add more route options (#36)

Author: wasaga

example/main.tf

@@ -203,16 +203,51 @@ resource "pomerium_route" "kubernetes_route" {
   tls_upstream_allow_renegotiation = true
 }
 
+resource "pomerium_route" "advanced_route" {
+  name         = "advanced-route"
+  from         = "https://advanced.corp.example.com"
+  to           = ["https://internal-service.example.com"]
+  namespace_id = pomerium_namespace.test_namespace.id
+
+  # Response header manipulation
+  rewrite_response_headers = [
+    {
+      header = "Location"
+      prefix = "http://internal"
+      value  = "https://external"
+    },
+    {
+      header = "Content-Security-Policy"
+      value  = "default-src 'self'"
+    }
+  ]
+  set_response_headers = {
+    "Strict-Transport-Security" = "max-age=31536000"
+    "X-Frame-Options"           = "DENY"
+  }
+
+  tls_custom_ca_key_pair_id = pomerium_key_pair.test_key_pair.id
+  tls_skip_verify           = false
+
+  enable_google_cloud_serverless_authentication = true
+  kubernetes_service_account_token_file         = "/path/to/token"
+
+  description = "Advanced route with security headers"
+  logo_url    = "https://example.com/logo.png"
+
+  show_error_details = true
+}
+
 # Data source examples
 data "pomerium_namespaces" "all_namespaces" {}
 
 data "pomerium_namespace" "existing_namespace" {
   id = pomerium_namespace.test_namespace.id
 }
 
-# data "pomerium_route" "existing_route" {
-#   id = pomerium_route.test_route.id
-# }
+data "pomerium_route" "existing_route" {
+  id = pomerium_route.test_route.id
+}
 
 # Output examples
 output "namespace_name" {

internal/provider/route.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
@@ -199,6 +200,57 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 				Computed:    true,
 			},
 			"jwt_groups_filter": JWTGroupsFilterSchema,
+			"jwt_issuer_format": schema.ObjectAttribute{
+				Description: "JWT issuer format configuration.",
+				Optional:    true,
+				AttributeTypes: map[string]attr.Type{
+					"format": types.StringType,
+				},
+			},
+			"rewrite_response_headers": schema.SetNestedAttribute{
+				Description: "Response header rewrite rules.",
+				Optional:    true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"header": schema.StringAttribute{
+							Required:    true,
+							Description: "Header name to rewrite",
+						},
+						"prefix": schema.StringAttribute{
+							Optional:    true,
+							Description: "Prefix matcher for the header",
+						},
+						"value": schema.StringAttribute{
+							Required:    true,
+							Description: "New value for the header",
+						},
+					},
+				},
+			},
+			"tls_custom_ca_key_pair_id": schema.StringAttribute{
+				Description: "Custom CA key pair ID for TLS verification.",
+				Optional:    true,
+			},
+			"tls_client_key_pair_id": schema.StringAttribute{
+				Description: "Client key pair ID for TLS client authentication.",
+				Optional:    true,
+			},
+			"description": schema.StringAttribute{
+				Description: "Description of the route.",
+				Optional:    true,
+			},
+			"kubernetes_service_account_token_file": schema.StringAttribute{
+				Description: "Path to the Kubernetes service account token file.",
+				Optional:    true,
+			},
+			"logo_url": schema.StringAttribute{
+				Description: "URL to the logo image.",
+				Optional:    true,
+			},
+			"enable_google_cloud_serverless_authentication": schema.BoolAttribute{
+				Description: "Enable Google Cloud serverless authentication.",
+				Optional:    true,
+			},
 		},
 	}
 }

internal/provider/route_data_source.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -30,7 +31,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
 			Computed:    true,
 			Description: "From URL.",
 		},
-		"to": schema.ListAttribute{
+		"to": schema.SetAttribute{
 			Computed:    true,
 			ElementType: types.StringType,
 			Description: "To URLs.",
@@ -39,7 +40,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
 			Computed:    true,
 			Description: "ID of the namespace the route belongs to.",
 		},
-		"policies": schema.ListAttribute{
+		"policies": schema.SetAttribute{
 			Computed:    true,
 			ElementType: types.StringType,
 			Description: "List of policy IDs associated with the route.",
@@ -131,7 +132,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
 			ElementType: types.StringType,
 			Description: "Set request headers.",
 		},
-		"remove_request_headers": schema.ListAttribute{
+		"remove_request_headers": schema.SetAttribute{
 			Computed:    true,
 			ElementType: types.StringType,
 			Description: "Remove request headers.",
@@ -165,6 +166,58 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
 			Computed:    true,
 			Description: "Show error details.",
 		},
+		"jwt_groups_filter": JWTGroupsFilterSchema,
+		"jwt_issuer_format": schema.ObjectAttribute{
+			Description: "JWT issuer format configuration.",
+			Computed:    true,
+			AttributeTypes: map[string]attr.Type{
+				"format": types.StringType,
+			},
+		},
+		"rewrite_response_headers": schema.SetNestedAttribute{
+			Description: "Response header rewrite rules.",
+			Computed:    true,
+			NestedObject: schema.NestedAttributeObject{
+				Attributes: map[string]schema.Attribute{
+					"header": schema.StringAttribute{
+						Required:    true,
+						Description: "Header name to rewrite",
+					},
+					"prefix": schema.StringAttribute{
+						Optional:    true,
+						Description: "Prefix matcher for the header",
+					},
+					"value": schema.StringAttribute{
+						Required:    true,
+						Description: "New value for the header",
+					},
+				},
+			},
+		},
+		"tls_custom_ca_key_pair_id": schema.StringAttribute{
+			Description: "Custom CA key pair ID for TLS verification.",
+			Computed:    true,
+		},
+		"tls_client_key_pair_id": schema.StringAttribute{
+			Description: "Client key pair ID for TLS client authentication.",
+			Computed:    true,
+		},
+		"description": schema.StringAttribute{
+			Description: "Description of the route.",
+			Computed:    true,
+		},
+		"kubernetes_service_account_token_file": schema.StringAttribute{
+			Description: "Path to the Kubernetes service account token file.",
+			Computed:    true,
+		},
+		"logo_url": schema.StringAttribute{
+			Description: "URL to the logo image.",
+			Computed:    true,
+		},
+		"enable_google_cloud_serverless_authentication": schema.BoolAttribute{
+			Description: "Enable Google Cloud serverless authentication.",
+			Computed:    true,
+		},
 	}
 }