Add support for oauth and oidc tokens to cloud_scheduler_job

Signed-off-by: Modular Magician <magic-modules@google.com>
GoogleCloudPlatform · Jul 31, 2019 · ff1dc22 · ff1dc22
1 parent 407a94c
commit ff1dc22
Showing 1 changed file with 127 additions and 0 deletions.
diff --git a/google/cloudscheduler_job.go b/google/cloudscheduler_job.go
@@ -17,8 +17,53 @@ package google
 import (
 	"fmt"
 	"reflect"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
 )
 
+// Both oidc and oauth headers cannot be set
+func validateAuthHeaders(diff *schema.ResourceDiff, v interface{}) error {
+	httpBlock := diff.Get("http_target.0").(map[string]interface{})
+
+	if httpBlock != nil {
+		oauth := httpBlock["oauth_token"]
+		oidc := httpBlock["oidc_token"]
+
+		if oauth != nil && oidc != nil {
+			if len(oidc.([]interface{})) > 0 && len(oauth.([]interface{})) > 0 {
+				return fmt.Errorf("Errof in http_target: only one of oauth_token or oidc_token can be specified, but not both.")
+			}
+		}
+	}
+
+	return nil
+}
+
+func authHeaderDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
+	b := strings.Split(k, ".")
+	if b[0] == "http_target" && len(b) > 4 {
+		block := b[2]
+		attr := b[4]
+
+		if block == "oauth_token" && attr == "scope" {
+			if old == "https://www.googleapis.com/auth/cloud-platform" && new == "" {
+				return true
+			}
+		}
+
+		if block == "oidc_token" && attr == "audience" {
+			uri := d.Get(strings.Join(b[0:2], ".") + ".uri")
+			if old == uri && new == "" {
+				return true
+			}
+		}
+
+	}
+
+	return false
+}
+
 func GetCloudSchedulerJobCaiObject(d TerraformResourceData, config *Config) (Asset, error) {
 	name, err := assetName(d, config, "//cloudscheduler.googleapis.com/projects/{{project}}/locations/{{region}}/jobs/{{name}}")
 	if err != nil {
@@ -399,6 +444,20 @@ func expandCloudSchedulerJobHttpTarget(v interface{}, d TerraformResourceData, c
 		transformed["headers"] = transformedHeaders
 	}
 
+	transformedOauthToken, err := expandCloudSchedulerJobHttpTargetOauthToken(original["oauth_token"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedOauthToken); val.IsValid() && !isEmptyValue(val) {
+		transformed["oauthToken"] = transformedOauthToken
+	}
+
+	transformedOidcToken, err := expandCloudSchedulerJobHttpTargetOidcToken(original["oidc_token"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedOidcToken); val.IsValid() && !isEmptyValue(val) {
+		transformed["oidcToken"] = transformedOidcToken
+	}
+
 	return transformed, nil
 }
 
@@ -424,3 +483,71 @@ func expandCloudSchedulerJobHttpTargetHeaders(v interface{}, d TerraformResource
 	}
 	return m, nil
 }
+
+func expandCloudSchedulerJobHttpTargetOauthToken(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedServiceAccountEmail, err := expandCloudSchedulerJobHttpTargetOauthTokenServiceAccountEmail(original["service_account_email"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedServiceAccountEmail); val.IsValid() && !isEmptyValue(val) {
+		transformed["serviceAccountEmail"] = transformedServiceAccountEmail
+	}
+
+	transformedScope, err := expandCloudSchedulerJobHttpTargetOauthTokenScope(original["scope"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedScope); val.IsValid() && !isEmptyValue(val) {
+		transformed["scope"] = transformedScope
+	}
+
+	return transformed, nil
+}
+
+func expandCloudSchedulerJobHttpTargetOauthTokenServiceAccountEmail(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudSchedulerJobHttpTargetOauthTokenScope(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudSchedulerJobHttpTargetOidcToken(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedServiceAccountEmail, err := expandCloudSchedulerJobHttpTargetOidcTokenServiceAccountEmail(original["service_account_email"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedServiceAccountEmail); val.IsValid() && !isEmptyValue(val) {
+		transformed["serviceAccountEmail"] = transformedServiceAccountEmail
+	}
+
+	transformedAudience, err := expandCloudSchedulerJobHttpTargetOidcTokenAudience(original["audience"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedAudience); val.IsValid() && !isEmptyValue(val) {
+		transformed["audience"] = transformedAudience
+	}
+
+	return transformed, nil
+}
+
+func expandCloudSchedulerJobHttpTargetOidcTokenServiceAccountEmail(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudSchedulerJobHttpTargetOidcTokenAudience(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}