fix: use set for roles defined within keycloak_openid_client_role_pol…

…icy resource (#524)
keycloak · May 3, 2021 · a5a648a · a5a648a
1 parent 771e678
commit a5a648a
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 6 deletions.
diff --git a/provider/resource_keycloak_openid_client_authorization_role_policy.go b/provider/resource_keycloak_openid_client_authorization_role_policy.go
@@ -46,7 +46,7 @@ func resourceKeycloakOpenidClientAuthorizationRolePolicy() *schema.Resource {
 				Optional: true,
 			},
 			"role": {
-				Type:     schema.TypeList,
+				Type:     schema.TypeSet,
 				Required: true,
 				MinItems: 1,
 				Elem: &schema.Resource{
@@ -68,8 +68,8 @@ func resourceKeycloakOpenidClientAuthorizationRolePolicy() *schema.Resource {
 
 func getOpenidClientAuthorizationRolePolicyResourceFromData(data *schema.ResourceData) *keycloak.OpenidClientAuthorizationRolePolicy {
 	var rolesList []keycloak.OpenidClientAuthorizationRole
-	if v, ok := data.Get("role").([]interface{}); ok {
-		for _, role := range v {
+	if v, ok := data.Get("role").(*schema.Set); ok {
+		for _, role := range v.List() {
 			roleMap := role.(map[string]interface{})
 			tempRole := keycloak.OpenidClientAuthorizationRole{
 				Id:       roleMap["id"].(string),

diff --git a/provider/resource_keycloak_openid_client_authorization_role_policy_test.go b/provider/resource_keycloak_openid_client_authorization_role_policy_test.go
@@ -2,6 +2,7 @@ package provider
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
@@ -10,8 +11,9 @@ import (
 	"github.com/mrparkers/terraform-provider-keycloak/keycloak"
 )
 
-func TestAccKeycloakOpenidClientAuthorizationRolePolicy(t *testing.T) {
+func TestAccKeycloakOpenidClientAuthorizationRolePolicy_basic(t *testing.T) {
 	t.Parallel()
+
 	clientId := acctest.RandomWithPrefix("tf-acc")
 	roleName := acctest.RandomWithPrefix("tf-acc")
 
@@ -28,6 +30,28 @@ func TestAccKeycloakOpenidClientAuthorizationRolePolicy(t *testing.T) {
 	})
 }
 
+func TestAccKeycloakOpenidClientAuthorizationRolePolicy_multiple(t *testing.T) {
+	t.Parallel()
+
+	clientId := acctest.RandomWithPrefix("tf-acc")
+	var roleNames []string
+	for i := 0; i < acctest.RandIntRange(7, 12); i++ {
+		roleNames = append(roleNames, acctest.RandomWithPrefix("tf-acc"))
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: testAccProviderFactories,
+		PreCheck:          func() { testAccPreCheck(t) },
+		CheckDestroy:      testResourceKeycloakOpenidClientAuthorizationRolePolicyDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testResourceKeycloakOpenidClientAuthorizationRolePolicy_multipleRoles(roleNames, clientId),
+				Check:  testResourceKeycloakOpenidClientAuthorizationRolePolicyExists("keycloak_openid_client_role_policy.test"),
+			},
+		},
+	})
+}
+
 func getResourceKeycloakOpenidClientAuthorizationRolePolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationRolePolicy, error) {
 	rs, ok := s.RootModule().Resources[resourceName]
 	if !ok {
@@ -101,16 +125,67 @@ resource "keycloak_role" "test" {
 }
 
 resource keycloak_openid_client_role_policy test {
-	resource_server_id = "${keycloak_openid_client.test.resource_server_id}"
+	resource_server_id = keycloak_openid_client.test.resource_server_id
 	realm_id = data.keycloak_realm.realm.id
 	name = "keycloak_openid_client_role_policy"
 	decision_strategy = "AFFIRMATIVE"
 	logic = "POSITIVE"
 	type = "role"
 	role  {
-		id = "${keycloak_role.test.id}"
+		id = keycloak_role.test.id
 		required = false
 	}
 }
 	`, testAccRealm.Realm, roleName, clientId)
 }
+
+func testResourceKeycloakOpenidClientAuthorizationRolePolicy_multipleRoles(roleNames []string, clientId string) string {
+	var (
+		roles        strings.Builder
+		rolePolicies strings.Builder
+	)
+	for i, roleName := range roleNames {
+		roles.WriteString(fmt.Sprintf(`
+resource "keycloak_role" "role_%d" {
+	realm_id    = data.keycloak_realm.realm.id
+	name        = "%s"
+}
+`, i, roleName))
+		rolePolicies.WriteString(fmt.Sprintf(`
+	role  {
+		id = keycloak_role.role_%d.id
+		required = false
+	}
+`, i))
+	}
+
+	return fmt.Sprintf(`
+data "keycloak_realm" "realm" {
+	realm = "%s"
+}
+
+resource keycloak_openid_client test {
+	client_id                = "%s"
+	realm_id                 = data.keycloak_realm.realm.id
+	access_type              = "CONFIDENTIAL"
+	service_accounts_enabled = true
+	authorization {
+		policy_enforcement_mode = "ENFORCING"
+	}
+}
+
+%s
+
+resource keycloak_openid_client_role_policy test {
+	resource_server_id = keycloak_openid_client.test.resource_server_id
+	realm_id = data.keycloak_realm.realm.id
+	name = "keycloak_openid_client_role_policy"
+	decision_strategy = "AFFIRMATIVE"
+	logic = "POSITIVE"
+	type = "role"
+
+%s
+
+}
+	`, testAccRealm.Realm, clientId, roles.String(), rolePolicies.String())
+}