Adds separate update test for OpenID

hashicorp · Jul 11, 2024 · fa3eaba · fa3eaba
1 parent 3302a15
commit fa3eaba
Showing 1 changed file with 107 additions and 69 deletions.
diff --git a/internal/service/verifiedpermissions/identity_source_test.go b/internal/service/verifiedpermissions/identity_source_test.go
@@ -63,68 +63,6 @@ func TestAccVerifiedPermissionsIdentitySource_Cognito_basic(t *testing.T) {
 	})
 }
 
-func TestAccVerifiedPermissionsIdentitySource_update(t *testing.T) {
-	ctx := acctest.Context(t)
-
-	var identitySource verifiedpermissions.GetIdentitySourceOutput
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
-	resourceName := "aws_verifiedpermissions_identity_source.test"
-
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck: func() {
-			acctest.PreCheck(ctx, t)
-			acctest.PreCheckPartitionHasService(t, names.VerifiedPermissionsEndpointID)
-		},
-		ErrorCheck:               acctest.ErrorCheck(t, names.VerifiedPermissionsServiceID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             testAccCheckIdentitySourceDestroy(ctx),
-		Steps: []resource.TestStep{
-			{
-				Config: testAccIdentitySourceConfig_Cognito_basic(rName),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
-					resource.TestCheckResourceAttrSet(resourceName, "policy_store_id"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct1),
-					resource.TestCheckResourceAttrSet(resourceName, "configuration.0.cognito_user_pool_configuration.0.user_pool_arn"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.0.client_ids.#", acctest.Ct0),
-				),
-			},
-			{
-				Config: testAccIdentitySourceConfig_Cognito_update(rName),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct1),
-					resource.TestCheckResourceAttrSet(resourceName, "configuration.0.cognito_user_pool_configuration.0.user_pool_arn"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.0.client_ids.#", acctest.Ct1),
-				),
-			},
-			{
-				Config: testAccIdentitySourceConfig_updateOpenIDConfiguration(rName),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.#", acctest.Ct1),
-					resource.TestCheckResourceAttrSet(resourceName, "configuration.0.open_id_connect_configuration.0.issuer"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.audiences.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.principal_id_claim", "sub"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.entity_id_prefix", "MyOIDCProvider"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_claim", "groups"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_entity_type", "Mycorp::UserGroup"),
-				),
-			},
-			{
-				Config: testAccIdentitySourceConfig_updateOpenIDConfigurationTokenSelection(rName),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.0.client_ids.#", acctest.Ct1),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.0.principal_id_claim", "sub"),
-				),
-			},
-		},
-	})
-}
-
 func TestAccVerifiedPermissionsIdentitySource_OpenID_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 
@@ -147,7 +85,7 @@ func TestAccVerifiedPermissionsIdentitySource_OpenID_basic(t *testing.T) {
 					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
 					resource.TestCheckResourceAttrSet(resourceName, names.AttrID),
 					resource.TestCheckResourceAttrPair(resourceName, "policy_store_id", "aws_verifiedpermissions_policy_store.test", names.AttrID),
-					resource.TestCheckResourceAttr(resourceName, "principal_entity_type", "Mycorp::UserGroup"),
+					resource.TestCheckResourceAttr(resourceName, "principal_entity_type", "MyCorp::User"),
 					resource.TestCheckResourceAttr(resourceName, "configuration.#", acctest.Ct1),
 					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct0),
 					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.#", acctest.Ct1),
@@ -190,7 +128,7 @@ func TestAccVerifiedPermissionsIdentitySource_disappears(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccIdentitySourceConfig_Cognito_basic(rName),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
 					acctest.CheckFrameworkResourceDisappears(ctx, acctest.Provider, tfverifiedpermissions.ResourceIdentitySource, resourceName),
 				),
@@ -254,6 +192,106 @@ func TestAccVerifiedPermissionsIdentitySource_Cognito_update(t *testing.T) {
 	})
 }
 
+func TestAccVerifiedPermissionsIdentitySource_OpenID_update(t *testing.T) {
+	ctx := acctest.Context(t)
+
+	var identitySource verifiedpermissions.GetIdentitySourceOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_verifiedpermissions_identity_source.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.VerifiedPermissionsEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.VerifiedPermissionsServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckIdentitySourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIdentitySourceConfig_OpenID_basic(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
+					resource.TestCheckResourceAttr(resourceName, "configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct0),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.#", acctest.Ct1),
+					resource.TestCheckNoResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.entity_id_prefix"),
+					testAccCheckPairAsHTTPSURL(resourceName, "configuration.0.open_id_connect_configuration.0.issuer", "aws_cognito_user_pool.test", "endpoint"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.#", acctest.Ct0),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.audiences.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.audiences.0", "https://myapp.example.com"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.principal_id_claim", "sub"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.#", acctest.Ct0),
+				),
+			},
+			{
+				Config: testAccIdentitySourceConfig_updateOpenIDConfiguration(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
+					resource.TestCheckResourceAttr(resourceName, "configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct0),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.entity_id_prefix", "MyOIDCProvider"),
+					testAccCheckPairAsHTTPSURL(resourceName, "configuration.0.open_id_connect_configuration.0.issuer", "aws_cognito_user_pool.test", "endpoint"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_claim", "groups"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_entity_type", "MyCorp::UserGroup"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.audiences.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.audiences.0", "https://myapp.example.com"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.0.principal_id_claim", "sub"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.#", acctest.Ct0),
+				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateIdFunc: testAccIdentitySourceImportStateIdFunc(resourceName),
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccIdentitySourceConfig_updateOpenIDConfigurationTokenSelection(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIdentitySourceExists(ctx, resourceName, &identitySource),
+					resource.TestCheckResourceAttr(resourceName, "configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.cognito_user_pool_configuration.#", acctest.Ct0),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.entity_id_prefix", "MyOIDCProvider"),
+					testAccCheckPairAsHTTPSURL(resourceName, "configuration.0.open_id_connect_configuration.0.issuer", "aws_cognito_user_pool.test", "endpoint"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_claim", "groups"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.group_configuration.0.group_entity_type", "MyCorp::UserGroup"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.access_token_only.#", acctest.Ct0),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.0.client_ids.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.0.client_ids.0", "1example23456789"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.open_id_connect_configuration.0.token_selection.0.identity_token_only.0.principal_id_claim", "sub"),
+				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateIdFunc: testAccIdentitySourceImportStateIdFunc(resourceName),
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckIdentitySourceDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		conn := acctest.Provider.Meta().(*conns.AWSClient).VerifiedPermissionsClient(ctx)
@@ -425,7 +463,7 @@ resource "aws_verifiedpermissions_identity_source" "test" {
       }
     }
   }
-  principal_entity_type = "Mycorp::UserGroup"
+  principal_entity_type = "MyCorp::User"
 }
 
 resource "aws_cognito_user_pool" "test" {
@@ -456,11 +494,11 @@ resource "aws_verifiedpermissions_identity_source" "test" {
       entity_id_prefix = "MyOIDCProvider"
       group_configuration {
         group_claim       = "groups"
-        group_entity_type = "Mycorp::UserGroup"
+        group_entity_type = "MyCorp::UserGroup"
       }
     }
   }
-  principal_entity_type = "Mycorp::UserGroup"
+  principal_entity_type = "MyCorp::User"
 }
 `, rName))
 }
@@ -487,11 +525,11 @@ resource "aws_verifiedpermissions_identity_source" "test" {
       entity_id_prefix = "MyOIDCProvider"
       group_configuration {
         group_claim       = "groups"
-        group_entity_type = "Mycorp::UserGroup"
+        group_entity_type = "MyCorp::UserGroup"
       }
     }
   }
-  principal_entity_type = "Mycorp::UserGroup"
+  principal_entity_type = "MyCorp::User"
 }
 `, rName))
 }