Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add iframe parameter to security settings #907

Merged
merged 13 commits into from
Sep 24, 2024
Merged

feat: add iframe parameter to security settings #907

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1a12f13
feat: add ifrmae to security settings
lechnerc77 Sep 18, 2024
57c880b
feat: add docs and execute fmt
lechnerc77 Sep 18, 2024
9a5f424
feat: test recording resource subaccount
lechnerc77 Sep 18, 2024
08cae59
feat: iframe in security settings
lechnerc77 Sep 19, 2024
6f537ec
feat: iframe test recording
lechnerc77 Sep 19, 2024
5574178
feat: update of guides
lechnerc77 Sep 19, 2024
548833d
feat: Changes in docs
lechnerc77 Sep 19, 2024
7fe14de
docs: typo
lechnerc77 Sep 19, 2024
a6021be
feat: add validation of input for iframes
lechnerc77 Sep 23, 2024
beb3dd6
fix: recording of test fixtures
lechnerc77 Sep 24, 2024
4b6051f
docs: fix wrong example
lechnerc77 Sep 24, 2024
b49efba
fix: data source attribute classification
lechnerc77 Sep 24, 2024
3ffcb05
fix: test setup
lechnerc77 Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/data-sources/globalaccount_security_settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,6 @@ data "btp_globalaccount_security_settings" "this" {}
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The global account's default identity provider for platform users. Used to log on to platform tools such as SAP BTP cockpit or the btp CLI.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.
1 change: 1 addition & 0 deletions docs/data-sources/subaccount_security_settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,6 @@ data "btp_subaccount_security_settings" "subaccount" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The subaccount's default identity provider for business application users.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.
23 changes: 19 additions & 4 deletions docs/resources/globalaccount_security_settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,16 @@ __Further documentation:__

```terraform
resource "btp_globalaccount_security_settings" "this" {
default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = ["https://yourdomain.test"]
}
```

Expand All @@ -44,7 +46,20 @@ resource "btp_globalaccount_security_settings" "this" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The global account's default identity provider for platform users. Used to log on to platform tools such as SAP BTP cockpit or the btp CLI.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.

### Read-Only

- `id` (String, Deprecated) The ID of the security settings used for import operations.

## Import

Import is supported using the following syntax:

```terraform
# terraform import btp_globalaccount_security_settings.<resource_name> '<globalaccount_subdomain>'

terraform import btp_globalaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
```
27 changes: 21 additions & 6 deletions docs/resources/subaccount_security_settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,19 @@ __Further documentation:__
## Example Usage

```terraform
resource "btp_subaccount_security_settings" "subaccount" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
resource "btp_subaccount_security_settings" "sec_setting" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"

default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = "https://yourdomain.test"
}
```

Expand All @@ -50,7 +52,20 @@ resource "btp_subaccount_security_settings" "subaccount" {
- `access_token_validity` (Number) The validity of the access token.
- `custom_email_domains` (Set of String) Set of domains that are allowed to be used for user authentication.
- `default_identity_provider` (String) The subaccount's default identity provider for business application users.
- `iframe_domains` (String) The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.
- `refresh_token_validity` (Number) The validity of the refresh token.
- `treat_users_with_same_email_as_same_user` (Boolean) If set to true, users with the same email are treated as same users.

### Read-Only

- `id` (String, Deprecated) The ID of the security settings used for import operations.

## Import

Import is supported using the following syntax:

```terraform
# terraform import btp_subaccount_security_settings.<resource_name> '<subaccount_id>'

terraform import btp_subaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
```
3 changes: 3 additions & 0 deletions examples/resources/btp_globalaccount_security_settings/import.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# terraform import btp_globalaccount_security_settings.<resource_name> '<globalaccount_subdomain>'

terraform import btp_globalaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
10 changes: 6 additions & 4 deletions examples/resources/btp_globalaccount_security_settings/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
resource "btp_globalaccount_security_settings" "this" {
default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = ["https://yourdomain.test"]
}
3 changes: 3 additions & 0 deletions examples/resources/btp_subaccount_security_settings/import.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# terraform import btp_subaccount_security_settings.<resource_name> '<subaccount_id>'

terraform import btp_subaccount_security_settings.sec_setting '6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f'
14 changes: 8 additions & 6 deletions examples/resources/btp_subaccount_security_settings/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
resource "btp_subaccount_security_settings" "subaccount" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"
resource "btp_subaccount_security_settings" "sec_setting" {
subaccount_id = "6aa64c2f-38c1-49a9-b2e8-cf9fea769b7f"

default_identity_provider = "sap.custom"
default_identity_provider = "sap.custom"

access_token_validity = 3600
refresh_token_validity = 3600
access_token_validity = 3600
refresh_token_validity = 3600

treat_users_with_same_email_as_same_user = true

custom_email_domains = ["yourdomain.test"]
custom_email_domains = ["yourdomain.test"]

iframe_domains = "https://yourdomain.test"
}
10 changes: 4 additions & 6 deletions examples/resources/certificate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,24 @@ import (
"github.com/SAP/terraform-provider-btp/internal/tfutils"
)


func main() {
err := tfutils.GenerateCertificate()

if err!=nil{
if err != nil {
fmt.Printf("Error generating a certificate : %s", err)
return
return
}

data, err := os.ReadFile("cert.pem")
if err != nil {
fmt.Printf("Error reading the certificate : %s", err)
return
return
}

pemString := string(data)

output := map[string]string{
"certificate": pemString,
"certificate": pemString,
}

if err := json.NewEncoder(os.Stdout).Encode(output); err != nil {
Expand All @@ -42,4 +41,3 @@ func main() {
}

}

11 changes: 9 additions & 2 deletions guides/DRIFTDETECTION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,21 +23,28 @@ The following overview list des resources and their support for drift detection
| Resource | Drift Detection Support | Comments |
|--- |--- |--- |
| btp_directory | Yes | - |
| btp_directory_api_credential | No | - |
| btp_directory_entitlement | Yes | - |
| btp_directory_role | Yes | - |
| btp_directory_role_collection | Yes | - |
| btp_directory_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_globalaccount_api_credential | No | - |
| btp_globalaccount_resource_provider | Yes | - |
| btp_globalaccount_role | Yes | - |
| btp_globalaccount_role_collection | Yes | - |
| btp_globalaccount_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_globalaccount_security_settings | No | READ capability of resource not available |
| btp_globalaccount_security_settings | Yes | - |
| btp_globalaccount_trust_configuration | Yes | - |
| btp_subaccount | Yes | - |
| btp_subaccount_api_credential | No | - |
| btp_subaccount_entitlement | Yes | - |
| btp_subaccount_environment_instance | Yes | - |
| btp_subaccount_role | Yes | - |
| btp_subaccount_role_collection | Yes | - |
| btp_subaccount_role_collection_assignment | No | READ capability of resource not available. Improvement planned for H2/2024 see [issue](https://github.com/SAP/terraform-provider-btp/issues/748) |
| btp_subaccount_security_settings | No | READ capability of resource not available |
| btp_subaccount_security_settings | Yes | - |
| btp_subaccount_service_binding | Yes | - |
| btp_subaccount_service_broker | Yes | - |
| btp_subaccount_service_instance | Yes with restrictions | The parameters defined via `parameters` are not tracked due to missing READ functionality depending on the service offering configuration |
| btp_subaccount_subscription | Yes | - |
| btp_subaccount_trust_configuration | Yes | - |
Expand Down
13 changes: 10 additions & 3 deletions guides/IMPORT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,31 @@ To get a quick overview of the resources and if they support the import function

The following list provides an overview of the resources and their support for the import functionality (state: 09.04.2024)

| Resource | Drift Detection Support
| Resource | Import Support
|--- |---
| btp_directory | Yes
| btp_directory_api_credential | No
| btp_directory_entitlement | Yes
| btp_directory_role | Yes
| btp_directory_role_collection | Yes
| btp_directory_role_collection_assignment | No
| btp_globalaccount_api_credential | No
| btp_globalaccount_resource_provider | Yes
| btp_globalaccount_role | Yes
| btp_globalaccount_role_collection | Yes
| btp_globalaccount_role_collection_assignment | No
| btp_globalaccount_security_settings | No
| btp_globalaccount_security_settings | Yes
| btp_globalaccount_trust_configuration | Yes
| btp_subaccount | Yes
| btp_subaccount_api_credential | No
| btp_subaccount_entitlement | Yes
| btp_subaccount_environment_instance | Yes
| btp_subaccount_role | Yes
| btp_subaccount_role_collection | Yes
| btp_subaccount_role_collection_assignment | No
| btp_subaccount_security_settings | No
| btp_subaccount_security_settings | Yes
| btp_subaccount_service_binding | Yes
| btp_subaccount_service_broker | Yes
| btp_subaccount_service_instance | Yes with restrictions (see [documentation](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_service_instance#restriction))
| btp_subaccount_subscription | Yes
| btp_subaccount_trust_configuration | Yes
2 changes: 1 addition & 1 deletion internal/btpcli/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,7 @@ func simulateV2Call(t *testing.T, config v2SimulationConfig) {
w.Header().Add(key, value)
}
w.WriteHeader(config.srvReturnStatus)
fmt.Fprintf(w,"%s",config.srvReturnContent)
fmt.Fprintf(w, "%s", config.srvReturnContent)
}
}))
defer srv.Close()
Expand Down
24 changes: 12 additions & 12 deletions internal/btpcli/facade_security_api_credential.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ func (f *securityApiCredentialFacade) getCommand() string {
}

type ApiCredentialInput struct {
Subaccount string `btpcli:"subaccount"`
Directory string `btpcli:"directory"`
GlobalAccount string `btpcli:"globalAccount"`
Name string `btpcli:"name,omitempty"`
Certificate string `btpcli:"certificate,omitempty"`
ReadOnly bool `btpcli:"readOnly,omitempty"`
Subaccount string `btpcli:"subaccount"`
Directory string `btpcli:"directory"`
GlobalAccount string `btpcli:"globalAccount"`
Name string `btpcli:"name,omitempty"`
Certificate string `btpcli:"certificate,omitempty"`
ReadOnly bool `btpcli:"readOnly,omitempty"`
}

func (f *securityApiCredentialFacade) CreateBySubaccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {
Expand Down Expand Up @@ -89,7 +89,7 @@ func (f *securityApiCredentialFacade) GetByDirectory(ctx context.Context, args *
}

func (f *securityApiCredentialFacade) CreateByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)
Expand All @@ -102,9 +102,9 @@ func (f *securityApiCredentialFacade) CreateByGlobalAccount(ctx context.Context,
}

func (f *securityApiCredentialFacade) DeleteByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)

if err != nil {
Expand All @@ -115,14 +115,14 @@ func (f *securityApiCredentialFacade) DeleteByGlobalAccount(ctx context.Context,
}

func (f *securityApiCredentialFacade) GetByGlobalAccount(ctx context.Context, args *ApiCredentialInput) (xsuaa_api.ApiCredentialSubaccount, CommandResponse, error) {

args.GlobalAccount = f.cliClient.GetGlobalAccountSubdomain()

params, err := tfutils.ToBTPCLIParamsMap(args)

if err != nil {
return xsuaa_api.ApiCredentialSubaccount{}, CommandResponse{}, err
}

return doExecute[xsuaa_api.ApiCredentialSubaccount](f.cliClient, ctx, NewGetRequest(f.getCommand(), params))
}
}
Loading
Loading