diff --git a/.changelog/9077.txt b/.changelog/9077.txt
new file mode 100644
index 00000000000..72f7dcae12f
--- /dev/null
+++ b/.changelog/9077.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+identityplatform: added `sms_region_config` to the resource `google_identity_platform_config`
+```
diff --git a/google/services/identityplatform/resource_identity_platform_config.go b/google/services/identityplatform/resource_identity_platform_config.go
index 4703923f911..e72f344d6fb 100644
--- a/google/services/identityplatform/resource_identity_platform_config.go
+++ b/google/services/identityplatform/resource_identity_platform_config.go
@@ -268,6 +268,54 @@ email/password or email link.`,
},
},
},
+ "sms_region_config": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "allow_by_default": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "disallowed_regions": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ ExactlyOneOf: []string{"sms_region_config.0.allow_by_default", "sms_region_config.0.allowlist_only"},
+ },
+ "allowlist_only": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `A policy of only allowing regions by explicitly adding them to an allowlist.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "allowed_regions": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ ExactlyOneOf: []string{"sms_region_config.0.allow_by_default", "sms_region_config.0.allowlist_only"},
+ },
+ },
+ },
+ },
"name": {
Type: schema.TypeString,
Computed: true,
@@ -399,6 +447,9 @@ func resourceIdentityPlatformConfigRead(d *schema.ResourceData, meta interface{}
if err := d.Set("authorized_domains", flattenIdentityPlatformConfigAuthorizedDomains(res["authorizedDomains"], d, config)); err != nil {
return fmt.Errorf("Error reading Config: %s", err)
}
+ if err := d.Set("sms_region_config", flattenIdentityPlatformConfigSmsRegionConfig(res["smsRegionConfig"], d, config)); err != nil {
+ return fmt.Errorf("Error reading Config: %s", err)
+ }
return nil
}
@@ -449,6 +500,12 @@ func resourceIdentityPlatformConfigUpdate(d *schema.ResourceData, meta interface
} else if v, ok := d.GetOkExists("authorized_domains"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, authorizedDomainsProp)) {
obj["authorizedDomains"] = authorizedDomainsProp
}
+ smsRegionConfigProp, err := expandIdentityPlatformConfigSmsRegionConfig(d.Get("sms_region_config"), d, config)
+ if err != nil {
+ return err
+ } else if v, ok := d.GetOkExists("sms_region_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, smsRegionConfigProp)) {
+ obj["smsRegionConfig"] = smsRegionConfigProp
+ }
url, err := tpgresource.ReplaceVars(d, config, "{{IdentityPlatformBasePath}}projects/{{project}}/config")
if err != nil {
@@ -477,6 +534,10 @@ func resourceIdentityPlatformConfigUpdate(d *schema.ResourceData, meta interface
if d.HasChange("authorized_domains") {
updateMask = append(updateMask, "authorizedDomains")
}
+
+ if d.HasChange("sms_region_config") {
+ updateMask = append(updateMask, "smsRegionConfig")
+ }
// updateMask is a URL parameter but not present in the schema, so ReplaceVars
// won't set it
url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
@@ -827,6 +888,55 @@ func flattenIdentityPlatformConfigAuthorizedDomains(v interface{}, d *schema.Res
return v
}
+func flattenIdentityPlatformConfigSmsRegionConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["allow_by_default"] =
+ flattenIdentityPlatformConfigSmsRegionConfigAllowByDefault(original["allowByDefault"], d, config)
+ transformed["allowlist_only"] =
+ flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnly(original["allowlistOnly"], d, config)
+ return []interface{}{transformed}
+}
+func flattenIdentityPlatformConfigSmsRegionConfigAllowByDefault(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["disallowed_regions"] =
+ flattenIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(original["disallowedRegions"], d, config)
+ return []interface{}{transformed}
+}
+func flattenIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnly(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["allowed_regions"] =
+ flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(original["allowedRegions"], d, config)
+ return []interface{}{transformed}
+}
+func flattenIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
func expandIdentityPlatformConfigAutodeleteAnonymousUsers(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
@@ -1225,3 +1335,75 @@ func expandIdentityPlatformConfigQuotaSignUpQuotaConfigQuotaDuration(v interface
func expandIdentityPlatformConfigAuthorizedDomains(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
+
+func expandIdentityPlatformConfigSmsRegionConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedAllowByDefault, err := expandIdentityPlatformConfigSmsRegionConfigAllowByDefault(original["allow_by_default"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedAllowByDefault); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["allowByDefault"] = transformedAllowByDefault
+ }
+
+ transformedAllowlistOnly, err := expandIdentityPlatformConfigSmsRegionConfigAllowlistOnly(original["allowlist_only"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedAllowlistOnly); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["allowlistOnly"] = transformedAllowlistOnly
+ }
+
+ return transformed, nil
+}
+
+func expandIdentityPlatformConfigSmsRegionConfigAllowByDefault(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedDisallowedRegions, err := expandIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(original["disallowed_regions"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedDisallowedRegions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["disallowedRegions"] = transformedDisallowedRegions
+ }
+
+ return transformed, nil
+}
+
+func expandIdentityPlatformConfigSmsRegionConfigAllowByDefaultDisallowedRegions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandIdentityPlatformConfigSmsRegionConfigAllowlistOnly(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedAllowedRegions, err := expandIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(original["allowed_regions"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedAllowedRegions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["allowedRegions"] = transformedAllowedRegions
+ }
+
+ return transformed, nil
+}
+
+func expandIdentityPlatformConfigSmsRegionConfigAllowlistOnlyAllowedRegions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
diff --git a/google/services/identityplatform/resource_identity_platform_config_generated_test.go b/google/services/identityplatform/resource_identity_platform_config_generated_test.go
index 034aabbd0f0..a6eba9a3c89 100644
--- a/google/services/identityplatform/resource_identity_platform_config_generated_test.go
+++ b/google/services/identityplatform/resource_identity_platform_config_generated_test.go
@@ -91,6 +91,14 @@ resource "google_identity_platform_config" "default" {
}
}
}
+ sms_region_config {
+ allowlist_only {
+ allowed_regions = [
+ "US",
+ "CA",
+ ]
+ }
+ }
blocking_functions {
triggers {
event_type = "beforeSignIn"
diff --git a/google/services/identityplatform/resource_identity_platform_config_test.go b/google/services/identityplatform/resource_identity_platform_config_test.go
index d06ef3ad03a..ce42523897c 100644
--- a/google/services/identityplatform/resource_identity_platform_config_test.go
+++ b/google/services/identityplatform/resource_identity_platform_config_test.go
@@ -84,6 +84,14 @@ resource "google_identity_platform_config" "basic" {
}
}
}
+ sms_region_config {
+ allow_by_default {
+ disallowed_regions = [
+ "CA",
+ "US",
+ ]
+ }
+ }
}
`, context)
}
@@ -124,6 +132,14 @@ resource "google_identity_platform_config" "basic" {
}
}
}
+ sms_region_config {
+ allowlist_only {
+ allowed_regions = [
+ "AU",
+ "NZ",
+ ]
+ }
+ }
}
`, context)
}
diff --git a/website/docs/r/identity_platform_config.html.markdown b/website/docs/r/identity_platform_config.html.markdown
index c09dcf2b6b8..7b09bf9e49c 100644
--- a/website/docs/r/identity_platform_config.html.markdown
+++ b/website/docs/r/identity_platform_config.html.markdown
@@ -73,6 +73,14 @@ resource "google_identity_platform_config" "default" {
}
}
}
+ sms_region_config {
+ allowlist_only {
+ allowed_regions = [
+ "US",
+ "CA",
+ ]
+ }
+ }
blocking_functions {
triggers {
event_type = "beforeSignIn"
@@ -131,6 +139,11 @@ The following arguments are supported:
(Optional)
List of domains authorized for OAuth redirects.
+* `sms_region_config` -
+ (Optional)
+ Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.
+ Structure is [documented below](#nested_sms_region_config).
+
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
@@ -273,6 +286,31 @@ The following arguments are supported:
(Optional)
How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s".
+The `sms_region_config` block supports:
+
+* `allow_by_default` -
+ (Optional)
+ A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.
+ Structure is [documented below](#nested_allow_by_default).
+
+* `allowlist_only` -
+ (Optional)
+ A policy of only allowing regions by explicitly adding them to an allowlist.
+ Structure is [documented below](#nested_allowlist_only).
+
+
+The `allow_by_default` block supports:
+
+* `disallowed_regions` -
+ (Optional)
+ Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
+
+The `allowlist_only` block supports:
+
+* `allowed_regions` -
+ (Optional)
+ Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
+
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported: