这是indexloc提供的服务,不要输入任何密码
Skip to content

Add OIDC support to projects #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jul 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions client/project.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ type GitRepository struct {
Repo string `json:"repo"`
}

type OIDCTokenConfig struct {
Enabled bool `json:"enabled"`
}

// EnvironmentVariable defines the information Vercel requires and surfaces about an environment variable
// that is associated with a project.
type EnvironmentVariable struct {
Expand All @@ -37,6 +41,7 @@ type CreateProjectRequest struct {
GitRepository *GitRepository `json:"gitRepository,omitempty"`
InstallCommand *string `json:"installCommand"`
Name string `json:"name"`
OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig,omitempty"`
OutputDirectory *string `json:"outputDirectory"`
PublicSource *bool `json:"publicSource"`
RootDirectory *string `json:"rootDirectory"`
Expand Down Expand Up @@ -169,6 +174,7 @@ type ProjectResponse struct {
VercelAuthentication *VercelAuthentication `json:"ssoProtection"`
PasswordProtection *PasswordProtection `json:"passwordProtection"`
TrustedIps *TrustedIps `json:"trustedIps"`
OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"`
OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"`
ProtectionBypass map[string]ProtectionBypass `json:"protectionBypass"`
AutoExposeSystemEnvVars *bool `json:"autoExposeSystemEnvs"`
Expand Down Expand Up @@ -262,6 +268,7 @@ type UpdateProjectRequest struct {
VercelAuthentication *VercelAuthentication `json:"ssoProtection"`
PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"`
TrustedIps *TrustedIps `json:"trustedIps"`
OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"`
OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"`
AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"`
EnablePreviewFeedback *bool `json:"enablePreviewFeedback"`
Expand Down
9 changes: 9 additions & 0 deletions docs/data-sources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ output "project_id" {
- `id` (String) The ID of this resource.
- `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0.
- `install_command` (String) The install command for this project. If omitted, this value will be automatically detected.
- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config))
- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist))
- `output_directory` (String) The output directory of the project. When null is used this value will be automatically detected.
- `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection))
Expand Down Expand Up @@ -115,6 +116,14 @@ Read-Only:



<a id="nestedatt--oidc_token_config"></a>
### Nested Schema for `oidc_token_config`

Read-Only:

- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.


<a id="nestedatt--options_allowlist"></a>
### Nested Schema for `options_allowlist`

Expand Down
9 changes: 9 additions & 0 deletions docs/resources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ resource "vercel_project" "example" {
- `git_repository` (Attributes) The Git Repository that will be connected to the project. When this is defined, any pushes to the specified connected Git Repository will be automatically deployed. This requires the corresponding Vercel for [Github](https://vercel.com/docs/concepts/git/vercel-for-github), [Gitlab](https://vercel.com/docs/concepts/git/vercel-for-gitlab) or [Bitbucket](https://vercel.com/docs/concepts/git/vercel-for-bitbucket) plugins to be installed. (see [below for nested schema](#nestedatt--git_repository))
- `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0.
- `install_command` (String) The install command for this project. If omitted, this value will be automatically detected.
- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config))
- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist))
- `output_directory` (String) The output directory of the project. If omitted, this value will be automatically detected.
- `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection))
Expand Down Expand Up @@ -145,6 +146,14 @@ Read-Only:



<a id="nestedatt--oidc_token_config"></a>
### Nested Schema for `oidc_token_config`

Required:

- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.


<a id="nestedatt--options_allowlist"></a>
### Nested Schema for `options_allowlist`

Expand Down
12 changes: 12 additions & 0 deletions vercel/data_source_project.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,16 @@ For more detailed information, please see the [Vercel documentation](https://ver
},
},
},
"oidc_token_config": schema.SingleNestedAttribute{
Description: "Configuration for OpenID Connect (OIDC) tokens.",
Computed: true,
Attributes: map[string]schema.Attribute{
"enabled": schema.BoolAttribute{
Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
Computed: true,
},
},
},
"options_allowlist": schema.SingleNestedAttribute{
Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.",
Computed: true,
Expand Down Expand Up @@ -335,6 +345,7 @@ type ProjectDataSource struct {
VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"`
PasswordProtection *PasswordProtection `tfsdk:"password_protection"`
TrustedIps *TrustedIps `tfsdk:"trusted_ips"`
OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"`
OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"`
ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"`
AutoExposeSystemEnvVars types.Bool `tfsdk:"automatically_expose_system_environment_variables"`
Expand Down Expand Up @@ -391,6 +402,7 @@ func convertResponseToProjectDataSource(ctx context.Context, response client.Pro
VercelAuthentication: project.VercelAuthentication,
PasswordProtection: pp,
TrustedIps: project.TrustedIps,
OIDCTokenConfig: project.OIDCTokenConfig,
OptionsAllowlist: project.OptionsAllowlist,
AutoExposeSystemEnvVars: types.BoolPointerValue(response.AutoExposeSystemEnvVars),
ProtectionBypassForAutomation: project.ProtectionBypassForAutomation,
Expand Down
57 changes: 57 additions & 0 deletions vercel/resource_project.go
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,25 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ
},
},
},
"oidc_token_config": schema.SingleNestedAttribute{
Description: "Configuration for OpenID Connect (OIDC) tokens.",
Optional: true,
Computed: true,
Attributes: map[string]schema.Attribute{
"enabled": schema.BoolAttribute{
Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
Required: true,
},
},
Default: objectdefault.StaticValue(types.ObjectValueMust(
map[string]attr.Type{
"enabled": types.BoolType,
},
map[string]attr.Value{
"enabled": types.BoolValue(false),
},
)),
},
"options_allowlist": schema.SingleNestedAttribute{
Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.",
Optional: true,
Expand Down Expand Up @@ -447,6 +466,7 @@ type Project struct {
VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"`
PasswordProtection *PasswordProtectionWithPassword `tfsdk:"password_protection"`
TrustedIps *TrustedIps `tfsdk:"trusted_ips"`
OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"`
OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"`
ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"`
ProtectionBypassForAutomationSecret types.String `tfsdk:"protection_bypass_for_automation_secret"`
Expand Down Expand Up @@ -482,6 +502,7 @@ func (p Project) RequiresUpdateAfterCreation() bool {
return p.PasswordProtection != nil ||
p.VercelAuthentication != nil ||
p.TrustedIps != nil ||
p.OIDCTokenConfig != nil ||
p.OptionsAllowlist != nil ||
!p.AutoExposeSystemEnvVars.IsNull() ||
p.GitComments.IsNull() ||
Expand Down Expand Up @@ -557,6 +578,7 @@ func (p *Project) toCreateProjectRequest(envs []EnvironmentItem) client.CreatePr
GitRepository: p.GitRepository.toCreateProjectRequest(),
InstallCommand: p.InstallCommand.ValueStringPointer(),
Name: p.Name.ValueString(),
OIDCTokenConfig: p.OIDCTokenConfig.toCreateProjectRequest(),
OutputDirectory: p.OutputDirectory.ValueStringPointer(),
PublicSource: p.PublicSource.ValueBoolPointer(),
RootDirectory: p.RootDirectory.ValueStringPointer(),
Expand Down Expand Up @@ -605,6 +627,7 @@ func (p *Project) toUpdateProjectRequest(ctx context.Context, oldName string) (r
PasswordProtection: p.PasswordProtection.toUpdateProjectRequest(),
VercelAuthentication: p.VercelAuthentication.toUpdateProjectRequest(),
TrustedIps: p.TrustedIps.toUpdateProjectRequest(),
OIDCTokenConfig: p.OIDCTokenConfig.toUpdateProjectRequest(),
OptionsAllowlist: p.OptionsAllowlist.toUpdateProjectRequest(),
AutoExposeSystemEnvVars: p.AutoExposeSystemEnvVars.ValueBool(),
EnablePreviewFeedback: p.PreviewComments.ValueBoolPointer(),
Expand Down Expand Up @@ -783,6 +806,32 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps {
}
}

type OIDCTokenConfig struct {
Enabled types.Bool `tfsdk:"enabled"`
}

func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig {
if o == nil {
return nil
}

return &client.OIDCTokenConfig{
Enabled: o.Enabled.ValueBool(),
}
}

func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig {
if o == nil {
return &client.OIDCTokenConfig{
Enabled: types.BoolValue(false).ValueBool(),
}
}

return &client.OIDCTokenConfig{
Enabled: o.Enabled.ValueBool(),
}
}

func (t *OptionsAllowlist) toUpdateProjectRequest() *client.OptionsAllowlist {
if t == nil {
return nil
Expand Down Expand Up @@ -983,6 +1032,13 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon
}
}

var oidcTokenConfig *OIDCTokenConfig = &OIDCTokenConfig{
Enabled: types.BoolValue(false),
}
if response.OIDCTokenConfig != nil {
oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled)
}

var oal *OptionsAllowlist
if response.OptionsAllowlist != nil {
var paths []OptionsAllowlistPath
Expand Down Expand Up @@ -1088,6 +1144,7 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon
PasswordProtection: pp,
VercelAuthentication: va,
TrustedIps: tip,
OIDCTokenConfig: oidcTokenConfig,
OptionsAllowlist: oal,
ProtectionBypassForAutomation: protectionBypass,
ProtectionBypassForAutomationSecret: protectionBypassSecret,
Expand Down
6 changes: 5 additions & 1 deletion vercel/resource_project_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ func TestAcc_Project(t *testing.T) {
resource.TestCheckResourceAttr("vercel_project.test", "prioritise_production_builds", "true"),
resource.TestCheckResourceAttr("vercel_project.test", "directory_listing", "true"),
resource.TestCheckResourceAttr("vercel_project.test", "skew_protection", "7 days"),
resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"),
),
},
// Update testing
Expand All @@ -88,6 +89,7 @@ func TestAcc_Project(t *testing.T) {
"key": "bar",
"value": "baz",
}),
resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "false"),
),
},
},
Expand Down Expand Up @@ -648,7 +650,9 @@ resource "vercel_project" "test" {
prioritise_production_builds = true
directory_listing = true
skew_protection = "7 days"

oidc_token_config = {
enabled = true
}
environment = [
{
key = "foo"
Expand Down
Loading