Request: Identity Platform project config resource

wvanderdeijl commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

It seems like all of the resource_identity_platform_* resources are implemented except for the project configuration itself which is needed for configuring things like to authorizedDomains and other project-level configuration.

New or Affected Resource(s)

google_identity_platform_config

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.
resource "google_identity_platform_config" "config" {
  sign_in {
    email {
      enabled = false
    }
    phone_number {
      enabled = true
      test_phone_numbers {
        foo = "+12065550100"
      }
    }
  }
  authorized_domains = [
    "iap.googleapis.com",
    "example.org"
  ]
  subtype = "IDENTITY_PLATFORM"
  client {
    permissions {
      disabled_user_signup = true
      disabled_user_deletion = true
    }
  }

References

The required updateConfig API is described at https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects/updateConfig This resource is a bit different than the other identity-platform resources as it does not use a create/delete/get/list/patch APIm, but simple a getConfig and updateConfig

0000

trodge commented 2 years ago

I would like to implement this resource using the DCL.

StephenWithPH commented 1 year ago

As noted in https://github.com/hashicorp/terraform-provider-google/issues/8288#issuecomment-1270397463, this is supported for multi-tenant.

TheNotary commented 1 year ago

I think the OP wants it possible to set authorized_domains. I'd like to have the functionality too and I can't see any documentation for setting that value.

tilgovi commented 1 year ago

It seems there's actually a number of things missing. For example, I don't see a way to configure "inheritance", "smsRegionConfig", "monitoring", or "client" blocks, as shown in the reference.

It would be great to be able to disable anonymous users, or disable self-service via the client permissions.

george-oakling commented 1 year ago

Yes, pls, I would like to have custom authorized domains and other parts of the settings...

nioncode commented 8 months ago

Isn't this already implemented by https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/identity_platform_config ?

However, there are many things missing that cannot be configured, e.g.:

Email enumeration protection (https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection)
custom smtp server
email templates

hashicorp / terraform-provider-google