feat(organization_application_user_token): add ip_allowlist

aiven · Feb 20, 2025 · 13fe2a9 · 13fe2a9
1 parent 2ce2982
commit 13fe2a9
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ nav_order: 1
 
 ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD
 
+- Add `aiven_organization_application_user_token` resource field `ip_allowlist`: List of allowed IP ranges.
+
 ## [4.36.0] - 2025-02-20
 
 - Added `aiven_organization_vpc` beta resource and data source

diff --git a/docs/resources/organization_application_user_token.md b/docs/resources/organization_application_user_token.md
@@ -37,6 +37,7 @@ resource "aiven_organization_application_user_token" "example" {
 
 - `description` (String) Description of the token.
 - `extend_when_used` (Boolean) Extends the token session duration when the token is used. Only applicable if a value is set for `max_age_seconds`.
+- `ip_allowlist` (Set of String) List of allowed IP ranges.
 - `max_age_seconds` (Number) The number of hours after which a token expires. If not set, it never expires.
 - `scopes` (Set of String) Limits access to specific resources by granting read or write privileges to them. For example: `billing:read`. Available scopes are: `authentication`, `billing`, `payments` for [payment methods](https://aiven.io/docs/platform/howto/list-billing), `privatelink`, `projects`, `services`, `static_ips`, and `user`.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))

diff --git a/internal/sdkprovider/service/organization/organization_application_user_token.go b/internal/sdkprovider/service/organization/organization_application_user_token.go
@@ -108,6 +108,16 @@ var aivenOrganizationApplicationUserTokenSchema = map[string]*schema.Schema{
 		Description: "User agent of the last request made with this token in human-readable format.",
 		Computed:    true,
 	},
+	"ip_allowlist": {
+		Type:        schema.TypeSet,
+		Description: "List of allowed IP ranges.",
+		Elem: &schema.Schema{
+			Type: schema.TypeString,
+		},
+		MaxItems: 100,
+		Optional: true,
+		ForceNew: true,
+	},
 }
 
 func ResourceOrganizationApplicationUserToken() *schema.Resource {

diff --git a/internal/sdkprovider/service/organization/organization_application_user_token_test.go b/internal/sdkprovider/service/organization/organization_application_user_token_test.go
@@ -37,19 +37,24 @@ resource "aiven_organization_application_user_token" "foo" {
   max_age_seconds  = 3600
   extend_when_used = true
   scopes           = ["user:read"]
+  ip_allowlist     = ["10.0.0.0/8"]
 }
 
 // Required fields only
 resource "aiven_organization_application_user_token" "bar" {
   organization_id = aiven_organization_application_user.foo.organization_id
   user_id         = aiven_organization_application_user.foo.user_id
 }
+
+
 `, acc.RandStr(), org),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(tokenFoo, "description", "Terraform acceptance tests"),
 					resource.TestCheckResourceAttr(tokenFoo, "max_age_seconds", "3600"),
 					resource.TestCheckResourceAttr(tokenFoo, "extend_when_used", "true"),
 					resource.TestCheckResourceAttr(tokenFoo, "scopes.#", "1"),
+					resource.TestCheckResourceAttr(tokenFoo, "ip_allowlist.#", "1"),
+					resource.TestCheckResourceAttr(tokenFoo, "ip_allowlist.0", "10.0.0.0/8"),
 					// Bar token has required fields only
 					resource.TestCheckResourceAttr(tokenBar, "extend_when_used", "false"),
 				),

diff --git a/internal/sdkprovider/service/project/organization_project_test.go b/internal/sdkprovider/service/project/organization_project_test.go
@@ -38,7 +38,7 @@ resource "aiven_organization" "foo" {
 }
 
 resource "aiven_billing_group" "foo" {
-  name = "test-acc-bg-%[1]s"
+  name      = "test-acc-bg-%[1]s"
   parent_id = aiven_organization.foo.id
 }