From 3207da21ec304e31508c24bdc2f3165f34f70d10 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Mon, 22 Apr 2024 12:41:32 -0700
Subject: [PATCH] Add serviceAgentAuthentication for Uptime Checks (#10503)
 (#17929)

[upstream:df4342ed269e6fbfd22d0c344bfee6828abf8b74]

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 ...resource_monitoring_uptime_check_config.go | 67 ++++++++++++++++++-
 ...ring_uptime_check_config_generated_test.go |  3 +
 ...nitoring_uptime_check_config.html.markdown | 17 ++++-
 3 files changed, 85 insertions(+), 2 deletions(-)

diff --git a/google/services/monitoring/resource_monitoring_uptime_check_config.go b/google/services/monitoring/resource_monitoring_uptime_check_config.go
index 6ea528ff821..436538bd3ee 100644
--- a/google/services/monitoring/resource_monitoring_uptime_check_config.go
+++ b/google/services/monitoring/resource_monitoring_uptime_check_config.go
@@ -151,7 +151,7 @@ func ResourceMonitoringUptimeCheckConfig() *schema.Resource {
 						"auth_info": {
 							Type:        schema.TypeList,
 							Optional:    true,
-							Description: `The authentication information. Optional when creating an HTTP check; defaults to empty.`,
+							Description: `The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields.`,
 							MaxItems:    1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
@@ -238,6 +238,22 @@ func ResourceMonitoringUptimeCheckConfig() *schema.Resource {
 							Description:  `The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: "GET" Possible values: ["METHOD_UNSPECIFIED", "GET", "POST"]`,
 							Default:      "GET",
 						},
+						"service_agent_authentication": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"type": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: verify.ValidateEnum([]string{"SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED", "OIDC_TOKEN", ""}),
+										Description:  `The type of authentication to use. Possible values: ["SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED", "OIDC_TOKEN"]`,
+									},
+								},
+							},
+						},
 						"use_ssl": {
 							Type:         schema.TypeBool,
 							Optional:     true,
@@ -981,6 +997,8 @@ func flattenMonitoringUptimeCheckConfigHttpCheck(v interface{}, d *schema.Resour
 		flattenMonitoringUptimeCheckConfigHttpCheckCustomContentType(original["customContentType"], d, config)
 	transformed["auth_info"] =
 		flattenMonitoringUptimeCheckConfigHttpCheckAuthInfo(original["authInfo"], d, config)
+	transformed["service_agent_authentication"] =
+		flattenMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthentication(original["serviceAgentAuthentication"], d, config)
 	transformed["port"] =
 		flattenMonitoringUptimeCheckConfigHttpCheckPort(original["port"], d, config)
 	transformed["headers"] =
@@ -1036,6 +1054,23 @@ func flattenMonitoringUptimeCheckConfigHttpCheckAuthInfoUsername(v interface{},
 	return v
 }
 
+func flattenMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthentication(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["type"] =
+		flattenMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthenticationType(original["type"], d, config)
+	return []interface{}{transformed}
+}
+func flattenMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthenticationType(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenMonitoringUptimeCheckConfigHttpCheckPort(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	// Handles the string fixed64 format
 	if strVal, ok := v.(string); ok {
@@ -1432,6 +1467,13 @@ func expandMonitoringUptimeCheckConfigHttpCheck(v interface{}, d tpgresource.Ter
 		transformed["authInfo"] = transformedAuthInfo
 	}
 
+	transformedServiceAgentAuthentication, err := expandMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthentication(original["service_agent_authentication"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedServiceAgentAuthentication); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["serviceAgentAuthentication"] = transformedServiceAgentAuthentication
+	}
+
 	transformedPort, err := expandMonitoringUptimeCheckConfigHttpCheckPort(original["port"], d, config)
 	if err != nil {
 		return nil, err
@@ -1544,6 +1586,29 @@ func expandMonitoringUptimeCheckConfigHttpCheckAuthInfoUsername(v interface{}, d
 	return v, nil
 }
 
+func expandMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthentication(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedType, err := expandMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthenticationType(original["type"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedType); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["type"] = transformedType
+	}
+
+	return transformed, nil
+}
+
+func expandMonitoringUptimeCheckConfigHttpCheckServiceAgentAuthenticationType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandMonitoringUptimeCheckConfigHttpCheckPort(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
diff --git a/google/services/monitoring/resource_monitoring_uptime_check_config_generated_test.go b/google/services/monitoring/resource_monitoring_uptime_check_config_generated_test.go
index 02ef37c803e..f55a2b30d28 100644
--- a/google/services/monitoring/resource_monitoring_uptime_check_config_generated_test.go
+++ b/google/services/monitoring/resource_monitoring_uptime_check_config_generated_test.go
@@ -206,6 +206,9 @@ resource "google_monitoring_uptime_check_config" "https" {
     port = "443"
     use_ssl = true
     validate_ssl = true
+    service_agent_authentication {
+      type = "OIDC_TOKEN"
+    }
   }
 
   monitored_resource {
diff --git a/website/docs/r/monitoring_uptime_check_config.html.markdown b/website/docs/r/monitoring_uptime_check_config.html.markdown
index eb593594c1f..92248532c12 100644
--- a/website/docs/r/monitoring_uptime_check_config.html.markdown
+++ b/website/docs/r/monitoring_uptime_check_config.html.markdown
@@ -134,6 +134,9 @@ resource "google_monitoring_uptime_check_config" "https" {
     port = "443"
     use_ssl = true
     validate_ssl = true
+    service_agent_authentication {
+      type = "OIDC_TOKEN"
+    }
   }
 
   monitored_resource {
@@ -362,9 +365,14 @@ The following arguments are supported:
 
 * `auth_info` -
   (Optional)
-  The authentication information. Optional when creating an HTTP check; defaults to empty.
+  The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields.
   Structure is [documented below](#nested_auth_info).
 
+* `service_agent_authentication` -
+  (Optional)
+  The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields.
+  Structure is [documented below](#nested_service_agent_authentication).
+
 * `port` -
   (Optional)
   The port to the page to run the check against. Will be combined with `host` (specified within the [`monitored_resource`](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).
@@ -415,6 +423,13 @@ The following arguments are supported:
   (Required)
   The username to authenticate.
 
+<a name="nested_service_agent_authentication"></a>The `service_agent_authentication` block supports:
+
+* `type` -
+  (Optional)
+  The type of authentication to use.
+  Possible values are: `SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED`, `OIDC_TOKEN`.
+
 <a name="nested_accepted_response_status_codes"></a>The `accepted_response_status_codes` block supports:
 
 * `status_value` -