forked from GoogleCloudPlatform/magic-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
App Check DeviceCheck provider (GoogleCloudPlatform#9978)
* App Check DeviceCheck provider * Remove minimal example & pattern field * Add real private keys that are not useful anywhere * Limit tests to beta
- Loading branch information
1 parent
7450c72
commit 380c780
Showing
5 changed files
with
224 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- | ||
!ruby/object:Api::Resource | ||
name: "DeviceCheckConfig" | ||
base_url: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig | ||
self_link: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig | ||
create_url: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig?updateMask=tokenTtl,keyId,privateKey | ||
create_verb: :PATCH | ||
update_verb: :PATCH | ||
update_mask: true | ||
skip_delete: true | ||
description: | | ||
An app's DeviceCheck configuration object. Note that the Team ID registered with your | ||
app is used as part of the validation process. Make sure your `google_firebase_apple_app` has a team_id present. | ||
references: !ruby/object:Api::Resource::ReferenceLinks | ||
guides: | ||
"Official Documentation": "https://firebase.google.com/docs/app-check" | ||
api: "https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.deviceCheckConfig" | ||
import_format: | ||
[ | ||
"projects/{{project}}/apps/{{app_id}}/deviceCheckConfig", | ||
"{{project}}/{{app_id}}", | ||
"{{app_id}}", | ||
] | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: "firebase_app_check_device_check_config_full" | ||
min_version: 'beta' | ||
# Need the time_sleep resource | ||
pull_external: true | ||
primary_resource_id: "default" | ||
vars: | ||
bundle_id: "bundle.id.devicecheck" | ||
key_id: "Key ID" | ||
private_key_path: "path/to/private-key.p8" | ||
team_id: "9987654321" | ||
token_ttl: "7200s" | ||
test_vars_overrides: | ||
# Don't add random suffix | ||
private_key_path: '"test-fixtures/private-key-2.p8"' | ||
team_id: '"9987654321"' | ||
token_ttl: '"7200s"' | ||
test_env_vars: | ||
project_id: :PROJECT_NAME | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: app_id | ||
description: | | ||
The ID of an | ||
[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id). | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: name | ||
description: | | ||
The relative resource name of the DeviceCheck configuration object | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: tokenTtl | ||
description: | | ||
Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid. | ||
If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. | ||
A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". | ||
default_from_api: true | ||
- !ruby/object:Api::Type::String | ||
name: keyId | ||
description: | | ||
The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account. | ||
required: true | ||
- !ruby/object:Api::Type::String | ||
name: privateKey | ||
description: | | ||
The contents of the private key (.p8) file associated with the key specified by keyId. | ||
required: true | ||
sensitive: true | ||
ignore_read: true | ||
- !ruby/object:Api::Type::Boolean | ||
name: privateKeySet | ||
description: | | ||
Whether the privateKey field was previously set. Since App Check will never return the | ||
privateKey field, this field is the only way to find out whether it was previously set. | ||
output: true |
34 changes: 34 additions & 0 deletions
34
mmv1/templates/terraform/examples/firebase_app_check_device_check_config_full.tf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
resource "google_firebase_apple_app" "default" { | ||
provider = google-beta | ||
|
||
project = "<%= ctx[:test_env_vars]['project_id'] %>" | ||
display_name = "Apple app" | ||
bundle_id = "<%= ctx[:vars]['bundle_id'] %>" | ||
team_id = "<%= ctx[:vars]['team_id'] %>" | ||
} | ||
|
||
# It takes a while for App Check to recognize the new app | ||
# If your app already exists, you don't have to wait 30 seconds. | ||
resource "time_sleep" "wait_30s" { | ||
depends_on = [google_firebase_apple_app.default] | ||
create_duration = "30s" | ||
} | ||
|
||
resource "google_firebase_app_check_device_check_config" "default" { | ||
provider = google-beta | ||
|
||
project = "<%= ctx[:test_env_vars]['project_id'] %>" | ||
app_id = google_firebase_apple_app.default.app_id | ||
token_ttl = "<%= ctx[:vars]['token_ttl'] %>" | ||
key_id = "<%= ctx[:vars]['key_id'] %>" | ||
private_key = file("<%= ctx[:vars]['private_key_path'] %>") | ||
|
||
depends_on = [time_sleep.wait_30s] | ||
|
||
lifecycle { | ||
precondition { | ||
condition = google_firebase_apple_app.default.team_id != "" | ||
error_message = "Provide a Team ID on the Apple App to use App Check" | ||
} | ||
} | ||
} |
63 changes: 63 additions & 0 deletions
63
...orm/services/firebaseappcheck/resource_firebase_app_check_device_check_config_test.go.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
<% autogen_exception -%> | ||
package firebaseappcheck_test | ||
<% unless version == 'ga' -%> | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
|
||
"github.com/hashicorp/terraform-provider-google/google/acctest" | ||
"github.com/hashicorp/terraform-provider-google/google/envvar" | ||
) | ||
|
||
func TestAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigUpdate(t *testing.T) { | ||
t.Parallel() | ||
|
||
context := map[string]interface{}{ | ||
"project_id": envvar.GetTestProjectFromEnv(), | ||
"team_id": "9987654321", | ||
"private_key_path": "test-fixtures/private-key.p8", | ||
"token_ttl": "3900s", | ||
"random_suffix": acctest.RandString(t, 10), | ||
} | ||
|
||
contextUpdated := map[string]interface{}{ | ||
"project_id": envvar.GetTestProjectFromEnv(), | ||
"team_id": "9987654321", | ||
"private_key_path": "test-fixtures/private-key-2.p8", | ||
"token_ttl": "7200s", | ||
// Bundle ID needs to be the same between updates but different between tests | ||
"random_suffix": context["random_suffix"], | ||
} | ||
|
||
acctest.VcrTest(t, resource.TestCase{ | ||
PreCheck: func() { acctest.AccTestPreCheck(t) }, | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), | ||
ExternalProviders: map[string]resource.ExternalProvider{ | ||
"random": {}, | ||
"time": {}, | ||
}, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigFullExample(context), | ||
}, | ||
{ | ||
ResourceName: "google_firebase_app_check_device_check_config.default", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"private_key", "app_id"}, | ||
}, | ||
{ | ||
Config: testAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigFullExample(contextUpdated), | ||
}, | ||
{ | ||
ResourceName: "google_firebase_app_check_device_check_config.default", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"private_key", "app_id"}, | ||
}, | ||
}, | ||
}) | ||
} | ||
<% end -%> |
15 changes: 15 additions & 0 deletions
15
mmv1/third_party/terraform/services/firebaseappcheck/test-fixtures/private-key-2.p8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIICWwIBAAKBgQCVA/2LQtUYJI8KlNHWzNPzGzVv01qavSbmuW0QYjshxRnXDBk+ | ||
fWZePJAmsyuhU4Y2SkM5Wqvgjo/rDPaRPdTiEtKQuNesRgQeOVmAWDkIXEiieTwb | ||
RYuXbdpZhH86Vt6xOMt14tGPKE5VuuySvTqgQRCvRTylrF3koBc0d/8NVQIDAQAB | ||
AoGAG7qBXH+ULYjoAR0OKv00V2FxwRxAGNknuvk4HTtaK3+Evmpm7CTjfpegb0MZ | ||
1Ew5hjKtbae8oe2FRETGQOKTkS68I/D9PGP4aTzmSkf6PjwXwhlBYp09xxv4nmxV | ||
BCbsoicNMvdk0F7SPblnZBO9i0DpZ8pT9wyPo8QzWBfi5IECQQD8gIOja3Zim4R9 | ||
HVL7Blvhzhl2ibuITV2PKfQ11v0a+Om+rZKwdrhxKgWoguDvvP7ExWSPTZJKSm0J | ||
bzhU+APhAkEAlxR3fY+zSpxHaxbOqZ6cea5cZtyHcX607nW8N037yBErIjcJKL65 | ||
gHx9Vq1Xo24o4C6kyzmh00BnkyXul4439QJAPWvtmaUcaSQ3eE/XzaRgWW9PFlyu | ||
t5tKNPcZprcjXppKEc4bLr3SZAS616DuoqKwvqDds1ZFTbkJCRB6/YBPQQJAeyGG | ||
JYKJyKRIHMJw2pNXymBOFNNlXB29jp/ML3LSYwODGRar01ZmT46mhI8wXxV4IQZC | ||
7xLgjhDumWIP69tQRQJAfuOy4TP2drxNI7fP7YenV1ks6CiLHcBN04f6NItWilTN | ||
Cc+Mv/rio9xO56Yp9oePMaFT9QEzfO/cqX6QvyfblQ== | ||
-----END PRIVATE KEY----- |
15 changes: 15 additions & 0 deletions
15
mmv1/third_party/terraform/services/firebaseappcheck/test-fixtures/private-key.p8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIICXAIBAAKBgG3vDegwb8uUvns/Iuodo/cNK0eMHxqb+2n16dQnxL7az+ShNWKQ | ||
jTSzXY5y4VexrTdPEU5ZiTPONZXyl4/iFvOnyFxnC6Zjyr+xeIU5X4TmjYq0yCuZ | ||
xbovAWw+E4KUKt1V62avd+hGZHPtCKLfV/uYITG7I8R+GyEAdMoaXP8JAgMBAAEC | ||
gYBsQFf7aabMWx3uks84phNNNOSHQY1nUG2Te5nTVY3BOgo44h2Ffz3sxSq9GJaZ | ||
GdatfehWtIgMQWQ20Xk5L7LUzSxmndHbUIzYU17xZrAsgmjYTwvAQ13If2L6S+pz | ||
EUbTLkMnlbAgvtJ2AqZZZ3LE41N9ey60gVB1cCu9fCXLuQJBANAeoDXXvh7nXdyN | ||
Zd84zXpSk8SLmAmQn1JB7z3oPkrZ0dG42GMOzYw9MP8n2bATHV+OB0/gdUFJAYYp | ||
kwz+bJ8CQQCHObHelAlkH3or+JVECpovNMHs2UGB6yF1ZX0Nep3iR90fhi3BsnVo | ||
IQGdHlQC2NL+iaBF4Mv2/dfZTen1vMtXAkEAk7+KQW8+G7ZpXjBLyCMNTO/e08O+ | ||
VdwEH2OLsslzn7PvTxIJHJnfttWiOSJTWrrXOYUdD8nrtENd/574NFtTRQJAaExD | ||
uJ0NsT/mB0wwNM7IpWhXusrHD+G/aMDidyb/56vuDYZ8fE2c6LesevcNbTS3aMPV | ||
7o+4QcUAWwcRUQxQ+QJBAJEAwwzFnLJtrFYEnz7YNufgjiMrX7CBJCwrXGZpZrHX | ||
EdDDOGiLrm871hc3tNQWmzou9AFIwZFeIOXVdIHIQzk= | ||
-----END PRIVATE KEY----- |