diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 5162583025..8049b0d70c 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -73,6 +73,9 @@ on: mongodb_atlas_federated_org_id: type: string required: true + mongodb_atlas_federated_settings_associated_domain: + type: string + required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: required: true @@ -529,6 +532,7 @@ jobs: MONGODB_ATLAS_FEDERATED_SSO_URL: ${{ inputs.mongodb_atlas_federated_sso_url }} MONGODB_ATLAS_FEDERATED_ISSUER_URI: ${{ inputs.mongodb_atlas_federated_issuer_uri }} MONGODB_ATLAS_FEDERATED_ORG_ID: ${{ inputs.mongodb_atlas_federated_org_id }} + MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN: ${{ inputs.mongodb_atlas_federated_settings_associated_domain }} AWS_S3_BUCKET: ${{ secrets.aws_s3_bucket_federation }} AWS_REGION: ${{ vars.aws_region_federation }} AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }} diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index 56d8d1bb91..5f67899b0d 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -92,3 +92,4 @@ jobs: mongodb_atlas_federated_sso_url: ${{ vars.MONGODB_ATLAS_FEDERATED_SSO_URL }} mongodb_atlas_federated_issuer_uri: ${{ vars.MONGODB_ATLAS_FEDERATED_ISSUER_URI }} mongodb_atlas_federated_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_ORG_ID_QA || vars.MONGODB_ATLAS_FEDERATED_ORG_ID }} + mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} diff --git a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider.go b/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider.go index 1c60c478d3..6eebc7130f 100644 --- a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider.go +++ b/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider.go @@ -22,7 +22,7 @@ const OIDC = "OIDC" func Resource() *schema.Resource { return &schema.Resource{ - CreateContext: resourceMongoDBAtlasFederatedSettingsIdentityProviderRead, + CreateContext: resourceCreateNotAllowed, ReadContext: resourceMongoDBAtlasFederatedSettingsIdentityProviderRead, UpdateContext: resourceMongoDBAtlasFederatedSettingsIdentityProviderUpdate, DeleteContext: resourceMongoDBAtlasFederatedSettingsIdentityProviderDelete, @@ -112,15 +112,14 @@ func Resource() *schema.Resource { } } +func resourceCreateNotAllowed(_ context.Context, _ *schema.ResourceData, _ any) diag.Diagnostics { + return diag.FromErr(errors.New("this resource must be imported")) +} + func resourceMongoDBAtlasFederatedSettingsIdentityProviderRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { // Get client connection. connV2 := meta.(*config.MongoDBClient).Atlas20231115008 - if d.Id() == "" { - d.SetId("") - return nil - } - ids := conversion.DecodeStateID(d.Id()) federationSettingsID := ids["federation_settings_id"] diff --git a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_migration_test.go b/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_migration_test.go deleted file mode 100644 index 8abedc3c44..0000000000 --- a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_migration_test.go +++ /dev/null @@ -1,13 +0,0 @@ -package federatedsettingsidentityprovider_test - -import ( - "testing" - - "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" -) - -func TestMigFederatedSettingsIdentityProviderRS_basic(t *testing.T) { - acc.SkipTestForCI(t) // this resource can only be imported - mig.CreateAndRunTest(t, basicTestCase(t)) -} diff --git a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_test.go b/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_test.go index fb85e424bd..fe6b3641be 100644 --- a/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_test.go +++ b/internal/service/federatedsettingsidentityprovider/resource_federated_settings_identity_provider_test.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "regexp" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -12,6 +13,18 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" ) +func TestAccFederatedSettingsIdentityProvider_createError(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + Steps: []resource.TestStep{ + { + Config: configBasic("not-used", "not-used", "not-used", "not-used"), + ExpectError: regexp.MustCompile("this resource must be imported"), + }, + }, + }) +} + func TestAccFederatedSettingsIdentityProviderRS_basic(t *testing.T) { resource.ParallelTest(t, *basicTestCase(t)) } @@ -25,37 +38,36 @@ func basicTestCase(tb testing.TB) *resource.TestCase { idpID = os.Getenv("MONGODB_ATLAS_FEDERATED_IDP_ID") ssoURL = os.Getenv("MONGODB_ATLAS_FEDERATED_SSO_URL") issuerURI = os.Getenv("MONGODB_ATLAS_FEDERATED_ISSUER_URI") + associatedDomain = os.Getenv("MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN") + config = configBasic(federationSettingsID, ssoURL, issuerURI, associatedDomain) ) return &resource.TestCase{ - PreCheck: func() { acc.PreCheckFederatedSettings(tb) }, + PreCheck: func() { acc.PreCheckFederatedSettingsIdentityProvider(tb) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Steps: []resource.TestStep{ { - Config: configBasic(federationSettingsID, ssoURL, issuerURI), - ResourceName: resourceName, - ImportStateIdFunc: importStateIDFunc(federationSettingsID, idpID), - ImportState: true, - ImportStateVerify: false, + Config: config, + ResourceName: resourceName, + ImportStateIdFunc: importStateIDFunc(federationSettingsID, idpID), + ImportState: true, + ImportStateVerify: false, + ImportStatePersist: true, }, { - Config: configBasic(federationSettingsID, ssoURL, issuerURI), - ResourceName: resourceName, - ImportStateIdFunc: importStateIDFunc(federationSettingsID, idpID), - - ImportState: true, + Config: config, Check: resource.ComposeTestCheckFunc( checkExists(resourceName, idpID), resource.TestCheckResourceAttr(resourceName, "federation_settings_id", federationSettingsID), - resource.TestCheckResourceAttr(resourceName, "name", "mongodb_federation_test"), + resource.TestCheckResourceAttr(resourceName, "name", "SAML-test"), ), }, { - Config: configBasic(federationSettingsID, ssoURL, issuerURI), + Config: config, ResourceName: resourceName, ImportStateIdFunc: importStateIDFunc(federationSettingsID, idpID), ImportState: true, - ImportStateVerify: false, + ImportStateVerify: true, }, }, } @@ -92,17 +104,17 @@ func importStateIDFunc(federationSettingsID, idpID string) resource.ImportStateI } } -func configBasic(federationSettingsID, ssoURL, issuerURI string) string { +func configBasic(federationSettingsID, ssoURL, issuerURI, associatedDomain string) string { return fmt.Sprintf(` resource "mongodbatlas_federated_settings_identity_provider" "test" { - federation_settings_id = "%[1]s" - name = "mongodb_federation_test" - associated_domains = ["reorganizeyourworld.com"] - sso_debug_enabled = true - status = "ACTIVE" - sso_url = "%[2]s" - issuer_uri = "%[3]s" - request_binding = "HTTP-POST" + federation_settings_id = %[1]q + name = "SAML-test" + associated_domains = [%[4]q] + sso_debug_enabled = true + status = "ACTIVE" + sso_url = %[2]q + issuer_uri = %[3]q + request_binding = "HTTP-POST" response_signature_algorithm = "SHA-256" - }`, federationSettingsID, ssoURL, issuerURI) + }`, federationSettingsID, ssoURL, issuerURI, associatedDomain) } diff --git a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_org_test.go b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_org_test.go index d53d2f11b6..2e8d0ce75e 100644 --- a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_org_test.go +++ b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_org_test.go @@ -10,8 +10,6 @@ import ( ) func TestAccFederatedSettingsOrgDS_basic(t *testing.T) { - acc.SkipTestForCI(t) // affects the org - var ( resourceName = "data.mongodbatlas_federated_settings_org_config.test" federatedSettingsID = os.Getenv("MONGODB_ATLAS_FEDERATION_SETTINGS_ID") @@ -28,8 +26,7 @@ func TestAccFederatedSettingsOrgDS_basic(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "federation_settings_id"), resource.TestCheckResourceAttrSet(resourceName, "role_mappings.#"), resource.TestCheckResourceAttrSet(resourceName, "identity_provider_id"), - resource.TestCheckResourceAttrSet(resourceName, "org_id"), - resource.TestCheckResourceAttr(resourceName, "identity_provider_id", "0oad4fas87jL5Xnk1297"), + resource.TestCheckResourceAttr(resourceName, "org_id", orgID), ), }, }, diff --git a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs_test.go b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs_test.go index 41140b6a8f..f581cbe2f0 100644 --- a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs_test.go +++ b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs_test.go @@ -10,8 +10,6 @@ import ( ) func TestAccFederatedSettingsOrgDSPlural_basic(t *testing.T) { - acc.SkipTestForCI(t) // affects the org - var ( resourceName = "data.mongodbatlas_federated_settings_org_configs.test" federatedSettingsID = os.Getenv("MONGODB_ATLAS_FEDERATION_SETTINGS_ID") diff --git a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org.go b/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org.go index 44f00cf3c2..1a73aa1a5e 100644 --- a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org.go +++ b/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org.go @@ -16,7 +16,7 @@ import ( func Resource() *schema.Resource { return &schema.Resource{ - CreateContext: resourceMongoDBAtlasFederatedSettingsOrganizationConfigRead, + CreateContext: resourceCreateNotAllowed, ReadContext: resourceMongoDBAtlasFederatedSettingsOrganizationConfigRead, UpdateContext: resourceMongoDBAtlasFederatedSettingsOrganizationConfigUpdate, DeleteContext: resourceMongoDBAtlasFederatedSettingsOrganizationConfigDelete, @@ -58,22 +58,18 @@ func Resource() *schema.Resource { } } +func resourceCreateNotAllowed(_ context.Context, _ *schema.ResourceData, _ any) diag.Diagnostics { + return diag.FromErr(errors.New("this resource must be imported")) +} + func resourceMongoDBAtlasFederatedSettingsOrganizationConfigRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - // Get client connection. conn := meta.(*config.MongoDBClient).AtlasV2 - - if d.Id() == "" { - d.SetId("") - return nil - } ids := conversion.DecodeStateID(d.Id()) federationSettingsID := ids["federation_settings_id"] orgID := ids["org_id"] federatedSettingsConnectedOrganization, resp, err := conn.FederatedAuthenticationApi.GetConnectedOrgConfig(context.Background(), federationSettingsID, orgID).Execute() if err != nil { - // case 404 - // deleted in the backend case if resp != nil && resp.StatusCode == http.StatusNotFound { d.SetId("") return nil diff --git a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_migration_test.go b/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_migration_test.go deleted file mode 100644 index 722fab8cb4..0000000000 --- a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_migration_test.go +++ /dev/null @@ -1,11 +0,0 @@ -package federatedsettingsorgconfig_test - -import ( - "testing" - - "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" -) - -func TestMigFederatedSettingsOrg_basic(t *testing.T) { - mig.CreateAndRunTest(t, basicTestCase(t)) -} diff --git a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_test.go b/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_test.go index f6fae92a71..c55f38c5a9 100644 --- a/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_test.go +++ b/internal/service/federatedsettingsorgconfig/resource_federated_settings_connected_org_test.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "regexp" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -12,52 +13,62 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" ) +func TestAccFederatedSettingsOrg_createError(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + Steps: []resource.TestStep{ + { + Config: configBasic("not-used", "not-used", "not-used", "not-used"), + ExpectError: regexp.MustCompile("this resource must be imported"), + }, + }, + }) +} + func TestAccFederatedSettingsOrg_basic(t *testing.T) { resource.ParallelTest(t, *basicTestCase(t)) } func basicTestCase(tb testing.TB) *resource.TestCase { tb.Helper() - acc.SkipTestForCI(tb) // affects the org + acc.SkipTestForCI(tb) // will delete the MONGODB_ATLAS_FEDERATED_ORG_ID on finish, no workaround: https://github.com/hashicorp/terraform-plugin-testing/issues/85 var ( resourceName = "mongodbatlas_federated_settings_org_config.test" federationSettingsID = os.Getenv("MONGODB_ATLAS_FEDERATION_SETTINGS_ID") orgID = os.Getenv("MONGODB_ATLAS_FEDERATED_ORG_ID") idpID = os.Getenv("MONGODB_ATLAS_FEDERATED_IDP_ID") + associatedDomain = os.Getenv("MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN") ) return &resource.TestCase{ - PreCheck: func() { acc.PreCheckFederatedSettings(tb) }, + PreCheck: func() { acc.PreCheckFederatedSettingsIdentityProvider(tb) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Steps: []resource.TestStep{ { - Config: configBasic(federationSettingsID, orgID, idpID), - ResourceName: resourceName, - ImportStateIdFunc: importStateIDFunc(federationSettingsID, orgID), - ImportState: true, - ImportStateVerify: false, + Config: configBasic(federationSettingsID, orgID, idpID, associatedDomain), + ResourceName: resourceName, + ImportStateIdFunc: importStateIDFunc(federationSettingsID, orgID), + ImportState: true, + ImportStateVerify: false, + ImportStatePersist: true, // ensure update will be tested in the next step }, { - Config: configBasic(federationSettingsID, orgID, idpID), - ResourceName: resourceName, - ImportStateIdFunc: importStateIDFunc(federationSettingsID, orgID), - ImportState: true, + Config: configBasic(federationSettingsID, orgID, idpID, associatedDomain), Check: resource.ComposeTestCheckFunc( checkExists(resourceName), resource.TestCheckResourceAttr(resourceName, "federation_settings_id", federationSettingsID), resource.TestCheckResourceAttr(resourceName, "org_id", orgID), - resource.TestCheckResourceAttr(resourceName, "name", "mongodb_federation_test"), resource.TestCheckResourceAttr(resourceName, "domain_restriction_enabled", "false"), resource.TestCheckResourceAttr(resourceName, "domain_allow_list.0", "reorganizeyourworld.com"), ), }, { - Config: configBasic(federationSettingsID, orgID, idpID), + Config: configBasic(federationSettingsID, orgID, idpID, associatedDomain), ResourceName: resourceName, ImportStateIdFunc: importStateIDFunc(federationSettingsID, orgID), ImportState: true, - ImportStateVerify: false, + ImportStateVerify: true, }, }, } @@ -94,13 +105,13 @@ func importStateIDFunc(federationSettingsID, orgID string) resource.ImportStateI } } -func configBasic(federationSettingsID, orgID, identityProviderID string) string { +func configBasic(federationSettingsID, orgID, identityProviderID, associatedDomain string) string { return fmt.Sprintf(` resource "mongodbatlas_federated_settings_org_config" "test" { federation_settings_id = "%[1]s" org_id = "%[2]s" domain_restriction_enabled = false - domain_allow_list = ["reorganizeyourworld.com"] + domain_allow_list = [%[4]q] identity_provider_id = "%[3]s" - }`, federationSettingsID, orgID, identityProviderID) + }`, federationSettingsID, orgID, identityProviderID, associatedDomain) } diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index 23e52636ce..481eff67b9 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -271,6 +271,15 @@ func PreCheckFederatedSettings(tb testing.TB) { } } +func PreCheckFederatedSettingsIdentityProvider(tb testing.TB) { + tb.Helper() + if os.Getenv("MONGODB_ATLAS_FEDERATED_ORG_ID") == "" || + os.Getenv("MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN") == "" || + os.Getenv("MONGODB_ATLAS_FEDERATION_SETTINGS_ID") == "" { + tb.Fatal("`MONGODB_ATLAS_FEDERATED_ORG_ID` and `MONGODB_ATLAS_FEDERATION_SETTINGS_ID` must be set for federated settings/verify acceptance testing") + } +} + func PreCheckPrivateEndpoint(tb testing.TB) { tb.Helper() if os.Getenv("MONGODB_ATLAS_PRIVATE_ENDPOINT_ID") == "" ||