Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add BlockingFunctionsConfig, RecaptchaConfig and QuotaConfig fields to identityplatform config #8402

Merged
merged 8 commits into from
Jul 28, 2023
Merged

Add BlockingFunctionsConfig, RecaptchaConfig and QuotaConfig fields to identityplatform config #8402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
50c8207
Add Add BlockingFunctionsConfig, AuthorizedDomains and QuotaConfig fi…
mraouffouad Jul 20, 2023
1265f24
adding new fields to identity_platform_config_basic.tf.erb
mraouffouad Jul 20, 2023
f823890
Update Config.yaml
mraouffouad Jul 20, 2023
794ac17
Fix the failing test
mraouffouad Jul 23, 2023
0445fca
Update Config.yaml
mraouffouad Jul 24, 2023
d9d3d56
Attempt 2: Fix the failing test
mraouffouad Jul 26, 2023
9b8666c
Update Config.yaml Enabling VCR.
mraouffouad Jul 26, 2023
cdf50d6
Update Config.yaml
mraouffouad Jul 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions mmv1/products/identityplatform/Config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ examples:
billing_acct:
:BILLING_ACCT
# Resource creation race
test_vars_overrides:
# Set quota start time for the following day.
quota_start_time: 'time.Now().AddDate(0, 0, 1).Format(time.RFC3339)'
skip_vcr: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
custom_create: 'templates/terraform/custom_create/identity_platform_config.go'
Expand All @@ -59,3 +62,70 @@ properties:
name: 'autodeleteAnonymousUsers'
description: |
Whether anonymous users will be auto-deleted after a period of 30 days
- !ruby/object:Api::Type::NestedObject
name: 'blockingFunctions'
description: |
Configuration related to blocking functions.
properties:
- !ruby/object:Api::Type::Map
name: 'triggers'
required: true
description: |
Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn".
key_name: event_type
value_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'functionUri'
required: true
description: |
HTTP URI trigger for the Cloud Function.
- !ruby/object:Api::Type::Time
name: 'updateTime'
output: true
description: |
When the trigger was changed.
- !ruby/object:Api::Type::NestedObject
name: 'forwardInboundCredentials'
description: |
The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.
properties:
- !ruby/object:Api::Type::Boolean
name: 'idToken'
description: |
Whether to pass the user's OIDC identity provider's ID token.
- !ruby/object:Api::Type::Boolean
name: 'accessToken'
description: |
Whether to pass the user's OAuth identity provider's access token.
- !ruby/object:Api::Type::Boolean
name: 'refreshToken'
description: |
Whether to pass the user's OAuth identity provider's refresh token.
- !ruby/object:Api::Type::NestedObject
name: 'quota'
description: |
Configuration related to quotas.
properties:
- !ruby/object:Api::Type::NestedObject
name: 'signUpQuotaConfig'
description: |
Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.
properties:
- !ruby/object:Api::Type::Integer
name: 'quota'
description: |
A sign up APIs quota that customers can override temporarily.
- !ruby/object:Api::Type::Time
name: 'startTime'
description: |
When this quota will take affect.
- !ruby/object:Api::Type::String
name: 'quotaDuration'
description: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also add an example of how to structure the duration string? E.g.

magic-modules/mmv1/products/alloydb/Cluster.yaml

Line 171 in 31547b0

A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s".
- !ruby/object:Api::Type::Array
name: authorizedDomains
description: |
List of domains authorized for OAuth redirects.
item_type: Api::Type::String
23 changes: 23 additions & 0 deletions mmv1/templates/terraform/examples/identity_platform_config_basic.tf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,27 @@ resource "google_project_service" "identitytoolkit" {
resource "google_identity_platform_config" "default" {
project = google_project.default.project_id
autodelete_anonymous_users = true
blocking_functions {
triggers {
event_type = "beforeSignIn"
function_uri = "https://us-east1-<%= ctx[:vars]['project_id'] %>.cloudfunctions.net/before-sign-in"
}
forward_inbound_credentials {
refresh_token = true
access_token = true
id_token = true
}
}
quota {
sign_up_quota_config {
quota = 1000
start_time = "<%= ctx[:vars]['quota_start_time'] %>"
quota_duration = "7200s"
}
}
authorized_domains = [
"localhost",
"<%= ctx[:vars]['project_id'] %>.firebaseapp.com",
"<%= ctx[:vars]['project_id'] %>.web.app",
]
}