From a93f24acd7a441a05c26157b6119bcc404c34697 Mon Sep 17 00:00:00 2001 From: mathieu prigent Date: Fri, 4 Nov 2022 15:23:35 +0100 Subject: [PATCH 1/4] add adv oidc parameters resource oidc data oidc test acceptance doc --- ovh/data_cloud_project_kube_oidc.go | 101 ++++++++++++++++++ ovh/data_cloud_project_kube_oidc_test.go | 93 ++++++++++++++++ ovh/provider.go | 1 + ovh/resource_cloud_project_kube_oidc.go | 38 +++++++ ovh/resource_cloud_project_kube_oidc_test.go | 41 +++++++ ovh/types_cloud_project_kube_oidc.go | 71 +++++++++--- .../d/cloud_project_kube_oidc.html.markdown | 58 ++++++++++ .../r/cloud_project_kube_oidc.html.markdown | 14 +++ 8 files changed, 403 insertions(+), 14 deletions(-) create mode 100644 ovh/data_cloud_project_kube_oidc.go create mode 100644 ovh/data_cloud_project_kube_oidc_test.go create mode 100644 website/docs/d/cloud_project_kube_oidc.html.markdown diff --git a/ovh/data_cloud_project_kube_oidc.go b/ovh/data_cloud_project_kube_oidc.go new file mode 100644 index 000000000..3116d8e40 --- /dev/null +++ b/ovh/data_cloud_project_kube_oidc.go @@ -0,0 +1,101 @@ +package ovh + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceCloudProjectKubeOIDC() *schema.Resource { + return &schema.Resource{ + Read: dataSourceCloudProjectKubeOIDCRead, + Schema: map[string]*schema.Schema{ + "service_name": { + Type: schema.TypeString, + Description: "Service name", + Required: true, + ForceNew: true, + DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil), + }, + "kube_id": { + Type: schema.TypeString, + Description: "Kube ID", + Required: true, + ForceNew: true, + }, + "client_id": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "issuer_url": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_claim": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_groups_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_groups_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_required_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_signing_algs": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_ca_content": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + }, + } +} + +func dataSourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + serviceName := d.Get("service_name").(string) + kubeId := d.Get("kube_id").(string) + + endpoint := fmt.Sprintf("/cloud/project/%s/kube/%s/openIdConnect", serviceName, kubeId) + res := &CloudProjectKubeOIDCResponse{} + + log.Printf("[DEBUG] Will read oidc from kube %s and project: %s", kubeId, serviceName) + err := config.OVHClient.Get(endpoint, res) + if err != nil { + return fmt.Errorf("calling get %s %w", endpoint, err) + } + for k, v := range res.ToMap() { + if k != "id" { + d.Set(k, v) + } + } + d.SetId(kubeId + "-" + res.ClientID + "-" + res.IssuerUrl) + + log.Printf("[DEBUG] Read oidc %+v", res) + return nil +} diff --git a/ovh/data_cloud_project_kube_oidc_test.go b/ovh/data_cloud_project_kube_oidc_test.go new file mode 100644 index 000000000..30217d43b --- /dev/null +++ b/ovh/data_cloud_project_kube_oidc_test.go @@ -0,0 +1,93 @@ +package ovh + +import ( + "fmt" + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccCloudProjectKubeOIDCDataSource_basic(t *testing.T) { + name := acctest.RandomWithPrefix(test_prefix) + region := os.Getenv("OVH_CLOUD_PROJECT_KUBE_REGION_TEST") + + config := fmt.Sprintf( + testAccCloudProjectKubeOIDCDataSourceConfig, + os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST"), + name, + region, + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheckKubernetes(t) + }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "client_id", "toto"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "issuer_url", "https://www.ovhcloud.com/fr/"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "data.ovh_cloud_project_kube_oidc.oidcData", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), + ), + }, + }, + }) +} + +var testAccCloudProjectKubeOIDCDataSourceConfig = ` +resource "ovh_cloud_project_kube" "cluster" { + service_name = "%s" + name = "%s" + region = "%s" +} + +resource "ovh_cloud_project_kube_oidc" "oidc" { + service_name = ovh_cloud_project_kube.cluster.service_name + kube_id = ovh_cloud_project_kube.cluster.id + + client_id = "toto" + issuer_url = "https://www.ovhcloud.com/fr/" + oidc_username_claim = "usrClaim" + oidc_username_prefix = "usrPrefix" + oidc_groups_claim = ["grpClaim"] + oidc_groups_prefix = "grpPrefix" + oidc_required_claim = ["claim1=val1","claim2=val2"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + + depends_on = [ + ovh_cloud_project_kube.cluster + ] + +} + +data "ovh_cloud_project_kube_oidc" "oidcData" { + service_name = ovh_cloud_project_kube.cluster.service_name + kube_id = ovh_cloud_project_kube.cluster.id + + depends_on = [ + ovh_cloud_project_kube_oidc.oidc + ] +} +` diff --git a/ovh/provider.go b/ovh/provider.go index 40b49ffa3..d1bc2cbc8 100644 --- a/ovh/provider.go +++ b/ovh/provider.go @@ -74,6 +74,7 @@ func Provider() *schema.Provider { "ovh_cloud_project_failover_ip_attach": dataSourceCloudProjectFailoverIpAttach(), "ovh_cloud_project_kube": dataSourceCloudProjectKube(), "ovh_cloud_project_kube_iprestrictions": dataSourceCloudProjectKubeIPRestrictions(), + "ovh_cloud_project_kube_oidc": dataSourceCloudProjectKubeOIDC(), "ovh_cloud_project_kube_nodepool": dataSourceCloudProjectKubeNodepool(), "ovh_cloud_project_region": dataSourceCloudProjectRegion(), "ovh_cloud_project_regions": dataSourceCloudProjectRegions(), diff --git a/ovh/resource_cloud_project_kube_oidc.go b/ovh/resource_cloud_project_kube_oidc.go index 9373bcf85..5901f8cd1 100644 --- a/ovh/resource_cloud_project_kube_oidc.go +++ b/ovh/resource_cloud_project_kube_oidc.go @@ -34,6 +34,44 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { Type: schema.TypeString, Required: true, }, + "oidc_username_claim": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_username_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_groups_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_groups_prefix": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, + "oidc_required_claim": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_signing_algs": { + Type: schema.TypeList, + Required: false, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "oidc_ca_content": { + Type: schema.TypeString, + Required: false, + Optional: true, + }, }, } } diff --git a/ovh/resource_cloud_project_kube_oidc_test.go b/ovh/resource_cloud_project_kube_oidc_test.go index d3a0af2a4..064f62f53 100644 --- a/ovh/resource_cloud_project_kube_oidc_test.go +++ b/ovh/resource_cloud_project_kube_oidc_test.go @@ -20,6 +20,15 @@ var testAccCloudProjectKubeOIDCConfig = ` kube_id = ovh_cloud_project_kube.cluster.id client_id = "%s" issuer_url = "%s" + + oidc_username_claim = "usrClaim" + oidc_username_prefix = "usrPrefix" + oidc_groups_claim = ["grpClaim"] + oidc_groups_prefix = "grpPrefix" + oidc_required_claim = ["claim1=val1","claim2=val2"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } ` @@ -60,6 +69,22 @@ func TestAccCloudProjectKubeOIDC_full(t *testing.T) { "ovh_cloud_project_kube_oidc.my-oidc", "client_id", "my-oidc-client-id"), resource.TestCheckResourceAttr( "ovh_cloud_project_kube_oidc.my-oidc", "issuer_url", "https://ovh.com"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), ), }, { @@ -69,6 +94,22 @@ func TestAccCloudProjectKubeOIDC_full(t *testing.T) { "ovh_cloud_project_kube_oidc.my-oidc", "client_id", "my-another-oidc-client-id"), resource.TestCheckResourceAttr( "ovh_cloud_project_kube_oidc.my-oidc", "issuer_url", "https://docs.ovh.com"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_claim", "usrClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_username_prefix", "usrPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_claim.0", "grpClaim"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_groups_prefix", "grpPrefix"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.0", "claim1=val1"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_required_claim.1", "claim2=val2"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_signing_algs.0", "RS512"), + resource.TestCheckResourceAttr( + "ovh_cloud_project_kube_oidc.my-oidc", "oidc_ca_content", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="), ), }, { diff --git a/ovh/types_cloud_project_kube_oidc.go b/ovh/types_cloud_project_kube_oidc.go index b9ec9454b..76722f1a8 100644 --- a/ovh/types_cloud_project_kube_oidc.go +++ b/ovh/types_cloud_project_kube_oidc.go @@ -2,41 +2,84 @@ package ovh import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/ovh/terraform-provider-ovh/ovh/helpers" ) type CloudProjectKubeOIDCCreateOpts struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } type CloudProjectKubeOIDCUpdateOpts struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } type CloudProjectKubeOIDCResponse struct { - ClientID string `json:"clientId"` - IssuerUrl string `json:"issuerUrl"` + ClientID string `json:"clientId"` + IssuerUrl string `json:"issuerUrl"` + UsernameClaim string `json:"usernameClaim"` + UsernamePrefix string `json:"usernamePrefix"` + GroupsClaim []string `json:"groupsClaim"` + GroupsPrefix string `json:"groupsPrefix"` + RequiredClaim []string `json:"requiredClaim"` + SigningAlgs []string `json:"signingAlgorithms"` + CaContent string `json:"caContent"` } func (opts *CloudProjectKubeOIDCCreateOpts) FromResource(d *schema.ResourceData) *CloudProjectKubeOIDCCreateOpts { - return &CloudProjectKubeOIDCCreateOpts{ - ClientID: d.Get("client_id").(string), - IssuerUrl: d.Get("issuer_url").(string), - } + opts.ClientID = d.Get("client_id").(string) + opts.IssuerUrl = d.Get("issuer_url").(string) + opts.UsernameClaim = d.Get("oidc_username_claim").(string) + opts.UsernamePrefix = d.Get("oidc_username_prefix").(string) + opts.GroupsClaim, _ = helpers.StringsFromSchema(d, "oidc_groups_claim") + opts.GroupsPrefix = d.Get("oidc_groups_prefix").(string) + opts.RequiredClaim, _ = helpers.StringsFromSchema(d, "oidc_required_claim") + opts.SigningAlgs, _ = helpers.StringsFromSchema(d, "oidc_signing_algs") + opts.CaContent = d.Get("oidc_ca_content").(string) + + return opts } func (opts *CloudProjectKubeOIDCUpdateOpts) FromResource(d *schema.ResourceData) *CloudProjectKubeOIDCUpdateOpts { - return &CloudProjectKubeOIDCUpdateOpts{ - ClientID: d.Get("client_id").(string), - IssuerUrl: d.Get("issuer_url").(string), - } + opts.ClientID = d.Get("client_id").(string) + opts.IssuerUrl = d.Get("issuer_url").(string) + opts.UsernameClaim = d.Get("oidc_username_claim").(string) + opts.UsernamePrefix = d.Get("oidc_username_prefix").(string) + opts.GroupsClaim, _ = helpers.StringsFromSchema(d, "oidc_groups_claim") + opts.GroupsPrefix = d.Get("oidc_groups_prefix").(string) + opts.RequiredClaim, _ = helpers.StringsFromSchema(d, "oidc_required_claim") + opts.SigningAlgs, _ = helpers.StringsFromSchema(d, "oidc_signing_algs") + opts.CaContent = d.Get("oidc_ca_content").(string) + + return opts } func (v CloudProjectKubeOIDCResponse) ToMap() map[string]interface{} { obj := make(map[string]interface{}) obj["client_id"] = v.ClientID obj["issuer_url"] = v.IssuerUrl + obj["oidc_username_claim"] = v.UsernameClaim + obj["oidc_username_prefix"] = v.UsernamePrefix + obj["oidc_groups_claim"] = v.GroupsClaim + obj["oidc_groups_prefix"] = v.GroupsPrefix + obj["oidc_required_claim"] = v.RequiredClaim + obj["oidc_signing_algs"] = v.SigningAlgs + obj["oidc_ca_content"] = v.CaContent return obj } diff --git a/website/docs/d/cloud_project_kube_oidc.html.markdown b/website/docs/d/cloud_project_kube_oidc.html.markdown new file mode 100644 index 000000000..4b0cd19c4 --- /dev/null +++ b/website/docs/d/cloud_project_kube_oidc.html.markdown @@ -0,0 +1,58 @@ +--- +layout: "ovh" +page_title: "OVH: cloud_project_kube_oidc" +sidebar_current: "docs-ovh-datasource-cloud-project-kube-oidc-x" +description: |- +Get information & status of a Kubernetes managed cluster OIDC in a public cloud project. +--- + +# ovh_cloud_project_kube_oidc (Data Source) + +Use this data source to get a OVHcloud Managed Kubernetes Service cluster OIDC. + +## Example Usage + +```hcl +data "ovh_cloud_project_kube_oidc" "oidc" { + service_name = "XXXXXX" + kube_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx" +} + +output "oidc-val" { + value = data.ovh_cloud_project_kube_iprestrictions.oidc.client_id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `service_name` - (Optional) The id of the public cloud project. If omitted, + the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used. + +* `kube_id` - The id of the managed kubernetes cluster. + +## Attributes Reference + +The following attributes are exported: + +* `service_name` - See Argument Reference above. +* `kube_id` - See Argument Reference above. + +* `client_id` - The OIDC client ID. + +* `issuer_url` - The OIDC issuer url. + +* `oidcUsernameClaim` - JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. + +* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this field isn't set and oidcUsernameClaim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of oidcIssuerUrl. The value - can be used to disable all prefixing. + +* `oidcGroupsClaim` - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings. + +* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra. + +* `oidcRequiredClaim` - Array of key=value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." + +* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is \"RS256\". + +* `oidcCaContent` - Content of the certificate for the CA, in base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. diff --git a/website/docs/r/cloud_project_kube_oidc.html.markdown b/website/docs/r/cloud_project_kube_oidc.html.markdown index ea3f18114..bef43fb57 100644 --- a/website/docs/r/cloud_project_kube_oidc.html.markdown +++ b/website/docs/r/cloud_project_kube_oidc.html.markdown @@ -33,3 +33,17 @@ The following arguments are supported: * `client_id` - The OIDC client ID. * `issuer_url` - The OIDC issuer url. + +* `oidcUsernameClaim` - JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. + +* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this field isn't set and oidcUsernameClaim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of oidcIssuerUrl. The value - can be used to disable all prefixing. + +* `oidcGroupsClaim` - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings. + +* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra. + +* `oidcRequiredClaim` - Array of key=value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." + +* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is \"RS256\". + +* `oidcCaContent` - Content of the certificate for the CA, in base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. From cb747865965ac250843b112d8ea140e02af9ee03 Mon Sep 17 00:00:00 2001 From: mathieu prigent Date: Mon, 21 Nov 2022 13:53:11 +0100 Subject: [PATCH 2/4] first review --- ovh/data_cloud_project_kube_oidc.go | 4 ++-- ovh/data_cloud_project_kube_oidc_test.go | 4 ++-- ovh/resource_cloud_project_kube_oidc.go | 3 +++ website/docs/d/cloud_project_kube_oidc.html.markdown | 2 +- website/docs/r/cloud_project_kube_oidc.html.markdown | 11 +++++++++++ 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/ovh/data_cloud_project_kube_oidc.go b/ovh/data_cloud_project_kube_oidc.go index 3116d8e40..5f5012753 100644 --- a/ovh/data_cloud_project_kube_oidc.go +++ b/ovh/data_cloud_project_kube_oidc.go @@ -84,7 +84,7 @@ func dataSourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{} endpoint := fmt.Sprintf("/cloud/project/%s/kube/%s/openIdConnect", serviceName, kubeId) res := &CloudProjectKubeOIDCResponse{} - log.Printf("[DEBUG] Will read oidc from kube %s and project: %s", kubeId, serviceName) + log.Printf("[DEBUG] Will read OIDC from kube %s and project: %s", kubeId, serviceName) err := config.OVHClient.Get(endpoint, res) if err != nil { return fmt.Errorf("calling get %s %w", endpoint, err) @@ -96,6 +96,6 @@ func dataSourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{} } d.SetId(kubeId + "-" + res.ClientID + "-" + res.IssuerUrl) - log.Printf("[DEBUG] Read oidc %+v", res) + log.Printf("[DEBUG] Read OIDC %+v", res) return nil } diff --git a/ovh/data_cloud_project_kube_oidc_test.go b/ovh/data_cloud_project_kube_oidc_test.go index 30217d43b..0475e8acc 100644 --- a/ovh/data_cloud_project_kube_oidc_test.go +++ b/ovh/data_cloud_project_kube_oidc_test.go @@ -30,7 +30,7 @@ func TestAccCloudProjectKubeOIDCDataSource_basic(t *testing.T) { Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - "data.ovh_cloud_project_kube_oidc.oidcData", "client_id", "toto"), + "data.ovh_cloud_project_kube_oidc.oidcData", "client_id", "my-oidc-client-id"), resource.TestCheckResourceAttr( "data.ovh_cloud_project_kube_oidc.oidcData", "issuer_url", "https://www.ovhcloud.com/fr/"), resource.TestCheckResourceAttr( @@ -66,7 +66,7 @@ resource "ovh_cloud_project_kube_oidc" "oidc" { service_name = ovh_cloud_project_kube.cluster.service_name kube_id = ovh_cloud_project_kube.cluster.id - client_id = "toto" + client_id = "my-oidc-client-id" issuer_url = "https://www.ovhcloud.com/fr/" oidc_username_claim = "usrClaim" oidc_username_prefix = "usrPrefix" diff --git a/ovh/resource_cloud_project_kube_oidc.go b/ovh/resource_cloud_project_kube_oidc.go index 5901f8cd1..e70c36853 100644 --- a/ovh/resource_cloud_project_kube_oidc.go +++ b/ovh/resource_cloud_project_kube_oidc.go @@ -13,6 +13,9 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { Read: resourceCloudProjectKubeOIDCRead, Delete: resourceCloudProjectKubeOIDCDelete, Update: resourceCloudProjectKubeOIDCUpdate, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, Schema: map[string]*schema.Schema{ "service_name": { diff --git a/website/docs/d/cloud_project_kube_oidc.html.markdown b/website/docs/d/cloud_project_kube_oidc.html.markdown index 4b0cd19c4..856561e75 100644 --- a/website/docs/d/cloud_project_kube_oidc.html.markdown +++ b/website/docs/d/cloud_project_kube_oidc.html.markdown @@ -19,7 +19,7 @@ data "ovh_cloud_project_kube_oidc" "oidc" { } output "oidc-val" { - value = data.ovh_cloud_project_kube_iprestrictions.oidc.client_id + value = data.ovh_cloud_project_kube_oidc.oidc.client_id } ``` diff --git a/website/docs/r/cloud_project_kube_oidc.html.markdown b/website/docs/r/cloud_project_kube_oidc.html.markdown index bef43fb57..d89a41d43 100644 --- a/website/docs/r/cloud_project_kube_oidc.html.markdown +++ b/website/docs/r/cloud_project_kube_oidc.html.markdown @@ -16,8 +16,19 @@ Creates an OIDC configuration in an OVHcloud Managed Kubernetes cluster. resource "ovh_cloud_project_kube_oidc" "my-oidc" { service_name = var.projectid kube_id = ovh_cloud_project_kube.mykube.id + + #required field client_id = "xxx" issuer_url = "https://ovh.com" + + #optional field + oidc_username_claim = "email" + oidc_username_prefix = "ovh:" + oidc_groups_claim = ["groups"] + oidc_groups_prefix = "ovh:" + oidc_required_claim = ["claim1=val1"] + oidc_signing_algs = ["RS512"] + oidc_ca_content = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" } ``` From 1a09362fc11086e0a67df106105ff2d924f1d172 Mon Sep 17 00:00:00 2001 From: matprig <107986130+matprig@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:27:09 +0100 Subject: [PATCH 3/4] second review --- website/docs/r/cloud_project_kube_oidc.html.markdown | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/docs/r/cloud_project_kube_oidc.html.markdown b/website/docs/r/cloud_project_kube_oidc.html.markdown index d89a41d43..1d59d3f0b 100644 --- a/website/docs/r/cloud_project_kube_oidc.html.markdown +++ b/website/docs/r/cloud_project_kube_oidc.html.markdown @@ -22,7 +22,7 @@ resource "ovh_cloud_project_kube_oidc" "my-oidc" { issuer_url = "https://ovh.com" #optional field - oidc_username_claim = "email" + oidc_username_claim = "an-email" oidc_username_prefix = "ovh:" oidc_groups_claim = ["groups"] oidc_groups_prefix = "ovh:" @@ -47,14 +47,14 @@ The following arguments are supported: * `oidcUsernameClaim` - JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. -* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this field isn't set and oidcUsernameClaim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of oidcIssuerUrl. The value - can be used to disable all prefixing. +* `oidcUsernamePrefix` - Prefix prepended to username claims to prevent clashes with existing names (such as `system:users`). For example, the value `oidc:` will create usernames like `oidc:jane.doe`. If this field isn't set and `oidcUsernameClaim` is a value other than email the prefix defaults to `issuer_url` where `issuer_url` is the value of `oidcIssuerUrl.` The value - can be used to disable all prefixing. * `oidcGroupsClaim` - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings. -* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra. +* `oidcGroupsPrefix` - Prefix prepended to group claims to prevent clashes with existing names (such as `system:groups`). For example, the value `oidc:` will create group names like `oidc:engineering` and `oidc:infra`. -* `oidcRequiredClaim` - Array of key=value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." +* `oidcRequiredClaim` - Array of `key=value` pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." -* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is \"RS256\". +* `oidcSigningAlgs` - Array of signing algorithms accepted. Default is `RS256`. -* `oidcCaContent` - Content of the certificate for the CA, in base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. +* `oidcCaContent` - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. From db1dc2f2355738bdfb9f43b86cf16ce077cdb270 Mon Sep 17 00:00:00 2001 From: mathieu prigent Date: Mon, 21 Nov 2022 16:25:24 +0100 Subject: [PATCH 4/4] fix import kube oidc --- ovh/resource_cloud_project_kube_oidc.go | 24 ++++++++++++++++--- ovh/types_iploadbalancing.go | 12 +++++----- .../r/cloud_project_kube_oidc.html.markdown | 8 +++++++ 3 files changed, 35 insertions(+), 9 deletions(-) diff --git a/ovh/resource_cloud_project_kube_oidc.go b/ovh/resource_cloud_project_kube_oidc.go index e70c36853..a6f58a0d6 100644 --- a/ovh/resource_cloud_project_kube_oidc.go +++ b/ovh/resource_cloud_project_kube_oidc.go @@ -3,6 +3,7 @@ package ovh import ( "fmt" "log" + "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -14,7 +15,7 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { Delete: resourceCloudProjectKubeOIDCDelete, Update: resourceCloudProjectKubeOIDCUpdate, Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + State: resourceCloudProjectKubeOIDCImportState, }, Schema: map[string]*schema.Schema{ @@ -79,6 +80,23 @@ func resourceCloudProjectKubeOIDC() *schema.Resource { } } +func resourceCloudProjectKubeOIDCImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + givenId := d.Id() + splitId := strings.SplitN(givenId, "/", 3) + if len(splitId) != 2 { + return nil, fmt.Errorf("Import Id is not service_name/kubeid formatted") + } + serviceName := splitId[0] + kubeId := splitId[1] + d.SetId(kubeId) + d.Set("kube_id", kubeId) + d.Set("service_name", serviceName) + + results := make([]*schema.ResourceData, 1) + results[0] = d + return results, nil +} + func resourceCloudProjectKubeOIDCCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) @@ -95,7 +113,7 @@ func resourceCloudProjectKubeOIDCCreate(d *schema.ResourceData, meta interface{} return fmt.Errorf("calling Post %s with params %s:\n\t %w", endpoint, params, err) } - d.SetId(kubeID + "-" + params.ClientID + "-" + params.IssuerUrl) + d.SetId(serviceName + "/" + kubeID) log.Printf("[DEBUG] Waiting for kube %s to be READY", kubeID) err = waitForCloudProjectKubeReady(config.OVHClient, serviceName, kubeID, []string{"REDEPLOYING"}, []string{"READY"}) @@ -125,7 +143,7 @@ func resourceCloudProjectKubeOIDCRead(d *schema.ResourceData, meta interface{}) if k != "id" { d.Set(k, v) } else { - d.SetId(kubeID + "-" + res.ClientID + "-" + res.IssuerUrl) + d.SetId(serviceName + "/" + kubeID) } } diff --git a/ovh/types_iploadbalancing.go b/ovh/types_iploadbalancing.go index 1cb166979..6155992ad 100644 --- a/ovh/types_iploadbalancing.go +++ b/ovh/types_iploadbalancing.go @@ -246,7 +246,7 @@ func (opts *IPLoadbalancingHttpRouteActionOpts) FromResource(d *schema.ResourceD return opts } -//IPLoadbalancingHttpRoute HTTP Route +// IPLoadbalancingHttpRoute HTTP Route type IPLoadbalancingHttpRouteOpts struct { Action IPLoadbalancingHttpRouteActionOpts `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName,omitempty"` //Human readable name for your route, this field is for you @@ -291,7 +291,7 @@ func (v IPLoadbalancingHttpRouteAction) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingHttpRoute HTTP Route +// IPLoadbalancingHttpRoute HTTP Route type IPLoadbalancingHttpRoute struct { Action IPLoadbalancingHttpRouteAction `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName"` //Human readable name for your route, this field is for you @@ -341,7 +341,7 @@ func (opts *IPLoadbalancingTcpRouteActionOpts) FromResource(d *schema.ResourceDa return opts } -//IPLoadbalancingTcpRoute HTTP Route +// IPLoadbalancingTcpRoute HTTP Route type IPLoadbalancingTcpRouteOpts struct { Action IPLoadbalancingTcpRouteActionOpts `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName,omitempty"` //Human readable name for your route, this field is for you @@ -381,7 +381,7 @@ func (v IPLoadbalancingTcpRouteAction) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingTcpRoute HTTP Route +// IPLoadbalancingTcpRoute HTTP Route type IPLoadbalancingTcpRoute struct { Action IPLoadbalancingTcpRouteAction `json:"action"` //Action triggered when all rules match DisplayName *string `json:"displayName"` //Human readable name for your route, this field is for you @@ -419,7 +419,7 @@ func (v IPLoadbalancingTcpRoute) ToMap() map[string]interface{} { return obj } -//IPLoadbalancingRouteRule Route Rule +// IPLoadbalancingRouteRule Route Rule type IPLoadbalancingRouteRule struct { DisplayName *string `json:"displayName"` //Human readable name for your rule Field string `json:"field"` //Name of the field to match like "protocol" or "host". See "/ipLoadbalancing/{serviceName}/availableRouteRules" for a list of available rules @@ -468,7 +468,7 @@ func (v IPLoadbalancingRouteRule) ToMapForRoutes() map[string]interface{} { return obj } -//IPLoadbalancingRouteRule Route Rule +// IPLoadbalancingRouteRule Route Rule type IPLoadbalancingRouteRuleOpts struct { DisplayName *string `json:"displayName,omitempty"` //Human readable name for your rule Field string `json:"field"` //Name of the field to match like "protocol" or "host". See "/ipLoadbalancing/{serviceName}/availableRouteRules" for a list of available rules diff --git a/website/docs/r/cloud_project_kube_oidc.html.markdown b/website/docs/r/cloud_project_kube_oidc.html.markdown index 1d59d3f0b..f4554e027 100644 --- a/website/docs/r/cloud_project_kube_oidc.html.markdown +++ b/website/docs/r/cloud_project_kube_oidc.html.markdown @@ -58,3 +58,11 @@ The following arguments are supported: * `oidcSigningAlgs` - Array of signing algorithms accepted. Default is `RS256`. * `oidcCaContent` - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. + +## Import + +OVHcloud Managed Kubernetes Service cluster OIDC can be imported using the tenant `service_name` and cluster id `kube_id` separated by "/" E.g., + +```bash +$ terraform import ovh_cloud_project_kube_oidc.my-oidc service_name/kube_id +```