Allowed to set optional EndpointParams with OAuth credentials (e.g. required by MS Azure)

[croeck]

Hi,

not a Go expert yet, so please be patient with my proposal. I will try to incorporate your suggestions as best as I can.

We plan on using the provider to automate some Azure resources which are not yet supported in any other terraform provider. However, the access tokens obtained via OAuth must set a special resouce. We therefore added a new optional property in the OAuth section which allows to specify those. The property is already supported in the library golang.org/x/oauth2/clientcredentials, so we are only exposing it here as well.

An example how to use this provider with Microsoft Azure OAuth is included.

Thanks Cedric

[DRuggeri]

Hey there, @croeck - thanks for the pull request! As a non-export with Go, this looks like a clean implementation - well done :-)

I didn't realize you had submitted this and I ended up recreating the same thing in a recent push 🤦 But... instead of a single k/v for EndpointParams, used an array. Do you know if that matters?

[croeck]

Hi @DRuggeri. I only put up one key value pair in the example, in theory you can add multiple params in this implementation. A simple array will not suffice as you need to end up with url.Values{} for the HTTP client. This requires you to have both, key and value.

Comparing it to my implementation, you could define an array and require this to be filled with objects containing an explicit key and value definition, but in the ends it is just a different style so both will work.

[DRuggeri]

Thanks for the quick feedback. Do you have a way to test this in the newly released provider? The test cases seem to be happy, but it's always good to have some real-world results to confirm

[tiwood]

You can also get it to work with the oauth_scopes property:

provider "restapi" {
  uri                  = "https://management.azure.com"
  write_returns_object = true
  id_attribute         = "id"

  oauth_client_credentials {
    oauth_client_id      = var.ARM_CLIENT_ID
    oauth_client_secret  = var.ARM_CLIENT_SECRET
    oauth_token_endpoint = "https://login.microsoftonline.com/${var.ARM_TENANT_ID}/oauth2/v2.0/token"
    oauth_scopes         = ["https://management.azure.com/.default"]
  }
}

We use this to issue requests to the Azure Management API without issues.

[DRuggeri]

Hey, folks - just checking back in. Is this PR still needed or is the solution provided by @tiwood a preferred path? For either case, it would be great to have an example added to the examples folder.

[DRuggeri]

I'll go ahead and close this one out for now. Feel free to reopen if there's a desire to revisit