diff --git a/client/project.go b/client/project.go
index 8592edd4..436cd5eb 100644
--- a/client/project.go
+++ b/client/project.go
@@ -15,6 +15,10 @@ type GitRepository struct {
Repo string `json:"repo"`
}
+type OIDCTokenConfig struct {
+ Enabled bool `json:"enabled"`
+}
+
// EnvironmentVariable defines the information Vercel requires and surfaces about an environment variable
// that is associated with a project.
type EnvironmentVariable struct {
@@ -37,6 +41,7 @@ type CreateProjectRequest struct {
GitRepository *GitRepository `json:"gitRepository,omitempty"`
InstallCommand *string `json:"installCommand"`
Name string `json:"name"`
+ OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig,omitempty"`
OutputDirectory *string `json:"outputDirectory"`
PublicSource *bool `json:"publicSource"`
RootDirectory *string `json:"rootDirectory"`
@@ -169,6 +174,7 @@ type ProjectResponse struct {
VercelAuthentication *VercelAuthentication `json:"ssoProtection"`
PasswordProtection *PasswordProtection `json:"passwordProtection"`
TrustedIps *TrustedIps `json:"trustedIps"`
+ OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"`
OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"`
ProtectionBypass map[string]ProtectionBypass `json:"protectionBypass"`
AutoExposeSystemEnvVars *bool `json:"autoExposeSystemEnvs"`
@@ -262,6 +268,7 @@ type UpdateProjectRequest struct {
VercelAuthentication *VercelAuthentication `json:"ssoProtection"`
PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"`
TrustedIps *TrustedIps `json:"trustedIps"`
+ OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"`
OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"`
AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"`
EnablePreviewFeedback *bool `json:"enablePreviewFeedback"`
diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md
index 5170e724..95dd2063 100644
--- a/docs/data-sources/project.md
+++ b/docs/data-sources/project.md
@@ -58,6 +58,7 @@ output "project_id" {
- `id` (String) The ID of this resource.
- `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0.
- `install_command` (String) The install command for this project. If omitted, this value will be automatically detected.
+- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config))
- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist))
- `output_directory` (String) The output directory of the project. When null is used this value will be automatically detected.
- `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection))
@@ -115,6 +116,14 @@ Read-Only:
+
+### Nested Schema for `oidc_token_config`
+
+Read-Only:
+
+- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.
+
+
### Nested Schema for `options_allowlist`
diff --git a/docs/resources/project.md b/docs/resources/project.md
index 1c2fdf12..983d2b8e 100644
--- a/docs/resources/project.md
+++ b/docs/resources/project.md
@@ -70,6 +70,7 @@ resource "vercel_project" "example" {
- `git_repository` (Attributes) The Git Repository that will be connected to the project. When this is defined, any pushes to the specified connected Git Repository will be automatically deployed. This requires the corresponding Vercel for [Github](https://vercel.com/docs/concepts/git/vercel-for-github), [Gitlab](https://vercel.com/docs/concepts/git/vercel-for-gitlab) or [Bitbucket](https://vercel.com/docs/concepts/git/vercel-for-bitbucket) plugins to be installed. (see [below for nested schema](#nestedatt--git_repository))
- `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0.
- `install_command` (String) The install command for this project. If omitted, this value will be automatically detected.
+- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config))
- `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist))
- `output_directory` (String) The output directory of the project. If omitted, this value will be automatically detected.
- `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection))
@@ -145,6 +146,14 @@ Read-Only:
+
+### Nested Schema for `oidc_token_config`
+
+Required:
+
+- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.
+
+
### Nested Schema for `options_allowlist`
diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go
index 8c0ad477..8019bd94 100644
--- a/vercel/data_source_project.go
+++ b/vercel/data_source_project.go
@@ -220,6 +220,16 @@ For more detailed information, please see the [Vercel documentation](https://ver
},
},
},
+ "oidc_token_config": schema.SingleNestedAttribute{
+ Description: "Configuration for OpenID Connect (OIDC) tokens.",
+ Computed: true,
+ Attributes: map[string]schema.Attribute{
+ "enabled": schema.BoolAttribute{
+ Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
+ Computed: true,
+ },
+ },
+ },
"options_allowlist": schema.SingleNestedAttribute{
Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.",
Computed: true,
@@ -335,6 +345,7 @@ type ProjectDataSource struct {
VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"`
PasswordProtection *PasswordProtection `tfsdk:"password_protection"`
TrustedIps *TrustedIps `tfsdk:"trusted_ips"`
+ OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"`
OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"`
ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"`
AutoExposeSystemEnvVars types.Bool `tfsdk:"automatically_expose_system_environment_variables"`
@@ -391,6 +402,7 @@ func convertResponseToProjectDataSource(ctx context.Context, response client.Pro
VercelAuthentication: project.VercelAuthentication,
PasswordProtection: pp,
TrustedIps: project.TrustedIps,
+ OIDCTokenConfig: project.OIDCTokenConfig,
OptionsAllowlist: project.OptionsAllowlist,
AutoExposeSystemEnvVars: types.BoolPointerValue(response.AutoExposeSystemEnvVars),
ProtectionBypassForAutomation: project.ProtectionBypassForAutomation,
diff --git a/vercel/resource_project.go b/vercel/resource_project.go
index 4fe6466a..0c410dc1 100644
--- a/vercel/resource_project.go
+++ b/vercel/resource_project.go
@@ -300,6 +300,25 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ
},
},
},
+ "oidc_token_config": schema.SingleNestedAttribute{
+ Description: "Configuration for OpenID Connect (OIDC) tokens.",
+ Optional: true,
+ Computed: true,
+ Attributes: map[string]schema.Attribute{
+ "enabled": schema.BoolAttribute{
+ Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
+ Required: true,
+ },
+ },
+ Default: objectdefault.StaticValue(types.ObjectValueMust(
+ map[string]attr.Type{
+ "enabled": types.BoolType,
+ },
+ map[string]attr.Value{
+ "enabled": types.BoolValue(false),
+ },
+ )),
+ },
"options_allowlist": schema.SingleNestedAttribute{
Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.",
Optional: true,
@@ -447,6 +466,7 @@ type Project struct {
VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"`
PasswordProtection *PasswordProtectionWithPassword `tfsdk:"password_protection"`
TrustedIps *TrustedIps `tfsdk:"trusted_ips"`
+ OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"`
OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"`
ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"`
ProtectionBypassForAutomationSecret types.String `tfsdk:"protection_bypass_for_automation_secret"`
@@ -482,6 +502,7 @@ func (p Project) RequiresUpdateAfterCreation() bool {
return p.PasswordProtection != nil ||
p.VercelAuthentication != nil ||
p.TrustedIps != nil ||
+ p.OIDCTokenConfig != nil ||
p.OptionsAllowlist != nil ||
!p.AutoExposeSystemEnvVars.IsNull() ||
p.GitComments.IsNull() ||
@@ -557,6 +578,7 @@ func (p *Project) toCreateProjectRequest(envs []EnvironmentItem) client.CreatePr
GitRepository: p.GitRepository.toCreateProjectRequest(),
InstallCommand: p.InstallCommand.ValueStringPointer(),
Name: p.Name.ValueString(),
+ OIDCTokenConfig: p.OIDCTokenConfig.toCreateProjectRequest(),
OutputDirectory: p.OutputDirectory.ValueStringPointer(),
PublicSource: p.PublicSource.ValueBoolPointer(),
RootDirectory: p.RootDirectory.ValueStringPointer(),
@@ -605,6 +627,7 @@ func (p *Project) toUpdateProjectRequest(ctx context.Context, oldName string) (r
PasswordProtection: p.PasswordProtection.toUpdateProjectRequest(),
VercelAuthentication: p.VercelAuthentication.toUpdateProjectRequest(),
TrustedIps: p.TrustedIps.toUpdateProjectRequest(),
+ OIDCTokenConfig: p.OIDCTokenConfig.toUpdateProjectRequest(),
OptionsAllowlist: p.OptionsAllowlist.toUpdateProjectRequest(),
AutoExposeSystemEnvVars: p.AutoExposeSystemEnvVars.ValueBool(),
EnablePreviewFeedback: p.PreviewComments.ValueBoolPointer(),
@@ -783,6 +806,32 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps {
}
}
+type OIDCTokenConfig struct {
+ Enabled types.Bool `tfsdk:"enabled"`
+}
+
+func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig {
+ if o == nil {
+ return nil
+ }
+
+ return &client.OIDCTokenConfig{
+ Enabled: o.Enabled.ValueBool(),
+ }
+}
+
+func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig {
+ if o == nil {
+ return &client.OIDCTokenConfig{
+ Enabled: types.BoolValue(false).ValueBool(),
+ }
+ }
+
+ return &client.OIDCTokenConfig{
+ Enabled: o.Enabled.ValueBool(),
+ }
+}
+
func (t *OptionsAllowlist) toUpdateProjectRequest() *client.OptionsAllowlist {
if t == nil {
return nil
@@ -983,6 +1032,13 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon
}
}
+ var oidcTokenConfig *OIDCTokenConfig = &OIDCTokenConfig{
+ Enabled: types.BoolValue(false),
+ }
+ if response.OIDCTokenConfig != nil {
+ oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled)
+ }
+
var oal *OptionsAllowlist
if response.OptionsAllowlist != nil {
var paths []OptionsAllowlistPath
@@ -1088,6 +1144,7 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon
PasswordProtection: pp,
VercelAuthentication: va,
TrustedIps: tip,
+ OIDCTokenConfig: oidcTokenConfig,
OptionsAllowlist: oal,
ProtectionBypassForAutomation: protectionBypass,
ProtectionBypassForAutomationSecret: protectionBypassSecret,
diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go
index 8e83f7c7..e6bbf99c 100644
--- a/vercel/resource_project_test.go
+++ b/vercel/resource_project_test.go
@@ -76,6 +76,7 @@ func TestAcc_Project(t *testing.T) {
resource.TestCheckResourceAttr("vercel_project.test", "prioritise_production_builds", "true"),
resource.TestCheckResourceAttr("vercel_project.test", "directory_listing", "true"),
resource.TestCheckResourceAttr("vercel_project.test", "skew_protection", "7 days"),
+ resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"),
),
},
// Update testing
@@ -88,6 +89,7 @@ func TestAcc_Project(t *testing.T) {
"key": "bar",
"value": "baz",
}),
+ resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "false"),
),
},
},
@@ -648,7 +650,9 @@ resource "vercel_project" "test" {
prioritise_production_builds = true
directory_listing = true
skew_protection = "7 days"
-
+ oidc_token_config = {
+ enabled = true
+ }
environment = [
{
key = "foo"