Merge pull request #1273 from hashicorp/bugfix/access-package-policy-…

…schema

bugfix: add MinItems validation to Required blocks for azuread_access_package_assignment_policy

internal/services/identitygovernance/access_package_assignment_policy_resource_test.go

@@ -93,6 +93,28 @@ func TestAccAccessPackageAssignmentPolicy_update(t *testing.T) {
 	})
 }
 
+func TestAccAccessPackageAssignmentPolicy_removeQuestion(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azuread_access_package_assignment_policy", "test")
+	r := AccessPackageAssignmentPolicyResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep("access_package_id"),
+		{
+			Config: r.basicWithoutQuestion(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep("access_package_id"),
+	})
+}
+
 func (AccessPackageAssignmentPolicyResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.IdentityGovernance.AccessPackageAssignmentPolicyClient
 	client.BaseClient.DisableRetries = true
@@ -190,6 +212,59 @@ resource "azuread_access_package_assignment_policy" "test" {
 `, data.RandomInteger)
 }
 
+func (AccessPackageAssignmentPolicyResource) basicWithoutQuestion(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azuread" {}
+
+resource "azuread_group" "test" {
+  display_name     = "test-group-%[1]d"
+  security_enabled = true
+}
+
+resource "azuread_access_package_catalog" "test_catalog" {
+  display_name = "testacc-asscess-assignment-%[1]d"
+  description  = "TestAcc Catalog %[1]d for access assignment policy"
+}
+
+resource "azuread_access_package" "test" {
+  display_name = "testacc-asscess-assignment-%[1]d"
+  description  = "TestAcc Access Package %[1]d for access assignment policy"
+  catalog_id   = azuread_access_package_catalog.test_catalog.id
+}
+
+resource "azuread_access_package_assignment_policy" "test" {
+  display_name      = "testacc-asscess-assignment-%[1]d"
+  description       = "TestAcc Access Package Assignnment Policy %[1]d"
+  duration_in_days  = 90
+  access_package_id = azuread_access_package.test.id
+
+  requestor_settings {
+    scope_type = "AllExistingDirectoryMemberUsers"
+  }
+
+  approval_settings {
+    approval_required = true
+    approval_stage {
+      approval_timeout_in_days = 14
+
+      primary_approver {
+        object_id    = azuread_group.test.object_id
+        subject_type = "groupMembers"
+      }
+    }
+  }
+
+  assignment_review_settings {
+    enabled                        = true
+    review_frequency               = "weekly"
+    duration_in_days               = 3
+    review_type                    = "Self"
+    access_review_timeout_behavior = "keepAccess"
+  }
+}
+`, data.RandomInteger)
+}
+
 func (AccessPackageAssignmentPolicyResource) complete(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azuread" {}

internal/services/identitygovernance/identitygovernance.go

@@ -233,36 +233,45 @@ func userSetShortType(in string) *string {
 func expandAccessPackageQuestions(questions []interface{}) *[]msgraph.AccessPackageQuestion {
 	result := make([]msgraph.AccessPackageQuestion, 0)
 
-	for _, v := range questions {
-		v_map := v.(map[string]interface{})
-		v_text_list := v_map["text"].([]interface{})
-		v_text := v_text_list[0].(map[string]interface{})
+	for _, questionRaw := range questions {
+		question := questionRaw.(map[string]interface{})
+		textList := question["text"].([]interface{})
 
-		q := msgraph.AccessPackageQuestion{
-			IsRequired: pointer.To(v_map["required"].(bool)),
-			Sequence:   pointer.To(int32(v_map["sequence"].(int))),
-			Text:       expandAccessPackageLocalizedContent(v_text),
+		if len(textList) == 0 {
+			continue
 		}
 
-		v_map_choices := v_map["choice"].([]interface{})
-		q.ODataType = pointer.To(odata.TypeAccessPackageTextInputQuestion)
-		if len(v_map_choices) > 0 {
-			q.ODataType = pointer.To(odata.TypeAccessPackageMultipleChoiceQuestion)
+		text := textList[0].(map[string]interface{})
+
+		resultQuestion := msgraph.AccessPackageQuestion{
+			ODataType:  pointer.To(odata.TypeAccessPackageTextInputQuestion),
+			IsRequired: pointer.To(question["required"].(bool)),
+			Sequence:   pointer.To(int32(question["sequence"].(int))),
+			Text:       expandAccessPackageLocalizedContent(text),
+		}
+
+		if choicesRaw := question["choice"].([]interface{}); len(choicesRaw) > 0 {
+			resultQuestion.ODataType = pointer.To(odata.TypeAccessPackageMultipleChoiceQuestion)
 			choices := make([]msgraph.AccessPackageMultipleChoiceQuestions, 0)
 
-			for _, c := range v_map_choices {
-				c_map := c.(map[string]interface{})
-				c_map_display_value := c_map["display_value"].([]interface{})
+			for _, choiceRaw := range choicesRaw {
+				choice := choiceRaw.(map[string]interface{})
+				displayValue := make(map[string]interface{})
+				if v := choice["display_value"].([]interface{}); len(v) > 0 {
+					displayValue = v[0].(map[string]interface{})
+				}
 				choices = append(choices, msgraph.AccessPackageMultipleChoiceQuestions{
-					ActualValue:  pointer.To(c_map["actual_value"].(string)),
-					DisplayValue: expandAccessPackageLocalizedContent(c_map_display_value[0].(map[string]interface{})),
+					ActualValue:  pointer.To(choice["actual_value"].(string)),
+					DisplayValue: expandAccessPackageLocalizedContent(displayValue),
 				})
 			}
 
-			q.Choices = &choices
+			if len(choices) > 0 {
+				resultQuestion.Choices = pointer.To(choices)
+			}
 		}
 
-		result = append(result, q)
+		result = append(result, resultQuestion)
 	}
 
 	return &result
@@ -304,6 +313,10 @@ func flattenAccessPackageQuestions(input *[]msgraph.AccessPackageQuestion) []map
 }
 
 func expandAccessPackageLocalizedContent(input map[string]interface{}) *msgraph.AccessPackageLocalizedContent {
+	if len(input) == 0 {
+		return nil
+	}
+
 	result := msgraph.AccessPackageLocalizedContent{
 		DefaultText: pointer.To(input["default_text"].(string)),
 	}