "frontegg_role" "editor-dashboard" {
  name        = "Dashboard Editor"
  key         = "editor-dashboard"
  default     = false
  description = "Read-only user that also has write access to dashboards and scores"
  level       = 0
  permission_ids = [
    data.frontegg_permission.frontegg_connectivity_all.id,
    data.frontegg_permission.frontegg_secure_read_all.id,
    resource.frontegg_permission.pocus_dashboard_read.id,
    resource.frontegg_permission.pocus_dashboard_write.id,
    resource.frontegg_permission.pocus_drilldown_read.id,
    resource.frontegg_permission.pocus_drilldown_write.id,
    resource.frontegg_permission.pocus_score_read.id,
    resource.frontegg_permission.pocus_score_write.id,
    frontegg_permission.pocus_real_time_actions_invoke.id,
  ]
}

resource "frontegg_role" "csv-downloader" {
  name        = "CSV Downloader"
  key         = "csv-downloader"
  default     = false
  description = "Supplementary role that allows downloading CSVs"
  level       = 0
  permission_ids = [
    resource.frontegg_permission.pocus_csv_export.id,
  ]
}

Steps to reproduce

Please list the steps required to reproduce the issue, for example:

terraform plan

Support rest of email templates in the provider

We have see the emojis in our unmanaged templates get cohersed into a ? character which makes our emails look bad.

Currently the following email templates are not supported by the terraform provider, would be good to add those in so we no longer have to babysit our unmanaged email templates:

Magic Link
Connect New Device
Magic Code
User Used Invitation

Support for prehooks and disabling emails

Please add support for prehooks, and the ability to enable/disable emails from Terraform.

Feature Request: Delete existing roles when adding new ones OR import state

Feature Request - Delete / Override existing roles when adding new ones

When adding new roles the ones that comes by default Read Only & Member still exists,
So if I want to manage the role Member it duplicates this:

Error when trying to configure the custom_domain property

Terraform version

1.1.9

Affected resources

frontegg_workspace

Terraform configuration files

resource "frontegg_workspace" "nest_app" {
  name                = upper(var.environment)
  country             = "US"
  backend_stack       = "Node"
  frontend_stack      = "React"
  open_saas_installed = false

  custom_domain   = var.auth_subdomain
  frontegg_domain = var.frontegg_domain
...
}

Expected Behavior

The custom domain should be configured for the workspace

Actual Behavior

The terraform apply command fails with an error:

│ Error: restclient: request failed: POST https://api.us.frontegg.com/vendors/custom-domains: 404 Not Found: map[Access-Control-Allow-Credentials:[true] Content-Length:[30] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Fri, 06 May 2022 11:51:01 GMT] Etag:[W/"1e-a/Ls6uLJoK/0zLOnxVMqTB0ypSM"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[f93e2f0d-d538-408e-bcd5-018aefef3374] Referrer-Policy:[no-referrer] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["CName not found"]}

Steps to reproduce

terraform apply

Important factoids

Using the US instance of Frontegg

Tenant resource has mandatory undocumented application_uri parameter

Terraform version

(all)

Affected resources

frontegg_tenant

Terraform configuration files

(n/a)

Debug Output

Panic output

Expected Behavior

The frontegg_tenant resoure should not require a application_uri parameter to be passed; it's not documented on https://docs.frontegg.com/reference/tenantcontrollerv1_addtenant and according to frontegg folks, only serves to disambiguate oauth applications if there should be multiple on the domain.

Actual Behavior

The parameter is mandatory: https://registry.terraform.io/providers/frontegg/frontegg/latest/docs/resources/tenant

Steps to reproduce

Create a frontegg_tenant resource without the parameter (:

frontegg_workspace with no lockout_policy gives 400 error on apply

Terraform version

Terraform v1.2.2
on linux_amd64
+ provider registry.terraform.io/frontegg/frontegg v0.2.21

Affected resources

frontegg_workspace

Terraform configuration files

terraform {
  required_providers {
    frontegg = {
      source  = "frontegg/frontegg"
      version = "~> 0.2.21"
    }
  }
}

provider "frontegg" {
  client_id  = "88b9cefd-c686-4dce-9654-49671666dff0"
  secret_key = "ad681576-f0b8-49af-89df-9de1edd127f7"
}

resource "frontegg_workspace" "workspace" {
  allowed_origins     = ["http://localhost:3000/"]
  backend_stack       = "Node"
  country             = "US"
  frontegg_domain     = "pocus-bug.frontegg.com"
  frontend_stack      = "React"
  name                = "Pocus Bug"
  open_saas_installed = false

  admin_portal {
    enable_account_settings    = false
    enable_api_tokens          = false
    enable_audit_logs          = false
    enable_personal_api_tokens = false
    enable_privacy             = true
    enable_profile             = false
    enable_roles               = true
    enable_security            = true
    enable_sso                 = false
    enable_subscriptions       = false
    enable_usage               = false
    enable_users               = true
    enable_webhooks            = false

    palette {
      success        = "#2CA744"
      info           = "#5587C0"
      warning        = "#F6AD55"
      error          = "#FC8181"
      primary        = "#6B46C1"
      primary_text   = "#FFFFFF"
      secondary      = "#FBFBFC"
      secondary_text = "#3C4A5A"
    }
  }

  auth_policy {
    allow_unverified_users       = false
    allow_signups                = false
    enable_api_tokens            = false
    enable_roles                 = true
    jwt_algorithm                = "RS256"
    jwt_access_token_expiration  = 43200   # 12 hours
    jwt_refresh_token_expiration = 2592000 # 30 days
    same_site_cookie_policy      = "none"
  }

  mfa_policy {
    allow_remember_device = true
    device_expiration     = 604800 # 7 days
    enforce               = "off"
  }

  password_policy {
    allow_passphrases = false
    min_length        = 8
    max_length        = 128
    min_tests         = 4
    min_phrase_length = 8
    history           = 0
  }
}

Debug Output

https://gist.github.com/julianandrews/cf34473c48dfb8de39ddb10527e9d6e2

Expected Behavior

There should be no error

Actual Behavior

We get an error:

Error: restclient: request failed: POST https://api.frontegg.com/identity/resources/configurations/v1/lockout-policy: 400 Bad Request: map[Access-Control-Allow-Credentials:[true] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[729251572c46b3bc-MIA] Content-Length:[50] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Mon, 11 Jul 2022 14:44:32 GMT] Etag:[W/"32-f3IcRPoCuHgflHep8IYWB+xCNmA"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[a85127f8-5984-485a-b6bd-988ef9776fac] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15724800; includeSubDomains] Vary:[Origin] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["maxAttempts must not be less than 1"]}

Steps to reproduce

terraform apply

Important factoids

Adding a lockout_policy block makes the issue go away, but we don't want a lockout policy!

Captcha-policy rest request made when captcha_policy is not configured

Reposting from https://github.com/benesch/terraform-provider-frontegg/issues/24. I am running frontegg/frontegg 0.2.17

frontegg_webhook fails on event frontegg.user.updated

Terraform version

v1.1.8

Affected resources

frontegg_webhook

Terraform configuration files

resource "frontegg_webhook" "terraform_webhook" {
  enabled     = true
  name        = "Terraform Webhook"
  description = "Hook from terraform"
  url         = "${var.pocus_api_url}/frontegg/webhook"
  // Frontegg shows a constantly changing value (but if we lifecyle ignore_changes, secret gets cleared out)
  secret = var.hook_secret
  events = [
    "frontegg.tenant.created",
    "frontegg.tenant.updated",
    "frontegg.tenant.deleted",
    "frontegg.user.created",
    "frontegg.user.updated",
    "frontegg.user.activated",
    "frontegg.user.invitedToTenant",
    "frontegg.user.removedFromTenant",
    "frontegg.user.deleted",
  ]
}

Debug Output

https://gist.github.com/kris-swann/1bc44e690eb0f76d142cb1fde96f2b80

Panic output

NONE

Expected Behavior

Hook is successfully created with event frontegg.user.updated

Actual Behavior

Error message below is shown

╷
│ Error: expected events.8 to be one of [frontegg.user.authenticated frontegg.user.authenticatedWithSAML frontegg.user.authenticatedWithSSO frontegg.user.failedAuthentication frontegg.user.enrolledMFA frontegg.user.disabledMFA frontegg.user.created frontegg.user.signedUp frontegg.user.deleted frontegg.user.invitedToTenant frontegg.user.changedPassword frontegg.user.forgotPassword frontegg.user.removedFromTenant frontegg.userApiToken.created frontegg.userApiToken.deleted frontegg.user.activated frontegg.tenant.created frontegg.tenant.deleted frontegg.tenant.updated frontegg.tenantApiToken.created frontegg.tenantApiToken.deleted], got frontegg.user.updated
│ 
│   with module.frontegg.frontegg_webhook.terraform_webhook,
│   on modules/frontegg/main.tf line 114, in resource "frontegg_webhook" "terraform_webhook":
│  114:   events = [
│  115:     "frontegg.tenant.created",
│  116:     "frontegg.tenant.updated",
│  117:     "frontegg.tenant.deleted",
│  118:     "frontegg.user.created",
│  119:     "frontegg.user.updated",
│  120:     "frontegg.user.activated",
│  121:     "frontegg.user.invitedToTenant",
│  122:     "frontegg.user.removedFromTenant",
│  123:     "frontegg.user.deleted",
│  124:   ]
│ 
╵

Steps to reproduce

Please list the steps required to reproduce the issue, for example:

Try to create a webhook with the following configuration

resource "frontegg_webhook" "terraform_webhook" {
  enabled     = true
  name        = "Terraform Webhook"
  description = "Hook from terraform"
  url         = "${var.pocus_api_url}/frontegg/webhook"
  // Frontegg shows a constantly changing value (but if we lifecyle ignore_changes, secret gets cleared out)
  secret = var.hook_secret
  events = [
    "frontegg.tenant.created",
    "frontegg.tenant.updated",
    "frontegg.tenant.deleted",
    "frontegg.user.created",
    "frontegg.user.updated",
    "frontegg.user.activated",
    "frontegg.user.invitedToTenant",
    "frontegg.user.removedFromTenant",
    "frontegg.user.deleted",
  ]
}d

terraform plan

Important factoids

References

logo on login box erased after applying terraform

When we apply our terraform workspace the logo for the login box is removed.

Terraform version

1.1.3

Affected resources

frontegg_workspace

Terraform configuration files

provider "frontegg" {
  api_base_url    = "https://api.us.frontegg.com"
  portal_base_url = "https://portal.us.frontegg.com"
}

resource "frontegg_workspace" "saas_controller" {
  depends_on = [
    azurerm_dns_cname_record.frontegg
  ]
  name                = var.name
  country             = "US"
  frontend_stack      = "React"
  backend_stack       = "Python"
  open_saas_installed = false

  custom_domain   = "${azurerm_dns_cname_record.frontegg.name}.${var.dns_zone_name}"
  frontegg_domain = "${var.slug}.us.frontegg.com"
  allowed_origins = var.allowed_origins

  auth_policy {
    allow_unverified_users       = false
    allow_signups                = false
    enable_api_tokens            = true
    enable_roles                 = true
    jwt_algorithm                = "RS256"
    jwt_access_token_expiration  = 86400   # 1 day
    jwt_refresh_token_expiration = 2592000 # 30 days
    same_site_cookie_policy      = var.frontegg_cookie_policy
  }



  lockout_policy {
    max_attempts = 10
  }

  password_policy {
    allow_passphrases = false
    min_length        = 10
    max_length        = 128
    min_tests         = 2
    min_phrase_length = 6
    history           = 2
  }


  hosted_login {
    allowed_redirect_urls = var.allowed_redirect_urls
  }

  # saml {
  #   acs_url      = "https://mycompany.com/saml"
  #   sp_entity_id = "my-company"
  # }

  mfa_policy {
    allow_remember_device = true
    device_expiration     = 604800 # 7 days
    enforce               = "off"
  }
  user_activation_email {
    from_address  = var.from_address
    from_name     = var.name
    subject       = "Activate Your Account"
    html_template = templatefile("${path.module}/email-templates/user-activation.html", { name = var.name })
    redirect_url  = "https://domain/account/activate"
  }

  user_invitation_email {
    from_address  = var.from_address
    from_name     = var.name
    subject       = "${var.name} Invitation"
    html_template = templatefile("${path.module}/email-templates/user-invitation.html", { name = var.name })
    redirect_url  = "https://domain/account/invitation/accept"
  }
  admin_portal {
    enable_account_settings    = true
    enable_api_tokens          = true
    enable_audit_logs          = true
    enable_personal_api_tokens = false
    enable_privacy             = true
    enable_profile             = true
    enable_roles               = true
    enable_security            = true
    enable_sso                 = true
    enable_subscriptions       = true
    enable_usage               = true
    enable_users               = true
    enable_webhooks            = true

    palette {
      success        = "#2ca744"
      info           = "#5587c0"
      warning        = "#ffc107"
      error          = "#e1583e"
      primary        = "#43bb7a"
      primary_text   = "#ffffff"
      secondary      = "#fbfbfc"
      secondary_text = "#3c4a5a"
    }
  }

}

Debug Output

Secret Gist sent via DM.

Panic output

Expected Behavior

TBD. Open to a fix that just leaves the logo uploaded in the GUI or a fix that lets us supply the Logo to terraform.

Actual Behavior

After running terraform, the logo created in the portal is removed.

Steps to reproduce

Add logo to workspace
Run terraform apply

Important factoids

None

References

Missing hook for user.updated

Unable to define hook for user updated

Allow creating tenants in staging environment

We are trying to create tenants in staging using terraform, but it does not seem to support it

Expected Behavior

Terraform provider should create tenants in the appropriate environment (staging / QA) based on the URL

Actual Behavior

The provider always creates tenants in the development environment, regardless of the application URL

Steps to reproduce

Create a tenant using the staging application URL (staging-company.frontegg.com)
The tenant is created in the Development environment (dev-company.frontegg.com)

Feature Request: Add ability to manage all emails via terraform provider

Feature request: add support for all emails

Currently we have to manage some emails via terraform and the others manually, would be very nice to get all of these into terraform.

Currently the only emails that are supported for management via terraform are:

pwned_password_email
reset_password_email
user_activation_email
user_invitation_email

This Issue is requesting the addition of all the emails on this screen:

Specifically:

Magic Link
OTC
Connect New Device
User Used Invitation

custom_domain logic appears borked

The custom domain logic is not working, particularly, in the case that the Post to create it works on the very first attempt (no dns propigation issues), the value for validate is set to false regardless of this success, and the err is set to nil. This results in doing daig.FromErr(err) where err is nil, which is simply not allowed, and completely breaks in the case of TF bridge.
Further... the Post command will perform cname (and txt?) validation on the custom_domain so if it succeeds we don't need to retry or check for validation.

Terraform version

running / testing this through the pulumi bridge v0.2.31

Affected resources

workspace / custom_domains

Debug Output

I added some error logging to determine where this was occuring, don't be alarmed by the error messages, except error: expected non-nil error with nil state during Create of urn:... and the subsequent panic.

 frontegg:index:Workspace (frontegg):
    error:   provider/resource_frontegg_workspace.go:1438: provider: Updating workspace: provider="[email protected]+62f1f83b.dirty"
    error:   provider/resource_frontegg_workspace.go:1456: provider: updating workspace custom domains: provider="[email protected]+62f1f83b.dirty"
    error: expected non-nil error with nil state during Create of urn:...

  pulumi:pulumi:Stack (justin3):
    warning: using pulumi-resource-frontegg from $PATH at /Users/justin/go/bin/pulumi-resource-frontegg
    warning: using pulumi-resource-frontegg from $PATH at /Users/justin/go/bin/pulumi-resource-frontegg
    warning: using pulumi-resource-frontegg from $PATH at /Users/justin/go/bin/pulumi-resource-frontegg
    warning: using pulumi-resource-frontegg from $PATH at /Users/justin/go/bin/pulumi-resource-frontegg
    error: update failed

    panic: interface conversion: interface {} is nil, not map[string]interface {}
    goroutine 623 [running]:
    github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0x110ff2ad0?, 0x1400ed97230?}}, {0x0?, 0x0?}}, {0x10ca9966f, 0x8})
    	/home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/cty/value_ops.go:711 +0x258
    github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0x14000fddf20?, 0x110e96aa0?, 0x110e96a98?}, {0x110ff26a8, 0x1400c340720}, {0x111003218, 0x1400edf8780}, {0x110e35440?, 0x140030208c0?}, 0x1, ...)
    	/home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:250 +0xea4
    github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0x0?, {0x110e35440?, 0x140030208c0?})
    	/home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:100 +0x11c
    github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x110ff2788?, {0x110ff2788?, 0x11ba59f20?}, 0xd?, {0x110e35440?, 0x140030208c0?})
    	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:812 +0x64
    github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x140011c4540, {0x110ff2788, 0x11ba59f20}, 0x140087f6dd0, 0x1400eb69f00, {0x110e35440, 0x140030208c0})
    	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:924 +0x658
    github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0x14000b8fc20?, {0x1400079d730?, 0x1400edd5440?, 0x0?}}, {0x10caf3320, 0x12}, {0x110ff2bb8?, 0x1400ebece40}, {0x111002ce0?, 0x1400eb69f00})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfshim/sdk-v2/provider.go:100 +0x140
    github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0x140002862c0, {0x110ff26a8?, 0x1400bf96000?}, 0x1400becebd0)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfbridge/provider.go:975 +0x6d0
    github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0x111020fb8?, 0x140002862c0?})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:356 +0x3c
    github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0x14001e02eb0?, 0x1400bd5b788, 0x1400bd5b768?)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:303 +0xc4
    github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x1400bd5b7c8?, {0x110ff26a8?, 0x1400bf96000?}, 0x10e99f6e0?)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/[email protected]/muxer.go:355 +0x5c
    github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0x110ff26a8, 0x1400bf96000}, {0x110a45660?, 0x1400becebd0})
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/proto/go/provider_grpc.pb.go:609 +0x74
    github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0x110ff26a8, 0x14001d9d200}, {0x110a45660, 0x1400becebd0}, 0x1400ebf4440, 0x1400ebec918)
    	/home/runner/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/go/otgrpc/server.go:57 +0x2e8
    github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0x110ca22e0?, 0x14001e02eb0}, {0x110ff26a8, 0x14001d9d200}, 0x1400ebbb570, 0x1400c3f49c0)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/[email protected]/proto/go/provider_grpc.pb.go:611 +0x12c
    google.golang.org/grpc.(*Server).processUnaryRPC(0x1400045c3c0, {0x111005080, 0x1400953e9c0}, 0x1400e8ebc20, 0x14001cd4a80, 0x11ba06b10, 0x0)
    	/home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1360 +0xc04
    google.golang.org/grpc.(*Server).handleStream(0x1400045c3c0, {0x111005080, 0x1400953e9c0}, 0x1400e8ebc20, 0x0)
    	/home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:1737 +0x7c4
    google.golang.org/grpc.(*Server).serveStreams.func1.1()
    	/home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:982 +0x84
    created by google.golang.org/grpc.(*Server).serveStreams.func1 in goroutine 56
    	/home/runner/go/pkg/mod/google.golang.org/[email protected]/server.go:980 +0x154

Expected Behavior

It should create, or successfully re-create the custom domain or appropriately error.

Actual Behavior

The function attempts to return diag.FromErr(nil) when the expected output type of resourceFronteggWorkspaceUpdate is diag.Diagnostic, and not allowed to be nil. It does this despite successfully creating the custom_domain.

Steps to reproduce

Create a workspace resource with a custom domain that has cname/txt record validation done within the same terraform.
Create a workspace resource with a custom domain that already has cname + txt records already created, wait for a while then attempt to use terraform to create that custom domain resource.

These will hit a different code path, one requiring post retries, the other succeeding on the initial post.

References

The bug was introduced in this PR
https://github.com/frontegg/terraform-provider-frontegg/pull/118/files

SAML redirect url field

According to the docs (and code) we cannot set the redirect_url for SAML. Does an API allow for this feature?

Webhook delete appears broken on 0.2.44

Terraform version

Terraform v1.4.6
on darwin_arm64
+ provider registry.terraform.io/frontegg/frontegg v0.2.44

Affected resources

0.2.44
Please list the resources as a list, for example:

Webhook (delete)

Terraform configuration files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file.

Debug Output

 Error: restclient: request failed: DELETE https://frontegg-prod.frontegg.com/webhook/<redacted>: 400 Bad Request: map[Cf-Cache-Status:[DYNAMIC] Cf-Ray:[7e8c27a4098a1130-ORD] Content-Length:[36] Content-Security-Policy:[default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests] Content-Type:[application/json; charset=utf-8] Date:[Tue, 18 Jul 2023 16:38:25 GMT] Etag:[W/"24-EpjjG7cILmcP/cORBpyWYDAOe8w"] Expect-Ct:[max-age=0] Frontegg-Trace-Id:[0e05e6f0-67e2-4a17-a4cc-63d5868d9b36] Origin-Agent-Cluster:[?1] Referrer-Policy:[no-referrer] Server:[cloudflare] Strict-Transport-Security:[max-age=15552000; includeSubDomains] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Xss-Protection:[0]]: {"errors":["Invalid JSON provided"]}

Expected Behavior

Webhook should be delted

Actual Behavior

Delete fails with 400, invalid json provided

Steps to reproduce

provider "frontegg" {
  client_id      = "<id>"
  secret_key     = "<secret>"
  api_base_url    = "https://api.frontegg.com"
}

terraform {
  required_providers {
    frontegg = {
      source = "frontegg/frontegg"
      version = "0.2.44"
    }
  }
}

resource "frontegg_webhook" "example" {
  enabled     = true
  name        = "Example webhook"
  description = "An example of a webhook"
  url         = "https://test-url.com/api/internal/webhooks/frontegg-test"
  secret      = "example-secret"
  events = [
    "frontegg.user.authenticated"
  ]
}

terraform init
terraform apply
terraform destroy

Important factoids

It appears that this was brought on between v0.2.38 and v0.2.44 as it was seen after update of https://github.com/MaterializeInc/pulumi-frontegg from 0.2.25 to 0.2.26

Social logins removed on terraform apply

We're using terraform to configure frontegg.
We noticed that every time we run terraform apply, most settings act as expected, but the social logins we defined in the builder are removed from the actual login page.
This can be fixed by manually publishing some change to the environment in portal.frontegg.com, but this defeats the purpose of using terraform

Terraform version

1.3.4

Affected resources

social logins

Terraform configuration files

resource "frontegg_workspace" "frontegg" {
  allowed_origins     = ...
  backend_stack       = "Python"
  country             = "IL"
  frontegg_domain     = ...
  frontend_stack      = "React"
  name                = ...
  open_saas_installed = false

  password_policy {
    allow_passphrases = false
    history           = 0
    max_length        = 128
    min_length        = 8
    min_phrase_length = 6
    min_tests         = 2
  }
  lockout_policy {
    max_attempts = 10
  }
  hosted_login {
    allowed_redirect_urls = ...
  }
  auth_policy {
    allow_signups                = true
    allow_unverified_users       = true
    auth_strategy                = "EmailAndPassword"
    enable_api_tokens            = true
    enable_roles                 = true
    jwt_access_token_expiration  = 60 * 60 * 24 # 24 hours
    jwt_algorithm                = "RS256"
    jwt_refresh_token_expiration = 60 * 60 * 24 * 30 # 30 days
    same_site_cookie_policy      = "none"
  }
  mfa_policy {
    allow_remember_device = true
    device_expiration     = 60 * 60 * 24 * 14 # 14 days
    enforce               = "off"
  }
  mfa_authentication_app {
    service_name = ...
  }
  admin_portal {
    enable_account_settings    = true
    enable_api_tokens          = true
    enable_audit_logs          = true
    enable_personal_api_tokens = false
    enable_privacy             = true
    enable_profile             = true
    enable_roles               = false
    enable_security            = true
    enable_sso                 = true
    enable_subscriptions       = false
    enable_usage               = false
    enable_users               = true
    enable_webhooks            = false
    palette {
      error {
        light         = "#FFF4F4"
        main          = "#EA5C5C"
        contrast_text = ""
        dark          = ""
      }
      info {
        light         = "#EBF3FF"
        main          = "#498AEB"
        contrast_text = ""
        dark          = ""
      }
      primary {
        active        = "rgb(36, 112, 191)"
        dark          = "rgb(36, 112, 191)"
        hover         = "rgb(40, 127, 216)"
        light         = "rgb(99, 176, 255)"
        main          = "rgb(48, 150, 255)"
        contrast_text = ""
      }
      secondary {
        active        = "rgb(36, 112, 191)"
        dark          = "rgb(36, 112, 191)"
        hover         = "rgb(40, 127, 216)"
        light         = "rgb(99, 176, 255)"
        main          = "rgb(48, 150, 255)"
        contrast_text = ""
      }
      success {
        light         = "#F0FCEC"
        main          = "#4DA82D"
        contrast_text = ""
        dark          = ""
      }
      warning {
        light         = "#FFF7EC"
        main          = "#F0A534"
        contrast_text = ""
        dark          = ""
      }
    }
  }

Expected Behavior

The social logins should not have been removed.

Actual Behavior

The social logins are removed from the login page.
They are still configured correctly in the builder, but not in the real login page.

Steps to reproduce

terraform apply