From ce6f454eafa7c344e62fcfa44f8cf6adcc6a773a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Czoma?= Date: Fri, 1 Mar 2024 16:16:20 -0500 Subject: [PATCH] Removed OAuth JWT Claims support, added validation for "url" variable, fixed support for IPv6 address and port --- .github/workflows/module-test-pipeline.yml | 3 +- README.md | 19 ++-- VERSION | 2 +- ci/module-test/main.tf | 27 +----- ci/template-test/main.tf | 26 +---- .../README.md | 97 ------------------- .../main.tf | 71 -------------- .../providers.tf | 10 -- .../variables.tf | 4 - internal/gen-template/main.tf | 14 +-- internal/gen-template/outputs.tf | 4 - internal/gen-template/variables.tf | 15 +-- main.tf | 14 +-- outputs.tf | 15 +-- variables.tf | 77 +++++++-------- 15 files changed, 65 insertions(+), 333 deletions(-) delete mode 100644 examples/adding-oauth-jwt-claims-workaround/README.md delete mode 100644 examples/adding-oauth-jwt-claims-workaround/main.tf delete mode 100644 examples/adding-oauth-jwt-claims-workaround/providers.tf delete mode 100644 examples/adding-oauth-jwt-claims-workaround/variables.tf diff --git a/.github/workflows/module-test-pipeline.yml b/.github/workflows/module-test-pipeline.yml index 7c5362e..78b05fa 100644 --- a/.github/workflows/module-test-pipeline.yml +++ b/.github/workflows/module-test-pipeline.yml @@ -36,6 +36,5 @@ jobs: - name: Test examples run: | shopt -s extglob - for d in examples/!(adding-headers|adding-oauth-jwt-claims-workaround)/; do (ci/scripts/test-module.sh "$d"); done + for d in examples/!(adding-headers)/; do (ci/scripts/test-module.sh "$d"); done ci/scripts/test-module.sh examples/adding-headers/ -var-file=secret.tfvars - ci/scripts/test-module.sh examples/adding-oauth-jwt-claims-workaround/ -var="enabled=false" diff --git a/README.md b/README.md index 8e06a88..e8f0779 100644 --- a/README.md +++ b/README.md @@ -6,23 +6,27 @@ Given a queue on the broker, as a destination for messages to be forwarded to a Specific use case details are provided in the [Examples](#examples). +## Limitations + +This module only supports one queue binding per REST delivery point. Configure a new REST delivery point using the module for an additional queue. + +Adding extra OAuth JWT claims to the REST consumer is not supported in the current module. Support will be added in a later release. + ## Module input variables ### Required * `msg_vpn_name` - REST delivery points are specific to a Message VPN on the broker. * `rest_delivery_point_name` - The name of the REST delivery point to be created. -* `url` - The REST consumer destination URL including base URL and endpoint path. The path portion of the URL may contain [substitution expressions](https://docs.solace.com/Messaging/Substitution-Expressions-Overview.htm). +* `url` - The REST consumer destination URL including base URL and endpoint path. The path portion of the URL may contain [substitution expressions](https://docs.solace.com/Messaging/Substitution-Expressions-Overview.htm). To specify an IPv6 address with port, the required format is the address to be [enclosed in square brackets](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2). * `queue_name` - The name of the queue to bind to. Important: The REST delivery point must have permission to consume messages from the queue — to achieve this, the queue’s owner must be set to `#rdp/` or the queue’s permissions for non-owner clients must be set to at least `consume` level access. Queue ingress and egress must also be enabled. - ### Optional * `request_headers` - A set of request headers to be added to the HTTP request * `protected_request_headers` - A set of protected request headers with sensitive value to be added to the HTTP request -* `oauth_jwt_claims` - A set of additional claims to be added to the JWT sent to the OAuth token request endpoint * `rest_consumer_name` - The name of the REST consumer to be created. The default is `consumer`. Additional optional module variables names are the same as the underlying resource attributes. The recommended approach to determine variable name mappings is to look up the resource's documentation for matching attribute names: @@ -34,7 +38,6 @@ Additional optional module variables names are the same as the underlying resour |[solacebroker_msg_vpn_rest_delivery_point_queue_binding](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding#optional)| |[solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding_request_header#optional)| |[solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header#optional)| -|[solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim#optional)| Most optional variables' default value is `null`, meaning that if not provided then the resource default value will be provisioned on the broker. @@ -63,20 +66,14 @@ The following table shows the resources created. "X" denotes a resource always c | solacebroker_msg_vpn_rest_delivery_point_queue_binding | X | | solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header | O | | solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header | O | -| solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim | O | ## Examples Refer to the following configuration examples: - [Basic](examples/basic) -- [Substitution Expressions](examples/using-substitution-expressions) +- [Substitution expressions](examples/using-substitution-expressions) - [Adding headers](examples/adding-headers) -- [Adding JWT claims (workaround)](examples/adding-oauth-jwt-claims-workaround) -- [Multiple queue bindings](examples/multiple-queue-bindings) -- [Amazon AWS consumer](examples/aws) -- [Microsoft Azure consumer](examples/azure) -- [Google Cloud consumer](examples/gcp) ## Module use recommendations diff --git a/VERSION b/VERSION index 3738566..f2e984b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.0-rc.1 +0.1.0-rc.2 diff --git a/ci/module-test/main.tf b/ci/module-test/main.tf index e4feb22..18fd4d3 100644 --- a/ci/module-test/main.tf +++ b/ci/module-test/main.tf @@ -15,9 +15,10 @@ module "testrdp" { msg_vpn_name = "default" queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name - url = "http://example.com/$${msgId()}" + url = "https://example.com" rest_delivery_point_name = "my_rdp" enabled = false + client_profile_name = "default" request_headers = [ { header_name = "header1" @@ -38,24 +39,6 @@ module "testrdp" { header_value = "protected_value2" } ] - oauth_jwt_claims = [ - { - oauth_jwt_claim_name = "scope" - oauth_jwt_claim_value = "\"https://www.googleapis.com/auth/pubsub\"" - }, - { - oauth_jwt_claim_name = "aud" - oauth_jwt_claim_value = "\"https://www.googleapis.com/oauth2/v4/token\"" - }, - { - oauth_jwt_claim_name = "iss" - oauth_jwt_claim_value = "\"111400995554822290197\"" - }, - { - oauth_jwt_claim_name = "sub" - oauth_jwt_claim_value = "\"111400995554822290197\"" - } - ] } output "rdp" { @@ -80,16 +63,12 @@ output "protected_request_headers" { sensitive = true } -output "oauth_jwt_claims" { - value = module.testrdp.oauth_jwt_claims -} - module "testrdp2" { source = "../../internal/gen-template" msg_vpn_name = "default" queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name - url = "http://example.com/$${msgId()}" + url = "http://[2001:db8:3333:4444:5555:6666:7777:8888]:12345/$${msgId()}" rest_delivery_point_name = "my_rdp2" request_headers = module.testrdp.request_headers protected_request_headers = module.testrdp.protected_request_headers diff --git a/ci/template-test/main.tf b/ci/template-test/main.tf index f63e97b..ebe1dc0 100644 --- a/ci/template-test/main.tf +++ b/ci/template-test/main.tf @@ -15,7 +15,7 @@ module "testrdp" { msg_vpn_name = "default" queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name - url = "http://example.com/$${msgId()}" + url = "https://example.com" rest_delivery_point_name = "my_rdp" enabled = false request_headers = [ @@ -38,24 +38,6 @@ module "testrdp" { header_value = "protected_value2" } ] - oauth_jwt_claims = [ - { - oauth_jwt_claim_name = "scope" - oauth_jwt_claim_value = "\"https://www.googleapis.com/auth/pubsub\"" - }, - { - oauth_jwt_claim_name = "aud" - oauth_jwt_claim_value = "\"https://www.googleapis.com/oauth2/v4/token\"" - }, - { - oauth_jwt_claim_name = "iss" - oauth_jwt_claim_value = "\"111400995554822290197\"" - }, - { - oauth_jwt_claim_name = "sub" - oauth_jwt_claim_value = "\"111400995554822290197\"" - } - ] } output "rdp" { @@ -80,16 +62,12 @@ output "protected_request_headers" { sensitive = true } -output "oauth_jwt_claims" { - value = module.testrdp.oauth_jwt_claims -} - module "testrdp2" { source = "../../internal/gen-template" msg_vpn_name = "default" queue_name = solacebroker_msg_vpn_queue.myqueue.queue_name - url = "http://example.com/$${msgId()}" + url = "http://[2001:db8:3333:4444:5555:6666:7777:8888]:12345/$${msgId()}" rest_delivery_point_name = "my_rdp2" request_headers = module.testrdp.request_headers protected_request_headers = module.testrdp.protected_request_headers diff --git a/examples/adding-oauth-jwt-claims-workaround/README.md b/examples/adding-oauth-jwt-claims-workaround/README.md deleted file mode 100644 index bafd4b8..0000000 --- a/examples/adding-oauth-jwt-claims-workaround/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Adding OAuth JWT Claims REST Delivery Configuration Example - -This example shows how to add optional additional OAuth JWT claims that the REST consumer will use to request access tokens when configuring [REST messaging](https://docs.solace.com/API/REST/REST-Consumers.htm) on the PubSub+ event broker, leveraging the REST Delivery Terraform module. - -## Issue and workaround - -The `enabled` module input variable controls if the `rest_delivery_point` and the `rest_delivery_point_rest_consumer` resources are administratively enabled. -The module default is `true`. While this default ensures that the broker is ready for outgoing REST messaging after configuration, it conflicts with a current capability of the Solace provider: optional additional OAuth JWT claims can only be configured on administratively disabled REST consumer resources. - -To work around this until the provider capability is added, if using the `oauth_jwt_claims` module input variable, apply the module in two passes: first with `enabled` set to `false`, then with `enabled` set to true. To conveniently do this, define an input variable with default set to `true` for the root configuration, pass its value to the module `enabled` input, and then control the variable from the Terraform CLI: - -```bash -terraform apply -var="enabled=false" # applies the config with adminstratively disabled RDP and REST consumer -terraform apply # only changes the admin status of the RDP and the REST consumer (enabled default is true) -``` - -When modifying or deleting the config, first apply the current config to adminstratively disable the RDP and the REST consumer: -```bash -terraform apply -var="enabled=false" # only changes the admin status of the RDP and the REST consumer (assuming the config has not changed) -terraform destroy # this one deletes the config. To modify the config, use above two-pass apply -``` - -To clarify, this workaround is only required when changing the `oauth_jwt_claims` module input variable. - -## Module Configuration in the Example - -Note: the focus of this example is adding optional additional OAuth JWT claims. While there are some - -### Required Inputs - -* `msg_vpn_name` - set to `default` in the example -* `rest_delivery_point_name` -* `url` - set to `https://example.com/test` in the example. Note that it includes the endpoint path -* `queue_name` - `rdp_queue`, the queue that has been created to be used with the RDP - -Important: The REST delivery point must have permission to consume messages from the queue — to achieve this, the queue’s owner must be set to `#rdp/` or the queue’s permissions for non-owner clients must be set to at least `consume` level access. Queue ingress and egress must also be enabled. - -### Optional Inputs - -* `oauth_jwt_claims` - the set of additional claims, `scope` and `iss` in the example - -Optional module input variables have the same name as the attributes of the underlying provider resource. If omitted then the default for the related resource attribute will be configured on the broker. For attributes and defaults, refer to the [documentation of "solacebroker_msg_vpn_queue"](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_queue#optional). - -The module default for the `enabled` variable is true, which enables both the RDP and the REST consumer resources. - -### Output - -The module `rdp` output refers to the created REST delivery point. - -## Created resources - -This example will create following resources: - -* `solacebroker_msg_vpn_queue` (created before the module, as pre-requisite) -

-* `solacebroker_msg_vpn_rest_delivery_point` -* `solacebroker_msg_vpn_rest_delivery_point_rest_consumer` -* `solacebroker_msg_vpn_rest_delivery_point_queue_binding` -* `solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim` - -## Running the Example - -### Access to a PubSub+ broker - -If you don't already have access to a broker, refer to the [Developers page](https://www.solace.dev/) for options to get started. - -### Sample source code - -The sample is available from the module GitHub repo: - -```bash -git clone https://github.com/SolaceProducts/terraform-solacebroker-rest-delivery.git -cd examples/adding-oauth-jwt-claims-workaround -``` - -### Adjust Provider Configuration - -Adjust the [provider parameters](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs#schema) in `main.tf` according to your broker. The example configuration shows settings for a local broker running in Docker. - -### Create the resource - -Hint: You can verify configuration changes on the broker, before and after, using the [PubSub+ Broker Manager Web UI](https://docs.solace.com/Admin/Broker-Manager/PubSub-Manager-Overview.htm) - -Execute from this folder: - -```bash -terraform init -terraform plan -terraform apply -var="enabled=false" -terraform apply -``` - -Run `terraform destroy` to clean up created resources when no longer needed. - -## Additional Documentation - -Refer to the [Managing REST Delivery Points](https://docs.solace.com/Services/Managing-RDPs.htm) section in the PubSub+ documentation. diff --git a/examples/adding-oauth-jwt-claims-workaround/main.tf b/examples/adding-oauth-jwt-claims-workaround/main.tf deleted file mode 100644 index 15a7d2e..0000000 --- a/examples/adding-oauth-jwt-claims-workaround/main.tf +++ /dev/null @@ -1,71 +0,0 @@ -provider "solacebroker" { - username = "admin" - password = "admin" - url = "http://localhost:8080" -} - -# The RDP requires a queue to bind to. -# Recommended: Use the queue-endpoint module to create the queue -# TODO: Uncomment the following block and replace the resource block once the queue-endpoint module is available -# module "rdp_queue" { -# source = SolaceProducts/queue-endpoint/solacebroker -# -# msg_vpn_name = "default" -# endpoint_type = "queue" -# endpoint_name = "rdp_queue" -# -# # The REST delivery point must have permission to consume messages from the queue -# # — to achieve this, either the queue’s owner must be set to `#rdp/` -# # owner = "#rdp/basic_rdp" -# # or the queue’s permissions for non-owner clients must be set to at least `consume` level access -# permission = "consume" -# -# # The queue must also be enabled for ingress and egress, which is the default for the rdp_queue module -# } -resource "solacebroker_msg_vpn_queue" "rdp_queue" { - msg_vpn_name = "default" - queue_name = "rdp_queue" - permission = "consume" - ingress_enabled = true - egress_enabled = true -} - -module "testrdp" { - source = "../.." - - msg_vpn_name = "default" - rest_delivery_point_name = "basic_rdp" - url = "https://example.com/test" - # queue_name = module.rdp_queue.queue.queue_name - queue_name = solacebroker_msg_vpn_queue.rdp_queue.queue_name - enabled = var.enabled - - # Example additional config required for proper OAuth setup - # authentication_scheme = "oauth-jwt" - # authentication_oauth_jwt_secret_key = "-----BEGIN PRIVATE KEY-----test-----END PRIVATE KEY-----\n" - # authentication_oauth_jwt_token_endpoint = "https://www.googleapis.com/oauth2/v4/token" - # authentication_oauth_jwt_token_expiry_default = "3600" - oauth_jwt_claims = [ - { - oauth_jwt_claim_name = "scope" - oauth_jwt_claim_value = "\"https://www.googleapis.com/auth/pubsub\"" - }, - { - oauth_jwt_claim_name = "iss" - oauth_jwt_claim_value = "\"111400995554822290197\"" - } - ] -} - -output "rdp" { - value = module.testrdp.rest_delivery_point -} - -output "consumer" { - value = module.testrdp.rest_consumer - sensitive = true -} - -output "queue_binding" { - value = module.testrdp.queue_binding -} diff --git a/examples/adding-oauth-jwt-claims-workaround/providers.tf b/examples/adding-oauth-jwt-claims-workaround/providers.tf deleted file mode 100644 index d1de478..0000000 --- a/examples/adding-oauth-jwt-claims-workaround/providers.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Terraform configuration - -terraform { - required_providers { - solacebroker = { - source = "registry.terraform.io/solaceproducts/solacebroker" - } - } - required_version = "~> 1.2" -} diff --git a/examples/adding-oauth-jwt-claims-workaround/variables.tf b/examples/adding-oauth-jwt-claims-workaround/variables.tf deleted file mode 100644 index ddea9e7..0000000 --- a/examples/adding-oauth-jwt-claims-workaround/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ - variable "enabled" { - type = bool - default = true - } diff --git a/internal/gen-template/main.tf b/internal/gen-template/main.tf index 173afc9..59a37a1 100644 --- a/internal/gen-template/main.tf +++ b/internal/gen-template/main.tf @@ -1,7 +1,8 @@ locals { tls = startswith(lower(var.url), "https:") slashSplit = split("/", var.url) - hostPortSplit = split(":", local.slashSplit[2]) + isIpV6HostPort = length(split("]", local.slashSplit[2])) == 2 + hostPortSplit = local.isIpV6HostPort ? split("]:", trimprefix(local.slashSplit[2], "[")) : split(":", local.slashSplit[2]) host = local.hostPortSplit[0] port = length(local.hostPortSplit) == 2 ? tonumber(local.hostPortSplit[1]) : (local.tls ? 443 : 80) path = "/${join("/", slice(local.slashSplit, 3, length(local.slashSplit)))}" @@ -59,14 +60,3 @@ resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_reque header_name = local.protected_headers_list[count.index].header_name header_value = local.protected_headers_list[count.index].header_value } - -resource "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim" "main" { - for_each = { for v in var.oauth_jwt_claims : v.oauth_jwt_claim_name => v } - - msg_vpn_name = solacebroker_msg_vpn_rest_delivery_point.main.msg_vpn_name - rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.main.rest_delivery_point_name - rest_consumer_name = solacebroker_msg_vpn_rest_delivery_point_rest_consumer.main.rest_consumer_name - - oauth_jwt_claim_name = each.value.oauth_jwt_claim_name - oauth_jwt_claim_value = each.value.oauth_jwt_claim_value -} diff --git a/internal/gen-template/outputs.tf b/internal/gen-template/outputs.tf index 6983fd8..b98eaee 100644 --- a/internal/gen-template/outputs.tf +++ b/internal/gen-template/outputs.tf @@ -21,7 +21,3 @@ output "protected_request_headers" { value = try(solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header.main, null) sensitive = true } - -output "oauth_jwt_claims" { - value = try(solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.main, null) -} diff --git a/internal/gen-template/variables.tf b/internal/gen-template/variables.tf index 12032c6..084e84b 100644 --- a/internal/gen-template/variables.tf +++ b/internal/gen-template/variables.tf @@ -10,6 +10,10 @@ variable "msg_vpn_name" { variable "url" { description = "The URL that the messages should be delivered to. The path portion of the URL may contain substitution expressions" type = string + validation { + condition = can(regex("https?://.*", var.url)) + error_message = "The URL must be a valid URL" + } } variable "rest_delivery_point_name" { @@ -25,7 +29,7 @@ variable "queue_name" { # Optional variables variable "enabled" { - description = "Enable or disable the REST Delivery Point and the underlying REST Consumer." + description = "Enable or disable the REST Delivery Point and the underlying REST Consumer" type = bool default = true } @@ -56,12 +60,3 @@ variable "protected_request_headers" { default = [] sensitive = true } - -variable "oauth_jwt_claims" { - description = "Additional claims to be added to the JWT sent to the OAuth token request endpoint" - type = set(object({ - oauth_jwt_claim_name = string - oauth_jwt_claim_value = string - })) - default = [] -} diff --git a/main.tf b/main.tf index 10b39ff..dcda027 100644 --- a/main.tf +++ b/main.tf @@ -15,7 +15,8 @@ locals { tls = startswith(lower(var.url), "https:") slashSplit = split("/", var.url) - hostPortSplit = split(":", local.slashSplit[2]) + isIpV6HostPort = length(split("]", local.slashSplit[2])) == 2 + hostPortSplit = local.isIpV6HostPort ? split("]:", trimprefix(local.slashSplit[2], "[")) : split(":", local.slashSplit[2]) host = local.hostPortSplit[0] port = length(local.hostPortSplit) == 2 ? tonumber(local.hostPortSplit[1]) : (local.tls ? 443 : 80) path = "/${join("/", slice(local.slashSplit, 3, length(local.slashSplit)))}" @@ -102,14 +103,3 @@ resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_reque header_value = local.protected_headers_list[count.index].header_value } -resource "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim" "main" { - for_each = { for v in var.oauth_jwt_claims : v.oauth_jwt_claim_name => v } - - msg_vpn_name = solacebroker_msg_vpn_rest_delivery_point.main.msg_vpn_name - rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.main.rest_delivery_point_name - rest_consumer_name = solacebroker_msg_vpn_rest_delivery_point_rest_consumer.main.rest_consumer_name - - oauth_jwt_claim_name = each.value.oauth_jwt_claim_name - oauth_jwt_claim_value = each.value.oauth_jwt_claim_value -} - diff --git a/outputs.tf b/outputs.tf index d6eb967..6263b10 100644 --- a/outputs.tf +++ b/outputs.tf @@ -16,33 +16,28 @@ output "rest_delivery_point" { value = try(solacebroker_msg_vpn_rest_delivery_point.main, null) - description = "A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers." + description = "A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers" } output "rest_consumer" { value = try(solacebroker_msg_vpn_rest_delivery_point_rest_consumer.main, null) sensitive = true - description = "REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker." + description = "REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker" } output "queue_binding" { value = try(solacebroker_msg_vpn_rest_delivery_point_queue_binding.main, null) - description = "A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted." + description = "A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted" } output "request_headers" { value = try(solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header.main, null) - description = "A request header to be added to the HTTP request." + description = "A request header to be added to the HTTP request" } output "protected_request_headers" { value = try(solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header.main, null) sensitive = true - description = "A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set." -} - -output "oauth_jwt_claims" { - value = try(solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.main, null) - description = "A Claim is added to the JWT sent to the OAuth token request endpoint." + description = "A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set" } diff --git a/variables.tf b/variables.tf index 02f77be..8476811 100644 --- a/variables.tf +++ b/variables.tf @@ -24,6 +24,10 @@ variable "msg_vpn_name" { variable "url" { description = "The URL that the messages should be delivered to. The path portion of the URL may contain substitution expressions" type = string + validation { + condition = can(regex("https?://.*", var.url)) + error_message = "The URL must be a valid URL" + } } variable "rest_delivery_point_name" { @@ -39,7 +43,7 @@ variable "queue_name" { # Optional variables variable "enabled" { - description = "Enable or disable the REST Delivery Point and the underlying REST Consumer." + description = "Enable or disable the REST Delivery Point and the underlying REST Consumer" type = bool default = true } @@ -51,194 +55,194 @@ variable "rest_consumer_name" { } variable "authentication_aws_access_key_id" { - description = "The AWS access key id." + description = "The AWS access key id" type = string default = null } variable "authentication_aws_region" { - description = "The AWS region id." + description = "The AWS region id" type = string default = null } variable "authentication_aws_secret_access_key" { - description = "The AWS secret access key." + description = "The AWS secret access key" type = string default = null sensitive = true } variable "authentication_aws_service" { - description = "The AWS service id." + description = "The AWS service id" type = string default = null } variable "authentication_client_cert_content" { - description = "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host." + description = "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host" type = string default = null sensitive = true } variable "authentication_client_cert_password" { - description = "The password for the client certificate." + description = "The password for the client certificate" type = string default = null sensitive = true } variable "authentication_http_basic_password" { - description = "The password for the username." + description = "The password for the username" type = string default = null sensitive = true } variable "authentication_http_basic_username" { - description = "The username that the REST Consumer will use to login to the REST host." + description = "The username that the REST Consumer will use to login to the REST host" type = string default = null } variable "authentication_http_header_name" { - description = "The authentication header name." + description = "The authentication header name" type = string default = null } variable "authentication_http_header_value" { - description = "The authentication header value." + description = "The authentication header value" type = string default = null sensitive = true } variable "authentication_oauth_client_id" { - description = "The OAuth client ID." + description = "The OAuth client ID" type = string default = null } variable "authentication_oauth_client_scope" { - description = "The OAuth scope." + description = "The OAuth scope" type = string default = null } variable "authentication_oauth_client_secret" { - description = "The OAuth client secret." + description = "The OAuth client secret" type = string default = null sensitive = true } variable "authentication_oauth_client_token_endpoint" { - description = "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host." + description = "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host" type = string default = null } variable "authentication_oauth_client_token_expiry_default" { - description = "The default expiry time for a token, in seconds." + description = "The default expiry time for a token, in seconds" type = number default = null } variable "authentication_oauth_jwt_secret_key" { - description = "The OAuth secret key used to sign the token request JWT." + description = "The OAuth secret key used to sign the token request JWT" type = string default = null sensitive = true } variable "authentication_oauth_jwt_token_endpoint" { - description = "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host." + description = "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host" type = string default = null } variable "authentication_oauth_jwt_token_expiry_default" { - description = "The default expiry time for a token, in seconds." + description = "The default expiry time for a token, in seconds" type = number default = null } variable "authentication_scheme" { - description = "The authentication scheme used by the REST Consumer to login to the REST host." + description = "The authentication scheme used by the REST Consumer to login to the REST host" type = string default = null } variable "client_profile_name" { - description = "The Client Profile of the REST Delivery Point." + description = "The Client Profile of the REST Delivery Point" type = string default = null } variable "gateway_replace_target_authority_enabled" { - description = "Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote." + description = "Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote" type = bool default = null } variable "http_method" { - description = "The HTTP method to use (POST or PUT)." + description = "The HTTP method to use (POST or PUT)" type = string default = null } variable "local_interface" { - description = "The interface that will be used for all outgoing connections associated with the REST Consumer." + description = "The interface that will be used for all outgoing connections associated with the REST Consumer" type = string default = null } variable "max_post_wait_time" { - description = "The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer." + description = "The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer" type = number default = null } variable "outgoing_connection_count" { - description = "The number of concurrent TCP connections open to the REST Consumer." + description = "The number of concurrent TCP connections open to the REST Consumer" type = number default = null } variable "proxy_name" { - description = "The name of the proxy to use." + description = "The name of the proxy to use" type = string default = null } variable "request_target_evaluation" { - description = "The type of evaluation to perform on the request target." + description = "The type of evaluation to perform on the request target" type = string default = null } variable "retry_delay" { - description = "The number of seconds that must pass before retrying the remote REST Consumer connection." + description = "The number of seconds that must pass before retrying the remote REST Consumer connection" type = number default = null } variable "service" { - description = "The name of the service that this REST Delivery Point connects to." + description = "The name of the service that this REST Delivery Point connects to" type = string default = null } variable "tls_cipher_suite_list" { - description = "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection." + description = "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection" type = string default = null } variable "vendor" { - description = "The name of the vendor that this REST Delivery Point connects to." + description = "The name of the vendor that this REST Delivery Point connects to" type = string default = null } @@ -263,12 +267,3 @@ variable "protected_request_headers" { sensitive = true } -variable "oauth_jwt_claims" { - description = "Additional claims to be added to the JWT sent to the OAuth token request endpoint" - type = set(object({ - oauth_jwt_claim_name = string - oauth_jwt_claim_value = string - })) - default = [] -} -