Bugfixes

.gitignore

@@ -1,9 +1,9 @@
-vendor
 func-tests/.terraform
 func-tests/crash.log
 func-tests/run.log
 func-tests/terraform.*
 terraform-provider-pingaccess
+terraform-provider-pingaccess_v*
 .scannerwork/
 .vscode/
 run.log

.travis.yml

@@ -16,7 +16,7 @@ addons:
     organization: "iwarapter-github"
 
 script:
-  - go mod vendor
-  - go mod verify
-  - make test-and-report
-  - sonar-scanner
+  - go mod vendor || travis_terminate 1;
+  - go mod verify || travis_terminate 1;
+  - make test-and-report || travis_terminate 1;
+  - sonar-scanner || travis_terminate 1;

CHANGELOG.md

@@ -1,4 +1,4 @@
-## 0.0.2-BETA (Unreleased)
+## 0.2.0 (Unreleased)
 
 NOTES:
 
@@ -13,6 +13,14 @@ FEATURES:
 * **New Resource:** `pingaccess_access_token_validator`
 * **New Resource:** `pingaccess_keypair` ([#4](https://github.com/iwarapter/terraform-provider-pingaccess/issues/4))
 
+BUG FIXES:
+
+* resource/pingaccess_application: Fixing issue with an empty `policy` block ([#7](https://github.com/iwarapter/terraform-provider-pingaccess/issues/7))
+* resource/pingaccess_application_resource: Fixing issue with an empty `policy` block ([#7](https://github.com/iwarapter/terraform-provider-pingaccess/issues/7))
+* resource/pingaccess_application_resource: path_prefixes is deprecated but required  ([#8](https://github.com/iwarapter/terraform-provider-pingaccess/issues/8))
+* resource/pingaccess_certificate: Certificate `alias` change forces new resource ([#6](https://github.com/iwarapter/terraform-provider-pingaccess/issues/6))
+
+
 ## 0.0.1-BETA (August 4, 2019)
 
 NOTES:

Makefile

@@ -1,4 +1,6 @@
 # Makefile
+VERSION ?= local
+NAME=terraform-provider-pingaccess_v${VERSION}
 
 sweep:
 	@TF_ACC=1 go test ./... -v -sweep=true
@@ -8,33 +10,33 @@ pa-init:
 
 test:
 	@rm -f pingaccess/terraform.log
-	@TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test ./... -v
+	@TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test -mod=vendor ./... -v
 
 test-and-report:
 	@rm -f pingaccess/terraform.log coverage.out report.json
-	@TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test ./... -v -coverprofile=coverage.out -json > report.json && go tool cover -func=coverage.out
+	@TF_LOG=TRACE TF_LOG_PATH=./terraform.log TF_ACC=1 go test -mod=vendor ./... -v -coverprofile=coverage.out -json > report.json && go tool cover -func=coverage.out
 
 build:
-	@go build -o terraform-provider-pingaccess .
+	@go build -mod=vendor -o ${NAME} -gcflags "all=-trimpath=$GOPATH" .
 
 release:
 	@rm -rf build/*
-	GOOS=darwin GOARCH=amd64 go build -o build/darwin_amd64/terraform-provider-pingaccess . && zip -j build/darwin_amd64.zip build/darwin_amd64/terraform-provider-pingaccess
-	# GOOS=freebsd GOARCH=386 go build -o build/freebsd_386/terraform-provider-pingaccess .
-	# GOOS=freebsd GOARCH=amd64 go build -o build/freebsd_amd64/terraform-provider-pingaccess .
-	# GOOS=freebsd GOARCH=arm go build -o build/freebsd_arm/terraform-provider-pingaccess .
-	# GOOS=linux GOARCH=386 go build -o build/linux_386/terraform-provider-pingaccess .
-	GOOS=linux GOARCH=amd64 go build -o build/linux_amd64/terraform-provider-pingaccess . && zip -j build/linux_amd64.zip build/linux_amd64/terraform-provider-pingaccess
-	# GOOS=linux GOARCH=arm go build -o build/linux_arm/terraform-provider-pingaccess .
-	# GOOS=openbsd GOARCH=386 go build -o build/openbsd_386/terraform-provider-pingaccess .
-	# GOOS=openbsd GOARCH=amd64 go build -o build/openbsd_amd64/terraform-provider-pingaccess .
-	# GOOS=solaris GOARCH=amd64 go build -o build/solaris_amd64/terraform-provider-pingaccess .
-	# GOOS=windows GOARCH=386 go build -o build/windows_386/terraform-provider-pingaccess .
-	GOOS=windows GOARCH=amd64 go build -o build/windows_amd64/terraform-provider-pingaccess . && zip -j build/windows_amd64.zip build/windows_amd64/terraform-provider-pingaccess
+	GOOS=darwin GOARCH=amd64 go build -o -mod=vendor build/darwin_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" . && zip -j build/darwin_amd64.zip build/darwin_amd64/${NAME}
+	# GOOS=freebsd GOARCH=386 go build -o -mod=vendor build/freebsd_386/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=freebsd GOARCH=amd64 go build -o -mod=vendor build/freebsd_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=freebsd GOARCH=arm go build -o -mod=vendor build/freebsd_arm/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=linux GOARCH=386 go build -o -mod=vendor build/linux_386/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	GOOS=linux GOARCH=amd64 go build -o -mod=vendor build/linux_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" . && zip -j build/linux_amd64.zip build/linux_amd64/${NAME}
+	# GOOS=linux GOARCH=arm go build -o -mod=vendor build/linux_arm/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=openbsd GOARCH=386 go build -o -mod=vendor build/openbsd_386/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=openbsd GOARCH=amd64 go build -o -mod=vendor build/openbsd_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=solaris GOARCH=amd64 go build -o -mod=vendor build/solaris_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	# GOOS=windows GOARCH=386 go build -o -mod=vendor build/windows_386/${NAME} -gcflags "all=-trimpath=$GOPATH" .
+	GOOS=windows GOARCH=amd64 go build -o -mod=vendor build/windows_amd64/${NAME} -gcflags "all=-trimpath=$GOPATH" . && zip -j build/windows_amd64.zip build/windows_amd64/${NAME}
 
 deploy-local:
 	@mkdir -p ~/.terraform.d/plugins
-	@cp terraform-provider-pingaccess ~/.terraform.d/plugins/
+	@cp ${NAME} ~/.terraform.d/plugins/
 
 func-init:
 	@rm -rf func-tests/.terraform

func-tests/main.tf

@@ -41,44 +41,44 @@ provider "pingaccess" {
 //   availability_profile_id    = 1
 // }
 
-resource "pingaccess_site" "acc_test_site" {
-  name                       = "demo_site"
-  targets                    = ["localhost:1234"]
-  max_connections            = -1
-  max_web_socket_connections = -1
-  availability_profile_id    = 1
-}
+// resource "pingaccess_site" "acc_test_site" {
+//   name                       = "demo_site"
+//   targets                    = ["localhost:1234"]
+//   max_connections            = -1
+//   max_web_socket_connections = -1
+//   availability_profile_id    = 1
+// }
 
-resource "pingaccess_virtualhost" "acc_test_virtualhost" {
-  host                         = "demo-localhost"
-  port                         = 3000
-  agent_resource_cache_ttl     = 900
-  key_pair_id                  = 0
-  trusted_certificate_group_id = 0
-}
+// resource "pingaccess_virtualhost" "acc_test_virtualhost" {
+//   host                         = "demo-localhost"
+//   port                         = 3000
+//   agent_resource_cache_ttl     = 900
+//   key_pair_id                  = 0
+//   trusted_certificate_group_id = 0
+// }
 
-resource "pingaccess_application" "acc_test" {
-  // access_validator_id = 0
-  application_type    = "Web"
-  agent_id            = 0
-  name                = "demo-app"
-  context_root        = "/bar"
-  default_auth_type   = "Web"
-  destination         = "Site"
-  site_id             = "${pingaccess_site.acc_test_site.id}"
-  virtual_host_ids    = ["${pingaccess_virtualhost.acc_test_virtualhost.id}"]
-
-  // identity_mapping_ids {
-  //   web = "${pingaccess_identity_mapping.idm_foo.id}"
-
-  //   //   api = 0
-  // }
-
-  // identity_mapping_ids {
-  //   web = "65"
-  // }
-  // web_session_id = "${pingaccess_websession.demo_session.id}"
-}
+// resource "pingaccess_application" "acc_test" {
+//   // access_validator_id = 0
+//   application_type    = "Web"
+//   agent_id            = 0
+//   name                = "demo-app"
+//   context_root        = "/bar"
+//   default_auth_type   = "Web"
+//   destination         = "Site"
+//   site_id             = "${pingaccess_site.acc_test_site.id}"
+//   virtual_host_ids    = ["${pingaccess_virtualhost.acc_test_virtualhost.id}"]
+
+//   // identity_mapping_ids {
+//   //   web = "${pingaccess_identity_mapping.idm_foo.id}"
+
+//   //   //   api = 0
+//   // }
+
+//   // identity_mapping_ids {
+//   //   web = "65"
+//   // }
+//   // web_session_id = "${pingaccess_websession.demo_session.id}"
+// }
 
 // resource "pingaccess_identity_mapping" "idm_foo" {
 //   class_name = "com.pingidentity.pa.identitymappings.HeaderIdentityMapping"
@@ -179,55 +179,62 @@ resource "pingaccess_application" "acc_test" {
 //   }
 // }
 
+resource "pingaccess_trusted_certificate_group" "demo_tcg" {
+  name = "test"
+  cert_ids = [
+    pingaccess_certificate.demo_certificate.id
+  ]
+}
+
 resource "pingaccess_certificate" "demo_certificate" {
-  alias     = "cert1"
+  alias     = "cert2"
   file_data = "${base64encode(file("amazon_root_ca1.pem"))}"
 }
 
-data "pingaccess_certificate" "data_test" {
-  alias = "string"
-}
+// data "pingaccess_certificate" "data_test" {
+//   alias = "string"
+// }
 
-output "cert_id" {
-  value = "${data.pingaccess_certificate.data_test.id}"
-}
+// output "cert_id" {
+//   value = "${data.pingaccess_certificate.data_test.id}"
+// }
 
-output "cert_alias" {
-  value = "${data.pingaccess_certificate.data_test.alias}"
-}
+// output "cert_alias" {
+//   value = "${data.pingaccess_certificate.data_test.alias}"
+// }
 
-output "cert_expires" {
-  value = "${data.pingaccess_certificate.data_test.expires}"
-}
+// output "cert_expires" {
+//   value = "${data.pingaccess_certificate.data_test.expires}"
+// }
 
-output "cert_issuer_dn" {
-  value = "${data.pingaccess_certificate.data_test.issuer_dn}"
-}
+// output "cert_issuer_dn" {
+//   value = "${data.pingaccess_certificate.data_test.issuer_dn}"
+// }
 
-output "cert_md5sum" {
-  value = "${data.pingaccess_certificate.data_test.md5sum}"
-}
+// output "cert_md5sum" {
+//   value = "${data.pingaccess_certificate.data_test.md5sum}"
+// }
 
-output "cert_serial_number" {
-  value = "${data.pingaccess_certificate.data_test.serial_number}"
-}
+// output "cert_serial_number" {
+//   value = "${data.pingaccess_certificate.data_test.serial_number}"
+// }
 
-output "cert_sha1sum" {
-  value = "${data.pingaccess_certificate.data_test.sha1sum}"
-}
+// output "cert_sha1sum" {
+//   value = "${data.pingaccess_certificate.data_test.sha1sum}"
+// }
 
-output "cert_signature_algorithm" {
-  value = "${data.pingaccess_certificate.data_test.signature_algorithm}"
-}
+// output "cert_signature_algorithm" {
+//   value = "${data.pingaccess_certificate.data_test.signature_algorithm}"
+// }
 
-output "cert_status" {
-  value = "${data.pingaccess_certificate.data_test.status}"
-}
+// output "cert_status" {
+//   value = "${data.pingaccess_certificate.data_test.status}"
+// }
 
-output "cert_subject_dn" {
-  value = "${data.pingaccess_certificate.data_test.subject_dn}"
-}
+// output "cert_subject_dn" {
+//   value = "${data.pingaccess_certificate.data_test.subject_dn}"
+// }
 
-output "cert_valid_from" {
-  value = "${data.pingaccess_certificate.data_test.valid_from}"
-}
+// output "cert_valid_from" {
+//   value = "${data.pingaccess_certificate.data_test.valid_from}"
+// }

go.mod

@@ -2,6 +2,8 @@ module github.com/iwarapter/terraform-provider-pingaccess
 
 go 1.12
 
+replace git.apache.org/thrift.git => github.com/apache/thrift v0.0.0-20180902110319-2566ecd5d999
+
 require (
 	github.com/GeertJohan/go.rice v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.4.13 // indirect

go.sum

@@ -38,6 +38,7 @@ github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkK
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antchfx/xpath v0.0.0-20190129040759-c8489ed3251e/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
 github.com/antchfx/xquery v0.0.0-20180515051857-ad5b8c7a47b0/go.mod h1:LzD22aAzDP8/dyiCKFp31He4m2GPjl0AFyzDtZzUu9M=
+github.com/apache/thrift v0.0.0-20180902110319-2566ecd5d999/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apparentlymart/go-cidr v1.0.0 h1:lGDvXx8Lv9QHjrAVP7jyzleG4F9+FkRhJcEsDFxeb8w=
 github.com/apparentlymart/go-cidr v1.0.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
 github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=

pingaccess/provider_test.go

@@ -28,9 +28,24 @@ func TestMain(m *testing.M) {
 			log.Fatalf("Could not connect to docker: %s", err)
 		}
 
-		options := &dockertest.RunOptions{
-			Repository: "pingidentity/pingaccess",
-			Tag:        "5.2.2-edge",
+		devOpsUser, devOpsUserExists := os.LookupEnv("PING_IDENTITY_DEVOPS_USER")
+		devOpsKey, devOpsKeyExists := os.LookupEnv("PING_IDENTITY_DEVOPS_KEY")
+
+		var options *dockertest.RunOptions
+
+		if devOpsUserExists && devOpsKeyExists {
+			options = &dockertest.RunOptions{
+				Repository: "pingidentity/pingaccess",
+				Env:        []string{fmt.Sprintf("PING_IDENTITY_DEVOPS_USER=%s", devOpsUser), fmt.Sprintf("PING_IDENTITY_DEVOPS_KEY=%s", devOpsKey)},
+				Tag:        "5.2.2-edge",
+			}
+		} else {
+			dir, _ := os.Getwd()
+			options = &dockertest.RunOptions{
+				Repository: "pingidentity/pingaccess",
+				Mounts:     []string{dir + "/pingaccess.lic:/opt/in/instance/conf/pingaccess.lic"},
+				Tag:        "5.2.2-edge",
+			}
 		}
 
 		// pulls an image, creates a container based on it and runs it

pingaccess/resource_pingaccess_application.go

@@ -1,7 +1,6 @@
 package pingaccess
 
 import (
-	"encoding/json"
 	"fmt"
 	"log"
 	"strconv"
@@ -278,32 +277,8 @@ func resourcePingAccessApplicationReadData(d *schema.ResourceData) *pa.Applicati
 		}
 	}
 
-	if _, ok := d.GetOk(policy); ok {
-		policySet := d.Get(policy).([]interface{})
-
-		webPolicies := make([]*pa.PolicyItem, 0)
-		apiPolicies := make([]*pa.PolicyItem, 0)
-
-		policy := policySet[0].(map[string]interface{})
-		for _, pV := range policy["web"].(*schema.Set).List() {
-			p := pV.(map[string]interface{})
-			webPolicies = append(webPolicies, &pa.PolicyItem{
-				Id:   json.Number(p["id"].(string)),
-				Type: String(p["type"].(string)),
-			})
-		}
-		for _, pV := range policy["api"].(*schema.Set).List() {
-			p := pV.(map[string]interface{})
-			apiPolicies = append(apiPolicies, &pa.PolicyItem{
-				Id:   json.Number(p["id"].(string)),
-				Type: String(p["type"].(string)),
-			})
-		}
-		policies := map[string]*[]*pa.PolicyItem{
-			"Web": &webPolicies,
-			"API": &apiPolicies,
-		}
-		application.Policy = policies
+	if val, ok := d.GetOkExists("policy"); ok {
+		application.Policy = expandPolicy(val.([]interface{}))
 	}
 
 	return application

pingaccess/resource_pingaccess_application_resource.go

@@ -76,8 +76,8 @@ func resourcePingAccessApplicationResourceSchema() map[string]*schema.Schema {
 		},
 		pathPrefixes: &schema.Schema{
 			Type:       schema.TypeSet,
-			Required:   true,
-			Deprecated: "DEPRECATED - to be removed in a future release; please use 'path_patterns' instead",
+			Optional:   true,
+			Deprecated: "To be removed in a future release; please use 'path_patterns' instead",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
 			},
@@ -309,6 +309,7 @@ func resourcePingAccessApplicationResourceReadData(d *schema.ResourceData) *pa.R
 
 	if val, ok := d.GetOkExists("policy"); ok {
 		resource.Policy = expandPolicy(val.([]interface{}))
+
 	}
 
 	return resource

pingaccess/resource_pingaccess_application_resource_test.go

@@ -149,6 +149,8 @@ resource "pingaccess_application_resource" "app_res_test_root_resource" {
 		"/*"
   ]
 
+	policy {}
+
   audit_level = "ON"
   anonymous = false
   enabled = true