Skip to content

Commit

Permalink
App Check DeviceCheck provider (GoogleCloudPlatform#9978)
Browse files Browse the repository at this point in the history
* App Check DeviceCheck provider

* Remove minimal example & pattern field

* Add real private keys that are not useful anywhere

* Limit tests to beta
  • Loading branch information
rainshen49 authored and balanaguharsha committed May 2, 2024
1 parent 7450c72 commit 380c780
Show file tree
Hide file tree
Showing 5 changed files with 224 additions and 0 deletions.
97 changes: 97 additions & 0 deletions mmv1/products/firebaseappcheck/DeviceCheckConfig.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
!ruby/object:Api::Resource
name: "DeviceCheckConfig"
base_url: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig
self_link: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig
create_url: projects/{{project}}/apps/{{app_id}}/deviceCheckConfig?updateMask=tokenTtl,keyId,privateKey
create_verb: :PATCH
update_verb: :PATCH
update_mask: true
skip_delete: true
description: |
An app's DeviceCheck configuration object. Note that the Team ID registered with your
app is used as part of the validation process. Make sure your `google_firebase_apple_app` has a team_id present.
references: !ruby/object:Api::Resource::ReferenceLinks
guides:
"Official Documentation": "https://firebase.google.com/docs/app-check"
api: "https://firebase.google.com/docs/reference/appcheck/rest/v1/projects.apps.deviceCheckConfig"
import_format:
[
"projects/{{project}}/apps/{{app_id}}/deviceCheckConfig",
"{{project}}/{{app_id}}",
"{{app_id}}",
]
examples:
- !ruby/object:Provider::Terraform::Examples
name: "firebase_app_check_device_check_config_full"
min_version: 'beta'
# Need the time_sleep resource
pull_external: true
primary_resource_id: "default"
vars:
bundle_id: "bundle.id.devicecheck"
key_id: "Key ID"
private_key_path: "path/to/private-key.p8"
team_id: "9987654321"
token_ttl: "7200s"
test_vars_overrides:
# Don't add random suffix
private_key_path: '"test-fixtures/private-key-2.p8"'
team_id: '"9987654321"'
token_ttl: '"7200s"'
test_env_vars:
project_id: :PROJECT_NAME
parameters:
- !ruby/object:Api::Type::String
name: app_id
description: |
The ID of an
[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).
required: true
immutable: true
url_param_only: true
properties:
- !ruby/object:Api::Type::String
name: name
description: |
The relative resource name of the DeviceCheck configuration object
output: true
- !ruby/object:Api::Type::String
name: tokenTtl
description: |
Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid.
If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
default_from_api: true
- !ruby/object:Api::Type::String
name: keyId
description: |
The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account.
required: true
- !ruby/object:Api::Type::String
name: privateKey
description: |
The contents of the private key (.p8) file associated with the key specified by keyId.
required: true
sensitive: true
ignore_read: true
- !ruby/object:Api::Type::Boolean
name: privateKeySet
description: |
Whether the privateKey field was previously set. Since App Check will never return the
privateKey field, this field is the only way to find out whether it was previously set.
output: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource "google_firebase_apple_app" "default" {
provider = google-beta

project = "<%= ctx[:test_env_vars]['project_id'] %>"
display_name = "Apple app"
bundle_id = "<%= ctx[:vars]['bundle_id'] %>"
team_id = "<%= ctx[:vars]['team_id'] %>"
}

# It takes a while for App Check to recognize the new app
# If your app already exists, you don't have to wait 30 seconds.
resource "time_sleep" "wait_30s" {
depends_on = [google_firebase_apple_app.default]
create_duration = "30s"
}

resource "google_firebase_app_check_device_check_config" "default" {
provider = google-beta

project = "<%= ctx[:test_env_vars]['project_id'] %>"
app_id = google_firebase_apple_app.default.app_id
token_ttl = "<%= ctx[:vars]['token_ttl'] %>"
key_id = "<%= ctx[:vars]['key_id'] %>"
private_key = file("<%= ctx[:vars]['private_key_path'] %>")

depends_on = [time_sleep.wait_30s]

lifecycle {
precondition {
condition = google_firebase_apple_app.default.team_id != ""
error_message = "Provide a Team ID on the Apple App to use App Check"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
<% autogen_exception -%>
package firebaseappcheck_test
<% unless version == 'ga' -%>

import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"

"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigUpdate(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"project_id": envvar.GetTestProjectFromEnv(),
"team_id": "9987654321",
"private_key_path": "test-fixtures/private-key.p8",
"token_ttl": "3900s",
"random_suffix": acctest.RandString(t, 10),
}

contextUpdated := map[string]interface{}{
"project_id": envvar.GetTestProjectFromEnv(),
"team_id": "9987654321",
"private_key_path": "test-fixtures/private-key-2.p8",
"token_ttl": "7200s",
// Bundle ID needs to be the same between updates but different between tests
"random_suffix": context["random_suffix"],
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
ExternalProviders: map[string]resource.ExternalProvider{
"random": {},
"time": {},
},
Steps: []resource.TestStep{
{
Config: testAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigFullExample(context),
},
{
ResourceName: "google_firebase_app_check_device_check_config.default",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"private_key", "app_id"},
},
{
Config: testAccFirebaseAppCheckDeviceCheckConfig_firebaseAppCheckDeviceCheckConfigFullExample(contextUpdated),
},
{
ResourceName: "google_firebase_app_check_device_check_config.default",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"private_key", "app_id"},
},
},
})
}
<% end -%>
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN PRIVATE KEY-----
MIICWwIBAAKBgQCVA/2LQtUYJI8KlNHWzNPzGzVv01qavSbmuW0QYjshxRnXDBk+
fWZePJAmsyuhU4Y2SkM5Wqvgjo/rDPaRPdTiEtKQuNesRgQeOVmAWDkIXEiieTwb
RYuXbdpZhH86Vt6xOMt14tGPKE5VuuySvTqgQRCvRTylrF3koBc0d/8NVQIDAQAB
AoGAG7qBXH+ULYjoAR0OKv00V2FxwRxAGNknuvk4HTtaK3+Evmpm7CTjfpegb0MZ
1Ew5hjKtbae8oe2FRETGQOKTkS68I/D9PGP4aTzmSkf6PjwXwhlBYp09xxv4nmxV
BCbsoicNMvdk0F7SPblnZBO9i0DpZ8pT9wyPo8QzWBfi5IECQQD8gIOja3Zim4R9
HVL7Blvhzhl2ibuITV2PKfQ11v0a+Om+rZKwdrhxKgWoguDvvP7ExWSPTZJKSm0J
bzhU+APhAkEAlxR3fY+zSpxHaxbOqZ6cea5cZtyHcX607nW8N037yBErIjcJKL65
gHx9Vq1Xo24o4C6kyzmh00BnkyXul4439QJAPWvtmaUcaSQ3eE/XzaRgWW9PFlyu
t5tKNPcZprcjXppKEc4bLr3SZAS616DuoqKwvqDds1ZFTbkJCRB6/YBPQQJAeyGG
JYKJyKRIHMJw2pNXymBOFNNlXB29jp/ML3LSYwODGRar01ZmT46mhI8wXxV4IQZC
7xLgjhDumWIP69tQRQJAfuOy4TP2drxNI7fP7YenV1ks6CiLHcBN04f6NItWilTN
Cc+Mv/rio9xO56Yp9oePMaFT9QEzfO/cqX6QvyfblQ==
-----END PRIVATE KEY-----
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN PRIVATE KEY-----
MIICXAIBAAKBgG3vDegwb8uUvns/Iuodo/cNK0eMHxqb+2n16dQnxL7az+ShNWKQ
jTSzXY5y4VexrTdPEU5ZiTPONZXyl4/iFvOnyFxnC6Zjyr+xeIU5X4TmjYq0yCuZ
xbovAWw+E4KUKt1V62avd+hGZHPtCKLfV/uYITG7I8R+GyEAdMoaXP8JAgMBAAEC
gYBsQFf7aabMWx3uks84phNNNOSHQY1nUG2Te5nTVY3BOgo44h2Ffz3sxSq9GJaZ
GdatfehWtIgMQWQ20Xk5L7LUzSxmndHbUIzYU17xZrAsgmjYTwvAQ13If2L6S+pz
EUbTLkMnlbAgvtJ2AqZZZ3LE41N9ey60gVB1cCu9fCXLuQJBANAeoDXXvh7nXdyN
Zd84zXpSk8SLmAmQn1JB7z3oPkrZ0dG42GMOzYw9MP8n2bATHV+OB0/gdUFJAYYp
kwz+bJ8CQQCHObHelAlkH3or+JVECpovNMHs2UGB6yF1ZX0Nep3iR90fhi3BsnVo
IQGdHlQC2NL+iaBF4Mv2/dfZTen1vMtXAkEAk7+KQW8+G7ZpXjBLyCMNTO/e08O+
VdwEH2OLsslzn7PvTxIJHJnfttWiOSJTWrrXOYUdD8nrtENd/574NFtTRQJAaExD
uJ0NsT/mB0wwNM7IpWhXusrHD+G/aMDidyb/56vuDYZ8fE2c6LesevcNbTS3aMPV
7o+4QcUAWwcRUQxQ+QJBAJEAwwzFnLJtrFYEnz7YNufgjiMrX7CBJCwrXGZpZrHX
EdDDOGiLrm871hc3tNQWmzou9AFIwZFeIOXVdIHIQzk=
-----END PRIVATE KEY-----

0 comments on commit 380c780

Please sign in to comment.