diff --git a/internal/provider/common/role.go b/internal/provider/common/role.go index 75924af6..d181093f 100644 --- a/internal/provider/common/role.go +++ b/internal/provider/common/role.go @@ -190,3 +190,44 @@ func GetDuplicateDeploymentIds(deploymentRoles []iam.DeploymentRole) []string { return duplicates } + +func ValidateRoles( + workspaceRoles []iam.WorkspaceRole, + deploymentRoles []iam.DeploymentRole, +) diag.Diagnostics { + for _, role := range workspaceRoles { + if !ValidateRoleMatchesEntityType(string(role.Role), string(iam.WORKSPACE)) { + return diag.Diagnostics{diag.NewErrorDiagnostic( + fmt.Sprintf("Role '%s' is not valid for role type '%s'", string(role.Role), string(iam.WORKSPACE)), + fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.WORKSPACE)), + )} + } + } + + duplicateWorkspaceIds := GetDuplicateWorkspaceIds(workspaceRoles) + if len(duplicateWorkspaceIds) > 0 { + return diag.Diagnostics{diag.NewErrorDiagnostic( + "Invalid Configuration: Cannot have multiple roles with the same workspace id", + fmt.Sprintf("Please provide a unique workspace id for each role. The following workspace ids are duplicated: %v", duplicateWorkspaceIds), + )} + } + + for _, role := range deploymentRoles { + if !ValidateRoleMatchesEntityType(role.Role, string(iam.DEPLOYMENT)) { + return diag.Diagnostics{diag.NewErrorDiagnostic( + fmt.Sprintf("Role '%s' is not valid for role type '%s'", role.Role, string(iam.DEPLOYMENT)), + fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.DEPLOYMENT)), + )} + } + } + + duplicateDeploymentIds := GetDuplicateDeploymentIds(deploymentRoles) + if len(duplicateDeploymentIds) > 0 { + return diag.Diagnostics{diag.NewErrorDiagnostic( + "Invalid Configuration: Cannot have multiple roles with the same deployment id", + fmt.Sprintf("Please provide unique deployment id for each role. The following deployment ids are duplicated: %v", duplicateDeploymentIds), + )} + } + + return nil +} diff --git a/internal/provider/resources/resource_team.go b/internal/provider/resources/resource_team.go index 3f7a8098..c0c8e86b 100644 --- a/internal/provider/resources/resource_team.go +++ b/internal/provider/resources/resource_team.go @@ -25,7 +25,6 @@ import ( var _ resource.Resource = &TeamResource{} var _ resource.ResourceWithImportState = &TeamResource{} var _ resource.ResourceWithConfigure = &TeamResource{} -var _ resource.ResourceWithValidateConfig = &TeamResource{} func NewTeamResource() resource.Resource { return &TeamResource{} @@ -95,6 +94,11 @@ func (r *TeamResource) MutateRoles( } // Validate the roles + diags = common.ValidateRoles(workspaceRoles, deploymentRoles) + if diags.HasError() { + return diags + } + diags = common.ValidateWorkspaceDeploymentRoles(ctx, common.ValidateWorkspaceDeploymentRolesInput{ PlatformClient: r.PlatformClient, OrganizationId: r.OrganizationId, @@ -376,6 +380,7 @@ func (r *TeamResource) Update( resp.Diagnostics.Append(diags...) return } + } // Get Team and use this as data since it will have the correct roles @@ -451,71 +456,6 @@ func (r *TeamResource) ImportState( resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) } -func (r *TeamResource) ValidateConfig( - ctx context.Context, - req resource.ValidateConfigRequest, - resp *resource.ValidateConfigResponse, -) { - var data models.TeamResource - - resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) - if resp.Diagnostics.HasError() { - return - } - - // Validate workspace roles - workspaceRoles, diags := common.RequestWorkspaceRoles(ctx, data.WorkspaceRoles) - if diags.HasError() { - resp.Diagnostics.Append(diags...) - return - } - - for _, role := range workspaceRoles { - if !common.ValidateRoleMatchesEntityType(string(role.Role), string(iam.WORKSPACE)) { - resp.Diagnostics.AddError( - fmt.Sprintf("Role '%s' is not valid for role type '%s'", string(role.Role), string(iam.WORKSPACE)), - fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.WORKSPACE)), - ) - return - } - } - - duplicateWorkspaceIds := common.GetDuplicateWorkspaceIds(workspaceRoles) - if len(duplicateWorkspaceIds) > 0 { - resp.Diagnostics.AddError( - "Invalid Configuration: Cannot have multiple roles with the same workspace id", - fmt.Sprintf("Please provide a unique workspace id for each role. The following workspace ids are duplicated: %v", duplicateWorkspaceIds), - ) - return - } - - // Validate deployment roles - deploymentRoles, diags := common.RequestDeploymentRoles(ctx, data.DeploymentRoles) - if diags.HasError() { - resp.Diagnostics.Append(diags...) - return - } - - for _, role := range deploymentRoles { - if !common.ValidateRoleMatchesEntityType(role.Role, string(iam.DEPLOYMENT)) { - resp.Diagnostics.AddError( - fmt.Sprintf("Role '%s' is not valid for role type '%s'", role.Role, string(iam.DEPLOYMENT)), - fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.DEPLOYMENT)), - ) - return - } - } - - duplicateDeploymentIds := common.GetDuplicateDeploymentIds(deploymentRoles) - if len(duplicateDeploymentIds) > 0 { - resp.Diagnostics.AddError( - "Invalid Configuration: Cannot have multiple roles with the same deployment id", - fmt.Sprintf("Please provide unique deployment id for each role. The following deployment ids are duplicated: %v", duplicateDeploymentIds), - ) - return - } -} - func (r *TeamResource) CheckOrganizationIsScim(ctx context.Context) diag.Diagnostics { // Validate if org isScimEnabled and return error if it is org, err := r.PlatformClient.GetOrganizationWithResponse(ctx, r.OrganizationId, nil) diff --git a/internal/provider/resources/resource_team_test.go b/internal/provider/resources/resource_team_test.go index d10c42d8..b0a7b73d 100644 --- a/internal/provider/resources/resource_team_test.go +++ b/internal/provider/resources/resource_team_test.go @@ -74,7 +74,7 @@ func TestAcc_ResourceTeam(t *testing.T) { }, }, }), - ExpectError: regexp.MustCompile(fmt.Sprintf("Role '%s' is not valid for role type '%s'", string(iam.ORGANIZATIONOWNER), string(iam.WORKSPACE))), + ExpectError: regexp.MustCompile(".*Invalid Attribute Value Match.*"), }, // Test failure: check for missing corresponding workspace role if deployment role is present { diff --git a/internal/provider/resources/resource_user_roles.go b/internal/provider/resources/resource_user_roles.go index 5d3961fb..5a331aee 100644 --- a/internal/provider/resources/resource_user_roles.go +++ b/internal/provider/resources/resource_user_roles.go @@ -96,6 +96,11 @@ func (r *UserRolesResource) MutateRoles( } // Validate the roles + diags = common.ValidateRoles(workspaceRoles, deploymentRoles) + if diags.HasError() { + return diags + } + diags = common.ValidateWorkspaceDeploymentRoles(ctx, common.ValidateWorkspaceDeploymentRolesInput{ PlatformClient: r.platformClient, OrganizationId: r.organizationId, @@ -311,68 +316,3 @@ func (r *UserRolesResource) ImportState( ) { resource.ImportStatePassthroughID(ctx, path.Root("user_id"), req, resp) } - -func (r *UserRolesResource) ValidateConfig( - ctx context.Context, - req resource.ValidateConfigRequest, - resp *resource.ValidateConfigResponse, -) { - var data models.UserRoles - - resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) - if resp.Diagnostics.HasError() { - return - } - - // Validate workspace roles - workspaceRoles, diags := common.RequestWorkspaceRoles(ctx, data.WorkspaceRoles) - if diags.HasError() { - resp.Diagnostics.Append(diags...) - return - } - - for _, role := range workspaceRoles { - if !common.ValidateRoleMatchesEntityType(string(role.Role), string(iam.WORKSPACE)) { - resp.Diagnostics.AddError( - fmt.Sprintf("Role '%s' is not valid for role type '%s'", string(role.Role), string(iam.WORKSPACE)), - fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.WORKSPACE)), - ) - return - } - } - - duplicateWorkspaceIds := common.GetDuplicateWorkspaceIds(workspaceRoles) - if len(duplicateWorkspaceIds) > 0 { - resp.Diagnostics.AddError( - "Invalid Configuration: Cannot have multiple roles with the same workspace id", - fmt.Sprintf("Please provide a unique workspace id for each role. The following workspace ids are duplicated: %v", duplicateWorkspaceIds), - ) - return - } - - // Validate deployment roles - deploymentRoles, diags := common.RequestDeploymentRoles(ctx, data.DeploymentRoles) - if diags.HasError() { - resp.Diagnostics.Append(diags...) - return - } - - for _, role := range deploymentRoles { - if !common.ValidateRoleMatchesEntityType(role.Role, string(iam.DEPLOYMENT)) { - resp.Diagnostics.AddError( - fmt.Sprintf("Role '%s' is not valid for role type '%s'", role.Role, string(iam.DEPLOYMENT)), - fmt.Sprintf("Please provide a valid role for the type '%s'", string(iam.DEPLOYMENT)), - ) - return - } - } - - duplicateDeploymentIds := common.GetDuplicateDeploymentIds(deploymentRoles) - if len(duplicateDeploymentIds) > 0 { - resp.Diagnostics.AddError( - "Invalid Configuration: Cannot have multiple roles with the same deployment id", - fmt.Sprintf("Please provide unique deployment id for each role. The following deployment ids are duplicated: %v", duplicateDeploymentIds), - ) - return - } -} diff --git a/internal/provider/resources/resource_user_roles_test.go b/internal/provider/resources/resource_user_roles_test.go index a8ad5f10..ae0e7ee9 100644 --- a/internal/provider/resources/resource_user_roles_test.go +++ b/internal/provider/resources/resource_user_roles_test.go @@ -40,7 +40,7 @@ func TestAcc_ResourceUserRoles(t *testing.T) { }, }, }), - ExpectError: regexp.MustCompile(fmt.Sprintf("Role '%s' is not valid for role type '%s'", string(iam.ORGANIZATIONOWNER), string(iam.WORKSPACE))), + ExpectError: regexp.MustCompile(".*Invalid Attribute Value Match.*"), }, // Test failure: check for missing corresponding workspace role if deployment role is present {