From e568f2fd8aeef0e2b39708846d5af315e39372c7 Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Wed, 23 Oct 2024 17:36:12 +0200 Subject: [PATCH 1/4] add `oidc_token_config.issuer_mode` property to projects --- client/project.go | 3 ++- vercel/data_source_project.go | 8 ++++++++ vercel/data_source_project_test.go | 8 +++++++- vercel/resource_project.go | 32 +++++++++++++++++++++++------- vercel/resource_project_test.go | 2 ++ 5 files changed, 44 insertions(+), 9 deletions(-) diff --git a/client/project.go b/client/project.go index cf40dde0..4a8e02d9 100644 --- a/client/project.go +++ b/client/project.go @@ -16,7 +16,8 @@ type GitRepository struct { } type OIDCTokenConfig struct { - Enabled bool `json:"enabled"` + Enabled bool `json:"enabled"` + IssuerMode string `json:"issuerMode,omitempty"` } // EnvironmentVariable defines the information Vercel requires and surfaces about an environment variable diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index b76fdf68..42bd6528 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -228,6 +228,14 @@ For more detailed information, please see the [Vercel documentation](https://ver Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.", Computed: true, }, + "issuer_mode": schema.StringAttribute{ + Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com`", + Computed: true, + Optional: true, + Validators: []validator.String{ + stringOneOf("team", "global"), + }, + }, }, }, "options_allowlist": schema.SingleNestedAttribute{ diff --git a/vercel/data_source_project_test.go b/vercel/data_source_project_test.go index 2deccaeb..b18474bd 100644 --- a/vercel/data_source_project_test.go +++ b/vercel/data_source_project_test.go @@ -55,6 +55,8 @@ func TestAcc_ProjectDataSource(t *testing.T) { resource.TestCheckResourceAttr("data.vercel_project.test", "skew_protection", "7 days"), resource.TestCheckResourceAttr("data.vercel_project.test", "resource_config.function_default_cpu_type", "standard_legacy"), resource.TestCheckResourceAttr("data.vercel_project.test", "resource_config.function_default_timeout", "30"), + resource.TestCheckResourceAttr("data.vercel_project.test", "oidc_token_config.enabled", "true"), + resource.TestCheckResourceAttr("data.vercel_project.test", "oidc_token_config.issuer_mode", "team"), ), }, }, @@ -129,7 +131,11 @@ resource "vercel_project" "test" { } resource_config = { function_default_cpu_type = "standard_legacy" - function_default_timeout = 30 + function_default_timeout = 30 + } + oidc_token_config = { + enabled = true + issuer_mode = "team" } } diff --git a/vercel/resource_project.go b/vercel/resource_project.go index 7573deac..a0cabc4d 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -310,13 +310,25 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.", Required: true, }, + "issuer_mode": schema.StringAttribute{ + Optional: true, + Computed: true, + Default: stringdefault.StaticString("team"), + Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com`", + PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()}, + Validators: []validator.String{ + stringOneOf("team", "global"), + }, + }, }, Default: objectdefault.StaticValue(types.ObjectValueMust( map[string]attr.Type{ - "enabled": types.BoolType, + "enabled": types.BoolType, + "issuer_mode": types.StringType, }, map[string]attr.Value{ - "enabled": types.BoolValue(false), + "enabled": types.BoolValue(false), + "issuer_mode": types.StringValue("team"), }, )), }, @@ -878,7 +890,8 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps { } type OIDCTokenConfig struct { - Enabled types.Bool `tfsdk:"enabled"` + Enabled types.Bool `tfsdk:"enabled"` + IssuerMode types.String `tfsdk:"issuer_mode"` } func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig { @@ -887,19 +900,22 @@ func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig { } return &client.OIDCTokenConfig{ - Enabled: o.Enabled.ValueBool(), + Enabled: o.Enabled.ValueBool(), + IssuerMode: o.IssuerMode.ValueString(), } } func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { if o == nil { return &client.OIDCTokenConfig{ - Enabled: types.BoolValue(false).ValueBool(), + Enabled: types.BoolValue(false).ValueBool(), + IssuerMode: types.StringValue("team").ValueString(), } } return &client.OIDCTokenConfig{ - Enabled: o.Enabled.ValueBool(), + Enabled: o.Enabled.ValueBool(), + IssuerMode: o.IssuerMode.ValueString(), } } @@ -1124,10 +1140,12 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon } var oidcTokenConfig = &OIDCTokenConfig{ - Enabled: types.BoolValue(false), + Enabled: types.BoolValue(false), + IssuerMode: types.StringValue("team"), } if response.OIDCTokenConfig != nil { oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled) + oidcTokenConfig.IssuerMode = types.StringValue(response.OIDCTokenConfig.IssuerMode) } resourceConfig := &ResourceConfig{} diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go index 1d1efcf3..3c36e3cd 100644 --- a/vercel/resource_project_test.go +++ b/vercel/resource_project_test.go @@ -81,6 +81,7 @@ func TestAcc_Project(t *testing.T) { resource.TestCheckResourceAttr("vercel_project.test", "directory_listing", "true"), resource.TestCheckResourceAttr("vercel_project.test", "skew_protection", "7 days"), resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"), + resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.issuer_mode", "team"), ), }, // Update testing @@ -747,6 +748,7 @@ resource "vercel_project" "test" { skew_protection = "7 days" oidc_token_config = { enabled = true + issuer_mode = "team" } environment = [ { From 744e240d4af3590dfd9855cc8a42c915134891ce Mon Sep 17 00:00:00 2001 From: Douglas Harcourt Parsons Date: Wed, 23 Oct 2024 16:48:44 +0100 Subject: [PATCH 2/4] Generate docs --- docs/data-sources/project.md | 4 ++++ docs/resources/project.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 33e61425..8dad2799 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -120,6 +120,10 @@ Read-Only: ### Nested Schema for `oidc_token_config` +Optional: + +- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com` + Read-Only: - `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information. diff --git a/docs/resources/project.md b/docs/resources/project.md index b7943bcd..ad6cddef 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -154,6 +154,10 @@ Required: - `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information. +Optional: + +- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com` + ### Nested Schema for `options_allowlist` From cba095a47f8b01c013abdbfddab6924c1821577e Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Thu, 24 Oct 2024 09:55:36 +0200 Subject: [PATCH 3/4] set issuer_mode default to global --- vercel/data_source_project.go | 2 +- vercel/resource_project.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index 931148be..f8ef69cd 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -233,7 +233,7 @@ For more detailed information, please see the [Vercel documentation](https://ver Computed: true, }, "issuer_mode": schema.StringAttribute{ - Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com`", + Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`", Computed: true, Optional: true, Validators: []validator.String{ diff --git a/vercel/resource_project.go b/vercel/resource_project.go index 6d1de93f..3ac8224e 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -322,7 +322,7 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ Optional: true, Computed: true, Default: stringdefault.StaticString("team"), - Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com`", + Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`", PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()}, Validators: []validator.String{ stringOneOf("team", "global"), @@ -336,7 +336,7 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ }, map[string]attr.Value{ "enabled": types.BoolValue(false), - "issuer_mode": types.StringValue("team"), + "issuer_mode": types.StringValue("global"), }, )), }, @@ -920,7 +920,7 @@ func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { if o == nil { return &client.OIDCTokenConfig{ Enabled: types.BoolValue(false).ValueBool(), - IssuerMode: types.StringValue("team").ValueString(), + IssuerMode: types.StringValue("global").ValueString(), } } @@ -1153,7 +1153,7 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon var oidcTokenConfig = &OIDCTokenConfig{ Enabled: types.BoolValue(false), - IssuerMode: types.StringValue("team"), + IssuerMode: types.StringValue("global"), } if response.OIDCTokenConfig != nil { oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled) From 2139c7b2dc1abde5d91d526a975cc5eaece0dc01 Mon Sep 17 00:00:00 2001 From: Douglas Harcourt Parsons Date: Thu, 24 Oct 2024 09:15:28 +0100 Subject: [PATCH 4/4] Regenerate docs --- docs/data-sources/project.md | 2 +- docs/resources/project.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 20e15654..4991a707 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -123,7 +123,7 @@ Read-Only: Optional: -- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com` +- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com` Read-Only: diff --git a/docs/resources/project.md b/docs/resources/project.md index 4b7fdcc9..0dc656d7 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -157,7 +157,7 @@ Required: Optional: -- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `owner` = `https://oidc.vercel.com` +- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`