Implement IapSettings resource. (#12183) (#835)

modular-magician · web-flow · commit 77d5c8a0a48e · 2024-10-29T12:24:58.000-07:00
[upstream:d8e9428040dcbf5e36a4fc53dfee9e2f792f20f8]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/iap_settings_basic/backing_file.tf b/iap_settings_basic/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}
diff --git a/iap_settings_basic/main.tf b/iap_settings_basic/main.tf
@@ -0,0 +1,68 @@
+data "google_project" "project" {
+}
+
+resource "google_compute_region_backend_service" "default" {
+  name                            = "iap-settings-tf-${local.name_suffix}"
+  region                          = "us-central1"
+  health_checks                   = [google_compute_health_check.default.id]
+  connection_draining_timeout_sec = 10
+  session_affinity                = "CLIENT_IP"
+}
+
+resource "google_compute_health_check" "default" {
+  name               = "iap-bs-health-check-${local.name_suffix}"
+  check_interval_sec = 1
+  timeout_sec        = 1
+
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_iap_settings" "iap_settings" {
+  name = "projects/${data.google_project.project.number}/iap_web/compute-us-central1/services/${google_compute_region_backend_service.default.name}"
+  access_settings {
+    identity_sources = ["WORKFORCE_IDENTITY_FEDERATION"]
+    allowed_domains_settings {
+      domains = ["test.abc.com"]
+      enable  = true
+    }
+    cors_settings {
+      allow_http_options = true
+    }
+    reauth_settings {
+      method = "SECURE_KEY"
+      max_age = "305s"
+      policy_type = "MINIMUM"
+    }
+    gcip_settings {
+      login_page_uri = "https://test.com/?apiKey=abc"
+    }
+    oauth_settings {
+      login_hint = "test"
+    }
+    workforce_identity_settings {
+      workforce_pools = ["wif-pool"]
+      oauth2 {
+        client_id = "test-client-id"
+        client_secret = "test-client-secret"
+      }
+    }    
+  }
+  application_settings {
+    cookie_domain = "test.abc.com"
+    csm_settings {
+      rctoken_aud = "test-aud-set"
+    }
+    access_denied_page_settings {
+      access_denied_page_uri = "test-uri"
+      generate_troubleshooting_uri = true
+      remediation_token_generation_enabled = false
+    }
+    attribute_propagation_settings {
+      output_credentials = ["HEADER"]
+      expression = "attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])"
+      enable = false
+    }
+  }
+}
diff --git a/iap_settings_basic/motd b/iap_settings_basic/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/iap_settings_basic/tutorial.md b/iap_settings_basic/tutorial.md
@@ -0,0 +1,79 @@
+# Iap Settings Basic - Terraform
+
+## Setup
+
+<walkthrough-author name="rileykarson@google.com" analyticsId="UA-125550242-1" tutorialName="iap_settings_basic" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
