feat: added disabled_user_signup and disabled_user_deletion to google_identity_platform_tenant

ramonvermeulen · ramonvermeulen · commit 2491d6bcff95 · 2025-01-23T14:58:11.000+01:00
diff --git a/mmv1/products/identityplatform/Tenant.yaml b/mmv1/products/identityplatform/Tenant.yaml
@@ -27,6 +27,7 @@ base_url: 'projects/{{project}}/tenants'
 self_link: 'projects/{{project}}/tenants/{{name}}'
 update_verb: 'PATCH'
 update_mask: true
+immutable: false
 timeouts:
   insert_minutes: 20
   update_minutes: 20
@@ -63,3 +64,23 @@ properties:
       Whether authentication is disabled for the tenant. If true, the users under
       the disabled tenant are not allowed to sign-in. Admins of the disabled tenant
       are not able to manage its users.
+  - name: 'client'
+    type: NestedObject
+    description: |
+      Options related to how clients making requests on behalf of a tenant should be configured.
+    properties:
+      - name: 'permissions'
+        type: NestedObject
+        description: |
+          Configuration related to restricting a user's ability to affect their account.
+        properties:
+          - name: 'disabledUserSignup'
+            type: Boolean
+            description: |
+              When true, end users cannot sign up for a new account on the associated project through any of our API methods.
+            default_from_api: true
+          - name: 'disabledUserDeletion'
+            type: Boolean
+            description: |
+              When true, end users cannot delete their account on the associated project through any of our API methods.
+            default_from_api: true
diff --git a/mmv1/third_party/terraform/services/identityplatform/resource_identity_platform_tenant_test.go b/mmv1/third_party/terraform/services/identityplatform/resource_identity_platform_tenant_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-provider-google/google/acctest"
 )
 
@@ -29,6 +30,19 @@ func TestAccIdentityPlatformTenant_identityPlatformTenantUpdate(t *testing.T) {
 			},
 			{
 				Config: testAccIdentityPlatformTenant_identityPlatformTenantUpdate(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_identity_platform_tenant.tenant", plancheck.ResourceActionUpdate),
+					},
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "display_name", "my-tenant"),
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "allow_password_signup", "false"),
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "enable_email_link_signin", "true"),
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "disable_auth", "true"),
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "client.0.permissions.0.disabled_user_signup", "true"),
+					resource.TestCheckResourceAttr("google_identity_platform_tenant.tenant", "client.0.permissions.0.disabled_user_deletion", "true"),
+				),
 			},
 			{
 				ResourceName:      "google_identity_platform_tenant.tenant",
@@ -55,6 +69,12 @@ resource "google_identity_platform_tenant" "tenant" {
   allow_password_signup    = false
   enable_email_link_signin = true
   disable_auth             = true
+  client {
+	permissions {
+      disabled_user_signup   = true
+      disabled_user_deletion = true
+	}
+  }
 }
 `, context)
 }
