AppAttest and PlayIntegrity for App Check (#9970) (#6971)

* AppAttest and PlayIntegrity for App Check * use camelCase for updateMask for consistency * Enhance examples to use precondition checks [upstream:5a6abe3f97dc5a97e206c0d2cddfdf7f82cdd0c8] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Feb 14, 2024 · 2951852 · 2951852
1 parent ce8fc09
commit 2951852
Show file tree

Hide file tree

Showing 10 changed files with 1,395 additions and 2 deletions.
diff --git a/.changelog/9970.txt b/.changelog/9970.txt
@@ -0,0 +1,6 @@
+```release-note:new-resource
+`google_firebase_app_check_app_attest_config`
+```
+```release-note:new-resource
+`google_firebase_app_check_play_integrity_config`
+```
diff --git a/google-beta/provider/provider_mmv1_resources.go b/google-beta/provider/provider_mmv1_resources.go
@@ -429,9 +429,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 438
+// Generated resources: 440
 // Generated IAM resources: 258
-// Total generated resources: 696
+// Total generated resources: 698
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                         accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                   accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -819,7 +819,9 @@ var generatedResources = map[string]*schema.Resource{
 	"google_firebase_apple_app":                                      firebase.ResourceFirebaseAppleApp(),
 	"google_firebase_project":                                        firebase.ResourceFirebaseProject(),
 	"google_firebase_web_app":                                        firebase.ResourceFirebaseWebApp(),
+	"google_firebase_app_check_app_attest_config":                    firebaseappcheck.ResourceFirebaseAppCheckAppAttestConfig(),
 	"google_firebase_app_check_debug_token":                          firebaseappcheck.ResourceFirebaseAppCheckDebugToken(),
+	"google_firebase_app_check_play_integrity_config":                firebaseappcheck.ResourceFirebaseAppCheckPlayIntegrityConfig(),
 	"google_firebase_app_check_service_config":                       firebaseappcheck.ResourceFirebaseAppCheckServiceConfig(),
 	"google_firebase_database_instance":                              firebasedatabase.ResourceFirebaseDatabaseInstance(),
 	"google_firebase_extensions_instance":                            firebaseextensions.ResourceFirebaseExtensionsInstance(),

diff --git a/google-beta/services/firebaseappcheck/resource_firebase_app_check_app_attest_config.go b/google-beta/services/firebaseappcheck/resource_firebase_app_check_app_attest_config.go
@@ -0,0 +1,308 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package firebaseappcheck
+
+import (
+	"fmt"
+	"log"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+func ResourceFirebaseAppCheckAppAttestConfig() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceFirebaseAppCheckAppAttestConfigCreate,
+		Read:   resourceFirebaseAppCheckAppAttestConfigRead,
+		Update: resourceFirebaseAppCheckAppAttestConfigUpdate,
+		Delete: resourceFirebaseAppCheckAppAttestConfigDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: resourceFirebaseAppCheckAppAttestConfigImport,
+		},
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Update: schema.DefaultTimeout(20 * time.Minute),
+			Delete: schema.DefaultTimeout(20 * time.Minute),
+		},
+
+		CustomizeDiff: customdiff.All(
+			tpgresource.DefaultProviderProject,
+		),
+
+		Schema: map[string]*schema.Schema{
+			"app_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				Description: `The ID of an
+[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).`,
+			},
+			"token_ttl": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+				Description: `Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.
+If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
+
+A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`,
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The relative resource name of the App Attest configuration object`,
+			},
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+		UseJSONNumber: true,
+	}
+}
+
+func resourceFirebaseAppCheckAppAttestConfigCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	tokenTtlProp, err := expandFirebaseAppCheckAppAttestConfigTokenTtl(d.Get("token_ttl"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("token_ttl"); !tpgresource.IsEmptyValue(reflect.ValueOf(tokenTtlProp)) && (ok || !reflect.DeepEqual(v, tokenTtlProp)) {
+		obj["tokenTtl"] = tokenTtlProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{FirebaseAppCheckBasePath}}projects/{{project}}/apps/{{app_id}}/appAttestConfig?updateMask=tokenTtl")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating new AppAttestConfig: %#v", obj)
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for AppAttestConfig: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "PATCH",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return fmt.Errorf("Error creating AppAttestConfig: %s", err)
+	}
+	if err := d.Set("name", flattenFirebaseAppCheckAppAttestConfigName(res["name"], d, config)); err != nil {
+		return fmt.Errorf(`Error setting computed identity field "name": %s`, err)
+	}
+
+	// Store the ID now
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/apps/{{app_id}}/appAttestConfig")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	log.Printf("[DEBUG] Finished creating AppAttestConfig %q: %#v", d.Id(), res)
+
+	return resourceFirebaseAppCheckAppAttestConfigRead(d, meta)
+}
+
+func resourceFirebaseAppCheckAppAttestConfigRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{FirebaseAppCheckBasePath}}projects/{{project}}/apps/{{app_id}}/appAttestConfig")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for AppAttestConfig: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+	})
+	if err != nil {
+		return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("FirebaseAppCheckAppAttestConfig %q", d.Id()))
+	}
+
+	if err := d.Set("project", project); err != nil {
+		return fmt.Errorf("Error reading AppAttestConfig: %s", err)
+	}
+
+	if err := d.Set("name", flattenFirebaseAppCheckAppAttestConfigName(res["name"], d, config)); err != nil {
+		return fmt.Errorf("Error reading AppAttestConfig: %s", err)
+	}
+	if err := d.Set("token_ttl", flattenFirebaseAppCheckAppAttestConfigTokenTtl(res["tokenTtl"], d, config)); err != nil {
+		return fmt.Errorf("Error reading AppAttestConfig: %s", err)
+	}
+
+	return nil
+}
+
+func resourceFirebaseAppCheckAppAttestConfigUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for AppAttestConfig: %s", err)
+	}
+	billingProject = project
+
+	obj := make(map[string]interface{})
+	tokenTtlProp, err := expandFirebaseAppCheckAppAttestConfigTokenTtl(d.Get("token_ttl"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("token_ttl"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, tokenTtlProp)) {
+		obj["tokenTtl"] = tokenTtlProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{FirebaseAppCheckBasePath}}projects/{{project}}/apps/{{app_id}}/appAttestConfig")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Updating AppAttestConfig %q: %#v", d.Id(), obj)
+	updateMask := []string{}
+
+	if d.HasChange("token_ttl") {
+		updateMask = append(updateMask, "tokenTtl")
+	}
+	// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+	// won't set it
+	url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+	if err != nil {
+		return err
+	}
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	// if updateMask is empty we are not updating anything so skip the post
+	if len(updateMask) > 0 {
+		res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+			Config:    config,
+			Method:    "PATCH",
+			Project:   billingProject,
+			RawURL:    url,
+			UserAgent: userAgent,
+			Body:      obj,
+			Timeout:   d.Timeout(schema.TimeoutUpdate),
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error updating AppAttestConfig %q: %s", d.Id(), err)
+		} else {
+			log.Printf("[DEBUG] Finished updating AppAttestConfig %q: %#v", d.Id(), res)
+		}
+
+	}
+
+	return resourceFirebaseAppCheckAppAttestConfigRead(d, meta)
+}
+
+func resourceFirebaseAppCheckAppAttestConfigDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARNING] FirebaseAppCheck AppAttestConfig resources"+
+		" cannot be deleted from Google Cloud. The resource %s will be removed from Terraform"+
+		" state, but will still be present on Google Cloud.", d.Id())
+	d.SetId("")
+
+	return nil
+}
+
+func resourceFirebaseAppCheckAppAttestConfigImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*transport_tpg.Config)
+	if err := tpgresource.ParseImportId([]string{
+		"^projects/(?P<project>[^/]+)/apps/(?P<app_id>[^/]+)/appAttestConfig$",
+		"^(?P<project>[^/]+)/(?P<app_id>[^/]+)$",
+		"^(?P<app_id>[^/]+)$",
+	}, d, config); err != nil {
+		return nil, err
+	}
+
+	// Replace import id for the resource id
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/apps/{{app_id}}/appAttestConfig")
+	if err != nil {
+		return nil, fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	return []*schema.ResourceData{d}, nil
+}
+
+func flattenFirebaseAppCheckAppAttestConfigName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenFirebaseAppCheckAppAttestConfigTokenTtl(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func expandFirebaseAppCheckAppAttestConfigTokenTtl(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}