fix(iam/policy): change rule from list to set (#1361)

scaleway · Jul 8, 2022 · 229636c · 229636c
1 parent bd1d718
commit 229636c
Show file tree

Hide file tree

Showing 8 changed files with 412 additions and 372 deletions.
diff --git a/scaleway/helpers_iam.go b/scaleway/helpers_iam.go
@@ -1,6 +1,9 @@
 package scaleway
 
 import (
+	"bytes"
+	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
 	"github.com/scaleway/scaleway-sdk-go/scw"
@@ -21,10 +24,20 @@ func expandPermissionSetNames(rawPermissions interface{}) *[]string {
 	return &permissions
 }
 
+func flattenPermissionSetNames(permissions []string) *schema.Set {
+	rawPermissions := []interface{}(nil)
+	for _, perm := range permissions {
+		rawPermissions = append(rawPermissions, perm)
+	}
+	return schema.NewSet(func(i interface{}) int {
+		return StringHashcode(i.(string))
+	}, rawPermissions)
+}
+
 func expandPolicyRuleSpecs(d interface{}) []*iam.RuleSpecs {
 	rules := []*iam.RuleSpecs(nil)
-	rawRules := d.([]interface{})
-	for _, rawRule := range rawRules {
+	rawRules := d.(*schema.Set)
+	for _, rawRule := range rawRules.List() {
 		mapRule := rawRule.(map[string]interface{})
 		rule := &iam.RuleSpecs{
 			PermissionSetNames: expandPermissionSetNames(mapRule["permission_set_names"]),
@@ -40,6 +53,32 @@ func expandPolicyRuleSpecs(d interface{}) []*iam.RuleSpecs {
 	return rules
 }
 
+func iamPolicyRuleHash(v interface{}) int {
+	var buf bytes.Buffer
+	m, ok := v.(map[string]interface{})
+
+	if !ok {
+		return 0
+	}
+
+	if orgID, hasOrgID := m["organization_id"]; hasOrgID && orgID != nil {
+		buf.WriteString(fmt.Sprintf("%s-", orgID.(string)))
+	}
+	if projIDs, hasProjIDs := m["project_ids"]; hasProjIDs && projIDs != nil {
+		projIDList := projIDs.([]interface{})
+		for _, projID := range projIDList {
+			buf.WriteString(fmt.Sprintf("%s-", projID.(string)))
+		}
+	}
+	if permSet, hasPermSet := m["permission_set_names"]; hasPermSet {
+		permSetNames := permSet.(*schema.Set)
+		for _, permName := range permSetNames.List() {
+			buf.WriteString(fmt.Sprintf("%s-", permName.(string)))
+		}
+	}
+	return StringHashcode(buf.String())
+}
+
 func flattenPolicyRules(rules []*iam.Rule) interface{} {
 	rawRules := []interface{}(nil)
 	for _, rule := range rules {
@@ -53,9 +92,9 @@ func flattenPolicyRules(rules []*iam.Rule) interface{} {
 			rawRule["project_ids"] = flattenSliceString(*rule.ProjectIDs)
 		}
 		if rule.PermissionSetNames != nil {
-			rawRule["permission_set_names"] = flattenSliceString(*rule.PermissionSetNames)
+			rawRule["permission_set_names"] = flattenPermissionSetNames(*rule.PermissionSetNames)
 		}
 		rawRules = append(rawRules, rawRule)
 	}
-	return rawRules
+	return schema.NewSet(iamPolicyRuleHash, rawRules)
 }
diff --git a/scaleway/resource_iam_policy.go b/scaleway/resource_iam_policy.go
@@ -73,9 +73,10 @@ func resourceScalewayIamPolicy() *schema.Resource {
 				ExactlyOneOf: []string{"user_id", "group_id", "application_id"},
 			},
 			"rule": {
-				Type:        schema.TypeList,
+				Type:        schema.TypeSet,
 				Required:    true,
 				Description: "Rules of the policy to create",
+				Set:         iamPolicyRuleHash,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"organization_id": {

diff --git a/scaleway/resource_iam_policy_test.go b/scaleway/resource_iam_policy_test.go
@@ -68,7 +68,7 @@ func TestAccScalewayIamPolicy_Basic(t *testing.T) {
 							}
 							rule {
 								organization_id = "%[1]s"
-								permission_set_names = ["AllProductsFullAccess"]
+								permission_set_names = ["ContainerRegistryReadOnly"]
 							}
 						}
 					`, orgID),
@@ -80,7 +80,7 @@ func TestAccScalewayIamPolicy_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.0.organization_id", orgID),
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.0.permission_set_names.0", "AllProductsFullAccess"),
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.1.organization_id", orgID),
-					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.1.permission_set_names.0", "AllProductsFullAccess"),
+					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.1.permission_set_names.0", "ContainerRegistryReadOnly"),
 				),
 			},
 			{
@@ -100,7 +100,7 @@ func TestAccScalewayIamPolicy_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "name", "tf_tests_policy_basic"),
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "description", "a description"),
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "no_principal", "true"),
-					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.0.organization_id", orgID),
+					resource.TestCheckTypeSetElemNestedAttrs("scaleway_iam_policy.main", "rule.*", map[string]string{"organization_id": orgID}),
 					resource.TestCheckResourceAttr("scaleway_iam_policy.main", "rule.0.permission_set_names.0", "AllProductsFullAccess"),
 				),
 			},