From 3441c8b56540af483990f86a13301ba3fcfb9f35 Mon Sep 17 00:00:00 2001 From: Tyler Goodwin Date: Tue, 20 Sep 2022 15:54:10 -0400 Subject: [PATCH] Add new Config entity to Identitytoolkit, which allows programatic enablement (and later will hold project wide configuration settings --- mmv1/products/identityplatform/api.yaml | 30 +++++++++++++++++++ mmv1/products/identityplatform/terraform.yaml | 15 ++++++++++ .../identity_platform_config_basic.tf.erb | 17 +++++++++++ 3 files changed, 62 insertions(+) create mode 100644 mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb diff --git a/mmv1/products/identityplatform/api.yaml b/mmv1/products/identityplatform/api.yaml index 5dd4b828feb2..e0d5caf4fcc0 100644 --- a/mmv1/products/identityplatform/api.yaml +++ b/mmv1/products/identityplatform/api.yaml @@ -27,6 +27,36 @@ apis_required: name: Google Identity Platform url: https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity/ objects: + - !ruby/object:Api::Resource + name: 'Config' + base_url: 'projects/{{project}}/config' + self_link: 'projects/{{project}}/config' + create_url: 'projects/{{project}}/identityPlatform:initializeAuth' + update_verb: :PATCH + update_mask: true + description: | + Identity Platform configuration for a Cloud project. Identity Platform is an + end-to-end authentication system for third-party users to access apps + and services. + + This entity is created only once during intialization and cannot be deleted, + individual Identity Providers may be disabled instead. This resource may only + be created in billing-enabled projects. + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/identity-platform/docs' + api: 'https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config' + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The name of the Config resource + - !ruby/object:Api::Type::Boolean + name: 'autodeleteAnonymousUsers' + description: | + Whether anonymous users will be auto-deleted after a period of 30 days - !ruby/object:Api::Resource name: 'DefaultSupportedIdpConfig' base_url: 'projects/{{project}}/defaultSupportedIdpConfigs' diff --git a/mmv1/products/identityplatform/terraform.yaml b/mmv1/products/identityplatform/terraform.yaml index aa205b723850..5ba3106c3c22 100644 --- a/mmv1/products/identityplatform/terraform.yaml +++ b/mmv1/products/identityplatform/terraform.yaml @@ -13,6 +13,21 @@ --- !ruby/object:Provider::Terraform::Config overrides: !ruby/object:Overrides::ResourceOverrides + Config: !ruby/object:Overrides::Terraform::ResourceOverride + import_format: ["projects/{{project}}/config", "projects/{{project}}", "{{project}}"] + skip_delete: true + skip_sweeper: true + examples: + - !ruby/object:Provider::Terraform::Examples + name: "identity_platform_config_basic" + primary_resource_id: "default" + vars: + instance_name: "memory-cache" + test_env_vars: + org_id: :ORG_ID + billing_acct: :BILLING_ACCT + # Resource creation race + skip_vcr: true DefaultSupportedIdpConfig: !ruby/object:Overrides::Terraform::ResourceOverride import_format: ["projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}}"] examples: diff --git a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb new file mode 100644 index 000000000000..44085f8a9b6a --- /dev/null +++ b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb @@ -0,0 +1,17 @@ +resource "google_project" "default" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "<%= ctx[:test_env_vars]['org_id'] %>" + billing_account = "<%= ctx[:test_env_vars]['billing_acct'] -%>" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "identitytoolkit.googleapis.com" +} + + +resource "google_identity_platform_config" "default" { + project = google_project.default.project_id + autodelete_anonymous_users = true +}