Puppet Function: auth0_get_client_credentials_by_name

Defined in:
lib/puppet/functions/auth0_get_client_credentials_by_name.rb
Function type:
Ruby 4.x API

Overview

Retrieves Client (Application) credentials from the Auth0 Management API by name.

Note:

This function uses the following scopes from Auth0’s Management API:

* `read:clients`
* `read:client_keys`

Signatures:

  • auth0_get_client_credentials_by_name(String $client_name, String $management_client_id, String $management_client_secret, String $tenant_domain)Optional[Credentials]

    Gets client_id and client_secret for a client specified by name.

    Examples:

    Retrieving client credentials.

    auth0_get_client_credentials_by_name('Example Application',$auth0_id,$auth0_secret,'example.auth0.com')

    Parameters:

    • client_name (String)

      The display name of the client whose credentials will be retrieved

    • management_client_id (String)

      The client_id that Puppet should use to access the Auth0 Management API

    • management_client_secret (String)

      The client_secret that Puppet should use to access the Auth0 Management API

    • tenant_domain (String)

      The Auth0 Domain (Tenant) that is being queried.

    Returns:

    • (Optional[Credentials])

      A Hash with two keys, ‘client_id’ and ‘client_secret’, containing the credentials for the requested client. Returns Undef if no client with the requested name could be found.

  • auth0_get_client_credentials_by_name(String $client_name)Optional[Credentials]

    Gets client_id and client_secret for a client specified by name. Retrieves credentials for the Auth0 Management API from Hiera under the keys ‘auth0::management_client_id’, ‘auth0::management_client_secret’ and ‘auth0::tenant_domain’.

    Examples:

    Retrieving client credentials.

    auth0_get_client_credentials_by_name('Example Application')

    Parameters:

    • client_name (String)

      The name of the client whose credentials will be retrieved

    Returns:

    • (Optional[Credentials])

      A Hash with two keys, ‘client_id’ and ‘client_secret’, containing the credentials for the requested client. Returns Undef if no client with the requested name could be found.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/puppet/functions/auth0_get_client_credentials_by_name.rb', line 8

Puppet::Functions.create_function(:auth0_get_client_credentials_by_name) do
  local_types do
    type 'Credentials = Struct[{client_id => String, client_secret => String}]'
  end

  # Gets client_id and client_secret for a client specified by name.
  # @param client_name
  #   The display name of the client whose credentials will be retrieved
  # @param management_client_id
  #   The client_id that Puppet should use to access the Auth0 Management API
  # @param management_client_secret
  #   The client_secret that Puppet should use to access the Auth0 Management API
  # @param tenant_domain
  #   The Auth0 Domain (Tenant) that is being queried.
  # @return
  #   A Hash with two keys, 'client_id' and 'client_secret', containing
  #   the credentials for the requested client. Returns Undef if no client with
  #   the requested name could be found.
  # @example Retrieving client credentials.
  #   auth0_get_client_credentials_by_name('Example Application',$auth0_id,$auth0_secret,'example.auth0.com')
  dispatch :query do
    param 'String', :client_name
    param 'String', :management_client_id
    param 'String', :management_client_secret
    param 'String', :tenant_domain
    return_type 'Optional[Credentials]'
  end

  # Gets client_id and client_secret for a client specified by name. Retrieves credentials for the Auth0
  # Management API from Hiera under the keys 'auth0::management_client_id', 'auth0::management_client_secret'
  # and 'auth0::tenant_domain'.
  # @param client_name
  #   The name of the client whose credentials will be retrieved
  # @return
  #   A Hash with two keys, 'client_id' and 'client_secret', containing
  #   the credentials for the requested client. Returns Undef if no client with
  #   the requested name could be found.
  # @example Retrieving client credentials.
  #   auth0_get_client_credentials_by_name('Example Application')
  dispatch :implicit_query do
    param 'String', :client_name
    return_type 'Optional[Credentials]'
  end

  def query(client_name,id,secret,domain)
    api_client = Puppet::Pops::Adapters::Auth0Adapter.adapt(closure_scope.compiler).client(id,secret,domain)
    Puppet.info("Querying the Auth0 tenant at #{domain} for clients")

    found_clients = find_clients(api_client,client_name)
    Puppet.warning("Found #{found_clients.count} clients with the name #{client_name}, choosing the first one.") if found_clients.count > 1
    client = found_clients.first

    if client
      Puppet.debug("Got client data: #{client.inspect}")
      {'client_id' => client['client_id'], 'client_secret' => client['client_secret']}
    else
      Puppet.warning("No client named #{client_name} found.")
      nil
    end
  end

  def implicit_query(client_name)
    management_client_id = closure_scope.call_function('lookup','auth0::management_client_id')
    management_client_secret = closure_scope.call_function('lookup','auth0::management_client_secret')
    tenant_domain = closure_scope.call_function('lookup','auth0::tenant_domain')
    query(client_name,management_client_id,management_client_secret,tenant_domain)
  end

  def find_clients(api_client, client_name)
    results = []
    0.step do |page|
      result = api_client.get_clients(fields: ['name','client_id','client_secret'], page: page, per_page: 50)
      break if result.empty?
      results.concat(result)
    end
    results.find_all {|c| c['name'] == client_name }
  end
end