From 09dee12da8d1dd0f8b08aef7541a6ee053e4cada Mon Sep 17 00:00:00 2001 From: Volodymyr Manilo Date: Fri, 26 Jan 2024 02:21:06 +0100 Subject: [PATCH] fix update groups and service accounts access --- .../internal/provider/resource/resource.go | 36 +++----- .../test/acctests/resource/resource_test.go | 86 +++++++++++++++++++ 2 files changed, 100 insertions(+), 22 deletions(-) diff --git a/twingate/internal/provider/resource/resource.go b/twingate/internal/provider/resource/resource.go index 5c65140e..b730cc71 100644 --- a/twingate/internal/provider/resource/resource.go +++ b/twingate/internal/provider/resource/resource.go @@ -120,7 +120,7 @@ func (r *twingateResource) ImportState(ctx context.Context, req resource.ImportS } if len(res.Groups) > 0 || len(res.ServiceAccounts) > 0 { - access, diags := convertAccessBlockToTerraform(ctx, res, types.SetNull(types.StringType), types.SetNull(types.StringType)) + access, diags := convertAccessBlockToTerraform(ctx, res) resp.Diagnostics.Append(diags...) @@ -1184,19 +1184,15 @@ func setState(ctx context.Context, state, reference *resourceModel, resource *mo } } - if !state.Access.IsNull() { - access, diags := convertAccessBlockToTerraform(ctx, resource, - state.Access.Elements()[0].(types.Object).Attributes()[attr.GroupIDs], - state.Access.Elements()[0].(types.Object).Attributes()[attr.ServiceAccountIDs]) + access, diags := convertAccessBlockToTerraform(ctx, resource) - diagnostics.Append(diags...) - - if diagnostics.HasError() { - return - } + diagnostics.Append(diags...) - state.Access = access + if diagnostics.HasError() { + return } + + state.Access = access } func convertProtocolsToTerraform(protocols *model.Protocols, reference *types.Object) (types.Object, diag.Diagnostics) { @@ -1362,9 +1358,13 @@ func protocolAttributeTypes() map[string]tfattr.Type { } } -func convertAccessBlockToTerraform(ctx context.Context, resource *model.Resource, stateGroupIDs, stateServiceAccounts tfattr.Value) (types.List, diag.Diagnostics) { +func convertAccessBlockToTerraform(ctx context.Context, resource *model.Resource) (types.List, diag.Diagnostics) { var diagnostics, diags diag.Diagnostics + if len(resource.Groups) == 0 && len(resource.ServiceAccounts) == 0 { + return makeObjectsListNull(ctx, accessAttributeTypes()), diagnostics + } + groupIDs, serviceAccountIDs := types.SetNull(types.StringType), types.SetNull(types.StringType) if len(resource.Groups) > 0 { @@ -1382,16 +1382,8 @@ func convertAccessBlockToTerraform(ctx context.Context, resource *model.Resource } attributes := map[string]tfattr.Value{ - attr.GroupIDs: stateGroupIDs, - attr.ServiceAccountIDs: stateServiceAccounts, - } - - if !groupIDs.IsNull() { - attributes[attr.GroupIDs] = groupIDs - } - - if !serviceAccountIDs.IsNull() { - attributes[attr.ServiceAccountIDs] = serviceAccountIDs + attr.GroupIDs: groupIDs, + attr.ServiceAccountIDs: serviceAccountIDs, } obj, diags := types.ObjectValue(accessAttributeTypes(), attributes) diff --git a/twingate/internal/test/acctests/resource/resource_test.go b/twingate/internal/test/acctests/resource/resource_test.go index 0b3c6267..4c5395bb 100644 --- a/twingate/internal/test/acctests/resource/resource_test.go +++ b/twingate/internal/test/acctests/resource/resource_test.go @@ -944,6 +944,22 @@ func TestAccTwingateResourceAddAccessGroupsAndServiceAccounts(t *testing.T) { sdk.TestCheckResourceAttr(theResource, accessServiceAccountIdsLen, "1"), ), }, + { + Config: createResource16WithoutServiceAccounts(remoteNetworkName, resourceName, groups, groupsID, createServiceAccount(resourceName, serviceAccountName)), + Check: acctests.ComposeTestCheckFunc( + acctests.CheckTwingateResourceExists(theResource), + sdk.TestCheckResourceAttr(theResource, accessGroupIdsLen, "1"), + sdk.TestCheckResourceAttr(theResource, accessServiceAccountIdsLen, "0"), + ), + }, + { + Config: createResource16WithoutGroups(remoteNetworkName, resourceName, groups, groupsID, createServiceAccount(resourceName, serviceAccountName)), + Check: acctests.ComposeTestCheckFunc( + acctests.CheckTwingateResourceExists(theResource), + sdk.TestCheckResourceAttr(theResource, accessGroupIdsLen, "0"), + sdk.TestCheckResourceAttr(theResource, accessServiceAccountIdsLen, "1"), + ), + }, }, }) } @@ -983,6 +999,76 @@ func createResource16(networkName, resourceName string, groups, groupsID []strin `, networkName, strings.Join(groups, "\n"), terraformServiceAccount, resourceName, model.PolicyRestricted, model.PolicyAllowAll, strings.Join(groupsID, ", "), acctests.TerraformServiceAccount(resourceName)+".id") } +func createResource16WithoutServiceAccounts(networkName, resourceName string, groups, groupsID []string, terraformServiceAccount string) string { + return fmt.Sprintf(` + resource "twingate_remote_network" "test16" { + name = "%s" + } + + %s + + %s + + resource "twingate_resource" "test16" { + name = "%s" + address = "acc-test.com.16" + remote_network_id = twingate_remote_network.test16.id + + protocols = { + allow_icmp = true + tcp = { + policy = "%s" + ports = ["80", "82-83"] + } + udp = { + policy = "%s" + } + } + + access { + group_ids = [%s] + # service_account_ids = [%s] + } + + } + `, networkName, strings.Join(groups, "\n"), terraformServiceAccount, resourceName, model.PolicyRestricted, model.PolicyAllowAll, strings.Join(groupsID, ", "), acctests.TerraformServiceAccount(resourceName)+".id") +} + +func createResource16WithoutGroups(networkName, resourceName string, groups, groupsID []string, terraformServiceAccount string) string { + return fmt.Sprintf(` + resource "twingate_remote_network" "test16" { + name = "%s" + } + + %s + + %s + + resource "twingate_resource" "test16" { + name = "%s" + address = "acc-test.com.16" + remote_network_id = twingate_remote_network.test16.id + + protocols = { + allow_icmp = true + tcp = { + policy = "%s" + ports = ["80", "82-83"] + } + udp = { + policy = "%s" + } + } + + access { + # group_ids = [%s] + service_account_ids = [%s] + } + + } + `, networkName, strings.Join(groups, "\n"), terraformServiceAccount, resourceName, model.PolicyRestricted, model.PolicyAllowAll, strings.Join(groupsID, ", "), acctests.TerraformServiceAccount(resourceName)+".id") +} + func TestAccTwingateResourceAccessServiceAccountsNotAuthoritative(t *testing.T) { t.Parallel() const theResource = "twingate_resource.test17"