From 50c8207f6124556a2237a86ef38e3b7b1fb01621 Mon Sep 17 00:00:00 2001 From: Mohamed Fouad <110571142+mraouffouad@users.noreply.github.com> Date: Wed, 19 Jul 2023 22:19:58 -0400 Subject: [PATCH 1/8] Add Add BlockingFunctionsConfig, AuthorizedDomains and QuotaConfig fields to Config.yaml --- mmv1/products/identityplatform/Config.yaml | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index bd95547ce0da..ceec037f4f86 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -59,3 +59,70 @@ properties: name: 'autodeleteAnonymousUsers' description: | Whether anonymous users will be auto-deleted after a period of 30 days + - !ruby/object:Api::Type::NestedObject + name: 'blockingFunctions' + description: | + Configuration related to blocking functions. + properties: + - !ruby/object:Api::Type::Map + name: 'triggers' + required: true + description: | + Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + key_name: event_type + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'functionUri' + required: true + description: | + HTTP URI trigger for the Cloud Function. + - !ruby/object:Api::Type::Time + name: 'updateTime' + output: true + description: | + When the trigger was changed. + - !ruby/object:Api::Type::NestedObject + name: 'forwardInboundCredentials' + description: | + The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + properties: + - !ruby/object:Api::Type::Boolean + name: 'idToken' + description: | + Whether to pass the user's OIDC identity provider's ID token. + - !ruby/object:Api::Type::Boolean + name: 'accessToken' + description: | + Whether to pass the user's OAuth identity provider's access token. + - !ruby/object:Api::Type::Boolean + name: 'refreshToken' + description: | + Whether to pass the user's OAuth identity provider's refresh token. + - !ruby/object:Api::Type::NestedObject + name: 'quota' + description: | + Configuration related to quotas. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'signUpQuotaConfig' + description: | + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + properties: + - !ruby/object:Api::Type::Integer + name: 'quota' + description: | + Corresponds to the 'refill_token_count' field in QuotaServer config. + - !ruby/object:Api::Type::Time + name: 'startTime' + description: | + When this quota will take affect. + - !ruby/object:Api::Type::String + name: 'quotaDuration' + description: | + How long this quota will be active for. + - !ruby/object:Api::Type::Array + name: authorizedDomains + description: | + List of domains authorized for OAuth redirects. + item_type: Api::Type::String From 1265f245b43002c39e116b1ca23b1c858296d8de Mon Sep 17 00:00:00 2001 From: "Mohamed (Fouad) Abdelkader" Date: Thu, 20 Jul 2023 08:41:25 -0400 Subject: [PATCH 2/8] adding new fields to identity_platform_config_basic.tf.erb --- .../identity_platform_config_basic.tf.erb | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb index cdbb3ee53984..08790a2e7f2a 100644 --- a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb +++ b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb @@ -17,4 +17,25 @@ resource "google_project_service" "identitytoolkit" { resource "google_identity_platform_config" "default" { project = google_project.default.project_id autodelete_anonymous_users = true + blocking_functions { + triggers { + event_type = "beforeSignIn" + function_uri = "new_uri-before-sign-in" + } + forward_inbound_credentials { + refresh_token = true + access_token = true + id_token = true + } + } + quota { + sign_up_quota_config { + quota = 1000 + } + } + authorized_domains = [ + "localhost", + "<%= ctx[:vars]['project_id'] %>.firebaseapp.com", + "<%= ctx[:vars]['project_id'] %>.web.app", + ] } From f823890e9d721e88a15aa8fd481070a69fcc254f Mon Sep 17 00:00:00 2001 From: Mohamed Fouad <110571142+mraouffouad@users.noreply.github.com> Date: Thu, 20 Jul 2023 10:34:38 -0400 Subject: [PATCH 3/8] Update Config.yaml Temporarily enable VCR to run the tests. Also, provide a more user's friendly desc for the quota field. --- mmv1/products/identityplatform/Config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index ceec037f4f86..2152fa3eb8df 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -46,7 +46,7 @@ examples: billing_acct: :BILLING_ACCT # Resource creation race - skip_vcr: true + #skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' properties: @@ -112,7 +112,7 @@ properties: - !ruby/object:Api::Type::Integer name: 'quota' description: | - Corresponds to the 'refill_token_count' field in QuotaServer config. + A sign up APIs quota that customers can override temporarily. - !ruby/object:Api::Type::Time name: 'startTime' description: | From 794ac172a21721ea0b226133ef01895a627f2127 Mon Sep 17 00:00:00 2001 From: "Mohamed (Fouad) Abdelkader" Date: Sun, 23 Jul 2023 15:09:30 -0400 Subject: [PATCH 4/8] Fix the failing test --- mmv1/products/identityplatform/Config.yaml | 6 ++++-- .../examples/identity_platform_config_basic.tf.erb | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index 2152fa3eb8df..b40653a78b13 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -46,7 +46,9 @@ examples: billing_acct: :BILLING_ACCT # Resource creation race - #skip_vcr: true + test_vars_overrides: + quota_start_time: 'time.Now()' + skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' properties: @@ -120,7 +122,7 @@ properties: - !ruby/object:Api::Type::String name: 'quotaDuration' description: | - How long this quota will be active for. + How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". - !ruby/object:Api::Type::Array name: authorizedDomains description: | diff --git a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb index 08790a2e7f2a..d52821b1a20e 100644 --- a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb +++ b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb @@ -31,6 +31,7 @@ resource "google_identity_platform_config" "default" { quota { sign_up_quota_config { quota = 1000 + start_time = "<%= ctx[:vars]['quota_start_time'] %>" } } authorized_domains = [ From 0445fcaccc7f584ac095e4e53f88d7920b153b09 Mon Sep 17 00:00:00 2001 From: Mohamed Fouad <110571142+mraouffouad@users.noreply.github.com> Date: Sun, 23 Jul 2023 23:08:44 -0400 Subject: [PATCH 5/8] Update Config.yaml Fix the quota start_time format. --- mmv1/products/identityplatform/Config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index b40653a78b13..cb43785736e0 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -47,7 +47,7 @@ examples: :BILLING_ACCT # Resource creation race test_vars_overrides: - quota_start_time: 'time.Now()' + quota_start_time: 'time.Now().UTC()' skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' From d9d3d565e166a202f5f34909c8e6371d74b1aacf Mon Sep 17 00:00:00 2001 From: "Mohamed (Fouad) Abdelkader" Date: Tue, 25 Jul 2023 23:13:34 -0400 Subject: [PATCH 6/8] Attempt 2: Fix the failing test --- mmv1/products/identityplatform/Config.yaml | 3 ++- .../terraform/examples/identity_platform_config_basic.tf.erb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index cb43785736e0..09f298d8c999 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -47,7 +47,8 @@ examples: :BILLING_ACCT # Resource creation race test_vars_overrides: - quota_start_time: 'time.Now().UTC()' + # Set quota start time for the following day. + quota_start_time: 'time.Now().AddDate(0, 0, 1).Format(time.RFC3339)' skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' diff --git a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb index d52821b1a20e..9880802797c2 100644 --- a/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb +++ b/mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb @@ -20,7 +20,7 @@ resource "google_identity_platform_config" "default" { blocking_functions { triggers { event_type = "beforeSignIn" - function_uri = "new_uri-before-sign-in" + function_uri = "https://us-east1-<%= ctx[:vars]['project_id'] %>.cloudfunctions.net/before-sign-in" } forward_inbound_credentials { refresh_token = true @@ -32,6 +32,7 @@ resource "google_identity_platform_config" "default" { sign_up_quota_config { quota = 1000 start_time = "<%= ctx[:vars]['quota_start_time'] %>" + quota_duration = "7200s" } } authorized_domains = [ From 9b8666c9e9c442d8380a003cc08d63478dc3c346 Mon Sep 17 00:00:00 2001 From: Mohamed Fouad <110571142+mraouffouad@users.noreply.github.com> Date: Wed, 26 Jul 2023 12:15:17 -0400 Subject: [PATCH 7/8] Update Config.yaml Enabling VCR. --- mmv1/products/identityplatform/Config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index 09f298d8c999..5ab5f82e2fec 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -49,7 +49,7 @@ examples: test_vars_overrides: # Set quota start time for the following day. quota_start_time: 'time.Now().AddDate(0, 0, 1).Format(time.RFC3339)' - skip_vcr: true + #skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' properties: From cdf50d6d7137e0226a684c8ce7b4e42c4798ba10 Mon Sep 17 00:00:00 2001 From: Mohamed Fouad <110571142+mraouffouad@users.noreply.github.com> Date: Thu, 27 Jul 2023 22:12:56 -0400 Subject: [PATCH 8/8] Update Config.yaml Re-enable skip_vcr due to hashicorp/terraform-provider-google#14158. --- mmv1/products/identityplatform/Config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml index 5ab5f82e2fec..09f298d8c999 100644 --- a/mmv1/products/identityplatform/Config.yaml +++ b/mmv1/products/identityplatform/Config.yaml @@ -49,7 +49,7 @@ examples: test_vars_overrides: # Set quota start time for the following day. quota_start_time: 'time.Now().AddDate(0, 0, 1).Format(time.RFC3339)' - #skip_vcr: true + skip_vcr: true custom_code: !ruby/object:Provider::Terraform::CustomCode custom_create: 'templates/terraform/custom_create/identity_platform_config.go' properties: