Skip to content

Commit

Permalink
feat: add iframe parameter to security settings (#907)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lechnerc77
lechnerc77 authored Sep 24, 2024
1 parent 72e0719 commit fa69c8d
Show file tree
Hide file tree
Showing 42 changed files with 4,236 additions and 756 deletions.
1 change: 1 addition & 0 deletions docs/data-sources/globalaccount_security_settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,6 @@ data "btp_globalaccount_security_settings" "this" {}
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The global account's default identity provider for platform users. Used to log on to platform tools such as SAP BTP cockpit or the btp CLI.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.
1 change: 1 addition & 0 deletions docs/data-sources/subaccount_security_settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,6 @@ data "btp_subaccount_security_settings" "subaccount" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The subaccount's default identity provider for business application users.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.
23 changes: 19 additions & 4 deletions docs/resources/globalaccount_security_settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,16 @@ __Further documentation:__

```terraform
resource "btp_globalaccount_security_settings" "this" {
default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"
access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600
treat_users_with_same_email_as_same_user = true
custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]
iframe_domains = ["https://yourdomain.test"]
}
```

Expand All @@ -44,7 +46,20 @@ resource "btp_globalaccount_security_settings" "this" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The global account's default identity provider for platform users. Used to log on to platform tools such as SAP BTP cockpit or the btp CLI.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.

### Read-Only

- `id` (String, Deprecated) The ID of the security settings used for import operations.

## Import

Import is supported using the following syntax:

```terraform
# terraform import btp_globalaccount_security_settings.<resource_name> '<globalaccount_subdomain>'
terraform import btp_globalaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
```
27 changes: 21 additions & 6 deletions docs/resources/subaccount_security_settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,19 @@ __Further documentation:__
## Example Usage

```terraform
resource "btp_subaccount_security_settings" "subaccount" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
resource "btp_subaccount_security_settings" "sec_setting" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"
access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600
treat_users_with_same_email_as_same_user = true
custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]
iframe_domains = "https://yourdomain.test"
}
```

Expand All @@ -50,7 +52,20 @@ resource "btp_subaccount_security_settings" "subaccount" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The subaccount's default identity provider for business application users.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.

### Read-Only

- `id` (String, Deprecated) The ID of the security settings used for import operations.

## Import

Import is supported using the following syntax:

```terraform
# terraform import btp_subaccount_security_settings.<resource_name> '<subaccount_id>'
terraform import btp_subaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
```
3 changes: 3 additions & 0 deletions examples/resources/btp_globalaccount_security_settings/import.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# terraform import btp_globalaccount_security_settings.<resource_name> '<globalaccount_subdomain>'

terraform import btp_globalaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
10 changes: 6 additions & 4 deletions examples/resources/btp_globalaccount_security_settings/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
resource "btp_globalaccount_security_settings" "this" {
default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = ["https://yourdomain.test"]
}
3 changes: 3 additions & 0 deletions examples/resources/btp_subaccount_security_settings/import.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# terraform import btp_subaccount_security_settings.<resource_name> '<subaccount_id>'

terraform import btp_subaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
14 changes: 8 additions & 6 deletions examples/resources/btp_subaccount_security_settings/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
resource "btp_subaccount_security_settings" "subaccount" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
resource "btp_subaccount_security_settings" "sec_setting" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"

default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = "https://yourdomain.test"
}
10 changes: 4 additions & 6 deletions examples/resources/certificate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,24 @@ import (
"github.com/SAP/terraform-provider-btp/internal/tfutils"
)


func main() {
err := tfutils.GenerateCertificate()

if err!=nil{
if err != nil {
fmt.Printf("Error generating a certificate : %s", err)
return
return
}

data, err := os.ReadFile("cert.pem")
if err != nil {
fmt.Printf("Error reading the certificate : %s", err)
return
return
}

pemString := string(data)

output := map[string]string{
"certificate": pemString,
"certificate": pemString,
}

if err := json.NewEncoder(os.Stdout).Encode(output); err != nil {
Expand All @@ -42,4 +41,3 @@ func main() {
}

}

11 changes: 9 additions & 2 deletions guides/DRIFTDETECTION.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,21 +23,28 @@ The following overview list des resources and their support for drift detection
| Resource | Drift Detection Support | Comments |
|--- |--- |--- |
| btp_directory | Yes | - |
| btp_directory_api_credential | No | - |
| btp_directory_entitlement | Yes | - |
| btp_directory_role | Yes | - |
| btp_directory_role_collection | Yes | - |
| btp_directory_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_globalaccount_api_credential | No | - |
| btp_globalaccount_resource_provider | Yes | - |
| btp_globalaccount_role | Yes | - |
| btp_globalaccount_role_collection | Yes | - |
| btp_globalaccount_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_globalaccount_security_settings | No | READ capability of resource not available |
| btp_globalaccount_security_settings | Yes | - |
| btp_globalaccount_trust_configuration | Yes | - |
| btp_subaccount | Yes | - |
| btp_subaccount_api_credential | No | - |
| btp_subaccount_entitlement | Yes | - |
| btp_subaccount_environment_instance | Yes | - |
| btp_subaccount_role | Yes | - |
| btp_subaccount_role_collection | Yes | - |
| btp_subaccount_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_subaccount_security_settings | No | READ capability of resource not available |
| btp_subaccount_security_settings | Yes | - |
| btp_subaccount_service_binding | Yes | - |
| btp_subaccount_service_broker | Yes | - |
| btp_subaccount_service_instance | Yes with restrictions | The parameters defined via `parameters` are not tracked due to missing READ functionality depending on the service offering configuration |
| btp_subaccount_subscription | Yes | - |
| btp_subaccount_trust_configuration | Yes | - |
Expand Down
13 changes: 10 additions & 3 deletions guides/IMPORT.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,31 @@ To get a quick overview of the resources and if they support the import function

The following list provides an overview of the resources and their support for the import functionality (state: 09.04.2024)

| Resource | Drift Detection Support
| Resource | Import Support
|--- |---
| btp_directory | Yes
| btp_directory_api_credential | No
| btp_directory_entitlement | Yes
| btp_directory_role | Yes
| btp_directory_role_collection | Yes
| btp_directory_role_collection_assignment | No
| btp_globalaccount_api_credential | No
| btp_globalaccount_resource_provider | Yes
| btp_globalaccount_role | Yes
| btp_globalaccount_role_collection | Yes
| btp_globalaccount_role_collection_assignment | No
| btp_globalaccount_security_settings | No
| btp_globalaccount_security_settings | Yes
| btp_globalaccount_trust_configuration | Yes
| btp_subaccount | Yes
| btp_subaccount_api_credential | No
| btp_subaccount_entitlement | Yes
| btp_subaccount_environment_instance | Yes
| btp_subaccount_role | Yes
| btp_subaccount_role_collection | Yes
| btp_subaccount_role_collection_assignment | No
| btp_subaccount_security_settings | No
| btp_subaccount_security_settings | Yes
| btp_subaccount_service_binding | Yes
| btp_subaccount_service_broker | Yes
| btp_subaccount_service_instance | Yes with restrictions (see [documentation](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_service_instance#restriction))
| btp_subaccount_subscription | Yes
| btp_subaccount_trust_configuration | Yes
2 changes: 1 addition & 1 deletion internal/btpcli/client_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,7 @@ func simulateV2Call(t *testing.T, config v2SimulationConfig) {
w.Header().Add(key, value)
}
w.WriteHeader(config.srvReturnStatus)
fmt.Fprintf(w,"%s",config.srvReturnContent)
fmt.Fprintf(w, "%s", config.srvReturnContent)
}
}))
defer srv.Close()
Expand Down
24 changes: 12 additions & 12 deletions internal/btpcli/facade_security_api_credential.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ func (f *securityApiCredentialFacade) getCommand() string {
}

type ApiCredentialInput struct {
Subaccount string `btpcli:"subaccount"`
Directory string `btpcli:"directory"`
GlobalAccount string `btpcli:"globalAccount"`
Name string `btpcli:"name,omitempty"`
Certificate string `btpcli:"certificate,omitempty"`
ReadOnly bool `btpcli:"readOnly,omitempty"`
Subaccount string `btpcli:"subaccount"`
Directory string `btpcli:"directory"`
GlobalAccount string `btpcli:"globalAccount"`
Name string `btpcli:"name,omitempty"`
Certificate string `btpcli:"certificate,omitempty"`
ReadOnly bool `btpcli:"readOnly,omitempty"`
}

func (f *securityApiCredentialFacade) CreateBySubaccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {
Expand Down Expand Up @@ -89,7 +89,7 @@ func (f *securityApiCredentialFacade) GetByDirectory(ctx context.Context, args *
}

func (f *securityApiCredentialFacade) CreateByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)
Expand All @@ -102,9 +102,9 @@ func (f *securityApiCredentialFacade) CreateByGlobalAccount(ctx context.Context,
}

func (f *securityApiCredentialFacade) DeleteByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)

if err != nil {
Expand All @@ -115,14 +115,14 @@ func (f *securityApiCredentialFacade) DeleteByGlobalAccount(ctx context.Context,
}

func (f *securityApiCredentialFacade) GetByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)

if err != nil {
return xsuaa_api.ApiCredentialSubaccount{}, CommandResponse{}, err
}

return doExecute[xsuaa_api.ApiCredentialSubaccount](f.cliClient, ctx, NewGetRequest(f.getCommand(), params))
}
}
Loading

0 comments on commit fa69c8d

Please sign in to comment.