Skip to content

Commit

Permalink
Add BlockingFunctionsConfig, RecaptchaConfig and QuotaConfig fields t…
Browse files Browse the repository at this point in the history
…o identityplatform config (GoogleCloudPlatform#8402)

* Add Add BlockingFunctionsConfig, AuthorizedDomains and QuotaConfig fields to Config.yaml

* adding new fields to identity_platform_config_basic.tf.erb

* Update Config.yaml

Temporarily enable VCR to run the tests. Also, provide a more user's friendly desc for the quota field.

* Fix the failing test

* Update Config.yaml

Fix the quota start_time format.

* Attempt 2: Fix the failing test

* Update Config.yaml Enabling VCR.

* Update Config.yaml

Re-enable skip_vcr due to hashicorp/terraform-provider-google#14158.
  • Loading branch information
mraouffouad authored and DanielRieske committed Aug 2, 2023
1 parent b5a4fbd commit a8267ca
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 0 deletions.
70 changes: 70 additions & 0 deletions mmv1/products/identityplatform/Config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ examples:
billing_acct:
:BILLING_ACCT
# Resource creation race
test_vars_overrides:
# Set quota start time for the following day.
quota_start_time: 'time.Now().AddDate(0, 0, 1).Format(time.RFC3339)'
skip_vcr: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
custom_create: 'templates/terraform/custom_create/identity_platform_config.go'
Expand All @@ -59,3 +62,70 @@ properties:
name: 'autodeleteAnonymousUsers'
description: |
Whether anonymous users will be auto-deleted after a period of 30 days
- !ruby/object:Api::Type::NestedObject
name: 'blockingFunctions'
description: |
Configuration related to blocking functions.
properties:
- !ruby/object:Api::Type::Map
name: 'triggers'
required: true
description: |
Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn".
key_name: event_type
value_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'functionUri'
required: true
description: |
HTTP URI trigger for the Cloud Function.
- !ruby/object:Api::Type::Time
name: 'updateTime'
output: true
description: |
When the trigger was changed.
- !ruby/object:Api::Type::NestedObject
name: 'forwardInboundCredentials'
description: |
The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.
properties:
- !ruby/object:Api::Type::Boolean
name: 'idToken'
description: |
Whether to pass the user's OIDC identity provider's ID token.
- !ruby/object:Api::Type::Boolean
name: 'accessToken'
description: |
Whether to pass the user's OAuth identity provider's access token.
- !ruby/object:Api::Type::Boolean
name: 'refreshToken'
description: |
Whether to pass the user's OAuth identity provider's refresh token.
- !ruby/object:Api::Type::NestedObject
name: 'quota'
description: |
Configuration related to quotas.
properties:
- !ruby/object:Api::Type::NestedObject
name: 'signUpQuotaConfig'
description: |
Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.
properties:
- !ruby/object:Api::Type::Integer
name: 'quota'
description: |
A sign up APIs quota that customers can override temporarily.
- !ruby/object:Api::Type::Time
name: 'startTime'
description: |
When this quota will take affect.
- !ruby/object:Api::Type::String
name: 'quotaDuration'
description: |
How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s".
- !ruby/object:Api::Type::Array
name: authorizedDomains
description: |
List of domains authorized for OAuth redirects.
item_type: Api::Type::String
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,27 @@ resource "google_project_service" "identitytoolkit" {
resource "google_identity_platform_config" "default" {
project = google_project.default.project_id
autodelete_anonymous_users = true
blocking_functions {
triggers {
event_type = "beforeSignIn"
function_uri = "https://us-east1-<%= ctx[:vars]['project_id'] %>.cloudfunctions.net/before-sign-in"
}
forward_inbound_credentials {
refresh_token = true
access_token = true
id_token = true
}
}
quota {
sign_up_quota_config {
quota = 1000
start_time = "<%= ctx[:vars]['quota_start_time'] %>"
quota_duration = "7200s"
}
}
authorized_domains = [
"localhost",
"<%= ctx[:vars]['project_id'] %>.firebaseapp.com",
"<%= ctx[:vars]['project_id'] %>.web.app",
]
}

0 comments on commit a8267ca

Please sign in to comment.