diff --git a/ovh/data_cloud_project_kube_oidc.go b/ovh/data_cloud_project_kube_oidc.go new file mode 100644 index 000000000..5f5012753 --- /dev/null +++ b/ovh/data_cloud_project_kube_oidc.go @@ -0,0 +1,101 @@ +package ovh + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceCloudProjectKubeOIDC() *schema.Resource { + return &schema.Resource{ + Read: dataSourceCloudProjectKubeOIDCRead, + Schema: map[string]*schema.Schema{ + "service_name": { + Type: schema.TypeString, + Description: "Service name", + Required: true, + ForceNew: true, + DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil), + }, + "kube_id": { + Type: schema.TypeString, + Description: "Kube ID", + Required: true, + ForceNew: true, + }, + "client_id": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "issuer_url": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_claim": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_groups_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_groups_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_required_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_signing_algs": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_ca_content": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + }, + } +} + +func dataSourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + serviceName := d.Get("service_name").(string) + kubeId := d.Get("kube_id").(string) + + endpoint := fmt.Sprintf("/cloud/project/%s/kube/%s/openIdConnect", serviceName, kubeId) + res := &CloudProjectKubeOIDCResponse{} + + log.Printf("[DEBUG] Will read OIDC from kube %s and project: %s", kubeId, serviceName) + err := config.OVHClient.Get(endpoint, res) + if err != nil { + return fmt.Errorf("calling get %s %w", endpoint, err) + } + for k, v := range res.ToMap() { + if k != "id" { + d.Set(k, v) + } + } + d.SetId(kubeId + "-" + res.ClientID + "-" + res.IssuerUrl) + + log.Printf("[DEBUG] Read OIDC %+v", res) + return nil +} diff --git a/ovh/data_cloud_project_kube_oidc_test.go b/ovh/data_cloud_project_kube_oidc_test.go new file mode 100644 index 000000000..0475e8acc --- /dev/null +++ b/ovh/data_cloud_project_kube_oidc_test.go @@ -0,0 +1,93 @@ +package ovh + +import ( + "fmt" + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccCloudProjectKubeOIDCDataSource_basic(t *testing.T) { + name := acctest.RandomWithPrefix(test_prefix) + region := os.Getenv("OVH_CLOUD_PROJECT_KUBE_REGION_TEST") + + config := fmt.Sprintf( + testAccCloudProjectKubeOIDCDataSourceConfig, + os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST"), + name, + region, + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheckKubernetes(t) + }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "client_id", "my-oidc-client-id"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "issuer_url", "https://www.ovhcloud.com/fr/"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), + ), + }, + }, + }) +} + +var testAccCloudProjectKubeOIDCDataSourceConfig = ` +resource "ovh_cloud_project_kube" "cluster" { + service_name = "%s" + name = "%s" + region = "%s" +} + +resource "ovh_cloud_project_kube_oidc" "oidc" { + service_name = ovh_cloud_project_kube.cluster.service_name + kube_id = ovh_cloud_project_kube.cluster.id + + client_id = "my-oidc-client-id" + issuer_url = "https://www.ovhcloud.com/fr/" + oidc_username_claim = "usrClaim" + oidc_username_prefix = "usrPrefix" + oidc_groups_claim = ["grpClaim"] + oidc_groups_prefix = "grpPrefix" + oidc_required_claim = ["claim1=val1","claim2=val2"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + + depends_on = [ + ovh_cloud_project_kube.cluster + ] + +} + +data "ovh_cloud_project_kube_oidc" "oidcData" { + service_name = ovh_cloud_project_kube.cluster.service_name + kube_id = ovh_cloud_project_kube.cluster.id + + depends_on = [ + ovh_cloud_project_kube_oidc.oidc + ] +} +` diff --git a/ovh/provider.go b/ovh/provider.go index 40b49ffa3..d1bc2cbc8 100644 --- a/ovh/provider.go +++ b/ovh/provider.go @@ -74,6 +74,7 @@ func Provider() *schema.Provider { "ovh_cloud_project_failover_ip_attach": dataSourceCloudProjectFailoverIpAttach(), "ovh_cloud_project_kube": dataSourceCloudProjectKube(), "ovh_cloud_project_kube_iprestrictions": dataSourceCloudProjectKubeIPRestrictions(), + "ovh_cloud_project_kube_oidc": dataSourceCloudProjectKubeOIDC(), "ovh_cloud_project_kube_nodepool": dataSourceCloudProjectKubeNodepool(), "ovh_cloud_project_region": dataSourceCloudProjectRegion(), "ovh_cloud_project_regions": dataSourceCloudProjectRegions(), diff --git a/ovh/resource_cloud_project_kube_oidc.go b/ovh/resource_cloud_project_kube_oidc.go index 9373bcf85..a6f58a0d6 100644 --- a/ovh/resource_cloud_project_kube_oidc.go +++ b/ovh/resource_cloud_project_kube_oidc.go @@ -3,6 +3,7 @@ package ovh import ( "fmt" "log" + "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -13,6 +14,9 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { Read: resourceCloudProjectKubeOIDCRead, Delete: resourceCloudProjectKubeOIDCDelete, Update: resourceCloudProjectKubeOIDCUpdate, + Importer: &schema.ResourceImporter{ + State: resourceCloudProjectKubeOIDCImportState, + }, Schema: map[string]*schema.Schema{ "service_name": { @@ -34,10 +38,65 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { Type: schema.TypeString, Required: true, }, + "oidc_username_claim": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_groups_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_groups_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_required_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_signing_algs": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_ca_content": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, }, } } +func resourceCloudProjectKubeOIDCImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + givenId := d.Id() + splitId := strings.SplitN(givenId, "/", 3) + if len(splitId) != 2 { + return nil, fmt.Errorf("Import Id is not service_name/kubeid formatted") + } + serviceName := splitId[0] + kubeId := splitId[1] + d.SetId(kubeId) + d.Set("kube_id", kubeId) + d.Set("service_name", serviceName) + + results := make([]*schema.ResourceData, 1) + results[0] = d + return results, nil +} + func resourceCloudProjectKubeOIDCCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) @@ -54,7 +113,7 @@ func resourceCloudProjectKubeOIDCCreate(d *schema.ResourceData, meta interface{} return fmt.Errorf("calling Post %s with params %s:\n\t %w", endpoint, params, err) } - d.SetId(kubeID + "-" + params.ClientID + "-" + params.IssuerUrl) + d.SetId(serviceName + "/" + kubeID) log.Printf("[DEBUG] Waiting for kube %s to be READY", kubeID) err = waitForCloudProjectKubeReady(config.OVHClient, serviceName, kubeID, []string{"REDEPLOYING"}, []string{"READY"}) @@ -84,7 +143,7 @@ func resourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{}) if k != "id" { d.Set(k, v) } else { - d.SetId(kubeID + "-" + res.ClientID + "-" + res.IssuerUrl) + d.SetId(serviceName + "/" + kubeID) } } diff --git a/ovh/resource_cloud_project_kube_oidc_test.go b/ovh/resource_cloud_project_kube_oidc_test.go index d3a0af2a4..064f62f53 100644 --- a/ovh/resource_cloud_project_kube_oidc_test.go +++ b/ovh/resource_cloud_project_kube_oidc_test.go @@ -20,6 +20,15 @@ var testAccCloudProjectKubeOIDCConfig = ` kube_id = ovh_cloud_project_kube.cluster.id client_id = "%s" issuer_url = "%s" + + oidc_username_claim = "usrClaim" + oidc_username_prefix = "usrPrefix" + oidc_groups_claim = ["grpClaim"] + oidc_groups_prefix = "grpPrefix" + oidc_required_claim = ["claim1=val1","claim2=val2"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } ` @@ -60,6 +69,22 @@ func TestAccCloudProjectKubeOIDC_full(t *testing.T) { "ovh_cloud_project_kube_oidc.my-oidc", "client_id", "my-oidc-client-id"), resource.TestCheckResourceAttr( "ovh_cloud_project_kube_oidc.my-oidc", "issuer_url", "https://ovh.com"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), ), }, { @@ -69,6 +94,22 @@ func TestAccCloudProjectKubeOIDC_full(t *testing.T) { "ovh_cloud_project_kube_oidc.my-oidc", "client_id", "my-another-oidc-client-id"), resource.TestCheckResourceAttr( "ovh_cloud_project_kube_oidc.my-oidc", "issuer_url", "https://docs.ovh.com"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), ), }, { diff --git a/ovh/types_cloud_project_kube_oidc.go b/ovh/types_cloud_project_kube_oidc.go index b9ec9454b..76722f1a8 100644 --- a/ovh/types_cloud_project_kube_oidc.go +++ b/ovh/types_cloud_project_kube_oidc.go @@ -2,41 +2,84 @@ package ovh import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/ovh/terraform-provider-ovh/ovh/helpers" ) type CloudProjectKubeOIDCCreateOpts struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } type CloudProjectKubeOIDCUpdateOpts struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } type CloudProjectKubeOIDCResponse struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } func (opts *CloudProjectKubeOIDCCreateOpts) FromResource(d *schema.ResourceData) *CloudProjectKubeOIDCCreateOpts { - return &CloudProjectKubeOIDCCreateOpts{ - ClientID: d.Get("client_id").(string), - IssuerUrl: d.Get("issuer_url").(string), - } + opts.ClientID = d.Get("client_id").(string) + opts.IssuerUrl = d.Get("issuer_url").(string) + opts.UsernameClaim = d.Get("oidc_username_claim").(string) + opts.UsernamePrefix = d.Get("oidc_username_prefix").(string) + opts.GroupsClaim, _ = helpers.StringsFromSchema(d, "oidc_groups_claim") + opts.GroupsPrefix = d.Get("oidc_groups_prefix").(string) + opts.RequiredClaim, _ = helpers.StringsFromSchema(d, "oidc_required_claim") + opts.SigningAlgs, _ = helpers.StringsFromSchema(d, "oidc_signing_algs") + opts.CaContent = d.Get("oidc_ca_content").(string) + + return opts } func (opts *CloudProjectKubeOIDCUpdateOpts) FromResource(d *schema.ResourceData) *CloudProjectKubeOIDCUpdateOpts { - return &CloudProjectKubeOIDCUpdateOpts{ - ClientID: d.Get("client_id").(string), - IssuerUrl: d.Get("issuer_url").(string), - } + opts.ClientID = d.Get("client_id").(string) + opts.IssuerUrl = d.Get("issuer_url").(string) + opts.UsernameClaim = d.Get("oidc_username_claim").(string) + opts.UsernamePrefix = d.Get("oidc_username_prefix").(string) + opts.GroupsClaim, _ = helpers.StringsFromSchema(d, "oidc_groups_claim") + opts.GroupsPrefix = d.Get("oidc_groups_prefix").(string) + opts.RequiredClaim, _ = helpers.StringsFromSchema(d, "oidc_required_claim") + opts.SigningAlgs, _ = helpers.StringsFromSchema(d, "oidc_signing_algs") + opts.CaContent = d.Get("oidc_ca_content").(string) + + return opts } func (v CloudProjectKubeOIDCResponse) ToMap() map[string]interface{} { obj := make(map[string]interface{}) obj["client_id"] = v.ClientID obj["issuer_url"] = v.IssuerUrl + obj["oidc_username_claim"] = v.UsernameClaim + obj["oidc_username_prefix"] = v.UsernamePrefix + obj["oidc_groups_claim"] = v.GroupsClaim + obj["oidc_groups_prefix"] = v.GroupsPrefix + obj["oidc_required_claim"] = v.RequiredClaim + obj["oidc_signing_algs"] = v.SigningAlgs + obj["oidc_ca_content"] = v.CaContent return obj } diff --git a/ovh/types_iploadbalancing.go b/ovh/types_iploadbalancing.go index 1cb166979..6155992ad 100644 --- a/ovh/types_iploadbalancing.go +++ b/ovh/types_iploadbalancing.go @@ -246,7 +246,7 @@ func (opts *IPLoadbalancingHttpRouteActionOpts) FromResource(d *schema.ResourceD return opts } -//IPLoadbalancingHttpRoute HTTP Route +// IPLoadbalancingHttpRoute HTTP Route type IPLoadbalancingHttpRouteOpts struct { Action IPLoadbalancingHttpRouteActionOpts `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName,omitempty"` //Human readable name for your route, this field is for you @@ -291,7 +291,7 @@ func (v IPLoadbalancingHttpRouteAction) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingHttpRoute HTTP Route +// IPLoadbalancingHttpRoute HTTP Route type IPLoadbalancingHttpRoute struct { Action IPLoadbalancingHttpRouteAction `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName"` //Human readable name for your route, this field is for you @@ -341,7 +341,7 @@ func (opts *IPLoadbalancingTcpRouteActionOpts) FromResource(d *schema.ResourceDa return opts } -//IPLoadbalancingTcpRoute HTTP Route +// IPLoadbalancingTcpRoute HTTP Route type IPLoadbalancingTcpRouteOpts struct { Action IPLoadbalancingTcpRouteActionOpts `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName,omitempty"` //Human readable name for your route, this field is for you @@ -381,7 +381,7 @@ func (v IPLoadbalancingTcpRouteAction) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingTcpRoute HTTP Route +// IPLoadbalancingTcpRoute HTTP Route type IPLoadbalancingTcpRoute struct { Action IPLoadbalancingTcpRouteAction `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName"` //Human readable name for your route, this field is for you @@ -419,7 +419,7 @@ func (v IPLoadbalancingTcpRoute) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingRouteRule Route Rule +// IPLoadbalancingRouteRule Route Rule type IPLoadbalancingRouteRule struct { DisplayName *string `json:"displayName"` //Human readable name for your rule Field string `json:"field"` //Name of the field to match like "protocol" or "host". See "/ipLoadbalancing/{serviceName}/availableRouteRules" for a list of available rules @@ -468,7 +468,7 @@ func (v IPLoadbalancingRouteRule) ToMapForRoutes() map[string]interface{} { return obj } -//IPLoadbalancingRouteRule Route Rule +// IPLoadbalancingRouteRule Route Rule type IPLoadbalancingRouteRuleOpts struct { DisplayName *string `json:"displayName,omitempty"` //Human readable name for your rule Field string `json:"field"` //Name of the field to match like "protocol" or "host". See "/ipLoadbalancing/{serviceName}/availableRouteRules" for a list of available rules diff --git a/website/docs/d/cloud_project_kube_oidc.html.markdown b/website/docs/d/cloud_project_kube_oidc.html.markdown new file mode 100644 index 000000000..856561e75 --- /dev/null +++ b/website/docs/d/cloud_project_kube_oidc.html.markdown @@ -0,0 +1,58 @@ +--- +layout: "ovh" +page_title: "OVH: cloud_project_kube_oidc" +sidebar_current: "docs-ovh-datasource-cloud-project-kube-oidc-x" +description: |- +Get information & status of a Kubernetes managed cluster OIDC in a public cloud project. +--- + +# ovh_cloud_project_kube_oidc (Data Source) + +Use this data source to get a OVHcloud Managed Kubernetes Service cluster OIDC. + +## Example Usage + +```hcl +data "ovh_cloud_project_kube_oidc" "oidc" { + service_name = "XXXXXX" + kube_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx" +} + +output "oidc-val" { + value = data.ovh_cloud_project_kube_oidc.oidc.client_id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `service_name` - (Optional) The id of the public cloud project. If omitted, + the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used. + +* `kube_id` - The id of the managed kubernetes cluster. + +## Attributes Reference + +The following attributes are exported: + +* `service_name` - See Argument Reference above. +* `kube_id` - See Argument Reference above. + +* `client_id` - The OIDC client ID. + +* `issuer_url` - The OIDC issuer url. + +* `oidcUsernameClaim` - JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. + +* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this field isn't set and oidcUsernameClaim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of oidcIssuerUrl. The value - can be used to disable all prefixing. + +* `oidcGroupsClaim` - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings. + +* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra. + +* `oidcRequiredClaim` - Array of key=value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." + +* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is \"RS256\". + +* `oidcCaContent` - Content of the certificate for the CA, in base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. diff --git a/website/docs/r/cloud_project_kube_oidc.html.markdown b/website/docs/r/cloud_project_kube_oidc.html.markdown index ea3f18114..f4554e027 100644 --- a/website/docs/r/cloud_project_kube_oidc.html.markdown +++ b/website/docs/r/cloud_project_kube_oidc.html.markdown @@ -16,8 +16,19 @@ Creates an OIDC configuration in an OVHcloud Managed Kubernetes cluster. resource "ovh_cloud_project_kube_oidc" "my-oidc" { service_name = var.projectid kube_id = ovh_cloud_project_kube.mykube.id + + #required field client_id = "xxx" issuer_url = "https://ovh.com" + + #optional field + oidc_username_claim = "an-email" + oidc_username_prefix = "ovh:" + oidc_groups_claim = ["groups"] + oidc_groups_prefix = "ovh:" + oidc_required_claim = ["claim1=val1"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" } ``` @@ -33,3 +44,25 @@ The following arguments are supported: * `client_id` - The OIDC client ID. * `issuer_url` - The OIDC issuer url. + +* `oidcUsernameClaim` - JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. + +* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as `system:users`). For example, the value `oidc:` will create usernames like `oidc:jane.doe`. If this field isn't set and `oidcUsernameClaim` is a value other than email the prefix defaults to `issuer_url` where `issuer_url` is the value of `oidcIssuerUrl.` The value - can be used to disable all prefixing. + +* `oidcGroupsClaim` - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings. + +* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as `system:groups`). For example, the value `oidc:` will create group names like `oidc:engineering` and `oidc:infra`. + +* `oidcRequiredClaim` - Array of `key=value` pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." + +* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is `RS256`. + +* `oidcCaContent` - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. + +## Import + +OVHcloud Managed Kubernetes Service cluster OIDC can be imported using the tenant `service_name` and cluster id `kube_id` separated by "/" E.g., + +```bash +$ terraform import ovh_cloud_project_kube_oidc.my-oidc service_name/kube_id +```