Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use configured client_secret in state to properly handle changes #4500

Closed
wants to merge 2 commits into from
Closed

Use configured client_secret in state to properly handle changes #4500

wants to merge 2 commits into from

Conversation

JonasBak
Copy link

@JonasBak JonasBak commented Nov 4, 2024
edited
Loading

This is an attempt to solve the issue reported here: #4497

It should also fix an issue we experienced earlier (but which is now "replaced" with the issue listed above) where changes to the client_secret didn't trigger changes to the cloudflare_zero_trust_access_identity_provider resource.

This PR will change the resource so the client_secret is stored in state, so it can properly detect if the field has changed, and can trigger updates to the resource.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 4, 2024
edited
Loading

changelog detected ✅

@JonasBak JonasBak force-pushed the master branch 3 times, most recently from 10d4511 to 115332a Compare November 4, 2024 12:54
@jacobbednarz
Copy link
Member

looks like the acceptance tests are broken here

TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareAccessIdentityProvider_" -count 1 -timeout 120m -parallel 1
=== RUN   TestAccCloudflareAccessIdentityProvider_OneTimePin
--- PASS: TestAccCloudflareAccessIdentityProvider_OneTimePin (4.12s)
=== RUN   TestAccCloudflareAccessIdentityProvider_OAuth
=== PAUSE TestAccCloudflareAccessIdentityProvider_OAuth
=== RUN   TestAccCloudflareAccessIdentityProvider_OAuthWithUpdate
=== PAUSE TestAccCloudflareAccessIdentityProvider_OAuthWithUpdate
=== RUN   TestAccCloudflareAccessIdentityProvider_SAML
=== PAUSE TestAccCloudflareAccessIdentityProvider_SAML
=== RUN   TestAccCloudflareAccessIdentityProvider_AzureAD
    provider_test.go:217: Skipping acceptance test for default account (f037e56e89293a057740de681ac9abbe). Pending investigation into automating Azure IDP.
--- SKIP: TestAccCloudflareAccessIdentityProvider_AzureAD (0.00s)
=== RUN   TestAccCloudflareAccessIdentityProvider_OAuth_Import
=== PAUSE TestAccCloudflareAccessIdentityProvider_OAuth_Import
=== RUN   TestAccCloudflareAccessIdentityProvider_SCIM_Config_Secret
=== PAUSE TestAccCloudflareAccessIdentityProvider_SCIM_Config_Secret
=== RUN   TestAccCloudflareAccessIdentityProvider_SCIM_Secret_Enabled_After_Resource_Creation
=== PAUSE TestAccCloudflareAccessIdentityProvider_SCIM_Secret_Enabled_After_Resource_Creation
=== CONT  TestAccCloudflareAccessIdentityProvider_OAuth
--- PASS: TestAccCloudflareAccessIdentityProvider_OAuth (1.85s)
=== CONT  TestAccCloudflareAccessIdentityProvider_OAuth_Import
    resource_cloudflare_access_identity_provider_test.go:253: Step 2/2 error running import: ImportStateVerify attributes not equivalent. Difference is shown below. The - symbol indicates attributes missing after import.
        
          map[string]string{
        - 	"config.0.client_secret": "secret",
        + 	"config.0.client_secret": "",
          }
--- FAIL: TestAccCloudflareAccessIdentityProvider_OAuth_Import (3.18s)
=== CONT  TestAccCloudflareAccessIdentityProvider_SCIM_Secret_Enabled_After_Resource_Creation
--- PASS: TestAccCloudflareAccessIdentityProvider_SCIM_Secret_Enabled_After_Resource_Creation (10.16s)
=== CONT  TestAccCloudflareAccessIdentityProvider_SCIM_Config_Secret
--- PASS: TestAccCloudflareAccessIdentityProvider_SCIM_Config_Secret (3.83s)
=== CONT  TestAccCloudflareAccessIdentityProvider_SAML
--- PASS: TestAccCloudflareAccessIdentityProvider_SAML (2.16s)
=== CONT  TestAccCloudflareAccessIdentityProvider_OAuthWithUpdate
--- PASS: TestAccCloudflareAccessIdentityProvider_OAuthWithUpdate (7.66s)
FAIL
FAIL	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	34.142s
FAIL
make: *** [testacc] Error 1

@JonasBak
Copy link
Author

Thanks for the feedback @jacobbednarz!
I must have forgotten to run that test locally 😅

I changed the test so it doesn't try to verify the value of the client secret, as the API doesn't return the configured value, so that field can't be imported properly.

Based on what's written about ImportStateVerify in the docs:

[...]
// If certain attributes cannot be correctly imported, set the
// ImportStateVerifyIgnore field.
ImportStateVerify bool

https://pkg.go.dev/github.com/hashicorp/terraform-plugin-testing/helper/resource#TestStep

@jacobbednarz
Copy link
Member

i think #4419 already fixed this; can you confirm on your end?

@JonasBak
Copy link
Author

Nice, it looks like the changes I wanted were merged in that PR 🙌

I built the provider from the master branch and tested it, and it looks like the issue is solved 👍 I'll close this PR

@JonasBak JonasBak closed this Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobbednarz jacobbednarz Awaiting requested review from jacobbednarz jacobbednarz is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JonasBak @jacobbednarz