Support for Identity Platform (#2840)

Merged PR #2840.

products/identityplatform/terraform.yaml

@@ -0,0 +1,91 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Terraform::Config
+overrides: !ruby/object:Overrides::ResourceOverrides
+  DefaultSupportedIdpConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    import_format: ["projects/{{project}}/defaultSupportedIdpConfigs/{{client_id}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_default_supported_idp_config_basic"
+        primary_resource_id: "idp_config"
+        # Skip test due to operating on singleton and the handwritten update test handles this
+        # If we could spin up a project and enable identity platform we could test this separately
+        skip_test: true
+  TenantDefaultSupportedIdpConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    import_format: ["projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs/{{client_id}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_tenant_default_supported_idp_config_basic"
+        primary_resource_id: "idp_config"
+  InboundSamlConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_inbound_saml_config_basic"
+        primary_resource_id: "saml_config"
+        vars:
+          name: saml.tf-config
+          idp_entity_id: tf-idp
+          sp_entity_id: tf-sp
+  TenantInboundSamlConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_tenant_inbound_saml_config_basic"
+        primary_resource_id: "tenant_saml_config"
+        vars:
+          name: saml.tf-config
+          idp_entity_id: tf-idp
+          sp_entity_id: tf-sp
+  OauthIdpConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_oauth_idp_config_basic"
+        primary_resource_id: "oauth_idp_config"
+        vars:
+          name: oidc.oauth-idp-config
+  TenantOauthIdpConfig: !ruby/object:Overrides::Terraform::ResourceOverride
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_tenant_oauth_idp_config_basic"
+        primary_resource_id: "tenant_oauth_idp_config"
+        vars:
+          name: oidc.oauth-idp-config
+  Tenant: !ruby/object:Overrides::Terraform::ResourceOverride
+    properties:
+      name: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      post_create: templates/terraform/post_create/gcip_tenant.go.erb
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "identity_platform_tenant_basic"
+        primary_resource_id: "tenant"
+
+# This is for copying files over
+files: !ruby/object:Provider::Config::Files
+  # These files have templating (ERB) code that will be run.
+  # This is usually to add licensing info, autogeneration notices, etc.
+  compile:
+<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%>

templates/terraform/examples/identity_platform_default_supported_idp_config_basic.tf.erb

@@ -0,0 +1,5 @@
+resource "google_identity_platform_default_supported_idp_config" "<%= ctx[:primary_resource_id] %>" {
+  enabled       = true
+  client_id     = "playgames.google.com"
+  client_secret = "secret"
+}

templates/terraform/examples/identity_platform_inbound_saml_config_basic.tf.erb

@@ -0,0 +1,17 @@
+resource "google_identity_platform_inbound_saml_config" "<%= ctx[:primary_resource_id] %>" {
+  name         = "<%= ctx[:vars]["name"] %>"
+  display_name = "Display Name"
+  idp_config {
+    idp_entity_id = "<%= ctx[:vars]["idp_entity_id"] %>"
+    sign_request  = true
+    sso_url       = "example.com"
+    idp_certificates {
+      x509_certificate = file("test-fixtures/rsa_cert.pem")
+    }
+  }
+
+  sp_config {
+    sp_entity_id = "<%= ctx[:vars]["sp_entity_id"] %>"
+    callback_uri = "https://example.com"
+  }
+}

templates/terraform/examples/identity_platform_oauth_idp_config_basic.tf.erb

@@ -0,0 +1,8 @@
+resource "google_identity_platform_oauth_idp_config" "<%= ctx[:primary_resource_id] %>" {
+  name          = "<%= ctx[:vars]["name"] %>"
+  display_name  = "Display Name"
+  client_id     = "client-id"
+  issuer        = "issuer"
+  enabled       = true
+  client_secret = "secret"
+}

templates/terraform/examples/identity_platform_tenant_basic.tf.erb

@@ -0,0 +1,4 @@
+resource "google_identity_platform_tenant" "<%= ctx[:primary_resource_id] %>" {
+  display_name          = "tenant"
+  allow_password_signup = true
+}

templates/terraform/examples/identity_platform_tenant_default_supported_idp_config_basic.tf.erb

@@ -0,0 +1,10 @@
+resource "google_identity_platform_tenant" "tenant" {
+  display_name  = "tenant"
+}
+
+resource "google_identity_platform_tenant_default_supported_idp_config" "<%= ctx[:primary_resource_id] %>" {
+  enabled       = true
+  tenant        = google_identity_platform_tenant.tenant.name
+  client_id     = "playgames.google.com"
+  client_secret = "secret"
+}

templates/terraform/examples/identity_platform_tenant_inbound_saml_config_basic.tf.erb

@@ -0,0 +1,22 @@
+resource "google_identity_platform_tenant" "tenant" {
+  display_name  = "tenant"
+}
+
+resource "google_identity_platform_tenant_inbound_saml_config" "<%= ctx[:primary_resource_id] %>" {
+  name         = "<%= ctx[:vars]["name"] %>"
+  display_name = "Display Name"
+  tenant       = google_identity_platform_tenant.tenant.name
+  idp_config {
+    idp_entity_id = "<%= ctx[:vars]["idp_entity_id"] %>"
+    sign_request  = true
+    sso_url       = "example.com"
+    idp_certificates {
+      x509_certificate = file("test-fixtures/rsa_cert.pem")
+    }
+  }
+
+  sp_config {
+    sp_entity_id = "<%= ctx[:vars]["sp_entity_id"] %>"
+    callback_uri = "https://example.com"
+  }
+}

templates/terraform/examples/identity_platform_tenant_oauth_idp_config_basic.tf.erb

@@ -0,0 +1,13 @@
+resource "google_identity_platform_tenant" "tenant" {
+  display_name  = "tenant"
+}
+
+resource "google_identity_platform_tenant_oauth_idp_config" "<%= ctx[:primary_resource_id] %>" {
+  name          = "<%= ctx[:vars]["name"] %>"
+  tenant        = google_identity_platform_tenant.tenant.name
+  display_name  = "Display Name"
+  client_id     = "client-id"
+  issuer        = "issuer"
+  enabled       = true
+  client_secret = "secret"
+}

templates/terraform/post_create/gcip_tenant.go.erb

@@ -0,0 +1,12 @@
+// `name` is autogenerated from the api so needs to be set post-create
+name, ok := res["name"]
+if !ok {
+  return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+}
+d.Set("name", GetResourceNameFromSelfLink(name.(string)))
+// Store the ID now that we have set the computed name
+id, err = replaceVars(d, config, "projects/{{project}}/tenants/{{name}}")
+if err != nil {
+	return fmt.Errorf("Error constructing id: %s", err)
+}
+d.SetId(id)

third_party/terraform/tests/resource_identity_platform_default_supported_idp_config_test.go

@@ -0,0 +1,88 @@
+package google
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccIdentityPlatformDefaultSupportedIdpConfig_defaultSupportedIdpConfigUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(10),
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIdentityPlatformDefaultSupportedIdpConfigDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIdentityPlatformDefaultSupportedIdpConfig_defaultSupportedIdpConfigBasic(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_default_supported_idp_config.idp_config",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccIdentityPlatformDefaultSupportedIdpConfig_defaultSupportedIdpConfigUpdate(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_default_supported_idp_config.idp_config",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckIdentityPlatformDefaultSupportedIdpConfigDestroy(s *terraform.State) error {
+	for name, rs := range s.RootModule().Resources {
+		if rs.Type != "google_identity_platform_default_supported_idp_config" {
+			continue
+		}
+		if strings.HasPrefix(name, "data.") {
+			continue
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		url, err := replaceVarsForTest(config, rs, "{{IdentityPlatformBasePath}}projects/{{project}}/defaultSupportedIdpConfigs/{{client_id}}")
+		if err != nil {
+			return err
+		}
+
+		_, err = sendRequest(config, "GET", "", url, nil)
+		if err == nil {
+			return fmt.Errorf("IdentityPlatformDefaultSupportedIdpConfig still exists at %s", url)
+		}
+	}
+
+	return nil
+}
+
+func testAccIdentityPlatformDefaultSupportedIdpConfig_defaultSupportedIdpConfigBasic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_identity_platform_default_supported_idp_config" "idp_config" {
+  enabled = true
+  client_id = "playgames.google.com"
+  client_secret = "secret"
+}
+`, context)
+}
+
+func testAccIdentityPlatformDefaultSupportedIdpConfig_defaultSupportedIdpConfigUpdate(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_identity_platform_default_supported_idp_config" "idp_config" {
+  enabled = false
+  client_id = "playgames.google.com"
+  client_secret = "anothersecret"
+}
+`, context)
+}

third_party/terraform/tests/resource_identity_platform_inbound_saml_config_test.go

@@ -0,0 +1,83 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccIdentityPlatformInboundSamlConfig_inboundSamlConfigUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(10),
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIdentityPlatformInboundSamlConfigDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIdentityPlatformInboundSamlConfig_inboundSamlConfigBasic(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_inbound_saml_config.saml_config",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccIdentityPlatformInboundSamlConfig_inboundSamlConfigUpdate(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_inbound_saml_config.saml_config",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccIdentityPlatformInboundSamlConfig_inboundSamlConfigBasic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_identity_platform_inbound_saml_config" "saml_config" {
+  name = "saml.tf-config%{random_suffix}"
+  display_name = "Display Name"
+  idp_config {
+    idp_entity_id = "tf-idp%{random_suffix}"
+    sso_url = "example.com"
+    idp_certificates {
+      x509_certificate = file("test-fixtures/rsa_cert.pem")
+    }
+  }
+
+  sp_config {
+    sp_entity_id = "tf-sp%{random_suffix}"
+    callback_uri = "https://example.com"
+  }
+}
+`, context)
+}
+
+func testAccIdentityPlatformInboundSamlConfig_inboundSamlConfigUpdate(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_identity_platform_inbound_saml_config" "saml_config" {
+  name = "saml.tf-config%{random_suffix}"
+  display_name = "Display Name2"
+  idp_config {
+    idp_entity_id = "tf-idp%{random_suffix}"
+    sso_url = "example123.com"
+    sign_request = true
+    idp_certificates {
+      x509_certificate = file("test-fixtures/rsa_cert.pem")
+    }
+  }
+
+  sp_config {
+    sp_entity_id = "tf-sp%{random_suffix}"
+    callback_uri = "https://example123.com"
+  }
+}
+`, context)
+}