Skip to content

feat(ces): add security_settings to web_widget_config in google_ces_deployment#17264

Open
msvechla wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
msvechla:feat/ces-deployment-security-settings
Open

feat(ces): add security_settings to web_widget_config in google_ces_deployment#17264
msvechla wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
msvechla:feat/ces-deployment-security-settings

Conversation

@msvechla
Copy link
Copy Markdown

@msvechla msvechla commented Apr 23, 2026

Summary

The webWidgetConfig block in google_ces_deployment is missing securitySettings, which the CES API supports. In particular, enablePublicAccess controls whether the web widget can be embedded without additional authentication.

Without this field in the Terraform provider, users must resort to a local-exec workaround to PATCH the deployment after creation/update. Adding security_settings as a native Terraform attribute eliminates this workaround.

Changes

  • mmv1/products/ces/Deployment.yaml: Add securitySettings nested object under webWidgetConfig with enablePublicAccess boolean field
  • mmv1/templates/terraform/examples/ces_deployment_basic.tf.tmpl: Update example to show security_settings usage

Example usage

resource "google_ces_deployment" "example" {
  location     = "us"
  display_name = "My Deployment"
  app          = google_ces_app.my_app.name
  app_version  = "projects/.../versions/..."
  channel_profile {
    channel_type = "WEB_UI"
    web_widget_config {
      modality = "CHAT_AND_VOICE"
      security_settings {
        enable_public_access = true
      }
    }
  }
}
ces: added `security_settings` block to `web_widget_config` in `google_ces_deployment` resource to support configuring `enable_public_access`

@msvechla
feat(ces): add security_settings to web_widget_config in google_ces_d…
d94aa14 
…eployment

Add the securitySettings.enablePublicAccess field to the webWidgetConfig
block in the CES Deployment resource. This allows controlling whether
a web widget deployment can be embedded without additional authentication
directly via Terraform, removing the need for a local-exec workaround.
@modular-magician modular-magician added the awaiting-approval Pull requests that need reviewer's approval to run presubmit tests label Apr 23, 2026
@github-actions github-actions Bot requested a review from roaks3 April 23, 2026 14:16
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@roaks3, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roaks3 roaks3 Awaiting requested review from roaks3

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

awaiting-approval Pull requests that need reviewer's approval to run presubmit tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msvechla @modular-magician