Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sms_region_config block to identity platform. #16044

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/9077.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
identityplatform: added `sms_region_config` to the resource `google_identity_platform_config`
```
182 changes: 182 additions & 0 deletions google/services/identityplatform/resource_identity_platform_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,54 @@ email/password or email link.`,
},
},
},
"sms_region_config": {
Type: schema.TypeList,
Optional: true,
Description: `Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allow_by_default": {
Type: schema.TypeList,
Optional: true,
Description: `A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"disallowed_regions": {
Type: schema.TypeList,
Optional: true,
Description: `Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
ExactlyOneOf: []string{"sms_region_config.0.allow_by_default", "sms_region_config.0.allowlist_only"},
},
"allowlist_only": {
Type: schema.TypeList,
Optional: true,
Description: `A policy of only allowing regions by explicitly adding them to an allowlist.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allowed_regions": {
Type: schema.TypeList,
Optional: true,
Description: `Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
ExactlyOneOf: []string{"sms_region_config.0.allow_by_default", "sms_region_config.0.allowlist_only"},
},
},
},
},
"name": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -399,6 +447,9 @@ func resourceIdentityPlatformConfigRead(d *schema.ResourceData, meta interface{}
if err := d.Set("authorized_domains", flattenIdentityPlatformConfigAuthorizedDomains(res["authorizedDomains"], d, config)); err != nil {
return fmt.Errorf("Error reading Config: %s", err)
}
if err := d.Set("sms_region_config", flattenIdentityPlatformConfigSmsRegionConfig(res["smsRegionConfig"], d, config)); err != nil {
return fmt.Errorf("Error reading Config: %s", err)
}

return nil
}
Expand Down Expand Up @@ -449,6 +500,12 @@ func resourceIdentityPlatformConfigUpdate(d *schema.ResourceData, meta interface
} else if v, ok := d.GetOkExists("authorized_domains"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, authorizedDomainsProp)) {
obj["authorizedDomains"] = authorizedDomainsProp
}
smsRegionConfigProp, err := expandIdentityPlatformConfigSmsRegionConfig(d.Get("sms_region_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("sms_region_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, smsRegionConfigProp)) {
obj["smsRegionConfig"] = smsRegionConfigProp
}

url, err := tpgresource.ReplaceVars(d, config, "{{IdentityPlatformBasePath}}projects/{{project}}/config")
if err != nil {
Expand Down Expand Up @@ -477,6 +534,10 @@ func resourceIdentityPlatformConfigUpdate(d *schema.ResourceData, meta interface
if d.HasChange("authorized_domains") {
updateMask = append(updateMask, "authorizedDomains")
}

if d.HasChange("sms_region_config") {
updateMask = append(updateMask, "smsRegionConfig")
}
// updateMask is a URL parameter but not present in the schema, so ReplaceVars
// won't set it
url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
Expand Down Expand Up @@ -827,6 +888,55 @@ func flattenIdentityPlatformConfigAuthorizedDomains(v interface{}, d *schema.Res
return v
}

func flattenIdentityPlatformConfigSmsRegionConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["allow_by_default"] =
flattenIdentityPlatformConfigSmsRegionConfigAllowByDefault(original["allowByDefault"], d, config)
transformed["allowlist_only"] =
flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnly(original["allowlistOnly"], d, config)
return []interface{}{transformed}
}
func flattenIdentityPlatformConfigSmsRegionConfigAllowByDefault(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["disallowed_regions"] =
flattenIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(original["disallowedRegions"], d, config)
return []interface{}{transformed}
}
func flattenIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnly(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["allowed_regions"] =
flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(original["allowedRegions"], d, config)
return []interface{}{transformed}
}
func flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func expandIdentityPlatformConfigAutodeleteAnonymousUsers(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
Expand Down Expand Up @@ -1225,3 +1335,75 @@ func expandIdentityPlatformConfigQuotaSignUpQuotaConfigQuotaDuration(v interface
func expandIdentityPlatformConfigAuthorizedDomains(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandIdentityPlatformConfigSmsRegionConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedAllowByDefault, err := expandIdentityPlatformConfigSmsRegionConfigAllowByDefault(original["allow_by_default"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowByDefault); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowByDefault"] = transformedAllowByDefault
}

transformedAllowlistOnly, err := expandIdentityPlatformConfigSmsRegionConfigAllowlistOnly(original["allowlist_only"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowlistOnly); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowlistOnly"] = transformedAllowlistOnly
}

return transformed, nil
}

func expandIdentityPlatformConfigSmsRegionConfigAllowByDefault(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedDisallowedRegions, err := expandIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(original["disallowed_regions"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDisallowedRegions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["disallowedRegions"] = transformedDisallowedRegions
}

return transformed, nil
}

func expandIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandIdentityPlatformConfigSmsRegionConfigAllowlistOnly(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedAllowedRegions, err := expandIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(original["allowed_regions"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowedRegions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowedRegions"] = transformedAllowedRegions
}

return transformed, nil
}

func expandIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,14 @@ resource "google_identity_platform_config" "default" {
}
}
}
sms_region_config {
allowlist_only {
allowed_regions = [
"US",
"CA",
]
}
}
blocking_functions {
triggers {
event_type = "beforeSignIn"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@ resource "google_identity_platform_config" "basic" {
}
}
}
sms_region_config {
allow_by_default {
disallowed_regions = [
"CA",
"US",
]
}
}
}
`, context)
}
Expand Down Expand Up @@ -124,6 +132,14 @@ resource "google_identity_platform_config" "basic" {
}
}
}
sms_region_config {
allowlist_only {
allowed_regions = [
"AU",
"NZ",
]
}
}
}
`, context)
}
38 changes: 38 additions & 0 deletions website/docs/r/identity_platform_config.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,14 @@ resource "google_identity_platform_config" "default" {
}
}
}
sms_region_config {
allowlist_only {
allowed_regions = [
"US",
"CA",
]
}
}
blocking_functions {
triggers {
event_type = "beforeSignIn"
Expand Down Expand Up @@ -131,6 +139,11 @@ The following arguments are supported:
(Optional)
List of domains authorized for OAuth redirects.

* `sms_region_config` -
(Optional)
Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.
Structure is [documented below](#nested_sms_region_config).

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.

Expand Down Expand Up @@ -273,6 +286,31 @@ The following arguments are supported:
(Optional)
How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s".

<a name="nested_sms_region_config"></a>The `sms_region_config` block supports:

* `allow_by_default` -
(Optional)
A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.
Structure is [documented below](#nested_allow_by_default).

* `allowlist_only` -
(Optional)
A policy of only allowing regions by explicitly adding them to an allowlist.
Structure is [documented below](#nested_allowlist_only).


<a name="nested_allow_by_default"></a>The `allow_by_default` block supports:

* `disallowed_regions` -
(Optional)
Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json

<a name="nested_allowlist_only"></a>The `allowlist_only` block supports:

* `allowed_regions` -
(Optional)
Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:
Expand Down