Add new terraform field

GoogleCloudPlatform · Aug 22, 2023 · 73d26ed · 73d26ed
1 parent cdabb6f
commit 73d26ed
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml b/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml
@@ -312,3 +312,10 @@ properties:
             values:
               - :MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
               - :ONLY_ID_TOKEN_CLAIMS
+          - !ruby/object:Api::Type::Array
+            name: additionalScopes
+            description: |
+              Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
+              Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
+            required: false
+            item_type: Api::Type::String
diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_basic.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_basic.tf.erb
@@ -22,6 +22,7 @@ resource "google_iam_workforce_pool_provider" "<%= ctx[:primary_resource_id] %>"
     web_sso_config {
       response_type             = "CODE"
       assertion_claims_behavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"
+      additional_scopes         = "groups"
     }
   }
 }
diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_provider_oidc_full.tf.erb
@@ -22,6 +22,7 @@ resource "google_iam_workforce_pool_provider" "<%= ctx[:primary_resource_id] %>"
     web_sso_config {
       response_type             = "CODE"
       assertion_claims_behavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"
+      additional_scopes         = "groups"
     }
   }
   display_name        = "Display name"