Create OAuth 2.0 Client ID (non-IAP) resource

katieclaiborne commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

I'd like to be able to configure a non-IAP OAuth 2.0 Client ID as a resource.

If it's helpful, our specific use case is described on this documentation page.

We tried using the google_iap_client resource to import a manually-created client, but encountered the following error:

Error when reading or editing IapClient "projects//brands//identityAwareProxyClients/": googleapi: Error 403: The caller does not have permission

import {
  to = google_iap_brand.data_platform
  id = "projects/<project_number>/brands/<brand_id>"
}
resource "google_iap_brand" "data_platform" {
  support_email     = "<first.last>@cityblock.com"
  application_title = "Data Platform"
}

import {
  to = google_iap_client.dbt_cloud
  id = "projects/<project_number>/brands/<brand_id>/identityAwareProxyClients/<client_id>"
}
resource "google_iap_client" "dbt_cloud" {
  display_name = "dbt Cloud"
  brand        = google_iap_brand.data_platform.name
}

New or Affected Resource(s)

This issue requests a new resource, perhaps named something like:

google_oauth_client

It relates to the existing google_iap_client resource.

Potential Terraform Configuration

resource "google_oauth_client" "dbt_cloud" {
  application_type              = "Web application"
  name                          = "dbt Cloud"
  authorized_javascript_origins = ["https://cloud.getdbt.com"]
  authorized_redirect_uris      = ["https://cloud.getdbt.com/complete/bigquery"]
}

I would like to be able to access the client ID and secret values as attributes.

References

Relates to #6074, and #1287 before it.
This Google issue is somewhat related, in that it references non-IAP OAuth 2.0 Client IDs.

slevenick commented 1 year ago

I'm not sure if this is currently possible via the REST APIs. Are you aware of a REST API that would allow us to do this? The resource google_iap_brand is backed by the IAP APIs here: https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands so it seems to be only usable for IAP clients.

Without a REST API that enables this use case there isn't much we can do from the Terraform side

katieclaiborne commented 1 year ago

Ah, okay! In that case, we'll upvote the Google issue. Thank you, Sam.

github-actions[bot] commented 11 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-google