-
Notifications
You must be signed in to change notification settings - Fork 535
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bound_claims
not getting unset for vault_jwt_auth_backend_role
#1469
Conversation
bound_claims
not getting removed for vault_jwt_auth_backend_role
bound_claims
not getting unset for vault_jwt_auth_backend_role
@@ -406,6 +406,8 @@ func jwtAuthBackendRoleDataToWrite(d *schema.ResourceData, create bool) map[stri | |||
boundClaims[key] = claims | |||
} | |||
data["bound_claims"] = boundClaims | |||
} else { | |||
data["bound_claims"] = make(map[string]interface{}, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The empty map is defined on line 396 above. If we move that before the conditional we can drop the else{}
and always set bound_claims
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've done this.
@@ -477,6 +479,58 @@ func TestAccJWTAuthBackendRole_fullUpdate(t *testing.T) { | |||
"verbose_oidc_logging", "false"), | |||
), | |||
}, | |||
// Repeat test case again to remove attributes like `bound_claims` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind moving these test check funcs to a common set that can be shared between the various steps. Please use
Check: resource.ComposeTestCheckFunc( |
The resource name/path should also be factored out to a test variable called resourceName
, e.g.
resourceName := "vault_pki_secret_backend_role.test" |
Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reduced a bit of code repetition but I did not refactor out the test steps into a separate function yet. This seems like more of a refactoring effort that might make the size of this PR bigger than necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, we will take care of that after merge. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank for your contribution to HashiCorp!
Community Note
When
bound_claims
invault_jwt_auth_backend_role
is unset, it does not get removed from the role, resulting in a permanent diff and unexpected results.Release note for CHANGELOG:
Output from acceptance testing:
If the
else
clause I added in the resource is removed, the test above fails withthereby confirming the bug.