Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add more route options #36

Merged
merged 3 commits into from
Feb 4, 2025
Merged

add more route options #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8964995
add more route options
wasaga Jan 31, 2025
66f7119
rm redirect opts, will be separate pr
wasaga Jan 31, 2025
82e00ef
update route data source
wasaga Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 38 additions & 3 deletions example/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,16 +203,51 @@ resource "pomerium_route" "kubernetes_route" {
tls_upstream_allow_renegotiation = true
}

resource "pomerium_route" "advanced_route" {
name = "advanced-route"
from = "https://advanced.corp.example.com"
to = ["https://internal-service.example.com"]
namespace_id = pomerium_namespace.test_namespace.id

# Response header manipulation
rewrite_response_headers = [
{
header = "Location"
prefix = "http://internal"
value = "https://external"
},
{
header = "Content-Security-Policy"
value = "default-src 'self'"
}
]
set_response_headers = {
"Strict-Transport-Security" = "max-age=31536000"
"X-Frame-Options" = "DENY"
}

tls_custom_ca_key_pair_id = pomerium_key_pair.test_key_pair.id
tls_skip_verify = false

enable_google_cloud_serverless_authentication = true
kubernetes_service_account_token_file = "/path/to/token"

description = "Advanced route with security headers"
logo_url = "https://example.com/logo.png"

show_error_details = true
}

# Data source examples
data "pomerium_namespaces" "all_namespaces" {}

data "pomerium_namespace" "existing_namespace" {
id = pomerium_namespace.test_namespace.id
}

# data "pomerium_route" "existing_route" {
# id = pomerium_route.test_route.id
# }
data "pomerium_route" "existing_route" {
id = pomerium_route.test_route.id
}

# Output examples
output "namespace_name" {
Expand Down
52 changes: 52 additions & 0 deletions internal/provider/route.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"

"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
"github.com/hashicorp/terraform-plugin-framework/attr"
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
Expand Down Expand Up @@ -199,6 +200,57 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
Computed: true,
},
"jwt_groups_filter": JWTGroupsFilterSchema,
"jwt_issuer_format": schema.ObjectAttribute{
Description: "JWT issuer format configuration.",
Optional: true,
AttributeTypes: map[string]attr.Type{
"format": types.StringType,
},
},
"rewrite_response_headers": schema.SetNestedAttribute{
Description: "Response header rewrite rules.",
Optional: true,
NestedObject: schema.NestedAttributeObject{
Attributes: map[string]schema.Attribute{
"header": schema.StringAttribute{
Required: true,
Description: "Header name to rewrite",
},
"prefix": schema.StringAttribute{
Optional: true,
Description: "Prefix matcher for the header",
},
"value": schema.StringAttribute{
Required: true,
Description: "New value for the header",
},
},
},
},
"tls_custom_ca_key_pair_id": schema.StringAttribute{
Description: "Custom CA key pair ID for TLS verification.",
Optional: true,
},
"tls_client_key_pair_id": schema.StringAttribute{
Description: "Client key pair ID for TLS client authentication.",
Optional: true,
},
"description": schema.StringAttribute{
Description: "Description of the route.",
Optional: true,
},
"kubernetes_service_account_token_file": schema.StringAttribute{
Description: "Path to the Kubernetes service account token file.",
Optional: true,
},
"logo_url": schema.StringAttribute{
Description: "URL to the logo image.",
Optional: true,
},
"enable_google_cloud_serverless_authentication": schema.BoolAttribute{
Description: "Enable Google Cloud serverless authentication.",
Optional: true,
},
},
}
}
Expand Down
59 changes: 56 additions & 3 deletions internal/provider/route_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"

"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
"github.com/hashicorp/terraform-plugin-framework/attr"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/hashicorp/terraform-plugin-framework/types"
Expand All @@ -30,7 +31,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
Computed: true,
Description: "From URL.",
},
"to": schema.ListAttribute{
"to": schema.SetAttribute{
Computed: true,
ElementType: types.StringType,
Description: "To URLs.",
Expand All @@ -39,7 +40,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
Computed: true,
Description: "ID of the namespace the route belongs to.",
},
"policies": schema.ListAttribute{
"policies": schema.SetAttribute{
Computed: true,
ElementType: types.StringType,
Description: "List of policy IDs associated with the route.",
Expand Down Expand Up @@ -131,7 +132,7 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
ElementType: types.StringType,
Description: "Set request headers.",
},
"remove_request_headers": schema.ListAttribute{
"remove_request_headers": schema.SetAttribute{
Computed: true,
ElementType: types.StringType,
Description: "Remove request headers.",
Expand Down Expand Up @@ -165,6 +166,58 @@ func getRouteDataSourceAttributes(idRequired bool) map[string]schema.Attribute {
Computed: true,
Description: "Show error details.",
},
"jwt_groups_filter": JWTGroupsFilterSchema,
"jwt_issuer_format": schema.ObjectAttribute{
Description: "JWT issuer format configuration.",
Computed: true,
AttributeTypes: map[string]attr.Type{
"format": types.StringType,
},
},
"rewrite_response_headers": schema.SetNestedAttribute{
Description: "Response header rewrite rules.",
Computed: true,
NestedObject: schema.NestedAttributeObject{
Attributes: map[string]schema.Attribute{
"header": schema.StringAttribute{
Required: true,
Description: "Header name to rewrite",
},
"prefix": schema.StringAttribute{
Optional: true,
Description: "Prefix matcher for the header",
},
"value": schema.StringAttribute{
Required: true,
Description: "New value for the header",
},
},
},
},
"tls_custom_ca_key_pair_id": schema.StringAttribute{
Description: "Custom CA key pair ID for TLS verification.",
Computed: true,
},
"tls_client_key_pair_id": schema.StringAttribute{
Description: "Client key pair ID for TLS client authentication.",
Computed: true,
},
"description": schema.StringAttribute{
Description: "Description of the route.",
Computed: true,
},
"kubernetes_service_account_token_file": schema.StringAttribute{
Description: "Path to the Kubernetes service account token file.",
Computed: true,
},
"logo_url": schema.StringAttribute{
Description: "URL to the logo image.",
Computed: true,
},
"enable_google_cloud_serverless_authentication": schema.BoolAttribute{
Description: "Enable Google Cloud serverless authentication.",
Computed: true,
},
}
}

Expand Down
Loading