Skip to content

Commit

Permalink
Removed OAuth JWT Claims support, added validation for "url" variable…
Browse files Browse the repository at this point in the history
…, fixed support for IPv6 address and port
  • Loading branch information
bczoma authored Mar 1, 2024
1 parent 382a2c6 commit ce6f454
Show file tree
Hide file tree
Showing 15 changed files with 65 additions and 333 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/module-test-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,5 @@ jobs:
- name: Test examples
run: |
shopt -s extglob
for d in examples/!(adding-headers|adding-oauth-jwt-claims-workaround)/; do (ci/scripts/test-module.sh "$d"); done
for d in examples/!(adding-headers)/; do (ci/scripts/test-module.sh "$d"); done
ci/scripts/test-module.sh examples/adding-headers/ -var-file=secret.tfvars
ci/scripts/test-module.sh examples/adding-oauth-jwt-claims-workaround/ -var="enabled=false"
19 changes: 8 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,27 @@ Given a queue on the broker, as a destination for messages to be forwarded to a

Specific use case details are provided in the [Examples](#examples).

## Limitations

This module only supports one queue binding per REST delivery point. Configure a new REST delivery point using the module for an additional queue.

Adding extra OAuth JWT claims to the REST consumer is not supported in the current module. Support will be added in a later release.

## Module input variables

### Required

* `msg_vpn_name` - REST delivery points are specific to a Message VPN on the broker.
* `rest_delivery_point_name` - The name of the REST delivery point to be created.
* `url` - The REST consumer destination URL including base URL and endpoint path. The path portion of the URL may contain [substitution expressions](https://docs.solace.com/Messaging/Substitution-Expressions-Overview.htm).
* `url` - The REST consumer destination URL including base URL and endpoint path. The path portion of the URL may contain [substitution expressions](https://docs.solace.com/Messaging/Substitution-Expressions-Overview.htm). To specify an IPv6 address with port, the required format is the address to be [enclosed in square brackets](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2).
* `queue_name` - The name of the queue to bind to.

Important: The REST delivery point must have permission to consume messages from the queue — to achieve this, the queue’s owner must be set to `#rdp/<rest_delivery_point_name>` or the queue’s permissions for non-owner clients must be set to at least `consume` level access. Queue ingress and egress must also be enabled.


### Optional

* `request_headers` - A set of request headers to be added to the HTTP request
* `protected_request_headers` - A set of protected request headers with sensitive value to be added to the HTTP request
* `oauth_jwt_claims` - A set of additional claims to be added to the JWT sent to the OAuth token request endpoint
* `rest_consumer_name` - The name of the REST consumer to be created. The default is `consumer`.

Additional optional module variables names are the same as the underlying resource attributes. The recommended approach to determine variable name mappings is to look up the resource's documentation for matching attribute names:
Expand All @@ -34,7 +38,6 @@ Additional optional module variables names are the same as the underlying resour
|[solacebroker_msg_vpn_rest_delivery_point_queue_binding](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding#optional)|
|[solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding_request_header#optional)|
|[solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header#optional)|
|[solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim#optional)|

Most optional variables' default value is `null`, meaning that if not provided then the resource default value will be provisioned on the broker.

Expand Down Expand Up @@ -63,20 +66,14 @@ The following table shows the resources created. "X" denotes a resource always c
| solacebroker_msg_vpn_rest_delivery_point_queue_binding | X |
| solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header | O |
| solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header | O |
| solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim | O |

## Examples

Refer to the following configuration examples:

- [Basic](examples/basic)
- [Substitution Expressions](examples/using-substitution-expressions)
- [Substitution expressions](examples/using-substitution-expressions)
- [Adding headers](examples/adding-headers)
- [Adding JWT claims (workaround)](examples/adding-oauth-jwt-claims-workaround)
- [Multiple queue bindings](examples/multiple-queue-bindings)
- [Amazon AWS consumer](examples/aws)
- [Microsoft Azure consumer](examples/azure)
- [Google Cloud consumer](examples/gcp)

## Module use recommendations

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.1.0-rc.1
0.1.0-rc.2
27 changes: 3 additions & 24 deletions ci/module-test/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ module "testrdp" {

msg_vpn_name = "default"
queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name
url = "http://example.com/$${msgId()}"
url = "https://example.com"
rest_delivery_point_name = "my_rdp"
enabled = false
client_profile_name = "default"
request_headers = [
{
header_name = "header1"
Expand All @@ -38,24 +39,6 @@ module "testrdp" {
header_value = "protected_value2"
}
]
oauth_jwt_claims = [
{
oauth_jwt_claim_name = "scope"
oauth_jwt_claim_value = "\"https://www.googleapis.com/auth/pubsub\""
},
{
oauth_jwt_claim_name = "aud"
oauth_jwt_claim_value = "\"https://www.googleapis.com/oauth2/v4/token\""
},
{
oauth_jwt_claim_name = "iss"
oauth_jwt_claim_value = "\"111400995554822290197\""
},
{
oauth_jwt_claim_name = "sub"
oauth_jwt_claim_value = "\"111400995554822290197\""
}
]
}

output "rdp" {
Expand All @@ -80,16 +63,12 @@ output "protected_request_headers" {
sensitive = true
}

output "oauth_jwt_claims" {
value = module.testrdp.oauth_jwt_claims
}

module "testrdp2" {
source = "../../internal/gen-template"

msg_vpn_name = "default"
queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name
url = "http://example.com/$${msgId()}"
url = "http://[2001:db8:3333:4444:5555:6666:7777:8888]:12345/$${msgId()}"
rest_delivery_point_name = "my_rdp2"
request_headers = module.testrdp.request_headers
protected_request_headers = module.testrdp.protected_request_headers
Expand Down
26 changes: 2 additions & 24 deletions ci/template-test/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ module "testrdp" {

msg_vpn_name = "default"
queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name
url = "http://example.com/$${msgId()}"
url = "https://example.com"
rest_delivery_point_name = "my_rdp"
enabled = false
request_headers = [
Expand All @@ -38,24 +38,6 @@ module "testrdp" {
header_value = "protected_value2"
}
]
oauth_jwt_claims = [
{
oauth_jwt_claim_name = "scope"
oauth_jwt_claim_value = "\"https://www.googleapis.com/auth/pubsub\""
},
{
oauth_jwt_claim_name = "aud"
oauth_jwt_claim_value = "\"https://www.googleapis.com/oauth2/v4/token\""
},
{
oauth_jwt_claim_name = "iss"
oauth_jwt_claim_value = "\"111400995554822290197\""
},
{
oauth_jwt_claim_name = "sub"
oauth_jwt_claim_value = "\"111400995554822290197\""
}
]
}

output "rdp" {
Expand All @@ -80,16 +62,12 @@ output "protected_request_headers" {
sensitive = true
}

output "oauth_jwt_claims" {
value = module.testrdp.oauth_jwt_claims
}

module "testrdp2" {
source = "../../internal/gen-template"

msg_vpn_name = "default"
queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name
url = "http://example.com/$${msgId()}"
url = "http://[2001:db8:3333:4444:5555:6666:7777:8888]:12345/$${msgId()}"
rest_delivery_point_name = "my_rdp2"
request_headers = module.testrdp.request_headers
protected_request_headers = module.testrdp.protected_request_headers
Expand Down
97 changes: 0 additions & 97 deletions examples/adding-oauth-jwt-claims-workaround/README.md

This file was deleted.

71 changes: 0 additions & 71 deletions examples/adding-oauth-jwt-claims-workaround/main.tf

This file was deleted.

10 changes: 0 additions & 10 deletions examples/adding-oauth-jwt-claims-workaround/providers.tf

This file was deleted.

4 changes: 0 additions & 4 deletions examples/adding-oauth-jwt-claims-workaround/variables.tf

This file was deleted.

14 changes: 2 additions & 12 deletions internal/gen-template/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
locals {
tls = startswith(lower(var.url), "https:")
slashSplit = split("/", var.url)
hostPortSplit = split(":", local.slashSplit[2])
isIpV6HostPort = length(split("]", local.slashSplit[2])) == 2
hostPortSplit = local.isIpV6HostPort ? split("]:", trimprefix(local.slashSplit[2], "[")) : split(":", local.slashSplit[2])
host = local.hostPortSplit[0]
port = length(local.hostPortSplit) == 2 ? tonumber(local.hostPortSplit[1]) : (local.tls ? 443 : 80)
path = "/${join("/", slice(local.slashSplit, 3, length(local.slashSplit)))}"
Expand Down Expand Up @@ -59,14 +60,3 @@ resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_reque
header_name = local.protected_headers_list[count.index].header_name
header_value = local.protected_headers_list[count.index].header_value
}

resource "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim" "main" {
for_each = { for v in var.oauth_jwt_claims : v.oauth_jwt_claim_name => v }

msg_vpn_name = solacebroker_msg_vpn_rest_delivery_point.main.msg_vpn_name
rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.main.rest_delivery_point_name
rest_consumer_name = solacebroker_msg_vpn_rest_delivery_point_rest_consumer.main.rest_consumer_name

oauth_jwt_claim_name = each.value.oauth_jwt_claim_name
oauth_jwt_claim_value = each.value.oauth_jwt_claim_value
}
4 changes: 0 additions & 4 deletions internal/gen-template/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,3 @@ output "protected_request_headers" {
value = try(solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header.main, null)
sensitive = true
}

output "oauth_jwt_claims" {
value = try(solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.main, null)
}
Loading

0 comments on commit ce6f454

Please sign in to comment.