Add oidc_token_config.issuer_mode property to projects (#221)

* add `oidc_token_config.issuer_mode` property to projects * Generate docs * set issuer_mode default to global * Regenerate docs --------- Co-authored-by: Douglas Harcourt Parsons <dglsparsons@gmail.com> Co-authored-by: Douglas Harcourt Parsons <dglsparsons@users.noreply.github.com>
vercel · Oct 24, 2024 · a62ecbc · a62ecbc
1 parent ef70c26
commit a62ecbc
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 9 deletions.
diff --git a/client/project.go b/client/project.go
@@ -16,7 +16,8 @@ type GitRepository struct {
 }
 
 type OIDCTokenConfig struct {
-	Enabled bool `json:"enabled"`
+	Enabled    bool   `json:"enabled"`
+	IssuerMode string `json:"issuerMode,omitempty"`
 }
 
 // EnvironmentVariable defines the information Vercel requires and surfaces about an environment variable

diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md
@@ -121,6 +121,10 @@ Read-Only:
 <a id="nestedatt--oidc_token_config"></a>
 ### Nested Schema for `oidc_token_config`
 
+Optional:
+
+- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`
+
 Read-Only:
 
 - `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.

diff --git a/docs/resources/project.md b/docs/resources/project.md
@@ -155,6 +155,10 @@ Required:
 
 - `enabled` (Boolean) When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.
 
+Optional:
+
+- `issuer_mode` (String) Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`
+
 
 <a id="nestedatt--options_allowlist"></a>
 ### Nested Schema for `options_allowlist`

diff --git a/vercel/data_source_project.go b/vercel/data_source_project.go
@@ -232,6 +232,14 @@ For more detailed information, please see the [Vercel documentation](https://ver
 						Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
 						Computed:    true,
 					},
+					"issuer_mode": schema.StringAttribute{
+						Description: "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`",
+						Computed:    true,
+						Optional:    true,
+						Validators: []validator.String{
+							stringOneOf("team", "global"),
+						},
+					},
 				},
 			},
 			"options_allowlist": schema.SingleNestedAttribute{

diff --git a/vercel/data_source_project_test.go b/vercel/data_source_project_test.go
@@ -55,6 +55,8 @@ func TestAcc_ProjectDataSource(t *testing.T) {
 					resource.TestCheckResourceAttr("data.vercel_project.test", "skew_protection", "7 days"),
 					resource.TestCheckResourceAttr("data.vercel_project.test", "resource_config.function_default_cpu_type", "standard_legacy"),
 					resource.TestCheckResourceAttr("data.vercel_project.test", "resource_config.function_default_timeout", "30"),
+					resource.TestCheckResourceAttr("data.vercel_project.test", "oidc_token_config.enabled", "true"),
+					resource.TestCheckResourceAttr("data.vercel_project.test", "oidc_token_config.issuer_mode", "team"),
 				),
 			},
 		},
@@ -129,7 +131,11 @@ resource "vercel_project" "test" {
   }
   resource_config = {
     function_default_cpu_type = "standard_legacy"
-	function_default_timeout = 30
+    function_default_timeout = 30
+  }
+  oidc_token_config = {
+    enabled = true
+    issuer_mode = "team"
   }
 }
 

diff --git a/vercel/resource_project.go b/vercel/resource_project.go
@@ -318,13 +318,25 @@ At this time you cannot use a Vercel Project resource with in-line ` + "`environ
 						Description: "When true, Vercel issued OpenID Connect (OIDC) tokens will be available on the compute environments. See https://vercel.com/docs/security/secure-backend-access/oidc for more information.",
 						Required:    true,
 					},
+					"issuer_mode": schema.StringAttribute{
+						Optional:      true,
+						Computed:      true,
+						Default:       stringdefault.StaticString("team"),
+						Description:   "Configures the URL of the `iss` claim. `team` = `https://oidc.vercel.com/[team_slug]` `global` = `https://oidc.vercel.com`",
+						PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
+						Validators: []validator.String{
+							stringOneOf("team", "global"),
+						},
+					},
 				},
 				Default: objectdefault.StaticValue(types.ObjectValueMust(
 					map[string]attr.Type{
-						"enabled": types.BoolType,
+						"enabled":     types.BoolType,
+						"issuer_mode": types.StringType,
 					},
 					map[string]attr.Value{
-						"enabled": types.BoolValue(false),
+						"enabled":     types.BoolValue(false),
+						"issuer_mode": types.StringValue("global"),
 					},
 				)),
 			},
@@ -889,7 +901,8 @@ func (t *TrustedIps) toUpdateProjectRequest() *client.TrustedIps {
 }
 
 type OIDCTokenConfig struct {
-	Enabled types.Bool `tfsdk:"enabled"`
+	Enabled    types.Bool   `tfsdk:"enabled"`
+	IssuerMode types.String `tfsdk:"issuer_mode"`
 }
 
 func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig {
@@ -898,19 +911,22 @@ func (o *OIDCTokenConfig) toCreateProjectRequest() *client.OIDCTokenConfig {
 	}
 
 	return &client.OIDCTokenConfig{
-		Enabled: o.Enabled.ValueBool(),
+		Enabled:    o.Enabled.ValueBool(),
+		IssuerMode: o.IssuerMode.ValueString(),
 	}
 }
 
 func (o *OIDCTokenConfig) toUpdateProjectRequest() *client.OIDCTokenConfig {
 	if o == nil {
 		return &client.OIDCTokenConfig{
-			Enabled: types.BoolValue(false).ValueBool(),
+			Enabled:    types.BoolValue(false).ValueBool(),
+			IssuerMode: types.StringValue("global").ValueString(),
 		}
 	}
 
 	return &client.OIDCTokenConfig{
-		Enabled: o.Enabled.ValueBool(),
+		Enabled:    o.Enabled.ValueBool(),
+		IssuerMode: o.IssuerMode.ValueString(),
 	}
 }
 
@@ -1136,10 +1152,12 @@ func convertResponseToProject(ctx context.Context, response client.ProjectRespon
 	}
 
 	var oidcTokenConfig = &OIDCTokenConfig{
-		Enabled: types.BoolValue(false),
+		Enabled:    types.BoolValue(false),
+		IssuerMode: types.StringValue("global"),
 	}
 	if response.OIDCTokenConfig != nil {
 		oidcTokenConfig.Enabled = types.BoolValue(response.OIDCTokenConfig.Enabled)
+		oidcTokenConfig.IssuerMode = types.StringValue(response.OIDCTokenConfig.IssuerMode)
 	}
 
 	resourceConfig := &ResourceConfig{}

diff --git a/vercel/resource_project_test.go b/vercel/resource_project_test.go
@@ -81,6 +81,7 @@ func TestAcc_Project(t *testing.T) {
 					resource.TestCheckResourceAttr("vercel_project.test", "directory_listing", "true"),
 					resource.TestCheckResourceAttr("vercel_project.test", "skew_protection", "7 days"),
 					resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.enabled", "true"),
+					resource.TestCheckResourceAttr("vercel_project.test", "oidc_token_config.issuer_mode", "team"),
 				),
 			},
 			// Update testing
@@ -751,6 +752,7 @@ resource "vercel_project" "test" {
   skew_protection = "7 days"
   oidc_token_config = {
     enabled = true
+    issuer_mode = "team"
   }
   environment = [
     {