diff --git a/CHANGELOG.md b/CHANGELOG.md index 71d48603e..bd69bd10f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ nav_order: 1 ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD +- Add `aiven_organization_application_user_token` resource field `ip_allowlist`: List of allowed IP ranges. + ## [4.36.0] - 2025-02-20 - Added `aiven_organization_vpc` beta resource and data source diff --git a/docs/resources/organization_application_user_token.md b/docs/resources/organization_application_user_token.md index 716a7ffba..9a9a21931 100644 --- a/docs/resources/organization_application_user_token.md +++ b/docs/resources/organization_application_user_token.md @@ -37,6 +37,7 @@ resource "aiven_organization_application_user_token" "example" { - `description` (String) Description of the token. - `extend_when_used` (Boolean) Extends the token session duration when the token is used. Only applicable if a value is set for `max_age_seconds`. +- `ip_allowlist` (Set of String) List of allowed IP ranges. - `max_age_seconds` (Number) The number of hours after which a token expires. If not set, it never expires. - `scopes` (Set of String) Limits access to specific resources by granting read or write privileges to them. For example: `billing:read`. Available scopes are: `authentication`, `billing`, `payments` for [payment methods](https://aiven.io/docs/platform/howto/list-billing), `privatelink`, `projects`, `services`, `static_ips`, and `user`. - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) diff --git a/internal/sdkprovider/service/organization/organization_application_user_token.go b/internal/sdkprovider/service/organization/organization_application_user_token.go index 872885be0..45e68001a 100644 --- a/internal/sdkprovider/service/organization/organization_application_user_token.go +++ b/internal/sdkprovider/service/organization/organization_application_user_token.go @@ -108,6 +108,16 @@ var aivenOrganizationApplicationUserTokenSchema = map[string]*schema.Schema{ Description: "User agent of the last request made with this token in human-readable format.", Computed: true, }, + "ip_allowlist": { + Type: schema.TypeSet, + Description: "List of allowed IP ranges.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + MaxItems: 100, + Optional: true, + ForceNew: true, + }, } func ResourceOrganizationApplicationUserToken() *schema.Resource { diff --git a/internal/sdkprovider/service/organization/organization_application_user_token_test.go b/internal/sdkprovider/service/organization/organization_application_user_token_test.go index 9708305a7..60ff057a6 100644 --- a/internal/sdkprovider/service/organization/organization_application_user_token_test.go +++ b/internal/sdkprovider/service/organization/organization_application_user_token_test.go @@ -37,6 +37,7 @@ resource "aiven_organization_application_user_token" "foo" { max_age_seconds = 3600 extend_when_used = true scopes = ["user:read"] + ip_allowlist = ["10.0.0.0/8"] } // Required fields only @@ -44,12 +45,16 @@ resource "aiven_organization_application_user_token" "bar" { organization_id = aiven_organization_application_user.foo.organization_id user_id = aiven_organization_application_user.foo.user_id } + + `, acc.RandStr(), org), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr(tokenFoo, "description", "Terraform acceptance tests"), resource.TestCheckResourceAttr(tokenFoo, "max_age_seconds", "3600"), resource.TestCheckResourceAttr(tokenFoo, "extend_when_used", "true"), resource.TestCheckResourceAttr(tokenFoo, "scopes.#", "1"), + resource.TestCheckResourceAttr(tokenFoo, "ip_allowlist.#", "1"), + resource.TestCheckResourceAttr(tokenFoo, "ip_allowlist.0", "10.0.0.0/8"), // Bar token has required fields only resource.TestCheckResourceAttr(tokenBar, "extend_when_used", "false"), ), diff --git a/internal/sdkprovider/service/project/organization_project_test.go b/internal/sdkprovider/service/project/organization_project_test.go index 9f7203fed..3f609d4a6 100644 --- a/internal/sdkprovider/service/project/organization_project_test.go +++ b/internal/sdkprovider/service/project/organization_project_test.go @@ -38,7 +38,7 @@ resource "aiven_organization" "foo" { } resource "aiven_billing_group" "foo" { - name = "test-acc-bg-%[1]s" + name = "test-acc-bg-%[1]s" parent_id = aiven_organization.foo.id }