Move sign_in from google_identity_platform_project_default_config to …

…google_identity_platform_config. (#8559) Co-authored-by: Shuya Ma <[email protected]>
GoogleCloudPlatform · Sep 15, 2023 · 110956f · 110956f
1 parent b8279d9
commit 110956f
Show file tree

Hide file tree

Showing 7 changed files with 266 additions and 1 deletion.
diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml
@@ -73,6 +73,88 @@ properties:
     name: 'autodeleteAnonymousUsers'
     description: |
       Whether anonymous users will be auto-deleted after a period of 30 days
+  - !ruby/object:Api::Type::NestedObject
+    name: 'signIn'
+    description: |
+      Configuration related to local sign in methods.
+    properties:
+      - !ruby/object:Api::Type::NestedObject
+        name: email
+        description: |
+          Configuration options related to authenticating a user by their email address.
+        properties:
+          - !ruby/object:Api::Type::Boolean
+            name: enabled
+            required: true
+            description: |
+              Whether email auth is enabled for the project or not.
+          - !ruby/object:Api::Type::Boolean
+            name: 'passwordRequired'
+            description: |
+              Whether a password is required for email auth or not. If true, both an email and
+              password must be provided to sign in. If false, a user may sign in via either
+              email/password or email link.
+      - !ruby/object:Api::Type::NestedObject
+        name: phoneNumber
+        description: |
+          Configuration options related to authenticated a user by their phone number.
+        properties:
+          - !ruby/object:Api::Type::Boolean
+            name: enabled
+            required: true
+            description: |
+              Whether phone number auth is enabled for the project or not.
+          - !ruby/object:Api::Type::KeyValuePairs
+            name: 'testPhoneNumbers'
+            description: |
+              A map of <test phone number, fake code> that can be used for phone auth testing.
+      - !ruby/object:Api::Type::NestedObject
+        name: anonymous
+        custom_flatten: 'templates/terraform/custom_flatten/identity_platform_config_anonymous.go'
+        description: |
+          Configuration options related to authenticating an anonymous user.
+        properties:
+          - !ruby/object:Api::Type::Boolean
+            name: enabled
+            required: true
+            send_empty_value: true
+            description: |
+              Whether anonymous user auth is enabled for the project or not.
+      - !ruby/object:Api::Type::Boolean
+        name: allowDuplicateEmails
+        description: |
+          Whether to allow more than one account to have the same email.
+      - !ruby/object:Api::Type::NestedObject
+        name: hashConfig
+        output: true
+        description: |
+          Output only. Hash config information.
+        properties:
+          - !ruby/object:Api::Type::String
+            name: algorithm
+            output: true
+            description: |
+              Different password hash algorithms used in Identity Toolkit.
+          - !ruby/object:Api::Type::String
+            name: 'signerKey'
+            output: true
+            description: |
+              Signer key in base64.
+          - !ruby/object:Api::Type::String
+            name: 'saltSeparator'
+            output: true
+            description: |
+              Non-printable character to be inserted between the salt and plain text password in base64.
+          - !ruby/object:Api::Type::Integer
+            name: rounds
+            output: true
+            description: |
+              How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.
+          - !ruby/object:Api::Type::Integer
+            name: 'memoryCost'
+            output: true
+            description: |
+              Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field.
   - !ruby/object:Api::Type::NestedObject
     name: 'blockingFunctions'
     description: |

diff --git a/mmv1/products/identityplatform/ProjectDefaultConfig.yaml b/mmv1/products/identityplatform/ProjectDefaultConfig.yaml
@@ -23,6 +23,7 @@ create_verb: :PATCH
 delete_verb: :PATCH
 custom_code: !ruby/object:Provider::Terraform::CustomCode
   test_check_destroy: templates/terraform/custom_check_destroy/identity_platform_project_default_config.go.erb
+  resource_definition: templates/terraform/resource_definition/identity_platform_project_default_config_deprecation.go.erb
 docs: !ruby/object:Provider::Terraform::Docs
   warning: |
     If you are using User ADCs (Application Default Credentials) with this resource,

diff --git a/mmv1/templates/terraform/custom_flatten/identity_platform_config_anonymous.go b/mmv1/templates/terraform/custom_flatten/identity_platform_config_anonymous.go
@@ -0,0 +1,16 @@
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+
+	original := v.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	if original["enabled"] == nil {
+		transformed["enabled"] = false
+	} else {
+		transformed["enabled"] = original["enabled"]
+	}
+
+	return []interface{}{transformed}
+}
diff --git a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb
@@ -13,10 +13,26 @@ resource "google_project_service" "identitytoolkit" {
   service = "identitytoolkit.googleapis.com"
 }
 
-
 resource "google_identity_platform_config" "default" {
   project = google_project.default.project_id
   autodelete_anonymous_users = true
+  sign_in {
+    allow_duplicate_emails = true
+
+    anonymous {
+        enabled = true
+    }
+    email {
+        enabled = true
+        password_required = false
+    }
+    phone_number {
+        enabled = true
+        test_phone_numbers = {
+            "+11231231234" = "000000"
+        }
+    }
+  }
   blocking_functions {
     triggers {
       event_type = "beforeSignIn"

diff --git a/...terraform/resource_definition/identity_platform_project_default_config_deprecation.go.erb b/...terraform/resource_definition/identity_platform_project_default_config_deprecation.go.erb
@@ -0,0 +1,17 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2023 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+DeprecationMessage: "Deprecated. Use the `google_identity_platform_config` resource instead. " +
+                    "It contains a more comprehensive list of fields, and was created before " +
+                    "`google_identity_platform_project_default_config` was added.",
diff --git a/...third_party/terraform/services/identityplatform/resource_identity_platform_config_test.go b/...third_party/terraform/services/identityplatform/resource_identity_platform_config_test.go
@@ -0,0 +1,127 @@
+package identityplatform_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccIdentityPlatformConfig_update(t *testing.T) {
+	acctest.SkipIfVcr(t)
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id":           envvar.GetTestOrgFromEnv(t),
+		"billing_acct":     envvar.GetTestBillingAccountFromEnv(t),
+		"quota_start_time": time.Now().AddDate(0, 0, 1).Format(time.RFC3339),
+		"random_suffix":    acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIdentityPlatformConfig_basic(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_config.basic",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccIdentityPlatformConfig_update(context),
+			},
+			{
+				ResourceName:      "google_identity_platform_config.basic",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccIdentityPlatformConfig_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_project" "basic" {
+  project_id = "tf-test-my-project%{random_suffix}"
+  name       = "tf-test-my-project%{random_suffix}"
+  org_id     = "%{org_id}"
+  billing_account =  "%{billing_acct}"
+  labels = {
+    firebase = "enabled"
+  }
+}
+
+resource "google_project_service" "identitytoolkit" {
+  project = google_project.basic.project_id
+  service = "identitytoolkit.googleapis.com"
+}
+
+resource "google_identity_platform_config" "basic" {
+  project = google_project.basic.project_id
+  autodelete_anonymous_users = true
+  sign_in {
+    allow_duplicate_emails = true
+
+    anonymous {
+        enabled = true
+    }
+    email {
+        enabled = true
+        password_required = false
+    }
+    phone_number {
+        enabled = true
+        test_phone_numbers = {
+            "+11231231234" = "000000"
+        }
+    }
+  }
+}
+`, context)
+}
+
+func testAccIdentityPlatformConfig_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_project" "basic" {
+  project_id = "tf-test-my-project%{random_suffix}"
+  name       = "tf-test-my-project%{random_suffix}"
+  org_id     = "%{org_id}"
+  billing_account =  "%{billing_acct}"
+  labels = {
+    firebase = "enabled"
+  }
+}
+
+resource "google_project_service" "identitytoolkit" {
+  project = google_project.basic.project_id
+  service = "identitytoolkit.googleapis.com"
+}
+
+resource "google_identity_platform_config" "basic" {
+  project = google_project.basic.project_id
+  sign_in {
+    allow_duplicate_emails = false
+
+    anonymous {
+        enabled = false
+    }
+    email {
+        enabled = true
+        password_required = true
+    }
+    phone_number {
+        enabled = true
+        test_phone_numbers = {
+	    "+17651212343" = "111111"
+        }
+    }
+  }
+}
+`, context)
+}
diff --git a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown
@@ -510,3 +510,9 @@ resource "google_secret_manager_secret" "my-secret" {
   }
 }
 ```
+
+## Resource: `google_identity_platform_project_default_config`
+
+### `google_identity_platform_project_default_config` has been removed from the provider
+
+Use the `google_identity_platform_config` resource instead. It contains a more comprehensive list of fields, and was created before `google_identity_platform_project_default_config` was added.