From 25cd25159d51af86f22ff4548d6253bb2c3536ed Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Tue, 21 May 2024 12:24:21 +0200 Subject: [PATCH 1/4] add OPTIONS Allowlist to terraform --- client/deployment_protection.go | 8 +++++ client/project.go | 2 ++ docs/data-sources/project.md | 14 +++++++++ docs/resources/project.md | 13 ++++++++ vercel/data_source_project.go | 17 ++++++++++ vercel/deployment_protection.go | 8 +++++ vercel/resource_project.go | 56 +++++++++++++++++++++++++++++++++ 7 files changed, 118 insertions(+) diff --git a/client/deployment_protection.go b/client/deployment_protection.go index eba07053..bc59c43d 100644 --- a/client/deployment_protection.go +++ b/client/deployment_protection.go @@ -26,3 +26,11 @@ type TrustedIps struct { type ProtectionBypass struct { Scope string `json:"scope"` } + +type OptionsAllowlist struct { + Paths []OptionsAllowlistPath `json:"paths"` +} + +type OptionsAllowlistPath struct { + Value string `json:"value"` +} diff --git a/client/project.go b/client/project.go index a2034b75..8592edd4 100644 --- a/client/project.go +++ b/client/project.go @@ -169,6 +169,7 @@ type ProjectResponse struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtection `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` + OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` ProtectionBypass map[string]ProtectionBypass `json:"protectionBypass"` AutoExposeSystemEnvVars *bool `json:"autoExposeSystemEnvs"` EnablePreviewFeedback *bool `json:"enablePreviewFeedback"` @@ -261,6 +262,7 @@ type UpdateProjectRequest struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` + OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"` EnablePreviewFeedback *bool `json:"enablePreviewFeedback"` AutoAssignCustomDomains bool `json:"autoAssignCustomDomains"` diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index df938d1b..d0058463 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -69,6 +69,7 @@ output "project_id" { - `skew_protection` (String) Ensures that outdated clients always fetch the correct version for a given deployment. This value defines how long Vercel keeps Skew Protection active. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) +- `options_allowlist` (Attributes) Configuration for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist)) ### Nested Schema for `environment` @@ -139,6 +140,19 @@ Read-Only: - `note` (String) - `value` (String) + +### Nested Schema for `options_allowlist` + +Read-Only: + +- `paths` (List of Object) The allowed paths for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist--paths)) + + +### Nested Schema for `options_allowlist.paths` + +Read-Only: + +- `value` (String) diff --git a/docs/resources/project.md b/docs/resources/project.md index 1984bbd9..b60290f2 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -82,6 +82,7 @@ resource "vercel_project" "example" { - `team_id` (String) The team ID to add the project to. Required when configuring a team resource if a default team has not been set in the provider. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) +- `options_allowlist` (Attributes) Configuration for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist)) ### Read-Only @@ -176,7 +177,19 @@ Optional: - `note` (String) A description for the value + +### Nested Schema for `options_allowlist` +Required: + +- `paths` (Attributes Set) The allowed paths for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist--paths)) + + +### Nested Schema for `options_allowlist.paths` + +Required: + +- `value` (String) The path that can be accessed. ### Nested Schema for `vercel_authentication` diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index 2a2eddf8..e3a67ec8 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -220,6 +220,21 @@ For more detailed information, please see the [Vercel documentation](https://ver }, }, }, + "options_allowlist": schema.SingleNestedAttribute{ + Description: "Ensures only requests starting with specified paths can bypass Deployment Protection for OPTIONS requests.", + Computed: true, + Attributes: map[string]schema.Attribute{ + "paths": schema.ListAttribute{ + Description: "The path to compare the request path against.", + Computed: true, + ElementType: types.ObjectType{ + AttrTypes: map[string]attr.Type{ + "value": types.StringType, + }, + }, + }, + }, + }, "id": schema.StringAttribute{ Computed: true, }, @@ -320,6 +335,7 @@ type ProjectDataSource struct { VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"` PasswordProtection *PasswordProtection `tfsdk:"password_protection"` TrustedIps *TrustedIps `tfsdk:"trusted_ips"` + OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"` ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"` AutoExposeSystemEnvVars types.Bool `tfsdk:"automatically_expose_system_environment_variables"` GitComments types.Object `tfsdk:"git_comments"` @@ -375,6 +391,7 @@ func convertResponseToProjectDataSource(ctx context.Context, response client.Pro VercelAuthentication: project.VercelAuthentication, PasswordProtection: pp, TrustedIps: project.TrustedIps, + OptionsAllowlist: project.OptionsAllowlist, AutoExposeSystemEnvVars: types.BoolPointerValue(response.AutoExposeSystemEnvVars), ProtectionBypassForAutomation: project.ProtectionBypassForAutomation, GitComments: project.GitComments, diff --git a/vercel/deployment_protection.go b/vercel/deployment_protection.go index 6bb8f354..f5eb1558 100644 --- a/vercel/deployment_protection.go +++ b/vercel/deployment_protection.go @@ -28,3 +28,11 @@ type TrustedIps struct { type ProtectionBypass struct { Scope types.String `tfsdk:"scope"` } + +type OptionsAllowlist struct { + Paths []OptionsAllowlistPath `tfsdk:"paths"` +} + +type OptionsAllowlistPath struct { + Value types.String `tfsdk:"value"` +} diff --git a/vercel/resource_project.go b/vercel/resource_project.go index f5920914..189b419a 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -300,6 +300,28 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ }, }, }, + "options_allowlist": schema.SingleNestedAttribute{ + Description: "Ensures only requests starting with specified paths can bypass Deployment Protection for OPTIONS requests.", + Optional: true, + Attributes: map[string]schema.Attribute{ + "paths": schema.SetNestedAttribute{ + Description: "The paths that can be accessed bypassing Deployment Protection for OPTIONS requests.", + Required: true, + PlanModifiers: []planmodifier.Set{setplanmodifier.UseStateForUnknown()}, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "value": schema.StringAttribute{ + Description: "The path to compare the request path against.", + Required: true, + }, + }, + }, + Validators: []validator.Set{ + stringSetMinCount(1), + }, + }, + }, + }, "id": schema.StringAttribute{ Computed: true, PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()}, @@ -425,6 +447,7 @@ type Project struct { VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"` PasswordProtection *PasswordProtectionWithPassword `tfsdk:"password_protection"` TrustedIps *TrustedIps `tfsdk:"trusted_ips"` + OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"` ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"` ProtectionBypassForAutomationSecret types.String `tfsdk:"protection_bypass_for_automation_secret"` AutoExposeSystemEnvVars types.Bool `tfsdk:"automatically_expose_system_environment_variables"` @@ -459,6 +482,7 @@ func (p Project) RequiresUpdateAfterCreation() bool { return p.PasswordProtection != nil || p.VercelAuthentication != nil || p.TrustedIps != nil || + p.OptionsAllowlist != nil || !p.AutoExposeSystemEnvVars.IsNull() || p.GitComments.IsNull() || !p.PreviewComments.IsNull() || @@ -581,6 +605,7 @@ func (p *Project) toUpdateProjectRequest(ctx context.Context, oldName string) (r PasswordProtection: p.PasswordProtection.toUpdateProjectRequest(), VercelAuthentication: p.VercelAuthentication.toUpdateProjectRequest(), TrustedIps: p.TrustedIps.toUpdateProjectRequest(), + OptionsAllowlist: p.OptionsAllowlist.toUpdateProjectRequest(), AutoExposeSystemEnvVars: p.AutoExposeSystemEnvVars.ValueBool(), EnablePreviewFeedback: p.PreviewComments.ValueBoolPointer(), AutoAssignCustomDomains: p.AutoAssignCustomDomains.ValueBool(), @@ -758,6 +783,23 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps { } } +func (t *OptionsAllowlist) toUpdateProjectRequest() *client.OptionsAllowlist { + if t == nil { + return nil + } + + var paths = []client.OptionsAllowlistPath{} + for _, path := range t.Paths { + paths = append(paths, client.OptionsAllowlistPath{ + Value: path.Value.ValueString(), + }) + } + + return &client.OptionsAllowlist{ + Paths: paths, + } +} + /* * In the Vercel API the following fields are coerced to null during project creation @@ -937,6 +979,19 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon } } + var oal *OptionsAllowlist + if response.OptionsAllowlist != nil { + var paths []OptionsAllowlistPath + for _, path := range response.OptionsAllowlist.Paths { + paths = append(paths, OptionsAllowlistPath{ + Value: types.StringValue(path.Value), + }) + } + oal = &OptionsAllowlist{ + Paths: paths, + } + } + var env []attr.Value for _, e := range environmentVariables { target := []attr.Value{} @@ -1029,6 +1084,7 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon PasswordProtection: pp, VercelAuthentication: va, TrustedIps: tip, + OptionsAllowlist: oal, ProtectionBypassForAutomation: protectionBypass, ProtectionBypassForAutomationSecret: protectionBypassSecret, AutoExposeSystemEnvVars: types.BoolPointerValue(response.AutoExposeSystemEnvVars), From 43c1c6e78fc289e4e7b01e315a842488246742c2 Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Tue, 21 May 2024 12:41:03 +0200 Subject: [PATCH 2/4] tests --- vercel/data_source_project_test.go | 9 ++++++ vercel/resource_project_test.go | 44 +++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/vercel/data_source_project_test.go b/vercel/data_source_project_test.go index f70f38d8..34234140 100644 --- a/vercel/data_source_project_test.go +++ b/vercel/data_source_project_test.go @@ -35,6 +35,8 @@ func TestAcc_ProjectDataSource(t *testing.T) { }), resource.TestCheckResourceAttr("data.vercel_project.test", "trusted_ips.deployment_type", "only_production_deployments"), resource.TestCheckResourceAttr("data.vercel_project.test", "trusted_ips.protection_mode", "trusted_ip_required"), + resource.TestCheckResourceAttr("data.vercel_project.test", "options_allowlist.paths.#", "1"), + resource.TestCheckResourceAttr("data.vercel_project.test", "options_allowlist.paths.0.value", "/api"), resource.TestCheckTypeSetElemNestedAttrs("data.vercel_project.test", "environment.*", map[string]string{ "key": "foo", @@ -86,6 +88,13 @@ resource "vercel_project" "test" { deployment_type = "only_production_deployments" protection_mode = "trusted_ip_required" } + options_allowlist = { + paths = [ + { + value = "/api" + } + ] + } %s environment = [ { diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go index 8081205c..8e83f7c7 100644 --- a/vercel/resource_project_test.go +++ b/vercel/resource_project_test.go @@ -166,7 +166,7 @@ func TestAcc_ProjectWithVercelAuthAndPasswordProtectionAndTrustedIps(t *testing. CheckDestroy: testAccProjectDestroy("vercel_project.enabled_to_start", testTeam()), Steps: []resource.TestStep{ { - Config: testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIps(projectSuffix, teamIDConfig()), + Config: testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsAndOptionsAllowlist(projectSuffix, teamIDConfig()), Check: resource.ComposeAggregateTestCheckFunc( testAccProjectExists("vercel_project.enabled_to_start", testTeam()), resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "vercel_authentication.deployment_type", "all_deployments"), @@ -179,6 +179,8 @@ func TestAcc_ProjectWithVercelAuthAndPasswordProtectionAndTrustedIps(t *testing. }), resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "trusted_ips.deployment_type", "all_deployments"), resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "trusted_ips.protection_mode", "trusted_ip_optional"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "options_allowlist.paths.#", "1"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "options_allowlist.paths.0.value", "/foo"), resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "protection_bypass_for_automation", "true"), resource.TestCheckResourceAttrSet("vercel_project.enabled_to_start", "protection_bypass_for_automation_secret"), testAccProjectExists("vercel_project.disabled_to_start", testTeam()), @@ -198,12 +200,14 @@ func TestAcc_ProjectWithVercelAuthAndPasswordProtectionAndTrustedIps(t *testing. }), resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "trusted_ips.deployment_type", "only_production_deployments"), resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "trusted_ips.protection_mode", "trusted_ip_required"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "options_allowlist.paths.#", "1"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "options_allowlist.paths.0.value", "/bar"), resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "protection_bypass_for_automation", "true"), resource.TestCheckResourceAttrSet("vercel_project.enabled_to_update", "protection_bypass_for_automation_secret"), ), }, { - Config: testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsUpdated(projectSuffix, teamIDConfig()), + Config: testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsAndOptionsAllowlistUpdated(projectSuffix, teamIDConfig()), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("vercel_project.enabled_to_start", "vercel_authentication.deployment_type", "standard_protection"), resource.TestCheckNoResourceAttr("vercel_project.enabled_to_start", "password_protection"), @@ -221,6 +225,8 @@ func TestAcc_ProjectWithVercelAuthAndPasswordProtectionAndTrustedIps(t *testing. }), resource.TestCheckResourceAttr("vercel_project.disabled_to_start", "trusted_ips.deployment_type", "standard_protection"), resource.TestCheckResourceAttr("vercel_project.disabled_to_start", "trusted_ips.protection_mode", "trusted_ip_required"), + resource.TestCheckResourceAttr("vercel_project.disabled_to_start", "options_allowlist.paths.#", "1"), + resource.TestCheckResourceAttr("vercel_project.disabled_to_start", "options_allowlist.paths.0.value", "/foo"), resource.TestCheckResourceAttr("vercel_project.disabled_to_start", "protection_bypass_for_automation", "true"), resource.TestCheckResourceAttrSet("vercel_project.disabled_to_start", "protection_bypass_for_automation_secret"), @@ -235,6 +241,8 @@ func TestAcc_ProjectWithVercelAuthAndPasswordProtectionAndTrustedIps(t *testing. resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "trusted_ips.deployment_type", "all_deployments"), resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "trusted_ips.protection_mode", "trusted_ip_optional"), resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "protection_bypass_for_automation", "false"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "options_allowlist.paths.#", "1"), + resource.TestCheckResourceAttr("vercel_project.enabled_to_update", "options_allowlist.paths.0.value", "/bar"), resource.TestCheckNoResourceAttr("vercel_project.enabled_to_update", "protection_bypass_for_automation_secret"), ), }, @@ -378,7 +386,7 @@ resource "vercel_project" "test" { `, projectSuffix, teamID) } -func testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIps(projectSuffix, teamID string) string { +func testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsAndOptionsAllowlist(projectSuffix, teamID string) string { return fmt.Sprintf(` resource "vercel_project" "enabled_to_start" { name = "test-acc-protection-one-%[1]s" @@ -400,6 +408,13 @@ resource "vercel_project" "enabled_to_start" { deployment_type = "all_deployments" protection_mode = "trusted_ip_optional" } + options_allowlist = { + paths = [ + { + value = "/foo" + } + ] + } protection_bypass_for_automation = true } @@ -431,12 +446,19 @@ resource "vercel_project" "enabled_to_update" { ] deployment_type = "only_production_deployments" } + options_allowlist = { + paths = [ + { + value = "/bar" + } + ] + } protection_bypass_for_automation = true } `, projectSuffix, teamID) } -func testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsUpdated(projectSuffix, teamID string) string { +func testAccProjectConfigWithVercelAuthAndPasswordAndTrustedIpsAndOptionsAllowlistUpdated(projectSuffix, teamID string) string { return fmt.Sprintf(` resource "vercel_project" "enabled_to_start" { name = "test-acc-protection-one-%[1]s" @@ -462,6 +484,13 @@ resource "vercel_project" "disabled_to_start" { ] deployment_type = "standard_protection" } + options_allowlist = { + paths = [ + { + value = "/foo" + } + ] + } protection_bypass_for_automation = true } @@ -485,6 +514,13 @@ resource "vercel_project" "enabled_to_update" { deployment_type = "all_deployments" protection_mode = "trusted_ip_optional" } + options_allowlist = { + paths = [ + { + value = "/bar" + } + ] + } protection_bypass_for_automation = false } `, projectSuffix, teamID) From b57dcf21eecc84c6ee80c4ce69ebe73db7e14c1f Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Wed, 22 May 2024 11:07:53 +0200 Subject: [PATCH 3/4] descriptions --- docs/data-sources/project.md | 6 +++--- docs/resources/project.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index d0058463..913e81e0 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -69,7 +69,7 @@ output "project_id" { - `skew_protection` (String) Ensures that outdated clients always fetch the correct version for a given deployment. This value defines how long Vercel keeps Skew Protection active. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) -- `options_allowlist` (Attributes) Configuration for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist)) +- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) ### Nested Schema for `environment` @@ -145,14 +145,14 @@ Read-Only: Read-Only: -- `paths` (List of Object) The allowed paths for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist--paths)) +- `paths` (List of Object) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) ### Nested Schema for `options_allowlist.paths` Read-Only: -- `value` (String) +- `value` (String) The prefix for allowed paths diff --git a/docs/resources/project.md b/docs/resources/project.md index b60290f2..a680efbd 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -82,7 +82,7 @@ resource "vercel_project" "example" { - `team_id` (String) The team ID to add the project to. Required when configuring a team resource if a default team has not been set in the provider. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) -- `options_allowlist` (Attributes) Configuration for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist)) +- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) ### Read-Only @@ -182,14 +182,14 @@ Optional: Required: -- `paths` (Attributes Set) The allowed paths for the OPTIONS Allowlist. (see [below for nested schema](#nestedatt--options_allowlist--paths)) +- `paths` (Attributes Set) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) ### Nested Schema for `options_allowlist.paths` Required: -- `value` (String) The path that can be accessed. +- `value` (String) The prefix for allowed paths ### Nested Schema for `vercel_authentication` From 8b4be7bcbe77a451851943121ff9fdfd8558d347 Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Wed, 22 May 2024 11:41:32 +0200 Subject: [PATCH 4/4] task docs --- docs/data-sources/project.md | 31 +++++++++++++++++-------------- docs/resources/project.md | 30 +++++++++++++++++------------- vercel/data_source_project.go | 4 ++-- vercel/resource_project.go | 6 +++--- 4 files changed, 39 insertions(+), 32 deletions(-) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 913e81e0..5170e724 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -58,6 +58,7 @@ output "project_id" { - `id` (String) The ID of this resource. - `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0. - `install_command` (String) The install command for this project. If omitted, this value will be automatically detected. +- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) - `output_directory` (String) The output directory of the project. When null is used this value will be automatically detected. - `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection)) - `preview_comments` (Boolean) Whether comments are enabled on your Preview Deployments. @@ -69,7 +70,6 @@ output "project_id" { - `skew_protection` (String) Ensures that outdated clients always fetch the correct version for a given deployment. This value defines how long Vercel keeps Skew Protection active. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) -- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) ### Nested Schema for `environment` @@ -115,6 +115,22 @@ Read-Only: + +### Nested Schema for `options_allowlist` + +Read-Only: + +- `paths` (List of Object) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) + + +### Nested Schema for `options_allowlist.paths` + +Read-Only: + +- `value` (String) + + + ### Nested Schema for `password_protection` @@ -140,19 +156,6 @@ Read-Only: - `note` (String) - `value` (String) - -### Nested Schema for `options_allowlist` - -Read-Only: - -- `paths` (List of Object) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) - - -### Nested Schema for `options_allowlist.paths` - -Read-Only: - -- `value` (String) The prefix for allowed paths diff --git a/docs/resources/project.md b/docs/resources/project.md index a680efbd..1c2fdf12 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -70,6 +70,7 @@ resource "vercel_project" "example" { - `git_repository` (Attributes) The Git Repository that will be connected to the project. When this is defined, any pushes to the specified connected Git Repository will be automatically deployed. This requires the corresponding Vercel for [Github](https://vercel.com/docs/concepts/git/vercel-for-github), [Gitlab](https://vercel.com/docs/concepts/git/vercel-for-gitlab) or [Bitbucket](https://vercel.com/docs/concepts/git/vercel-for-bitbucket) plugins to be installed. (see [below for nested schema](#nestedatt--git_repository)) - `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0. - `install_command` (String) The install command for this project. If omitted, this value will be automatically detected. +- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) - `output_directory` (String) The output directory of the project. If omitted, this value will be automatically detected. - `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection)) - `preview_comments` (Boolean) Whether to enable comments on your Preview Deployments. If omitted, comments are controlled at the team level (default behaviour). @@ -82,7 +83,6 @@ resource "vercel_project" "example" { - `team_id` (String) The team ID to add the project to. Required when configuring a team resource if a default team has not been set in the provider. - `trusted_ips` (Attributes) Ensures only visitors from an allowed IP address can access your deployment. (see [below for nested schema](#nestedatt--trusted_ips)) - `vercel_authentication` (Attributes) Ensures visitors to your Preview Deployments are logged into Vercel and have a minimum of Viewer access on your team. (see [below for nested schema](#nestedatt--vercel_authentication)) -- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) ### Read-Only @@ -145,6 +145,22 @@ Read-Only: + +### Nested Schema for `options_allowlist` + +Required: + +- `paths` (Attributes Set) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) + + +### Nested Schema for `options_allowlist.paths` + +Required: + +- `value` (String) The path prefix to compare with the incoming request path. + + + ### Nested Schema for `password_protection` @@ -177,19 +193,7 @@ Optional: - `note` (String) A description for the value - -### Nested Schema for `options_allowlist` - -Required: - -- `paths` (Attributes Set) The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values. (see [below for nested schema](#nestedatt--options_allowlist--paths)) - - -### Nested Schema for `options_allowlist.paths` - -Required: -- `value` (String) The prefix for allowed paths ### Nested Schema for `vercel_authentication` diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index e3a67ec8..8c0ad477 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -221,11 +221,11 @@ For more detailed information, please see the [Vercel documentation](https://ver }, }, "options_allowlist": schema.SingleNestedAttribute{ - Description: "Ensures only requests starting with specified paths can bypass Deployment Protection for OPTIONS requests.", + Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.", Computed: true, Attributes: map[string]schema.Attribute{ "paths": schema.ListAttribute{ - Description: "The path to compare the request path against.", + Description: "The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values.", Computed: true, ElementType: types.ObjectType{ AttrTypes: map[string]attr.Type{ diff --git a/vercel/resource_project.go b/vercel/resource_project.go index 189b419a..1cf04cdf 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -301,17 +301,17 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ }, }, "options_allowlist": schema.SingleNestedAttribute{ - Description: "Ensures only requests starting with specified paths can bypass Deployment Protection for OPTIONS requests.", + Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.", Optional: true, Attributes: map[string]schema.Attribute{ "paths": schema.SetNestedAttribute{ - Description: "The paths that can be accessed bypassing Deployment Protection for OPTIONS requests.", + Description: "The allowed paths for the OPTIONS Allowlist. Incoming requests will bypass Deployment Protection if they have the method `OPTIONS` and **start with** one of the path values.", Required: true, PlanModifiers: []planmodifier.Set{setplanmodifier.UseStateForUnknown()}, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "value": schema.StringAttribute{ - Description: "The path to compare the request path against.", + Description: "The path prefix to compare with the incoming request path.", Required: true, }, },