[DXCDT-60] Add attack protection update commands (auth0#407)

commander.yaml

@@ -605,3 +605,37 @@ tests:
         - STAGE_PRE_USER_REGISTRATION_MAX_ATTEMPTS
         - STAGE_PRE_USER_REGISTRATION_RATE
     exit-code: 0
+
+  attack protection update breached password detection:
+    command: auth0 attack-protection breached-password-detection update --enabled
+    stdout:
+      contains:
+        - ENABLED
+        - SHIELDS
+        - ADMIN_NOTIFICATION_FREQUENCY
+        - METHOD
+    exit-code: 0
+
+  attack protection update brute force protection:
+    command: auth0 attack-protection brute-force-protection update --enabled
+    stdout:
+      contains:
+        - ENABLED
+        - SHIELDS
+        - ALLOW_LIST
+        - MODE
+        - MAX_ATTEMPTS
+    exit-code: 0
+
+  attack protection update suspicious ip throttling:
+    command: auth0 attack-protection suspicious-ip-throttling update --enabled
+    stdout:
+      contains:
+        - ENABLED
+        - SHIELDS
+        - ALLOW_LIST
+        - STAGE_PRE_LOGIN_MAX_ATTEMPTS
+        - STAGE_PRE_LOGIN_RATE
+        - STAGE_PRE_USER_REGISTRATION_MAX_ATTEMPTS
+        - STAGE_PRE_USER_REGISTRATION_RATE
+    exit-code: 0

docs/auth0_attack_protection_breached_password_detection_update.md

@@ -0,0 +1,49 @@
+---
+layout: default
+---
+## auth0 attack-protection breached-password-detection update
+
+Update breached password detection settings
+
+### Synopsis
+
+Update breached password detection settings.
+
+```
+auth0 attack-protection breached-password-detection update [flags]
+```
+
+### Examples
+
+```
+auth0 attack-protection breached-password-detection update
+```
+
+### Options
+
+```
+  -f, --admin-notification-frequency strings   When "admin_notification" is enabled, determines how often email notifications are sent. Possible values:
+                                               immediately, daily, weekly, monthly. Comma-separated.
+  -e, --enabled                                Enable (or disable) breached password detection.
+  -h, --help                                   help for update
+  -m, --method string                          The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard.
+                                               Possible values: standard, enhanced.
+  -s, --shields strings                        Action to take when a breached password is detected. Possible values: block, user_notification,
+                                               admin_notification. Comma-separated.
+```
+
+### Options inherited from parent commands
+
+```
+      --debug           Enable debug mode.
+      --force           Skip confirmation.
+      --format string   Command output format. Options: json.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+### SEE ALSO
+
+* [auth0 attack-protection](auth0_attack_protection.md)	 - Manage attack protection settings
+* [auth0 attack-protection breached-password-detection](auth0_attack_protection_breached_password_detection.md)	 - Manage breached password detection settings

docs/auth0_attack_protection_brute_force_protection_update.md

@@ -0,0 +1,48 @@
+---
+layout: default
+---
+## auth0 attack-protection brute-force-protection update
+
+Update brute force protection settings
+
+### Synopsis
+
+Update brute force protection settings.
+
+```
+auth0 attack-protection brute-force-protection update [flags]
+```
+
+### Examples
+
+```
+auth0 attack-protection brute-force-protection update
+```
+
+### Options
+
+```
+  -l, --allowlist strings   List of trusted IP addresses that will not have attack protection enforced against them. Comma-separated.
+  -e, --enabled             Enable (or disable) brute force protection.
+  -h, --help                help for update
+  -a, --max-attempts int    Maximum number of unsuccessful attempts. (default 1)
+  -m, --mode string         Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values:
+                            count_per_identifier_and_ip, count_per_identifier.
+  -s, --shields strings     Action to take when a brute force protection threshold is violated. Possible values: block, user_notification. Comma-separated.
+```
+
+### Options inherited from parent commands
+
+```
+      --debug           Enable debug mode.
+      --force           Skip confirmation.
+      --format string   Command output format. Options: json.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+### SEE ALSO
+
+* [auth0 attack-protection](auth0_attack_protection.md)	 - Manage attack protection settings
+* [auth0 attack-protection brute-force-protection](auth0_attack_protection_brute_force_protection.md)	 - Manage brute force protection settings

docs/auth0_attack_protection_suspicious_ip_throttling_update.md

@@ -0,0 +1,51 @@
+---
+layout: default
+---
+## auth0 attack-protection suspicious-ip-throttling update
+
+Update suspicious ip throttling settings
+
+### Synopsis
+
+Update suspicious ip throttling settings.
+
+```
+auth0 attack-protection suspicious-ip-throttling update [flags]
+```
+
+### Examples
+
+```
+auth0 attack-protection suspicious-ip-throttling update
+```
+
+### Options
+
+```
+  -l, --allowlist strings           List of trusted IP addresses that will not have attack protection enforced against them. Comma-separated.
+  -e, --enabled                     Enable (or disable) suspicious ip throttling.
+  -h, --help                        help for update
+      --pre-login-max int           Configuration options that apply before every login attempt. Total number of attempts allowed per day. (default 1)
+      --pre-login-rate int          Configuration options that apply before every login attempt. Interval of time, given in milliseconds, at which new attempts
+                                    are granted. (default 34560)
+      --pre-registration-max int    Configuration options that apply before every user registration attempt. Total number of attempts allowed. (default 1)
+      --pre-registration-rate int   Configuration options that apply before every user registration attempt. Interval of time, given in milliseconds, at which
+                                    new attempts are granted. (default 1200)
+  -s, --shields strings             Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification. Comma-separated.
+```
+
+### Options inherited from parent commands
+
+```
+      --debug           Enable debug mode.
+      --force           Skip confirmation.
+      --format string   Command output format. Options: json.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+### SEE ALSO
+
+* [auth0 attack-protection](auth0_attack_protection.md)	 - Manage attack protection settings
+* [auth0 attack-protection suspicious-ip-throttling](auth0_attack_protection_suspicious_ip_throttling.md)	 - Manage suspicious ip throttling settings

internal/auth/auth.go

@@ -38,7 +38,7 @@ var requiredScopes = []string{
 	"create:actions", "delete:actions", "read:actions", "update:actions",
 	"create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles",
 	"read:prompts", "update:prompts",
-	"read:attack_protection",
+	"read:attack_protection", "update:attack_protection",
 }
 
 type Authenticator struct {

internal/auth0/attack_protection.go

@@ -14,6 +14,16 @@ type AttackProtectionAPI interface {
 		opts ...management.RequestOption,
 	) (bpd *management.BreachedPasswordDetection, err error)
 
+	// UpdateBreachedPasswordDetection updates the breached password detection settings.
+	//
+	// Required scope: `update:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_breached_password_detection
+	UpdateBreachedPasswordDetection(
+		bpd *management.BreachedPasswordDetection,
+		opts ...management.RequestOption,
+	) (err error)
+
 	// GetBruteForceProtection retrieves the brute force configuration.
 	//
 	// Required scope: `read:attack_protection`
@@ -23,6 +33,16 @@ type AttackProtectionAPI interface {
 		opts ...management.RequestOption,
 	) (bfp *management.BruteForceProtection, err error)
 
+	// UpdateBruteForceProtection updates the brute force configuration.
+	//
+	// Required scope: `update:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_brute_force_protection
+	UpdateBruteForceProtection(
+		bfp *management.BruteForceProtection,
+		opts ...management.RequestOption,
+	) (err error)
+
 	// GetSuspiciousIPThrottling retrieves the suspicious IP throttling configuration.
 	//
 	// Required scope: `read:attack_protection`
@@ -31,4 +51,14 @@ type AttackProtectionAPI interface {
 	GetSuspiciousIPThrottling(
 		opts ...management.RequestOption,
 	) (sit *management.SuspiciousIPThrottling, err error)
+
+	// UpdateSuspiciousIPThrottling updates the suspicious IP throttling configuration.
+	//
+	// Required scope: `update:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_suspicious_ip_throttling
+	UpdateSuspiciousIPThrottling(
+		sit *management.SuspiciousIPThrottling,
+		opts ...management.RequestOption,
+	) (err error)
 }