improvements to allow user_ids / permissions to work more robustly

auth0 · Nov 19, 2019 · fb0b56b · fb0b56b
1 parent e604510
commit fb0b56b
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 23 deletions.
diff --git a/auth0/resource_auth0_role.go b/auth0/resource_auth0_role.go
@@ -60,23 +60,47 @@ func newRole() *schema.Resource {
 }
 
 func createRole(d *schema.ResourceData, m interface{}) error {
+
 	c := buildRole(d)
 	api := m.(*management.Management)
 	if err := api.Role.Create(c); err != nil {
 		return err
 	}
 
-	users := buildUsers(d)
-	if err := api.Role.AssignUsers(*c.ID, users...); err != nil {
-		return err
+	// Enable partial state mode. Sub-resources can potentially cause partial
+	// state. Therefore we must explicitly tell Terraform what is safe to
+	// persist and what is not.
+	//
+	// See: https://www.terraform.io/docs/extend/writing-custom-providers.html
+	d.Partial(true)
+
+	if d.HasChange("user_ids") {
+		users := buildUsers(d)
+		if len(users) > 0 {
+			err := api.Role.AssignUsers(*c.ID, users...)
+			if err != nil {
+				return err
+			}
+		}
+		d.SetPartial("user_ids")
 	}
 
-	permissions := buildPermissions(d)
-	if err := api.Role.AssignPermissions(*c.ID, permissions...); err != nil {
-		return err
+	if d.HasChange("permissions") {
+		permissions := buildPermissions(d)
+		if len(permissions) > 0 {
+			err := api.Role.AssignPermissions(*c.ID, permissions...)
+			if err != nil {
+				return err
+			}
+		}
+		d.SetPartial("permissions")
 	}
 
+	// We succeeded, disable partial mode. This causes Terraform to save
+	// all fields again.
+	d.Partial(false)
 	d.SetId(auth0.StringValue(c.ID))
+
 	return readRole(d, m)
 }
 

diff --git a/auth0/resource_auth0_role_test.go b/auth0/resource_auth0_role_test.go
@@ -14,22 +14,61 @@ func TestAccRole(t *testing.T) {
 			"auth0": Provider(),
 		},
 		Steps: []resource.TestStep{
-			resource.TestStep{
-				Config: testAccRole,
+			{
+				Config: testAccRoleCreate,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("auth0_role.my_role", "name", "Application - Role Acceptance Test"),
 					resource.TestCheckResourceAttr("auth0_role.my_role", "description", "Test Applications Role Long Description"),
 				),
 			},
+			{
+				Config: testAccRoleUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_role.my_role", "description", "Test Applications Role Long Description And Then Some"),
+					resource.TestCheckResourceAttr("auth0_role.my_role", "user_ids.0", "auth0|neo"),
+					resource.TestCheckResourceAttr("auth0_role.my_role", "user_ids.1", "auth0|trinity"),
+				),
+			},
 		},
 	})
 }
 
-const testAccRole = `
+const testAccRoleCreate = `
 provider "auth0" {}
 
 resource "auth0_role" "my_role" {
 	name = "Application - Role Acceptance Test"
 	description = "Test Applications Role Long Description"
 }
 `
+
+const testAccRoleUpdate = `
+provider "auth0" {}
+
+resource "auth0_user" "neo" {
+  connection_name = "Username-Password-Authentication"
+  email = "[email protected]"
+  username = "neo"
+  nickname = "neo"
+  password = "IAmThe#1"
+  user_id = "neo"
+}
+
+resource "auth0_user" "trinity" {
+  connection_name = "Username-Password-Authentication"
+  email = "[email protected]"
+  username = "trinity"
+  nickname = "trinity"
+  password = "TheM4trixH4$Y0u"
+  user_id = "trinity"
+}
+
+resource "auth0_role" "my_role" {
+  name = "Application Role Acceptance Test"
+  description = "Test Applications Role Long Description And Then Some"
+  user_ids = [ 
+    auth0_user.neo.id, 
+    auth0_user.trinity.id
+  ]
+}
+`
diff --git a/auth0/resource_auth0_user.go b/auth0/resource_auth0_user.go
@@ -1,6 +1,8 @@
 package auth0
 
 import (
+	"strings"
+
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/structure"
 	"github.com/hashicorp/terraform/helper/validation"
@@ -26,6 +28,9 @@ func newUser() *schema.Resource {
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 					return old == "auth0|"+new
 				},
+				StateFunc: func(s interface{}) string {
+					return strings.ToLower(s.(string))
+				},
 			},
 			"connection_name": {
 				Type:     schema.TypeString,

diff --git a/example/role/main.tf b/example/role/main.tf
@@ -1,37 +1,38 @@
 provider "auth0" {}
 
 resource "auth0_resource_server" "my_resource_server" {
-  name                                            = "My Resource Server (Managed by Terraform)"
-  identifier                                      = "my-resource-server-identifier"
-  signing_alg                                     = "RS256"
-  token_lifetime                                  = 86400
+  name = "My Resource Server (Managed by Terraform)"
+  identifier = "my-resource-server-identifier"
+  signing_alg = "RS256"
+  token_lifetime = 86400
   skip_consent_for_verifiable_first_party_clients = true
 
   enforce_policies = true
 
-  // Permissions
+  # Permissions
   scopes {
-    value       = "read:something"
+    value = "read:something"
     description = "read something"
   }
 }
 
 resource "auth0_user" "user" {
   connection_name = "Username-Password-Authentication"
-  user_id         = "auth0|1234567890"
-  email           = "[email protected]"
-  password        = "passpass$12$12"
-  nickname        = "testnick"
+  user_id = "auth0|1234567890"
+  email = "[email protected]"
+  password = "passpass$12$12"
+  nickname = "testnick"
+  username = "testnick"
 }
 
 resource "auth0_role" "my_role" {
-  name        = "My Role - (Managed by Terraform)"
+  name = "My Role - (Managed by Terraform)"
   description = "Role Description..."
 
-  user_ids = ["${auth0_user.user.id}"]
+  user_ids = [ auth0_user.user.id ]
 
   permissions {
-    resource_server_identifier = "${auth0_resource_server.my_resource_server.identifier}"
-    name                       = "read:something"
+    resource_server_identifier = auth0_resource_server.my_resource_server.identifier
+    name = "read:something"
   }
 }