From 78cc85ae6c2895cf127dcc3f0316d3b8609fb640 Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Wed, 26 Jun 2024 15:18:33 +0200 Subject: [PATCH 1/9] Adding support for the oidc_token_config attribute --- client/project.go | 7 +++++++ docs/resources/project.md | 6 ++++++ vercel/data_source_project.go | 12 ++++++++++++ vercel/resource_project.go | 24 ++++++++++++++++++++++++ vercel/resource_project_test.go | 2 ++ 5 files changed, 51 insertions(+) diff --git a/client/project.go b/client/project.go index 8592edd4..436cd5eb 100644 --- a/client/project.go +++ b/client/project.go @@ -15,6 +15,10 @@ type GitRepository struct { Repo string `json:"repo"` } +type OIDCTokenConfig struct { + Enabled bool `json:"enabled"` +} + // EnvironmentVariable defines the information Vercel requires and surfaces about an environment variable // that is associated with a project. type EnvironmentVariable struct { @@ -37,6 +41,7 @@ type CreateProjectRequest struct { GitRepository *GitRepository `json:"gitRepository,omitempty"` InstallCommand *string `json:"installCommand"` Name string `json:"name"` + OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig,omitempty"` OutputDirectory *string `json:"outputDirectory"` PublicSource *bool `json:"publicSource"` RootDirectory *string `json:"rootDirectory"` @@ -169,6 +174,7 @@ type ProjectResponse struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtection `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` + OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"` OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` ProtectionBypass map[string]ProtectionBypass `json:"protectionBypass"` AutoExposeSystemEnvVars *bool `json:"autoExposeSystemEnvs"` @@ -262,6 +268,7 @@ type UpdateProjectRequest struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` + OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"` OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"` EnablePreviewFeedback *bool `json:"enablePreviewFeedback"` diff --git a/docs/resources/project.md b/docs/resources/project.md index 1c2fdf12..6a68d324 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -70,6 +70,7 @@ resource "vercel_project" "example" { - `git_repository` (Attributes) The Git Repository that will be connected to the project. When this is defined, any pushes to the specified connected Git Repository will be automatically deployed. This requires the corresponding Vercel for [Github](https://vercel.com/docs/concepts/git/vercel-for-github), [Gitlab](https://vercel.com/docs/concepts/git/vercel-for-gitlab) or [Bitbucket](https://vercel.com/docs/concepts/git/vercel-for-bitbucket) plugins to be installed. (see [below for nested schema](#nestedatt--git_repository)) - `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0. - `install_command` (String) The install command for this project. If omitted, this value will be automatically detected. +- `oidc_token_config` (Attributes) OpenID Connect token configuration. (see [below for nested schema](#nestedatt--oidc_token_config)) - `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) - `output_directory` (String) The output directory of the project. If omitted, this value will be automatically detected. - `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection)) @@ -143,7 +144,12 @@ Read-Only: - `id` (String) The ID of the deploy hook. - `url` (String, Sensitive) A URL that, when a POST request is made to, will trigger a new deployment. + +### Nested Schema for `oidc_token_config` +Required: + +- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for full information. ### Nested Schema for `options_allowlist` diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index 8c0ad477..0cda8376 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -220,6 +220,16 @@ For more detailed information, please see the [Vercel documentation](https://ver }, }, }, + "oidc_token_config": schema.SingleNestedAttribute{ + Description: "Configuration for OpenID Connect (OIDC) tokens.", + Computed: true, + Attributes: map[string]schema.Attribute{ + "enabled": schema.BoolAttribute{ + Description: "Whether or not OIDC tokens are enabled.", + Computed: true, + }, + }, + }, "options_allowlist": schema.SingleNestedAttribute{ Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.", Computed: true, @@ -335,6 +345,7 @@ type ProjectDataSource struct { VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"` PasswordProtection *PasswordProtection `tfsdk:"password_protection"` TrustedIps *TrustedIps `tfsdk:"trusted_ips"` + OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"` OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"` ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"` AutoExposeSystemEnvVars types.Bool `tfsdk:"automatically_expose_system_environment_variables"` @@ -391,6 +402,7 @@ func convertResponseToProjectDataSource(ctx context.Context, response client.Pro VercelAuthentication: project.VercelAuthentication, PasswordProtection: pp, TrustedIps: project.TrustedIps, + OIDCTokenConfig: project.OIDCTokenConfig, OptionsAllowlist: project.OptionsAllowlist, AutoExposeSystemEnvVars: types.BoolPointerValue(response.AutoExposeSystemEnvVars), ProtectionBypassForAutomation: project.ProtectionBypassForAutomation, diff --git a/vercel/resource_project.go b/vercel/resource_project.go index 4fe6466a..d6ad468b 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -447,6 +447,7 @@ type Project struct { VercelAuthentication *VercelAuthentication `tfsdk:"vercel_authentication"` PasswordProtection *PasswordProtectionWithPassword `tfsdk:"password_protection"` TrustedIps *TrustedIps `tfsdk:"trusted_ips"` + OIDCTokenConfig *OIDCTokenConfig `tfsdk:"oidc_token_config"` OptionsAllowlist *OptionsAllowlist `tfsdk:"options_allowlist"` ProtectionBypassForAutomation types.Bool `tfsdk:"protection_bypass_for_automation"` ProtectionBypassForAutomationSecret types.String `tfsdk:"protection_bypass_for_automation_secret"` @@ -463,6 +464,10 @@ type Project struct { SkewProtection types.String `tfsdk:"skew_protection"` } +type OIDCTokenConfig struct { + Enabled types.Bool `tfsdk:"enabled"` +} + type GitComments struct { OnPullRequest types.Bool `tfsdk:"on_pull_request"` OnCommit types.Bool `tfsdk:"on_commit"` @@ -605,6 +610,7 @@ func (p *Project) toUpdateProjectRequest(ctx context.Context, oldName string) (r PasswordProtection: p.PasswordProtection.toUpdateProjectRequest(), VercelAuthentication: p.VercelAuthentication.toUpdateProjectRequest(), TrustedIps: p.TrustedIps.toUpdateProjectRequest(), + OIDCTokenConfig: p.OIDCTokenConfig.toUpdateProjectRequest(), OptionsAllowlist: p.OptionsAllowlist.toUpdateProjectRequest(), AutoExposeSystemEnvVars: p.AutoExposeSystemEnvVars.ValueBool(), EnablePreviewFeedback: p.PreviewComments.ValueBoolPointer(), @@ -783,6 +789,16 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps { } } +func (t *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { + if t == nil { + return nil + } + + return &client.OIDCTokenConfig{ + Enabled: t.Enabled.ValueBool(), + } +} + func (t *OptionsAllowlist) toUpdateProjectRequest() *client.OptionsAllowlist { if t == nil { return nil @@ -983,6 +999,13 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon } } + var oidcTokenConfig *OIDCTokenConfig + if response.OIDCTokenConfig != nil { + oidcTokenConfig = &OIDCTokenConfig{ + Enabled: types.BoolValue(response.OIDCTokenConfig.Enabled), + } + } + var oal *OptionsAllowlist if response.OptionsAllowlist != nil { var paths []OptionsAllowlistPath @@ -1088,6 +1111,7 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon PasswordProtection: pp, VercelAuthentication: va, TrustedIps: tip, + OIDCTokenConfig: oidcTokenConfig, OptionsAllowlist: oal, ProtectionBypassForAutomation: protectionBypass, ProtectionBypassForAutomationSecret: protectionBypassSecret, diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go index 8e83f7c7..ba349a31 100644 --- a/vercel/resource_project_test.go +++ b/vercel/resource_project_test.go @@ -76,6 +76,7 @@ func TestAcc_Project(t *testing.T) { resource.TestCheckResourceAttr("vercel_project.test", "prioritise_production_builds", "true"), resource.TestCheckResourceAttr("vercel_project.test", "directory_listing", "true"), resource.TestCheckResourceAttr("vercel_project.test", "skew_protection", "7 days"), + resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"), ), }, // Update testing @@ -88,6 +89,7 @@ func TestAcc_Project(t *testing.T) { "key": "bar", "value": "baz", }), + resource.TestCheckResourceAttr("vercel_project.test", "oict_token_config.enabled", "true"), ), }, }, From f39f68489adf23cd3c633a3f49be27ae26b10ffa Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Wed, 26 Jun 2024 17:31:00 +0200 Subject: [PATCH 2/9] add oidc_token_config to schema --- vercel/resource_project.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vercel/resource_project.go b/vercel/resource_project.go index d6ad468b..726942f2 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -300,6 +300,16 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ }, }, }, + "oidc_token_config": schema.SingleNestedAttribute{ + Description: "Configuration for OIDC Tokens.", + Optional: true, + Attributes: map[string]schema.Attribute{ + "enabled": schema.BoolAttribute{ + Description: "Whether or not OIDC Tokens are enabled", + Required: true, + }, + }, + }, "options_allowlist": schema.SingleNestedAttribute{ Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.", Optional: true, From b5692dc6ecf1fb15c0d59816caf00f67761455fe Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Wed, 26 Jun 2024 17:47:02 +0200 Subject: [PATCH 3/9] add oidc_token_config to fixture --- vercel/resource_project_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go index ba349a31..e5fe058a 100644 --- a/vercel/resource_project_test.go +++ b/vercel/resource_project_test.go @@ -89,7 +89,7 @@ func TestAcc_Project(t *testing.T) { "key": "bar", "value": "baz", }), - resource.TestCheckResourceAttr("vercel_project.test", "oict_token_config.enabled", "true"), + resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"), ), }, }, @@ -650,7 +650,9 @@ resource "vercel_project" "test" { prioritise_production_builds = true directory_listing = true skew_protection = "7 days" - + oidc_token_config = { + enabled = true + } environment = [ { key = "foo" From 019bcee555956232d8f7859d461645c74e1f0bba Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Wed, 26 Jun 2024 18:39:24 +0200 Subject: [PATCH 4/9] Update resource_project.go --- vercel/resource_project.go | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/vercel/resource_project.go b/vercel/resource_project.go index 726942f2..fee21202 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -474,10 +474,6 @@ type Project struct { SkewProtection types.String `tfsdk:"skew_protection"` } -type OIDCTokenConfig struct { - Enabled types.Bool `tfsdk:"enabled"` -} - type GitComments struct { OnPullRequest types.Bool `tfsdk:"on_pull_request"` OnCommit types.Bool `tfsdk:"on_commit"` @@ -572,6 +568,7 @@ func (p *Project) toCreateProjectRequest(envs []EnvironmentItem) client.CreatePr GitRepository: p.GitRepository.toCreateProjectRequest(), InstallCommand: p.InstallCommand.ValueStringPointer(), Name: p.Name.ValueString(), + OIDCTokenConfig: p.OIDCTokenConfig.toCreateProjectRequest(), OutputDirectory: p.OutputDirectory.ValueStringPointer(), PublicSource: p.PublicSource.ValueBoolPointer(), RootDirectory: p.RootDirectory.ValueStringPointer(), @@ -799,13 +796,27 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps { } } -func (t *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { - if t == nil { +type OIDCTokenConfig struct { + Enabled types.Bool `tfsdk:"enabled"` +} + +func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig { + if o == nil { + return nil + } + + return &client.OIDCTokenConfig{ + Enabled: o.Enabled.ValueBool(), + } +} + +func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { + if o == nil { return nil } return &client.OIDCTokenConfig{ - Enabled: t.Enabled.ValueBool(), + Enabled: o.Enabled.ValueBool(), } } From 711d4aa9a2df52ff8bcbc101fc56cb38aae57340 Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Thu, 27 Jun 2024 08:33:31 +0200 Subject: [PATCH 5/9] omitempty on update --- client/project.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/project.go b/client/project.go index 436cd5eb..b7af818a 100644 --- a/client/project.go +++ b/client/project.go @@ -268,7 +268,7 @@ type UpdateProjectRequest struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` - OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"` + OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig,omitempty"` OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"` EnablePreviewFeedback *bool `json:"enablePreviewFeedback"` From 25667b7ed1bf393579c257331d62922d415dcc12 Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Thu, 27 Jun 2024 08:43:15 +0200 Subject: [PATCH 6/9] Generate docs --- docs/data-sources/project.md | 9 +++++++++ docs/resources/project.md | 7 +++++-- vercel/data_source_project.go | 2 +- vercel/resource_project.go | 4 ++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 5170e724..95dd2063 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -58,6 +58,7 @@ output "project_id" { - `id` (String) The ID of this resource. - `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0. - `install_command` (String) The install command for this project. If omitted, this value will be automatically detected. +- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config)) - `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) - `output_directory` (String) The output directory of the project. When null is used this value will be automatically detected. - `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection)) @@ -115,6 +116,14 @@ Read-Only: + +### Nested Schema for `oidc_token_config` + +Read-Only: + +- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information. + + ### Nested Schema for `options_allowlist` diff --git a/docs/resources/project.md b/docs/resources/project.md index 6a68d324..983d2b8e 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -70,7 +70,7 @@ resource "vercel_project" "example" { - `git_repository` (Attributes) The Git Repository that will be connected to the project. When this is defined, any pushes to the specified connected Git Repository will be automatically deployed. This requires the corresponding Vercel for [Github](https://vercel.com/docs/concepts/git/vercel-for-github), [Gitlab](https://vercel.com/docs/concepts/git/vercel-for-gitlab) or [Bitbucket](https://vercel.com/docs/concepts/git/vercel-for-bitbucket) plugins to be installed. (see [below for nested schema](#nestedatt--git_repository)) - `ignore_command` (String) When a commit is pushed to the Git repository that is connected with your Project, its SHA will determine if a new Build has to be issued. If the SHA was deployed before, no new Build will be issued. You can customize this behavior with a command that exits with code 1 (new Build needed) or code 0. - `install_command` (String) The install command for this project. If omitted, this value will be automatically detected. -- `oidc_token_config` (Attributes) OpenID Connect token configuration. (see [below for nested schema](#nestedatt--oidc_token_config)) +- `oidc_token_config` (Attributes) Configuration for OpenID Connect (OIDC) tokens. (see [below for nested schema](#nestedatt--oidc_token_config)) - `options_allowlist` (Attributes) Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths. (see [below for nested schema](#nestedatt--options_allowlist)) - `output_directory` (String) The output directory of the project. If omitted, this value will be automatically detected. - `password_protection` (Attributes) Ensures visitors of your Preview Deployments must enter a password in order to gain access. (see [below for nested schema](#nestedatt--password_protection)) @@ -144,12 +144,15 @@ Read-Only: - `id` (String) The ID of the deploy hook. - `url` (String, Sensitive) A URL that, when a POST request is made to, will trigger a new deployment. + + ### Nested Schema for `oidc_token_config` Required: -- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for full information. +- `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information. + ### Nested Schema for `options_allowlist` diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go index 0cda8376..8019bd94 100644 --- a/vercel/data_source_project.go +++ b/vercel/data_source_project.go @@ -225,7 +225,7 @@ For more detailed information, please see the [Vercel documentation](https://ver Computed: true, Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ - Description: "Whether or not OIDC tokens are enabled.", + Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.", Computed: true, }, }, diff --git a/vercel/resource_project.go b/vercel/resource_project.go index fee21202..a37535f3 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -301,11 +301,11 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ }, }, "oidc_token_config": schema.SingleNestedAttribute{ - Description: "Configuration for OIDC Tokens.", + Description: "Configuration for OpenID Connect (OIDC) tokens.", Optional: true, Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ - Description: "Whether or not OIDC Tokens are enabled", + Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.", Required: true, }, }, From be5dabb83a798fbde883af386757a34c04d4e238 Mon Sep 17 00:00:00 2001 From: Marc Greenstock Date: Thu, 27 Jun 2024 08:48:45 +0200 Subject: [PATCH 7/9] Add OIDCTokenConfig to RequiresUpdateAfterCreation --- vercel/resource_project.go | 1 + 1 file changed, 1 insertion(+) diff --git a/vercel/resource_project.go b/vercel/resource_project.go index a37535f3..d47aa93a 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -493,6 +493,7 @@ func (p Project) RequiresUpdateAfterCreation() bool { return p.PasswordProtection != nil || p.VercelAuthentication != nil || p.TrustedIps != nil || + p.OIDCTokenConfig != nil || p.OptionsAllowlist != nil || !p.AutoExposeSystemEnvVars.IsNull() || p.GitComments.IsNull() || From 76b4a1da694cbe86390ea8df5f8588211a1f5522 Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Thu, 27 Jun 2024 21:24:43 +0200 Subject: [PATCH 8/9] add default value for oidc config --- client/project.go | 2 +- vercel/resource_project.go | 21 ++++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/client/project.go b/client/project.go index b7af818a..436cd5eb 100644 --- a/client/project.go +++ b/client/project.go @@ -268,7 +268,7 @@ type UpdateProjectRequest struct { VercelAuthentication *VercelAuthentication `json:"ssoProtection"` PasswordProtection *PasswordProtectionWithPassword `json:"passwordProtection"` TrustedIps *TrustedIps `json:"trustedIps"` - OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig,omitempty"` + OIDCTokenConfig *OIDCTokenConfig `json:"oidcTokenConfig"` OptionsAllowlist *OptionsAllowlist `json:"optionsAllowlist"` AutoExposeSystemEnvVars bool `json:"autoExposeSystemEnvs"` EnablePreviewFeedback *bool `json:"enablePreviewFeedback"` diff --git a/vercel/resource_project.go b/vercel/resource_project.go index d47aa93a..0c410dc1 100644 --- a/vercel/resource_project.go +++ b/vercel/resource_project.go @@ -303,12 +303,21 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ "oidc_token_config": schema.SingleNestedAttribute{ Description: "Configuration for OpenID Connect (OIDC) tokens.", Optional: true, + Computed: true, Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.", Required: true, }, }, + Default: objectdefault.StaticValue(types.ObjectValueMust( + map[string]attr.Type{ + "enabled": types.BoolType, + }, + map[string]attr.Value{ + "enabled": types.BoolValue(false), + }, + )), }, "options_allowlist": schema.SingleNestedAttribute{ Description: "Disable Deployment Protection for CORS preflight `OPTIONS` requests for a list of paths.", @@ -813,7 +822,9 @@ func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig { func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig { if o == nil { - return nil + return &client.OIDCTokenConfig{ + Enabled: types.BoolValue(false).ValueBool(), + } } return &client.OIDCTokenConfig{ @@ -1021,11 +1032,11 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon } } - var oidcTokenConfig *OIDCTokenConfig + var oidcTokenConfig *OIDCTokenConfig = &OIDCTokenConfig{ + Enabled: types.BoolValue(false), + } if response.OIDCTokenConfig != nil { - oidcTokenConfig = &OIDCTokenConfig{ - Enabled: types.BoolValue(response.OIDCTokenConfig.Enabled), - } + oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled) } var oal *OptionsAllowlist From 8985b3d30c96a39b78f3fa5ba98029eaa98e3424 Mon Sep 17 00:00:00 2001 From: Kit Foster Date: Thu, 27 Jun 2024 21:28:23 +0200 Subject: [PATCH 9/9] update test assertion --- vercel/resource_project_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go index e5fe058a..e6bbf99c 100644 --- a/vercel/resource_project_test.go +++ b/vercel/resource_project_test.go @@ -89,7 +89,7 @@ func TestAcc_Project(t *testing.T) { "key": "bar", "value": "baz", }), - resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"), + resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "false"), ), }, },