auth0 · Widcket · Jun 16, 2021 · Jun 15, 2021 · Jun 15, 2021 · Jun 15, 2021
@@ -42,8 +42,10 @@ require (
 	golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
 	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
 	golang.org/x/text v0.3.5 // indirect
-	gopkg.in/auth0.v5 v5.17.0
+	gopkg.in/auth0.v5 v5.18.0
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
+
+replace gopkg.in/auth0.v5 => github.com/go-auth0/auth0 v1.3.1-0.20210615225247-8be98bbd9fc2
@@ -138,6 +138,8 @@ github.com/getsentry/sentry-go v0.11.0/go.mod h1:KBQIxiZAetw62Cj8Ri964vAEWVdgfaU
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
 github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
+github.com/go-auth0/auth0 v1.3.1-0.20210615225247-8be98bbd9fc2 h1:/l2v4Rrnp0ACgi1pJIMuVXoBqBEcr7QAYtoJzQOz9EM=
+github.com/go-auth0/auth0 v1.3.1-0.20210615225247-8be98bbd9fc2/go.mod h1:ZUc29HB1p9iYkA1ti2uz/kVL3I9vg+Hs+qFjHKub9SM=
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
@@ -785,8 +787,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/auth0.v5 v5.17.0 h1:QBY9DJh/LNE1qEQc8r7Bg6edj+AyNb+r0UxZplx598g=
-gopkg.in/auth0.v5 v5.17.0/go.mod h1:ZUc29HB1p9iYkA1ti2uz/kVL3I9vg+Hs+qFjHKub9SM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=

@@ -35,7 +35,7 @@ var requiredScopes = []string{
 	"read:branding", "update:branding",
 	"read:connections", "update:connections",
 	"read:client_keys", "read:logs", "read:tenant_settings", 
-	"read:custom_domains", "create:custom_domains", "delete:custom_domains",
+	"read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains",
 	"read:anomaly_blocks", "delete:anomaly_blocks",
 	"create:log_streams", "delete:log_streams", "read:log_streams", "update:log_streams",
 }

@@ -29,7 +29,7 @@ func TestRequiredScopes(t *testing.T) {
 		list := []string{
 			"read:branding", "update:branding",
 			"read:connections", "update:connections",
-			"read:custom_domains", "create:custom_domains", "delete:custom_domains",
+			"read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains",
 			"read:client_keys", "read:logs", "read:tenant_settings",
 			"read:anomaly_blocks", "delete:anomaly_blocks",
 		}

@@ -10,6 +10,9 @@ type CustomDomainAPI interface {
 	// Read retrieves a custom domain by its id.
 	Read(id string, opts ...management.RequestOption) (c *management.CustomDomain, err error)
 
+	// Update a custom domain.
+	Update(id string, c *management.CustomDomain, opts ...management.RequestOption) (err error)
+
 	// Delete a custom domain.
 	Delete(id string, opts ...management.RequestOption) (err error)
 

@@ -274,7 +274,7 @@ auth0 apis update -n myapi -e 6100 --offline-access=true`,
 				current, err = cli.api.ResourceServer.Read(url.PathEscape(inputs.ID))
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load API. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load API: %w", err)
 			}
 
 			if err := apiName.AskU(cmd, &inputs.Name, current.Name); err != nil {

@@ -249,7 +249,7 @@ auth0 apps show <id>`,
 				a, err = cli.api.Client.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load application. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load application: %w", err)
 			}
 
 			cli.renderer.ApplicationShow(a, inputs.Reveal)
@@ -494,7 +494,7 @@ auth0 apps update <id> -n myapp --type [native|spa|regular|m2m]`,
 				current, err = cli.api.Client.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load application. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load application: %w", err)
 			}
 
 			// Prompt for app name

@@ -13,8 +13,10 @@ import (
 
 const (
 	customDomainProvisioningTypeAuth0 = "auth0_managed_certs"
-	customDomainProvisioningTypeSelf = "self_managed_certs"
+	customDomainProvisioningTypeSelf  = "self_managed_certs"
 	customDomainVerificationMethodTxt = "txt"
+	customDomainTLSPolicyRecommended  = "recommended"
+	customDomainTLSPolicyCompatible   = "compatible"
 )
 
 var (
@@ -32,10 +34,10 @@ var (
 	}
 
 	customDomainType = Flag{
-		Name:       "Provisioning Type",
-		LongForm:   "type",
-		ShortForm:  "t",
-		Help:       "Custom domain provisioning type. Must be 'auth0' for Auth0-managed certs or 'self' for self-managed certs.",
+		Name:      "Provisioning Type",
+		LongForm:  "type",
+		ShortForm: "t",
+		Help:      "Custom domain provisioning type. Must be 'auth0' for Auth0-managed certs or 'self' for self-managed certs.",
 	}
 
 	customDomainVerification = Flag{
@@ -44,6 +46,27 @@ var (
 		ShortForm: "v",
 		Help:      "Custom domain verification method. Must be 'txt'.",
 	}
+
+	customDomainPolicy = Flag{
+		Name:         "TLS Policy",
+		LongForm:     "policy",
+		ShortForm:    "p",
+		Help:         "The TLS version policy. Can be either 'compatible' or 'recommended'.",
+		AlwaysPrompt: true,
+	}
+
+	customDomainIPHeader = Flag{
+		Name:         "Custom Client IP Header",
+		LongForm:     "ip-header",
+		ShortForm:    "i",
+		Help:         "The HTTP header to fetch the client's IP address.",
+		AlwaysPrompt: true,
+	}
+
+	customDomainPolicyOptions = []string{
+		customDomainTLSPolicyRecommended,
+		customDomainTLSPolicyCompatible,
+	}
 )
 
 func customDomainsCmd(cli *cli) *cobra.Command {
@@ -57,6 +80,7 @@ func customDomainsCmd(cli *cli) *cobra.Command {
 	cmd.AddCommand(listCustomDomainsCmd(cli))
 	cmd.AddCommand(showCustomDomainCmd(cli))
 	cmd.AddCommand(createCustomDomainCmd(cli))
+	cmd.AddCommand(updateCustomDomainCmd(cli))
 	cmd.AddCommand(deleteCustomDomainCmd(cli))
 	cmd.AddCommand(verifyCustomDomainCmd(cli))
 
@@ -134,9 +158,11 @@ auth0 branding domains show <id>`,
 
 func createCustomDomainCmd(cli *cli) *cobra.Command {
 	var inputs struct {
-		Domain             string
-		Type               string
-		VerificationMethod string
+		Domain               string
+		Type                 string
+		VerificationMethod   string
+		TLSPolicy            string
+		CustomClientIPHeader string
 	}
 
 	cmd := &cobra.Command{
@@ -155,16 +181,24 @@ auth0 branding domains create <id>`,
 				Domain: &inputs.Domain,
 			}
 
-			if len(inputs.Type) > 0 {
+			if inputs.Type != "" {
 				customDomain.Type = apiProvisioningTypeFor(inputs.Type)
 			} else {
 				customDomain.Type = auth0.String(customDomainProvisioningTypeAuth0)
 			}
 
-			if len(inputs.VerificationMethod) > 0 {
+			if inputs.VerificationMethod != "" {
 				customDomain.VerificationMethod = apiVerificationMethodFor(inputs.VerificationMethod)
 			}
 
+			if inputs.TLSPolicy != "" {
+				customDomain.TLSPolicy = apiTLSPolicyFor(inputs.TLSPolicy)
+			}
+
+			if inputs.CustomClientIPHeader != "" {
+				customDomain.CustomClientIPHeader = &inputs.CustomClientIPHeader
+			}
+
 			if err := ansi.Waiting(func() error {
 				return cli.api.CustomDomain.Create(customDomain)
 			}); err != nil {
@@ -176,9 +210,89 @@ auth0 branding domains create <id>`,
 		},
 	}
 
-	customDomainDomain.RegisterStringU(cmd, &inputs.Domain, "")
-	customDomainType.RegisterStringU(cmd, &inputs.Type, "")
-	customDomainVerification.RegisterStringU(cmd, &inputs.VerificationMethod, "")
+	customDomainDomain.RegisterString(cmd, &inputs.Domain, "")
+	customDomainType.RegisterString(cmd, &inputs.Type, "")
+	customDomainVerification.RegisterString(cmd, &inputs.VerificationMethod, "")
+	customDomainPolicy.RegisterString(cmd, &inputs.TLSPolicy, "")
+	customDomainIPHeader.RegisterString(cmd, &inputs.CustomClientIPHeader, "")
+
+	return cmd
+}
+
+func updateCustomDomainCmd(cli *cli) *cobra.Command {
+	var inputs struct {
+		ID                   string
+		TLSPolicy            string
+		CustomClientIPHeader string
+	}
+
+	cmd := &cobra.Command{
+		Use:   "update",
+		Args:  cobra.MaximumNArgs(1),
+		Short: "Update a custom domain",
+		Long:  "Update a custom domain.",
+		Example: `auth0 branding domains update
+auth0 branding domains update <id> --policy compatible
+auth0 branding domains update <id> -p compatible --ip-header "cf-connecting-ip"`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			var current *management.CustomDomain
+
+			if len(args) == 0 {
+				err := customDomainID.Pick(cmd, &inputs.ID, cli.customDomainsPickerOptions)
+				if err != nil {
+					return err
+				}
+			} else {
+				inputs.ID = args[0]
+			}
+
+			// Load custom domain by id
+			if err := ansi.Waiting(func() error {
+				var err error
+				current, err = cli.api.CustomDomain.Read(inputs.ID)
+				return err
+			}); err != nil {
+				return fmt.Errorf("Unable to load custom domain: %w", err)
+			}
+
+			// Prompt for TLS policy
+			if err := customDomainPolicy.SelectU(cmd, &inputs.TLSPolicy, customDomainPolicyOptions, current.TLSPolicy); err != nil {
+				return err
+			}
+
+			// Prompt for custom domain custom client IP header
+			if err := customDomainIPHeader.AskU(cmd, &inputs.CustomClientIPHeader, current.CustomClientIPHeader); err != nil {
+				return err
+			}
+
+			// Start with an empty custom domain object. We'll conditionally
+			// hydrate it based on the provided parameters since
+			// we'll do PATCH semantics.
+			c := &management.CustomDomain{}
+
+			if inputs.TLSPolicy != "" {
+				c.TLSPolicy = apiTLSPolicyFor(inputs.TLSPolicy)
+			}
+
+			if inputs.CustomClientIPHeader != "" {
+				c.CustomClientIPHeader = &inputs.CustomClientIPHeader
+			}
+
+			// Update custom domain
+			if err := ansi.Waiting(func() error {
+				return cli.api.CustomDomain.Update(inputs.ID, c)
+			}); err != nil {
+				return fmt.Errorf("Unable to update custom domain: %v", err)
+			}
+
+			// Render custom domain update specific view
+			cli.renderer.CustomDomainUpdate(c)
+			return nil
+		},
+	}
+
+	customDomainPolicy.RegisterStringU(cmd, &inputs.TLSPolicy, "")
+	customDomainIPHeader.RegisterStringU(cmd, &inputs.CustomClientIPHeader, "")
 
 	return cmd
 }
@@ -286,6 +400,17 @@ func apiVerificationMethodFor(v string) *string {
 	}
 }
 
+func apiTLSPolicyFor(v string) *string {
+	switch v {
+	case "recommended":
+		return auth0.String(customDomainTLSPolicyRecommended)
+	case "compatible":
+		return auth0.String(customDomainTLSPolicyCompatible)
+	default:
+		return auth0.String(v)
+	}
+}
+
 func (c *cli) customDomainsPickerOptions() (pickerOptions, error) {
 	var opts pickerOptions
 

@@ -222,7 +222,7 @@ auth0 logs streams show <id>`,
 				a, err = cli.api.LogStream.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load log stream. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load log stream: %w", err)
 			}
 			cli.renderer.LogStreamShow(a)
 			return nil
@@ -487,7 +487,7 @@ auth0 logs streams update <id> -n myeventbridge -t eventbridge`,
 				current, err = cli.api.LogStream.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load logstream. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load logstream: %w", err)
 			}
 
 			// Prompt for log stream name

@@ -110,7 +110,7 @@ auth0 roles show <id>`,
 				r, err = cli.api.Role.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load role. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load role: %w", err)
 			}
 
 			cli.renderer.RoleShow(r)

@@ -207,7 +207,7 @@ auth0 rules show <id>`,
 			})
 
 			if err != nil {
-				return fmt.Errorf("Unable to load rule. The ID %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load rule: %w", err)
 			}
 
 			cli.renderer.RuleShow(rule)

@@ -250,7 +250,7 @@ auth0 users show <id>`,
 				a, err = cli.api.User.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load user. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load user: %w", err)
 			}
 
 			// get the current connection
@@ -345,7 +345,7 @@ auth0 users update -n John Doe --email john.doe@example.com`,
 				current, err = cli.api.User.Read(inputs.ID)
 				return err
 			}); err != nil {
-				return fmt.Errorf("Unable to load user. The Id %v specified doesn't exist", inputs.ID)
+				return fmt.Errorf("Unable to load user: %w", err)
 			}
 			// using getUserConnection to get connection name from user Identities
 			// just using current.connection will return empty