From 4562583d8afcc8e02d8970d4d4a232ec73923ddb Mon Sep 17 00:00:00 2001 From: Eduardo Gomes Date: Mon, 4 Sep 2023 21:24:04 +0100 Subject: [PATCH] Fix access IDPs not importing config obj --- .changelog/2735.txt | 3 ++ ...rce_cloudflare_access_identity_provider.go | 16 ++---- ...loudflare_access_identity_provider_test.go | 50 ++++++++++++++++++- ...ema_cloudflare_access_identity_provider.go | 3 +- 4 files changed, 58 insertions(+), 14 deletions(-) create mode 100644 .changelog/2735.txt diff --git a/.changelog/2735.txt b/.changelog/2735.txt new file mode 100644 index 0000000000..5e0f7afbc9 --- /dev/null +++ b/.changelog/2735.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/cloudflare_access_identity_provider: Fix access IDPs not importing config obj +``` diff --git a/internal/sdkv2provider/resource_cloudflare_access_identity_provider.go b/internal/sdkv2provider/resource_cloudflare_access_identity_provider.go index e4d1670bb8..9cbf011f8f 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_identity_provider.go +++ b/internal/sdkv2provider/resource_cloudflare_access_identity_provider.go @@ -57,12 +57,12 @@ func resourceCloudflareAccessIdentityProviderRead(ctx context.Context, d *schema d.Set("name", accessIdentityProvider.Name) d.Set("type", accessIdentityProvider.Type) - config := convertStructToSchema(d, accessIdentityProvider.Config) + config := convertAccessIDPConfigStructToSchema(accessIdentityProvider.Config) if configErr := d.Set("config", config); configErr != nil { return diag.FromErr(fmt.Errorf("error setting Access Identity Provider configuration: %w", configErr)) } - scimConfig := convertScimConfigStructToSchema(d, accessIdentityProvider.ScimConfig) + scimConfig := convertAccessIDPScimConfigStructToSchema(accessIdentityProvider.ScimConfig) if scimConfigErr := d.Set("scim_config", scimConfig); scimConfigErr != nil { return diag.FromErr(fmt.Errorf("error setting Access Identity Provider scim configuration: %w", scimConfigErr)) } @@ -245,11 +245,7 @@ func convertScimConfigSchemaToStruct(d *schema.ResourceData) cloudflare.AccessId return ScimConfig } -func convertStructToSchema(d *schema.ResourceData, options cloudflare.AccessIdentityProviderConfiguration) []interface{} { - if _, ok := d.GetOk("config"); !ok { - return []interface{}{} - } - +func convertAccessIDPConfigStructToSchema(options cloudflare.AccessIdentityProviderConfiguration) []interface{} { attributes := make([]string, 0) for _, value := range options.Attributes { attributes = append(attributes, value) @@ -285,11 +281,7 @@ func convertStructToSchema(d *schema.ResourceData, options cloudflare.AccessIden return []interface{}{m} } -func convertScimConfigStructToSchema(d *schema.ResourceData, options cloudflare.AccessIdentityProviderScimConfiguration) []interface{} { - if _, ok := d.GetOk("scim_config"); !ok { - return []interface{}{} - } - +func convertAccessIDPScimConfigStructToSchema(options cloudflare.AccessIdentityProviderScimConfiguration) []interface{} { m := map[string]interface{}{ "enabled": options.Enabled, "secret": options.Secret, diff --git a/internal/sdkv2provider/resource_cloudflare_access_identity_provider_test.go b/internal/sdkv2provider/resource_cloudflare_access_identity_provider_test.go index db88b30b84..d2280c1df8 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_identity_provider_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_identity_provider_test.go @@ -5,6 +5,7 @@ import ( "fmt" "log" "os" + "strings" "testing" "github.com/cloudflare/cloudflare-go" @@ -73,6 +74,12 @@ func TestAccCloudflareAccessIdentityProvider_OneTimePin(t *testing.T) { resource.TestCheckResourceAttr(resourceName, consts.AccountIDSchemaKey, accountID), resource.TestCheckResourceAttr(resourceName, "name", rnd), resource.TestCheckResourceAttr(resourceName, "type", "onetimepin"), + resource.TestCheckResourceAttrWith(resourceName, "config.0.redirect_url", func(value string) error { + if !strings.HasSuffix(value, ".cloudflareaccess.com/cdn-cgi/access/callback") { + return fmt.Errorf("expected redirect_url to be a Cloudflare Access URL, got %s", value) + } + return nil + }), ), }, }, @@ -90,6 +97,12 @@ func TestAccCloudflareAccessIdentityProvider_OneTimePin(t *testing.T) { resource.TestCheckResourceAttr(resourceName, consts.ZoneIDSchemaKey, zoneID), resource.TestCheckResourceAttr(resourceName, "name", rnd), resource.TestCheckResourceAttr(resourceName, "type", "onetimepin"), + resource.TestCheckResourceAttrWith(resourceName, "config.0.redirect_url", func(value string) error { + if !strings.HasSuffix(value, ".cloudflareaccess.com/cdn-cgi/access/callback") { + return fmt.Errorf("expected redirect_url to be a Cloudflare Access URL, got %s", value) + } + return nil + }), ), }, }, @@ -222,6 +235,42 @@ func TestAccCloudflareAccessIdentityProvider_AzureAD(t *testing.T) { }) } +func TestAccCloudflareAccessIdentityProvider_OAuth_Import(t *testing.T) { + t.Parallel() + accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID") + rnd := generateRandomResourceName() + resourceName := "cloudflare_access_identity_provider." + rnd + + checkFn := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, consts.AccountIDSchemaKey, accountID), + resource.TestCheckResourceAttr(resourceName, "name", rnd), + resource.TestCheckResourceAttr(resourceName, "type", "github"), + resource.TestCheckResourceAttr(resourceName, "config.0.client_id", "test"), + resource.TestCheckResourceAttrSet(resourceName, "config.0.client_secret"), + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAccount(t) + }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: testAccCheckCloudflareAccessIdentityProviderOAuth(accountID, rnd), + Check: checkFn, + }, + { + ImportState: true, + ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: fmt.Sprintf("%s/", accountID), + Check: checkFn, + }, + }, + }) +} + func testAccCheckCloudflareAccessIdentityProviderOneTimePin(name string, identifier *cloudflare.ResourceContainer) string { return fmt.Sprintf(` resource "cloudflare_access_identity_provider" "%[1]s" { @@ -283,7 +332,6 @@ resource "cloudflare_access_identity_provider" "%[2]s" { client_id = "test" client_secret = "test" directory_id = "directory" - redirect_url = "https://terraform-cfapi.cloudflareaccess.com/cdn-cgi/access/callback" support_groups = true conditional_access_enabled = true } diff --git a/internal/sdkv2provider/schema_cloudflare_access_identity_provider.go b/internal/sdkv2provider/schema_cloudflare_access_identity_provider.go index ccc0df7e9d..429bec1c1a 100644 --- a/internal/sdkv2provider/schema_cloudflare_access_identity_provider.go +++ b/internal/sdkv2provider/schema_cloudflare_access_identity_provider.go @@ -38,6 +38,7 @@ func resourceCloudflareAccessIdentityProviderSchema() map[string]*schema.Schema "config": { Type: schema.TypeList, Optional: true, + Computed: true, Description: "Provider configuration from the [developer documentation](https://developers.cloudflare.com/access/configuring-identity-providers/).", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -136,7 +137,6 @@ func resourceCloudflareAccessIdentityProviderSchema() map[string]*schema.Schema }, "redirect_url": { Type: schema.TypeString, - Optional: true, Computed: true, }, "sign_request": { @@ -169,6 +169,7 @@ func resourceCloudflareAccessIdentityProviderSchema() map[string]*schema.Schema "scim_config": { Type: schema.TypeList, Optional: true, + Computed: true, Description: "Configuration for SCIM settings for a given IDP", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{