@@ -18,6 +18,8 @@ import (
1818 "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
1919 "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts"
2020 "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
21+ "github.com/hashicorp/terraform-plugin-framework-validators/objectvalidator"
22+ "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
2123 "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
2224 "github.com/hashicorp/terraform-plugin-framework/diag"
2325 "github.com/hashicorp/terraform-plugin-framework/path"
@@ -218,41 +220,7 @@ func (r *agentRuntimeResource) Schema(ctx context.Context, request resource.Sche
218220 },
219221 },
220222 },
221- "authorizer_configuration" : schema.ListNestedBlock {
222- CustomType : fwtypes.NewListNestedObjectTypeOf [authorizerConfigurationModel ](ctx ),
223- Validators : []validator.List {
224- listvalidator .SizeAtMost (1 ),
225- },
226- NestedObject : schema.NestedBlockObject {
227- Blocks : map [string ]schema.Block {
228- "custom_jwt_authorizer" : schema.ListNestedBlock {
229- CustomType : fwtypes.NewListNestedObjectTypeOf [customJWTAuthorizerConfigurationModel ](ctx ),
230- Validators : []validator.List {
231- listvalidator .SizeAtMost (1 ),
232- },
233- NestedObject : schema.NestedBlockObject {
234- Attributes : map [string ]schema.Attribute {
235- "allowed_audience" : schema.SetAttribute {
236- CustomType : fwtypes .SetOfStringType ,
237- Optional : true ,
238- },
239- "allowed_clients" : schema.SetAttribute {
240- CustomType : fwtypes .SetOfStringType ,
241- Optional : true ,
242- },
243- "allowed_scopes" : schema.SetAttribute {
244- CustomType : fwtypes .SetOfStringType ,
245- Optional : true ,
246- },
247- "discovery_url" : schema.StringAttribute {
248- Required : true ,
249- },
250- },
251- },
252- },
253- },
254- },
255- },
223+ "authorizer_configuration" : authorizerConfigurationSchema (ctx ),
256224 names .AttrNetworkConfiguration : schema.ListNestedBlock {
257225 CustomType : fwtypes.NewListNestedObjectTypeOf [networkConfigurationModel ](ctx ),
258226 Validators : []validator.List {
@@ -325,6 +293,118 @@ func (r *agentRuntimeResource) Schema(ctx context.Context, request resource.Sche
325293 }
326294}
327295
296+ // Note that this function and the models used within it are also used in gateway.go.
297+ func authorizerConfigurationSchema (ctx context.Context ) schema.ListNestedBlock {
298+ return schema.ListNestedBlock {
299+ CustomType : fwtypes.NewListNestedObjectTypeOf [authorizerConfigurationModel ](ctx ),
300+ Validators : []validator.List {
301+ listvalidator .SizeAtMost (1 ),
302+ },
303+ NestedObject : schema.NestedBlockObject {
304+ Blocks : map [string ]schema.Block {
305+ "custom_jwt_authorizer" : schema.ListNestedBlock {
306+ CustomType : fwtypes.NewListNestedObjectTypeOf [customJWTAuthorizerConfigurationModel ](ctx ),
307+ Validators : []validator.List {
308+ listvalidator .SizeAtMost (1 ),
309+ },
310+ NestedObject : schema.NestedBlockObject {
311+ Attributes : map [string ]schema.Attribute {
312+ "allowed_audience" : schema.SetAttribute {
313+ CustomType : fwtypes .SetOfStringType ,
314+ Optional : true ,
315+ },
316+ "allowed_clients" : schema.SetAttribute {
317+ CustomType : fwtypes .SetOfStringType ,
318+ Optional : true ,
319+ },
320+ "allowed_scopes" : schema.SetAttribute {
321+ CustomType : fwtypes .SetOfStringType ,
322+ Optional : true ,
323+ },
324+ "discovery_url" : schema.StringAttribute {
325+ Required : true ,
326+ },
327+ },
328+ Blocks : map [string ]schema.Block {
329+ "custom_claim" : schema.SetNestedBlock {
330+ CustomType : fwtypes.NewSetNestedObjectTypeOf [customJWTAuthorizerCustomClaimModel ](ctx ),
331+ NestedObject : schema.NestedBlockObject {
332+ Attributes : map [string ]schema.Attribute {
333+ "inbound_token_claim_name" : schema.StringAttribute {
334+ Required : true ,
335+ Validators : []validator.String {
336+ stringvalidator .LengthBetween (1 , 255 ),
337+ stringvalidator .RegexMatches (regexache .MustCompile (`^[A-Za-z0-9_.-:]+$` ), "must contain only letters, numbers, and the characters _ . - :" ),
338+ },
339+ },
340+ "inbound_token_claim_value_type" : schema.StringAttribute {
341+ CustomType : fwtypes .StringEnumType [awstypes.InboundTokenClaimValueType ](),
342+ Required : true ,
343+ },
344+ },
345+ Blocks : map [string ]schema.Block {
346+ "authorizing_claim_match_value" : schema.ListNestedBlock {
347+ CustomType : fwtypes.NewListNestedObjectTypeOf [customJWTAuthorizerAuthorizingClaimMatchValueModel ](ctx ),
348+ Validators : []validator.List {
349+ listvalidator .IsRequired (),
350+ listvalidator .SizeAtMost (1 ),
351+ },
352+ NestedObject : schema.NestedBlockObject {
353+ Attributes : map [string ]schema.Attribute {
354+ "claim_match_operator" : schema.StringAttribute {
355+ CustomType : fwtypes .StringEnumType [awstypes.ClaimMatchOperatorType ](),
356+ Required : true ,
357+ },
358+ },
359+ Blocks : map [string ]schema.Block {
360+ "claim_match_value" : schema.ListNestedBlock {
361+ CustomType : fwtypes.NewListNestedObjectTypeOf [customJWTAuthorizerClaimMatchValueModel ](ctx ),
362+ Validators : []validator.List {
363+ listvalidator .IsRequired (),
364+ listvalidator .SizeAtMost (1 ),
365+ },
366+ NestedObject : schema.NestedBlockObject {
367+ Validators : []validator.Object {
368+ objectvalidator .ExactlyOneOf (
369+ path .MatchRelative ().AtName ("match_value_string" ),
370+ path .MatchRelative ().AtName ("match_value_string_list" ),
371+ ),
372+ },
373+ Attributes : map [string ]schema.Attribute {
374+ "match_value_string" : schema.StringAttribute {
375+ Optional : true ,
376+ Validators : []validator.String {
377+ stringvalidator .LengthBetween (1 , 255 ),
378+ stringvalidator .RegexMatches (regexache .MustCompile (`^[A-Za-z0-9_.-]+$` ), "must contain only letters, numbers, and the characters _ . -" ),
379+ },
380+ },
381+ "match_value_string_list" : schema.SetAttribute {
382+ Optional : true ,
383+ ElementType : types .StringType ,
384+ Validators : []validator.Set {
385+ setvalidator .ValueStringsAre (
386+ stringvalidator .LengthBetween (1 , 255 ),
387+ stringvalidator .RegexMatches (regexache .MustCompile (`^[A-Za-z0-9_.-]+$` ), "must contain only letters, numbers, and the characters _ . -" ),
388+ ),
389+ },
390+ },
391+ },
392+ },
393+ },
394+ },
395+ },
396+ },
397+ },
398+ },
399+ },
400+ },
401+ },
402+ },
403+ },
404+ },
405+ }
406+ }
407+
328408func (r * agentRuntimeResource ) Create (ctx context.Context , request resource.CreateRequest , response * resource.CreateResponse ) {
329409 var data agentRuntimeResourceModel
330410 smerr .AddEnrich (ctx , & response .Diagnostics , request .Plan .Get (ctx , & data ))
@@ -798,10 +878,64 @@ func (m authorizerConfigurationModel) Expand(ctx context.Context) (any, diag.Dia
798878}
799879
800880type customJWTAuthorizerConfigurationModel struct {
801- AllowedAudience fwtypes.SetOfString `tfsdk:"allowed_audience"`
802- AllowedClients fwtypes.SetOfString `tfsdk:"allowed_clients"`
803- AllowedScopes fwtypes.SetOfString `tfsdk:"allowed_scopes"`
804- DiscoveryURL types.String `tfsdk:"discovery_url"`
881+ AllowedAudience fwtypes.SetOfString `tfsdk:"allowed_audience"`
882+ AllowedClients fwtypes.SetOfString `tfsdk:"allowed_clients"`
883+ AllowedScopes fwtypes.SetOfString `tfsdk:"allowed_scopes"`
884+ CustomClaim fwtypes.SetNestedObjectValueOf [customJWTAuthorizerCustomClaimModel ] `tfsdk:"custom_claim"`
885+ DiscoveryURL types.String `tfsdk:"discovery_url"`
886+ }
887+
888+ type customJWTAuthorizerCustomClaimModel struct {
889+ InboundTokenClaimName types.String `tfsdk:"inbound_token_claim_name"`
890+ InboundTokenClaimValueType fwtypes.StringEnum [awstypes.InboundTokenClaimValueType ] `tfsdk:"inbound_token_claim_value_type"`
891+ AuthorizingClaimMatchValue fwtypes.ListNestedObjectValueOf [customJWTAuthorizerAuthorizingClaimMatchValueModel ] `tfsdk:"authorizing_claim_match_value"`
892+ }
893+
894+ type customJWTAuthorizerAuthorizingClaimMatchValueModel struct {
895+ ClaimMatchOperator fwtypes.StringEnum [awstypes.ClaimMatchOperatorType ] `tfsdk:"claim_match_operator"`
896+ ClaimMatchValue fwtypes.ListNestedObjectValueOf [customJWTAuthorizerClaimMatchValueModel ] `tfsdk:"claim_match_value"`
897+ }
898+
899+ type customJWTAuthorizerClaimMatchValueModel struct {
900+ MatchValueString types.String `tfsdk:"match_value_string"`
901+ MatchValueStringList fwtypes.SetOfString `tfsdk:"match_value_string_list"`
902+ }
903+
904+ var (
905+ _ fwflex.Expander = customJWTAuthorizerClaimMatchValueModel {}
906+ _ fwflex.Flattener = & customJWTAuthorizerClaimMatchValueModel {}
907+ )
908+
909+ func (m * customJWTAuthorizerClaimMatchValueModel ) Flatten (ctx context.Context , v any ) diag.Diagnostics {
910+ var diags diag.Diagnostics
911+ switch t := v .(type ) {
912+ case awstypes.ClaimMatchValueTypeMemberMatchValueString :
913+ m .MatchValueString = types .StringValue (t .Value )
914+ case awstypes.ClaimMatchValueTypeMemberMatchValueStringList :
915+ m .MatchValueStringList = fwflex .FlattenFrameworkStringValueSetOfString (ctx , t .Value )
916+
917+ default :
918+ diags .AddError (
919+ "Unsupported Type" ,
920+ fmt .Sprintf ("claim match value flatten: %T" , v ),
921+ )
922+ }
923+ return diags
924+ }
925+
926+ func (m customJWTAuthorizerClaimMatchValueModel ) Expand (ctx context.Context ) (any , diag.Diagnostics ) {
927+ var diags diag.Diagnostics
928+ switch {
929+ case ! m .MatchValueString .IsNull ():
930+ var r awstypes.ClaimMatchValueTypeMemberMatchValueString
931+ r .Value = fwflex .StringValueFromFramework (ctx , m .MatchValueString )
932+ return & r , diags
933+ case ! m .MatchValueStringList .IsNull ():
934+ var r awstypes.ClaimMatchValueTypeMemberMatchValueStringList
935+ r .Value = fwflex .ExpandFrameworkStringValueSet (ctx , m .MatchValueStringList )
936+ return & r , diags
937+ }
938+ return nil , diags
805939}
806940
807941type lifecycleConfigurationModel struct {
0 commit comments