From a852a54e914f60332829832a377f0908f826518a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20MARCHAND?= Date: Mon, 16 Nov 2020 16:38:26 +0100 Subject: [PATCH 01/15] new resource: keycloak_users_permissions (#400) --- docs/resources/users_permission.md | 144 +++++++++ example/client_authorization_policys.tf | 22 ++ keycloak/users_permissions.go | 37 +++ provider/provider.go | 1 + .../resource_keycloak_users_permissions.go | 281 ++++++++++++++++++ ...esource_keycloak_users_permissions_test.go | 222 ++++++++++++++ 6 files changed, 707 insertions(+) create mode 100644 docs/resources/users_permission.md create mode 100644 keycloak/users_permissions.go create mode 100644 provider/resource_keycloak_users_permissions.go create mode 100644 provider/resource_keycloak_users_permissions_test.go diff --git a/docs/resources/users_permission.md b/docs/resources/users_permission.md new file mode 100644 index 00000000..703e6d0a --- /dev/null +++ b/docs/resources/users_permission.md @@ -0,0 +1,144 @@ +--- +page_title: "keycloak_users_permissions Resource" +--- + +# keycloak_users_permissions + +Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions + +This is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions). +This feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the +example [`docker-compose.yml`](https://github.com/mrparkers/terraform-provider-keycloak/blob/898094df6b3e01c3404981ce7ca268142d6ff0e5/docker-compose.yml#L21) file for an example. + +When enabling fine-grained permissions for users, Keycloak does several things automatically: +1. Enable Authorization on built-in `realm-management` client (if not already enabled). +1. Create a resource representing the users permissions. +1. Create scopes `view`, `manage`, `map-roles`, `manage-group-membership`, `impersonate`, and `user-impersonated`. +1. Create all scope based permission for the scopes and users resources. + +~> This resource should only be created once per realm. + +## Example Usage + +```hcl +resource "keycloak_realm" "realm" { + realm = "my-realm" +} + +data "keycloak_openid_client" "realm_management" { + realm_id = keycloak_realm.realm.id + client_id = "realm-management" +} + +// enable permissions for realm-management client +resource "keycloak_openid_client_permissions" "realm_management_permission" { + realm_id = keycloak_realm.realm.id + client_id = data.keycloak_openid_client.realm_management.id + enabled = true +} + +// creating a user to use with the keycloak_openid_client_user_policy resource +resource "keycloak_user" "test" { + realm_id = keycloak_realm.realm.id + username = "test-user" + + email = "test-user@fakedomain.com" + first_name = "Testy" + last_name = "Tester" +} + +resource "keycloak_openid_client_user_policy" "test" { + realm_id = keycloak_realm.realm.id + resource_server_id = "${data.keycloak_openid_client.realm_management.id}" + name = "client_user_policy_test" + + users = [keycloak_user.test.id] + logic = "POSITIVE" + decision_strategy = "UNANIMOUS" + + depends_on = [ + keycloak_openid_client_permissions.realm-management_permission, + ] +} + +resource "keycloak_users_permissions" "users_permissions" { + realm_id = keycloak_realm.realm.id + + view_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } + + manage_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } + + map_roles_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } + + manage_group_membership_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } + + impersonate_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } + + user_impersonated_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "description" + decision_strategy = "UNANIMOUS" + } +} +``` + +### Argument Reference + +The following arguments are supported: + +- `realm_id` - (Required) The realm in which to manage fine-grained user permissions. + +Each of the scopes that can be managed are defined below: + +- `view_scope` - (Optional) When specified, set the scope based view permission. +- `manage_scope` - (Optional) When specified, set the scope based manage permission. +- `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission. +- `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission. +- `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission. +- `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission. + +The configuration block for each of these scopes supports the following arguments: + +- `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID. +- `description` - (Optional) Description of the permission. +- `decision_strategy` - (Optional) Decision strategy of the permission. + +### Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +- `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`. +- `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed. + diff --git a/example/client_authorization_policys.tf b/example/client_authorization_policys.tf index d761923c..44bb5c17 100644 --- a/example/client_authorization_policys.tf +++ b/example/client_authorization_policys.tf @@ -172,3 +172,25 @@ resource keycloak_openid_client_user_policy test { logic = "POSITIVE" decision_strategy = "UNANIMOUS" } + +# users permissions + +resource "keycloak_users_permissions" "my_permission" { + realm_id = keycloak_realm.test_authorization.id + + view_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "view_scope" + decision_strategy = "CONSENSUS" + } + + manage_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "manage_scope" + decision_strategy = "UNANIMOUS" + } +} diff --git a/keycloak/users_permissions.go b/keycloak/users_permissions.go new file mode 100644 index 00000000..f1c4a19c --- /dev/null +++ b/keycloak/users_permissions.go @@ -0,0 +1,37 @@ +package keycloak + +import ( + "fmt" +) + +type UsersPermissionsInput struct { + Enabled bool `json:"enabled"` +} + +type UsersPermissions struct { + RealmId string `json:"-"` + Enabled bool `json:"enabled"` + Resource string `json:"resource"` + ScopePermissions map[string]interface{} `json:"scopePermissions"` +} + +func (keycloakClient *KeycloakClient) EnableUsersPermissions(realmId string) error { + return keycloakClient.put(fmt.Sprintf("/realms/%s/users-management-permissions", realmId), UsersPermissionsInput{Enabled: true}) +} + +func (keycloakClient *KeycloakClient) DisableUsersPermissions(realmId string) error { + return keycloakClient.put(fmt.Sprintf("/realms/%s/users-management-permissions", realmId), UsersPermissionsInput{Enabled: false}) +} + +func (keycloakClient *KeycloakClient) GetUsersPermissions(realmId string) (*UsersPermissions, error) { + var openidClientPermissions UsersPermissions + + err := keycloakClient.get(fmt.Sprintf("/realms/%s/users-management-permissions", realmId), &openidClientPermissions, nil) + if err != nil { + return nil, err + } + + openidClientPermissions.RealmId = realmId + + return &openidClientPermissions, nil +} diff --git a/provider/provider.go b/provider/provider.go index 36bce2e6..b7b3509a 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -92,6 +92,7 @@ func KeycloakProvider() *schema.Provider { "keycloak_authentication_execution_config": resourceKeycloakAuthenticationExecutionConfig(), "keycloak_identity_provider_token_exchange_scope_permission": resourceKeycloakIdentityProviderTokenExchangeScopePermission(), "keycloak_openid_client_permissions": resourceKeycloakOpenidClientPermissions(), + "keycloak_users_permissions": resourceKeycloakUsersPermissions(), }, Schema: map[string]*schema.Schema{ "client_id": { diff --git a/provider/resource_keycloak_users_permissions.go b/provider/resource_keycloak_users_permissions.go new file mode 100644 index 00000000..384808ef --- /dev/null +++ b/provider/resource_keycloak_users_permissions.go @@ -0,0 +1,281 @@ +package provider + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/mrparkers/terraform-provider-keycloak/keycloak" +) + +func userScopePermissionsSchema() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policies": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + "description": { + Type: schema.TypeString, + Optional: true, + }, + "decision_strategy": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(keycloakOpenidClientResourcePermissionDecisionStrategies, false), + }, + }, + }, + } +} + +func resourceKeycloakUsersPermissions() *schema.Resource { + return &schema.Resource{ + Create: resourceKeycloakUsersPermissionsCreate, + Read: resourceKeycloakUsersPermissionsRead, + Delete: resourceKeycloakUsersPermissionsDelete, + Update: resourceKeycloakUsersPermissionsUpdate, + Importer: &schema.ResourceImporter{ + State: resourceKeycloakUsersPermissionsImport, + }, + Schema: map[string]*schema.Schema{ + "realm_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "enabled": { + Type: schema.TypeBool, + Computed: true, + }, + "authorization_resource_server_id": { + Type: schema.TypeString, + Computed: true, + Description: "Resource server id representing the realm management client on which this permission is managed", + }, + "view_scope": userScopePermissionsSchema(), + "manage_scope": userScopePermissionsSchema(), + "map_roles_scope": userScopePermissionsSchema(), + "manage_group_membership_scope": userScopePermissionsSchema(), + "impersonate_scope": userScopePermissionsSchema(), + "user_impersonated_scope": userScopePermissionsSchema(), + }, + } +} + +func getUsersScopePermissions(keycloakClient *keycloak.KeycloakClient, realmId string, realmManagementClientId, permissionId string) (map[string]interface{}, error) { + permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, permissionId) + if err != nil { + return nil, err + } + + if permission.Description == "" && permission.DecisionStrategy == "UNANIMOUS" && len(permission.Policies) == 0 { + return nil, nil + } + + permissionViewSettings := make(map[string]interface{}) + + if permission.Description != "" { + permissionViewSettings["description"] = permission.Description + } + + if permission.DecisionStrategy != "" { + permissionViewSettings["decision_strategy"] = permission.DecisionStrategy + } + + if len(permission.Policies) > 0 { + permissionViewSettings["policies"] = permission.Policies + } + + return permissionViewSettings, nil +} + +func setUsersScopePermission(keycloakClient *keycloak.KeycloakClient, realmId, realmManagementClientId, authorizationPermissionId string, scopeDataSet *schema.Set) error { + var policies []string + + scopeData := scopeDataSet.List()[0] + scopePermission := scopeData.(map[string]interface{}) + + if v, ok := scopePermission["policies"]; ok { + for _, policy := range v.(*schema.Set).List() { + policies = append(policies, policy.(string)) + } + } + + permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, authorizationPermissionId) + if err != nil { + return err + } + + if v, ok := scopePermission["description"]; ok { + permission.Description = v.(string) + } + + if v, ok := scopePermission["decision_strategy"]; ok { + permission.DecisionStrategy = v.(string) + } + + permission.Policies = policies + + return keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) +} + +func resourceKeycloakUsersPermissionsCreate(data *schema.ResourceData, meta interface{}) error { + return resourceKeycloakUsersPermissionsUpdate(data, meta) +} + +func resourceKeycloakUsersPermissionsUpdate(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + realmId := data.Get("realm_id").(string) + + // the existence of this resource implies that it is enabled. + err := keycloakClient.EnableUsersPermissions(realmId) + if err != nil { + return err + } + + // setting scope permissions requires us to fetch the users permissions details, as well as the realm management client + usersPermissions, err := keycloakClient.GetUsersPermissions(realmId) + if err != nil { + return err + } + + realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") + if err != nil { + return err + } + + viewScope, ok := data.GetOk("view_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string), viewScope.(*schema.Set)) + if err != nil { + return err + } + } + manageScope, ok := data.GetOk("manage_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string), manageScope.(*schema.Set)) + if err != nil { + return err + } + } + mapRolesScope, ok := data.GetOk("map_roles_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string), mapRolesScope.(*schema.Set)) + if err != nil { + return err + } + } + manageGroupMembershipScope, ok := data.GetOk("manage_group_membership_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string), manageGroupMembershipScope.(*schema.Set)) + if err != nil { + return err + } + } + impersonateScope, ok := data.GetOk("impersonate_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string), impersonateScope.(*schema.Set)) + if err != nil { + return err + } + } + userImpersonatedScope, ok := data.GetOk("user_impersonated_scope") + if ok { + err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string), userImpersonatedScope.(*schema.Set)) + if err != nil { + return err + } + } + + return resourceKeycloakUsersPermissionsRead(data, meta) +} + +func resourceKeycloakUsersPermissionsRead(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + realmId := data.Get("realm_id").(string) + + realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") + if err != nil { + return err + } + + usersPermissions, err := keycloakClient.GetUsersPermissions(realmId) + if err != nil { + return handleNotFoundError(err, data) + } + + data.SetId(usersPermissions.RealmId) + data.Set("realm_id", usersPermissions.RealmId) + data.Set("enabled", usersPermissions.Enabled) + data.Set("authorization_resource_server_id", realmManagementClient.Id) + + permissionView, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string)) + if err != nil { + return err + } + if permissionView != nil { + data.Set("view_scope", []interface{}{permissionView}) + } + + permissionManage, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string)) + if err != nil { + return err + } + if permissionManage != nil { + data.Set("manage_scope", []interface{}{permissionManage}) + } + + permissionMapRoles, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string)) + if err != nil { + return err + } + if permissionMapRoles != nil { + data.Set("map_roles_scope", []interface{}{permissionMapRoles}) + } + + permissionManageGroupMembership, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string)) + if err != nil { + return err + } + if permissionManageGroupMembership != nil { + data.Set("manage_group_membership_scope", []interface{}{permissionManageGroupMembership}) + } + + permissionImpersonate, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string)) + if err != nil { + return err + } + if permissionImpersonate != nil { + data.Set("impersonate_scope", []interface{}{permissionImpersonate}) + } + + permissionUserImpersonated, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string)) + if err != nil { + return err + } + if permissionUserImpersonated != nil { + data.Set("user_impersonated_scope", []interface{}{permissionUserImpersonated}) + } + + return nil +} + +func resourceKeycloakUsersPermissionsDelete(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + realmId := data.Get("realm_id").(string) + + return keycloakClient.DisableUsersPermissions(realmId) +} + +func resourceKeycloakUsersPermissionsImport(d *schema.ResourceData, _ interface{}) ([]*schema.ResourceData, error) { + d.Set("realm_id", d.Id()) + d.SetId(d.Id()) + + return []*schema.ResourceData{d}, nil +} diff --git a/provider/resource_keycloak_users_permissions_test.go b/provider/resource_keycloak_users_permissions_test.go new file mode 100644 index 00000000..a3112477 --- /dev/null +++ b/provider/resource_keycloak_users_permissions_test.go @@ -0,0 +1,222 @@ +package provider + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/mrparkers/terraform-provider-keycloak/keycloak" +) + +func TestAccKeycloakUsersPermission_basic(t *testing.T) { + realmName := "terraform-" + acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakUsersPermissionsAreDisabled(realmName), + Steps: []resource.TestStep{ + { + Config: testKeycloakUsersPermission_basic(realmName), + Check: testAccCheckKeycloakUsersPermissionExists("keycloak_users_permissions.my_permission"), + }, + { + ResourceName: "keycloak_users_permissions.my_permission", + ImportState: true, + ImportStateVerify: true, + ImportStateId: realmName, + }, + }, + }) +} + +func testAccCheckKeycloakUsersPermissionExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + permissions, err := getUsersPermissionsFromState(s, resourceName) + if err != nil { + return err + } + rs, ok := s.RootModule().Resources[resourceName] + + if !ok { + return fmt.Errorf("resource not found: %s", resourceName) + } + authorizationResourceServerId := rs.Primary.Attributes["authorization_resource_server_id"] + + var realmManagementId string + clients, _ := keycloakClient.GetOpenidClients(permissions.RealmId, false) + for _, client := range clients { + if client.ClientId == "realm-management" { + realmManagementId = client.Id + break + } + } + + if authorizationResourceServerId != realmManagementId { + return fmt.Errorf("computed authorizationResourceServerId %s was not equal to %s (the id of the realm-management client)", authorizationResourceServerId, realmManagementId) + } + + viewScopePolicyId := rs.Primary.Attributes["view_scope.0.policies.0"] + viewScopeDescription := rs.Primary.Attributes["view_scope.0.description"] + viewScopeDecisionStrategy := rs.Primary.Attributes["view_scope.0.decision_strategy"] + + authzClientView, err := keycloakClient.GetOpenidClientAuthorizationPermission(permissions.RealmId, realmManagementId, permissions.ScopePermissions["view"].(string)) + if err != nil { + return err + } + policyId := authzClientView.Policies[0] + + if viewScopePolicyId != policyId { + return fmt.Errorf("computed viewScopePolicyId %s was not equal to policyId %s", viewScopePolicyId, policyId) + } + + if authzClientView.Description != viewScopeDescription { + return fmt.Errorf("DecisionStrategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDescription) + } + + if authzClientView.DecisionStrategy != viewScopeDecisionStrategy { + return fmt.Errorf("DecisionStrategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDecisionStrategy) + } + + authzClientManage, err := keycloakClient.GetOpenidClientAuthorizationPermission(permissions.RealmId, realmManagementId, permissions.ScopePermissions["manage"].(string)) + if err != nil { + return err + } + policies := make([]interface{}, len(authzClientManage.Policies)) + for i := range authzClientManage.Policies { + policies[i] = authzClientManage.Policies[i] + } + + policyId = rs.Primary.Attributes["manage_scope.0.policies.0"] + if !Contains(policies, policyId) { + return fmt.Errorf("computed viewScopePolicyId %s was not equal to policyId %s", viewScopePolicyId, policyId) + } + policyId = rs.Primary.Attributes["manage_scope.0.policies.1"] + if !Contains(policies, policyId) { + return fmt.Errorf("computed viewScopePolicyId %s was not equal to policyId %s", viewScopePolicyId, policyId) + } + + mapRolesScope := rs.Primary.Attributes["map_roles_scope"] + + if mapRolesScope != "" { + return fmt.Errorf("map_roles_scope found") + } + + return nil + } +} + +func testAccCheckKeycloakUsersPermissionsAreDisabled(realmId string) resource.TestCheckFunc { + return func(s *terraform.State) error { + permissions, err := keycloakClient.GetUsersPermissions(realmId) + if err != nil { + return fmt.Errorf("error getting users permissions with realm id %s: %s", realmId, err) + } + + if permissions.Enabled != false { + return fmt.Errorf("expected users permission in Keycloak to be disabled") + } + + return nil + } +} + +func getUsersPermissionsFromState(s *terraform.State, resourceName string) (*keycloak.UsersPermissions, error) { + keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return nil, fmt.Errorf("resource not found: %s", resourceName) + } + + realmId := rs.Primary.Attributes["realm_id"] + + permissions, err := keycloakClient.GetUsersPermissions(realmId) + if err != nil { + return nil, fmt.Errorf("error getting users permissions with realm id %s: %s", realmId, err) + + } + return permissions, nil +} + +func testKeycloakUsersPermission_basic(realmId string) string { + return fmt.Sprintf(` +resource "keycloak_realm" "realm" { + realm = "%s" +} + +data "keycloak_openid_client" "realm_management" { + realm_id = keycloak_realm.realm.id + client_id = "realm-management" +} + +resource "keycloak_openid_client_permissions" "realm-management_permission" { + realm_id = keycloak_realm.realm.id + client_id = data.keycloak_openid_client.realm_management.id + enabled = true +} + +resource "keycloak_user" "test" { + realm_id = keycloak_realm.realm.id + username = "test-user" + + email = "test-user@fakedomain.com" + first_name = "Testy" + last_name = "Tester" +} + +resource "keycloak_openid_client_user_policy" "test" { + realm_id = keycloak_realm.realm.id + resource_server_id = data.keycloak_openid_client.realm_management.id + name = "client_user_policy_test" + + users = [ + keycloak_user.test.id + ] + logic = "POSITIVE" + decision_strategy = "UNANIMOUS" + + depends_on = [ + keycloak_openid_client_permissions.realm-management_permission, + ] +} +resource "keycloak_openid_client_user_policy" "test2" { + realm_id = keycloak_realm.realm.id + resource_server_id = data.keycloak_openid_client.realm_management.id + name = "client_user_policy_test2" + + users = [ + keycloak_user.test.id + ] + logic = "POSITIVE" + decision_strategy = "UNANIMOUS" + + depends_on = [ + keycloak_openid_client_permissions.realm-management_permission, + ] +} + +resource "keycloak_users_permissions" "my_permission" { + realm_id = keycloak_realm.realm.id + + view_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "view_scope" + decision_strategy = "CONSENSUS" + } + + manage_scope { + policies = [ + keycloak_openid_client_user_policy.test.id, + keycloak_openid_client_user_policy.test2.id, + ] + description = "manage_scope" + decision_strategy = "UNANIMOUS" + } +} + `, realmId) +} From 25c8029904705565aa00f110749856a3041cca19 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Tue, 1 Dec 2020 09:35:22 -0600 Subject: [PATCH 02/15] add ability to check current keycloak version via client (#444) --- .circleci/config.yml | 2 +- docker-compose.yml | 2 +- keycloak/keycloak_client.go | 15 +++++- keycloak/version.go | 20 ++++++++ ...cloak_openid_client_default_scopes_test.go | 2 +- ...loak_openid_client_optional_scopes_test.go | 35 +++++--------- .../resource_keycloak_realm_events_test.go | 8 +--- provider/test_utils.go | 48 ------------------- 8 files changed, 52 insertions(+), 80 deletions(-) create mode 100644 keycloak/version.go diff --git a/.circleci/config.yml b/.circleci/config.yml index dd77b4fe..94d6809b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,7 +6,7 @@ workflows: matrix: parameters: keycloak-version: - - '11.0.1' + - '11.0.3' - '10.0.2' - '9.0.3' diff --git a/docker-compose.yml b/docker-compose.yml index 7088737c..e2103f2a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,7 @@ services: ports: - 8389:389 keycloak: - image: jboss/keycloak:10.0.2 + image: jboss/keycloak:11.0.3 command: -b 0.0.0.0 -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled depends_on: - postgres diff --git a/keycloak/keycloak_client.go b/keycloak/keycloak_client.go index d914e727..6a102dc1 100644 --- a/keycloak/keycloak_client.go +++ b/keycloak/keycloak_client.go @@ -6,6 +6,7 @@ import ( "crypto/x509" "encoding/json" "fmt" + "github.com/hashicorp/go-version" "io" "io/ioutil" "log" @@ -26,6 +27,7 @@ type KeycloakClient struct { httpClient *http.Client initialLogin bool userAgent string + version *version.Version } type ClientCredentials struct { @@ -138,7 +140,6 @@ func (keycloakClient *KeycloakClient) login() error { var clientCredentials ClientCredentials err = json.Unmarshal(body, &clientCredentials) - if err != nil { return err } @@ -147,6 +148,18 @@ func (keycloakClient *KeycloakClient) login() error { keycloakClient.clientCredentials.RefreshToken = clientCredentials.RefreshToken keycloakClient.clientCredentials.TokenType = clientCredentials.TokenType + info, err := keycloakClient.GetServerInfo() + if err != nil { + return err + } + + v, err := version.NewVersion(info.SystemInfo.ServerVersion) + if err != nil { + return err + } + + keycloakClient.version = v + return nil } diff --git a/keycloak/version.go b/keycloak/version.go new file mode 100644 index 00000000..27927864 --- /dev/null +++ b/keycloak/version.go @@ -0,0 +1,20 @@ +package keycloak + +import "github.com/hashicorp/go-version" + +type Version string + +const ( + Version_6 Version = "6.0.0" + Version_7 Version = "7.0.0" + Version_8 Version = "8.0.0" + Version_9 Version = "9.0.0" + Version_10 Version = "10.0.0" + Version_11 Version = "11.0.0" +) + +func (keycloakClient *KeycloakClient) VersionIsGreaterThanOrEqualTo(versionString Version) bool { + v, _ := version.NewVersion(string(versionString)) + + return keycloakClient.version.GreaterThanOrEqual(v) +} diff --git a/provider/resource_keycloak_openid_client_default_scopes_test.go b/provider/resource_keycloak_openid_client_default_scopes_test.go index 3a25f15e..38ea201d 100644 --- a/provider/resource_keycloak_openid_client_default_scopes_test.go +++ b/provider/resource_keycloak_openid_client_default_scopes_test.go @@ -293,7 +293,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateDuplicateScopeAssignment(t client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) - optionalClientScopes := append(getPreAssignedOptionalClientScopes(t), clientScope) + optionalClientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_optional_scopes_test.go b/provider/resource_keycloak_openid_client_optional_scopes_test.go index 12d8851a..1451d36a 100644 --- a/provider/resource_keycloak_openid_client_optional_scopes_test.go +++ b/provider/resource_keycloak_openid_client_optional_scopes_test.go @@ -12,12 +12,8 @@ import ( ) // All openid clients in Keycloak will automatically have these scopes listed as "optional client scopes". -func getPreAssignedOptionalClientScopes(t *testing.T) []string { - keycloakVersionIsGreaterThanOrEqualTo6, err := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600()) - if err != nil { - t.Fatal(err) - } - if keycloakVersionIsGreaterThanOrEqualTo6 { +func getPreAssignedOptionalClientScopes() []string { + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return []string{"address", "phone", "offline_access", "microprofile-jwt"} } else { return []string{"address", "phone", "offline_access"} @@ -29,7 +25,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) - clientScopes := append(getPreAssignedOptionalClientScopes(t), clientScope) + clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -55,7 +51,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T clientTwo := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) - clientScopes := append(getPreAssignedOptionalClientScopes(t), clientScope) + clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -78,7 +74,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) - allClientScopes := append(getPreAssignedOptionalClientScopes(t), clientScope) + allClientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) clientScopeToRemove := allClientScopes[acctest.RandIntRange(0, 2)] var subsetOfClientScopes []string @@ -149,7 +145,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testi func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { realm := "terraform-realm-" + acctest.RandString(10) client := "terraform-client-" + acctest.RandString(10) - clientScopes := append(getPreAssignedOptionalClientScopes(t), + clientScopes := append(getPreAssignedOptionalClientScopes(), "terraform-client-scope-"+acctest.RandString(10), "terraform-client-scope-"+acctest.RandString(10), "terraform-client-scope-"+acctest.RandString(10), @@ -195,7 +191,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) "terraform-client-scope-" + acctest.RandString(10), "terraform-client-scope-" + acctest.RandString(10), } - allClientScopes := append(getPreAssignedOptionalClientScopes(t), randomClientScopes...) + allClientScopes := append(getPreAssignedOptionalClientScopes(), randomClientScopes...) clientToManuallyAttach := randomClientScopes[acctest.RandIntRange(0, len(randomClientScopes)-1)] var attachedClientScopes []string @@ -243,7 +239,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) - clientScopes := append(getPreAssignedOptionalClientScopes(t), clientScope) + clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -291,7 +287,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t * Steps: []resource.TestStep{ { Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope, []string{clientScope}), - Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client.client", append(getPreAssignedOptionalClientScopes(t), clientScope)), + Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client.client", append(getPreAssignedOptionalClientScopes(), clientScope)), ExpectNonEmptyPlan: true, }, }, @@ -409,8 +405,7 @@ func testAccCheckKeycloakOpenidClientOptionalScopeIsNotAttached(resourceName, cl } func testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope string) string { - keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600()) - if keycloakVersionIsHigherOrEqualTo6 { + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` resource "keycloak_realm" "realm" { realm = "%s" @@ -525,8 +520,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { } func testKeycloakOpenidClientOptionalScopes_validationNoClient(realm, client, clientScope string) string { - keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600()) - if keycloakVersionIsHigherOrEqualTo6 { + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` resource "keycloak_realm" "realm" { realm = "%s" @@ -579,9 +573,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { } func testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(realm, client, clientScope string) string { - - keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600()) - if keycloakVersionIsHigherOrEqualTo6 { + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` resource "keycloak_realm" "realm" { realm = "%s" @@ -689,8 +681,7 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { } func testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(realm, client, clientScope string) string { - keycloakVersionIsHigherOrEqualTo6, _ := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion600()) - if keycloakVersionIsHigherOrEqualTo6 { + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` %s diff --git a/provider/resource_keycloak_realm_events_test.go b/provider/resource_keycloak_realm_events_test.go index 2f5f65ff..fd26836e 100644 --- a/provider/resource_keycloak_realm_events_test.go +++ b/provider/resource_keycloak_realm_events_test.go @@ -164,13 +164,9 @@ func TestAccKeycloakRealmEvents_unsetEnabledEventTypes(t *testing.T) { if err != nil { return err } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - keycloakVersionIsGreaterThanOrEqualTo7, err := keycloakVersionIsGreaterThanOrEqualTo(keycloakClient, getKeycloakVersion700()) - if err != nil { - return err - } - if keycloakVersionIsGreaterThanOrEqualTo7 { //keycloak versions < 7.0.0 have 63 events, versions >=7.0.0 have 67 events + keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_7) { //keycloak versions < 7.0.0 have 63 events, versions >=7.0.0 have 67 events if len(realmEventsConfig.EnabledEventTypes) != 67 { return fmt.Errorf("exptected to enabled_event_types to contain all(67) event types, but it contains %d", len(realmEventsConfig.EnabledEventTypes)) } diff --git a/provider/test_utils.go b/provider/test_utils.go index d54480bd..90924b2d 100644 --- a/provider/test_utils.go +++ b/provider/test_utils.go @@ -2,11 +2,8 @@ package provider import ( "fmt" - "github.com/hashicorp/go-version" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" "math/rand" "os" - "regexp" "strings" "testing" "time" @@ -78,48 +75,3 @@ func TestCheckResourceAttrNot(name, key, value string) resource.TestCheckFunc { return nil } } - -var keycloakServerInfoVersion *version.Version - -func keycloakVersionIsGreaterThanOrEqualTo(keycloakClient *keycloak.KeycloakClient, keycloakMajorVersion *version.Version) (bool, error) { - if keycloakServerInfoVersion == nil { - serverInfo, err := keycloakClient.GetServerInfo() - if err != nil { - return false, fmt.Errorf("/serverInfo endpoint retuned an error, server Keycloak version could not be determined: %s", err) - } - - regex := regexp.MustCompile(`^(\d+\.\d+\.\d+)`) - semver := regex.FindStringSubmatch(serverInfo.SystemInfo.ServerVersion)[0] - - keycloakServerInfoVersion, err = version.NewVersion(semver) - if err != nil { - return false, fmt.Errorf("/serverInfo endpoint retuned an unreadable version, server Keycloak version could not be determined: %s", err) - } - } - return keycloakServerInfoVersion.GreaterThanOrEqual(keycloakMajorVersion), nil -} - -func getKeycloakVersion600() *version.Version { - v, _ := version.NewVersion("6.0.0") - return v -} - -func getKeycloakVersion700() *version.Version { - v, _ := version.NewVersion("7.0.0") - return v -} - -func getKeycloakVersion800() *version.Version { - v, _ := version.NewVersion("8.0.0") - return v -} - -func getKeycloakVersion900() *version.Version { - v, _ := version.NewVersion("9.0.0") - return v -} - -func getKeycloakVersion1000() *version.Version { - v, _ := version.NewVersion("10.0.0") - return v -} From 577c20b14f39c4f7f39ffc9de9dfa4c3d60f341c Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Tue, 1 Dec 2020 11:17:48 -0600 Subject: [PATCH 03/15] update to go 1.15 (#445) --- .circleci/config.yml | 6 +++--- README.md | 2 +- go.mod | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 94d6809b..6765d105 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -12,7 +12,7 @@ workflows: defaults: go_image: &go_image - - image: circleci/golang:1.13.5 + - image: circleci/golang:1.15.5 jobs: test: @@ -22,7 +22,7 @@ jobs: docker: - <<: *go_image - image: jboss/keycloak:<< parameters.keycloak-version >> - command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.upload_scripts=enabled"] + command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.upload_scripts=enabled", "-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled", "-Dkeycloak.profile.feature.token_exchange=enabled"] environment: DB_VENDOR: H2 KEYCLOAK_LOGLEVEL: DEBUG @@ -74,4 +74,4 @@ jobs: TEST_RESULTS: /tmp/test-results CHECKPOINT_DISABLE: "1" TF_ACC_TERRAFORM_PATH: "/usr/local/bin/terraform" - TF_VERSION: "0.13.0" + TF_VERSION: "0.13.5" diff --git a/README.md b/README.md index b1ca78d0..4f8b4d2d 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ build you can use the `linux_amd64` build as long as `libc6-compat` is installed ## Development -This project requires Go 1.13 and Terraform 0.13. +This project requires Go 1.15 and Terraform 0.13. This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependency management, which allows this project to exist outside of an existing GOPATH. After cloning the repository, you can build the project by running `make build`. diff --git a/go.mod b/go.mod index f7068927..2f70de9d 100644 --- a/go.mod +++ b/go.mod @@ -7,4 +7,4 @@ require ( golang.org/x/net v0.0.0-20200707034311-ab3426394381 ) -go 1.13 +go 1.15 From 68ff664bf1de4c0a4fc157be6eb1653030d398eb Mon Sep 17 00:00:00 2001 From: pths <59472062+pths@users.noreply.github.com> Date: Thu, 3 Dec 2020 18:00:43 +0100 Subject: [PATCH 04/15] fix inconsistent plan when enabling service account (#437) --- provider/resource_keycloak_openid_client.go | 5 + ...openid_client_service_account_role_test.go | 105 ++++++++++++++++-- 2 files changed, 100 insertions(+), 10 deletions(-) diff --git a/provider/resource_keycloak_openid_client.go b/provider/resource_keycloak_openid_client.go index d62d6282..6cfbefd9 100644 --- a/provider/resource_keycloak_openid_client.go +++ b/provider/resource_keycloak_openid_client.go @@ -1,10 +1,12 @@ package provider import ( + "context" "errors" "fmt" "strings" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mrparkers/terraform-provider-keycloak/keycloak" @@ -205,6 +207,9 @@ func resourceKeycloakOpenidClient() *schema.Resource { Optional: true, }, }, + CustomizeDiff: customdiff.ComputedIf("service_account_user_id", func(ctx context.Context, d *schema.ResourceDiff, meta interface{}) bool { + return d.HasChange("service_accounts_enabled") + }), } } diff --git a/provider/resource_keycloak_openid_client_service_account_role_test.go b/provider/resource_keycloak_openid_client_service_account_role_test.go index 1f3a5c55..77e7e4a7 100644 --- a/provider/resource_keycloak_openid_client_service_account_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_role_test.go @@ -93,6 +93,28 @@ func TestAccKeycloakOpenidClientServiceAccountRole_basicUpdateRealm(t *testing.T }) } +func TestAccKeycloakOpenidClientServiceAccountRole_enableAfterCreate(t *testing.T) { + realmName := "terraform-" + acctest.RandString(10) + bearerClientId := "terraform-" + acctest.RandString(10) + consumerClientId := "terraform-" + acctest.RandString(10) + resourceName := "keycloak_openid_client_service_account_role.consumer_service_account_role" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(realmName, bearerClientId, consumerClientId), + }, + { + Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(realmName, bearerClientId, consumerClientId), + Check: testAccCheckKeycloakOpenidClientServiceAccountRoleExists(resourceName), + }, + }, + }) +} + func testAccCheckKeycloakOpenidClientServiceAccountRoleExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { _, err := getKeycloakOpenidClientServiceAccountRoleFromState(s, resourceName) @@ -184,27 +206,90 @@ func getKeycloakOpenidClientServiceAccountRoleImportId(resourceName string) reso func testKeycloakOpenidClientServiceAccountRole_basic(realm, clientId string) string { return fmt.Sprintf(` -resource keycloak_realm test { +resource "keycloak_realm" "test" { realm = "%s" } -resource keycloak_openid_client test { +resource "keycloak_openid_client" "test" { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = keycloak_realm.test.id access_type = "CONFIDENTIAL" service_accounts_enabled = true } -data keycloak_openid_client broker { - realm_id = "${keycloak_realm.test.id}" +data "keycloak_openid_client" "broker" { + realm_id = keycloak_realm.test.id client_id = "broker" } -resource keycloak_openid_client_service_account_role test { - service_account_user_id = "${keycloak_openid_client.test.service_account_user_id}" - realm_id = "${keycloak_realm.test.id}" - client_id = "${data.keycloak_openid_client.broker.id}" - role = "read-token" +resource "keycloak_openid_client_service_account_role" "test" { + realm_id = keycloak_realm.test.id + client_id = data.keycloak_openid_client.broker.id + service_account_user_id = keycloak_openid_client.test.service_account_user_id + role = "read-token" } `, realm, clientId) } + +func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(realm, bearerClientId, consumerClientId string) string { + return fmt.Sprintf(` +resource "keycloak_realm" "test" { + realm = "%s" +} + +resource "keycloak_openid_client" "bearer" { + client_id = "%s" + realm_id = keycloak_realm.test.id + access_type = "BEARER-ONLY" +} + +resource "keycloak_role" "bearer_role" { + realm_id = keycloak_realm.test.id + client_id = keycloak_openid_client.bearer.id + name = "bearer-role" +} + +resource "keycloak_openid_client" "consumer" { + realm_id = keycloak_realm.test.id + client_id = "%s" + + access_type = "CONFIDENTIAL" + service_accounts_enabled = false +} + `, realm, bearerClientId, consumerClientId) +} + +func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(realm, bearerClientId, consumerClientId string) string { + return fmt.Sprintf(` +resource "keycloak_realm" "test" { + realm = "%s" +} + +resource "keycloak_openid_client" "bearer" { + client_id = "%s" + realm_id = keycloak_realm.test.id + access_type = "BEARER-ONLY" +} + +resource "keycloak_role" "bearer_role" { + realm_id = keycloak_realm.test.id + client_id = keycloak_openid_client.bearer.id + name = "bearer-role" +} + +resource "keycloak_openid_client" "consumer" { + realm_id = keycloak_realm.test.id + client_id = "%s" + + access_type = "CONFIDENTIAL" + service_accounts_enabled = true +} + +resource "keycloak_openid_client_service_account_role" "consumer_service_account_role" { + realm_id = keycloak_realm.test.id + service_account_user_id = keycloak_openid_client.consumer.service_account_user_id + client_id = keycloak_openid_client.bearer.id + role = keycloak_role.bearer_role.name +} + `, realm, bearerClientId, consumerClientId) +} From 8446cade0efff9127b6d342df0328400d66b772a Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 9 Dec 2020 22:16:54 +0200 Subject: [PATCH 05/15] fix import of service account realm role mapping (#441) --- ...penid_client_service_account_realm_role.go | 23 +++++++++++++++---- ..._client_service_account_realm_role_test.go | 20 +++++++++++++++- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/provider/resource_keycloak_openid_client_service_account_realm_role.go b/provider/resource_keycloak_openid_client_service_account_realm_role.go index e20204ce..7f8a16e7 100644 --- a/provider/resource_keycloak_openid_client_service_account_realm_role.go +++ b/provider/resource_keycloak_openid_client_service_account_realm_role.go @@ -112,14 +112,27 @@ func resourceKeycloakOpenidClientServiceAccountRealmRoleDelete(data *schema.Reso return nil } -func resourceKeycloakOpenidClientServiceAccountRealmRoleImport(d *schema.ResourceData, _ interface{}) ([]*schema.ResourceData, error) { +func resourceKeycloakOpenidClientServiceAccountRealmRoleImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + keycloakClient := meta.(*keycloak.KeycloakClient) + parts := strings.Split(d.Id(), "/") - if len(parts) != 2 { + if len(parts) != 3 { return nil, fmt.Errorf("Invalid import. Supported import formats: {{realmId}}/{{serviceAccountUserId}}/{{roleId}}") } - d.Set("realm_id", parts[0]) - d.Set("service_account_user_id", parts[1]) - d.SetId(fmt.Sprintf("%s/%s", parts[1], parts[2])) + + realmId := parts[0] + serviceAccountUserId := parts[1] + roleId := parts[2] + + role, err := keycloakClient.GetRole(realmId, roleId) + if err != nil { + return nil, err + } + + d.Set("realm_id", realmId) + d.Set("service_account_user_id", serviceAccountUserId) + d.Set("role", role.Name) + d.SetId(fmt.Sprintf("%s/%s", serviceAccountUserId, roleId)) return []*schema.ResourceData{d}, nil } diff --git a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go index 9ed8c536..34e4a4da 100644 --- a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go @@ -13,6 +13,7 @@ import ( func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) + resourceName := "keycloak_openid_client_service_account_realm_role.test" resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -21,7 +22,13 @@ func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(realmName, clientId), - Check: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists("keycloak_openid_client_service_account_realm_role.test"), + Check: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists(resourceName), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: getKeycloakOpenidClientServiceAccountRealmRoleImportId(resourceName), }, }, }) @@ -155,6 +162,17 @@ func getKeycloakOpenidClientServiceAccountRealmRoleFromState(s *terraform.State, return serviceAccountRole, nil } +func getKeycloakOpenidClientServiceAccountRealmRoleImportId(resourceName string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + serviceAccountRole, err := getKeycloakOpenidClientServiceAccountRealmRoleFromState(s, resourceName) + if err != nil { + return "", err + } + + return fmt.Sprintf("%s/%s/%s", serviceAccountRole.RealmId, serviceAccountRole.ServiceAccountUserId, serviceAccountRole.Id), nil + } +} + func testKeycloakOpenidClientServiceAccountRealmRole_basic(realm, clientId string) string { return fmt.Sprintf(` resource keycloak_realm test { From a92a51f981683c2baf1c4cf3176280e6d20b6b90 Mon Sep 17 00:00:00 2001 From: Vahe Sahakyan Date: Wed, 9 Dec 2020 21:18:31 +0100 Subject: [PATCH 06/15] fix: remove keycloak_realm validation dependency of RegistrationEmailAsUsername from RegistrationAllowed (#438) --- keycloak/realm.go | 4 ---- provider/resource_keycloak_realm_test.go | 15 --------------- 2 files changed, 19 deletions(-) diff --git a/keycloak/realm.go b/keycloak/realm.go index f13d7f1c..52658b30 100644 --- a/keycloak/realm.go +++ b/keycloak/realm.go @@ -199,10 +199,6 @@ func (keycloakClient *KeycloakClient) DeleteRealm(name string) error { } func (keycloakClient *KeycloakClient) ValidateRealm(realm *Realm) error { - if realm.RegistrationAllowed == false && realm.RegistrationEmailAsUsername == true { - return fmt.Errorf("validation error: RegistrationEmailAsUsername cannot be true if RegistrationAllowed is false") - } - if realm.DuplicateEmailsAllowed == true && realm.RegistrationEmailAsUsername == true { return fmt.Errorf("validation error: DuplicateEmailsAllowed cannot be true if RegistrationEmailAsUsername is true") } diff --git a/provider/resource_keycloak_realm_test.go b/provider/resource_keycloak_realm_test.go index 23145372..3a8d5339 100644 --- a/provider/resource_keycloak_realm_test.go +++ b/provider/resource_keycloak_realm_test.go @@ -332,10 +332,6 @@ func TestAccKeycloakRealm_loginConfigValidation(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, CheckDestroy: testAccCheckKeycloakRealmDestroy(), Steps: []resource.TestStep{ - { - Config: testKeycloakRealm_invalidRegistrationEmailAsUsernameWithoutRegistrationAllowed(realmName), - ExpectError: regexp.MustCompile("validation error: RegistrationEmailAsUsername cannot be true if RegistrationAllowed is false"), - }, { Config: testKeycloakRealm_invalidRegistrationEmailAsUsernameAndDuplicateEmailsAllowed(realmName), ExpectError: regexp.MustCompile("validation error: DuplicateEmailsAllowed cannot be true if RegistrationEmailAsUsername is true"), @@ -1227,17 +1223,6 @@ resource "keycloak_realm" "realm" { `, realm.Realm, realm.RegistrationAllowed, realm.RegistrationEmailAsUsername, realm.EditUsernameAllowed, realm.ResetPasswordAllowed, realm.RememberMe, realm.VerifyEmail, realm.LoginWithEmailAllowed, realm.DuplicateEmailsAllowed, realm.SslRequired) } -func testKeycloakRealm_invalidRegistrationEmailAsUsernameWithoutRegistrationAllowed(realm string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" - - registration_allowed = false - registration_email_as_username = true -} - `, realm) -} - func testKeycloakRealm_invalidRegistrationEmailAsUsernameAndDuplicateEmailsAllowed(realm string) string { return fmt.Sprintf(` resource "keycloak_realm" "realm" { From 15ab38b5796d89aedfe5b9c296917674c2b6a7bf Mon Sep 17 00:00:00 2001 From: Adrien Date: Thu, 10 Dec 2020 16:23:13 +0100 Subject: [PATCH 07/15] feat: add groups path to LDAP group mapper (#436) --- .../resources/keycloak_ldap_group_mapper.md | 1 + docs/resources/ldap_group_mapper.md | 1 + keycloak/ldap_group_mapper.go | 6 ++ .../resource_keycloak_ldap_group_mapper.go | 31 ++++++-- ...esource_keycloak_ldap_group_mapper_test.go | 77 +++++++++++++++++++ 5 files changed, 108 insertions(+), 8 deletions(-) diff --git a/docs-old/resources/keycloak_ldap_group_mapper.md b/docs-old/resources/keycloak_ldap_group_mapper.md index 1b3efb4f..7e225cdb 100644 --- a/docs-old/resources/keycloak_ldap_group_mapper.md +++ b/docs-old/resources/keycloak_ldap_group_mapper.md @@ -70,6 +70,7 @@ The following arguments are supported: - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. +- `groups_path` - (Optional) Keycloak group path the LDAP groups are added to. For example if value '/Applications/App1' is used, then LDAP groups will be available in Keycloak under group 'App1', which is child of top level group 'Applications'. The configured group path must already exists in the Keycloak when creating this mapper. The default value is '/' so LDAP groups will be mapped to the Keycloak groups at the top level. ### Import diff --git a/docs/resources/ldap_group_mapper.md b/docs/resources/ldap_group_mapper.md index 4393d122..a4aad069 100644 --- a/docs/resources/ldap_group_mapper.md +++ b/docs/resources/ldap_group_mapper.md @@ -71,6 +71,7 @@ resource "keycloak_ldap_group_mapper" "ldap_group_mapper" { - `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`. +- `groups_path` - (Optional) Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper. ## Import diff --git a/keycloak/ldap_group_mapper.go b/keycloak/ldap_group_mapper.go index cc7d460d..1495085a 100644 --- a/keycloak/ldap_group_mapper.go +++ b/keycloak/ldap_group_mapper.go @@ -27,6 +27,8 @@ type LdapGroupMapper struct { MappedGroupAttributes []string DropNonExistingGroupsDuringSync bool + + GroupsPath string } func convertFromLdapGroupMapperToComponent(ldapGroupMapper *LdapGroupMapper) *component { @@ -67,6 +69,9 @@ func convertFromLdapGroupMapperToComponent(ldapGroupMapper *LdapGroupMapper) *co "drop.non.existing.groups.during.sync": { strconv.FormatBool(ldapGroupMapper.DropNonExistingGroupsDuringSync), }, + "groups.path": { + ldapGroupMapper.GroupsPath, + }, } if ldapGroupMapper.GroupsLdapFilter != "" { @@ -126,6 +131,7 @@ func convertFromComponentToLdapGroupMapper(component *component, realmId string) UserRolesRetrieveStrategy: component.getConfig("user.roles.retrieve.strategy"), MemberofLdapAttribute: component.getConfig("memberof.ldap.attribute"), DropNonExistingGroupsDuringSync: dropNonExistingGroupsDuringSync, + GroupsPath: component.getConfig("groups.path"), } if groupsLdapFilter := component.getConfig("groups.ldap.filter"); groupsLdapFilter != "" { diff --git a/provider/resource_keycloak_ldap_group_mapper.go b/provider/resource_keycloak_ldap_group_mapper.go index 6376f04e..773ec0a1 100644 --- a/provider/resource_keycloak_ldap_group_mapper.go +++ b/provider/resource_keycloak_ldap_group_mapper.go @@ -111,11 +111,16 @@ func resourceKeycloakLdapGroupMapper() *schema.Resource { Optional: true, Default: false, }, + "groups_path": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } -func getLdapGroupMapperFromData(data *schema.ResourceData) *keycloak.LdapGroupMapper { +func getLdapGroupMapperFromData(keycloakClient *keycloak.KeycloakClient, data *schema.ResourceData) *keycloak.LdapGroupMapper { var groupObjectClasses []string for _, groupObjectClass := range data.Get("group_object_classes").([]interface{}) { @@ -128,7 +133,7 @@ func getLdapGroupMapperFromData(data *schema.ResourceData) *keycloak.LdapGroupMa mappedGroupAttributes = append(mappedGroupAttributes, mappedGroupAttribute.(string)) } - return &keycloak.LdapGroupMapper{ + mapper := &keycloak.LdapGroupMapper{ Id: data.Id(), Name: data.Get("name").(string), RealmId: data.Get("realm_id").(string), @@ -149,9 +154,15 @@ func getLdapGroupMapperFromData(data *schema.ResourceData) *keycloak.LdapGroupMa MappedGroupAttributes: mappedGroupAttributes, DropNonExistingGroupsDuringSync: data.Get("drop_non_existing_groups_during_sync").(bool), } + + if groupsPath, ok := data.GetOk("groups_path"); ok && keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_11) { + mapper.GroupsPath = groupsPath.(string) + } + + return mapper } -func setLdapGroupMapperData(data *schema.ResourceData, ldapGroupMapper *keycloak.LdapGroupMapper) { +func setLdapGroupMapperData(keycloakClient *keycloak.KeycloakClient, data *schema.ResourceData, ldapGroupMapper *keycloak.LdapGroupMapper) { data.SetId(ldapGroupMapper.Id) data.Set("name", ldapGroupMapper.Name) @@ -172,12 +183,16 @@ func setLdapGroupMapperData(data *schema.ResourceData, ldapGroupMapper *keycloak data.Set("memberof_ldap_attribute", ldapGroupMapper.MemberofLdapAttribute) data.Set("mapped_group_attributes", ldapGroupMapper.MappedGroupAttributes) data.Set("drop_non_existing_groups_during_sync", ldapGroupMapper.DropNonExistingGroupsDuringSync) + + if ldapGroupMapper.GroupsPath != "" && keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_11) { + data.Set("groups_path", ldapGroupMapper.GroupsPath) + } } func resourceKeycloakLdapGroupMapperCreate(data *schema.ResourceData, meta interface{}) error { keycloakClient := meta.(*keycloak.KeycloakClient) - ldapGroupMapper := getLdapGroupMapperFromData(data) + ldapGroupMapper := getLdapGroupMapperFromData(keycloakClient, data) err := keycloakClient.ValidateLdapGroupMapper(ldapGroupMapper) if err != nil { @@ -189,7 +204,7 @@ func resourceKeycloakLdapGroupMapperCreate(data *schema.ResourceData, meta inter return err } - setLdapGroupMapperData(data, ldapGroupMapper) + setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper) return resourceKeycloakLdapGroupMapperRead(data, meta) } @@ -205,7 +220,7 @@ func resourceKeycloakLdapGroupMapperRead(data *schema.ResourceData, meta interfa return handleNotFoundError(err, data) } - setLdapGroupMapperData(data, ldapGroupMapper) + setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper) return nil } @@ -213,7 +228,7 @@ func resourceKeycloakLdapGroupMapperRead(data *schema.ResourceData, meta interfa func resourceKeycloakLdapGroupMapperUpdate(data *schema.ResourceData, meta interface{}) error { keycloakClient := meta.(*keycloak.KeycloakClient) - ldapGroupMapper := getLdapGroupMapperFromData(data) + ldapGroupMapper := getLdapGroupMapperFromData(keycloakClient, data) err := keycloakClient.ValidateLdapGroupMapper(ldapGroupMapper) if err != nil { @@ -225,7 +240,7 @@ func resourceKeycloakLdapGroupMapperUpdate(data *schema.ResourceData, meta inter return err } - setLdapGroupMapperData(data, ldapGroupMapper) + setLdapGroupMapperData(keycloakClient, data, ldapGroupMapper) return nil } diff --git a/provider/resource_keycloak_ldap_group_mapper_test.go b/provider/resource_keycloak_ldap_group_mapper_test.go index 1375cde9..f198854b 100644 --- a/provider/resource_keycloak_ldap_group_mapper_test.go +++ b/provider/resource_keycloak_ldap_group_mapper_test.go @@ -252,6 +252,30 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationInPlace(t *testing.T }) } +func TestAccKeycloakLdapGroupMapper_groupsPath(t *testing.T) { + keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + + if !keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_11) { + t.Skip() + } + + realmName := "terraform-" + acctest.RandString(10) + groupName := "terraform-" + acctest.RandString(10) + groupMapperName := "terraform-" + acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakLdapGroupMapper_groupsPath(realmName, groupName, groupMapperName), + Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), + }, + }, + }) +} + func testAccCheckKeycloakLdapGroupMapperExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { _, err := getLdapGroupMapperFromState(s, resourceName) @@ -401,6 +425,7 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { membership_ldap_attribute = "member" membership_user_ldap_attribute = "cn" memberof_ldap_attribute = "memberOf" + groups_path = "/" } `, realm, groupMapperName, attr, val) } @@ -446,6 +471,7 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { membership_ldap_attribute = "member" membership_user_ldap_attribute = "cn" memberof_ldap_attribute = "memberOf" + groups_path = "/" } `, realm, groupMapperName) } @@ -560,6 +586,7 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { membership_ldap_attribute = "member" membership_user_ldap_attribute = "cn" memberof_ldap_attribute = "memberOf" + groups_path = "/" } `, realmOne, realmTwo, groupMapperName) } @@ -629,3 +656,53 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { } `, realmOne, realmTwo, groupMapperName) } + +func testKeycloakLdapGroupMapper_groupsPath(realm, groupName, groupMapperName string) string { + return fmt.Sprintf(` +resource "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_group" "group" { + realm_id = keycloak_realm.realm.id + name = "%s" +} + +resource "keycloak_ldap_user_federation" "openldap" { + name = "openldap" + realm_id = keycloak_realm.realm.id + + enabled = true + + username_ldap_attribute = "cn" + rdn_ldap_attribute = "cn" + uuid_ldap_attribute = "entryDN" + user_object_classes = [ + "simpleSecurityObject", + "organizationalRole" + ] + connection_url = "ldap://openldap" + users_dn = "dc=example,dc=org" + bind_dn = "cn=admin,dc=example,dc=org" + bind_credential = "admin" +} + +resource "keycloak_ldap_group_mapper" "group_mapper" { + name = "%s" + realm_id = keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id + + ldap_groups_dn = "dc=example,dc=org" + group_name_ldap_attribute = "cn" + group_object_classes = [ + "groupOfNames" + ] + membership_attribute_type = "DN" + membership_ldap_attribute = "member" + membership_user_ldap_attribute = "cn" + memberof_ldap_attribute = "memberOf" + + groups_path = keycloak_group.group.path +} + `, realm, groupName, groupMapperName) +} From 92e2bf22d154b59dc94ee9b9b11b4ba75523e83f Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sun, 10 Jan 2021 00:53:44 -0600 Subject: [PATCH 08/15] standardize attributes for keycloak_openid_client_permissions, run unit tests in parallel (#452) --- .circleci/config.yml | 4 +- README.md | 4 +- docker-compose.yml | 2 +- keycloak/keycloak_client.go | 76 ++- keycloak/keycloak_client_test.go | 7 + keycloak/version.go | 1 + main.go | 2 +- makefile | 2 +- ..._keycloak_authentication_execution_test.go | 70 ++- provider/data_source_keycloak_group_test.go | 58 +- ...openid_client_authorization_policy_test.go | 58 +- ...openid_client_service_account_user_test.go | 56 +- ...data_source_keycloak_openid_client_test.go | 62 +- .../data_source_keycloak_realm_keys_test.go | 35 +- provider/data_source_keycloak_realm_test.go | 2 +- provider/data_source_keycloak_role_test.go | 43 +- ..._saml_client_installation_provider_test.go | 18 +- provider/data_source_keycloak_user_test.go | 25 +- ...generic_protocol_mapper_validation_test.go | 568 ++++++++---------- provider/permissions.go | 89 +++ provider/provider.go | 7 +- provider/provider_password_grant_test.go | 5 +- provider/provider_test.go | 47 +- ..._importer_identity_provider_mapper_test.go | 99 +-- ...e_to_role_identity_provider_mapper_test.go | 100 +-- ...ak_authentication_execution_config_test.go | 137 ++--- ..._keycloak_authentication_execution_test.go | 54 +- ...ource_keycloak_authentication_flow_test.go | 63 +- ...ce_keycloak_authentication_subflow_test.go | 64 +- ...ce_keycloak_custom_user_federation_test.go | 50 +- .../resource_keycloak_default_groups_test.go | 16 +- ...oak_generic_client_protocol_mapper_test.go | 125 ++-- ...eycloak_generic_client_role_mapper_test.go | 247 ++++---- ...esource_keycloak_group_memberships_test.go | 199 +++--- .../resource_keycloak_group_roles_test.go | 131 ++-- provider/resource_keycloak_group_test.go | 132 ++-- ...attribute_identity_provider_mapper_test.go | 99 +-- ...oded_role_identity_provider_mapper_test.go | 103 ++-- ...er_token_exchange_scope_permission_test.go | 211 +++---- ...rce_keycloak_ldap_full_name_mapper_test.go | 161 +++-- ...esource_keycloak_ldap_group_mapper_test.go | 154 ++--- ...ycloak_ldap_hardcoded_group_mapper_test.go | 38 +- ...eycloak_ldap_hardcoded_role_mapper_test.go | 32 +- ...ad_lds_user_account_control_mapper_test.go | 80 +-- ...p_msad_user_account_control_mapper_test.go | 71 ++- ...resource_keycloak_ldap_role_mapper_test.go | 123 ++-- ...eycloak_ldap_user_attribute_mapper_test.go | 81 ++- ...urce_keycloak_ldap_user_federation_test.go | 172 +++--- ...loak_oidc_google_identity_provider_test.go | 71 +-- ...ce_keycloak_oidc_identity_provider_test.go | 123 +--- ...ak_openid_audience_protocol_mapper_test.go | 127 ++-- ...ent_authorization_aggregate_policy_test.go | 80 ++- ...client_authorization_client_policy_test.go | 51 +- ..._client_authorization_group_policy_test.go | 64 +- ...nid_client_authorization_js_policy_test.go | 52 +- ...id_client_authorization_permission_test.go | 91 +-- ...enid_client_authorization_resource_test.go | 77 +-- ...d_client_authorization_role_policy_test.go | 81 ++- ..._openid_client_authorization_scope_test.go | 75 +-- ...d_client_authorization_time_policy_test.go | 18 +- ...d_client_authorization_user_policy_test.go | 20 +- ...cloak_openid_client_default_scopes_test.go | 150 +++-- ...loak_openid_client_optional_scopes_test.go | 182 +++--- ...urce_keycloak_openid_client_permissions.go | 257 +++----- ...keycloak_openid_client_permissions_test.go | 164 +++-- ...ource_keycloak_openid_client_scope_test.go | 103 ++-- ..._client_service_account_realm_role_test.go | 62 +- ...openid_client_service_account_role_test.go | 96 +-- .../resource_keycloak_openid_client_test.go | 306 +++++----- ...k_openid_full_name_protocol_mapper_test.go | 109 ++-- ...d_group_membership_protocol_mapper_test.go | 109 ++-- ...id_hardcoded_claim_protocol_mapper_test.go | 105 ++-- ...nid_hardcoded_role_protocol_mapper_test.go | 114 ++-- ...nid_user_attribute_protocol_mapper_test.go | 122 ++-- ...d_user_client_role_protocol_mapper_test.go | 207 ++++--- ...enid_user_property_protocol_mapper_test.go | 103 ++-- ...id_user_realm_role_protocol_mapper_test.go | 105 ++-- ..._user_session_note_protocol_mapper_test.go | 121 ++-- .../resource_keycloak_realm_events_test.go | 49 +- provider/resource_keycloak_realm_test.go | 6 - .../resource_keycloak_required_action_test.go | 3 - provider/resource_keycloak_role_test.go | 142 +++-- ...eycloak_saml_client_default_scopes_test.go | 152 +++-- ...esource_keycloak_saml_client_scope_test.go | 87 ++- .../resource_keycloak_saml_client_test.go | 124 ++-- ...ce_keycloak_saml_identity_provider_test.go | 6 - ...aml_user_attribute_protocol_mapper_test.go | 90 +-- ...saml_user_property_protocol_mapper_test.go | 96 +-- provider/resource_keycloak_user_roles_test.go | 111 ++-- ..._importer_identity_provider_mapper_test.go | 90 +-- provider/resource_keycloak_user_test.go | 140 ++--- .../resource_keycloak_users_permissions.go | 174 ++---- ...esource_keycloak_users_permissions_test.go | 15 +- 93 files changed, 3831 insertions(+), 4782 deletions(-) create mode 100644 provider/permissions.go diff --git a/.circleci/config.yml b/.circleci/config.yml index 6765d105..391042e0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,9 +6,9 @@ workflows: matrix: parameters: keycloak-version: + - '12.0.1' - '11.0.3' - '10.0.2' - - '9.0.3' defaults: go_image: &go_image @@ -25,7 +25,7 @@ jobs: command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.upload_scripts=enabled", "-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled", "-Dkeycloak.profile.feature.token_exchange=enabled"] environment: DB_VENDOR: H2 - KEYCLOAK_LOGLEVEL: DEBUG + KEYCLOAK_LOGLEVEL: INFO KEYCLOAK_USER: keycloak KEYCLOAK_PASSWORD: password diff --git a/README.md b/README.md index 4f8b4d2d..969201e5 100644 --- a/README.md +++ b/README.md @@ -37,9 +37,9 @@ This provider will officially support the latest three major versions of Keycloa The following versions are used when running acceptance tests in CI: -- 11.0.1 (latest) +- 12.0.1 (latest) +- 11.0.3 - 10.0.2 -- 9.0.3 ## Releases diff --git a/docker-compose.yml b/docker-compose.yml index e2103f2a..096ccfea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,7 @@ services: ports: - 8389:389 keycloak: - image: jboss/keycloak:11.0.3 + image: jboss/keycloak:12.0.1 command: -b 0.0.0.0 -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled depends_on: - postgres diff --git a/keycloak/keycloak_client.go b/keycloak/keycloak_client.go index 6a102dc1..d48a91e7 100644 --- a/keycloak/keycloak_client.go +++ b/keycloak/keycloak_client.go @@ -7,14 +7,13 @@ import ( "encoding/json" "fmt" "github.com/hashicorp/go-version" - "io" "io/ioutil" "log" "net/http" "net/http/cookiejar" - "net/http/httputil" "net/url" "strings" + "sync" "time" "golang.org/x/net/publicsuffix" @@ -28,6 +27,7 @@ type KeycloakClient struct { initialLogin bool userAgent string version *version.Version + mu sync.Mutex } type ClientCredentials struct { @@ -95,6 +95,7 @@ func NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, p initialLogin: initialLogin, realm: realm, userAgent: userAgent, + mu: sync.Mutex{}, } if keycloakClient.initialLogin { @@ -108,6 +109,9 @@ func NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, p } func (keycloakClient *KeycloakClient) login() error { + keycloakClient.mu.Lock() + defer keycloakClient.mu.Unlock() + accessTokenUrl := fmt.Sprintf(tokenUrl, keycloakClient.baseUrl, keycloakClient.realm) accessTokenData := keycloakClient.getAuthenticationFormData() @@ -164,6 +168,9 @@ func (keycloakClient *KeycloakClient) login() error { } func (keycloakClient *KeycloakClient) refresh() error { + keycloakClient.mu.Lock() + defer keycloakClient.mu.Unlock() + refreshTokenUrl := fmt.Sprintf(tokenUrl, keycloakClient.baseUrl, keycloakClient.realm) refreshTokenData := keycloakClient.getAuthenticationFormData() @@ -250,7 +257,7 @@ func (keycloakClient *KeycloakClient) addRequestHeaders(request *http.Request) { /** Sends an HTTP request and refreshes credentials on 403 or 401 errors */ -func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte, string, error) { +func (keycloakClient *KeycloakClient) sendRequest(request *http.Request, body []byte) ([]byte, string, error) { if !keycloakClient.initialLogin { keycloakClient.initialLogin = true err := keycloakClient.login() @@ -258,35 +265,21 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte return nil, "", fmt.Errorf("error logging in: %s", err) } } + requestMethod := request.Method requestPath := request.URL.Path log.Printf("[DEBUG] Sending %s to %s", requestMethod, requestPath) - showBody := false - if request.Body != nil { - showBody = true - requestBody, err := request.GetBody() - if err != nil { - return nil, "", err - } - - requestBodyBuffer := new(bytes.Buffer) - requestBodyBuffer.ReadFrom(requestBody) - - log.Printf("[DEBUG] Request body: %s", requestBodyBuffer.String()) + if body != nil { + request.Body = ioutil.NopCloser(bytes.NewReader(body)) + log.Printf("[DEBUG] Request body: %s", string(body)) } keycloakClient.addRequestHeaders(request) - dump, err := httputil.DumpRequest(request, showBody) - if err != nil { - return nil, "", err - } - log.Printf("[DEBUG] %s", dump) - response, err := keycloakClient.httpClient.Do(request) if err != nil { - return nil, "", err + return nil, "", fmt.Errorf("error sending request: %v", err) } // Unauthorized: Token could have expired @@ -301,9 +294,12 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte keycloakClient.addRequestHeaders(request) + if body != nil { + request.Body = ioutil.NopCloser(bytes.NewReader(body)) + } response, err = keycloakClient.httpClient.Do(request) if err != nil { - return nil, "", err + return nil, "", fmt.Errorf("error sending request after refresh: %v", err) } } @@ -311,20 +307,20 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte defer response.Body.Close() - body, err := ioutil.ReadAll(response.Body) + responseBody, err := ioutil.ReadAll(response.Body) if err != nil { return nil, "", err } - if len(body) != 0 { - log.Printf("[DEBUG] Response body: %s", body) + if len(responseBody) != 0 && request.URL.Path != "/auth/admin/serverinfo" { + log.Printf("[DEBUG] Response body: %s", responseBody) } if response.StatusCode >= 400 { errorMessage := fmt.Sprintf("error sending %s request to %s: %s.", request.Method, request.URL.Path, response.Status) - if len(body) != 0 { - errorMessage = fmt.Sprintf("%s Response body: %s", errorMessage, body) + if len(responseBody) != 0 { + errorMessage = fmt.Sprintf("%s Response body: %s", errorMessage, responseBody) } return nil, "", &ApiError{ @@ -333,7 +329,7 @@ func (keycloakClient *KeycloakClient) sendRequest(request *http.Request) ([]byte } } - return body, response.Header.Get("Location"), nil + return responseBody, response.Header.Get("Location"), nil } func (keycloakClient *KeycloakClient) get(path string, resource interface{}, params map[string]string) error { @@ -360,7 +356,7 @@ func (keycloakClient *KeycloakClient) getRaw(path string, params map[string]stri request.URL.RawQuery = query.Encode() } - body, _, err := keycloakClient.sendRequest(request) + body, _, err := keycloakClient.sendRequest(request, nil) return body, err } @@ -372,12 +368,12 @@ func (keycloakClient *KeycloakClient) post(path string, requestBody interface{}) return nil, "", err } - request, err := http.NewRequest(http.MethodPost, resourceUrl, bytes.NewReader(payload)) + request, err := http.NewRequest(http.MethodPost, resourceUrl, nil) if err != nil { return nil, "", err } - body, location, err := keycloakClient.sendRequest(request) + body, location, err := keycloakClient.sendRequest(request, payload) return body, location, err } @@ -390,12 +386,12 @@ func (keycloakClient *KeycloakClient) put(path string, requestBody interface{}) return err } - request, err := http.NewRequest(http.MethodPut, resourceUrl, bytes.NewReader(payload)) + request, err := http.NewRequest(http.MethodPut, resourceUrl, nil) if err != nil { return err } - _, _, err = keycloakClient.sendRequest(request) + _, _, err = keycloakClient.sendRequest(request, payload) return err } @@ -403,22 +399,24 @@ func (keycloakClient *KeycloakClient) put(path string, requestBody interface{}) func (keycloakClient *KeycloakClient) delete(path string, requestBody interface{}) error { resourceUrl := keycloakClient.baseUrl + apiUrl + path - var body io.Reader + var ( + payload []byte + err error + ) if requestBody != nil { - payload, err := json.Marshal(requestBody) + payload, err = json.Marshal(requestBody) if err != nil { return err } - body = bytes.NewReader(payload) } - request, err := http.NewRequest(http.MethodDelete, resourceUrl, body) + request, err := http.NewRequest(http.MethodDelete, resourceUrl, nil) if err != nil { return err } - _, _, err = keycloakClient.sendRequest(request) + _, _, err = keycloakClient.sendRequest(request, payload) return err } diff --git a/keycloak/keycloak_client_test.go b/keycloak/keycloak_client_test.go index f236353d..174749da 100644 --- a/keycloak/keycloak_client_test.go +++ b/keycloak/keycloak_client_test.go @@ -23,6 +23,8 @@ var requiredEnvironmentVariables = []string{ // // Any action that returns a 403 or a 401 could be used for this test // Creating a realm is just the only one I'm aware of +// +// This appears to have been fixed as of Keycloak 12.x func TestAccKeycloakApiClientRefresh(t *testing.T) { for _, requiredEnvironmentVariable := range requiredEnvironmentVariables { if value := os.Getenv(requiredEnvironmentVariable); value == "" { @@ -56,6 +58,11 @@ func TestAccKeycloakApiClientRefresh(t *testing.T) { t.Fatalf("%s", err) } + // skip test if running 12.x or greater + if keycloakClient.VersionIsGreaterThanOrEqualTo(Version_12) { + t.Skip() + } + realmName := "terraform-" + acctest.RandString(10) realm := &Realm{ Realm: realmName, diff --git a/keycloak/version.go b/keycloak/version.go index 27927864..1193018b 100644 --- a/keycloak/version.go +++ b/keycloak/version.go @@ -11,6 +11,7 @@ const ( Version_9 Version = "9.0.0" Version_10 Version = "10.0.0" Version_11 Version = "11.0.0" + Version_12 Version = "12.0.0" ) func (keycloakClient *KeycloakClient) VersionIsGreaterThanOrEqualTo(versionString Version) bool { diff --git a/main.go b/main.go index b1fb6f14..e8544827 100644 --- a/main.go +++ b/main.go @@ -9,7 +9,7 @@ import ( func main() { plugin.Serve(&plugin.ServeOpts{ ProviderFunc: func() *schema.Provider { - return provider.KeycloakProvider() + return provider.KeycloakProvider(nil) }, }) } diff --git a/makefile b/makefile index cb10718b..72cbed74 100644 --- a/makefile +++ b/makefile @@ -25,7 +25,7 @@ test: fmtcheck vet go test $(TEST) testacc: fmtcheck vet - TF_ACC=1 CHECKPOINT_DISABLE=1 go test -timeout 30m $(TEST) -v $(TESTARGS) + TF_ACC=1 CHECKPOINT_DISABLE=1 go test -v -timeout 30m -parallel 4 $(TEST) $(TESTARGS) fmtcheck: lineCount=$(shell gofmt -l -s $(GOFMT_FILES) | wc -l | tr -d ' ') && exit $$lineCount diff --git a/provider/data_source_keycloak_authentication_execution_test.go b/provider/data_source_keycloak_authentication_execution_test.go index 40598140..7077b362 100644 --- a/provider/data_source_keycloak_authentication_execution_test.go +++ b/provider/data_source_keycloak_authentication_execution_test.go @@ -8,11 +8,10 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) func TestAccKeycloakDataSourceAuthenticationExecution_basic(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() parentFlowAlias := acctest.RandString(20) resource.Test(t, resource.TestCase{ @@ -21,7 +20,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakAuthenticationExecution_basic(realm, parentFlowAlias), + Config: testDataSourceKeycloakAuthenticationExecution_basic(parentFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), resource.TestCheckResourceAttrPair("keycloak_authentication_execution.execution", "id", "data.keycloak_authentication_execution.execution", "id"), @@ -36,7 +35,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_basic(t *testing.T) { } func TestAccKeycloakDataSourceAuthenticationExecution_errorNoExecutions(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() parentFlowAlias := acctest.RandString(20) resource.Test(t, resource.TestCase{ @@ -45,7 +44,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_errorNoExecutions(t *testi CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakAuthenticationExecution_errorNoExecutions(realm, parentFlowAlias), + Config: testDataSourceKeycloakAuthenticationExecution_errorNoExecutions(parentFlowAlias), ExpectError: regexp.MustCompile("no authentication executions found for parent flow alias .*"), }, }, @@ -53,7 +52,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_errorNoExecutions(t *testi } func TestAccKeycloakDataSourceAuthenticationExecution_errorWrongProviderId(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() parentFlowAlias := acctest.RandString(20) resource.Test(t, resource.TestCase{ @@ -62,7 +61,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_errorWrongProviderId(t *te CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakAuthenticationExecution_errorWrongProviderId(realm, parentFlowAlias, acctest.RandString(10)), + Config: testDataSourceKeycloakAuthenticationExecution_errorWrongProviderId(parentFlowAlias, acctest.RandString(10)), ExpectError: regexp.MustCompile("no authentication execution under parent flow alias .* with provider id .* found"), }, }, @@ -76,8 +75,6 @@ func testAccCheckDataKeycloakAuthenticationExecution(resourceName string) resour return fmt.Errorf("resource not found: %s", resourceName) } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - id := rs.Primary.ID realmID := rs.Primary.Attributes["realm_id"] parentFlowAlias := rs.Primary.Attributes["parent_flow_alias"] @@ -96,76 +93,85 @@ func testAccCheckDataKeycloakAuthenticationExecution(resourceName string) resour } } -func testDataSourceKeycloakAuthenticationExecution_basic(realm, parentFlowAlias string) string { +func testDataSourceKeycloakAuthenticationExecution_basic(parentFlowAlias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" - enabled = true +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_execution" "execution" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id parent_flow_alias = keycloak_authentication_flow.flow.alias authenticator = "identity-provider-redirector" requirement = "REQUIRED" } data "keycloak_authentication_execution" "execution" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id parent_flow_alias = keycloak_authentication_flow.flow.alias provider_id = "identity-provider-redirector" + + depends_on = [ + keycloak_authentication_execution.execution, + ] } - `, realm, parentFlowAlias) + `, testAccRealm.Realm, parentFlowAlias) } -func testDataSourceKeycloakAuthenticationExecution_errorNoExecutions(realm, parentFlowAlias string) string { +func testDataSourceKeycloakAuthenticationExecution_errorNoExecutions(parentFlowAlias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" - enabled = true +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id alias = "%s" } data "keycloak_authentication_execution" "execution" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id parent_flow_alias = keycloak_authentication_flow.flow.alias provider_id = "foo" + + depends_on = [ + keycloak_authentication_flow.flow, + ] } - `, realm, parentFlowAlias) + `, testAccRealm.Realm, parentFlowAlias) } -func testDataSourceKeycloakAuthenticationExecution_errorWrongProviderId(realm, parentFlowAlias, providerId string) string { +func testDataSourceKeycloakAuthenticationExecution_errorWrongProviderId(parentFlowAlias, providerId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" - enabled = true +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_execution" "execution" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id parent_flow_alias = keycloak_authentication_flow.flow.alias authenticator = "identity-provider-redirector" requirement = "REQUIRED" } data "keycloak_authentication_execution" "execution" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id parent_flow_alias = keycloak_authentication_flow.flow.alias provider_id = "%s" + + depends_on = [ + keycloak_authentication_execution.execution, + ] } - `, realm, parentFlowAlias, providerId) + `, testAccRealm.Id, parentFlowAlias, providerId) } diff --git a/provider/data_source_keycloak_group_test.go b/provider/data_source_keycloak_group_test.go index cc147e35..e168c915 100644 --- a/provider/data_source_keycloak_group_test.go +++ b/provider/data_source_keycloak_group_test.go @@ -7,11 +7,10 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) func TestAccKeycloakDataSourceGroup_basic(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() group := "terraform-group-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +19,7 @@ func TestAccKeycloakDataSourceGroup_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakGroup_basic(realm, group), + Config: testDataSourceKeycloakGroup_basic(group), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), // realm role @@ -35,7 +34,7 @@ func TestAccKeycloakDataSourceGroup_basic(t *testing.T) { } func TestAccKeycloakDataSourceGroup_nested(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() group := "terraform-group-" + acctest.RandString(10) groupNested := "terraform-group-nested-" + acctest.RandString(10) @@ -45,7 +44,7 @@ func TestAccKeycloakDataSourceGroup_nested(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakGroup_nested(realm, group, groupNested), + Config: testDataSourceKeycloakGroup_nested(group, groupNested), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), testAccCheckKeycloakGroupExists("keycloak_group.group_nested"), @@ -71,8 +70,6 @@ func testAccCheckDataKeycloakGroup(resourceName string) resource.TestCheckFunc { return fmt.Errorf("resource not found: %s", resourceName) } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - id := rs.Primary.ID realmId := rs.Primary.Attributes["realm_id"] name := rs.Primary.Attributes["name"] @@ -90,55 +87,68 @@ func testAccCheckDataKeycloakGroup(resourceName string) resource.TestCheckFunc { } } -func testDataSourceKeycloakGroup_basic(realm, group string) string { +func testDataSourceKeycloakGroup_basic(group string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } # we create another group with a similar name to make the data lookup more realistic resource "keycloak_group" "similar_group" { name = "%s_with_similar_name" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } data "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" - name = "${keycloak_group.group.name}" + realm_id = data.keycloak_realm.realm.id + name = keycloak_group.group.name + + depends_on = [ + keycloak_group.group, + keycloak_group.similar_group, + ] } - `, realm, group, group) + `, testAccRealm.Realm, group, group) } -func testDataSourceKeycloakGroup_nested(realm, group, groupNested string) string { +func testDataSourceKeycloakGroup_nested(group, groupNested string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_group" "group_nested" { name = "%s" - parent_id = "${keycloak_group.group.id}" - realm_id = "${keycloak_realm.realm.id}" + parent_id = keycloak_group.group.id + realm_id = data.keycloak_realm.realm.id } data "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" - name = "${keycloak_group.group.name}" + realm_id = data.keycloak_realm.realm.id + name = keycloak_group.group.name + + depends_on = [ + keycloak_group.group + ] } data "keycloak_group" "group_nested" { - realm_id = "${keycloak_realm.realm.id}" - name = "${keycloak_group.group_nested.name}" + realm_id = data.keycloak_realm.realm.id + name = keycloak_group.group_nested.name + + depends_on = [ + keycloak_group.group_nested + ] } - `, realm, group, groupNested) + `, testAccRealm.Realm, group, groupNested) } diff --git a/provider/data_source_keycloak_openid_client_authorization_policy_test.go b/provider/data_source_keycloak_openid_client_authorization_policy_test.go index 7014af7a..a9b17d85 100644 --- a/provider/data_source_keycloak_openid_client_authorization_policy_test.go +++ b/provider/data_source_keycloak_openid_client_authorization_policy_test.go @@ -9,7 +9,7 @@ import ( ) func TestAccKeycloakDataSourceOpenidClientAuthorizationPolicy_basic(t *testing.T) { - realm := acctest.RandomWithPrefix("tf-acc-test") + t.Parallel() clientId := acctest.RandomWithPrefix("tf-acc-test") dataSourceName := "data.keycloak_openid_client_authorization_policy.test" @@ -18,10 +18,10 @@ func TestAccKeycloakDataSourceOpenidClientAuthorizationPolicy_basic(t *testing.T ProviderFactories: testAccProviderFactories, Steps: []resource.TestStep{ { - Config: testAccKeycloakOpenidClientAuthorizationPolicyConfig(realm, clientId), + Config: testAccKeycloakOpenidClientAuthorizationPolicyConfig(clientId), Check: resource.ComposeTestCheckFunc( resource.TestMatchResourceAttr(dataSourceName, "resource_server_id", regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$")), - resource.TestCheckResourceAttr(dataSourceName, "realm_id", realm), + resource.TestCheckResourceAttr(dataSourceName, "realm_id", testAccRealm.Realm), resource.TestCheckResourceAttr(dataSourceName, "name", "default"), resource.TestCheckResourceAttr(dataSourceName, "decision_strategy", "UNANIMOUS"), resource.TestCheckResourceAttr(dataSourceName, "logic", "POSITIVE"), @@ -32,37 +32,37 @@ func TestAccKeycloakDataSourceOpenidClientAuthorizationPolicy_basic(t *testing.T }) } -func testAccKeycloakOpenidClientAuthorizationPolicyConfig(realm, clientId string) string { +func testAccKeycloakOpenidClientAuthorizationPolicyConfig(clientId string) string { return fmt.Sprintf(` -resource keycloak_realm test { - realm = "%s" - enabled = true - display_name = "foo" - account_theme = "base" - access_code_lifespan = "30m" +data "keycloak_realm" "realm" { + realm = "%s" } -resource keycloak_openid_client test { - client_id = "%s" - name = "%s" - realm_id = "${keycloak_realm.test.id}" - description = "a test openid client" - standard_flow_enabled = true - service_accounts_enabled = true - access_type = "CONFIDENTIAL" - client_secret = "secret" - valid_redirect_uris = [ - "http://localhost:5555/callback", - ] - authorization { - policy_enforcement_mode = "ENFORCING" - } +resource "keycloak_openid_client" "test" { + client_id = "%s" + name = "%s" + realm_id = data.keycloak_realm.realm.id + description = "a test openid client" + standard_flow_enabled = true + service_accounts_enabled = true + access_type = "CONFIDENTIAL" + client_secret = "secret" + valid_redirect_uris = [ + "http://localhost:5555/callback", + ] + authorization { + policy_enforcement_mode = "ENFORCING" + } } -data keycloak_openid_client_authorization_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" +data "keycloak_openid_client_authorization_policy" "test" { + resource_server_id = keycloak_openid_client.test.resource_server_id + realm_id = data.keycloak_realm.realm.id name = "default" + + depends_on = [ + keycloak_openid_client.test, + ] } -`, realm, clientId, clientId) +`, testAccRealm.Realm, clientId, clientId) } diff --git a/provider/data_source_keycloak_openid_client_service_account_user_test.go b/provider/data_source_keycloak_openid_client_service_account_user_test.go index 67fb721e..d088952a 100644 --- a/provider/data_source_keycloak_openid_client_service_account_user_test.go +++ b/provider/data_source_keycloak_openid_client_service_account_user_test.go @@ -9,7 +9,7 @@ import ( ) func TestAccKeycloakDataSourceOpenidClientServiceAccountUser_basic(t *testing.T) { - realm := acctest.RandomWithPrefix("tf-acc-test") + t.Parallel() clientId := acctest.RandomWithPrefix("tf-acc-test") dataSourceName := "data.keycloak_openid_client_service_account_user.test" @@ -18,9 +18,9 @@ func TestAccKeycloakDataSourceOpenidClientServiceAccountUser_basic(t *testing.T) ProviderFactories: testAccProviderFactories, Steps: []resource.TestStep{ { - Config: testAccKeycloakOpenidClientServiceAccountUserConfig(realm, clientId), + Config: testAccKeycloakOpenidClientServiceAccountUserConfig(clientId), Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttr(dataSourceName, "realm_id", realm), + resource.TestCheckResourceAttr(dataSourceName, "realm_id", testAccRealm.Realm), resource.TestMatchResourceAttr(dataSourceName, "client_id", regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$")), resource.TestCheckResourceAttr(dataSourceName, "username", "service-account-"+clientId), ), @@ -29,39 +29,35 @@ func TestAccKeycloakDataSourceOpenidClientServiceAccountUser_basic(t *testing.T) }) } -func testAccKeycloakOpenidClientServiceAccountUserConfig(realm, clientId string) string { +func testAccKeycloakOpenidClientServiceAccountUserConfig(clientId string) string { return fmt.Sprintf(` -resource keycloak_realm test { - realm = "%s" - enabled = true - display_name = "foo" - account_theme = "base" - access_code_lifespan = "30m" +data "keycloak_realm" "realm" { + realm = "%s" } -resource keycloak_openid_client test { - name = "%s" - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - description = "a test openid client" - standard_flow_enabled = true - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - client_secret = "secret" - valid_redirect_uris = [ - "http://localhost:5555/callback", - ] - authorization { - policy_enforcement_mode = "ENFORCING" - } - web_origins = [ +resource "keycloak_openid_client" "test" { + name = "%s" + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + description = "a test openid client" + standard_flow_enabled = true + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + client_secret = "secret" + valid_redirect_uris = [ + "http://localhost:5555/callback", + ] + authorization { + policy_enforcement_mode = "ENFORCING" + } + web_origins = [ "http://localhost" - ] + ] } data keycloak_openid_client_service_account_user test { - client_id = "${keycloak_openid_client.test.id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.test.id } -`, realm, clientId, clientId) +`, testAccRealm.Realm, clientId, clientId) } diff --git a/provider/data_source_keycloak_openid_client_test.go b/provider/data_source_keycloak_openid_client_test.go index 76360a63..ba1518ce 100644 --- a/provider/data_source_keycloak_openid_client_test.go +++ b/provider/data_source_keycloak_openid_client_test.go @@ -8,7 +8,7 @@ import ( ) func TestAccKeycloakDataSourceOpenidClient_basic(t *testing.T) { - realm := acctest.RandomWithPrefix("tf-acc-test") + t.Parallel() clientId := acctest.RandomWithPrefix("tf-acc-test") dataSourceName := "data.keycloak_openid_client.test" resourceName := "keycloak_openid_client.test" @@ -18,7 +18,7 @@ func TestAccKeycloakDataSourceOpenidClient_basic(t *testing.T) { ProviderFactories: testAccProviderFactories, Steps: []resource.TestStep{ { - Config: testAccKeycloakOpenidClientConfig(realm, clientId), + Config: testAccKeycloakOpenidClientConfig(clientId), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrPair(dataSourceName, "client_id", resourceName, "client_id"), resource.TestCheckResourceAttrPair(dataSourceName, "realm_id", resourceName, "realm_id"), @@ -39,40 +39,40 @@ func TestAccKeycloakDataSourceOpenidClient_basic(t *testing.T) { }) } -func testAccKeycloakOpenidClientConfig(realm, clientId string) string { +func testAccKeycloakOpenidClientConfig(clientId string) string { return fmt.Sprintf(` -resource keycloak_realm test { - realm = "%s" - enabled = true - display_name = "foo" - account_theme = "base" - access_code_lifespan = "30m" +data "keycloak_realm" "realm" { + realm = "%s" } -resource keycloak_openid_client test { - name = "%s" - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - description = "a test openid client" - standard_flow_enabled = true - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - client_secret = "secret" - valid_redirect_uris = [ - "http://localhost:5555/callback", - ] - authorization { - policy_enforcement_mode = "ENFORCING" - } - web_origins = [ +resource "keycloak_openid_client" "test" { + name = "%s" + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + description = "a test openid client" + standard_flow_enabled = true + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + client_secret = "secret" + valid_redirect_uris = [ + "http://localhost:5555/callback", + ] + authorization { + policy_enforcement_mode = "ENFORCING" + } + web_origins = [ "http://localhost" - ] - full_scope_allowed = false + ] + full_scope_allowed = false } -data keycloak_openid_client test { - client_id = "${keycloak_openid_client.test.client_id}" - realm_id = "${keycloak_realm.test.id}" +data "keycloak_openid_client" "test" { + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.test.client_id + + depends_on = [ + keycloak_openid_client.test, + ] } -`, realm, clientId, clientId) +`, testAccRealm.Realm, clientId, clientId) } diff --git a/provider/data_source_keycloak_realm_keys_test.go b/provider/data_source_keycloak_realm_keys_test.go index 3d18ee11..d6d62bf8 100644 --- a/provider/data_source_keycloak_realm_keys_test.go +++ b/provider/data_source_keycloak_realm_keys_test.go @@ -4,13 +4,12 @@ import ( "fmt" "testing" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) func TestAccKeycloakDataSourceRealmKeys_basic(t *testing.T) { - realm := acctest.RandomWithPrefix("tf-acc-test") + t.Parallel() dataSourceName := "data.keycloak_realm_keys.test_keys" resource.Test(t, resource.TestCase{ @@ -18,7 +17,7 @@ func TestAccKeycloakDataSourceRealmKeys_basic(t *testing.T) { ProviderFactories: testAccProviderFactories, Steps: []resource.TestStep{ { - Config: testAccKeycloakRealmKeysConfig(realm), + Config: testAccKeycloakRealmKeysConfig(), Check: testKeycloakRealmKeysCheck_basic(dataSourceName), }, }, @@ -26,7 +25,7 @@ func TestAccKeycloakDataSourceRealmKeys_basic(t *testing.T) { } func TestAccKeycloakDataSourceRealmKeys_filterByAlgorithms(t *testing.T) { - realm := acctest.RandomWithPrefix("tf-acc-test") + t.Parallel() dataSourceName := "data.keycloak_realm_keys.test_keys" resource.Test(t, resource.TestCase{ @@ -34,7 +33,7 @@ func TestAccKeycloakDataSourceRealmKeys_filterByAlgorithms(t *testing.T) { ProviderFactories: testAccProviderFactories, Steps: []resource.TestStep{ { - Config: testAccKeycloakRealmKeysConfig_filterByAlgorithms(realm), + Config: testAccKeycloakRealmKeysConfig_filterByAlgorithms(), Check: testKeycloakRealmKeysCheck_filterByAlgorithms(dataSourceName), }, }, @@ -85,31 +84,27 @@ func testKeycloakRealmKeysCheck_filterByAlgorithms(dataSourceName string) resour } } -func testAccKeycloakRealmKeysConfig(realm string) string { +func testAccKeycloakRealmKeysConfig() string { return fmt.Sprintf(` -resource "keycloak_realm" "test" { - realm = "%s" - enabled = true - display_name = "test" +data "keycloak_realm" "realm" { + realm = "%s" } data "keycloak_realm_keys" "test_keys" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id } -`, realm) +`, testAccRealm.Realm) } -func testAccKeycloakRealmKeysConfig_filterByAlgorithms(realm string) string { +func testAccKeycloakRealmKeysConfig_filterByAlgorithms() string { return fmt.Sprintf(` -resource "keycloak_realm" "test" { - realm = "%s" - enabled = true - display_name = "test" +data "keycloak_realm" "realm" { + realm = "%s" } data "keycloak_realm_keys" "test_keys" { - realm_id = keycloak_realm.test.id - algorithms = ["RS256", "AES"] + realm_id = data.keycloak_realm.realm.id + algorithms = ["RS256", "AES"] } -`, realm) +`, testAccRealm.Realm) } diff --git a/provider/data_source_keycloak_realm_test.go b/provider/data_source_keycloak_realm_test.go index 7a395553..e1c073fe 100644 --- a/provider/data_source_keycloak_realm_test.go +++ b/provider/data_source_keycloak_realm_test.go @@ -42,6 +42,6 @@ resource "keycloak_realm" "my_realm" { } data "keycloak_realm" "realm" { - realm = "${keycloak_realm.my_realm.id}" + realm = keycloak_realm.my_realm.id }`, realm) } diff --git a/provider/data_source_keycloak_role_test.go b/provider/data_source_keycloak_role_test.go index 8269300c..b3b607fe 100644 --- a/provider/data_source_keycloak_role_test.go +++ b/provider/data_source_keycloak_role_test.go @@ -5,12 +5,11 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" "testing" ) func TestAccKeycloakDataSourceRole_basic(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) realmRole := "terraform-role-" + acctest.RandString(10) clientRole := "terraform-role-" + acctest.RandString(10) @@ -21,7 +20,7 @@ func TestAccKeycloakDataSourceRole_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakRole_basic(realm, client, realmRole, clientRole), + Config: testDataSourceKeycloakRole_basic(client, realmRole, clientRole), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakRoleExists("keycloak_role.realm_role"), testAccCheckKeycloakRoleExists("keycloak_role.client_role"), @@ -39,7 +38,7 @@ func TestAccKeycloakDataSourceRole_basic(t *testing.T) { resource.TestCheckResourceAttrPair("keycloak_role.client_role", "description", "data.keycloak_role.client_role", "description"), testAccCheckDataKeycloakRole("data.keycloak_role.client_role"), // offline_access - resource.TestCheckResourceAttrPair("keycloak_realm.realm", "realm", "data.keycloak_role.realm_offline_access", "realm_id"), + resource.TestCheckResourceAttrPair("data.keycloak_realm.realm", "realm", "data.keycloak_role.realm_offline_access", "realm_id"), resource.TestCheckResourceAttr("data.keycloak_role.realm_offline_access", "name", "offline_access"), testAccCheckDataKeycloakRole("data.keycloak_role.realm_offline_access"), ), @@ -55,8 +54,6 @@ func testAccCheckDataKeycloakRole(resourceName string) resource.TestCheckFunc { return fmt.Errorf("resource not found: %s", resourceName) } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - id := rs.Primary.ID realmId := rs.Primary.Attributes["realm_id"] name := rs.Primary.Attributes["name"] @@ -74,43 +71,51 @@ func testAccCheckDataKeycloakRole(resourceName string) resource.TestCheckFunc { } } -func testDataSourceKeycloakRole_basic(realm, client, realmRole, clientRole string) string { +func testDataSourceKeycloakRole_basic(client, realmRole, clientRole string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_role" "realm_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client.id } data "keycloak_role" "realm_role" { - realm_id = "${keycloak_realm.realm.id}" - name = "${keycloak_role.realm_role.name}" + realm_id = data.keycloak_realm.realm.id + name = keycloak_role.realm_role.name + + depends_on = [ + keycloak_role.realm_role + ] } data "keycloak_role" "client_role" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client.id}" - name = "${keycloak_role.client_role.name}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client.id + name = keycloak_role.client_role.name + + depends_on = [ + keycloak_role.client_role + ] } data "keycloak_role" "realm_offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } - `, realm, client, realmRole, clientRole) + `, testAccRealm.Realm, client, realmRole, clientRole) } diff --git a/provider/data_source_keycloak_saml_client_installation_provider_test.go b/provider/data_source_keycloak_saml_client_installation_provider_test.go index 2193ffd5..4524d6da 100644 --- a/provider/data_source_keycloak_saml_client_installation_provider_test.go +++ b/provider/data_source_keycloak_saml_client_installation_provider_test.go @@ -10,8 +10,8 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccKeycloakSamlClientInstallationProvider_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) +func TestAccKeycloakDataSourceSamlClientInstallationProvider_basic(t *testing.T) { + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resourceName := "keycloak_saml_client.saml_client" @@ -23,7 +23,7 @@ func TestAccKeycloakSamlClientInstallationProvider_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakSamlClientInstallationProvider_basic(realmName, clientId), + Config: testDataSourceKeycloakSamlClientInstallationProvider_basic(clientId), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair(dataSourceName, "realm_id", resourceName, "realm_id"), resource.TestCheckResourceAttrPair(dataSourceName, "client_id", resourceName, "id"), @@ -53,21 +53,21 @@ func testAccCheckDataKeycloakSamlClientInstallationProvider(resourceName string) } } -func testDataSourceKeycloakSamlClientInstallationProvider_basic(realm, clientId string) string { +func testDataSourceKeycloakSamlClientInstallationProvider_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } data "keycloak_saml_client_installation_provider" "saml_sp_descriptor" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id provider_id = "saml-sp-descriptor" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } diff --git a/provider/data_source_keycloak_user_test.go b/provider/data_source_keycloak_user_test.go index 180da239..867e3fd9 100644 --- a/provider/data_source_keycloak_user_test.go +++ b/provider/data_source_keycloak_user_test.go @@ -7,11 +7,10 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) func TestAccKeycloakDataSourceUser(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() username := acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +19,7 @@ func TestAccKeycloakDataSourceUser(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testDataSourceKeycloakUser(realm, username), + Config: testDataSourceKeycloakUser(username), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists("keycloak_user.user"), resource.TestCheckResourceAttrPair("keycloak_user.user", "id", "data.keycloak_user.user", "id"), @@ -40,8 +39,6 @@ func testAccCheckDataKeycloakUser(resourceName string) resource.TestCheckFunc { return fmt.Errorf("resource not found: %s", resourceName) } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - id := rs.Primary.ID realmID := rs.Primary.Attributes["realm_id"] username := rs.Primary.Attributes["username"] @@ -59,15 +56,15 @@ func testAccCheckDataKeycloakUser(resourceName string) resource.TestCheckFunc { } } -func testDataSourceKeycloakUser(realm, username string) string { +func testDataSourceKeycloakUser(username string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_user" "user" { username = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true email = "bob@domain.com" @@ -76,8 +73,12 @@ resource "keycloak_user" "user" { } data "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" - username = "${keycloak_user.user.username}" + realm_id = data.keycloak_realm.realm.id + username = keycloak_user.user.username + + depends_on = [ + keycloak_user.user + ] } - `, realm, username) + `, testAccRealm.Realm, username) } diff --git a/provider/generic_protocol_mapper_validation_test.go b/provider/generic_protocol_mapper_validation_test.go index 11d4b877..3bfd8cd2 100644 --- a/provider/generic_protocol_mapper_validation_test.go +++ b/provider/generic_protocol_mapper_validation_test.go @@ -18,7 +18,7 @@ import ( */ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -30,11 +30,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientDuplicateNameValidation(t CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientGroupMembershipMapper(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(groupMembershipProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -42,7 +42,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientDuplicateNameValidation(t } func TestAccKeycloakOpenIdFullNameProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -54,11 +54,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientScopeDuplicateNameValidat CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(groupMembershipProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientScopeDuplicateNameValidat } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -78,11 +78,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientDuplicateNameValid CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientFullNameMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientFullNameMapper(clientId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperExists(fullNameProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -90,7 +90,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientDuplicateNameValid } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -102,11 +102,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientScopeDuplicateName CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeFullNameMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeFullNameMapper(clientId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperExists(fullNameProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -114,7 +114,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientScopeDuplicateName } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -126,11 +126,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientDuplicateNameValidat CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientGroupMembershipMapper(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(groupMembershipProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientGroupMembershipAndUserAttributeMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientGroupMembershipAndUserAttributeMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -138,7 +138,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientDuplicateNameValidat } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -150,11 +150,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientScopeDuplicateNameVa CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(groupMembershipProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipAndUserAttributeMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeGroupMembershipAndUserAttributeMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -162,7 +162,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientScopeDuplicateNameVa } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -174,11 +174,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientDuplicateNameValidati CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientUserAttributeMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientUserAttributeMapper(clientId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(userAttributeProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientUserAttributeAndUserPropertyMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientUserAttributeAndUserPropertyMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -186,7 +186,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientDuplicateNameValidati } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -198,11 +198,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientScopeDuplicateNameVal CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeUserAttributeMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserAttributeMapper(clientId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(userAttributeProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeUserAttributeAndUserPropertyMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserAttributeAndUserPropertyMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -210,7 +210,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientScopeDuplicateNameVal } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -222,11 +222,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientDuplicateNameValida CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientUserPropertyMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientUserPropertyMapper(clientId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(userPropertyProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientUserPropertyAndHardcodedClaimMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientUserPropertyAndHardcodedClaimMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -234,7 +234,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientDuplicateNameValida } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -246,11 +246,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientScopeDuplicateNameV CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeUserPropertyMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserPropertyMapper(clientId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(userPropertyProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeUserPropertyAndHardcodedClaimMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserPropertyAndHardcodedClaimMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -258,7 +258,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientScopeDuplicateNameV } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-user-realm-role-mapper-" + acctest.RandString(5) @@ -270,11 +270,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_clientScopeDuplicateNameVa CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(clientId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(fullNameProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleAndHardcodedClaimMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleAndHardcodedClaimMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -282,7 +282,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_clientScopeDuplicateNameVa } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-user-client-role-mapper-" + acctest.RandString(5) @@ -294,11 +294,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientScopeDuplicateNameV CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeUserClientRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserClientRoleMapper(clientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(userClientRoleProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeUserClientRoleAndHardcodedClaimMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserClientRoleAndHardcodedClaimMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -306,7 +306,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientScopeDuplicateNameV } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -318,11 +318,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientDuplicateNameValid CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientRealmRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientRealmRoleMapper(clientId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(userRealmRoleProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientUserSessionNoteAndRealmRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientUserSessionNoteAndRealmRoleMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -330,7 +330,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientDuplicateNameValid } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) @@ -342,11 +342,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientScopeDuplicateName CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(clientId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(userRealmRoleProtocolMapperResourceName), }, { - Config: testGenericProtocolMapperValidation_clientScopeUserSessionNoteAndRealmRoleMapper(realmName, clientId, mapperName), + Config: testGenericProtocolMapperValidation_clientScopeUserSessionNoteAndRealmRoleMapper(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: a protocol mapper with name .+ already exists for this client"), }, }, @@ -359,7 +359,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientScopeDuplicateName */ func TestAccKeycloakOpenIdFullNameProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -367,7 +367,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_validateClientOrClientScopeSet( PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -375,7 +375,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_validateClientOrClientScopeSet( } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -383,7 +383,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_validateClientOrClientSc PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -391,7 +391,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_validateClientOrClientSc } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -399,7 +399,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClientOrClientScop PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -407,7 +407,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClientOrClientScop } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -415,7 +415,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClientOrClientScope PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -423,7 +423,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClientOrClientScope } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -431,7 +431,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClientOrClientSco PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -439,7 +439,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClientOrClientSco } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -447,7 +447,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClientOrClientScop PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -455,7 +455,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClientOrClientScop } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -463,7 +463,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClientOrClientSco PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, @@ -471,7 +471,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClientOrClientSco } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -479,21 +479,21 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClientOrClientSc PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_parentResourceValidation(realmName, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_parentResourceValidation(mapperName), ExpectError: regexp.MustCompile("validation error: one of ClientId or ClientScopeId must be set"), }, }, }) } -func testGenericProtocolMapperValidation_clientGroupMembershipMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientGroupMembershipMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -501,21 +501,21 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientFullNameMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientFullNameMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -523,19 +523,19 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" -}`, realmName, clientId, mapperName) + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientUserAttributeMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientUserAttributeMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -543,21 +543,21 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_attribute = "foo-attribute" claim_name = "bar-attribute" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientUserPropertyMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientUserPropertyMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -565,21 +565,21 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_property = "foo-property" claim_name = "bar-property" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientFullNameAndGroupMembershipMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -587,27 +587,27 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" -}`, realmName, clientId, mapperName, mapperName) + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientGroupMembershipAndUserAttributeMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientGroupMembershipAndUserAttributeMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -615,29 +615,29 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_attribute = "foo" claim_name = "bar" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientUserAttributeAndUserPropertyMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientUserAttributeAndUserPropertyMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -645,29 +645,29 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_attribute = "foo-attribute" claim_name = "bar-attribute" } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_property = "foo-property" claim_name = "bar-property" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientUserPropertyAndHardcodedClaimMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientUserPropertyAndHardcodedClaimMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -675,539 +675,475 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id user_property = "foo-property" claim_name = "bar-property" } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(realmName, clientScopeId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeGroupMembershipMapper(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testGenericProtocolMapperValidation_clientUserRealmRoleMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientUserSessionNoteAndRealmRoleMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } - resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" - - access_type = "BEARER-ONLY" -} - -resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" - - claim_name = "foo" - claim_value_type = "String" -}`, realmName, clientId, mapperName) -} - -func testGenericProtocolMapperValidation_clientUserClientRoleMapper(realmName, clientId, mapperName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" - - access_type = "BEARER-ONLY" -} - -resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" - - claim_name = "foo" - claim_value_type = "String" -}`, realmName, clientId, mapperName) -} - -func testGenericProtocolMapperValidation_clientUserSessionNoteAndRealmRoleMapper(realmName, clientId, mapperName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} -resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" claim_value_type = "String" } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientRealmRoleMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientRealmRoleMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id claim_name = "foo" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeFullNameMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeFullNameMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" -}`, realmName, clientId, mapperName) + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserAttributeMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserAttributeMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_attribute = "foo-attribute" claim_name = "bar-attribute" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserPropertyMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserPropertyMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_property = "foo-property" claim_name = "bar-property" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserRealmRoleMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar-property" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserClientRoleMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserClientRoleMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" - claim_name = "bar-property" -}`, realmName, clientId, mapperName) - -} - -func testGenericProtocolMapperValidation_clientScopeUserSessionNoteMapper(realmName, clientId, mapperName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} -resource "keycloak_openid_client_scope" "client_scope" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" -} -resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_validation" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar-property" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(realmName, clientScopeId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeFullNameAndGroupMembershipMapper(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar" } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" -}`, realmName, clientScopeId, mapperName, mapperName) + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id +}`, testAccRealm.Realm, clientScopeId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeGroupMembershipAndUserAttributeMapper(realmName, clientScopeId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeGroupMembershipAndUserAttributeMapper(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar" } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_attribute = "foo" claim_name = "bar" -}`, realmName, clientScopeId, mapperName, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserAttributeAndUserPropertyMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserAttributeAndUserPropertyMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_attribute = "foo-attribute" claim_name = "bar-attribute" } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_property = "foo-property" claim_name = "bar-property" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserPropertyAndHardcodedClaimMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserPropertyAndHardcodedClaimMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id user_property = "foo-property" claim_name = "bar-property" } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserRealmRoleAndHardcodedClaimMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserRealmRoleAndHardcodedClaimMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar-property" } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserClientRoleAndHardcodedClaimMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserClientRoleAndHardcodedClaimMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "bar-property" } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testGenericProtocolMapperValidation_clientScopeUserSessionNoteAndRealmRoleMapper(realmName, clientId, mapperName string) string { +func testGenericProtocolMapperValidation_clientScopeUserSessionNoteAndRealmRoleMapper(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "foo" claim_value_type = "String" } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id claim_name = "foo" -}`, realmName, clientId, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testKeycloakOpenIdFullNameProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdFullNameProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" -}`, realmName, mapperName) + realm_id = data.keycloak_realm.realm.id +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id claim_name = "bar" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdUserAttributeProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_attribute = "foo" claim_name = "bar" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdUserPropertyProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_property = "foo" claim_name = "bar" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id claim_name = "foo" claim_value_type = "String" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id claim_name = "foo" claim_value_type = "String" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_parentResourceValidation(realmName, mapperName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_parentResourceValidation(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id claim_name = "foo" claim_value_type = "String" -}`, realmName, mapperName) +}`, testAccRealm.Realm, mapperName) } diff --git a/provider/permissions.go b/provider/permissions.go new file mode 100644 index 00000000..18843605 --- /dev/null +++ b/provider/permissions.go @@ -0,0 +1,89 @@ +package provider + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/mrparkers/terraform-provider-keycloak/keycloak" +) + +func setOpenidClientScopePermissionPolicy(keycloakClient *keycloak.KeycloakClient, realmId, realmManagementClientId, authorizationPermissionId string, scopeDataSet *schema.Set) error { + var policies []string + + scopePermission := scopeDataSet.List()[0].(map[string]interface{}) + + if v, ok := scopePermission["policies"]; ok { + for _, policy := range v.(*schema.Set).List() { + policies = append(policies, policy.(string)) + } + } + + permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, authorizationPermissionId) + if err != nil { + return err + } + + if v, ok := scopePermission["description"]; ok { + permission.Description = v.(string) + } + + if v, ok := scopePermission["decision_strategy"]; ok { + permission.DecisionStrategy = v.(string) + } + + permission.Policies = policies + + return keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) +} + +func getOpenidClientScopePermissionPolicy(keycloakClient *keycloak.KeycloakClient, realmId string, realmManagementClientId, permissionId string) (map[string]interface{}, error) { + permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, permissionId) + if err != nil { + return nil, err + } + + if permission.Description == "" && permission.DecisionStrategy == "UNANIMOUS" && len(permission.Policies) == 0 { + return nil, nil + } + + permissionViewSettings := make(map[string]interface{}) + + if permission.Description != "" { + permissionViewSettings["description"] = permission.Description + } + + if permission.DecisionStrategy != "" { + permissionViewSettings["decision_strategy"] = permission.DecisionStrategy + } + + if len(permission.Policies) > 0 { + permissionViewSettings["policies"] = permission.Policies + } + + return permissionViewSettings, nil +} + +func scopePermissionsSchema() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policies": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + "description": { + Type: schema.TypeString, + Optional: true, + }, + "decision_strategy": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(keycloakOpenidClientResourcePermissionDecisionStrategies, false), + }, + }, + }, + } +} diff --git a/provider/provider.go b/provider/provider.go index b7b3509a..6916f0de 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -10,7 +10,7 @@ import ( "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) -func KeycloakProvider() *schema.Provider { +func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider { provider := &schema.Provider{ DataSourcesMap: map[string]*schema.Resource{ "keycloak_group": dataSourceKeycloakGroup(), @@ -159,6 +159,10 @@ func KeycloakProvider() *schema.Provider { } provider.ConfigureContextFunc = func(_ context.Context, data *schema.ResourceData) (interface{}, diag.Diagnostics) { + if client != nil { + return client, nil + } + url := data.Get("url").(string) basePath := data.Get("base_path").(string) clientId := data.Get("client_id").(string) @@ -174,6 +178,7 @@ func KeycloakProvider() *schema.Provider { var diags diag.Diagnostics userAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", provider.TerraformVersion, meta.SDKVersionString()) + keycloakClient, err := keycloak.NewKeycloakClient(url, basePath, clientId, clientSecret, realm, username, password, initialLogin, clientTimeout, rootCaCertificate, tlsInsecureSkipVerify, userAgent) if err != nil { diags = append(diags, diag.Diagnostic{ diff --git a/provider/provider_password_grant_test.go b/provider/provider_password_grant_test.go index 040bb21a..2493119a 100644 --- a/provider/provider_password_grant_test.go +++ b/provider/provider_password_grant_test.go @@ -19,9 +19,8 @@ func TestAccKeycloakProvider_passwordGrant(t *testing.T) { os.Unsetenv("KEYCLOAK_PASSWORD") }() - provider := KeycloakProvider() + provider := KeycloakProvider(keycloakClient) - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -33,7 +32,7 @@ func TestAccKeycloakProvider_passwordGrant(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_basic(realmName, clientId), + Config: testKeycloakOpenidClient_basic(clientId), }, }, }) diff --git a/provider/provider_test.go b/provider/provider_test.go index 26e1ae19..b4772355 100644 --- a/provider/provider_test.go +++ b/provider/provider_test.go @@ -2,6 +2,7 @@ package provider import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/meta" "github.com/mrparkers/terraform-provider-keycloak/keycloak" @@ -12,6 +13,9 @@ import ( var testAccProviderFactories map[string]func() (*schema.Provider, error) var testAccProvider *schema.Provider var keycloakClient *keycloak.KeycloakClient +var testAccRealm *keycloak.Realm +var testAccRealmTwo *keycloak.Realm +var testAccRealmUserFederation *keycloak.Realm var requiredEnvironmentVariables = []string{ "KEYCLOAK_CLIENT_ID", @@ -23,7 +27,7 @@ var requiredEnvironmentVariables = []string{ func init() { userAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", schema.Provider{}.TerraformVersion, meta.SDKVersionString()) keycloakClient, _ = keycloak.NewKeycloakClient(os.Getenv("KEYCLOAK_URL"), "/auth", os.Getenv("KEYCLOAK_CLIENT_ID"), os.Getenv("KEYCLOAK_CLIENT_SECRET"), os.Getenv("KEYCLOAK_REALM"), "", "", true, 5, "", false, userAgent) - testAccProvider = KeycloakProvider() + testAccProvider = KeycloakProvider(keycloakClient) testAccProviderFactories = map[string]func() (*schema.Provider, error){ "keycloak": func() (*schema.Provider, error) { return testAccProvider, nil @@ -31,6 +35,47 @@ func init() { } } +func TestMain(m *testing.M) { + testAccRealm = createTestRealm() + testAccRealmTwo = createTestRealm() + testAccRealmUserFederation = createTestRealm() + + code := m.Run() + + err := keycloakClient.DeleteRealm(testAccRealm.Realm) + if err != nil { + os.Exit(1) + } + + err = keycloakClient.DeleteRealm(testAccRealmTwo.Realm) + if err != nil { + os.Exit(1) + } + + err = keycloakClient.DeleteRealm(testAccRealmUserFederation.Realm) + if err != nil { + os.Exit(1) + } + + os.Exit(code) +} + +func createTestRealm() *keycloak.Realm { + name := acctest.RandomWithPrefix("tf-acc") + r := &keycloak.Realm{ + Id: name, + Realm: name, + Enabled: true, + } + + err := keycloakClient.NewRealm(r) + if err != nil { + os.Exit(1) + } + + return r +} + func TestProvider(t *testing.T) { if err := testAccProvider.InternalValidate(); err != nil { t.Fatalf("err: %s", err) diff --git a/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go b/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go index ade26e5a..e7ee5104 100644 --- a/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) userAttribute := "terraform-" + acctest.RandString(10) @@ -23,7 +23,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T) CheckDestroy: testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(realmName, alias, mapperName, userAttribute, claimName), + Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(alias, mapperName, userAttribute, claimName), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), }, }, @@ -31,7 +31,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T) } func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) userAttribute := "terraform-" + acctest.RandString(10) @@ -44,7 +44,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *t CheckDestroy: testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, userAttribute, claimName, syncMode), + Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, userAttribute, claimName, syncMode), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), }, }, @@ -52,9 +52,9 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *t } func TestAccKeycloakAttributeImporterIdentityProviderMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) userAttribute := "terraform-" + acctest.RandString(10) @@ -66,19 +66,17 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_createAfterManualDes CheckDestroy: testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(realmName, alias, mapperName, userAttribute, claimName), + Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(alias, mapperName, userAttribute, claimName), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperFetch("keycloak_attribute_importer_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(realmName, alias, mapperName, userAttribute, claimName), + Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(alias, mapperName, userAttribute, claimName), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), }, }, @@ -86,9 +84,9 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_createAfterManualDes } func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) userAttribute := "terraform-" + acctest.RandString(10) @@ -101,62 +99,29 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_crea CheckDestroy: testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, userAttribute, claimName, syncMode), + Config: testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, mapperName, userAttribute, claimName, syncMode), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperFetch("keycloak_attribute_importer_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(realmName, alias, mapperName, userAttribute, claimName), + Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(alias, mapperName, userAttribute, claimName), Check: testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), }, }, }) } -func TestAccKeycloakAttributeImporterIdentityProviderMapper_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - userAttribute := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(firstRealm, alias, mapperName, userAttribute, claimName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_attribute_importer_identity_provider_mapper.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakAttributeImporterIdentityProviderMapper_basic(secondRealm, alias, mapperName, userAttribute, claimName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakAttributeImporterIdentityProviderMapperExists("keycloak_attribute_importer_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_attribute_importer_identity_provider_mapper.oidc", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakAttributeImporterIdentityProviderMapper_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() identityProviderAliasName := "terraform-" + acctest.RandString(10) firstMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -166,7 +131,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_basicUpdateAll(t *te } secondMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -229,8 +194,6 @@ func testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy() resour alias := rs.Primary.Attributes["identity_provider_alias"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - mapper, _ := keycloakClient.GetIdentityProviderMapper(realm, alias, id) if mapper != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -242,8 +205,6 @@ func testAccCheckKeycloakAttributeImporterIdentityProviderMapperDestroy() resour } func getKeycloakAttributeImporterIdentityProviderMapperFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -261,14 +222,14 @@ func getKeycloakAttributeImporterIdentityProviderMapperFromState(s *terraform.St return mapper, nil } -func testKeycloakAttributeImporterIdentityProviderMapper_basic(realm, alias, name, userAttribute, claimName string) string { +func testKeycloakAttributeImporterIdentityProviderMapper_basic(alias, name, userAttribute, claimName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -277,23 +238,23 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_attribute_importer_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias user_attribute = "%s" claim_name = "%s" } - `, realm, alias, name, userAttribute, claimName) + `, testAccRealm.Realm, alias, name, userAttribute, claimName) } -func testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(realm, alias, name, userAttribute, claimName, syncMode string) string { +func testKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(alias, name, userAttribute, claimName, syncMode string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -302,36 +263,36 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_attribute_importer_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias user_attribute = "%s" claim_name = "%s" extra_config = { syncMode = "%s" } } - `, realm, alias, name, userAttribute, claimName, syncMode) + `, testAccRealm.Realm, alias, name, userAttribute, claimName, syncMode) } func testKeycloakAttributeImporterIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_identity_provider" "saml" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" single_sign_on_service_url = "https://example.com/auth" } resource keycloak_attribute_importer_identity_provider_mapper saml { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_saml_identity_provider.saml.alias}" + identity_provider_alias = keycloak_saml_identity_provider.saml.alias attribute_name = "%s" user_attribute = "%s" } - `, mapper.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Attribute, mapper.Config.UserAttribute) + `, testAccRealm.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Attribute, mapper.Config.UserAttribute) } diff --git a/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go b/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go index 6faf2432..6e64ae1b 100644 --- a/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -24,7 +24,7 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role, claimName, claimValue), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(alias, mapperName, role, claimName, claimValue), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basic(t *testing.T) { } func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -46,7 +46,7 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(t *tes CheckDestroy: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, role, claimName, claimValue, syncMode), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(alias, mapperName, role, claimName, claimValue, syncMode), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), }, }, @@ -54,9 +54,9 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(t *tes } func TestAccKeycloakAttributeToRoleIdentityProviderMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -69,19 +69,17 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_createAfterManualDestr CheckDestroy: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role, claimName, claimValue), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(alias, mapperName, role, claimName, claimValue), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperFetch("keycloak_attribute_to_role_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role, claimName, claimValue), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(alias, mapperName, role, claimName, claimValue), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), }, }, @@ -89,9 +87,9 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_createAfterManualDestr } func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -105,63 +103,29 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig_create CheckDestroy: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, role, claimName, claimValue, syncMode), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(alias, mapperName, role, claimName, claimValue, syncMode), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperFetch("keycloak_attribute_to_role_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, role, claimName, claimValue, syncMode), + Config: testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(alias, mapperName, role, claimName, claimValue, syncMode), Check: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), }, }, }) } -func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - claimValue := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(firstRealm, alias, mapperName, role, claimName, claimValue), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_attribute_to_role_identity_provider_mapper.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakAttributeToRoleIdentityProviderMapper_basic(secondRealm, alias, mapperName, role, claimName, claimValue), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakAttributeToRoleIdentityProviderMapperExists("keycloak_attribute_to_role_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_attribute_to_role_identity_provider_mapper.oidc", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() identityProviderAliasName := "terraform-" + acctest.RandString(10) firstMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -172,7 +136,7 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basicUpdateAll(t *test } secondMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -236,8 +200,6 @@ func testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy() resource alias := rs.Primary.Attributes["identity_provider_alias"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - mapper, _ := keycloakClient.GetIdentityProviderMapper(realm, alias, id) if mapper != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -249,8 +211,6 @@ func testAccCheckKeycloakAttributeToRoleIdentityProviderMapperDestroy() resource } func getKeycloakAttributeToRoleIdentityProviderMapperFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -268,14 +228,14 @@ func getKeycloakAttributeToRoleIdentityProviderMapperFromState(s *terraform.Stat return mapper, nil } -func testKeycloakAttributeToRoleIdentityProviderMapper_basic(realm, alias, name, role, claimName, claimValue string) string { +func testKeycloakAttributeToRoleIdentityProviderMapper_basic(alias, name, role, claimName, claimValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -284,24 +244,24 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_attribute_to_role_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias role = "%s" claim_name = "%s" claim_value = "%s" } - `, realm, alias, name, role, claimName, claimValue) + `, testAccRealm.Realm, alias, name, role, claimName, claimValue) } -func testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(realm, alias, name, role, claimName, claimValue, syncMode string) string { +func testKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(alias, name, role, claimName, claimValue, syncMode string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -310,9 +270,9 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_attribute_to_role_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias role = "%s" claim_name = "%s" claim_value = "%s" @@ -320,28 +280,28 @@ resource keycloak_attribute_to_role_identity_provider_mapper oidc { syncMode = "%s" } } - `, realm, alias, name, role, claimName, claimValue, syncMode) + `, testAccRealm.Realm, alias, name, role, claimName, claimValue, syncMode) } func testKeycloakAttributeToRoleIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_identity_provider" "saml" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" single_sign_on_service_url = "https://example.com/auth" } resource keycloak_attribute_to_role_identity_provider_mapper saml { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_saml_identity_provider.saml.alias}" + identity_provider_alias = keycloak_saml_identity_provider.saml.alias role = "%s" attribute_name = "%s" attribute_value = "%s" } - `, mapper.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Role, mapper.Config.Attribute, mapper.Config.AttributeValue) + `, testAccRealm.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Role, mapper.Config.Attribute, mapper.Config.AttributeValue) } diff --git a/provider/resource_keycloak_authentication_execution_config_test.go b/provider/resource_keycloak_authentication_execution_config_test.go index 821c171a..aa2da0d4 100644 --- a/provider/resource_keycloak_authentication_execution_config_test.go +++ b/provider/resource_keycloak_authentication_execution_config_test.go @@ -2,16 +2,22 @@ package provider import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "testing" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) func TestAccKeycloakAuthenticationExecutionConfig_basic(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + + flowAlias := acctest.RandomWithPrefix("tf-acc") + configAlias := acctest.RandomWithPrefix("tf-acc") + configProviderOne := acctest.RandomWithPrefix("tf-acc") + configProviderTwo := acctest.RandomWithPrefix("tf-acc") + var config1, config2 keycloak.AuthenticationExecutionConfig resource.Test(t, resource.TestCase{ @@ -20,23 +26,23 @@ func TestAccKeycloakAuthenticationExecutionConfig_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testAccKeycloakAuthenticationExecutionConfig(realmName), + Config: testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAlias, configProviderOne), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionConfigExists("keycloak_authentication_execution_config.config", &config1), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", realmName), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", "some-config-alias"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", testAccRealm.Realm), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", configAlias), resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.%", "1"), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", "some-config-default-idp"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", configProviderOne), ), }, { - Config: testAccKeycloakAuthenticationExecutionConfigUpdatedConfig(realmName), + Config: testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAlias, configProviderTwo), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionConfigExists("keycloak_authentication_execution_config.config", &config2), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", realmName), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", "some-config-alias"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", testAccRealm.Realm), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", configAlias), resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.%", "1"), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", "some-updated-config-default-idp"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", configProviderTwo), testAccCheckKeycloakAuthenticationExecutionConfigForceNew(&config1, &config2, false), ), }, @@ -45,7 +51,13 @@ func TestAccKeycloakAuthenticationExecutionConfig_basic(t *testing.T) { } func TestAccKeycloakAuthenticationExecutionConfig_updateForcesNew(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + + flowAlias := acctest.RandomWithPrefix("tf-acc") + configAliasOne := acctest.RandomWithPrefix("tf-acc") + configAliasTwo := acctest.RandomWithPrefix("tf-acc") + configProvider := acctest.RandomWithPrefix("tf-acc") + var config1, config2 keycloak.AuthenticationExecutionConfig resource.Test(t, resource.TestCase{ @@ -54,23 +66,23 @@ func TestAccKeycloakAuthenticationExecutionConfig_updateForcesNew(t *testing.T) CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testAccKeycloakAuthenticationExecutionConfig(realmName), + Config: testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAliasOne, configProvider), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionConfigExists("keycloak_authentication_execution_config.config", &config1), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", realmName), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", "some-config-alias"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", testAccRealm.Realm), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", configAliasOne), resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.%", "1"), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", "some-config-default-idp"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", configProvider), ), }, { - Config: testAccKeycloakAuthenticationExecutionConfigUpdatedAlias(realmName), + Config: testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAliasTwo, configProvider), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionConfigExists("keycloak_authentication_execution_config.config", &config2), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", realmName), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", "some-updated-config-alias"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "realm_id", testAccRealm.Realm), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "alias", configAliasTwo), resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.%", "1"), - resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", "some-config-default-idp"), + resource.TestCheckResourceAttr("keycloak_authentication_execution_config.config", "config.defaultProvider", configProvider), testAccCheckKeycloakAuthenticationExecutionConfigForceNew(&config1, &config2, true), ), }, @@ -79,7 +91,11 @@ func TestAccKeycloakAuthenticationExecutionConfig_updateForcesNew(t *testing.T) } func TestAccKeycloakAuthenticationExecutionConfig_import(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + + flowAlias := acctest.RandomWithPrefix("tf-acc") + configAlias := acctest.RandomWithPrefix("tf-acc") + configProvider := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -87,7 +103,7 @@ func TestAccKeycloakAuthenticationExecutionConfig_import(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationExecutionConfigDestroy, Steps: []resource.TestStep{ { - Config: testAccKeycloakAuthenticationExecutionConfig(realmName), + Config: testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAlias, configProvider), }, { ResourceName: "keycloak_authentication_execution_config.config", @@ -125,7 +141,6 @@ func testAccCheckKeycloakAuthenticationExecutionConfigExists(resourceName string config.ExecutionId = rs.Primary.Attributes["execution_id"] config.Id = rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) if err := keycloakClient.GetAuthenticationExecutionConfig(config); err != nil { return fmt.Errorf("error fetching authentication execution config: %v", err) } @@ -135,8 +150,6 @@ func testAccCheckKeycloakAuthenticationExecutionConfigExists(resourceName string } func testAccCheckKeycloakAuthenticationExecutionConfigDestroy(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - for _, rs := range s.RootModule().Resources { if rs.Type != "keycloak_authentication_execution_config" { continue @@ -171,83 +184,29 @@ func testAccCheckKeycloakAuthenticationExecutionConfigForceNew(old, new *keycloa } } -func testAccKeycloakAuthenticationExecutionConfig(realm string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" - alias = "some-flow-alias" -} - -resource "keycloak_authentication_execution" "execution" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - authenticator = "identity-provider-redirector" -} - -resource "keycloak_authentication_execution_config" "config" { - realm_id = "${keycloak_realm.realm.id}" - execution_id = "${keycloak_authentication_execution.execution.id}" - alias = "some-config-alias" - config = { - defaultProvider = "some-config-default-idp" - } -}`, realm) -} - -func testAccKeycloakAuthenticationExecutionConfigUpdatedConfig(realm string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" - alias = "some-flow-alias" -} - -resource "keycloak_authentication_execution" "execution" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - authenticator = "identity-provider-redirector" -} - -resource "keycloak_authentication_execution_config" "config" { - realm_id = "${keycloak_realm.realm.id}" - execution_id = "${keycloak_authentication_execution.execution.id}" - alias = "some-config-alias" - config = { - defaultProvider = "some-updated-config-default-idp" - } -}`, realm) -} - -func testAccKeycloakAuthenticationExecutionConfigUpdatedAlias(realm string) string { +func testAccKeycloakAuthenticationExecutionConfig(flowAlias, configAlias, configProvider string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" - alias = "some-flow-alias" + realm_id = data.keycloak_realm.realm.id + alias = "%s" } resource "keycloak_authentication_execution" "execution" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" + realm_id = data.keycloak_realm.realm.id + parent_flow_alias = keycloak_authentication_flow.flow.alias authenticator = "identity-provider-redirector" } resource "keycloak_authentication_execution_config" "config" { - realm_id = "${keycloak_realm.realm.id}" - execution_id = "${keycloak_authentication_execution.execution.id}" - alias = "some-updated-config-alias" + realm_id = data.keycloak_realm.realm.id + execution_id = keycloak_authentication_execution.execution.id + alias = "%s" config = { - defaultProvider = "some-config-default-idp" + defaultProvider = "%s" } -}`, realm) +}`, testAccRealm.Realm, flowAlias, configAlias, configProvider) } diff --git a/provider/resource_keycloak_authentication_execution_test.go b/provider/resource_keycloak_authentication_execution_test.go index 3842f97d..05d24060 100644 --- a/provider/resource_keycloak_authentication_execution_test.go +++ b/provider/resource_keycloak_authentication_execution_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakAuthenticationExecution_basic(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() parentAuthFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +20,7 @@ func TestAccKeycloakAuthenticationExecution_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationExecutionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationExecution_basic(realmName, parentAuthFlowAlias), + Config: testKeycloakAuthenticationExecution_basic(parentAuthFlowAlias), Check: testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), }, { @@ -34,9 +34,9 @@ func TestAccKeycloakAuthenticationExecution_basic(t *testing.T) { } func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing.T) { + t.Parallel() var authenticationExecution = &keycloak.AuthenticationExecution{} - realmName := "terraform-" + acctest.RandString(10) authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,7 +45,7 @@ func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing. CheckDestroy: testAccCheckKeycloakAuthenticationExecutionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationExecution_basic(realmName, authParentFlowAlias), + Config: testKeycloakAuthenticationExecution_basic(authParentFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), testAccCheckKeycloakAuthenticationExecutionFetch("keycloak_authentication_execution.execution", authenticationExecution), @@ -53,14 +53,12 @@ func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing. }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteAuthenticationExecution(authenticationExecution.RealmId, authenticationExecution.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAuthenticationExecution_basic(realmName, authParentFlowAlias), + Config: testKeycloakAuthenticationExecution_basic(authParentFlowAlias), Check: testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), }, }, @@ -68,7 +66,7 @@ func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing. } func TestAccKeycloakAuthenticationExecution_updateAuthenticationExecutionRequirement(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -77,21 +75,21 @@ func TestAccKeycloakAuthenticationExecution_updateAuthenticationExecutionRequire CheckDestroy: testAccCheckKeycloakAuthenticationSubFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationExecution_basic(realmName, authParentFlowAlias), + Config: testKeycloakAuthenticationExecution_basic(authParentFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), resource.TestCheckResourceAttr("keycloak_authentication_execution.execution", "requirement", "DISABLED"), ), }, { - Config: testKeycloakAuthenticationExecution_basicWithRequirement(realmName, authParentFlowAlias, "REQUIRED"), + Config: testKeycloakAuthenticationExecution_basicWithRequirement(authParentFlowAlias, "REQUIRED"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), resource.TestCheckResourceAttr("keycloak_authentication_execution.execution", "requirement", "REQUIRED"), ), }, { - Config: testKeycloakAuthenticationExecution_basicWithRequirement(realmName, authParentFlowAlias, "DISABLED"), + Config: testKeycloakAuthenticationExecution_basicWithRequirement(authParentFlowAlias, "DISABLED"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationExecutionExists("keycloak_authentication_execution.execution"), resource.TestCheckResourceAttr("keycloak_authentication_execution.execution", "requirement", "DISABLED"), @@ -138,8 +136,6 @@ func testAccCheckKeycloakAuthenticationExecutionDestroy() resource.TestCheckFunc realm := rs.Primary.Attributes["realm_id"] parentFlowAlias := rs.Primary.Attributes["parent_flow_alias"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - authenticationExecution, _ := keycloakClient.GetAuthenticationExecution(realm, parentFlowAlias, id) if authenticationExecution != nil { return fmt.Errorf("authentication flow with id %s still exists", id) @@ -151,8 +147,6 @@ func testAccCheckKeycloakAuthenticationExecutionDestroy() resource.TestCheckFunc } func getAuthenticationExecutionFromState(s *terraform.State, resourceName string) (*keycloak.AuthenticationExecution, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -186,41 +180,41 @@ func getExecutionImportId(resourceName string) resource.ImportStateIdFunc { } } -func testKeycloakAuthenticationExecution_basic(realm, parentAlias string) string { +func testKeycloakAuthenticationExecution_basic(parentAlias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_execution" "execution" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - authenticator = "auth-cookie" + realm_id = data.keycloak_realm.realm.id + parent_flow_alias = keycloak_authentication_flow.flow.alias + authenticator = "auth-cookie" } - `, realm, parentAlias) + `, testAccRealm.Realm, parentAlias) } -func testKeycloakAuthenticationExecution_basicWithRequirement(realm, parentAlias, requirement string) string { +func testKeycloakAuthenticationExecution_basicWithRequirement(parentAlias, requirement string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_execution" "execution" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - authenticator = "auth-cookie" - requirement = "%s" + realm_id = data.keycloak_realm.realm.id + parent_flow_alias = keycloak_authentication_flow.flow.alias + authenticator = "auth-cookie" + requirement = "%s" } - `, realm, parentAlias, requirement) + `, testAccRealm.Realm, parentAlias, requirement) } diff --git a/provider/resource_keycloak_authentication_flow_test.go b/provider/resource_keycloak_authentication_flow_test.go index 76690573..ee67e42e 100644 --- a/provider/resource_keycloak_authentication_flow_test.go +++ b/provider/resource_keycloak_authentication_flow_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakAuthenticationFlow_basic(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() authFlowAlias := "terraform-flow-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,23 +19,23 @@ func TestAccKeycloakAuthenticationFlow_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationFlow_basic(realmName, authFlowAlias), + Config: testKeycloakAuthenticationFlow_basic(authFlowAlias), Check: testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), }, { ResourceName: "keycloak_authentication_flow.flow", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { + t.Parallel() var authenticationFlow = &keycloak.AuthenticationFlow{} - realmName := "terraform-" + acctest.RandString(10) authFlowAlias := "terraform-flow-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -44,7 +44,7 @@ func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationFlow_basic(realmName, authFlowAlias), + Config: testKeycloakAuthenticationFlow_basic(authFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), testAccCheckKeycloakAuthenticationFlowFetch("keycloak_authentication_flow.flow", authenticationFlow), @@ -52,14 +52,12 @@ func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteAuthenticationFlow(authenticationFlow.RealmId, authenticationFlow.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAuthenticationFlow_basic(realmName, authFlowAlias), + Config: testKeycloakAuthenticationFlow_basic(authFlowAlias), Check: testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), }, }, @@ -67,7 +65,7 @@ func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakAuthenticationFlow_updateAuthenticationFlow(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() authFlowAliasBefore := "terraform-flow-before-" + acctest.RandString(10) authFlowAliasAfter := "terraform-flow-after-" + acctest.RandString(10) @@ -78,14 +76,14 @@ func TestAccKeycloakAuthenticationFlow_updateAuthenticationFlow(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationFlow_basic(realmName, authFlowAliasBefore), + Config: testKeycloakAuthenticationFlow_basic(authFlowAliasBefore), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), resource.TestCheckResourceAttr("keycloak_authentication_flow.flow", "alias", authFlowAliasBefore), ), }, { - Config: testKeycloakAuthenticationFlow_basic(realmName, authFlowAliasAfter), + Config: testKeycloakAuthenticationFlow_basic(authFlowAliasAfter), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), resource.TestCheckResourceAttr("keycloak_authentication_flow.flow", "alias", authFlowAliasAfter), @@ -96,8 +94,7 @@ func TestAccKeycloakAuthenticationFlow_updateAuthenticationFlow(t *testing.T) { } func TestAccKeycloakAuthenticationFlow_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() authFlowAlias := "terraform-flow-" + acctest.RandString(10) @@ -107,17 +104,17 @@ func TestAccKeycloakAuthenticationFlow_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationFlow_updateRealmBefore(realmOne, realmTwo, authFlowAlias), + Config: testKeycloakAuthenticationFlow_updateRealmBefore(authFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), - testAccCheckKeycloakAuthenticationFlowBelongsToRealm("keycloak_authentication_flow.flow", realmOne), + testAccCheckKeycloakAuthenticationFlowBelongsToRealm("keycloak_authentication_flow.flow", testAccRealm.Realm), ), }, { - Config: testKeycloakAuthenticationFlow_updateRealmAfter(realmOne, realmTwo, authFlowAlias), + Config: testKeycloakAuthenticationFlow_updateRealmAfter(authFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationFlowExists("keycloak_authentication_flow.flow"), - testAccCheckKeycloakAuthenticationFlowBelongsToRealm("keycloak_authentication_flow.flow", realmTwo), + testAccCheckKeycloakAuthenticationFlowBelongsToRealm("keycloak_authentication_flow.flow", testAccRealmTwo.Realm), ), }, }, @@ -174,8 +171,6 @@ func testAccCheckKeycloakAuthenticationFlowDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - authenticationFlow, _ := keycloakClient.GetAuthenticationFlow(realm, id) if authenticationFlow != nil { return fmt.Errorf("authentication flow with id %s still exists", id) @@ -187,8 +182,6 @@ func testAccCheckKeycloakAuthenticationFlowDestroy() resource.TestCheckFunc { } func getAuthenticationFlowFromState(s *terraform.State, resourceName string) (*keycloak.AuthenticationFlow, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -205,49 +198,49 @@ func getAuthenticationFlowFromState(s *terraform.State, resourceName string) (*k return authenticationFlow, nil } -func testKeycloakAuthenticationFlow_basic(realm, alias string) string { +func testKeycloakAuthenticationFlow_basic(alias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id alias = "%s" } - `, realm, alias) + `, testAccRealm.Realm, alias) } -func testKeycloakAuthenticationFlow_updateRealmBefore(realmOne, realmTwo, alias string) string { +func testKeycloakAuthenticationFlow_updateRealmBefore(alias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { alias = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id } - `, realmOne, realmTwo, alias) + `, testAccRealm.Realm, testAccRealmTwo.Realm, alias) } -func testKeycloakAuthenticationFlow_updateRealmAfter(realmOne, realmTwo, alias string) string { +func testKeycloakAuthenticationFlow_updateRealmAfter(alias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { alias = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id } - `, realmOne, realmTwo, alias) + `, testAccRealm.Realm, testAccRealmTwo.Realm, alias) } diff --git a/provider/resource_keycloak_authentication_subflow_test.go b/provider/resource_keycloak_authentication_subflow_test.go index 74cd7b1b..32743194 100644 --- a/provider/resource_keycloak_authentication_subflow_test.go +++ b/provider/resource_keycloak_authentication_subflow_test.go @@ -10,7 +10,8 @@ import ( ) func TestAccKeycloakAuthenticationSubFlow_basic(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + parentAuthFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) authFlowAlias := "terraform-flow-" + acctest.RandString(10) @@ -20,7 +21,7 @@ func TestAccKeycloakAuthenticationSubFlow_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakAuthenticationSubFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationSubFlow_basic(realmName, parentAuthFlowAlias, authFlowAlias), + Config: testKeycloakAuthenticationSubFlow_basic(parentAuthFlowAlias, authFlowAlias), Check: testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakAuthenticationSubFlow_basic(t *testing.T) { } func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var authenticationSubFlow = &keycloak.AuthenticationSubFlow{} - realmName := "terraform-" + acctest.RandString(10) authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) authFlowAlias := "terraform-flow-" + acctest.RandString(10) @@ -46,7 +48,7 @@ func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) CheckDestroy: testAccCheckKeycloakAuthenticationSubFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationSubFlow_basic(realmName, authParentFlowAlias, authFlowAlias), + Config: testKeycloakAuthenticationSubFlow_basic(authParentFlowAlias, authFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), testAccCheckKeycloakAuthenticationSubFlowFetch("keycloak_authentication_subflow.subflow", authenticationSubFlow), @@ -54,14 +56,12 @@ func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteAuthenticationSubFlow(authenticationSubFlow.RealmId, authenticationSubFlow.ParentFlowAlias, authenticationSubFlow.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakAuthenticationSubFlow_basic(realmName, authParentFlowAlias, authFlowAlias), + Config: testKeycloakAuthenticationSubFlow_basic(authParentFlowAlias, authFlowAlias), Check: testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), }, }, @@ -69,7 +69,8 @@ func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) } func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlow(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) authFlowAliasBefore := "terraform-flow-before-" + acctest.RandString(10) authFlowAliasAfter := "terraform-flow-after-" + acctest.RandString(10) @@ -80,14 +81,14 @@ func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlow(t *testing CheckDestroy: testAccCheckKeycloakAuthenticationSubFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationSubFlow_basic(realmName, authParentFlowAlias, authFlowAliasBefore), + Config: testKeycloakAuthenticationSubFlow_basic(authParentFlowAlias, authFlowAliasBefore), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), resource.TestCheckResourceAttr("keycloak_authentication_subflow.subflow", "alias", authFlowAliasBefore), ), }, { - Config: testKeycloakAuthenticationSubFlow_basic(realmName, authParentFlowAlias, authFlowAliasAfter), + Config: testKeycloakAuthenticationSubFlow_basic(authParentFlowAlias, authFlowAliasAfter), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), resource.TestCheckResourceAttr("keycloak_authentication_subflow.subflow", "alias", authFlowAliasAfter), @@ -98,7 +99,8 @@ func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlow(t *testing } func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlowRequirement(t *testing.T) { - realmName := "terraform-r-" + acctest.RandString(10) + t.Parallel() + authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) authFlowAlias := "terraform-flow-" + acctest.RandString(10) @@ -108,21 +110,21 @@ func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlowRequirement CheckDestroy: testAccCheckKeycloakAuthenticationSubFlowDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakAuthenticationSubFlow_basic(realmName, authParentFlowAlias, authFlowAlias), + Config: testKeycloakAuthenticationSubFlow_basic(authParentFlowAlias, authFlowAlias), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), resource.TestCheckResourceAttr("keycloak_authentication_subflow.subflow", "requirement", "DISABLED"), ), }, { - Config: testKeycloakAuthenticationSubFlow_basicWithRequirement(realmName, authParentFlowAlias, authFlowAlias, "REQUIRED"), + Config: testKeycloakAuthenticationSubFlow_basicWithRequirement(authParentFlowAlias, authFlowAlias, "REQUIRED"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), resource.TestCheckResourceAttr("keycloak_authentication_subflow.subflow", "requirement", "REQUIRED"), ), }, { - Config: testKeycloakAuthenticationSubFlow_basicWithRequirement(realmName, authParentFlowAlias, authFlowAlias, "DISABLED"), + Config: testKeycloakAuthenticationSubFlow_basicWithRequirement(authParentFlowAlias, authFlowAlias, "DISABLED"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakAuthenticationSubFlowExists("keycloak_authentication_subflow.subflow"), resource.TestCheckResourceAttr("keycloak_authentication_subflow.subflow", "requirement", "DISABLED"), @@ -170,8 +172,6 @@ func testAccCheckKeycloakAuthenticationSubFlowDestroy() resource.TestCheckFunc { realm := rs.Primary.Attributes["realm_id"] parentFlowAlias := rs.Primary.Attributes["parent_flow_alias"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - authenticationSubFlow, _ := keycloakClient.GetAuthenticationSubFlow(realm, parentFlowAlias, id) if authenticationSubFlow != nil { return fmt.Errorf("authentication flow with id %s still exists", id) @@ -183,8 +183,6 @@ func testAccCheckKeycloakAuthenticationSubFlowDestroy() resource.TestCheckFunc { } func getAuthenticationSubFlowFromState(s *terraform.State, resourceName string) (*keycloak.AuthenticationSubFlow, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -218,43 +216,45 @@ func getSubFlowImportId(resourceName string) resource.ImportStateIdFunc { } } -func testKeycloakAuthenticationSubFlow_basic(realm, parentAlias, alias string) string { +func testKeycloakAuthenticationSubFlow_basic(parentAlias, alias string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_subflow" "subflow" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - alias = "%s" + realm_id = data.keycloak_realm.realm.id + parent_flow_alias = keycloak_authentication_flow.flow.alias + + alias = "%s" provider_id = "basic-flow" } - `, realm, parentAlias, alias) + `, testAccRealm.Realm, parentAlias, alias) } -func testKeycloakAuthenticationSubFlow_basicWithRequirement(realm, parentAlias, alias, requirement string) string { +func testKeycloakAuthenticationSubFlow_basicWithRequirement(parentAlias, alias, requirement string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "flow" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id alias = "%s" } resource "keycloak_authentication_subflow" "subflow" { - realm_id = "${keycloak_realm.realm.id}" - parent_flow_alias = "${keycloak_authentication_flow.flow.alias}" - alias = "%s" + realm_id = data.keycloak_realm.realm.id + parent_flow_alias = keycloak_authentication_flow.flow.alias + + alias = "%s" provider_id = "basic-flow" requirement = "%s" } - `, realm, parentAlias, alias, requirement) + `, testAccRealm.Realm, parentAlias, alias, requirement) } diff --git a/provider/resource_keycloak_custom_user_federation_test.go b/provider/resource_keycloak_custom_user_federation_test.go index 4876b60c..5ed47667 100644 --- a/provider/resource_keycloak_custom_user_federation_test.go +++ b/provider/resource_keycloak_custom_user_federation_test.go @@ -11,9 +11,10 @@ import ( ) func TestAccKeycloakCustomUserFederation_basic(t *testing.T) { + t.Parallel() + skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom provider in CI - realmName := "terraform-" + acctest.RandString(10) name := "terraform-" + acctest.RandString(10) providerId := "custom" @@ -23,23 +24,24 @@ func TestAccKeycloakCustomUserFederation_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakCustomUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakCustomUserFederation_basic(realmName, name, providerId), + Config: testKeycloakCustomUserFederation_basic(name, providerId), Check: testAccCheckKeycloakCustomUserFederationExists("keycloak_custom_user_federation.custom"), }, { ResourceName: "keycloak_custom_user_federation.custom", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakCustomUserFederation_customConfig(t *testing.T) { + t.Parallel() + skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom provider in CI - realmName := "terraform-" + acctest.RandString(10) name := "terraform-" + acctest.RandString(10) configValue := "value-" + acctest.RandString(10) providerId := "custom" @@ -50,7 +52,7 @@ func TestAccKeycloakCustomUserFederation_customConfig(t *testing.T) { CheckDestroy: testAccCheckKeycloakCustomUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakCustomUserFederation_customConfig(realmName, name, providerId, configValue), + Config: testKeycloakCustomUserFederation_customConfig(name, providerId, configValue), Check: testAccCheckKeycloakCustomUserFederationExistsWithCustomConfig("keycloak_custom_user_federation.custom", configValue), }, }, @@ -58,11 +60,12 @@ func TestAccKeycloakCustomUserFederation_customConfig(t *testing.T) { } func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) { + t.Parallel() + skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom provider in CI var customFederation = &keycloak.CustomUserFederation{} - realmName := "terraform-" + acctest.RandString(10) name := "terraform-" + acctest.RandString(10) providerId := "custom" @@ -72,19 +75,17 @@ func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) CheckDestroy: testAccCheckKeycloakCustomUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakCustomUserFederation_basic(realmName, name, providerId), + Config: testKeycloakCustomUserFederation_basic(name, providerId), Check: testAccCheckKeycloakCustomUserFederationFetch("keycloak_custom_user_federation.custom", customFederation), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteCustomUserFederation(customFederation.RealmId, customFederation.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakCustomUserFederation_basic(realmName, name, providerId), + Config: testKeycloakCustomUserFederation_basic(name, providerId), Check: testAccCheckKeycloakCustomUserFederationExists("keycloak_custom_user_federation.custom"), }, }, @@ -92,7 +93,8 @@ func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) } func TestAccKeycloakCustomUserFederation_validation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + name := "terraform-" + acctest.RandString(10) providerId := acctest.RandString(10) @@ -102,7 +104,7 @@ func TestAccKeycloakCustomUserFederation_validation(t *testing.T) { CheckDestroy: testAccCheckKeycloakCustomUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakCustomUserFederation_basic(realmName, name, providerId), + Config: testKeycloakCustomUserFederation_basic(name, providerId), ExpectError: regexp.MustCompile("custom user federation provider with id .+ is not installed on the server"), }, }, @@ -130,8 +132,6 @@ func TestAccKeycloakCustomUserFederation_ParentIdDifferentFromRealmName(t *testi ImportStateId: realmName, ImportState: true, PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.NewRealm(realm) if err != nil { t.Fatal(err) @@ -194,8 +194,6 @@ func testAccCheckKeycloakCustomUserFederationDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - custom, _ := keycloakClient.GetCustomUserFederation(realm, id) if custom != nil { return fmt.Errorf("custom user federation with id %s still exists", id) @@ -207,8 +205,6 @@ func testAccCheckKeycloakCustomUserFederationDestroy() resource.TestCheckFunc { } func getCustomUserFederationFromState(s *terraform.State, resourceName string) (*keycloak.CustomUserFederation, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -225,31 +221,31 @@ func getCustomUserFederationFromState(s *terraform.State, resourceName string) ( return custom, nil } -func testKeycloakCustomUserFederation_basic(realm, name, providerId string) string { +func testKeycloakCustomUserFederation_basic(name, providerId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_custom_user_federation" "custom" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id provider_id = "%s" enabled = true } - `, realm, name, providerId) + `, testAccRealm.Realm, name, providerId) } -func testKeycloakCustomUserFederation_customConfig(realm, name, providerId, customConfigValue string) string { +func testKeycloakCustomUserFederation_customConfig(name, providerId, customConfigValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_custom_user_federation" "custom" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id provider_id = "%s" enabled = true @@ -258,7 +254,7 @@ resource "keycloak_custom_user_federation" "custom" { dummyConfig = "%s" } } - `, realm, name, providerId, customConfigValue) + `, testAccRealm.Realm, name, providerId, customConfigValue) } func testKeycloakCustomUserFederation_parentId(realm, name, providerId, parentId string) string { @@ -269,7 +265,7 @@ resource "keycloak_realm" "realm" { resource "keycloak_custom_user_federation" "custom" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = keycloak_realm.realm.id provider_id = "%s" parent_id = "%s" diff --git a/provider/resource_keycloak_default_groups_test.go b/provider/resource_keycloak_default_groups_test.go index f7c61110..83eb30c0 100644 --- a/provider/resource_keycloak_default_groups_test.go +++ b/provider/resource_keycloak_default_groups_test.go @@ -158,8 +158,6 @@ func testAccNoDefaultGroups(resourceName string, groupNames []string) resource.T } func testAccGetGroupsFromDefaultGroup(resourceName string, s *terraform.State) ([]keycloak.Group, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -178,12 +176,14 @@ resource "keycloak_realm" "realm" { resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = keycloak_realm.realm.id } resource "keycloak_default_groups" "group_default" { - realm_id = "${keycloak_realm.realm.id}" - group_ids = ["${keycloak_group.group.id}"] + realm_id = keycloak_realm.realm.id + group_ids = [ + keycloak_group.group.id + ] } `, realmName, groupName) } @@ -196,7 +196,7 @@ resource "keycloak_realm" "realm" { resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = keycloak_realm.realm.id }`, realmName, groupName) } @@ -211,7 +211,7 @@ resource "keycloak_realm" "realm" { out += fmt.Sprintf(` resource "keycloak_group" "%s" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = keycloak_realm.realm.id }`, group, group) } @@ -222,7 +222,7 @@ resource "keycloak_group" "%s" { out += fmt.Sprintf(` resource "keycloak_default_groups" "group_default" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = keycloak_realm.realm.id group_ids = %s }`, arrayOfStringsForTerraformResource(defaultGroupResources)) diff --git a/provider/resource_keycloak_generic_client_protocol_mapper_test.go b/provider/resource_keycloak_generic_client_protocol_mapper_test.go index e49c9261..0f896dd5 100644 --- a/provider/resource_keycloak_generic_client_protocol_mapper_test.go +++ b/provider/resource_keycloak_generic_client_protocol_mapper_test.go @@ -11,16 +11,13 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -const ( - TF_RESOURCE_NAME = "client_protocol_mapper" -) - func TestAccKeycloakGenericClientProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) - resourceName := "keycloak_generic_client_protocol_mapper." + TF_RESOURCE_NAME + resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -28,7 +25,7 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakGenericClientProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGenericClientProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakGenericClientProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakGenericClientProtocolMapperExists(resourceName), }, }, @@ -36,11 +33,12 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakGenericClientProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() + clientScopeId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) - resourceName := "keycloak_generic_client_protocol_mapper." + TF_RESOURCE_NAME + resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -48,7 +46,7 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClientScope(t *testing.T) { CheckDestroy: testAccKeycloakGenericClientProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGenericClientProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakGenericClientProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakGenericClientProtocolMapperExists(resourceName), }, }, @@ -56,11 +54,12 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClientScope(t *testing.T) { } func TestAccKeycloakGenericClientProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) - resourceName := "keycloak_generic_client_protocol_mapper." + TF_RESOURCE_NAME + resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -68,7 +67,7 @@ func TestAccKeycloakGenericClientProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakGenericClientProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGenericClientProtocolMapper_import(realmName, clientId, mapperName), + Config: testKeycloakGenericClientProtocolMapper_import(clientId, mapperName), Check: testKeycloakGenericClientProtocolMapperExists(resourceName), }, { @@ -81,12 +80,13 @@ func TestAccKeycloakGenericClientProtocolMapper_import(t *testing.T) { }) } -func TestGenericClientProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) +func TestAccKeycloakGenericClientProtocolMapper_update(t *testing.T) { + t.Parallel() + clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) - resourceName := "keycloak_generic_client_protocol_mapper." + TF_RESOURCE_NAME + resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" oldAttributeName := "attribute-name-" + acctest.RandString(10) oldAttributeValue := "attribute-name-" + acctest.RandString(10) @@ -99,11 +99,11 @@ func TestGenericClientProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakGenericClientProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGenericClientProtocolMapper_update(realmName, clientId, mapperName, oldAttributeName, oldAttributeValue), + Config: testKeycloakGenericClientProtocolMapper_update(clientId, mapperName, oldAttributeName, oldAttributeValue), Check: testKeycloakGenericClientProtocolMapperExists(resourceName), }, { - Config: testKeycloakGenericClientProtocolMapper_update(realmName, clientId, mapperName, newAttributeName, newAttributeValue), + Config: testKeycloakGenericClientProtocolMapper_update(clientId, mapperName, newAttributeName, newAttributeValue), Check: resource.ComposeTestCheckFunc( testKeycloakGenericClientProtocolMapperExists(resourceName), resource.TestCheckResourceAttr(resourceName, "config.attribute.name", newAttributeName), @@ -113,9 +113,6 @@ func TestGenericClientProtocolMapper_update(t *testing.T) { }) } -/* ================================================================================================================= - Helper functions - ================================================================================================================= */ func testAccKeycloakGenericClientProtocolMapperDestroy() resource.TestCheckFunc { return func(state *terraform.State) error { for resourceName, rs := range state.RootModule().Resources { @@ -145,111 +142,109 @@ func getGenericClientProtocolMapperUsingState(state *terraform.State, resourceNa clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetGenericClientProtocolMapper(realmId, clientId, clientScopeId, mapperId) } -func testKeycloakGenericClientProtocolMapper_basic_client(realmName string, clientId string, mapperName string) string { +func testKeycloakGenericClientProtocolMapper_basic_client(clientId string, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = "%s" } -resource "keycloak_generic_client_protocol_mapper" "%s" { - client_id = "${keycloak_saml_client.saml_client.id}" - name = "%s" - protocol = "saml" - protocol_mapper = "saml-hardcode-attribute-mapper" - realm_id = "${keycloak_realm.realm.id}" - config = { - "attribute.name" = "name" - "attribute.nameformat" = "Basic" - "attribute.value" = "value" - "friendly.name" = "%s" - } -}`, realmName, clientId, TF_RESOURCE_NAME, mapperName, mapperName) +resource "keycloak_generic_client_protocol_mapper" "client_protocol_mapper" { + client_id = keycloak_saml_client.saml_client.id + name = "%s" + protocol = "saml" + protocol_mapper = "saml-hardcode-attribute-mapper" + realm_id = data.keycloak_realm.realm.id + config = { + "attribute.name" = "name" + "attribute.nameformat" = "Basic" + "attribute.value" = "value" + "friendly.name" = "%s" + } +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testKeycloakGenericClientProtocolMapper_basic_clientScope(realmName string, clientScopeId string, mapperName string) string { +func testKeycloakGenericClientProtocolMapper_basic_clientScope(clientScopeId string, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } -resource "keycloak_generic_client_protocol_mapper" "%s" { +resource "keycloak_generic_client_protocol_mapper" "client_protocol_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id protocol = "openid-connect" protocol_mapper = "oidc-usermodel-property-mapper" config = { "user.attribute" = "foo" "claim.name" = "bar" } -}`, realmName, clientScopeId, TF_RESOURCE_NAME, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakGenericClientProtocolMapper_import(realmName string, clientId string, mapperName string) string { +func testKeycloakGenericClientProtocolMapper_import(clientId string, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } -resource "keycloak_generic_client_protocol_mapper" "%s" { - client_id = "${keycloak_saml_client.saml_client.id}" +resource "keycloak_generic_client_protocol_mapper" "client_protocol_mapper" { + client_id = keycloak_saml_client.saml_client.id name = "%s" protocol = "saml" protocol_mapper = "saml-hardcode-attribute-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id config = { "attribute.name" = "name" "attribute.nameformat" = "Basic" "attribute.value" = "value" "friendly.name" = "%s" } -}`, realmName, clientId, TF_RESOURCE_NAME, mapperName, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, mapperName) } -func testKeycloakGenericClientProtocolMapper_update(realmName string, clientId string, mapperName string, attributeName string, attributeValue string) string { +func testKeycloakGenericClientProtocolMapper_update(clientId string, mapperName string, attributeName string, attributeValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } -resource "keycloak_generic_client_protocol_mapper" "%s" { - client_id = "${keycloak_saml_client.saml_client.id}" +resource "keycloak_generic_client_protocol_mapper" "client_protocol_mapper" { + client_id = keycloak_saml_client.saml_client.id name = "%s" protocol = "saml" protocol_mapper = "saml-hardcode-attribute-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id config = { "attribute.name" = "%s" "attribute.nameformat" = "Basic" "attribute.value" = "%s" "friendly.name" = "%s" } -}`, realmName, clientId, TF_RESOURCE_NAME, mapperName, attributeName, attributeValue, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, attributeName, attributeValue, mapperName) } func testKeycloakGenericClientProtocolMapperExists(resourceName string) resource.TestCheckFunc { diff --git a/provider/resource_keycloak_generic_client_role_mapper_test.go b/provider/resource_keycloak_generic_client_role_mapper_test.go index 4771e92a..4da771c3 100644 --- a/provider/resource_keycloak_generic_client_role_mapper_test.go +++ b/provider/resource_keycloak_generic_client_role_mapper_test.go @@ -10,8 +10,9 @@ import ( "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) -func TestGenericRoleMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) +func TestAccKeycloakGenericRoleMapper_basic(t *testing.T) { + t.Parallel() + parentClientName := "client1-" + acctest.RandString(10) parentRoleName := "role-" + acctest.RandString(10) childClientName := "client2-" + acctest.RandString(10) @@ -21,18 +22,19 @@ func TestGenericRoleMapper_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMapping_basic(realmName, parentClientName, parentRoleName, childClientName), + Config: testKeycloakGenericRoleMapping_basic(parentClientName, parentRoleName, childClientName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.child-client-with-parent-client-role"), }, }, }) } -func TestGenericRoleMapper_createAfterManualDestroy(t *testing.T) { +func TestAccKeycloakGenericRoleMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var role = &keycloak.Role{} var childClient = &keycloak.GenericClient{} - realmName := "terraform-" + acctest.RandString(10) parentClientName := "client1-" + acctest.RandString(10) parentRoleName := "role-" + acctest.RandString(10) childClientName := "client2-" + acctest.RandString(10) @@ -42,7 +44,7 @@ func TestGenericRoleMapper_createAfterManualDestroy(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMapping_basic(realmName, parentClientName, parentRoleName, childClientName), + Config: testKeycloakGenericRoleMapping_basic(parentClientName, parentRoleName, childClientName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.child-client-with-parent-client-role"), testAccCheckKeycloakRoleFetch("keycloak_role.parent-role", role), @@ -51,21 +53,21 @@ func TestGenericRoleMapper_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteRoleScopeMapping(childClient.RealmId, childClient.Id, "", role) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGenericRoleMapping_basic(realmName, parentClientName, parentRoleName, childClientName), + Config: testKeycloakGenericRoleMapping_basic(parentClientName, parentRoleName, childClientName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.child-client-with-parent-client-role"), }, }, }) } -func TestGenericRoleMapper_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + +func TestAccKeycloakGenericRoleMapper_import(t *testing.T) { + t.Parallel() + parentClientName := "client1-" + acctest.RandString(10) parentRoleName := "role-" + acctest.RandString(10) childClientName := "client2-" + acctest.RandString(10) @@ -77,7 +79,7 @@ func TestGenericRoleMapper_import(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMapping_basic(realmName, parentClientName, parentRoleName, childClientName), + Config: testKeycloakGenericRoleMapping_basic(parentClientName, parentRoleName, childClientName), Check: testAccCheckKeycloakScopeMappingExists(resourceName), }, { @@ -90,8 +92,9 @@ func TestGenericRoleMapper_import(t *testing.T) { }) } -func TestGenericRoleMapperClientScope_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) +func TestAccKeycloakGenericRoleMapperClientScope_basic(t *testing.T) { + t.Parallel() + clientName := "client-" + acctest.RandString(10) roleName := "role-" + acctest.RandString(10) clientScopeName := "clientscope-" + acctest.RandString(10) @@ -101,15 +104,16 @@ func TestGenericRoleMapperClientScope_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMappingClientScope_basic(realmName, clientName, roleName, clientScopeName), + Config: testKeycloakGenericRoleMappingClientScope_basic(clientName, roleName, clientScopeName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-client-role"), }, }, }) } -func TestGenericRoleMapperClientScope_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) +func TestAccKeycloakGenericRoleMapperClientScope_import(t *testing.T) { + t.Parallel() + clientName := "client-" + acctest.RandString(10) roleName := "role-" + acctest.RandString(10) clientScopeName := "clientscope-" + acctest.RandString(10) @@ -121,7 +125,7 @@ func TestGenericRoleMapperClientScope_import(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMappingClientScope_basic(realmName, clientName, roleName, clientScopeName), + Config: testKeycloakGenericRoleMappingClientScope_basic(clientName, roleName, clientScopeName), Check: testAccCheckKeycloakScopeMappingExists(resourceName), }, { @@ -134,8 +138,9 @@ func TestGenericRoleMapperClientScope_import(t *testing.T) { }) } -func TestGenericRealmLevelRoleMapperClientScope_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) +func TestAccKeycloakGenericRealmLevelRoleMapperClientScope_basic(t *testing.T) { + t.Parallel() + roleName := "role-" + acctest.RandString(10) clientScopeName := "clientscope-" + acctest.RandString(10) @@ -144,18 +149,19 @@ func TestGenericRealmLevelRoleMapperClientScope_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(realmName, roleName, clientScopeName), + Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(roleName, clientScopeName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-realm-role"), }, }, }) } -func TestGenericRealmLevelRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { +func TestAccKeycloakGenericRealmLevelRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var role = &keycloak.Role{} var clientScope = &keycloak.OpenidClientScope{} - realmName := "terraform-" + acctest.RandString(10) roleName := "role-" + acctest.RandString(10) clientScopeName := "clientscope-" + acctest.RandString(10) @@ -164,7 +170,7 @@ func TestGenericRealmLevelRoleMapperClientScope_createAfterManualDestroy(t *test PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(realmName, roleName, clientScopeName), + Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(roleName, clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-realm-role"), testAccCheckKeycloakRoleFetch("keycloak_role.role", role), @@ -173,25 +179,24 @@ func TestGenericRealmLevelRoleMapperClientScope_createAfterManualDestroy(t *test }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteRoleScopeMapping(clientScope.RealmId, "", clientScope.Id, role) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(realmName, roleName, clientScopeName), + Config: testKeycloakGenericRealmLevelRoleMappingClientScope_basic(roleName, clientScopeName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-realm-role"), }, }, }) } -func TestGenericRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { +func TestAccKeycloakGenericRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var role = &keycloak.Role{} var clientScope = &keycloak.OpenidClientScope{} - realmName := "terraform-" + acctest.RandString(10) clientName := "client-" + acctest.RandString(10) roleName := "role-" + acctest.RandString(10) clientScopeName := "clientscope-" + acctest.RandString(10) @@ -201,7 +206,7 @@ func TestGenericRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGenericRoleMappingClientScope_basic(realmName, clientName, roleName, clientScopeName), + Config: testKeycloakGenericRoleMappingClientScope_basic(clientName, roleName, clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-client-role"), testAccCheckKeycloakRoleFetch("keycloak_role.role", role), @@ -210,107 +215,18 @@ func TestGenericRoleMapperClientScope_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteRoleScopeMapping(clientScope.RealmId, "", clientScope.Id, role) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGenericRoleMappingClientScope_basic(realmName, clientName, roleName, clientScopeName), + Config: testKeycloakGenericRoleMappingClientScope_basic(clientName, roleName, clientScopeName), Check: testAccCheckKeycloakScopeMappingExists("keycloak_generic_client_role_mapper.clientscope-with-client-role"), }, }, }) } -func testKeycloakGenericRoleMapping_basic(realmName, parentClientName, parentRoleName, childClientName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_openid_client" "parent-client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" - access_type = "PUBLIC" -} - -resource "keycloak_role" "parent-role" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.parent-client.id}" - name = "%s" -} - -resource "keycloak_openid_client" "child-client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" - access_type = "PUBLIC" -} - -resource "keycloak_generic_client_role_mapper" "child-client-with-parent-client-role" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.child-client.id}" - role_id = "${keycloak_role.parent-role.id}" -} - `, realmName, parentClientName, parentRoleName, childClientName) -} - -func testKeycloakGenericRoleMappingClientScope_basic(realmName, clientName, roleName, clientScopeName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_openid_client" "client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" - access_type = "PUBLIC" -} - -resource "keycloak_role" "role" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client.id}" - name = "%s" -} - -resource "keycloak_openid_client_scope" "clientscope" { - realm_id = "${keycloak_realm.realm.id}" - name = "%s" -} - -resource "keycloak_generic_client_role_mapper" "clientscope-with-client-role" { - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.clientscope.id}" - role_id = "${keycloak_role.role.id}" -} - `, realmName, clientName, roleName, clientScopeName) -} - -func testKeycloakGenericRealmLevelRoleMappingClientScope_basic(realmName, roleName, clientScopeName string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_role" "role" { - realm_id = "${keycloak_realm.realm.id}" - name = "%s" -} - -resource "keycloak_openid_client_scope" "clientscope" { - realm_id = "${keycloak_realm.realm.id}" - name = "%s" -} - -resource "keycloak_generic_client_role_mapper" "clientscope-with-realm-role" { - realm_id = "${keycloak_realm.realm.id}" - client_scope_id = "${keycloak_openid_client_scope.clientscope.id}" - role_id = "${keycloak_role.role.id}" -} - `, realmName, roleName, clientScopeName) -} - func testAccCheckKeycloakScopeMappingExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { _, ok := s.RootModule().Resources[resourceName] @@ -352,8 +268,6 @@ func testAccCheckKeycloakOpenidClientScopeFetch(resourceName string, clientScope } func getGenericClientFromState(s *terraform.State, resourceName string) (*keycloak.GenericClient, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -371,8 +285,6 @@ func getGenericClientFromState(s *terraform.State, resourceName string) (*keyclo } func getOpenidClientScopeFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientScope, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -399,3 +311,90 @@ func getGenericRoleMapperId(resourceName string) resource.ImportStateIdFunc { return rs.Primary.ID, nil } } + +func testKeycloakGenericRoleMapping_basic(parentClientName, parentRoleName, childClientName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client" "parent-client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + access_type = "PUBLIC" +} + +resource "keycloak_role" "parent-role" { + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.parent-client.id + name = "%s" +} + +resource "keycloak_openid_client" "child-client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + access_type = "PUBLIC" +} + +resource "keycloak_generic_client_role_mapper" "child-client-with-parent-client-role" { + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.child-client.id + role_id = keycloak_role.parent-role.id +} + `, testAccRealm.Realm, parentClientName, parentRoleName, childClientName) +} + +func testKeycloakGenericRoleMappingClientScope_basic(clientName, roleName, clientScopeName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client" "client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + access_type = "PUBLIC" +} + +resource "keycloak_role" "role" { + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client.id + name = "%s" +} + +resource "keycloak_openid_client_scope" "clientscope" { + realm_id = data.keycloak_realm.realm.id + name = "%s" +} + +resource "keycloak_generic_client_role_mapper" "clientscope-with-client-role" { + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.clientscope.id + role_id = keycloak_role.role.id +} + `, testAccRealm.Realm, clientName, roleName, clientScopeName) +} + +func testKeycloakGenericRealmLevelRoleMappingClientScope_basic(roleName, clientScopeName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_role" "role" { + realm_id = data.keycloak_realm.realm.id + name = "%s" +} + +resource "keycloak_openid_client_scope" "clientscope" { + realm_id = data.keycloak_realm.realm.id + name = "%s" +} + +resource "keycloak_generic_client_role_mapper" "clientscope-with-realm-role" { + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.clientscope.id + role_id = keycloak_role.role.id +} + `, testAccRealm.Realm, roleName, clientScopeName) +} diff --git a/provider/resource_keycloak_group_memberships_test.go b/provider/resource_keycloak_group_memberships_test.go index 30b9e44b..425d0141 100644 --- a/provider/resource_keycloak_group_memberships_test.go +++ b/provider/resource_keycloak_group_memberships_test.go @@ -12,7 +12,8 @@ import ( ) func TestAccKeycloakGroupMemberships_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) username := "terraform-user-" + acctest.RandString(10) @@ -21,13 +22,13 @@ func TestAccKeycloakGroupMemberships_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_basic(realmName, groupName, username), + Config: testKeycloakGroupMemberships_basic(groupName, username), Check: testAccCheckUserBelongsToGroup("keycloak_group_memberships.group_members", username), }, { // we need a separate test for destroy instead of using CheckDestroy because this resource is implicitly // destroyed at the end of each test via destroying users or groups they're tied to - Config: testKeycloakGroupMemberships_noGroupMemberships(realmName, groupName, username), + Config: testKeycloakGroupMemberships_noGroupMemberships(groupName, username), Check: testAccCheckUsersDontBelongToGroup("keycloak_group.group", []string{username}), }, }, @@ -35,7 +36,8 @@ func TestAccKeycloakGroupMemberships_basic(t *testing.T) { } func TestAccKeycloakGroupMemberships_moreThan100members(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -43,14 +45,14 @@ func TestAccKeycloakGroupMemberships_moreThan100members(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_moreThan100members(realmName, groupName), + Config: testKeycloakGroupMemberships_moreThan100members(groupName), }, }, }) } func TestAccKeycloakGroupMemberships_updateGroupForceNew(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() groupOne := "terraform-group-" + acctest.RandString(10) groupTwo := "terraform-group-" + acctest.RandString(10) @@ -62,11 +64,11 @@ func TestAccKeycloakGroupMemberships_updateGroupForceNew(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_updateGroupForceNew(realmName, groupOne, groupTwo, username, "group_one"), + Config: testKeycloakGroupMemberships_updateGroupForceNew(groupOne, groupTwo, username, "group_one"), Check: testAccCheckUserBelongsToGroup("keycloak_group_memberships.group_members", username), }, { - Config: testKeycloakGroupMemberships_updateGroupForceNew(realmName, groupOne, groupTwo, username, "group_two"), + Config: testKeycloakGroupMemberships_updateGroupForceNew(groupOne, groupTwo, username, "group_two"), Check: testAccCheckUserBelongsToGroup("keycloak_group_memberships.group_members", username), }, }, @@ -74,7 +76,8 @@ func TestAccKeycloakGroupMemberships_updateGroupForceNew(t *testing.T) { } func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) allUsersForTest := []string{ @@ -98,12 +101,12 @@ func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { Steps: []resource.TestStep{ // init { - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, allUsersForTest, allUsersForTest), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, allUsersForTest, allUsersForTest), Check: testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", allUsersForTest), }, // remove { - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, allUsersForTest, subsetOfUsers), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, allUsersForTest, subsetOfUsers), Check: resource.ComposeTestCheckFunc( testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", subsetOfUsers), testAccCheckUsersDontBelongToGroup("keycloak_group_memberships.group_members", []string{randomUserToRemove}), @@ -111,7 +114,7 @@ func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { }, // add { - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, allUsersForTest, allUsersForTest), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, allUsersForTest, allUsersForTest), Check: testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", allUsersForTest), }, }, @@ -119,7 +122,8 @@ func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { } func TestAccKeycloakGroupMemberships_userDoesNotExist(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) username := "terraform-user-" + acctest.RandString(10) @@ -128,7 +132,7 @@ func TestAccKeycloakGroupMemberships_userDoesNotExist(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_userDoesNotExist(realmName, groupName, username), + Config: testKeycloakGroupMemberships_userDoesNotExist(groupName, username), ExpectError: regexp.MustCompile("user with username .+ does not exist"), }, }, @@ -137,7 +141,8 @@ func TestAccKeycloakGroupMemberships_userDoesNotExist(t *testing.T) { // if a user is removed from a group controlled by this resource, terraform should add them again func TestAccKeycloakGroupMemberships_authoritativeAdd(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) usersInGroup := []string{ @@ -151,26 +156,24 @@ func TestAccKeycloakGroupMemberships_authoritativeAdd(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, usersInGroup, usersInGroup), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, usersInGroup, usersInGroup), Check: testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", usersInGroup), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - groupsWithName, err := keycloakClient.ListGroupsWithName(realmName, groupName) + groupsWithName, err := keycloakClient.ListGroupsWithName(testAccRealm.Realm, groupName) if err != nil { t.Fatal(err) } userToManuallyRemove := usersInGroup[acctest.RandIntRange(0, len(usersInGroup)-1)] - err = keycloakClient.RemoveUsersFromGroup(realmName, groupsWithName[0].Id, []interface{}{userToManuallyRemove}) + err = keycloakClient.RemoveUsersFromGroup(testAccRealm.Realm, groupsWithName[0].Id, []interface{}{userToManuallyRemove}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, usersInGroup, usersInGroup), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, usersInGroup, usersInGroup), Check: testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", usersInGroup), }, }, @@ -179,7 +182,8 @@ func TestAccKeycloakGroupMemberships_authoritativeAdd(t *testing.T) { // if a user is added to a group controlled by this resource, terraform should remove them func TestAccKeycloakGroupMemberships_authoritativeRemove(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) allUsersForTest := []string{ @@ -203,24 +207,22 @@ func TestAccKeycloakGroupMemberships_authoritativeRemove(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, allUsersForTest, usersInGroup), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, allUsersForTest, usersInGroup), Check: testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", usersInGroup), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - groupsWithName, err := keycloakClient.ListGroupsWithName(realmName, groupName) + groupsWithName, err := keycloakClient.ListGroupsWithName(testAccRealm.Realm, groupName) if err != nil { t.Fatal(err) } - err = keycloakClient.AddUsersToGroup(realmName, groupsWithName[0].Id, []interface{}{userToManuallyAdd}) + err = keycloakClient.AddUsersToGroup(testAccRealm.Realm, groupsWithName[0].Id, []interface{}{userToManuallyAdd}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGroupMemberships_multipleUsers(realmName, groupName, allUsersForTest, usersInGroup), + Config: testKeycloakGroupMemberships_multipleUsers(groupName, allUsersForTest, usersInGroup), Check: resource.ComposeTestCheckFunc( testAccCheckUsersBelongToGroup("keycloak_group_memberships.group_members", usersInGroup), testAccCheckUsersDontBelongToGroup("keycloak_group_memberships.group_members", []string{userToManuallyAdd}), @@ -232,7 +234,8 @@ func TestAccKeycloakGroupMemberships_authoritativeRemove(t *testing.T) { // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakGroupMemberships_noImportNeeded(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) username := "terraform-user-" + acctest.RandString(10) @@ -241,24 +244,22 @@ func TestAccKeycloakGroupMemberships_noImportNeeded(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_noGroupMemberships(realmName, groupName, username), + Config: testKeycloakGroupMemberships_noGroupMemberships(groupName, username), Check: testAccCheckUsersDontBelongToGroup("keycloak_group.group", []string{username}), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - groupsWithName, err := keycloakClient.ListGroupsWithName(realmName, groupName) + groupsWithName, err := keycloakClient.ListGroupsWithName(testAccRealm.Realm, groupName) if err != nil { t.Fatal(err) } - err = keycloakClient.AddUsersToGroup(realmName, groupsWithName[0].Id, []interface{}{username}) + err = keycloakClient.AddUsersToGroup(testAccRealm.Realm, groupsWithName[0].Id, []interface{}{username}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGroupMemberships_basic(realmName, groupName, username), + Config: testKeycloakGroupMemberships_basic(groupName, username), Check: testAccCheckUserBelongsToGroup("keycloak_group.group", username), }, }, @@ -266,7 +267,8 @@ func TestAccKeycloakGroupMemberships_noImportNeeded(t *testing.T) { } func TestAccKeycloakGroupMemberships_validateLowercaseUsernames(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) randomString := acctest.RandString(10) username := "terraform-user-" + randomString @@ -277,7 +279,7 @@ func TestAccKeycloakGroupMemberships_validateLowercaseUsernames(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_hardcodedUsername(realmName, groupName, username, usernameWithUppercaseCharacters), + Config: testKeycloakGroupMemberships_hardcodedUsername(groupName, username, usernameWithUppercaseCharacters), ExpectError: regexp.MustCompile("expected all usernames within group membership to be lowercase"), }, }, @@ -285,7 +287,8 @@ func TestAccKeycloakGroupMemberships_validateLowercaseUsernames(t *testing.T) { } func TestAccKeycloakGroupMemberships_createAfterManualDestroy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) username := "terraform-user-" + acctest.RandString(10) resourceName := "keycloak_group_memberships.group_members" @@ -297,10 +300,9 @@ func TestAccKeycloakGroupMemberships_createAfterManualDestroy(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupMemberships_basic(realmName, groupName, username), + Config: testKeycloakGroupMemberships_basic(groupName, username), Check: resource.ComposeTestCheckFunc( - testAccCheckUserBelongsToGroup(resourceName, username), - func(s *terraform.State) error { + testAccCheckUserBelongsToGroup(resourceName, username), func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("resource not found: %s", resourceName) @@ -315,14 +317,12 @@ func TestAccKeycloakGroupMemberships_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - err := keycloakClient.DeleteGroup(realmName, *groupId) + err := keycloakClient.DeleteGroup(testAccRealm.Realm, *groupId) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGroupMemberships_basic(realmName, groupName, username), + Config: testKeycloakGroupMemberships_basic(groupName, username), Check: testAccCheckUserBelongsToGroup(resourceName, username), }, }, @@ -330,8 +330,6 @@ func TestAccKeycloakGroupMemberships_createAfterManualDestroy(t *testing.T) { } func testAccGetUsersInGroupFromGroupMembershipsState(resourceName string, s *terraform.State) ([]*keycloak.User, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -399,100 +397,101 @@ func testAccCheckUsersDontBelongToGroup(resourceName string, users []string) res } } -func testKeycloakGroupMemberships_basic(realm, group, username string) string { +func testKeycloakGroupMemberships_basic(group, username string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id members = [ - "${keycloak_user.user.username}" + keycloak_user.user.username ] } - `, realm, group, username) + `, testAccRealm.Realm, group, username) } -func testKeycloakGroupMemberships_moreThan100members(realm, group string) string { +func testKeycloakGroupMemberships_moreThan100members(group string) string { count := 110 return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } resource "keycloak_group" "group" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" + name = "%s" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_user" "users" { count = %d - realm_id = "${keycloak_realm.realm.id}" - username = "terraform-user-${count.index}" + + realm_id = data.keycloak_realm.realm.id + username = "terraform-user-${count.index}" } resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id - members = "${keycloak_user.users.*.username}" + members = keycloak_user.users.*.username } - `, realm, group, count) + `, testAccRealm.Realm, group, count) } -func testKeycloakGroupMemberships_updateGroupForceNew(realm, groupOne, groupTwo, username, currentGroup string) string { +func testKeycloakGroupMemberships_updateGroupForceNew(groupOne, groupTwo, username, currentGroup string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_group" "group_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.%s.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.%s.id members = [ - "${keycloak_user.user.username}" + keycloak_user.user.username ] } - `, realm, groupOne, groupTwo, username, currentGroup) + `, testAccRealm.Realm, groupOne, groupTwo, username, currentGroup) } // this tf config provides a good way to test users that exist within keycloak but are not necessarily part of a group -func testKeycloakGroupMemberships_multipleUsers(realm, group string, definedUsers, usersInGroup []string) string { +func testKeycloakGroupMemberships_multipleUsers(group string, definedUsers, usersInGroup []string) string { var userResources strings.Builder for _, username := range definedUsers { userResources.WriteString(fmt.Sprintf(` resource "keycloak_user" "user_%s" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } `, username, username)) @@ -504,89 +503,89 @@ resource "keycloak_user" "user_%s" { } return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } %s resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id members = %s } - `, realm, group, userResources.String(), arrayOfStringsForTerraformResource(usersInGroupInterpolated)) + `, testAccRealm.Realm, group, userResources.String(), arrayOfStringsForTerraformResource(usersInGroupInterpolated)) } -func testKeycloakGroupMemberships_userDoesNotExist(realm, group, username string) string { +func testKeycloakGroupMemberships_userDoesNotExist(group, username string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id members = [ "%s" ] } - `, realm, group, username) + `, testAccRealm.Realm, group, username) } -func testKeycloakGroupMemberships_noGroupMemberships(realm, group, username string) string { +func testKeycloakGroupMemberships_noGroupMemberships(group, username string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } - `, realm, group, username) + `, testAccRealm.Realm, group, username) } -func testKeycloakGroupMemberships_hardcodedUsername(realm, group, username, hardcodedUsername string) string { +func testKeycloakGroupMemberships_hardcodedUsername(group, username, hardcodedUsername string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } resource "keycloak_group_memberships" "group_members" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id members = [ "%s" ] } - `, realm, group, username, hardcodedUsername) + `, testAccRealm.Realm, group, username, hardcodedUsername) } diff --git a/provider/resource_keycloak_group_roles_test.go b/provider/resource_keycloak_group_roles_test.go index b87ef0d3..e8e70caf 100644 --- a/provider/resource_keycloak_group_roles_test.go +++ b/provider/resource_keycloak_group_roles_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakGroupRoles_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + realmRoleName := "terraform-role-" + acctest.RandString(10) openIdClientName := "terraform-openid-client-" + acctest.RandString(10) openIdRoleName := "terraform-role-" + acctest.RandString(10) @@ -24,7 +25,7 @@ func TestAccKeycloakGroupRoles_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakGroupRoles_basic(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName), + Config: testKeycloakGroupRoles_basic(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, { @@ -34,7 +35,7 @@ func TestAccKeycloakGroupRoles_basic(t *testing.T) { }, // check destroy { - Config: testKeycloakGroupRoles_noGroupRoles(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName), + Config: testKeycloakGroupRoles_noGroupRoles(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName), Check: testAccCheckKeycloakGroupHasNoRoles("keycloak_group.group"), }, }, @@ -42,7 +43,7 @@ func TestAccKeycloakGroupRoles_basic(t *testing.T) { } func TestAccKeycloakGroupRoles_update(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() realmRoleOneName := "terraform-role-" + acctest.RandString(10) realmRoleTwoName := "terraform-role-" + acctest.RandString(10) @@ -70,17 +71,17 @@ func TestAccKeycloakGroupRoles_update(t *testing.T) { Steps: []resource.TestStep{ // initial setup, resource is defined but no roles are specified { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{}), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{}), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // add all roles { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, allRoleIds), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, allRoleIds), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // remove some { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ "${keycloak_role.realm_role_two.id}", "${keycloak_role.openid_client_role_one.id}", "${keycloak_role.openid_client_role_two.id}", @@ -90,7 +91,7 @@ func TestAccKeycloakGroupRoles_update(t *testing.T) { }, // add some and remove some { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ "${keycloak_role.saml_client_role_one.id}", "${keycloak_role.saml_client_role_two.id}", "${keycloak_role.realm_role_one.id}", @@ -99,7 +100,7 @@ func TestAccKeycloakGroupRoles_update(t *testing.T) { }, // add some and remove some again { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{ "${keycloak_role.saml_client_role_one.id}", "${keycloak_role.openid_client_role_two.id}", "${keycloak_role.realm_role_two.id}", @@ -109,27 +110,27 @@ func TestAccKeycloakGroupRoles_update(t *testing.T) { }, // add all back { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, allRoleIds), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, allRoleIds), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // random scenario 1 { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // random scenario 2 { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // random scenario 3 { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, // remove all { - Config: testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{}), + Config: testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, []string{}), Check: testAccCheckKeycloakGroupHasRoles("keycloak_group_roles.group_roles"), }, }, @@ -138,8 +139,6 @@ func TestAccKeycloakGroupRoles_update(t *testing.T) { func testAccCheckKeycloakGroupHasRoles(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("resource not found: %s", resourceName) @@ -209,8 +208,6 @@ func testAccCheckKeycloakGroupHasRoles(resourceName string) resource.TestCheckFu func testAccCheckKeycloakGroupHasNoRoles(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("resource not found: %s", resourceName) @@ -232,178 +229,178 @@ func testAccCheckKeycloakGroupHasNoRoles(resourceName string) resource.TestCheck } } -func testKeycloakGroupRoles_basic(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName string) string { +func testKeycloakGroupRoles_basic(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id } resource "keycloak_role" "saml_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } resource "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" } resource "keycloak_group_roles" "group_roles" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id role_ids = [ - "${keycloak_role.realm_role.id}", - "${keycloak_role.openid_client_role.id}", - "${keycloak_role.saml_client_role.id}", - "${data.keycloak_role.offline_access.id}", + keycloak_role.realm_role.id, + keycloak_role.openid_client_role.id, + keycloak_role.saml_client_role.id, + data.keycloak_role.offline_access.id, ] } - `, realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName) } -func testKeycloakGroupRoles_noGroupRoles(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName string) string { +func testKeycloakGroupRoles_noGroupRoles(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id } resource "keycloak_role" "saml_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } resource "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" } - `, realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, groupName) } -func testKeycloakGroupRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName string, roleIds []string) string { +func testKeycloakGroupRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName string, roleIds []string) string { tfRoleIds := fmt.Sprintf("role_ids = %s", arrayOfStringsForTerraformResource(roleIds)) return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id } resource "keycloak_role" "openid_client_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id } resource "keycloak_role" "saml_client_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id } resource "keycloak_role" "saml_client_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } resource "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" } resource "keycloak_group_roles" "group_roles" { - realm_id = "${keycloak_realm.realm.id}" - group_id = "${keycloak_group.group.id}" + realm_id = data.keycloak_realm.realm.id + group_id = keycloak_group.group.id %s } - `, realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, tfRoleIds) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, groupName, tfRoleIds) } diff --git a/provider/resource_keycloak_group_test.go b/provider/resource_keycloak_group_test.go index 18dd4f00..0805a002 100644 --- a/provider/resource_keycloak_group_test.go +++ b/provider/resource_keycloak_group_test.go @@ -12,47 +12,50 @@ import ( ) func TestAccKeycloakGroup_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-group-" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) - runTestBasicGroup(t, realmName, groupName, attributeName, attributeValue) + runTestBasicGroup(t, groupName, attributeName, attributeValue) } func TestAccKeycloakGroup_basicGroupNameContainsBackSlash(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform/group/" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) - runTestBasicGroup(t, realmName, groupName, attributeName, attributeValue) + runTestBasicGroup(t, groupName, attributeName, attributeValue) } -func runTestBasicGroup(t *testing.T, realmName, groupName, attributeName, attributeValue string) { +func runTestBasicGroup(t *testing.T, groupName, attributeName, attributeValue string) { resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, PreCheck: func() { testAccPreCheck(t) }, CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGroup_basic(realmName, groupName, attributeName, attributeValue), + Config: testKeycloakGroup_basic(groupName, attributeName, attributeValue), Check: testAccCheckKeycloakGroupExists("keycloak_group.group"), }, { ResourceName: "keycloak_group.group", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var group = &keycloak.Group{} - realmName := "terraform-" + acctest.RandString(10) groupName := "terraform-group-" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) @@ -63,7 +66,7 @@ func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGroup_basic(realmName, groupName, attributeName, attributeValue), + Config: testKeycloakGroup_basic(groupName, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), testAccCheckKeycloakGroupFetch("keycloak_group.group", group), @@ -71,14 +74,12 @@ func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteGroup(group.RealmId, group.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakGroup_basic(realmName, groupName, attributeName, attributeValue), + Config: testKeycloakGroup_basic(groupName, attributeName, attributeValue), Check: testAccCheckKeycloakGroupExists("keycloak_group.group"), }, }, @@ -86,7 +87,7 @@ func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakGroup_updateGroupName(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() groupNameBefore := "terraform-group-" + acctest.RandString(10) groupNameAfter := "terraform-group-" + acctest.RandString(10) @@ -99,14 +100,14 @@ func TestAccKeycloakGroup_updateGroupName(t *testing.T) { CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGroup_basic(realmName, groupNameBefore, attributeName, attributeValue), + Config: testKeycloakGroup_basic(groupNameBefore, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), resource.TestCheckResourceAttr("keycloak_group.group", "name", groupNameBefore), ), }, { - Config: testKeycloakGroup_basic(realmName, groupNameAfter, attributeName, attributeValue), + Config: testKeycloakGroup_basic(groupNameAfter, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), resource.TestCheckResourceAttr("keycloak_group.group", "name", groupNameAfter), @@ -117,8 +118,7 @@ func TestAccKeycloakGroup_updateGroupName(t *testing.T) { } func TestAccKeycloakGroup_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() group := "terraform-group-" + acctest.RandString(10) @@ -128,17 +128,17 @@ func TestAccKeycloakGroup_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGroup_updateRealmBefore(realmOne, realmTwo, group), + Config: testKeycloakGroup_updateRealmBefore(group), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), - testAccCheckKeycloakGroupBelongsToRealm("keycloak_group.group", realmOne), + testAccCheckKeycloakGroupBelongsToRealm("keycloak_group.group", testAccRealm.Realm), ), }, { - Config: testKeycloakGroup_updateRealmAfter(realmOne, realmTwo, group), + Config: testKeycloakGroup_updateRealmAfter(group), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists("keycloak_group.group"), - testAccCheckKeycloakGroupBelongsToRealm("keycloak_group.group", realmTwo), + testAccCheckKeycloakGroupBelongsToRealm("keycloak_group.group", testAccRealmTwo.Realm), ), }, }, @@ -146,24 +146,26 @@ func TestAccKeycloakGroup_updateRealm(t *testing.T) { } func TestAccKeycloakGroup_nested(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + parentGroupName := "terraform-parent-group-" + acctest.RandString(10) firstChildGroupName := "terraform-child-group-" + acctest.RandString(10) secondChildGroupName := "terraform-child-group-" + acctest.RandString(10) - runTestNestedGroup(t, realmName, parentGroupName, firstChildGroupName, secondChildGroupName) + runTestNestedGroup(t, parentGroupName, firstChildGroupName, secondChildGroupName) } func TestAccKeycloakGroup_nestedGroupNameContainsBackSlash(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + parentGroupName := "terraform/parent/group/" + acctest.RandString(10) firstChildGroupName := "terraform/child/group/" + acctest.RandString(10) secondChildGroupName := "terraform/child/group/" + acctest.RandString(10) - runTestNestedGroup(t, realmName, parentGroupName, firstChildGroupName, secondChildGroupName) + runTestNestedGroup(t, parentGroupName, firstChildGroupName, secondChildGroupName) } -func runTestNestedGroup(t *testing.T, realmName, parentGroupName, firstChildGroupName, secondChildGroupName string) { +func runTestNestedGroup(t *testing.T, parentGroupName, firstChildGroupName, secondChildGroupName string) { parentGroupResource := "keycloak_group.parent_group" firstChildGroupResource := "keycloak_group.first_child_group" secondChildGroupResource := "keycloak_group.second_child_group" @@ -174,7 +176,7 @@ func runTestNestedGroup(t *testing.T, realmName, parentGroupName, firstChildGrou CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakGroup_nested(realmName, parentGroupName, firstChildGroupName, secondChildGroupName, firstChildGroupResource), + Config: testKeycloakGroup_nested(parentGroupName, firstChildGroupName, secondChildGroupName, firstChildGroupResource), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists(parentGroupResource), testAccCheckKeycloakGroupExists(firstChildGroupResource), @@ -189,22 +191,22 @@ func runTestNestedGroup(t *testing.T, realmName, parentGroupName, firstChildGrou ResourceName: parentGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, { ResourceName: firstChildGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, { ResourceName: secondChildGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, { - Config: testKeycloakGroup_nested(realmName, parentGroupName, firstChildGroupName, secondChildGroupName, parentGroupResource), + Config: testKeycloakGroup_nested(parentGroupName, firstChildGroupName, secondChildGroupName, parentGroupResource), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists(parentGroupResource), testAccCheckKeycloakGroupExists(firstChildGroupResource), @@ -219,25 +221,27 @@ func runTestNestedGroup(t *testing.T, realmName, parentGroupName, firstChildGrou ResourceName: parentGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, { ResourceName: firstChildGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, { ResourceName: secondChildGroupResource, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakGroup_unsetOptionalAttributes(t *testing.T) { + t.Parallel() + attributeName := "terraform-attribute-" + acctest.RandString(10) groupWithOptionalAttributes := &keycloak.Group{ RealmId: "terraform-" + acctest.RandString(10), @@ -255,14 +259,14 @@ func TestAccKeycloakGroup_unsetOptionalAttributes(t *testing.T) { resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakUserDestroy(), + CheckDestroy: testAccCheckKeycloakGroupDestroy(), Steps: []resource.TestStep{ { Config: testKeycloakGroup_fromInterface(groupWithOptionalAttributes), Check: testAccCheckKeycloakGroupExists(resourceName), }, { - Config: testKeycloakGroup_basic(groupWithOptionalAttributes.RealmId, groupWithOptionalAttributes.Name, attributeName, strings.Join(groupWithOptionalAttributes.Attributes[attributeName], "")), + Config: testKeycloakGroup_basic(groupWithOptionalAttributes.Name, attributeName, strings.Join(groupWithOptionalAttributes.Attributes[attributeName], "")), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "name", groupWithOptionalAttributes.Name), @@ -322,8 +326,6 @@ func testAccCheckKeycloakGroupDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - group, _ := keycloakClient.GetGroup(realm, id) if group != nil { return fmt.Errorf("group with id %s still exists", id) @@ -335,8 +337,6 @@ func testAccCheckKeycloakGroupDestroy() resource.TestCheckFunc { } func getGroupFromState(s *terraform.State, resourceName string) (*keycloak.Group, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -353,90 +353,90 @@ func getGroupFromState(s *terraform.State, resourceName string) (*keycloak.Group return group, nil } -func testKeycloakGroup_basic(realm, group string, attributeName string, attributeValue string) string { +func testKeycloakGroup_basic(group string, attributeName string, attributeValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id attributes = { "%s" = "%s" } } - `, realm, group, attributeName, attributeValue) + `, testAccRealm.Realm, group, attributeName, attributeValue) } -func testKeycloakGroup_updateRealmBefore(realmOne, realmTwo, group string) string { +func testKeycloakGroup_updateRealmBefore(group string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id } - `, realmOne, realmTwo, group) + `, testAccRealm.Realm, testAccRealmTwo.Realm, group) } -func testKeycloakGroup_updateRealmAfter(realmOne, realmTwo, group string) string { +func testKeycloakGroup_updateRealmAfter(group string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_group" "group" { name = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id } - `, realmOne, realmTwo, group) + `, testAccRealm.Realm, testAccRealmTwo.Realm, group) } -func testKeycloakGroup_nested(realm, parentGroup, firstChildGroup, secondChildGroup, secondChildGroupParent string) string { +func testKeycloakGroup_nested(parentGroup, firstChildGroup, secondChildGroup, secondChildGroupParent string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "parent_group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_group" "first_child_group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - parent_id = "${keycloak_group.parent_group.id}" + realm_id = data.keycloak_realm.realm.id + parent_id = keycloak_group.parent_group.id } resource "keycloak_group" "second_child_group" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - parent_id = "${%s.id}" + realm_id = data.keycloak_realm.realm.id + parent_id = %s.id } - `, realm, parentGroup, firstChildGroup, secondChildGroup, secondChildGroupParent) + `, testAccRealm.Realm, parentGroup, firstChildGroup, secondChildGroup, secondChildGroupParent) } func testKeycloakGroup_fromInterface(group *keycloak.Group) string { return fmt.Sprintf(` - resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { - realm_id = "${keycloak_realm.realm.id}" - name = "%s" + realm_id = data.keycloak_realm.realm.id + name = "%s" } - `, group.RealmId, group.Name) + `, testAccRealm.Realm, group.Name) } diff --git a/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go b/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go index 08a9c820..c5e7197d 100644 --- a/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) attributeName := "terraform-" + acctest.RandString(10) @@ -24,7 +24,7 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basic(t *testing.T) CheckDestroy: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(realmName, alias, mapperName, attributeName, attributeValue, userSession), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(alias, mapperName, attributeName, attributeValue, userSession), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basic(t *testing.T) } func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) attributeName := "terraform-" + acctest.RandString(10) @@ -46,7 +46,7 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(t * CheckDestroy: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, attributeName, attributeValue, userSession, syncMode), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(alias, mapperName, attributeName, attributeValue, userSession, syncMode), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), }, }, @@ -54,9 +54,9 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(t * } func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) attributeName := "terraform-" + acctest.RandString(10) @@ -69,19 +69,17 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_createAfterManualDe CheckDestroy: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(realmName, alias, mapperName, attributeName, attributeValue, userSession), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(alias, mapperName, attributeName, attributeValue, userSession), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperFetch("keycloak_hardcoded_attribute_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(realmName, alias, mapperName, attributeName, attributeValue, userSession), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(alias, mapperName, attributeName, attributeValue, userSession), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), }, }, @@ -89,9 +87,9 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_createAfterManualDe } func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) attributeName := "terraform-" + acctest.RandString(10) @@ -105,63 +103,30 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig_cre CheckDestroy: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, attributeName, attributeValue, userSession, syncMode), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(alias, mapperName, attributeName, attributeValue, userSession, syncMode), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperFetch("keycloak_hardcoded_attribute_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(realmName, alias, mapperName, attributeName, attributeValue, userSession), + Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(alias, mapperName, attributeName, attributeValue, userSession), Check: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), }, }, }) } -func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - attributeName := "terraform-" + acctest.RandString(10) - attributeValue := "terraform-" + acctest.RandString(10) - userSession := randomBool() - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(firstRealm, alias, mapperName, attributeName, attributeValue, userSession), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_hardcoded_attribute_identity_provider_mapper.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakHardcodedAttributeIdentityProviderMapper_basic(secondRealm, alias, mapperName, attributeName, attributeValue, userSession), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperExists("keycloak_hardcoded_attribute_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_hardcoded_attribute_identity_provider_mapper.oidc", "realm", secondRealm), - ), - }, - }, - }) -} func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() identityProviderAliasName := "terraform-" + acctest.RandString(10) userSession := randomBool() firstMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), IdentityProviderMapper: getHardcodedAttributeIdentityProviderMapperType(userSession), @@ -172,7 +137,7 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basicUpdateAll(t *t } secondMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), IdentityProviderMapper: getHardcodedAttributeIdentityProviderMapperType(!userSession), @@ -236,8 +201,6 @@ func testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy() resou alias := rs.Primary.Attributes["identity_provider_alias"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - mapper, _ := keycloakClient.GetIdentityProviderMapper(realm, alias, id) if mapper != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -249,8 +212,6 @@ func testAccCheckKeycloakHardcodedAttributeIdentityProviderMapperDestroy() resou } func getKeycloakHardcodedAttributeIdentityProviderMapperFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -268,14 +229,14 @@ func getKeycloakHardcodedAttributeIdentityProviderMapperFromState(s *terraform.S return mapper, nil } -func testKeycloakHardcodedAttributeIdentityProviderMapper_basic(realm, alias, name, attributeName, attributeValue string, userSession bool) string { +func testKeycloakHardcodedAttributeIdentityProviderMapper_basic(alias, name, attributeName, attributeValue string, userSession bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -284,24 +245,24 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_hardcoded_attribute_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias attribute_name = "%s" attribute_value = "%s" user_session = %t } - `, realm, alias, name, attributeName, attributeValue, userSession) + `, testAccRealm.Realm, alias, name, attributeName, attributeValue, userSession) } -func testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(realm, alias, name, attributeName, attributeValue string, userSession bool, syncMode string) string { +func testKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(alias, name, attributeName, attributeValue string, userSession bool, syncMode string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -310,9 +271,9 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_hardcoded_attribute_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias attribute_name = "%s" attribute_value = "%s" user_session = %t @@ -320,28 +281,28 @@ resource keycloak_hardcoded_attribute_identity_provider_mapper oidc { syncMode = "%s" } } - `, realm, alias, name, attributeName, attributeValue, userSession, syncMode) + `, testAccRealm.Realm, alias, name, attributeName, attributeValue, userSession, syncMode) } func testKeycloakHardcodedAttributeIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper, userSession bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_identity_provider" "saml" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" single_sign_on_service_url = "https://example.com/auth" } resource keycloak_hardcoded_attribute_identity_provider_mapper saml { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_saml_identity_provider.saml.alias}" + identity_provider_alias = keycloak_saml_identity_provider.saml.alias attribute_name = "%s" attribute_value = "%s" user_session = %t } - `, mapper.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Attribute, mapper.Config.AttributeValue, userSession) + `, testAccRealm.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Attribute, mapper.Config.AttributeValue, userSession) } diff --git a/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go b/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go index 4aab7645..1477dd75 100644 --- a/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -22,7 +23,7 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(alias, mapperName, role), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), }, }, @@ -30,7 +31,8 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basic(t *testing.T) { } func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -42,7 +44,7 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(t *testi CheckDestroy: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, role, syncMode), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(alias, mapperName, role, syncMode), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), }, }, @@ -50,9 +52,10 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(t *testi } func TestAccKeycloakHardcodedRoleIdentityProviderMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -63,19 +66,17 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_createAfterManualDestroy CheckDestroy: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(alias, mapperName, role), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperFetch("keycloak_hardcoded_role_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(alias, mapperName, role), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), }, }, @@ -83,9 +84,10 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_createAfterManualDestroy } func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) role := "terraform-" + acctest.RandString(10) @@ -97,61 +99,30 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig_createAf CheckDestroy: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, role, syncMode), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(alias, mapperName, role, syncMode), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperFetch("keycloak_hardcoded_role_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(realmName, alias, mapperName, role), + Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(alias, mapperName, role), Check: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), }, }, }) } -func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(firstRealm, alias, mapperName, role), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_hardcoded_role_identity_provider_mapper.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakHardcodedRoleIdentityProviderMapper_basic(secondRealm, alias, mapperName, role), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakHardcodedRoleIdentityProviderMapperExists("keycloak_hardcoded_role_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_hardcoded_role_identity_provider_mapper.oidc", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + identityProviderAliasName := "terraform-" + acctest.RandString(10) firstMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -160,7 +131,7 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basicUpdateAll(t *testin } secondMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -222,8 +193,6 @@ func testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy() resource.T alias := rs.Primary.Attributes["identity_provider_alias"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - mapper, _ := keycloakClient.GetIdentityProviderMapper(realm, alias, id) if mapper != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -235,8 +204,6 @@ func testAccCheckKeycloakHardcodedRoleIdentityProviderMapperDestroy() resource.T } func getKeycloakHardcodedRoleIdentityProviderMapperFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -254,14 +221,14 @@ func getKeycloakHardcodedRoleIdentityProviderMapperFromState(s *terraform.State, return mapper, nil } -func testKeycloakHardcodedRoleIdentityProviderMapper_basic(realm, alias, name, role string) string { +func testKeycloakHardcodedRoleIdentityProviderMapper_basic(alias, name, role string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -270,22 +237,22 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_hardcoded_role_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias role = "%s" } - `, realm, alias, name, role) + `, testAccRealm.Realm, alias, name, role) } -func testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(realm, alias, name, role, syncMode string) string { +func testKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(alias, name, role, syncMode string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -294,34 +261,34 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_hardcoded_role_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" + identity_provider_alias = keycloak_oidc_identity_provider.oidc.alias role = "%s" extra_config = { syncMode = "%s" } } - `, realm, alias, name, role, syncMode) + `, testAccRealm.Realm, alias, name, role, syncMode) } func testKeycloakHardcodedRoleIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_identity_provider" "saml" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" single_sign_on_service_url = "https://example.com/auth" } resource keycloak_hardcoded_role_identity_provider_mapper saml { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" - identity_provider_alias = "${keycloak_saml_identity_provider.saml.alias}" + identity_provider_alias = keycloak_saml_identity_provider.saml.alias role = "%s" } - `, mapper.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Role) + `, testAccRealm.Realm, mapper.IdentityProviderAlias, mapper.Name, mapper.Config.Role) } diff --git a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go index 52cd8f01..028f4b60 100644 --- a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go +++ b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go @@ -11,9 +11,9 @@ import ( ) func TestAccKeycloakIdpTokenExchangeScopePermission_basic(t *testing.T) { - realmName := "tf_token_exchange-" + acctest.RandString(10) - providerAlias := "tf-" + acctest.RandString(10) - webappClientId := "tf-" + acctest.RandString(10) + providerAlias := acctest.RandomWithPrefix("tf-acc") + providerClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -21,7 +21,7 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionExists("keycloak_identity_provider_token_exchange_scope_permission.my_permission"), }, }, @@ -31,9 +31,9 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_basic(t *testing.T) { func TestAccKeycloakIdpTokenExchangeScopePermission_createAfterManualDestroy(t *testing.T) { var idpPermissions = &keycloak.IdentityProviderPermissions{} - realmName := "tf_token_exchange-" + acctest.RandString(10) - providerAlias := "tf-" + acctest.RandString(10) - webappClientId := "tf-" + acctest.RandString(10) + providerAlias := acctest.RandomWithPrefix("tf-acc") + providerClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -41,7 +41,7 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_createAfterManualDestroy(t * CheckDestroy: testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakIdpTokenExchangeScopePermissionExists("keycloak_identity_provider_token_exchange_scope_permission.my_permission"), testAccCheckKeycloakIdpPermissionFetch("keycloak_identity_provider_token_exchange_scope_permission.my_permission", idpPermissions), @@ -49,13 +49,12 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_createAfterManualDestroy(t * }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) err := keycloakClient.DisableIdentityProviderPermissions(idpPermissions.RealmId, idpPermissions.ProviderAlias) if err != nil { t.Fatal(err) } }, - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionExists("keycloak_identity_provider_token_exchange_scope_permission.my_permission"), }, }, @@ -63,9 +62,9 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_createAfterManualDestroy(t * } func TestAccKeycloakIdpTokenExchangeScopePermission_import(t *testing.T) { - realmName := "tf_token_exchange-" + acctest.RandString(10) - providerAlias := "tf-" + acctest.RandString(10) - webappClientId := "tf-" + acctest.RandString(10) + providerAlias := acctest.RandomWithPrefix("tf-acc") + providerClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -73,7 +72,7 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_import(t *testing.T) { CheckDestroy: testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionExists("keycloak_identity_provider_token_exchange_scope_permission.my_permission"), }, { @@ -87,10 +86,10 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_import(t *testing.T) { } func TestAccKeycloakIdpTokenExchangeScopePermission_updatePolicyMultipleClients(t *testing.T) { - realmName := "tf_token_exchange-" + acctest.RandString(10) - providerAlias := "tf-" + acctest.RandString(10) - webappClientId := "tf-" + acctest.RandString(10) - webappClientId2 := "tf-" + acctest.RandString(10) + providerAlias := acctest.RandomWithPrefix("tf-acc") + providerClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId2 := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -98,22 +97,22 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_updatePolicyMultipleClients( CheckDestroy: testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId), }, { - Config: testKeycloakIdpTokenExchangeScopePermission_multipleClients(realmName, providerAlias, webappClientId, webappClientId2), + Config: testKeycloakIdpTokenExchangeScopePermission_multipleClients(providerAlias, providerClientId, webappClientId, webappClientId2), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId), testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId2), ), }, { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId2), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId2), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId2), }, { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId), }, }, @@ -121,9 +120,9 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_updatePolicyMultipleClients( } func TestAccKeycloakIdpTokenExchangeScopePermission_rolePolicy(t *testing.T) { - realmName := "tf_token_exchange-" + acctest.RandString(10) - providerAlias := "tf-" + acctest.RandString(10) - webappClientId := "tf-" + acctest.RandString(10) + providerAlias := acctest.RandomWithPrefix("tf-acc") + providerClientId := acctest.RandomWithPrefix("tf-acc") + webappClientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -131,7 +130,7 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_rolePolicy(t *testing.T) { CheckDestroy: testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakIdpTokenExchangeScopePermission_rolePolicy(realmName, providerAlias, webappClientId), + Config: testKeycloakIdpTokenExchangeScopePermission_rolePolicy(providerAlias, providerClientId, webappClientId), ExpectError: regexp.MustCompile(".*expected policy_type to be one of.*"), }, }, @@ -152,7 +151,6 @@ func testAccCheckKeycloakIdpTokenExchangeScopePermissionDestroy() resource.TestC authorizationIdpResourceId := rs.Primary.Attributes["authorization_idp_resource_id"] authorizationTokenExchangeScopePermissionId := rs.Primary.Attributes["authorization_token_exchange_scope_permission_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) permissions, _ := keycloakClient.GetIdentityProviderPermissions(realmId, providerAlias) if permissions != nil { return fmt.Errorf("idp permissions for realm id %s and provider alias %s still exists", realmId, providerAlias) @@ -308,8 +306,6 @@ func testAccCheckKeycloakIdpPermissionFetch(resourceName string, idpPermissions } func getIdpPermissionsFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderPermissions, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -326,122 +322,129 @@ func getIdpPermissionsFromState(s *terraform.State, resourceName string) (*keycl return permissions, nil } -func testKeycloakIdpTokenExchangeScopePermission_basic(realmId, providerAlias, webappClientId string) string { +func testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "my_idp" { - realm = keycloak_realm.realm.id - alias = "%s" - authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" - token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" - client_id = "clientid" - client_secret = "secret" + realm = data.keycloak_realm.realm.id + alias = "%s" + authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" + token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" + client_id = "%s" + client_secret = "secret" } resource "keycloak_openid_client" "webapp_client" { - realm_id = keycloak_realm.realm.id - name = "webapp_client" - client_id = "%s" - client_secret = "secret" - access_type = "CONFIDENTIAL" - standard_flow_enabled = true - valid_redirect_uris = [ - "http://localhost:8080/*", - ] + realm_id = data.keycloak_realm.realm.id + name = "webapp_client" + client_id = "%s" + client_secret = "secret" + access_type = "CONFIDENTIAL" + standard_flow_enabled = true + valid_redirect_uris = [ + "http://localhost:8080/*", + ] } resource "keycloak_identity_provider_token_exchange_scope_permission" "my_permission" { - realm_id = keycloak_realm.realm.id - provider_alias = keycloak_oidc_identity_provider.my_idp.alias - policy_type = "client" - clients = [keycloak_openid_client.webapp_client.id] + realm_id = data.keycloak_realm.realm.id + provider_alias = keycloak_oidc_identity_provider.my_idp.alias + policy_type = "client" + clients = [ + keycloak_openid_client.webapp_client.id + ] } - `, realmId, providerAlias, webappClientId) + `, testAccRealm.Realm, providerAlias, providerClientId, webappClientId) } -func testKeycloakIdpTokenExchangeScopePermission_multipleClients(realmId, providerAlias, webappClientId, webappClientId2 string) string { +func testKeycloakIdpTokenExchangeScopePermission_multipleClients(providerAlias, providerClientId, webappClientId, webappClientId2 string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "my_idp" { - realm = keycloak_realm.realm.id - alias = "%s" - authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" - token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" - client_id = "clientid" - client_secret = "secret" + realm = data.keycloak_realm.realm.id + alias = "%s" + authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" + token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" + client_id = "%s" + client_secret = "secret" } resource "keycloak_openid_client" "webapp_client" { - realm_id = keycloak_realm.realm.id - name = "webapp_client" - client_id = "%s" - client_secret = "secret" - access_type = "CONFIDENTIAL" - standard_flow_enabled = true - valid_redirect_uris = [ - "http://localhost:8080/*", - ] + realm_id = data.keycloak_realm.realm.id + name = "webapp_client" + client_id = "%s" + client_secret = "secret" + access_type = "CONFIDENTIAL" + standard_flow_enabled = true + valid_redirect_uris = [ + "http://localhost:8080/*", + ] } resource "keycloak_openid_client" "webapp_client2" { - realm_id = keycloak_realm.realm.id - name = "webapp_client" - client_id = "%s" - client_secret = "secret" - access_type = "CONFIDENTIAL" - standard_flow_enabled = true - valid_redirect_uris = [ - "http://localhost:8080/*", - ] + realm_id = data.keycloak_realm.realm.id + name = "webapp_client" + client_id = "%s" + client_secret = "secret" + access_type = "CONFIDENTIAL" + standard_flow_enabled = true + valid_redirect_uris = [ + "http://localhost:8080/*", + ] } resource "keycloak_identity_provider_token_exchange_scope_permission" "my_permission" { - realm_id = keycloak_realm.realm.id - provider_alias = keycloak_oidc_identity_provider.my_idp.alias - policy_type = "client" - clients = [keycloak_openid_client.webapp_client.id, keycloak_openid_client.webapp_client2.id] + realm_id = data.keycloak_realm.realm.id + provider_alias = keycloak_oidc_identity_provider.my_idp.alias + policy_type = "client" + clients = [ + keycloak_openid_client.webapp_client.id, + keycloak_openid_client.webapp_client2.id, + ] } - `, realmId, providerAlias, webappClientId, webappClientId2) + `, testAccRealm.Realm, providerAlias, providerClientId, webappClientId, webappClientId2) } -func testKeycloakIdpTokenExchangeScopePermission_rolePolicy(realmId, providerAlias, webappClientId string) string { +func testKeycloakIdpTokenExchangeScopePermission_rolePolicy(providerAlias, providerClientId, webappClientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "my_idp" { - realm = keycloak_realm.realm.id - alias = "%s" - authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" - token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" - client_id = "clientid" - client_secret = "secret" + realm = data.keycloak_realm.realm.id + alias = "%s" + authorization_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/auth" + token_url = "http://localhost:8080/auth/realms/something/protocol/openid-connect/token" + client_id = "%s" + client_secret = "secret" } resource "keycloak_openid_client" "webapp_client" { - realm_id = keycloak_realm.realm.id - name = "webapp_client" - client_id = "%s" - client_secret = "secret" - access_type = "CONFIDENTIAL" - standard_flow_enabled = true - valid_redirect_uris = [ - "http://localhost:8080/*", - ] + realm_id = data.keycloak_realm.realm.id + name = "webapp_client" + client_id = "%s" + client_secret = "secret" + access_type = "CONFIDENTIAL" + standard_flow_enabled = true + valid_redirect_uris = [ + "http://localhost:8080/*", + ] } resource "keycloak_identity_provider_token_exchange_scope_permission" "my_permission" { - realm_id = keycloak_realm.realm.id - provider_alias = keycloak_oidc_identity_provider.my_idp.alias - policy_type = "role" - clients = [keycloak_openid_client.webapp_client.id] + realm_id = data.keycloak_realm.realm.id + provider_alias = keycloak_oidc_identity_provider.my_idp.alias + policy_type = "role" + clients = [ + keycloak_openid_client.webapp_client.id + ] } - `, realmId, providerAlias, webappClientId) + `, testAccRealm.Realm, providerAlias, providerClientId, webappClientId) } diff --git a/provider/resource_keycloak_ldap_full_name_mapper_test.go b/provider/resource_keycloak_ldap_full_name_mapper_test.go index d7819312..54530012 100644 --- a/provider/resource_keycloak_ldap_full_name_mapper_test.go +++ b/provider/resource_keycloak_ldap_full_name_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakLdapFullNameMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + fullNameMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +21,7 @@ func TestAccKeycloakLdapFullNameMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapFullNameMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapFullNameMapper_basic(realmName, fullNameMapperName), + Config: testKeycloakLdapFullNameMapper_basic(fullNameMapperName), Check: testAccCheckKeycloakLdapFullNameMapperExists("keycloak_ldap_full_name_mapper.full_name_mapper"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakLdapFullNameMapper_basic(t *testing.T) { } func TestAccKeycloakLdapFullNameMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapFullNameMapper{} - realmName := "terraform-" + acctest.RandString(10) fullNameMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,19 +47,17 @@ func TestAccKeycloakLdapFullNameMapper_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapFullNameMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapFullNameMapper_basic(realmName, fullNameMapperName), + Config: testKeycloakLdapFullNameMapper_basic(fullNameMapperName), Check: testAccCheckKeycloakLdapFullNameMapperFetch("keycloak_ldap_full_name_mapper.full_name_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapFullNameMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapFullNameMapper_basic(realmName, fullNameMapperName), + Config: testKeycloakLdapFullNameMapper_basic(fullNameMapperName), Check: testAccCheckKeycloakLdapFullNameMapperFetch("keycloak_ldap_full_name_mapper.full_name_mapper", mapper), }, }, @@ -65,7 +65,7 @@ func TestAccKeycloakLdapFullNameMapper_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakLdapFullNameMapper_readWriteValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapper := &keycloak.LdapFullNameMapper{ LdapFullNameAttribute: "terraform-" + acctest.RandString(10), @@ -79,7 +79,7 @@ func TestAccKeycloakLdapFullNameMapper_readWriteValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapFullNameMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapFullNameMapper_basicFromInterface(realmName, mapper), + Config: testKeycloakLdapFullNameMapper_basicFromInterface(mapper), ExpectError: regexp.MustCompile("validation error: ldap full name mapper cannot be both read only and write only"), }, }, @@ -88,7 +88,8 @@ func TestAccKeycloakLdapFullNameMapper_readWriteValidation(t *testing.T) { // write_only can't be set to true if the user federation provider is not writable func TestAccKeycloakLdapFullNameMapper_writableValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + mapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -97,11 +98,11 @@ func TestAccKeycloakLdapFullNameMapper_writableValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapFullNameMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapFullNameMapper_writableInvalid(realmName, mapperName), + Config: testKeycloakLdapFullNameMapper_writableInvalid(mapperName), ExpectError: regexp.MustCompile("validation error: ldap full name mapper cannot be write only when ldap provider is not writable"), }, { - Config: testKeycloakLdapFullNameMapper_writableValid(realmName, mapperName), + Config: testKeycloakLdapFullNameMapper_writableValid(mapperName), Check: testAccCheckKeycloakLdapFullNameMapperExists("keycloak_ldap_full_name_mapper.full_name_mapper"), }, }, @@ -109,8 +110,8 @@ func TestAccKeycloakLdapFullNameMapper_writableValidation(t *testing.T) { } func TestAccKeycloakLdapFullNameMapper_updateLdapUserFederation(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + mapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -119,11 +120,11 @@ func TestAccKeycloakLdapFullNameMapper_updateLdapUserFederation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapFullNameMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapFullNameMapper_updateLdapUserFederationBefore(realmOne, realmTwo, mapperName), + Config: testKeycloakLdapFullNameMapper_updateLdapUserFederationBefore(mapperName), Check: testAccCheckKeycloakLdapFullNameMapperExists("keycloak_ldap_full_name_mapper.full_name_mapper"), }, { - Config: testKeycloakLdapFullNameMapper_updateLdapUserFederationAfter(realmOne, realmTwo, mapperName), + Config: testKeycloakLdapFullNameMapper_updateLdapUserFederationAfter(mapperName), Check: testAccCheckKeycloakLdapFullNameMapperExists("keycloak_ldap_full_name_mapper.full_name_mapper"), }, }, @@ -165,8 +166,6 @@ func testAccCheckKeycloakLdapFullNameMapperDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapFullNameMapper, _ := keycloakClient.GetLdapFullNameMapper(realm, id) if ldapFullNameMapper != nil { return fmt.Errorf("ldap full name mapper with id %s still exists", id) @@ -178,8 +177,6 @@ func testAccCheckKeycloakLdapFullNameMapperDestroy() resource.TestCheckFunc { } func getLdapFullNameMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapFullNameMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -211,17 +208,17 @@ func getLdapGenericMapperImportId(resourceName string) resource.ImportStateIdFun } } -func testKeycloakLdapFullNameMapper_basic(realm, mapperName string) string { +func testKeycloakLdapFullNameMapper_basic(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { - name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm.id - enabled = true + enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -238,25 +235,25 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id ldap_full_name_attribute = "cn" } - `, realm, mapperName) + `, testAccRealmUserFederation.Realm, mapperName) } -func testKeycloakLdapFullNameMapper_basicFromInterface(realm string, mapper *keycloak.LdapFullNameMapper) string { +func testKeycloakLdapFullNameMapper_basicFromInterface(mapper *keycloak.LdapFullNameMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { - name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm.id - enabled = true + enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -272,32 +269,32 @@ resource "keycloak_ldap_user_federation" "openldap" { } resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" + name = "%s" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id ldap_full_name_attribute = "%s" read_only = %t write_only = %t } - `, realm, mapper.Name, mapper.LdapFullNameAttribute, mapper.ReadOnly, mapper.WriteOnly) + `, testAccRealmUserFederation.Realm, mapper.Name, mapper.LdapFullNameAttribute, mapper.ReadOnly, mapper.WriteOnly) } -func testKeycloakLdapFullNameMapper_updateLdapUserFederationBefore(realmOne, realmTwo, mapperName string) string { +func testKeycloakLdapFullNameMapper_updateLdapUserFederationBefore(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { - name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm_one.id - enabled = true + enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -313,10 +310,10 @@ resource "keycloak_ldap_user_federation" "openldap_one" { } resource "keycloak_ldap_user_federation" "openldap_two" { - name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm_two.id - enabled = true + enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -332,30 +329,30 @@ resource "keycloak_ldap_user_federation" "openldap_two" { } resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { - name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" + name = "%s" + realm_id = data.keycloak_realm.realm_one.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap_one.id ldap_full_name_attribute = "cn" } - `, realmOne, realmTwo, mapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, mapperName) } -func testKeycloakLdapFullNameMapper_updateLdapUserFederationAfter(realmOne, realmTwo, mapperName string) string { +func testKeycloakLdapFullNameMapper_updateLdapUserFederationAfter(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { - name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm_one.id - enabled = true + enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -371,8 +368,8 @@ resource "keycloak_ldap_user_federation" "openldap_one" { } resource "keycloak_ldap_user_federation" "openldap_two" { - name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -390,27 +387,27 @@ resource "keycloak_ldap_user_federation" "openldap_two" { } resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { - name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" + name = "%s" + realm_id = data.keycloak_realm.realm_two.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap_two.id ldap_full_name_attribute = "cn" } - `, realmOne, realmTwo, mapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, mapperName) } -func testKeycloakLdapFullNameMapper_writableInvalid(realm, mapperName string) string { +func testKeycloakLdapFullNameMapper_writableInvalid(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { - name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm.id - enabled = true - edit_mode = "READ_ONLY" + enabled = true + edit_mode = "READ_ONLY" username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -426,28 +423,28 @@ resource "keycloak_ldap_user_federation" "openldap" { } resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" + name = "%s" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id ldap_full_name_attribute = "cn" write_only = true } - `, realm, mapperName) + `, testAccRealmUserFederation.Realm, mapperName) } -func testKeycloakLdapFullNameMapper_writableValid(realm, mapperName string) string { +func testKeycloakLdapFullNameMapper_writableValid(mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { - name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + name = "openldap" + realm_id = data.keycloak_realm.realm.id - enabled = true - edit_mode = "WRITABLE" + enabled = true + edit_mode = "WRITABLE" username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -463,12 +460,12 @@ resource "keycloak_ldap_user_federation" "openldap" { } resource "keycloak_ldap_full_name_mapper" "full_name_mapper" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" + name = "%s" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id ldap_full_name_attribute = "cn" write_only = true } - `, realm, mapperName) + `, testAccRealmUserFederation.Realm, mapperName) } diff --git a/provider/resource_keycloak_ldap_group_mapper_test.go b/provider/resource_keycloak_ldap_group_mapper_test.go index f198854b..a7330491 100644 --- a/provider/resource_keycloak_ldap_group_mapper_test.go +++ b/provider/resource_keycloak_ldap_group_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakLdapGroupMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +21,7 @@ func TestAccKeycloakLdapGroupMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basic(realmName, groupMapperName), + Config: testKeycloakLdapGroupMapper_basic(groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakLdapGroupMapper_basic(t *testing.T) { } func TestAccKeycloakLdapGroupMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapGroupMapper{} - realmName := "terraform-" + acctest.RandString(10) groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,19 +47,18 @@ func TestAccKeycloakLdapGroupMapper_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basic(realmName, groupMapperName), + Config: testKeycloakLdapGroupMapper_basic(groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperFetch("keycloak_ldap_group_mapper.group_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) err := keycloakClient.DeleteLdapGroupMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapGroupMapper_basic(realmName, groupMapperName), + Config: testKeycloakLdapGroupMapper_basic(groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -65,7 +66,8 @@ func TestAccKeycloakLdapGroupMapper_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakLdapGroupMapper_modeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) mode := randomStringInSlice(keycloakLdapGroupMapperModes) @@ -75,11 +77,11 @@ func TestAccKeycloakLdapGroupMapper_modeValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "mode", acctest.RandString(10)), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "mode", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected mode to be one of .+ got .+"), }, { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "mode", mode), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "mode", mode), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -87,7 +89,8 @@ func TestAccKeycloakLdapGroupMapper_modeValidation(t *testing.T) { } func TestAccKeycloakLdapGroupMapper_membershipAttributeTypeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) membershipAttributeType := randomStringInSlice(keycloakLdapGroupMapperMembershipAttributeTypes) @@ -97,11 +100,11 @@ func TestAccKeycloakLdapGroupMapper_membershipAttributeTypeValidation(t *testing CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "membership_attribute_type", acctest.RandString(10)), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "membership_attribute_type", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected membership_attribute_type to be one of .+ got .+"), }, { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "membership_attribute_type", membershipAttributeType), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "membership_attribute_type", membershipAttributeType), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -109,7 +112,8 @@ func TestAccKeycloakLdapGroupMapper_membershipAttributeTypeValidation(t *testing } func TestAccKeycloakLdapGroupMapper_userRolesRetrieveStrategyValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) userRolesRetrieveStrategy := randomStringInSlice(keycloakLdapGroupMapperUserRolesRetrieveStrategies) @@ -119,11 +123,11 @@ func TestAccKeycloakLdapGroupMapper_userRolesRetrieveStrategyValidation(t *testi CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "user_roles_retrieve_strategy", acctest.RandString(10)), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "user_roles_retrieve_strategy", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected user_roles_retrieve_strategy to be one of .+ got .+"), }, { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "user_roles_retrieve_strategy", userRolesRetrieveStrategy), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "user_roles_retrieve_strategy", userRolesRetrieveStrategy), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -131,7 +135,8 @@ func TestAccKeycloakLdapGroupMapper_userRolesRetrieveStrategyValidation(t *testi } func TestAccKeycloakLdapGroupMapper_groupsLdapFilterValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) groupsLdapFilter := "(" + acctest.RandString(10) + ")" @@ -141,11 +146,11 @@ func TestAccKeycloakLdapGroupMapper_groupsLdapFilterValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "groups_ldap_filter", acctest.RandString(10)), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "groups_ldap_filter", acctest.RandString(10)), ExpectError: regexp.MustCompile(`validation error: groups ldap filter must start with '\(' and end with '\)'`), }, { - Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(realmName, groupMapperName, "groups_ldap_filter", groupsLdapFilter), + Config: testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, "groups_ldap_filter", groupsLdapFilter), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -153,7 +158,8 @@ func TestAccKeycloakLdapGroupMapper_groupsLdapFilterValidation(t *testing.T) { } func TestAccKeycloakLdapGroupMapper_groupInheritanceValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -162,7 +168,7 @@ func TestAccKeycloakLdapGroupMapper_groupInheritanceValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_groupInheritanceValidation(realmName, groupMapperName), + Config: testKeycloakLdapGroupMapper_groupInheritanceValidation(groupMapperName), ExpectError: regexp.MustCompile("validation error: group inheritance cannot be preserved while membership attribute type is UID"), }, }, @@ -170,8 +176,8 @@ func TestAccKeycloakLdapGroupMapper_groupInheritanceValidation(t *testing.T) { } func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationForceNew(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -180,11 +186,11 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationForceNew(t *testing. CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_updateLdapUserFederationBefore(realmOne, realmTwo, groupMapperName), + Config: testKeycloakLdapGroupMapper_updateLdapUserFederationBefore(groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, { - Config: testKeycloakLdapGroupMapper_updateLdapUserFederationAfter(realmOne, realmTwo, groupMapperName), + Config: testKeycloakLdapGroupMapper_updateLdapUserFederationAfter(groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -192,14 +198,15 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationForceNew(t *testing. } func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationInPlace(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() + preserveGroupInheritance := true ignoreMissingGroups := randomBool() dropNonExistingGroupsDuringSync := randomBool() groupMapperOne := &keycloak.LdapGroupMapper{ Name: acctest.RandString(10), - RealmId: realm, + RealmId: testAccRealmUserFederation.Realm, LdapGroupsDn: acctest.RandString(10), GroupNameLdapAttribute: acctest.RandString(10), GroupObjectClasses: []string{acctest.RandString(10), acctest.RandString(10)}, @@ -218,7 +225,7 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationInPlace(t *testing.T groupMapperTwo := &keycloak.LdapGroupMapper{ Name: acctest.RandString(10), - RealmId: realm, + RealmId: testAccRealmUserFederation.Realm, LdapGroupsDn: acctest.RandString(10), GroupNameLdapAttribute: acctest.RandString(10), GroupObjectClasses: []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)}, @@ -241,11 +248,11 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationInPlace(t *testing.T CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_basicFromInterface(realm, groupMapperOne), + Config: testKeycloakLdapGroupMapper_basicFromInterface(groupMapperOne), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, { - Config: testKeycloakLdapGroupMapper_basicFromInterface(realm, groupMapperTwo), + Config: testKeycloakLdapGroupMapper_basicFromInterface(groupMapperTwo), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -253,13 +260,12 @@ func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationInPlace(t *testing.T } func TestAccKeycloakLdapGroupMapper_groupsPath(t *testing.T) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + t.Parallel() if !keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_11) { t.Skip() } - realmName := "terraform-" + acctest.RandString(10) groupName := "terraform-" + acctest.RandString(10) groupMapperName := "terraform-" + acctest.RandString(10) @@ -269,7 +275,7 @@ func TestAccKeycloakLdapGroupMapper_groupsPath(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapGroupMapper_groupsPath(realmName, groupName, groupMapperName), + Config: testKeycloakLdapGroupMapper_groupsPath(groupName, groupMapperName), Check: testAccCheckKeycloakLdapGroupMapperExists("keycloak_ldap_group_mapper.group_mapper"), }, }, @@ -311,8 +317,6 @@ func testAccCheckKeycloakLdapGroupMapperDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapGroupMapper, _ := keycloakClient.GetLdapGroupMapper(realm, id) if ldapGroupMapper != nil { return fmt.Errorf("ldap group mapper with id %s still exists", id) @@ -324,8 +328,6 @@ func testAccCheckKeycloakLdapGroupMapperDestroy() resource.TestCheckFunc { } func getLdapGroupMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapGroupMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -342,15 +344,15 @@ func getLdapGroupMapperFromState(s *terraform.State, resourceName string) (*keyc return ldapGroupMapper, nil } -func testKeycloakLdapGroupMapper_basic(realm, groupMapperName string) string { +func testKeycloakLdapGroupMapper_basic(groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -369,7 +371,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" ldap_groups_dn = "dc=example,dc=org" @@ -382,18 +384,18 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { membership_user_ldap_attribute = "cn" memberof_ldap_attribute = "memberOf" } - `, realm, groupMapperName) + `, testAccRealmUserFederation.Realm, groupMapperName) } -func testKeycloakLdapGroupMapper_basicWithAttrValidation(realm, groupMapperName, attr, val string) string { +func testKeycloakLdapGroupMapper_basicWithAttrValidation(groupMapperName, attr, val string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -412,7 +414,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" %s = "%s" @@ -427,18 +429,18 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { memberof_ldap_attribute = "memberOf" groups_path = "/" } - `, realm, groupMapperName, attr, val) + `, testAccRealmUserFederation.Realm, groupMapperName, attr, val) } -func testKeycloakLdapGroupMapper_groupInheritanceValidation(realm, groupMapperName string) string { +func testKeycloakLdapGroupMapper_groupInheritanceValidation(groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -457,7 +459,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" membership_attribute_type = "UID" @@ -473,18 +475,18 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { memberof_ldap_attribute = "memberOf" groups_path = "/" } - `, realm, groupMapperName) + `, testAccRealmUserFederation.Realm, groupMapperName) } -func testKeycloakLdapGroupMapper_basicFromInterface(realm string, mapper *keycloak.LdapGroupMapper) string { +func testKeycloakLdapGroupMapper_basicFromInterface(mapper *keycloak.LdapGroupMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -503,7 +505,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" ldap_groups_dn = "%s" @@ -521,22 +523,22 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { mapped_group_attributes = %s drop_non_existing_groups_during_sync = %t } - `, realm, mapper.Name, mapper.LdapGroupsDn, mapper.GroupNameLdapAttribute, arrayOfStringsForTerraformResource(mapper.GroupObjectClasses), mapper.PreserveGroupInheritance, mapper.IgnoreMissingGroups, mapper.MembershipLdapAttribute, mapper.MembershipAttributeType, mapper.MembershipUserLdapAttribute, mapper.GroupsLdapFilter, mapper.Mode, mapper.UserRolesRetrieveStrategy, mapper.MemberofLdapAttribute, arrayOfStringsForTerraformResource(mapper.MappedGroupAttributes), mapper.DropNonExistingGroupsDuringSync) + `, testAccRealmUserFederation.Realm, mapper.Name, mapper.LdapGroupsDn, mapper.GroupNameLdapAttribute, arrayOfStringsForTerraformResource(mapper.GroupObjectClasses), mapper.PreserveGroupInheritance, mapper.IgnoreMissingGroups, mapper.MembershipLdapAttribute, mapper.MembershipAttributeType, mapper.MembershipUserLdapAttribute, mapper.GroupsLdapFilter, mapper.Mode, mapper.UserRolesRetrieveStrategy, mapper.MemberofLdapAttribute, arrayOfStringsForTerraformResource(mapper.MappedGroupAttributes), mapper.DropNonExistingGroupsDuringSync) } -func testKeycloakLdapGroupMapper_updateLdapUserFederationBefore(realmOne, realmTwo, groupMapperName string) string { +func testKeycloakLdapGroupMapper_updateLdapUserFederationBefore(groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -555,7 +557,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -574,7 +576,7 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" ldap_groups_dn = "dc=example,dc=org" @@ -588,22 +590,22 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { memberof_ldap_attribute = "memberOf" groups_path = "/" } - `, realmOne, realmTwo, groupMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, groupMapperName) } -func testKeycloakLdapGroupMapper_updateLdapUserFederationAfter(realmOne, realmTwo, groupMapperName string) string { +func testKeycloakLdapGroupMapper_updateLdapUserFederationAfter(groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -622,7 +624,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -641,7 +643,7 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" ldap_groups_dn = "dc=example,dc=org" @@ -654,23 +656,23 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { membership_user_ldap_attribute = "cn" memberof_ldap_attribute = "memberOf" } - `, realmOne, realmTwo, groupMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, groupMapperName) } -func testKeycloakLdapGroupMapper_groupsPath(realm, groupName, groupMapperName string) string { +func testKeycloakLdapGroupMapper_groupsPath(groupName, groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_group" "group" { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id name = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id enabled = true @@ -689,7 +691,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_group_mapper" "group_mapper" { name = "%s" - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id ldap_groups_dn = "dc=example,dc=org" @@ -704,5 +706,5 @@ resource "keycloak_ldap_group_mapper" "group_mapper" { groups_path = keycloak_group.group.path } - `, realm, groupName, groupMapperName) + `, testAccRealmUserFederation.Realm, groupName, groupMapperName) } diff --git a/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go b/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go index 6effbb07..22e4c13f 100644 --- a/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go +++ b/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakLdapHardcodedGroupMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + groupName := "terraform-" + acctest.RandString(10) groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +21,7 @@ func TestAccKeycloakLdapHardcodedGroupMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapHardcodedGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapHardcodedGroupMapper(realmName, groupMapperName), + Config: testKeycloakLdapHardcodedGroupMapper(groupName, groupMapperName), Check: testAccCheckKeycloakLdapHardcodedGroupMapperExists("keycloak_ldap_hardcoded_group_mapper.hardcoded_group_mapper"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakLdapHardcodedGroupMapper_basic(t *testing.T) { } func TestAccKeycloakLdapHardcodedGroupMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.LdapHardcodedGroupMapper{} - realmName := "terraform-" + acctest.RandString(10) + groupName := "terraform-" + acctest.RandString(10) groupMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,19 +47,17 @@ func TestAccKeycloakLdapHardcodedGroupMapper_createAfterManualDestroy(t *testing CheckDestroy: testAccCheckKeycloakLdapHardcodedGroupMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapHardcodedGroupMapper(realmName, groupMapperName), + Config: testKeycloakLdapHardcodedGroupMapper(groupName, groupMapperName), Check: testAccCheckKeycloakLdapHardcodedGroupMapperFetch("keycloak_ldap_hardcoded_group_mapper.hardcoded_group_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapHardcodedGroupMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapHardcodedGroupMapper(realmName, groupMapperName), + Config: testKeycloakLdapHardcodedGroupMapper(groupName, groupMapperName), Check: testAccCheckKeycloakLdapHardcodedGroupMapperExists("keycloak_ldap_hardcoded_group_mapper.hardcoded_group_mapper"), }, }, @@ -99,8 +99,6 @@ func testAccCheckKeycloakLdapHardcodedGroupMapperDestroy() resource.TestCheckFun id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapMapper, _ := keycloakClient.GetLdapHardcodedGroupMapper(realm, id) if ldapMapper != nil { return fmt.Errorf("ldap hardcoded group mapper with id %s still exists", id) @@ -112,8 +110,6 @@ func testAccCheckKeycloakLdapHardcodedGroupMapperDestroy() resource.TestCheckFun } func getLdapHardcodedGroupMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapHardcodedGroupMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -130,15 +126,15 @@ func getLdapHardcodedGroupMapperFromState(s *terraform.State, resourceName strin return ldapMapper, nil } -func testKeycloakLdapHardcodedGroupMapper(realm, groupMapperName string) string { +func testKeycloakLdapHardcodedGroupMapper(groupName, groupMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id enabled = true @@ -156,15 +152,15 @@ resource "keycloak_ldap_user_federation" "openldap" { } resource "keycloak_group" "hardcoded_group_mapper_test" { - realm_id = keycloak_realm.realm.id - name = "hardcoded-group-test" + realm_id = data.keycloak_realm.realm.id + name = "%s" } resource "keycloak_ldap_hardcoded_group_mapper" "hardcoded_group_mapper" { - name = "%s" - realm_id = keycloak_realm.realm.id - ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id - group = keycloak_group.hardcoded_group_mapper_test.name + name = "%s" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id + group = keycloak_group.hardcoded_group_mapper_test.name } - `, realm, groupMapperName) + `, testAccRealmUserFederation.Realm, groupName, groupMapperName) } diff --git a/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go b/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go index 3431df31..bf8a1c28 100644 --- a/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go +++ b/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakLdapHardcodedRoleMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleName := "terraform-" + acctest.RandString(10) roleMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +21,7 @@ func TestAccKeycloakLdapHardcodedRoleMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapHardcodedRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapHardcodedRoleMapper(realmName, roleMapperName), + Config: testKeycloakLdapHardcodedRoleMapper(roleName, roleMapperName), Check: testAccCheckKeycloakLdapHardcodedRoleMapperExists("keycloak_ldap_hardcoded_role_mapper.hardcoded_role_mapper"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakLdapHardcodedRoleMapper_basic(t *testing.T) { } func TestAccKeycloakLdapHardcodedRoleMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.LdapHardcodedRoleMapper{} - realmName := "terraform-" + acctest.RandString(10) + roleName := "terraform-" + acctest.RandString(10) roleMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,19 +47,17 @@ func TestAccKeycloakLdapHardcodedRoleMapper_createAfterManualDestroy(t *testing. CheckDestroy: testAccCheckKeycloakLdapHardcodedRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapHardcodedRoleMapper(realmName, roleMapperName), + Config: testKeycloakLdapHardcodedRoleMapper(roleName, roleMapperName), Check: testAccCheckKeycloakLdapHardcodedRoleMapperFetch("keycloak_ldap_hardcoded_role_mapper.hardcoded_role_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapHardcodedRoleMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapHardcodedRoleMapper(realmName, roleMapperName), + Config: testKeycloakLdapHardcodedRoleMapper(roleName, roleMapperName), Check: testAccCheckKeycloakLdapHardcodedRoleMapperExists("keycloak_ldap_hardcoded_role_mapper.hardcoded_role_mapper"), }, }, @@ -99,8 +99,6 @@ func testAccCheckKeycloakLdapHardcodedRoleMapperDestroy() resource.TestCheckFunc id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapMapper, _ := keycloakClient.GetLdapHardcodedRoleMapper(realm, id) if ldapMapper != nil { return fmt.Errorf("ldap hardcoded role mapper with id %s still exists", id) @@ -112,8 +110,6 @@ func testAccCheckKeycloakLdapHardcodedRoleMapperDestroy() resource.TestCheckFunc } func getLdapHardcodedRoleMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapHardcodedRoleMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -130,15 +126,15 @@ func getLdapHardcodedRoleMapperFromState(s *terraform.State, resourceName string return ldapMapper, nil } -func testKeycloakLdapHardcodedRoleMapper(realm, roleMapperName string) string { +func testKeycloakLdapHardcodedRoleMapper(roleName, roleMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id enabled = true @@ -156,15 +152,15 @@ resource "keycloak_ldap_user_federation" "openldap" { } resource "keycloak_role" "hardcoded_role_mapper_test" { - realm_id = keycloak_realm.realm.id - name = "hardcoded-role-test" + realm_id = data.keycloak_realm.realm.id + name = "%s" } resource "keycloak_ldap_hardcoded_role_mapper" "hardcoded_role_mapper" { name = "%s" - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id role = keycloak_role.hardcoded_role_mapper_test.name } - `, realm, roleMapperName) + `, testAccRealmUserFederation.Realm, roleName, roleMapperName) } diff --git a/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go b/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go index 33f6de18..d870bfdf 100644 --- a/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go +++ b/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go @@ -10,7 +10,8 @@ import ( ) func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + msadLdsUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,7 +20,7 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(realmName, msadLdsUacMapperName), + Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(msadLdsUacMapperName), Check: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperExists("keycloak_ldap_msad_lds_user_account_control_mapper.uac_mapper"), }, { @@ -33,9 +34,10 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_basic(t *testing.T) { } func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapMsadLdsUserAccountControlMapper{} - realmName := "terraform-" + acctest.RandString(10) msadLdsUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -44,19 +46,17 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_createAfterManualDestroy CheckDestroy: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(realmName, msadLdsUacMapperName), + Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(msadLdsUacMapperName), Check: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperFetch("keycloak_ldap_msad_lds_user_account_control_mapper.uac_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapMsadLdsUserAccountControlMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(realmName, msadLdsUacMapperName), + Config: testKeycloakLdapMsadLdsUserAccountControlMapper_basic(msadLdsUacMapperName), Check: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperExists("keycloak_ldap_msad_lds_user_account_control_mapper.uac_mapper"), }, }, @@ -64,8 +64,8 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_createAfterManualDestroy } func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederation(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + msadLdsUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -74,11 +74,11 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederation CheckDestroy: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationBefore(realmOne, realmTwo, msadLdsUacMapperName), + Config: testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationBefore(msadLdsUacMapperName), Check: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperExists("keycloak_ldap_msad_lds_user_account_control_mapper.uac_mapper"), }, { - Config: testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationAfter(realmOne, realmTwo, msadLdsUacMapperName), + Config: testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationAfter(msadLdsUacMapperName), Check: testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperExists("keycloak_ldap_msad_lds_user_account_control_mapper.uac_mapper"), }, }, @@ -120,8 +120,6 @@ func testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperDestroy() resource.T id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapMsadLdsUserAccountControlMapper, _ := keycloakClient.GetLdapMsadLdsUserAccountControlMapper(realm, id) if ldapMsadLdsUserAccountControlMapper != nil { return fmt.Errorf("ldap msad-lds uac mapper with id %s still exists", id) @@ -133,8 +131,6 @@ func testAccCheckKeycloakLdapMsadLdsUserAccountControlMapperDestroy() resource.T } func getLdapMsadLdsUserAccountControlMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapMsadLdsUserAccountControlMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -151,14 +147,15 @@ func getLdapMsadLdsUserAccountControlMapperFromState(s *terraform.State, resourc return ldapMsadLdsUserAccountControlMapper, nil } -func testKeycloakLdapMsadLdsUserAccountControlMapper_basic(realm, msadLdsUacMapperName string) string { +func testKeycloakLdapMsadLdsUserAccountControlMapper_basic(msadLdsUacMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } + resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -172,25 +169,28 @@ resource "keycloak_ldap_user_federation" "openldap" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } + resource "keycloak_ldap_msad_lds_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" + realm_id = data.keycloak_realm.realm.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap.id } - `, realm, msadLdsUacMapperName) + `, testAccRealmUserFederation.Realm, msadLdsUacMapperName) } -func testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationBefore(realmOne, realmTwo, msadLdsUacMapperName string) string { +func testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationBefore(msadLdsUacMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { + +data "keycloak_realm" "realm_two" { realm = "%s" } + resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -204,9 +204,10 @@ resource "keycloak_ldap_user_federation" "openldap_one" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } + resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -220,25 +221,28 @@ resource "keycloak_ldap_user_federation" "openldap_two" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } + resource "keycloak_ldap_msad_lds_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" + realm_id = data.keycloak_realm.realm_one.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap_one.id } - `, realmOne, realmTwo, msadLdsUacMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, msadLdsUacMapperName) } -func testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationAfter(realmOne, realmTwo, msadLdsUacMapperName string) string { +func testKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederationAfter(msadLdsUacMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { + +data "keycloak_realm" "realm_two" { realm = "%s" } + resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -252,9 +256,10 @@ resource "keycloak_ldap_user_federation" "openldap_one" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } + resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true username_ldap_attribute = "cn" rdn_ldap_attribute = "cn" @@ -268,10 +273,11 @@ resource "keycloak_ldap_user_federation" "openldap_two" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } + resource "keycloak_ldap_msad_lds_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" - ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" + realm_id = data.keycloak_realm.realm_two.id + ldap_user_federation_id = keycloak_ldap_user_federation.openldap_two.id } - `, realmOne, realmTwo, msadLdsUacMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, msadLdsUacMapperName) } diff --git a/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go b/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go index 0e8f93a2..22d47f63 100644 --- a/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go +++ b/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go @@ -10,7 +10,8 @@ import ( ) func TestAccKeycloakLdapMsadUserAccountControlMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + msadUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,7 +20,7 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadUserAccountControlMapper_basic(realmName, msadUacMapperName, randomBool()), + Config: testKeycloakLdapMsadUserAccountControlMapper_basic(msadUacMapperName, randomBool()), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, { @@ -33,9 +34,10 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_basic(t *testing.T) { } func TestAccKeycloakLdapMsadUserAccountControlMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapMsadUserAccountControlMapper{} - realmName := "terraform-" + acctest.RandString(10) msadUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -44,19 +46,17 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_createAfterManualDestroy(t CheckDestroy: testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadUserAccountControlMapper_basic(realmName, msadUacMapperName, randomBool()), + Config: testKeycloakLdapMsadUserAccountControlMapper_basic(msadUacMapperName, randomBool()), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperFetch("keycloak_ldap_msad_user_account_control_mapper.uac_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapMsadUserAccountControlMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapMsadUserAccountControlMapper_basic(realmName, msadUacMapperName, randomBool()), + Config: testKeycloakLdapMsadUserAccountControlMapper_basic(msadUacMapperName, randomBool()), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, }, @@ -64,8 +64,8 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_createAfterManualDestroy(t } func TestAccKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederation(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + msadUacMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -74,11 +74,11 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederation(t CheckDestroy: testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationBefore(realmOne, realmTwo, msadUacMapperName), + Config: testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationBefore(msadUacMapperName), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, { - Config: testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationAfter(realmOne, realmTwo, msadUacMapperName), + Config: testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationAfter(msadUacMapperName), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, }, @@ -86,7 +86,8 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederation(t } func TestAccKeycloakLdapMsadUserAccountControlMapper_updateInPlace(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() + passwordHintsEnabled := randomBool() resource.Test(t, resource.TestCase{ @@ -95,11 +96,11 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_updateInPlace(t *testing.T) CheckDestroy: testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapMsadUserAccountControlMapper_basic(realm, acctest.RandString(10), passwordHintsEnabled), + Config: testKeycloakLdapMsadUserAccountControlMapper_basic(acctest.RandString(10), passwordHintsEnabled), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, { - Config: testKeycloakLdapMsadUserAccountControlMapper_basic(realm, acctest.RandString(10), !passwordHintsEnabled), + Config: testKeycloakLdapMsadUserAccountControlMapper_basic(acctest.RandString(10), !passwordHintsEnabled), Check: testAccCheckKeycloakLdapMsadUserAccountControlMapperExists("keycloak_ldap_msad_user_account_control_mapper.uac_mapper"), }, }, @@ -141,8 +142,6 @@ func testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy() resource.Test id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapMsadUserAccountControlMapper, _ := keycloakClient.GetLdapMsadUserAccountControlMapper(realm, id) if ldapMsadUserAccountControlMapper != nil { return fmt.Errorf("ldap msad uac mapper with id %s still exists", id) @@ -154,8 +153,6 @@ func testAccCheckKeycloakLdapMsadUserAccountControlMapperDestroy() resource.Test } func getLdapMsadUserAccountControlMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapMsadUserAccountControlMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -172,15 +169,15 @@ func getLdapMsadUserAccountControlMapperFromState(s *terraform.State, resourceNa return ldapMsadUserAccountControlMapper, nil } -func testKeycloakLdapMsadUserAccountControlMapper_basic(realm, msadUacMapperName string, passwordHintsEnabled bool) string { +func testKeycloakLdapMsadUserAccountControlMapper_basic(msadUacMapperName string, passwordHintsEnabled bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -199,27 +196,27 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_msad_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" ldap_password_policy_hints_enabled = %t } - `, realm, msadUacMapperName, passwordHintsEnabled) + `, testAccRealmUserFederation.Realm, msadUacMapperName, passwordHintsEnabled) } -func testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationBefore(realmOne, realmTwo, msadUacMapperName string) string { +func testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationBefore(msadUacMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -238,7 +235,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -257,25 +254,25 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_msad_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" } - `, realmOne, realmTwo, msadUacMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, msadUacMapperName) } -func testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationAfter(realmOne, realmTwo, msadUacMapperName string) string { +func testKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederationAfter(msadUacMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -294,7 +291,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -313,8 +310,8 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_msad_user_account_control_mapper" "uac_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" } - `, realmOne, realmTwo, msadUacMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, msadUacMapperName) } diff --git a/provider/resource_keycloak_ldap_role_mapper_test.go b/provider/resource_keycloak_ldap_role_mapper_test.go index f31c1a2a..8c6b39ba 100644 --- a/provider/resource_keycloak_ldap_role_mapper_test.go +++ b/provider/resource_keycloak_ldap_role_mapper_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakLdapRoleMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +21,7 @@ func TestAccKeycloakLdapRoleMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basic(realmName, roleMapperName), + Config: testKeycloakLdapRoleMapper_basic(roleMapperName), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, { @@ -34,9 +35,10 @@ func TestAccKeycloakLdapRoleMapper_basic(t *testing.T) { } func TestAccKeycloakLdapRoleMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapRoleMapper{} - realmName := "terraform-" + acctest.RandString(10) roleMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -45,19 +47,17 @@ func TestAccKeycloakLdapRoleMapper_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basic(realmName, roleMapperName), + Config: testKeycloakLdapRoleMapper_basic(roleMapperName), Check: testAccCheckKeycloakLdapRoleMapperFetch("keycloak_ldap_role_mapper.role_mapper", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapRoleMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapRoleMapper_basic(realmName, roleMapperName), + Config: testKeycloakLdapRoleMapper_basic(roleMapperName), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -65,7 +65,8 @@ func TestAccKeycloakLdapRoleMapper_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakLdapRoleMapper_modeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) mode := randomStringInSlice(keycloakLdapRoleMapperModes) @@ -75,11 +76,11 @@ func TestAccKeycloakLdapRoleMapper_modeValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "mode", acctest.RandString(10)), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "mode", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected mode to be one of .+ got .+"), }, { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "mode", mode), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "mode", mode), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -87,7 +88,8 @@ func TestAccKeycloakLdapRoleMapper_modeValidation(t *testing.T) { } func TestAccKeycloakLdapRoleMapper_membershipAttributeTypeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) membershipAttributeType := randomStringInSlice(keycloakLdapRoleMapperMembershipAttributeTypes) @@ -97,11 +99,11 @@ func TestAccKeycloakLdapRoleMapper_membershipAttributeTypeValidation(t *testing. CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "membership_attribute_type", acctest.RandString(10)), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "membership_attribute_type", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected membership_attribute_type to be one of .+ got .+"), }, { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "membership_attribute_type", membershipAttributeType), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "membership_attribute_type", membershipAttributeType), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -109,7 +111,8 @@ func TestAccKeycloakLdapRoleMapper_membershipAttributeTypeValidation(t *testing. } func TestAccKeycloakLdapRoleMapper_userRolesRetrieveStrategyValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) userRolesRetrieveStrategy := randomStringInSlice(keycloakLdapRoleMapperUserRolesRetrieveStrategies) @@ -119,11 +122,11 @@ func TestAccKeycloakLdapRoleMapper_userRolesRetrieveStrategyValidation(t *testin CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "user_roles_retrieve_strategy", acctest.RandString(10)), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "user_roles_retrieve_strategy", acctest.RandString(10)), ExpectError: regexp.MustCompile("expected user_roles_retrieve_strategy to be one of .+ got .+"), }, { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "user_roles_retrieve_strategy", userRolesRetrieveStrategy), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "user_roles_retrieve_strategy", userRolesRetrieveStrategy), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -131,7 +134,8 @@ func TestAccKeycloakLdapRoleMapper_userRolesRetrieveStrategyValidation(t *testin } func TestAccKeycloakLdapRoleMapper_rolesLdapFilterValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) rolesLdapFilter := "(" + acctest.RandString(10) + ")" @@ -141,11 +145,11 @@ func TestAccKeycloakLdapRoleMapper_rolesLdapFilterValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "roles_ldap_filter", acctest.RandString(10)), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "roles_ldap_filter", acctest.RandString(10)), ExpectError: regexp.MustCompile(`validation error: roles ldap filter must start with '\(' and end with '\)'`), }, { - Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(realmName, roleMapperName, "roles_ldap_filter", rolesLdapFilter), + Config: testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, "roles_ldap_filter", rolesLdapFilter), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -153,8 +157,8 @@ func TestAccKeycloakLdapRoleMapper_rolesLdapFilterValidation(t *testing.T) { } func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationForceNew(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + roleMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -163,11 +167,11 @@ func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationForceNew(t *testing.T CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_updateLdapUserFederationBefore(realmOne, realmTwo, roleMapperName), + Config: testKeycloakLdapRoleMapper_updateLdapUserFederationBefore(roleMapperName), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, { - Config: testKeycloakLdapRoleMapper_updateLdapUserFederationAfter(realmOne, realmTwo, roleMapperName), + Config: testKeycloakLdapRoleMapper_updateLdapUserFederationAfter(roleMapperName), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -175,13 +179,14 @@ func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationForceNew(t *testing.T } func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationInPlace(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-" + acctest.RandString(10) useRealmRolesMapping := randomBool() roleMapperOne := &keycloak.LdapRoleMapper{ Name: acctest.RandString(10), - RealmId: realm, + RealmId: testAccRealmUserFederation.Realm, LdapRolesDn: acctest.RandString(10), RoleNameLdapAttribute: acctest.RandString(10), RoleObjectClasses: []string{acctest.RandString(10), acctest.RandString(10)}, @@ -198,7 +203,7 @@ func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationInPlace(t *testing.T) roleMapperTwo := &keycloak.LdapRoleMapper{ Name: acctest.RandString(10), - RealmId: realm, + RealmId: testAccRealmUserFederation.Realm, LdapRolesDn: acctest.RandString(10), RoleNameLdapAttribute: acctest.RandString(10), RoleObjectClasses: []string{acctest.RandString(10), acctest.RandString(10), acctest.RandString(10)}, @@ -219,11 +224,11 @@ func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationInPlace(t *testing.T) CheckDestroy: testAccCheckKeycloakLdapRoleMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapRoleMapper_basicFromInterface(realm, roleMapperOne), + Config: testKeycloakLdapRoleMapper_basicFromInterface(roleMapperOne), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, { - Config: testKeycloakLdapRoleMapper_basicFromInterface(realm, roleMapperTwo), + Config: testKeycloakLdapRoleMapper_basicFromInterface(roleMapperTwo), Check: testAccCheckKeycloakLdapRoleMapperExists("keycloak_ldap_role_mapper.role_mapper"), }, }, @@ -265,8 +270,6 @@ func testAccCheckKeycloakLdapRoleMapperDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapRoleMapper, _ := keycloakClient.GetLdapRoleMapper(realm, id) if ldapRoleMapper != nil { return fmt.Errorf("ldap role mapper with id %s still exists", id) @@ -278,8 +281,6 @@ func testAccCheckKeycloakLdapRoleMapperDestroy() resource.TestCheckFunc { } func getLdapRoleMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapRoleMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -296,15 +297,15 @@ func getLdapRoleMapperFromState(s *terraform.State, resourceName string) (*keycl return ldapRoleMapper, nil } -func testKeycloakLdapRoleMapper_basic(realm, roleMapperName string) string { +func testKeycloakLdapRoleMapper_basic(roleMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -323,7 +324,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_role_mapper" "role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" ldap_roles_dn = "dc=example,dc=org" @@ -335,18 +336,18 @@ resource "keycloak_ldap_role_mapper" "role_mapper" { membership_user_ldap_attribute = "sAMAccountName" memberof_ldap_attribute = "memberOf" } - `, realm, roleMapperName) + `, testAccRealmUserFederation.Realm, roleMapperName) } -func testKeycloakLdapRoleMapper_basicWithAttrValidation(realm, roleMapperName, attr, val string) string { +func testKeycloakLdapRoleMapper_basicWithAttrValidation(roleMapperName, attr, val string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -365,7 +366,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_role_mapper" "role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" %s = "%s" @@ -379,18 +380,18 @@ resource "keycloak_ldap_role_mapper" "role_mapper" { membership_user_ldap_attribute = "sAMAccountName" memberof_ldap_attribute = "memberOf" } - `, realm, roleMapperName, attr, val) + `, testAccRealmUserFederation.Realm, roleMapperName, attr, val) } -func testKeycloakLdapRoleMapper_basicFromInterface(realm string, mapper *keycloak.LdapRoleMapper) string { +func testKeycloakLdapRoleMapper_basicFromInterface(mapper *keycloak.LdapRoleMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -409,7 +410,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_role_mapper" "role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" ldap_roles_dn = "%s" @@ -425,22 +426,22 @@ resource "keycloak_ldap_role_mapper" "role_mapper" { use_realm_roles_mapping = %t client_id = "%s" } - `, realm, mapper.Name, mapper.LdapRolesDn, mapper.RoleNameLdapAttribute, arrayOfStringsForTerraformResource(mapper.RoleObjectClasses), mapper.MembershipLdapAttribute, mapper.MembershipAttributeType, mapper.MembershipUserLdapAttribute, mapper.RolesLdapFilter, mapper.Mode, mapper.UserRolesRetrieveStrategy, mapper.MemberofLdapAttribute, mapper.UseRealmRolesMapping, mapper.ClientId) + `, testAccRealmUserFederation.Realm, mapper.Name, mapper.LdapRolesDn, mapper.RoleNameLdapAttribute, arrayOfStringsForTerraformResource(mapper.RoleObjectClasses), mapper.MembershipLdapAttribute, mapper.MembershipAttributeType, mapper.MembershipUserLdapAttribute, mapper.RolesLdapFilter, mapper.Mode, mapper.UserRolesRetrieveStrategy, mapper.MemberofLdapAttribute, mapper.UseRealmRolesMapping, mapper.ClientId) } -func testKeycloakLdapRoleMapper_updateLdapUserFederationBefore(realmOne, realmTwo, roleMapperName string) string { +func testKeycloakLdapRoleMapper_updateLdapUserFederationBefore(roleMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -459,7 +460,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -478,7 +479,7 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_role_mapper" "role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" ldap_roles_dn = "dc=example,dc=org" @@ -491,22 +492,22 @@ resource "keycloak_ldap_role_mapper" "role_mapper" { membership_user_ldap_attribute = "sAMAccountName" memberof_ldap_attribute = "memberOf" } - `, realmOne, realmTwo, roleMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, roleMapperName) } -func testKeycloakLdapRoleMapper_updateLdapUserFederationAfter(realmOne, realmTwo, roleMapperName string) string { +func testKeycloakLdapRoleMapper_updateLdapUserFederationAfter(roleMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -525,7 +526,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -544,7 +545,7 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_role_mapper" "role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" ldap_roles_dn = "dc=example,dc=org" @@ -557,5 +558,5 @@ resource "keycloak_ldap_role_mapper" "role_mapper" { membership_user_ldap_attribute = "sAMAccountName" memberof_ldap_attribute = "memberOf" } - `, realmOne, realmTwo, roleMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, roleMapperName) } diff --git a/provider/resource_keycloak_ldap_user_attribute_mapper_test.go b/provider/resource_keycloak_ldap_user_attribute_mapper_test.go index 3daf0787..8eac8388 100644 --- a/provider/resource_keycloak_ldap_user_attribute_mapper_test.go +++ b/provider/resource_keycloak_ldap_user_attribute_mapper_test.go @@ -10,7 +10,8 @@ import ( ) func TestAccKeycloakLdapUserAttributeMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + userAttributeMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,7 +20,7 @@ func TestAccKeycloakLdapUserAttributeMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserAttributeMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserAttributeMapper_basic(realmName, userAttributeMapperName), + Config: testKeycloakLdapUserAttributeMapper_basic(userAttributeMapperName), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, { @@ -33,9 +34,10 @@ func TestAccKeycloakLdapUserAttributeMapper_basic(t *testing.T) { } func TestAccKeycloakLdapUserAttributeMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + var mapper = &keycloak.LdapUserAttributeMapper{} - realmName := "terraform-" + acctest.RandString(10) userAttributeMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -44,19 +46,17 @@ func TestAccKeycloakLdapUserAttributeMapper_createAfterManualDestroy(t *testing. CheckDestroy: testAccCheckKeycloakLdapUserAttributeMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserAttributeMapper_basic(realmName, userAttributeMapperName), + Config: testKeycloakLdapUserAttributeMapper_basic(userAttributeMapperName), Check: testAccCheckKeycloakLdapUserAttributeMapperFetch("keycloak_ldap_user_attribute_mapper.username", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapUserAttributeMapper(mapper.RealmId, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapUserAttributeMapper_basic(realmName, userAttributeMapperName), + Config: testKeycloakLdapUserAttributeMapper_basic(userAttributeMapperName), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, }, @@ -64,8 +64,8 @@ func TestAccKeycloakLdapUserAttributeMapper_createAfterManualDestroy(t *testing. } func TestAccKeycloakLdapUserAttributeMapper_updateLdapUserFederation(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + userAttributeMapperName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -74,11 +74,11 @@ func TestAccKeycloakLdapUserAttributeMapper_updateLdapUserFederation(t *testing. CheckDestroy: testAccCheckKeycloakLdapUserAttributeMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserAttributeMapper_updateLdapUserFederationBefore(realmOne, realmTwo, userAttributeMapperName), + Config: testKeycloakLdapUserAttributeMapper_updateLdapUserFederationBefore(userAttributeMapperName), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, { - Config: testKeycloakLdapUserAttributeMapper_updateLdapUserFederationAfter(realmOne, realmTwo, userAttributeMapperName), + Config: testKeycloakLdapUserAttributeMapper_updateLdapUserFederationAfter(userAttributeMapperName), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, }, @@ -86,7 +86,8 @@ func TestAccKeycloakLdapUserAttributeMapper_updateLdapUserFederation(t *testing. } func TestAccKeycloakLdapUserAttributeMapper_updateInPlace(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() + userAttributeMapperBefore := &keycloak.LdapUserAttributeMapper{ Name: acctest.RandString(10), UserModelAttribute: acctest.RandString(10), @@ -110,11 +111,11 @@ func TestAccKeycloakLdapUserAttributeMapper_updateInPlace(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserAttributeMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserAttributeMapper_basicFromInterface(realm, userAttributeMapperBefore), + Config: testKeycloakLdapUserAttributeMapper_basicFromInterface(userAttributeMapperBefore), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, { - Config: testKeycloakLdapUserAttributeMapper_basicFromInterface(realm, userAttributeMapperAfter), + Config: testKeycloakLdapUserAttributeMapper_basicFromInterface(userAttributeMapperAfter), Check: testAccCheckKeycloakLdapUserAttributeMapperExists("keycloak_ldap_user_attribute_mapper.username"), }, }, @@ -156,8 +157,6 @@ func testAccCheckKeycloakLdapUserAttributeMapperDestroy() resource.TestCheckFunc id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldapUserAttributeMapper, _ := keycloakClient.GetLdapUserAttributeMapper(realm, id) if ldapUserAttributeMapper != nil { return fmt.Errorf("ldap user attribute mapper with id %s still exists", id) @@ -169,8 +168,6 @@ func testAccCheckKeycloakLdapUserAttributeMapperDestroy() resource.TestCheckFunc } func getLdapUserAttributeMapperFromState(s *terraform.State, resourceName string) (*keycloak.LdapUserAttributeMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -187,15 +184,15 @@ func getLdapUserAttributeMapperFromState(s *terraform.State, resourceName string return ldapUserAttributeMapper, nil } -func testKeycloakLdapUserAttributeMapper_basic(realm, userAttributeMapperName string) string { +func testKeycloakLdapUserAttributeMapper_basic(userAttributeMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -214,24 +211,24 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_user_attribute_mapper" "username" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" user_model_attribute = "username" ldap_attribute = "cn" } - `, realm, userAttributeMapperName) + `, testAccRealmUserFederation.Realm, userAttributeMapperName) } -func testKeycloakLdapUserAttributeMapper_basicFromInterface(realm string, mapper *keycloak.LdapUserAttributeMapper) string { +func testKeycloakLdapUserAttributeMapper_basicFromInterface(mapper *keycloak.LdapUserAttributeMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "openldap" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -250,7 +247,7 @@ resource "keycloak_ldap_user_federation" "openldap" { resource "keycloak_ldap_user_attribute_mapper" "username" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap.id}" user_model_attribute = "%s" @@ -260,22 +257,22 @@ resource "keycloak_ldap_user_attribute_mapper" "username" { always_read_value_from_ldap = %t is_mandatory_in_ldap = %t } - `, realm, mapper.Name, mapper.UserModelAttribute, mapper.LdapAttribute, mapper.ReadOnly, mapper.AlwaysReadValueFromLdap, mapper.IsMandatoryInLdap) + `, testAccRealmUserFederation.Realm, mapper.Name, mapper.UserModelAttribute, mapper.LdapAttribute, mapper.ReadOnly, mapper.AlwaysReadValueFromLdap, mapper.IsMandatoryInLdap) } -func testKeycloakLdapUserAttributeMapper_updateLdapUserFederationBefore(realmOne, realmTwo, userAttributeMapperName string) string { +func testKeycloakLdapUserAttributeMapper_updateLdapUserFederationBefore(userAttributeMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -294,7 +291,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -313,28 +310,28 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_user_attribute_mapper" "username" { name = "%s" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_one.id}" user_model_attribute = "username" ldap_attribute = "cn" } - `, realmOne, realmTwo, userAttributeMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, userAttributeMapperName) } -func testKeycloakLdapUserAttributeMapper_updateLdapUserFederationAfter(realmOne, realmTwo, userAttributeMapperName string) string { +func testKeycloakLdapUserAttributeMapper_updateLdapUserFederationAfter(userAttributeMapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_one" { +data "keycloak_realm" "realm_one" { realm = "%s" } -resource "keycloak_realm" "realm_two" { +data "keycloak_realm" "realm_two" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_one" { name = "openldap" - realm_id = "${keycloak_realm.realm_one.id}" + realm_id = data.keycloak_realm.realm_one.id enabled = true @@ -353,7 +350,7 @@ resource "keycloak_ldap_user_federation" "openldap_one" { resource "keycloak_ldap_user_federation" "openldap_two" { name = "openldap" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id enabled = true @@ -372,11 +369,11 @@ resource "keycloak_ldap_user_federation" "openldap_two" { resource "keycloak_ldap_user_attribute_mapper" "username" { name = "%s" - realm_id = "${keycloak_realm.realm_two.id}" + realm_id = data.keycloak_realm.realm_two.id ldap_user_federation_id = "${keycloak_ldap_user_federation.openldap_two.id}" user_model_attribute = "username" ldap_attribute = "cn" } - `, realmOne, realmTwo, userAttributeMapperName) + `, testAccRealmUserFederation.Realm, testAccRealmTwo.Realm, userAttributeMapperName) } diff --git a/provider/resource_keycloak_ldap_user_federation_test.go b/provider/resource_keycloak_ldap_user_federation_test.go index 1dbdd17b..24682f0f 100644 --- a/provider/resource_keycloak_ldap_user_federation_test.go +++ b/provider/resource_keycloak_ldap_user_federation_test.go @@ -13,7 +13,7 @@ import ( ) func TestAccKeycloakLdapUserFederation_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -22,7 +22,7 @@ func TestAccKeycloakLdapUserFederation_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basic(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), }, }, @@ -30,7 +30,7 @@ func TestAccKeycloakLdapUserFederation_basic(t *testing.T) { } func TestAccKeycloakLdapUserFederation_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) bindCredentialForImport := "admin" @@ -41,7 +41,7 @@ func TestAccKeycloakLdapUserFederation_import(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basic(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), }, { @@ -51,23 +51,23 @@ func TestAccKeycloakLdapUserFederation_import(t *testing.T) { ImportStateIdFunc: getLdapUserFederationImportId("keycloak_ldap_user_federation.openldap", bindCredentialForImport), }, { - Config: testKeycloakLdapUserFederation_noAuth(realmName, ldapName), + Config: testKeycloakLdapUserFederation_noAuth(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap_no_auth"), }, { ResourceName: "keycloak_ldap_user_federation.openldap_no_auth", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealmUserFederation.Realm + "/", }, }, }) } func TestAccKeycloakLdapUserFederation_createAfterManualDestroy(t *testing.T) { + t.Parallel() var ldap = &keycloak.LdapUserFederation{} - realmName := "terraform-" + acctest.RandString(10) ldapName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -76,19 +76,17 @@ func TestAccKeycloakLdapUserFederation_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basic(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: testAccCheckKeycloakLdapUserFederationFetch("keycloak_ldap_user_federation.openldap", ldap), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteLdapUserFederation(ldap.RealmId, ldap.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakLdapUserFederation_basic(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), }, }, @@ -96,8 +94,7 @@ func TestAccKeycloakLdapUserFederation_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakLdapUserFederation_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -106,17 +103,17 @@ func TestAccKeycloakLdapUserFederation_basicUpdateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basic(firstRealm, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), - resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "realm_id", firstRealm), + resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "realm_id", testAccRealmUserFederation.Realm), ), }, { - Config: testKeycloakLdapUserFederation_basic(secondRealm, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), - resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "realm_id", secondRealm), + resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "realm_id", testAccRealmUserFederation.Realm), ), }, }, @@ -132,7 +129,7 @@ func generateRandomLdapKerberos(enabled bool) *keycloak.LdapUserFederation { evictionMinute := acctest.RandIntRange(0, 59) return &keycloak.LdapUserFederation{ - RealmId: acctest.RandString(10), + RealmId: testAccRealmUserFederation.Realm, Name: "terraform-" + acctest.RandString(10), Enabled: enabled, UsernameLDAPAttribute: acctest.RandString(10), @@ -188,6 +185,7 @@ func checkMatchingNestedKey(resourcePath string, blockName string, fieldInBlock } func TestAccKeycloakLdapUserFederation_basicUpdateKerberosSettings(t *testing.T) { + t.Parallel() firstLdap := generateRandomLdapKerberos(true) secondLdap := generateRandomLdapKerberos(false) @@ -223,7 +221,7 @@ func TestAccKeycloakLdapUserFederation_basicUpdateKerberosSettings(t *testing.T) } func TestAccKeycloakLdapUserFederation_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() firstEnabled := randomBool() firstValidatePasswordPolicy := randomBool() firstPagination := randomBool() @@ -238,7 +236,6 @@ func TestAccKeycloakLdapUserFederation_basicUpdateAll(t *testing.T) { evictionMinute := acctest.RandIntRange(0, 59) firstLdap := &keycloak.LdapUserFederation{ - RealmId: realmName, Name: "terraform-" + acctest.RandString(10), Enabled: firstEnabled, UsernameLDAPAttribute: acctest.RandString(10), @@ -274,7 +271,6 @@ func TestAccKeycloakLdapUserFederation_basicUpdateAll(t *testing.T) { evictionMinute = acctest.RandIntRange(0, 59) secondLdap := &keycloak.LdapUserFederation{ - RealmId: realmName, Name: "terraform-" + acctest.RandString(10), Enabled: !firstEnabled, UsernameLDAPAttribute: acctest.RandString(10), @@ -323,7 +319,7 @@ func TestAccKeycloakLdapUserFederation_basicUpdateAll(t *testing.T) { } func TestAccKeycloakLdapUserFederation_unsetTimeoutDurationStrings(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -332,11 +328,11 @@ func TestAccKeycloakLdapUserFederation_unsetTimeoutDurationStrings(t *testing.T) CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithTimeouts(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basicWithTimeouts(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), }, { - Config: testKeycloakLdapUserFederation_basic(realmName, ldapName), + Config: testKeycloakLdapUserFederation_basic(ldapName), Check: testAccCheckKeycloakLdapUserFederationExists("keycloak_ldap_user_federation.openldap"), }, }, @@ -344,7 +340,7 @@ func TestAccKeycloakLdapUserFederation_unsetTimeoutDurationStrings(t *testing.T) } func TestAccKeycloakLdapUserFederation_editModeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) editMode := randomStringInSlice(keycloakLdapUserFederationEditModes) @@ -354,11 +350,11 @@ func TestAccKeycloakLdapUserFederation_editModeValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("edit_mode", realmName, ldapName, acctest.RandString(10)), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("edit_mode", ldapName, acctest.RandString(10)), ExpectError: regexp.MustCompile("expected edit_mode to be one of .+ got .+"), }, { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("edit_mode", realmName, ldapName, editMode), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("edit_mode", ldapName, editMode), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "edit_mode", editMode), }, }, @@ -366,7 +362,7 @@ func TestAccKeycloakLdapUserFederation_editModeValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_vendorValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) vendor := randomStringInSlice(keycloakLdapUserFederationVendors) @@ -376,11 +372,11 @@ func TestAccKeycloakLdapUserFederation_vendorValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("vendor", realmName, ldapName, acctest.RandString(10)), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("vendor", ldapName, acctest.RandString(10)), ExpectError: regexp.MustCompile("expected vendor to be one of .+ got .+"), }, { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("vendor", realmName, ldapName, vendor), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("vendor", ldapName, vendor), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "vendor", vendor), }, }, @@ -388,7 +384,7 @@ func TestAccKeycloakLdapUserFederation_vendorValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_searchScopeValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) searchScope := randomStringInSlice(keycloakLdapUserFederationSearchScopes) @@ -398,11 +394,11 @@ func TestAccKeycloakLdapUserFederation_searchScopeValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("search_scope", realmName, ldapName, acctest.RandString(10)), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("search_scope", ldapName, acctest.RandString(10)), ExpectError: regexp.MustCompile("expected search_scope to be one of .+ got .+"), }, { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("search_scope", realmName, ldapName, searchScope), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("search_scope", ldapName, searchScope), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "search_scope", searchScope), }, }, @@ -410,7 +406,7 @@ func TestAccKeycloakLdapUserFederation_searchScopeValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_useTrustStoreValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) useTrustStore := randomStringInSlice(keycloakLdapUserFederationTruststoreSpiSettings) @@ -420,11 +416,11 @@ func TestAccKeycloakLdapUserFederation_useTrustStoreValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("use_truststore_spi", realmName, ldapName, acctest.RandString(10)), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("use_truststore_spi", ldapName, acctest.RandString(10)), ExpectError: regexp.MustCompile("expected use_truststore_spi to be one of .+ got .+"), }, { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("use_truststore_spi", realmName, ldapName, useTrustStore), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("use_truststore_spi", ldapName, useTrustStore), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "use_truststore_spi", useTrustStore), }, }, @@ -432,7 +428,7 @@ func TestAccKeycloakLdapUserFederation_useTrustStoreValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_cachePolicyValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) cachePolicy := randomStringInSlice(keycloakUserFederationCachePolicies) @@ -442,11 +438,11 @@ func TestAccKeycloakLdapUserFederation_cachePolicyValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("cache_policy", realmName, ldapName, acctest.RandString(10)), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("cache_policy", ldapName, acctest.RandString(10)), ExpectError: regexp.MustCompile("expected cache_policy to be one of .+ got .+"), }, { - Config: testKeycloakLdapUserFederation_basicWithAttrValidation("cache_policy", realmName, ldapName, cachePolicy), + Config: testKeycloakLdapUserFederation_basicWithAttrValidation("cache_policy", ldapName, cachePolicy), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "cache_policy", cachePolicy), }, }, @@ -454,7 +450,7 @@ func TestAccKeycloakLdapUserFederation_cachePolicyValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_bindValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -463,11 +459,11 @@ func TestAccKeycloakLdapUserFederation_bindValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_noBindCredentialValidation(realmName, ldapName), + Config: testKeycloakLdapUserFederation_noBindCredentialValidation(ldapName), ExpectError: regexp.MustCompile("validation error: authentication requires both BindDN and BindCredential to be set"), }, { - Config: testKeycloakLdapUserFederation_nobindDnValidation(realmName, ldapName), + Config: testKeycloakLdapUserFederation_nobindDnValidation(ldapName), ExpectError: regexp.MustCompile("validation error: authentication requires both BindDN and BindCredential to be set"), }, }, @@ -475,7 +471,7 @@ func TestAccKeycloakLdapUserFederation_bindValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_syncPeriodValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) validSyncPeriod := acctest.RandIntRange(1, 3600) @@ -488,23 +484,23 @@ func TestAccKeycloakLdapUserFederation_syncPeriodValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(realmName, ldapName, validSyncPeriod, invalidNegativeSyncPeriod), + Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(ldapName, validSyncPeriod, invalidNegativeSyncPeriod), ExpectError: regexp.MustCompile(`expected .+ to be either -1 \(disabled\), or greater than zero`), }, { - Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(realmName, ldapName, invalidNegativeSyncPeriod, validSyncPeriod), + Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(ldapName, invalidNegativeSyncPeriod, validSyncPeriod), ExpectError: regexp.MustCompile(`expected .+ to be either -1 \(disabled\), or greater than zero`), }, { - Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(realmName, ldapName, validSyncPeriod, invalidZeroSyncPeriod), + Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(ldapName, validSyncPeriod, invalidZeroSyncPeriod), ExpectError: regexp.MustCompile(`expected .+ to be either -1 \(disabled\), or greater than zero`), }, { - Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(realmName, ldapName, invalidZeroSyncPeriod, validSyncPeriod), + Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(ldapName, invalidZeroSyncPeriod, validSyncPeriod), ExpectError: regexp.MustCompile(`expected .+ to be either -1 \(disabled\), or greater than zero`), }, { - Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(realmName, ldapName, validSyncPeriod, validSyncPeriod), + Config: testKeycloakLdapUserFederation_basicWithSyncPeriod(ldapName, validSyncPeriod, validSyncPeriod), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "full_sync_period", strconv.Itoa(validSyncPeriod)), resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "changed_sync_period", strconv.Itoa(validSyncPeriod)), @@ -515,7 +511,7 @@ func TestAccKeycloakLdapUserFederation_syncPeriodValidation(t *testing.T) { } func TestAccKeycloakLdapUserFederation_bindCredential(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() ldapName := "terraform-" + acctest.RandString(10) firstBindCredential := acctest.RandString(10) secondBindCredential := acctest.RandString(10) @@ -526,11 +522,11 @@ func TestAccKeycloakLdapUserFederation_bindCredential(t *testing.T) { CheckDestroy: testAccCheckKeycloakLdapUserFederationDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakLdapUserFederation_bindCredential(realmName, ldapName, firstBindCredential), + Config: testKeycloakLdapUserFederation_bindCredential(ldapName, firstBindCredential), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "bind_credential", firstBindCredential), }, { - Config: testKeycloakLdapUserFederation_bindCredential(realmName, ldapName, secondBindCredential), + Config: testKeycloakLdapUserFederation_bindCredential(ldapName, secondBindCredential), Check: resource.TestCheckResourceAttr("keycloak_ldap_user_federation.openldap", "bind_credential", secondBindCredential), }, }, @@ -572,8 +568,6 @@ func testAccCheckKeycloakLdapUserFederationDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - ldap, _ := keycloakClient.GetLdapUserFederation(realm, id) if ldap != nil { return fmt.Errorf("ldap config with id %s still exists", id) @@ -585,8 +579,6 @@ func testAccCheckKeycloakLdapUserFederationDestroy() resource.TestCheckFunc { } func getLdapUserFederationFromState(s *terraform.State, resourceName string) (*keycloak.LdapUserFederation, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -617,15 +609,15 @@ func getLdapUserFederationImportId(resourceName, bindCredential string) resource } } -func testKeycloakLdapUserFederation_basic(realm, ldap string) string { +func testKeycloakLdapUserFederation_basic(ldap string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -641,18 +633,18 @@ resource "keycloak_ldap_user_federation" "openldap" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } - `, realm, ldap) + `, testAccRealmUserFederation.Realm, ldap) } func testKeycloakLdapUserFederation_basicFromInterface(ldap *keycloak.LdapUserFederation) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = %t @@ -691,18 +683,18 @@ resource "keycloak_ldap_user_federation" "openldap" { eviction_minute = %d } } - `, ldap.RealmId, ldap.Name, ldap.Enabled, ldap.UsernameLDAPAttribute, ldap.RdnLDAPAttribute, ldap.UuidLDAPAttribute, arrayOfStringsForTerraformResource(ldap.UserObjectClasses), ldap.ConnectionUrl, ldap.UsersDn, ldap.BindDn, ldap.BindCredential, ldap.SearchScope, ldap.ValidatePasswordPolicy, ldap.UseTruststoreSpi, ldap.ConnectionTimeout, ldap.ReadTimeout, ldap.Pagination, ldap.BatchSizeForSync, ldap.FullSyncPeriod, ldap.ChangedSyncPeriod, ldap.ServerPrincipal, ldap.UseKerberosForPasswordAuthentication, ldap.KeyTab, ldap.KerberosRealm, ldap.CachePolicy, ldap.MaxLifespan, *ldap.EvictionDay, *ldap.EvictionHour, *ldap.EvictionMinute) + `, testAccRealmUserFederation.Realm, ldap.Name, ldap.Enabled, ldap.UsernameLDAPAttribute, ldap.RdnLDAPAttribute, ldap.UuidLDAPAttribute, arrayOfStringsForTerraformResource(ldap.UserObjectClasses), ldap.ConnectionUrl, ldap.UsersDn, ldap.BindDn, ldap.BindCredential, ldap.SearchScope, ldap.ValidatePasswordPolicy, ldap.UseTruststoreSpi, ldap.ConnectionTimeout, ldap.ReadTimeout, ldap.Pagination, ldap.BatchSizeForSync, ldap.FullSyncPeriod, ldap.ChangedSyncPeriod, ldap.ServerPrincipal, ldap.UseKerberosForPasswordAuthentication, ldap.KeyTab, ldap.KerberosRealm, ldap.CachePolicy, ldap.MaxLifespan, *ldap.EvictionDay, *ldap.EvictionHour, *ldap.EvictionMinute) } -func testKeycloakLdapUserFederation_basicWithAttrValidation(attr, realm, ldap, val string) string { +func testKeycloakLdapUserFederation_basicWithAttrValidation(attr, ldap, val string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -720,18 +712,18 @@ resource "keycloak_ldap_user_federation" "openldap" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "admin" } - `, realm, ldap, attr, val) + `, testAccRealmUserFederation.Realm, ldap, attr, val) } -func testKeycloakLdapUserFederation_nobindDnValidation(realm, ldap string) string { +func testKeycloakLdapUserFederation_nobindDnValidation(ldap string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -747,18 +739,18 @@ resource "keycloak_ldap_user_federation" "openldap" { connection_url = "ldap://openldap" users_dn = "dc=example,dc=org" } - `, realm, ldap) + `, testAccRealmUserFederation.Realm, ldap) } -func testKeycloakLdapUserFederation_noBindCredentialValidation(realm, ldap string) string { +func testKeycloakLdapUserFederation_noBindCredentialValidation(ldap string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -774,18 +766,18 @@ resource "keycloak_ldap_user_federation" "openldap" { connection_url = "ldap://openldap" users_dn = "dc=example,dc=org" } - `, realm, ldap) + `, testAccRealmUserFederation.Realm, ldap) } -func testKeycloakLdapUserFederation_basicWithSyncPeriod(realm, ldap string, fullSyncPeriod, changedSyncPeriod int) string { +func testKeycloakLdapUserFederation_basicWithSyncPeriod(ldap string, fullSyncPeriod, changedSyncPeriod int) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -804,18 +796,18 @@ resource "keycloak_ldap_user_federation" "openldap" { full_sync_period = %d changed_sync_period = %d } - `, realm, ldap, fullSyncPeriod, changedSyncPeriod) + `, testAccRealmUserFederation.Realm, ldap, fullSyncPeriod, changedSyncPeriod) } -func testKeycloakLdapUserFederation_basicWithTimeouts(realm, ldap string) string { +func testKeycloakLdapUserFederation_basicWithTimeouts(ldap string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -834,18 +826,18 @@ resource "keycloak_ldap_user_federation" "openldap" { connection_timeout = "10s" read_timeout = "5s" } - `, realm, ldap) + `, testAccRealmUserFederation.Realm, ldap) } -func testKeycloakLdapUserFederation_bindCredential(realm, ldap, bindCredential string) string { +func testKeycloakLdapUserFederation_bindCredential(ldap, bindCredential string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -861,18 +853,18 @@ resource "keycloak_ldap_user_federation" "openldap" { bind_dn = "cn=admin,dc=example,dc=org" bind_credential = "%s" } - `, realm, ldap, bindCredential) + `, testAccRealmUserFederation.Realm, ldap, bindCredential) } -func testKeycloakLdapUserFederation_noAuth(realm, ldap string) string { +func testKeycloakLdapUserFederation_noAuth(ldap string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_ldap_user_federation" "openldap_no_auth" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id enabled = true @@ -886,5 +878,5 @@ resource "keycloak_ldap_user_federation" "openldap_no_auth" { connection_url = "ldap://openldap" users_dn = "dc=example,dc=org" } - `, realm, ldap) + `, testAccRealmUserFederation.Realm, ldap) } diff --git a/provider/resource_keycloak_oidc_google_identity_provider_test.go b/provider/resource_keycloak_oidc_google_identity_provider_test.go index 2b9ca5fa..f686c0c1 100644 --- a/provider/resource_keycloak_oidc_google_identity_provider_test.go +++ b/provider/resource_keycloak_oidc_google_identity_provider_test.go @@ -10,15 +10,13 @@ import ( ) func TestAccKeycloakOidcGoogleIdentityProvider_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, PreCheck: func() { testAccPreCheck(t) }, CheckDestroy: testAccCheckKeycloakOidcGoogleIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcGoogleIdentityProvider_basic(realmName), + Config: testKeycloakOidcGoogleIdentityProvider_basic(), Check: testAccCheckKeycloakOidcGoogleIdentityProviderExists("keycloak_oidc_google_identity_provider.google"), }, }, @@ -26,7 +24,6 @@ func TestAccKeycloakOidcGoogleIdentityProvider_basic(t *testing.T) { } func TestAccKeycloakOidcGoogleIdentityProvider_customConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) customConfigValue := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -35,7 +32,7 @@ func TestAccKeycloakOidcGoogleIdentityProvider_customConfig(t *testing.T) { CheckDestroy: testAccCheckKeycloakOidcGoogleIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcGoogleIdentityProvider_customConfig(realmName, customConfigValue), + Config: testKeycloakOidcGoogleIdentityProvider_customConfig(customConfigValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOidcGoogleIdentityProviderExists("keycloak_oidc_google_identity_provider.google_custom"), testAccCheckKeycloakOidcGoogleIdentityProviderHasCustomConfigValue("keycloak_oidc_google_identity_provider.google_custom", customConfigValue), @@ -48,66 +45,33 @@ func TestAccKeycloakOidcGoogleIdentityProvider_customConfig(t *testing.T) { func TestAccKeycloakOidcGoogleIdentityProvider_createAfterManualDestroy(t *testing.T) { var idp = &keycloak.IdentityProvider{} - realmName := "terraform-" + acctest.RandString(10) - resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, PreCheck: func() { testAccPreCheck(t) }, CheckDestroy: testAccCheckKeycloakOidcGoogleIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcGoogleIdentityProvider_basic(realmName), + Config: testKeycloakOidcGoogleIdentityProvider_basic(), Check: testAccCheckKeycloakOidcGoogleIdentityProviderFetch("keycloak_oidc_google_identity_provider.google", idp), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProvider(idp.Realm, idp.Alias) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOidcGoogleIdentityProvider_basic(realmName), + Config: testKeycloakOidcGoogleIdentityProvider_basic(), Check: testAccCheckKeycloakOidcGoogleIdentityProviderExists("keycloak_oidc_google_identity_provider.google"), }, }, }) } -func TestAccKeycloakOidcGoogleIdentityProvider_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOidcGoogleIdentityProviderDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOidcGoogleIdentityProvider_basic(firstRealm), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOidcGoogleIdentityProviderExists("keycloak_oidc_google_identity_provider.google"), - resource.TestCheckResourceAttr("keycloak_oidc_google_identity_provider.google", "realm", firstRealm), - ), - }, - { - Config: testKeycloakOidcGoogleIdentityProvider_basic(secondRealm), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOidcGoogleIdentityProviderExists("keycloak_oidc_google_identity_provider.google"), - resource.TestCheckResourceAttr("keycloak_oidc_google_identity_provider.google", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOidcGoogleIdentityProvider_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) firstEnabled := randomBool() firstOidc := &keycloak.IdentityProvider{ - Realm: realmName, Alias: acctest.RandString(10), Enabled: firstEnabled, Config: &keycloak.IdentityProviderConfig{ @@ -119,7 +83,6 @@ func TestAccKeycloakOidcGoogleIdentityProvider_basicUpdateAll(t *testing.T) { } secondOidc := &keycloak.IdentityProvider{ - Realm: realmName, Alias: acctest.RandString(10), Enabled: !firstEnabled, Config: &keycloak.IdentityProviderConfig{ @@ -197,8 +160,6 @@ func testAccCheckKeycloakOidcGoogleIdentityProviderDestroy() resource.TestCheckF id := rs.Primary.ID realm := rs.Primary.Attributes["realm"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - idp, _ := keycloakClient.GetIdentityProvider(realm, id) if idp != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -210,8 +171,6 @@ func testAccCheckKeycloakOidcGoogleIdentityProviderDestroy() resource.TestCheckF } func getKeycloakOidcGoogleIdentityProviderFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProvider, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -228,28 +187,28 @@ func getKeycloakOidcGoogleIdentityProviderFromState(s *terraform.State, resource return idp, nil } -func testKeycloakOidcGoogleIdentityProvider_basic(realm string) string { +func testKeycloakOidcGoogleIdentityProvider_basic() string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_google_identity_provider" "google" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id client_id = "example_id" client_secret = "example_token" } - `, realm) + `, testAccRealm.Realm) } -func testKeycloakOidcGoogleIdentityProvider_customConfig(realm, customConfigValue string) string { +func testKeycloakOidcGoogleIdentityProvider_customConfig(customConfigValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_google_identity_provider" "google_custom" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id provider_id = "google" client_id = "example_id" client_secret = "example_token" @@ -257,22 +216,22 @@ resource "keycloak_oidc_google_identity_provider" "google_custom" { dummyConfig = "%s" } } - `, realm, customConfigValue) + `, testAccRealm.Realm, customConfigValue) } func testKeycloakOidcGoogleIdentityProvider_basicFromInterface(idp *keycloak.IdentityProvider) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_google_identity_provider" "google" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id enabled = %t hosted_domain = "%s" accepts_prompt_none_forward_from_client = %t client_id = "%s" client_secret = "%s" } - `, idp.Realm, idp.Enabled, idp.Config.HostedDomain, idp.Config.AcceptsPromptNoneForwFrmClt, idp.Config.ClientId, idp.Config.ClientSecret) + `, testAccRealm.Realm, idp.Enabled, idp.Config.HostedDomain, idp.Config.AcceptsPromptNoneForwFrmClt, idp.Config.ClientId, idp.Config.ClientSecret) } diff --git a/provider/resource_keycloak_oidc_identity_provider_test.go b/provider/resource_keycloak_oidc_identity_provider_test.go index 944e72aa..75fe4e34 100644 --- a/provider/resource_keycloak_oidc_identity_provider_test.go +++ b/provider/resource_keycloak_oidc_identity_provider_test.go @@ -10,7 +10,6 @@ import ( ) func TestAccKeycloakOidcIdentityProvider_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) oidcName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,37 +18,14 @@ func TestAccKeycloakOidcIdentityProvider_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcIdentityProvider_basic(realmName, oidcName), + Config: testKeycloakOidcIdentityProvider_basic(oidcName), Check: testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), }, }, }) } -func TestAccKeycloakOidcIdentityProvider_custom(t *testing.T) { - skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom idp in CI - //This test does not work in keycloak 10, because the interfaces that our customIdp implements, have changed in the keycloak latest version. - //We need to decide which keycloak version we going to support and test for the customIdp - realmName := "terraform-" + acctest.RandString(10) - oidcName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOidcIdentityProvider_custom(realmName, oidcName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), - ), - }, - }, - }) -} - func TestAccKeycloakOidcIdentityProvider_extra_config(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) oidcName := "terraform-" + acctest.RandString(10) customConfigValue := "terraform-" + acctest.RandString(10) @@ -59,7 +35,7 @@ func TestAccKeycloakOidcIdentityProvider_extra_config(t *testing.T) { CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcIdentityProvider_extra_config(realmName, oidcName, customConfigValue), + Config: testKeycloakOidcIdentityProvider_extra_config(oidcName, customConfigValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOidcIdentityProviderHasCustomConfigValue("keycloak_oidc_identity_provider.oidc", customConfigValue), ), @@ -69,7 +45,6 @@ func TestAccKeycloakOidcIdentityProvider_extra_config(t *testing.T) { } func TestAccKeycloakOidcIdentityProvider_keyDefaultScopes(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) oidcName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -78,7 +53,7 @@ func TestAccKeycloakOidcIdentityProvider_keyDefaultScopes(t *testing.T) { CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcIdentityProvider_keyDefaultScopes(realmName, oidcName, "openid random"), + Config: testKeycloakOidcIdentityProvider_keyDefaultScopes(oidcName, "openid random"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), testAccCheckKeycloakOidcIdentityProviderDefaultScopes("keycloak_oidc_identity_provider.oidc", "openid random"), @@ -91,7 +66,6 @@ func TestAccKeycloakOidcIdentityProvider_keyDefaultScopes(t *testing.T) { func TestAccKeycloakOidcIdentityProvider_createAfterManualDestroy(t *testing.T) { var oidc = &keycloak.IdentityProvider{} - realmName := "terraform-" + acctest.RandString(10) oidcName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -100,59 +74,28 @@ func TestAccKeycloakOidcIdentityProvider_createAfterManualDestroy(t *testing.T) CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOidcIdentityProvider_basic(realmName, oidcName), + Config: testKeycloakOidcIdentityProvider_basic(oidcName), Check: testAccCheckKeycloakOidcIdentityProviderFetch("keycloak_oidc_identity_provider.oidc", oidc), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProvider(oidc.Realm, oidc.Alias) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOidcIdentityProvider_basic(realmName, oidcName), + Config: testKeycloakOidcIdentityProvider_basic(oidcName), Check: testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), }, }, }) } -func TestAccKeycloakOidcIdentityProvider_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - oidcName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOidcIdentityProviderDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOidcIdentityProvider_basic(firstRealm, oidcName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), - resource.TestCheckResourceAttr("keycloak_oidc_identity_provider.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakOidcIdentityProvider_basic(secondRealm, oidcName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOidcIdentityProviderExists("keycloak_oidc_identity_provider.oidc"), - resource.TestCheckResourceAttr("keycloak_oidc_identity_provider.oidc", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOidcIdentityProvider_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) firstEnabled := randomBool() firstOidc := &keycloak.IdentityProvider{ - Realm: realmName, + Realm: testAccRealm.Realm, Alias: acctest.RandString(10), Enabled: firstEnabled, Config: &keycloak.IdentityProviderConfig{ @@ -164,7 +107,7 @@ func TestAccKeycloakOidcIdentityProvider_basicUpdateAll(t *testing.T) { } secondOidc := &keycloak.IdentityProvider{ - Realm: realmName, + Realm: testAccRealm.Realm, Alias: acctest.RandString(10), Enabled: !firstEnabled, Config: &keycloak.IdentityProviderConfig{ @@ -257,8 +200,6 @@ func testAccCheckKeycloakOidcIdentityProviderDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - oidc, _ := keycloakClient.GetIdentityProvider(realm, id) if oidc != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -270,8 +211,6 @@ func testAccCheckKeycloakOidcIdentityProviderDestroy() resource.TestCheckFunc { } func getKeycloakOidcIdentityProviderFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProvider, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -288,49 +227,31 @@ func getKeycloakOidcIdentityProviderFromState(s *terraform.State, resourceName s return oidc, nil } -func testKeycloakOidcIdentityProvider_basic(realm, oidc string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" -} - -resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" - alias = "%s" - authorization_url = "https://example.com/auth" - token_url = "https://example.com/token" - client_id = "example_id" - client_secret = "example_token" -} - `, realm, oidc) -} - -func testKeycloakOidcIdentityProvider_custom(realm, alias string) string { +func testKeycloakOidcIdentityProvider_basic(oidc string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" - provider_id = "customIdp" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" client_id = "example_id" client_secret = "example_token" } - `, realm, alias) + `, testAccRealm.Realm, oidc) } -func testKeycloakOidcIdentityProvider_extra_config(realm, alias, customConfigValue string) string { +func testKeycloakOidcIdentityProvider_extra_config(alias, customConfigValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id provider_id = "oidc" alias = "%s" authorization_url = "https://example.com/auth" @@ -341,17 +262,17 @@ resource "keycloak_oidc_identity_provider" "oidc" { dummyConfig = "%s" } } - `, realm, alias, customConfigValue) + `, testAccRealm.Realm, alias, customConfigValue) } -func testKeycloakOidcIdentityProvider_keyDefaultScopes(realm, alias, value string) string { +func testKeycloakOidcIdentityProvider_keyDefaultScopes(alias, value string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id provider_id = "oidc" alias = "%s" authorization_url = "https://example.com/auth" @@ -360,17 +281,17 @@ resource "keycloak_oidc_identity_provider" "oidc" { client_secret = "example_token" default_scopes = "%s" } - `, realm, alias, value) + `, testAccRealm.Realm, alias, value) } func testKeycloakOidcIdentityProvider_basicFromInterface(oidc *keycloak.IdentityProvider) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" enabled = %t authorization_url = "%s" @@ -378,5 +299,5 @@ resource "keycloak_oidc_identity_provider" "oidc" { client_id = "%s" client_secret = "%s" } - `, oidc.Realm, oidc.Alias, oidc.Enabled, oidc.Config.AuthorizationUrl, oidc.Config.TokenUrl, oidc.Config.ClientId, oidc.Config.ClientSecret) + `, testAccRealm.Realm, oidc.Alias, oidc.Enabled, oidc.Config.AuthorizationUrl, oidc.Config.TokenUrl, oidc.Config.ClientId, oidc.Config.ClientSecret) } diff --git a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go index ff423b3d..2e26a962 100644 --- a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -24,7 +24,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -44,7 +44,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClientScope(t *testing.T) CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -52,7 +52,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClientScope(t *testing.T) } func TestAccKeycloakOpenIdAudienceProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdAudienceProtocolMapperExists(clientResourceName), testKeycloakOpenIdAudienceProtocolMapperExists(clientScopeResourceName), @@ -89,7 +89,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdAudienceProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -103,11 +103,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, clientId, mapperName, customAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, customAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, clientId, mapperName, updatedCustomAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, updatedCustomAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -115,9 +115,9 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdAudienceProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdAudienceProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -129,19 +129,17 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_createAfterManualDestroy(t *tes CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdAudienceProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -149,7 +147,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_createAfterManualDestroy(t *tes } func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -163,11 +161,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientIdForceNew(t *testi CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, clientId, mapperName, customAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, customAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, updatedClientId, mapperName, customAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(updatedClientId, mapperName, customAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -175,7 +173,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientIdForceNew(t *testi } func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -187,11 +185,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientScopeForceNew(t *te CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -199,8 +197,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientScopeForceNew(t *te } func TestAccKeycloakOpenIdAudienceProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -213,11 +210,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateRealmIdForceNew(t *testin CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, clientId, mapperName, customAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, customAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(newRealmName, clientId, mapperName, customAudience), + Config: testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, customAudience), Check: testKeycloakOpenIdAudienceProtocolMapperExists(resourceName), }, }, @@ -225,7 +222,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateRealmIdForceNew(t *testin } func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) @@ -235,7 +232,7 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t CheckDestroy: testAccKeycloakOpenIdAudienceProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(realmName, clientId, mapperName), + Config: testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName), ExpectError: regexp.MustCompile("validation error: client .+ does not exist"), }, }, @@ -298,19 +295,17 @@ func getAudienceMapperUsingState(state *terraform.State, resourceName string) (* clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdAudienceProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdAudienceProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -318,41 +313,41 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_audience_protocol_mapper" "audience_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" included_custom_audience = "foo" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_audience_protocol_mapper" "audience_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" included_custom_audience = "foo" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdAudienceProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -360,7 +355,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_audience_protocol_mapper" "audience_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" included_custom_audience = "foo" @@ -368,26 +363,26 @@ resource "keycloak_openid_audience_protocol_mapper" "audience_mapper_client" { resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_audience_protocol_mapper" "audience_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" included_custom_audience = "foo" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdAudienceProtocolMapper_customAudience(realmName, clientId, mapperName, customAudience string) string { +func testKeycloakOpenIdAudienceProtocolMapper_customAudience(clientId, mapperName, customAudience string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "CONFIDENTIAL" @@ -399,21 +394,21 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_audience_protocol_mapper" "audience_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" included_custom_audience = "%s" -}`, realmName, clientId, mapperName, customAudience) +}`, testAccRealm.Realm, clientId, mapperName, customAudience) } -func testKeycloakOpenIdAudienceProtocolMapper_validateClientConflictsWithClientScope(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_validateClientConflictsWithClientScope(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -421,27 +416,27 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_audience_protocol_mapper" "audience_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" included_custom_audience = "foo" -}`, realmName, clientId, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, clientScopeId, mapperName) } -func testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceConflictsWithCustomAudience(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceConflictsWithCustomAudience(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -449,22 +444,22 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_audience_protocol_mapper" "audience_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" included_client_audience = "${keycloak_openid_client.openid_client.client_id}" included_custom_audience = "foo" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "openid-client" access_type = "BEARER-ONLY" @@ -472,11 +467,11 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_audience_protocol_mapper" "audience_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" included_client_audience = "%s" depends_on = [ "keycloak_openid_client.openid_client" ] -}`, realmName, mapperName, clientId) +}`, testAccRealm.Realm, mapperName, clientId) } diff --git a/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go b/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go index bd6964da..aa707793 100644 --- a/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationAggregatePolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationAggregatePolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationAggregatePolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationAggregatePolicy_basic(realmName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationAggregatePolicy_basic(clientId), Check: testResourceKeycloakOpenidClientAuthorizationAggregatePolicyExists("keycloak_openid_client_aggregate_policy.test"), }, }, @@ -28,8 +28,6 @@ func TestAccKeycloakOpenidClientAuthorizationAggregatePolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationAggregatePolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationAggregatePolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -58,8 +56,6 @@ func testResourceKeycloakOpenidClientAuthorizationAggregatePolicyDestroy() resou resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationAggregatePolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -81,47 +77,47 @@ func testResourceKeycloakOpenidClientAuthorizationAggregatePolicyExists(resource } } -func testResourceKeycloakOpenidClientAuthorizationAggregatePolicy_basic(realm, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationAggregatePolicy_basic(clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource keycloak_openid_client test { - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - authorization { - policy_enforcement_mode = "ENFORCING" - } +resource keycloak_openid_client test { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + authorization { + policy_enforcement_mode = "ENFORCING" } +} - resource "keycloak_role" "test" { - realm_id = "${keycloak_realm.test.id}" - name = "aggregate_policy_role" - } +resource "keycloak_role" "test" { + realm_id = data.keycloak_realm.realm.id + name = "aggregate_policy_role" +} - resource keycloak_openid_client_role_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "keycloak_openid_client_role_policy" - decision_strategy = "UNANIMOUS" - logic = "POSITIVE" - type = "role" - role { - id = "${keycloak_role.test.id}" - required = false - } +resource keycloak_openid_client_role_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "keycloak_openid_client_role_policy" + decision_strategy = "UNANIMOUS" + logic = "POSITIVE" + type = "role" + role { + id = "${keycloak_role.test.id}" + required = false } +} - resource keycloak_openid_client_aggregate_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "keycloak_openid_client_aggregate_policy" - decision_strategy = "UNANIMOUS" - logic = "POSITIVE" - policies = ["${keycloak_openid_client_role_policy.test.id}"] - } - `, realm, clientId) +resource keycloak_openid_client_aggregate_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "keycloak_openid_client_aggregate_policy" + decision_strategy = "UNANIMOUS" + logic = "POSITIVE" + policies = ["${keycloak_openid_client_role_policy.test.id}"] +} + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_authorization_client_policy_test.go b/provider/resource_keycloak_openid_client_authorization_client_policy_test.go index 21da01aa..fb447e5c 100644 --- a/provider/resource_keycloak_openid_client_authorization_client_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_client_policy_test.go @@ -11,9 +11,8 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationClientPolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) - roleName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -21,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationClientPolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationClientPolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationClientPolicy_basic(realmName, roleName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationClientPolicy_basic(clientId), Check: testResourceKeycloakOpenidClientAuthorizationClientPolicyExists("keycloak_openid_client_client_policy.test"), }, }, @@ -29,8 +28,6 @@ func TestAccKeycloakOpenidClientAuthorizationClientPolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationClientPolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationClientPolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -59,8 +56,6 @@ func testResourceKeycloakOpenidClientAuthorizationClientPolicyDestroy() resource resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationClientPolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -83,30 +78,30 @@ func testResourceKeycloakOpenidClientAuthorizationClientPolicyExists(resourceNam } } -func testResourceKeycloakOpenidClientAuthorizationClientPolicy_basic(realm, roleName, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationClientPolicy_basic(clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource keycloak_openid_client test { - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - authorization { - policy_enforcement_mode = "ENFORCING" - } +resource keycloak_openid_client test { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + authorization { + policy_enforcement_mode = "ENFORCING" } +} - resource keycloak_openid_client_client_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "keycloak_openid_client_client_policy" - decision_strategy = "AFFIRMATIVE" - logic = "POSITIVE" - clients = ["${keycloak_openid_client.test.resource_server_id}"] - } - `, realm, clientId) +resource keycloak_openid_client_client_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "keycloak_openid_client_client_policy" + decision_strategy = "AFFIRMATIVE" + logic = "POSITIVE" + clients = ["${keycloak_openid_client.test.resource_server_id}"] +} + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_authorization_group_policy_test.go b/provider/resource_keycloak_openid_client_authorization_group_policy_test.go index 6e454f0f..ebcccd82 100644 --- a/provider/resource_keycloak_openid_client_authorization_group_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_group_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationGroupPolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationGroupPolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationGroupPolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationGroupPolicy_basic(realmName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationGroupPolicy_basic(clientId), Check: testResourceKeycloakOpenidClientAuthorizationGroupPolicyExists("keycloak_openid_client_group_policy.test"), }, }, @@ -28,8 +28,6 @@ func TestAccKeycloakOpenidClientAuthorizationGroupPolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationGroupPolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationGroupPolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -58,8 +56,6 @@ func testResourceKeycloakOpenidClientAuthorizationGroupPolicyDestroy() resource. resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationGroupPolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -82,38 +78,38 @@ func testResourceKeycloakOpenidClientAuthorizationGroupPolicyExists(resourceName } } -func testResourceKeycloakOpenidClientAuthorizationGroupPolicy_basic(realm, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationGroupPolicy_basic(clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource keycloak_openid_client test { - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - authorization { - policy_enforcement_mode = "ENFORCING" - } +resource keycloak_openid_client test { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + authorization { + policy_enforcement_mode = "ENFORCING" } +} - resource "keycloak_group" "test" { - realm_id = "${keycloak_realm.test.id}" - name = "foo" - } +resource "keycloak_group" "test" { + realm_id = data.keycloak_realm.realm.id + name = "foo" +} - resource keycloak_openid_client_group_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "client_group_policy_test" - groups { - id = "${keycloak_group.test.id}" - path = "${keycloak_group.test.path}" - extend_children = false - } - logic = "POSITIVE" - decision_strategy = "UNANIMOUS" +resource keycloak_openid_client_group_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "client_group_policy_test" + groups { + id = "${keycloak_group.test.id}" + path = "${keycloak_group.test.path}" + extend_children = false } - `, realm, clientId) + logic = "POSITIVE" + decision_strategy = "UNANIMOUS" +} + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_authorization_js_policy_test.go b/provider/resource_keycloak_openid_client_authorization_js_policy_test.go index d51f5bb4..33558361 100644 --- a/provider/resource_keycloak_openid_client_authorization_js_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_js_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationJSPolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationJSPolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationJSPolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationJSPolicy_basic(realmName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationJSPolicy_basic(clientId), Check: testResourceKeycloakOpenidClientAuthorizationJSPolicyExists("keycloak_openid_client_js_policy.test"), }, }, @@ -28,8 +28,6 @@ func TestAccKeycloakOpenidClientAuthorizationJSPolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationJSPolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationJSPolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -58,8 +56,6 @@ func testResourceKeycloakOpenidClientAuthorizationJSPolicyDestroy() resource.Tes resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationJSPolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -82,30 +78,30 @@ func testResourceKeycloakOpenidClientAuthorizationJSPolicyExists(resourceName st } } -func testResourceKeycloakOpenidClientAuthorizationJSPolicy_basic(realm, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationJSPolicy_basic(clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource keycloak_openid_client test { - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - authorization { - policy_enforcement_mode = "ENFORCING" - } +resource keycloak_openid_client test { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + authorization { + policy_enforcement_mode = "ENFORCING" } +} - resource keycloak_openid_client_js_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "client_js_policy_test" - logic = "POSITIVE" - decision_strategy = "UNANIMOUS" - code = "test" - description = "description" - } - `, realm, clientId) +resource keycloak_openid_client_js_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "client_js_policy_test" + logic = "POSITIVE" + decision_strategy = "UNANIMOUS" + code = "test" + description = "description" +} + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_authorization_permission_test.go b/provider/resource_keycloak_openid_client_authorization_permission_test.go index dee7a9b1..cd1eba9e 100644 --- a/provider/resource_keycloak_openid_client_authorization_permission_test.go +++ b/provider/resource_keycloak_openid_client_authorization_permission_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationPermission_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resourceName := "terraform-" + acctest.RandString(10) permissionName := "terraform-" + acctest.RandString(10) @@ -23,7 +23,7 @@ func TestAccKeycloakOpenidClientAuthorizationPermission_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationPermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationPermission_basic(realmName, clientId, resourceName, permissionName, scopeName), + Config: testKeycloakOpenidClientAuthorizationPermission_basic(clientId, resourceName, permissionName, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationPermissionExists("keycloak_openid_client_authorization_permission.test"), }, }, @@ -31,9 +31,9 @@ func TestAccKeycloakOpenidClientAuthorizationPermission_basic(t *testing.T) { } func TestAccKeycloakOpenidClientAuthorizationPermission_createAfterManualDestroy(t *testing.T) { + t.Parallel() var authorizationPermission = &keycloak.OpenidClientAuthorizationPermission{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resourceName := "terraform-" + acctest.RandString(10) permissionName := "terraform-" + acctest.RandString(10) @@ -45,69 +45,36 @@ func TestAccKeycloakOpenidClientAuthorizationPermission_createAfterManualDestroy CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationPermissionDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationPermission_basic(realmName, clientId, resourceName, permissionName, scopeName), + Config: testKeycloakOpenidClientAuthorizationPermission_basic(clientId, resourceName, permissionName, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationPermissionFetch("keycloak_openid_client_authorization_permission.test", authorizationPermission), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientAuthorizationPermission(authorizationPermission.RealmId, authorizationPermission.ResourceServerId, authorizationPermission.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientAuthorizationPermission_basic(realmName, clientId, resourceName, permissionName, scopeName), + Config: testKeycloakOpenidClientAuthorizationPermission_basic(clientId, resourceName, permissionName, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationPermissionExists("keycloak_openid_client_authorization_permission.test"), }, }, }) } -func TestAccKeycloakOpenidClientAuthorizationPermission_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) - permissionName := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationPermissionDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenidClientAuthorizationPermission_basic(firstRealm, clientId, resourceName, permissionName, scopeName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationPermissionExists("keycloak_openid_client_authorization_permission.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_permission.test", "realm_id", firstRealm), - ), - }, - { - Config: testKeycloakOpenidClientAuthorizationPermission_basic(secondRealm, clientId, resourceName, permissionName, scopeName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationPermissionExists("keycloak_openid_client_authorization_permission.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_permission.test", "realm_id", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOpenidClientAuthorizationPermission_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) scopeName := "terraform-" + acctest.RandString(10) firstAuthrorizationPermission := &keycloak.OpenidClientAuthorizationPermission{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), Description: acctest.RandString(10), } secondAuthrorizationPermission := &keycloak.OpenidClientAuthorizationPermission{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), Description: acctest.RandString(10), } @@ -162,13 +129,11 @@ func testAccCheckKeycloakOpenidClientAuthorizationPermissionDestroy() resource.T continue } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - authorizationPermission, _ := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, resourceServerId, id) + authorizationPermission, _ := keycloakClient.GetOpenidClientAuthorizationPermission(realm, resourceServerId, id) if authorizationPermission != nil { return fmt.Errorf("test config with id %s still exists", id) } @@ -179,18 +144,16 @@ func testAccCheckKeycloakOpenidClientAuthorizationPermissionDestroy() resource.T } func getKeycloakOpenidClientAuthorizationPermissionFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationPermission, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - authorizationPermission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, resourceServerId, id) + authorizationPermission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realm, resourceServerId, id) if err != nil { return nil, fmt.Errorf("error getting authorization permission config with id %s: %s", id, err) } @@ -198,15 +161,15 @@ func getKeycloakOpenidClientAuthorizationPermissionFromState(s *terraform.State, return authorizationPermission, nil } -func testKeycloakOpenidClientAuthorizationPermission_basic(realm, clientId, resourceName, permissionName, scopeName string) string { +func testKeycloakOpenidClientAuthorizationPermission_basic(clientId, resourceName, permissionName, scopeName string) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -215,7 +178,7 @@ resource keycloak_openid_client test { } data keycloak_openid_client_authorization_policy default { - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "default" } @@ -223,7 +186,7 @@ data keycloak_openid_client_authorization_policy default { resource keycloak_openid_client_authorization_resource test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id uris = [ "/endpoint/*" @@ -233,29 +196,29 @@ resource keycloak_openid_client_authorization_resource test { resource keycloak_openid_client_authorization_scope test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id } resource keycloak_openid_client_authorization_permission test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" policies = ["${data.keycloak_openid_client_authorization_policy.default.id}"] resources = ["${keycloak_openid_client_authorization_resource.test.id}"] } - `, realm, clientId, resourceName, scopeName, permissionName) + `, testAccRealm.Realm, clientId, resourceName, scopeName, permissionName) } func testKeycloakOpenidClientAuthorizationPermission_basicFromInterface(clientId string, authorizationPermission *keycloak.OpenidClientAuthorizationPermission, resourceName, scopeName string) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -264,7 +227,7 @@ resource keycloak_openid_client test { } data keycloak_openid_client_authorization_policy default { - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "default" } @@ -272,7 +235,7 @@ data keycloak_openid_client_authorization_policy default { resource keycloak_openid_client_authorization_resource resource { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id uris = [ "/endpoint/*" @@ -282,17 +245,17 @@ resource keycloak_openid_client_authorization_resource resource { resource keycloak_openid_client_authorization_scope test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id } resource keycloak_openid_client_authorization_permission test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" policies = ["${data.keycloak_openid_client_authorization_policy.default.id}"] resources = ["${keycloak_openid_client_authorization_resource.resource.id}"] description = "%s" scopes = ["${keycloak_openid_client_authorization_scope.test.id}"] } - `, authorizationPermission.RealmId, clientId, resourceName, scopeName, authorizationPermission.Name, authorizationPermission.Description) + `, testAccRealm.Realm, clientId, resourceName, scopeName, authorizationPermission.Name, authorizationPermission.Description) } diff --git a/provider/resource_keycloak_openid_client_authorization_resource_test.go b/provider/resource_keycloak_openid_client_authorization_resource_test.go index 5ff034ce..a540acbd 100644 --- a/provider/resource_keycloak_openid_client_authorization_resource_test.go +++ b/provider/resource_keycloak_openid_client_authorization_resource_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationResource_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resourceName := "terraform-" + acctest.RandString(10) @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationResource_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationResourceDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationResource_basic(realmName, clientId, resourceName), + Config: testKeycloakOpenidClientAuthorizationResource_basic(clientId, resourceName), Check: testAccCheckKeycloakOpenidClientAuthorizationResourceExists("keycloak_openid_client_authorization_resource.test"), }, }, @@ -28,9 +28,9 @@ func TestAccKeycloakOpenidClientAuthorizationResource_basic(t *testing.T) { } func TestAccKeycloakOpenidClientAuthorizationResource_createAfterManualDestroy(t *testing.T) { + t.Parallel() var authorizationResource = &keycloak.OpenidClientAuthorizationResource{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resourceName := "terraform-" + acctest.RandString(10) @@ -40,61 +40,30 @@ func TestAccKeycloakOpenidClientAuthorizationResource_createAfterManualDestroy(t CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationResourceDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationResource_basic(realmName, clientId, resourceName), + Config: testKeycloakOpenidClientAuthorizationResource_basic(clientId, resourceName), Check: testAccCheckKeycloakOpenidClientAuthorizationResourceFetch("keycloak_openid_client_authorization_resource.test", authorizationResource), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientAuthorizationResource(authorizationResource.RealmId, authorizationResource.ResourceServerId, authorizationResource.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientAuthorizationResource_basic(realmName, clientId, resourceName), + Config: testKeycloakOpenidClientAuthorizationResource_basic(clientId, resourceName), Check: testAccCheckKeycloakOpenidClientAuthorizationResourceExists("keycloak_openid_client_authorization_resource.test"), }, }, }) } -func TestAccKeycloakOpenidClientAuthorizationResource_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationResourceDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenidClientAuthorizationResource_basic(firstRealm, clientId, resourceName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationResourceExists("keycloak_openid_client_authorization_resource.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_resource.test", "realm_id", firstRealm), - ), - }, - { - Config: testKeycloakOpenidClientAuthorizationResource_basic(secondRealm, clientId, resourceName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationResourceExists("keycloak_openid_client_authorization_resource.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_resource.test", "realm_id", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOpenidClientAuthorizationResource_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) ownerManagedAccess := randomBool() firstAuthrorizationResource := &keycloak.OpenidClientAuthorizationResource{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), DisplayName: acctest.RandString(10), IconUri: acctest.RandString(10), @@ -103,7 +72,7 @@ func TestAccKeycloakOpenidClientAuthorizationResource_basicUpdateAll(t *testing. } secondAuthrorizationResource := &keycloak.OpenidClientAuthorizationResource{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), DisplayName: acctest.RandString(10), IconUri: acctest.RandString(10), @@ -161,13 +130,11 @@ func testAccCheckKeycloakOpenidClientAuthorizationResourceDestroy() resource.Tes continue } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - authorizationResource, _ := keycloakClient.GetOpenidClientAuthorizationResource(realmId, resourceServerId, id) + authorizationResource, _ := keycloakClient.GetOpenidClientAuthorizationResource(realm, resourceServerId, id) if authorizationResource != nil { return fmt.Errorf("test config with id %s still exists", id) } @@ -178,18 +145,16 @@ func testAccCheckKeycloakOpenidClientAuthorizationResourceDestroy() resource.Tes } func getKeycloakOpenidClientAuthorizationResourceFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationResource, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - authorizationResource, err := keycloakClient.GetOpenidClientAuthorizationResource(realmId, resourceServerId, id) + authorizationResource, err := keycloakClient.GetOpenidClientAuthorizationResource(realm, resourceServerId, id) if err != nil { return nil, fmt.Errorf("error getting authorization resource config with id %s: %s", id, err) } @@ -197,15 +162,15 @@ func getKeycloakOpenidClientAuthorizationResourceFromState(s *terraform.State, r return authorizationResource, nil } -func testKeycloakOpenidClientAuthorizationResource_basic(realm, clientId, resourceName string) string { +func testKeycloakOpenidClientAuthorizationResource_basic(clientId, resourceName string) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -216,24 +181,24 @@ resource keycloak_openid_client test { resource keycloak_openid_client_authorization_resource test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id uris = [ "/endpoint/*" ] } - `, realm, clientId, resourceName) + `, testAccRealm.Realm, clientId, resourceName) } func testKeycloakOpenidClientAuthorizationResource_basicFromInterface(clientId string, authorizationResource *keycloak.OpenidClientAuthorizationResource) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -244,7 +209,7 @@ resource keycloak_openid_client test { resource keycloak_openid_client_authorization_resource test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id display_name = "%s" icon_uri = "%s" owner_managed_access = %t @@ -253,5 +218,5 @@ resource keycloak_openid_client_authorization_resource test { "/test/" ] } - `, authorizationResource.RealmId, clientId, authorizationResource.Name, authorizationResource.DisplayName, authorizationResource.IconUri, authorizationResource.OwnerManagedAccess, authorizationResource.Type) + `, testAccRealm.Realm, clientId, authorizationResource.Name, authorizationResource.DisplayName, authorizationResource.IconUri, authorizationResource.OwnerManagedAccess, authorizationResource.Type) } diff --git a/provider/resource_keycloak_openid_client_authorization_role_policy_test.go b/provider/resource_keycloak_openid_client_authorization_role_policy_test.go index 6c95bb04..15ad4e9c 100644 --- a/provider/resource_keycloak_openid_client_authorization_role_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_role_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationRolePolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) roleName := "terraform-" + acctest.RandString(10) @@ -21,53 +21,14 @@ func TestAccKeycloakOpenidClientAuthorizationRolePolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationRolePolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationRolePolicy_basic(realmName, roleName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationRolePolicy_basic(roleName, clientId), Check: testResourceKeycloakOpenidClientAuthorizationRolePolicyExists("keycloak_openid_client_role_policy.test"), }, }, }) } -func testResourceKeycloakOpenidClientAuthorizationRolePolicy_basic(realm, roleName, clientId string) string { - - return fmt.Sprintf(` - resource keycloak_realm test { - realm = "%s" - } - - resource keycloak_openid_client test { - client_id = "%s" - realm_id = "${keycloak_realm.test.id}" - access_type = "CONFIDENTIAL" - service_accounts_enabled = true - authorization { - policy_enforcement_mode = "ENFORCING" - } - } - - resource "keycloak_role" "test" { - realm_id = "${keycloak_realm.test.id}" - name = "%s" - } - - resource keycloak_openid_client_role_policy test { - resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" - name = "keycloak_openid_client_role_policy" - decision_strategy = "AFFIRMATIVE" - logic = "POSITIVE" - type = "role" - role { - id = "${keycloak_role.test.id}" - required = false - } - } - `, realm, roleName, clientId) -} - func getResourceKeycloakOpenidClientAuthorizationRolePolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationRolePolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -96,8 +57,6 @@ func testResourceKeycloakOpenidClientAuthorizationRolePolicyDestroy() resource.T resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationRolePolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -119,3 +78,39 @@ func testResourceKeycloakOpenidClientAuthorizationRolePolicyExists(resourceName return nil } } + +func testResourceKeycloakOpenidClientAuthorizationRolePolicy_basic(roleName, clientId string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource keycloak_openid_client test { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + access_type = "CONFIDENTIAL" + service_accounts_enabled = true + authorization { + policy_enforcement_mode = "ENFORCING" + } +} + +resource "keycloak_role" "test" { + realm_id = data.keycloak_realm.realm.id + name = "%s" +} + +resource keycloak_openid_client_role_policy test { + resource_server_id = "${keycloak_openid_client.test.resource_server_id}" + realm_id = data.keycloak_realm.realm.id + name = "keycloak_openid_client_role_policy" + decision_strategy = "AFFIRMATIVE" + logic = "POSITIVE" + type = "role" + role { + id = "${keycloak_role.test.id}" + required = false + } +} + `, testAccRealm.Realm, roleName, clientId) +} diff --git a/provider/resource_keycloak_openid_client_authorization_scope_test.go b/provider/resource_keycloak_openid_client_authorization_scope_test.go index 8af82709..9c6d36b8 100644 --- a/provider/resource_keycloak_openid_client_authorization_scope_test.go +++ b/provider/resource_keycloak_openid_client_authorization_scope_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationScope_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) scopeName := "terraform-" + acctest.RandString(10) @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationScope_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationScope_basic(realmName, clientId, scopeName), + Config: testKeycloakOpenidClientAuthorizationScope_basic(clientId, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationScopeExists("keycloak_openid_client_authorization_scope.test"), }, }, @@ -28,9 +28,9 @@ func TestAccKeycloakOpenidClientAuthorizationScope_basic(t *testing.T) { } func TestAccKeycloakOpenidClientAuthorizationScope_createAfterManualDestroy(t *testing.T) { + t.Parallel() var authorizationScope = &keycloak.OpenidClientAuthorizationScope{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) scopeName := "terraform-" + acctest.RandString(10) @@ -40,67 +40,36 @@ func TestAccKeycloakOpenidClientAuthorizationScope_createAfterManualDestroy(t *t CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientAuthorizationScope_basic(realmName, clientId, scopeName), + Config: testKeycloakOpenidClientAuthorizationScope_basic(clientId, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationScopeFetch("keycloak_openid_client_authorization_scope.test", authorizationScope), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientAuthorizationScope(authorizationScope.RealmId, authorizationScope.ResourceServerId, authorizationScope.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientAuthorizationScope_basic(realmName, clientId, scopeName), + Config: testKeycloakOpenidClientAuthorizationScope_basic(clientId, scopeName), Check: testAccCheckKeycloakOpenidClientAuthorizationScopeExists("keycloak_openid_client_authorization_scope.test"), }, }, }) } -func TestAccKeycloakOpenidClientAuthorizationScope_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - clientId := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOpenidClientAuthorizationScopeDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenidClientAuthorizationScope_basic(firstRealm, clientId, scopeName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationScopeExists("keycloak_openid_client_authorization_scope.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_scope.test", "realm_id", firstRealm), - ), - }, - { - Config: testKeycloakOpenidClientAuthorizationScope_basic(secondRealm, clientId, scopeName), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientAuthorizationScopeExists("keycloak_openid_client_authorization_scope.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_authorization_scope.test", "realm_id", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOpenidClientAuthorizationScope_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) firstAuthrorizationScope := &keycloak.OpenidClientAuthorizationScope{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), DisplayName: acctest.RandString(10), IconUri: acctest.RandString(10), } secondAuthrorizationScope := &keycloak.OpenidClientAuthorizationScope{ - RealmId: realmName, + RealmId: testAccRealm.Realm, Name: acctest.RandString(10), DisplayName: acctest.RandString(10), IconUri: acctest.RandString(10), @@ -156,13 +125,11 @@ func testAccCheckKeycloakOpenidClientAuthorizationScopeDestroy() resource.TestCh continue } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - authorizationScope, _ := keycloakClient.GetOpenidClientAuthorizationScope(realmId, resourceServerId, id) + authorizationScope, _ := keycloakClient.GetOpenidClientAuthorizationScope(realm, resourceServerId, id) if authorizationScope != nil { return fmt.Errorf("test config with id %s still exists", id) } @@ -173,18 +140,16 @@ func testAccCheckKeycloakOpenidClientAuthorizationScopeDestroy() resource.TestCh } func getKeycloakOpenidClientAuthorizationScopeFromState(s *terraform.State, scopeName string) (*keycloak.OpenidClientAuthorizationScope, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[scopeName] if !ok { return nil, fmt.Errorf("resource not found: %s", scopeName) } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] resourceServerId := rs.Primary.Attributes["resource_server_id"] id := rs.Primary.ID - authorizationScope, err := keycloakClient.GetOpenidClientAuthorizationScope(realmId, resourceServerId, id) + authorizationScope, err := keycloakClient.GetOpenidClientAuthorizationScope(realm, resourceServerId, id) if err != nil { return nil, fmt.Errorf("error getting authorization scope config with id %s: %s", id, err) } @@ -192,15 +157,15 @@ func getKeycloakOpenidClientAuthorizationScopeFromState(s *terraform.State, scop return authorizationScope, nil } -func testKeycloakOpenidClientAuthorizationScope_basic(realm, clientId, scopeName string) string { +func testKeycloakOpenidClientAuthorizationScope_basic(clientId, scopeName string) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -211,20 +176,20 @@ resource keycloak_openid_client test { resource keycloak_openid_client_authorization_scope test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id } - `, realm, clientId, scopeName) + `, testAccRealm.Realm, clientId, scopeName) } func testKeycloakOpenidClientAuthorizationScope_basicFromInterface(clientId string, authorizationScope *keycloak.OpenidClientAuthorizationScope) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -235,7 +200,7 @@ resource keycloak_openid_client test { resource keycloak_openid_client_authorization_scope test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" name = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id display_name = "%s" icon_uri = "%s" } diff --git a/provider/resource_keycloak_openid_client_authorization_time_policy_test.go b/provider/resource_keycloak_openid_client_authorization_time_policy_test.go index 87669ee7..3874e0cf 100644 --- a/provider/resource_keycloak_openid_client_authorization_time_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_time_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationTimePolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) policyName := "terraform-" + acctest.RandString(10) @@ -21,7 +21,7 @@ func TestAccKeycloakOpenidClientAuthorizationTimePolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationTimePolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(realmName, policyName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(policyName, clientId), Check: testResourceKeycloakOpenidClientAuthorizationTimePolicyExists("keycloak_openid_client_time_policy.test"), }, }, @@ -29,8 +29,6 @@ func TestAccKeycloakOpenidClientAuthorizationTimePolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationTimePolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationTimePolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -59,8 +57,6 @@ func testResourceKeycloakOpenidClientAuthorizationTimePolicyDestroy() resource.T resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationTimePolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -83,16 +79,16 @@ func testResourceKeycloakOpenidClientAuthorizationTimePolicyExists(resourceName } } -func testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(realm, policyName, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(policyName, clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { + data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -102,7 +98,7 @@ func testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(realm, policy resource keycloak_openid_client_time_policy test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" not_on_or_after = "2500-12-12 01:01:11" not_before = "2400-12-12 01:01:11" @@ -119,5 +115,5 @@ func testResourceKeycloakOpenidClientAuthorizationTimePolicy_basic(realm, policy logic = "POSITIVE" decision_strategy = "UNANIMOUS" } - `, realm, clientId, policyName) + `, testAccRealm.Realm, clientId, policyName) } diff --git a/provider/resource_keycloak_openid_client_authorization_user_policy_test.go b/provider/resource_keycloak_openid_client_authorization_user_policy_test.go index 4a97166d..41131b7e 100644 --- a/provider/resource_keycloak_openid_client_authorization_user_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_user_policy_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientAuthorizationUserPolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -20,7 +20,7 @@ func TestAccKeycloakOpenidClientAuthorizationUserPolicy(t *testing.T) { CheckDestroy: testResourceKeycloakOpenidClientAuthorizationUserPolicyDestroy(), Steps: []resource.TestStep{ { - Config: testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(realmName, clientId), + Config: testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(clientId), Check: testResourceKeycloakOpenidClientAuthorizationUserPolicyExists("keycloak_openid_client_user_policy.test"), }, }, @@ -28,8 +28,6 @@ func TestAccKeycloakOpenidClientAuthorizationUserPolicy(t *testing.T) { } func getResourceKeycloakOpenidClientAuthorizationUserPolicyFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientAuthorizationUserPolicy, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -58,8 +56,6 @@ func testResourceKeycloakOpenidClientAuthorizationUserPolicyDestroy() resource.T resourceServerId := rs.Primary.Attributes["resource_server_id"] policyId := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - policy, _ := keycloakClient.GetOpenidClientAuthorizationUserPolicy(realm, resourceServerId, policyId) if policy != nil { return fmt.Errorf("policy config with id %s still exists", policyId) @@ -82,15 +78,15 @@ func testResourceKeycloakOpenidClientAuthorizationUserPolicyExists(resourceName } } -func testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(realm, clientId string) string { +func testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(clientId string) string { return fmt.Sprintf(` - resource keycloak_realm test { + data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true authorization { @@ -99,7 +95,7 @@ func testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(realm, client } resource keycloak_user test { - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id username = "test-user" email = "test-user@fakedomain.com" @@ -109,11 +105,11 @@ func testResourceKeycloakOpenidClientAuthorizationUserPolicy_basic(realm, client resource keycloak_openid_client_user_policy test { resource_server_id = "${keycloak_openid_client.test.resource_server_id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id name = "client_user_policy_test" users = ["${keycloak_user.test.id}"] logic = "POSITIVE" decision_strategy = "UNANIMOUS" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_default_scopes_test.go b/provider/resource_keycloak_openid_client_default_scopes_test.go index 38ea201d..020920b7 100644 --- a/provider/resource_keycloak_openid_client_default_scopes_test.go +++ b/provider/resource_keycloak_openid_client_default_scopes_test.go @@ -15,7 +15,7 @@ import ( var preAssignedDefaultClientScopes = []string{"profile", "email", "web-origins", "roles"} func TestAccKeycloakOpenidClientDefaultScopes_basic(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -26,13 +26,13 @@ func TestAccKeycloakOpenidClientDefaultScopes_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, // we need a separate test step for destroy instead of using CheckDestroy because this resource is implicitly // destroyed at the end of each test via destroying clients { - Config: testKeycloakOpenidClientDefaultScopes_noDefaultScopes(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_noDefaultScopes(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasNoDefaultScopes("keycloak_openid_client.client"), }, }, @@ -40,7 +40,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_basic(t *testing.T) { } func TestAccKeycloakOpenidClientDefaultScopes_updateClientForceNew(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientOne := "terraform-client-" + acctest.RandString(10) clientTwo := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -52,11 +52,11 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateClientForceNew(t *testing.T) PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_basic(realm, clientOne, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_basic(clientOne, clientScope), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, { - Config: testKeycloakOpenidClientDefaultScopes_basic(realm, clientTwo, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_basic(clientTwo, clientScope), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, }, @@ -64,7 +64,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateClientForceNew(t *testing.T) } func TestAccKeycloakOpenidClientDefaultScopes_updateInPlace(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -84,17 +84,17 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateInPlace(t *testing.T) { Steps: []resource.TestStep{ // init { - Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", allClientScopes), }, // remove { - Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(realm, client, clientScope, subsetOfClientScopes), + Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(client, clientScope, subsetOfClientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", subsetOfClientScopes), }, // add { - Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", allClientScopes), }, }, @@ -102,7 +102,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateInPlace(t *testing.T) { } func TestAccKeycloakOpenidClientDefaultScopes_validateClientDoesNotExist(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -111,7 +111,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientDoesNotExist(t *test PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_validationNoClient(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_validationNoClient(client, clientScope), ExpectError: regexp.MustCompile("validation error: client with id .+ does not exist"), }, }, @@ -119,7 +119,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientDoesNotExist(t *test } func TestAccKeycloakOpenidClientDefaultScopes_validateClientAccessType(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -128,7 +128,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientAccessType(t *testin PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_validationBearerOnlyClient(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_validationBearerOnlyClient(client, clientScope), ExpectError: regexp.MustCompile("validation error: client with id .+ uses access type BEARER-ONLY which does not use scopes"), }, }, @@ -137,7 +137,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientAccessType(t *testin // if a default client scope is manually detached from a client with default scopes controlled by this resource, terraform should add it again func TestAccKeycloakOpenidClientDefaultScopes_authoritativeAdd(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScopes := append(preAssignedDefaultClientScopes, "terraform-client-scope-"+acctest.RandString(10), @@ -150,25 +150,23 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeAdd(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetOpenidClientByClientId(realm, client) + client, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } clientToManuallyDetach := clientScopes[acctest.RandIntRange(0, len(clientScopes)-1)] - err = keycloakClient.DetachOpenidClientDefaultScopes(realm, client.Id, []string{clientToManuallyDetach}) + err = keycloakClient.DetachOpenidClientDefaultScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyDetach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, }, @@ -177,7 +175,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeAdd(t *testing.T) { // if a default client scope is manually attached to a client with default scopes controlled by this resource, terraform should detach it func TestAccKeycloakOpenidClientDefaultScopes_authoritativeRemove(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) randomClientScopes := []string{ @@ -200,24 +198,22 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeRemove(t *testing.T) PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", attachedClientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetOpenidClientByClientId(realm, client) + client, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachOpenidClientDefaultScopes(realm, client.Id, []string{clientToManuallyAttach}) + err = keycloakClient.AttachOpenidClientDefaultScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyAttach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakOpenidClientDefaultScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", attachedClientScopes), testAccCheckKeycloakOpenidClientDefaultScopeIsNotAttached("keycloak_openid_client_default_scopes.default_scopes", clientToManuallyAttach), @@ -229,7 +225,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeRemove(t *testing.T) // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakOpenidClientDefaultScopes_noImportNeeded(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -240,24 +236,22 @@ func TestAccKeycloakOpenidClientDefaultScopes_noImportNeeded(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_noDefaultScopes(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_noDefaultScopes(client, clientScope), Check: testAccCheckKeycloakOpenidClientDefaultScopeIsNotAttached("keycloak_openid_client.client", clientScope), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - openidClient, err := keycloakClient.GetOpenidClientByClientId(realm, client) + openidClient, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachOpenidClientDefaultScopes(realm, openidClient.Id, clientScopes) + err = keycloakClient.AttachOpenidClientDefaultScopes(testAccRealm.Realm, openidClient.Id, clientScopes) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", clientScopes), }, }, @@ -270,7 +264,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_noImportNeeded(t *testing.T) { // result in anything destructive. thus, a following plan will not be empty, as terraform // will think it needs to remove these scopes, which is okay to do during an update func TestAccKeycloakOpenidClientDefaultScopes_profileAndEmailDefaultScopes(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -279,7 +273,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_profileAndEmailDefaultScopes(t *te PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(realm, client, clientScope, []string{clientScope}), + Config: testKeycloakOpenidClientDefaultScopes_listOfScopes(client, clientScope, []string{clientScope}), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client.client", append(preAssignedDefaultClientScopes, clientScope)), ExpectNonEmptyPlan: true, }, @@ -289,7 +283,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_profileAndEmailDefaultScopes(t *te // Keycloak throws a 500 if you attempt to attach an optional scope that is already attached as an optional scope func TestAccKeycloakOpenidClientDefaultScopes_validateDuplicateScopeAssignment(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -301,12 +295,12 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateDuplicateScopeAssignment(t Steps: []resource.TestStep{ // attach optional scopes, including the custom scope { - Config: testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", optionalClientScopes), }, // attach default scopes with the custom scope, expect an error since it is already in use { - Config: testKeycloakOpenidClientDefaultScopes_duplicateScopeAssignment(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_duplicateScopeAssignment(client, clientScope), ExpectError: regexp.MustCompile("validation error: scope .+ is already attached to client as an optional scope"), }, }, @@ -314,8 +308,6 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateDuplicateScopeAssignment(t } func getDefaultClientScopesFromState(resourceName string, s *terraform.State) ([]*keycloak.OpenidClientScope, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -397,27 +389,27 @@ func testAccCheckKeycloakOpenidClientDefaultScopeIsNotAttached(resourceName, cli } } -func testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope string) string { +func testKeycloakOpenidClientDefaultScopes_basic(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" default_scopes = [ "profile", @@ -427,74 +419,74 @@ resource "keycloak_openid_client_default_scopes" "default_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakOpenidClientDefaultScopes_noDefaultScopes(realm, client, clientScope string) string { +func testKeycloakOpenidClientDefaultScopes_noDefaultScopes(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakOpenidClientDefaultScopes_listOfScopes(realm, client, clientScope string, listOfDefaultScopes []string) string { +func testKeycloakOpenidClientDefaultScopes_listOfScopes(client, clientScope string, listOfDefaultScopes []string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" default_scopes = %s depends_on = ["keycloak_openid_client_scope.client_scope"] } - `, realm, client, clientScope, arrayOfStringsForTerraformResource(listOfDefaultScopes)) + `, testAccRealm.Realm, client, clientScope, arrayOfStringsForTerraformResource(listOfDefaultScopes)) } -func testKeycloakOpenidClientDefaultScopes_validationNoClient(realm, client, clientScope string) string { +func testKeycloakOpenidClientDefaultScopes_validationNoClient(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" default_scopes = [ "profile", @@ -504,30 +496,30 @@ resource "keycloak_openid_client_default_scopes" "default_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, clientScope, client) + `, testAccRealm.Realm, clientScope, client) } -func testKeycloakOpenidClientDefaultScopes_validationBearerOnlyClient(realm, client, clientScope string) string { +func testKeycloakOpenidClientDefaultScopes_validationBearerOnlyClient(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" default_scopes = [ "profile", @@ -537,17 +529,17 @@ resource "keycloak_openid_client_default_scopes" "default_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakOpenidClientDefaultScopes_multipleClientScopes(realm, client string, allClientScopes, attachedClientScopes []string) string { +func testKeycloakOpenidClientDefaultScopes_multipleClientScopes(client string, allClientScopes, attachedClientScopes []string) string { var clientScopeResources strings.Builder for _, clientScope := range allClientScopes { if strings.HasPrefix(clientScope, "terraform") { clientScopeResources.WriteString(fmt.Sprintf(` resource "keycloak_openid_client_scope" "client_scope_%s" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } `, clientScope, clientScope)) } @@ -563,32 +555,32 @@ resource "keycloak_openid_client_scope" "client_scope_%s" { } return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } %s resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" default_scopes = %s } - `, realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) + `, testAccRealm.Realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) } -func testKeycloakOpenidClientDefaultScopes_duplicateScopeAssignment(realm, client, clientScope string) string { +func testKeycloakOpenidClientDefaultScopes_duplicateScopeAssignment(client, clientScope string) string { return fmt.Sprintf(` %s resource "keycloak_openid_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" default_scopes = [ "profile", @@ -598,5 +590,5 @@ resource "keycloak_openid_client_default_scopes" "default_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope)) + `, testKeycloakOpenidClientOptionalScopes_basic(client, clientScope)) } diff --git a/provider/resource_keycloak_openid_client_optional_scopes_test.go b/provider/resource_keycloak_openid_client_optional_scopes_test.go index 1451d36a..7a0616aa 100644 --- a/provider/resource_keycloak_openid_client_optional_scopes_test.go +++ b/provider/resource_keycloak_openid_client_optional_scopes_test.go @@ -21,7 +21,7 @@ func getPreAssignedOptionalClientScopes() []string { } func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -32,13 +32,13 @@ func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, // we need a separate test step for destroy instead of using CheckDestroy because this resource is implicitly // destroyed at the end of each test via destroying clients { - Config: testKeycloakOpenidClientOptionalScopes_noOptionalScopes(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_noOptionalScopes(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasNoOptionalScopes("keycloak_openid_client.client"), }, }, @@ -46,7 +46,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { } func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientOne := "terraform-client-" + acctest.RandString(10) clientTwo := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -58,11 +58,11 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_basic(realm, clientOne, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_basic(clientOne, clientScope), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, { - Config: testKeycloakOpenidClientOptionalScopes_basic(realm, clientTwo, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_basic(clientTwo, clientScope), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, }, @@ -70,7 +70,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T } func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -90,17 +90,17 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { Steps: []resource.TestStep{ // init { - Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", allClientScopes), }, // remove { - Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope, subsetOfClientScopes), + Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(client, clientScope, subsetOfClientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", subsetOfClientScopes), }, // add { - Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", allClientScopes), }, }, @@ -108,7 +108,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { } func TestAccKeycloakOpenidClientOptionalScopes_validateClientDoesNotExist(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -117,7 +117,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientDoesNotExist(t *tes PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_validationNoClient(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_validationNoClient(client, clientScope), ExpectError: regexp.MustCompile("validation error: client with id .+ does not exist"), }, }, @@ -125,7 +125,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientDoesNotExist(t *tes } func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -134,7 +134,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testi PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(client, clientScope), ExpectError: regexp.MustCompile("validation error: client with id .+ uses access type BEARER-ONLY which does not use scopes"), }, }, @@ -143,7 +143,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testi // if a optional client scope is manually detached from a client with optional scopes controlled by this resource, terraform should add it again func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScopes := append(getPreAssignedOptionalClientScopes(), "terraform-client-scope-"+acctest.RandString(10), @@ -156,25 +156,23 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetOpenidClientByClientId(realm, client) + client, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } clientToManuallyDetach := clientScopes[acctest.RandIntRange(0, len(clientScopes)-1)] - err = keycloakClient.DetachOpenidClientOptionalScopes(realm, client.Id, []string{clientToManuallyDetach}) + err = keycloakClient.DetachOpenidClientOptionalScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyDetach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, }, @@ -183,7 +181,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { // if an optional client scope is manually attached to a client with optional scopes controlled by this resource, terraform should detach it func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) randomClientScopes := []string{ @@ -206,24 +204,22 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", attachedClientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetOpenidClientByClientId(realm, client) + client, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachOpenidClientOptionalScopes(realm, client.Id, []string{clientToManuallyAttach}) + err = keycloakClient.AttachOpenidClientOptionalScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyAttach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakOpenidClientOptionalScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", attachedClientScopes), testAccCheckKeycloakOpenidClientOptionalScopeIsNotAttached("keycloak_openid_client_optional_scopes.optional_scopes", clientToManuallyAttach), @@ -235,7 +231,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -246,24 +242,22 @@ func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_noOptionalScopes(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_noOptionalScopes(client, clientScope), Check: testAccCheckKeycloakOpenidClientOptionalScopeIsNotAttached("keycloak_openid_client.client", clientScope), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - openidClient, err := keycloakClient.GetOpenidClientByClientId(realm, client) + openidClient, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachOpenidClientOptionalScopes(realm, openidClient.Id, clientScopes) + err = keycloakClient.AttachOpenidClientOptionalScopes(testAccRealm.Realm, openidClient.Id, clientScopes) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client_optional_scopes.optional_scopes", clientScopes), }, }, @@ -277,7 +271,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { // as terraform will think it needs to remove these scopes, which is okay to do // during an update func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -286,7 +280,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t * PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope, []string{clientScope}), + Config: testKeycloakOpenidClientOptionalScopes_listOfScopes(client, clientScope, []string{clientScope}), Check: testAccCheckKeycloakOpenidClientHasOptionalScopes("keycloak_openid_client.client", append(getPreAssignedOptionalClientScopes(), clientScope)), ExpectNonEmptyPlan: true, }, @@ -296,7 +290,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t * // Keycloak throws a 500 if you attempt to attach an optional scope that is already attached as a default scope func TestAccKeycloakOpenidClientOptionalScopes_validateDuplicateScopeAssignment(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -308,12 +302,12 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateDuplicateScopeAssignment( Steps: []resource.TestStep{ // attach default scopes, including the custom scope { - Config: testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope), + Config: testKeycloakOpenidClientDefaultScopes_basic(client, clientScope), Check: testAccCheckKeycloakOpenidClientHasDefaultScopes("keycloak_openid_client_default_scopes.default_scopes", defaultClientScopes), }, // attach optional scopes with the custom scope, expect an error since it is already in use { - Config: testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(realm, client, clientScope), + Config: testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(client, clientScope), ExpectError: regexp.MustCompile("validation error: scope .+ is already attached to client as a default scope"), }, }, @@ -321,8 +315,6 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateDuplicateScopeAssignment( } func getOptionalClientScopesFromState(resourceName string, s *terraform.State) ([]*keycloak.OpenidClientScope, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -404,28 +396,28 @@ func testAccCheckKeycloakOpenidClientOptionalScopeIsNotAttached(resourceName, cl } } -func testKeycloakOpenidClientOptionalScopes_basic(realm, client, clientScope string) string { +func testKeycloakOpenidClientOptionalScopes_basic(client, clientScope string) string { if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -435,28 +427,28 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } else { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -465,76 +457,76 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } } -func testKeycloakOpenidClientOptionalScopes_noOptionalScopes(realm, client, clientScope string) string { +func testKeycloakOpenidClientOptionalScopes_noOptionalScopes(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakOpenidClientOptionalScopes_listOfScopes(realm, client, clientScope string, listOfOptionalScopes []string) string { +func testKeycloakOpenidClientOptionalScopes_listOfScopes(client, clientScope string, listOfOptionalScopes []string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = %s depends_on = ["keycloak_openid_client_scope.client_scope"] } - `, realm, client, clientScope, arrayOfStringsForTerraformResource(listOfOptionalScopes)) + `, testAccRealm.Realm, client, clientScope, arrayOfStringsForTerraformResource(listOfOptionalScopes)) } -func testKeycloakOpenidClientOptionalScopes_validationNoClient(realm, client, clientScope string) string { +func testKeycloakOpenidClientOptionalScopes_validationNoClient(client, clientScope string) string { if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" optional_scopes = [ "address", @@ -544,22 +536,22 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, clientScope, client) + `, testAccRealm.Realm, clientScope, client) } else { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" optional_scopes = [ "address", @@ -568,32 +560,32 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, clientScope, client) + `, testAccRealm.Realm, clientScope, client) } } -func testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(realm, client, clientScope string) string { +func testKeycloakOpenidClientOptionalScopes_validationBearerOnlyClient(client, clientScope string) string { if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -603,28 +595,28 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } else { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -633,18 +625,18 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } } -func testKeycloakOpenidClientOptionalScopes_multipleClientScopes(realm, client string, allClientScopes, attachedClientScopes []string) string { +func testKeycloakOpenidClientOptionalScopes_multipleClientScopes(client string, allClientScopes, attachedClientScopes []string) string { var clientScopeResources strings.Builder for _, clientScope := range allClientScopes { if strings.HasPrefix(clientScope, "terraform") { clientScopeResources.WriteString(fmt.Sprintf(` resource "keycloak_openid_client_scope" "client_scope_%s" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } `, clientScope, clientScope)) } @@ -660,33 +652,33 @@ resource "keycloak_openid_client_scope" "client_scope_%s" { } return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } %s resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = %s } - `, realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) + `, testAccRealm.Realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) } -func testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(realm, client, clientScope string) string { +func testKeycloakOpenidClientOptionalScopes_duplicateScopeAssignment(client, clientScope string) string { if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_6) { return fmt.Sprintf(` %s resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -696,13 +688,13 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope)) + `, testKeycloakOpenidClientDefaultScopes_basic(client, clientScope)) } else { return fmt.Sprintf(` %s resource "keycloak_openid_client_optional_scopes" "optional_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.client.id}" optional_scopes = [ "address", @@ -711,6 +703,6 @@ resource "keycloak_openid_client_optional_scopes" "optional_scopes" { "${keycloak_openid_client_scope.client_scope.name}" ] } - `, testKeycloakOpenidClientDefaultScopes_basic(realm, client, clientScope)) + `, testKeycloakOpenidClientDefaultScopes_basic(client, clientScope)) } } diff --git a/provider/resource_keycloak_openid_client_permissions.go b/provider/resource_keycloak_openid_client_permissions.go index b264364e..3eacf32a 100644 --- a/provider/resource_keycloak_openid_client_permissions.go +++ b/provider/resource_keycloak_openid_client_permissions.go @@ -25,13 +25,12 @@ func resourceKeycloakOpenidClientPermissions() *schema.Resource { Required: true, ForceNew: true, }, - "client_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, "enabled": { Type: schema.TypeBool, + Computed: true, + }, + "client_id": { + Type: schema.TypeString, Required: true, ForceNew: true, }, @@ -40,34 +39,13 @@ func resourceKeycloakOpenidClientPermissions() *schema.Resource { Computed: true, Description: "Resource server id representing the realm management client on which this permission is managed", }, - "view_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "manage_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "configure_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "map_roles_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "map_roles_client_scope_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "map_roles_composite_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, - "token_exchange_scope_policy_id": { - Type: schema.TypeString, - Optional: true, - }, + "view_scope": scopePermissionsSchema(), + "manage_scope": scopePermissionsSchema(), + "configure_scope": scopePermissionsSchema(), + "map_roles_scope": scopePermissionsSchema(), + "map_roles_client_scope_scope": scopePermissionsSchema(), + "map_roles_composite_scope": scopePermissionsSchema(), + "token_exchange_scope": scopePermissionsSchema(), }, } } @@ -76,119 +54,96 @@ func clientPermissionsId(realmId, clientId string) string { return fmt.Sprintf("%s/%s", realmId, clientId) } -func setOpenidClientScopePermissionPolicy(keycloakClient *keycloak.KeycloakClient, realmId, clientId string, scopeName string, policyId string) error { - openidClientPermissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) - if err != nil { - return err - } +// TODO: is this needed? +//func unsetOpenidClientScopePermissionPolicy(keycloakClient *keycloak.KeycloakClient, realmId, clientId, scopeName string) error { +// openidClientPermissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) +// if err != nil { +// return err +// } +// +// realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") +// if err != nil { +// return err +// } +// +// permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions[scopeName].(string)) +// if err != nil { +// return err +// } +// +// permission.Policies = []string{} +// err = keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) +// if err != nil { +// return err +// } +// +// return nil +//} - realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") - if err != nil { - return err - } - - permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions[scopeName].(string)) - if err != nil { - return err - } - - permission.Policies = []string{policyId} - - return keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) +func resourceKeycloakOpenidClientPermissionsCreate(data *schema.ResourceData, meta interface{}) error { + return resourceKeycloakOpenidClientPermissionsUpdate(data, meta) } -func unsetOpenidClientScopePermissionPolicy(keycloakClient *keycloak.KeycloakClient, realmId, clientId, scopeName string) error { - openidClientPermissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) - if err != nil { - return err - } +func resourceKeycloakOpenidClientPermissionsUpdate(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) - realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") + realmId := data.Get("realm_id").(string) + clientId := data.Get("client_id").(string) + + // the existence of this resource implies that permissions are enabled for this client. + err := keycloakClient.EnableOpenidClientPermissions(realmId, clientId) if err != nil { return err } - permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions[scopeName].(string)) + openidClientPermissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) if err != nil { return err } - permission.Policies = []string{} - err = keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) + realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") if err != nil { return err } - return nil -} - -func resourceKeycloakOpenidClientPermissionsCreate(data *schema.ResourceData, meta interface{}) error { - return resourceKeycloakOpenidClientPermissionsUpdate(data, meta) -} - -func resourceKeycloakOpenidClientPermissionsUpdate(data *schema.ResourceData, meta interface{}) error { - keycloakClient := meta.(*keycloak.KeycloakClient) - - realmId := data.Get("realm_id").(string) - clientId := data.Get("client_id").(string) - - if data.Get("enabled").(bool) { - err := keycloakClient.EnableOpenidClientPermissions(realmId, clientId) - if err != nil { - return err - } - } else { - err := keycloakClient.DisableOpenidClientPermissions(realmId, clientId) + if viewScope, ok := data.GetOk("view_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["view"].(string), viewScope.(*schema.Set)) if err != nil { return err } } - - viewScopePolicyId, ok := data.GetOkExists("view_scope_policy_id") - if ok && viewScopePolicyId != nil { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "view", viewScopePolicyId.(string)) + if manageScope, ok := data.GetOk("manage_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["manage"].(string), manageScope.(*schema.Set)) if err != nil { return err } } - manageScopePolicyId, ok := data.GetOkExists("manage_scope_policy_id") - if ok && manageScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "manage", manageScopePolicyId.(string)) + if configureScope, ok := data.GetOk("configure_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["configure"].(string), configureScope.(*schema.Set)) if err != nil { return err } } - configureScopePolicyId, ok := data.GetOkExists("configure_scope_policy_id") - if ok && configureScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "configure", configureScopePolicyId.(string)) + if mapRolesScope, ok := data.GetOk("map_roles_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles"].(string), mapRolesScope.(*schema.Set)) if err != nil { return err } } - mapRolesScopePolicyId, ok := data.GetOkExists("map_roles_scope_policy_id") - if ok && mapRolesScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "map-roles", mapRolesScopePolicyId.(string)) + if mapRolesClientsScope, ok := data.GetOk("map_roles_client_scope_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-client-scope"].(string), mapRolesClientsScope.(*schema.Set)) if err != nil { return err } } - mapRolesClientsScopePolicyId, ok := data.GetOkExists("map_roles_client_scope_scope_policy_id") - if ok && mapRolesClientsScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "map-roles-client-scope", mapRolesClientsScopePolicyId.(string)) + if mapRolesCompositeScope, ok := data.GetOk("map_roles_composite_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-composite"].(string), mapRolesCompositeScope.(*schema.Set)) if err != nil { return err } } - mapRolesCompositeScopePolicyId, ok := data.GetOkExists("map_roles_composite_scope_policy_id") - if ok && mapRolesCompositeScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "map-roles-composite", mapRolesCompositeScopePolicyId.(string)) - if err != nil { - return err - } - } - tokenExchangeScopePolicyId, ok := data.GetOkExists("token_exchange_scope_policy_id") - if ok && tokenExchangeScopePolicyId != "" { - err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "token-exchange", tokenExchangeScopePolicyId.(string)) + if tokenExchangeScope, ok := data.GetOk("token_exchange_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["token-exchange"].(string), tokenExchangeScope.(*schema.Set)) if err != nil { return err } @@ -207,94 +162,74 @@ func resourceKeycloakOpenidClientPermissionsRead(data *schema.ResourceData, meta return handleNotFoundError(err, data) } - data.SetId(clientPermissionsId(openidClientPermissions.RealmId, openidClientPermissions.ClientId)) - data.Set("realm_id", openidClientPermissions.RealmId) - data.Set("client_id", openidClientPermissions.ClientId) - - data.Set("enabled", openidClientPermissions.Enabled) - if !openidClientPermissions.Enabled { log.Printf("[WARN] Removing resource with id %s from state as it no longer enabled", data.Id()) + data.SetId("") return nil } - data.Set("view_scope_policy_id", nil) - data.Set("manage_scope_policy_id", nil) - data.Set("configure_scope_policy_id", nil) - data.Set("map_roles_scope_policy_id", nil) - data.Set("map_roles_client_scope_scope_policy_id", nil) - data.Set("map_roles_composite_scope_policy_id", nil) - data.Set("token_exchange_scope_policy_id", nil) - realmManagementClient, err := keycloakClient.GetOpenidClientByClientId(realmId, "realm-management") if err != nil { return err } - permissionView, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["view"].(string)) - if err != nil { + + data.SetId(clientPermissionsId(openidClientPermissions.RealmId, openidClientPermissions.ClientId)) + data.Set("realm_id", openidClientPermissions.RealmId) + data.Set("client_id", openidClientPermissions.ClientId) + data.Set("enabled", openidClientPermissions.Enabled) + data.Set("authorization_resource_server_id", realmManagementClient.Id) + + if viewScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["view"].(string)); err == nil && viewScope != nil { + data.Set("view_scope", []interface{}{viewScope}) + } else if err != nil { return err } - if permissionView != nil && len(permissionView.Policies) > 0 { - data.Set("view_scope_policy_id", permissionView.Policies[0]) - } - permissionManage, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["manage"].(string)) - if err != nil { + + if manageScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["manage"].(string)); err == nil && manageScope != nil { + data.Set("manage_scope", []interface{}{manageScope}) + } else if err != nil { return err } - if permissionManage != nil && len(permissionManage.Policies) > 0 { - data.Set("manage_scope_policy_id", permissionManage.Policies[0]) - } - permissionConfigure, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["configure"].(string)) - if err != nil { + + if mapRolesScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["configure"].(string)); err == nil && mapRolesScope != nil { + data.Set("configure_scope", []interface{}{mapRolesScope}) + } else if err != nil { return err } - if permissionConfigure != nil && len(permissionConfigure.Policies) > 0 { - data.Set("configure_scope_policy_id", permissionConfigure.Policies[0]) - } - permissionMapRoles, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles"].(string)) - if err != nil { + + if manageGroupMembershipScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles"].(string)); err == nil && manageGroupMembershipScope != nil { + data.Set("map_roles_scope", []interface{}{manageGroupMembershipScope}) + } else if err != nil { return err } - if permissionMapRoles != nil && len(permissionMapRoles.Policies) > 0 { - data.Set("map_roles_scope_policy_id", permissionMapRoles.Policies[0]) - } - permissionMapRolesClientScope, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-client-scope"].(string)) - if err != nil { + + if impersonateScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-client-scope"].(string)); err == nil && impersonateScope != nil { + data.Set("map_roles_client_scope_scope", []interface{}{impersonateScope}) + } else if err != nil { return err } - if permissionMapRolesClientScope != nil && len(permissionMapRolesClientScope.Policies) > 0 { - data.Set("map_roles_client_scope_scope_policy_id", permissionMapRolesClientScope.Policies[0]) - } - permissionMapRolesComposite, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-composite"].(string)) - if err != nil { + + if userImpersonatedScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["map-roles-composite"].(string)); err == nil && userImpersonatedScope != nil { + data.Set("map_roles_composite_scope", []interface{}{userImpersonatedScope}) + } else if err != nil { return err } - if permissionMapRolesComposite != nil && len(permissionMapRolesComposite.Policies) > 0 { - data.Set("map_roles_composite_scope_policy_id", permissionMapRolesComposite.Policies[0]) - } - permissionTokenExchange, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["token-exchange"].(string)) - if err != nil { + + if tokenExchangeScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, openidClientPermissions.ScopePermissions["token-exchange"].(string)); err == nil && tokenExchangeScope != nil { + data.Set("token_exchange_scope", []interface{}{tokenExchangeScope}) + } else if err != nil { return err } - if permissionTokenExchange != nil && len(permissionTokenExchange.Policies) > 0 { - data.Set("token_exchange_scope_policy_id", permissionTokenExchange.Policies[0]) - } - data.Set("authorization_resource_server_id", realmManagementClient.Id) return nil } func resourceKeycloakOpenidClientPermissionsDelete(data *schema.ResourceData, meta interface{}) error { - keycloakClient := meta.(*keycloak.KeycloakClient) realmId := data.Get("realm_id").(string) clientId := data.Get("client_id").(string) - openidClientPermissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) - if err == nil && openidClientPermissions.Enabled { - _ = unsetOpenidClientScopePermissionPolicy(keycloakClient, realmId, clientId, "view") - } return keycloakClient.DisableOpenidClientPermissions(realmId, clientId) } diff --git a/provider/resource_keycloak_openid_client_permissions_test.go b/provider/resource_keycloak_openid_client_permissions_test.go index 21afd70f..30c81d7c 100644 --- a/provider/resource_keycloak_openid_client_permissions_test.go +++ b/provider/resource_keycloak_openid_client_permissions_test.go @@ -11,19 +11,20 @@ import ( ) func TestAccKeycloakOpenidClientPermission_basic(t *testing.T) { - realmName := "tf_view-" + acctest.RandString(10) - clientId := "tf-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientPermission_basic(realmName, clientId), + Config: testKeycloakOpenidClientPermission_basic(clientId), Check: testAccCheckKeycloakOpenidClientPermissionExists("keycloak_openid_client_permissions.my_permission"), - }, { - Config: testKeycloakOpenidClientPermissionDelete_basic(realmName, clientId), - Check: testAccCheckKeycloakOpenidClientPermissionDoentExists("keycloak_openid_client_permissions.my_permission"), + }, + { + Config: testKeycloakOpenidClientPermissionDelete_basic(clientId), + Check: testAccCheckKeycloakOpenidClientPermissionsAreDisabled(clientId), }, }, }) @@ -41,7 +42,9 @@ func testAccCheckKeycloakOpenidClientPermissionExists(resourceName string) resou return fmt.Errorf("resource not found: %s", resourceName) } authorizationResourceServerId := rs.Primary.Attributes["authorization_resource_server_id"] - viewScopePolicyId := rs.Primary.Attributes["view_scope_policy_id"] + viewScopePolicyId := rs.Primary.Attributes["view_scope.0.policies.0"] + viewScopeDescription := rs.Primary.Attributes["view_scope.0.description"] + viewScopeDecisionStrategy := rs.Primary.Attributes["view_scope.0.decision_strategy"] var realmManagementId string clients, _ := keycloakClient.GetOpenidClients(permissions.RealmId, false) @@ -56,37 +59,39 @@ func testAccCheckKeycloakOpenidClientPermissionExists(resourceName string) resou return fmt.Errorf("computed authorizationResourceServerId %s was not equal to %s (the id of the realm-management client)", authorizationResourceServerId, realmManagementId) } - authzClient, err := keycloakClient.GetOpenidClientAuthorizationPermission(permissions.RealmId, realmManagementId, permissions.ScopePermissions["view"].(string)) + authzClientView, err := keycloakClient.GetOpenidClientAuthorizationPermission(permissions.RealmId, realmManagementId, permissions.ScopePermissions["view"].(string)) if err != nil { return err } - policyId := authzClient.Policies[0] - if viewScopePolicyId != policyId { - return fmt.Errorf("computed ViewScopePolicyId %s was not equal to policyId %s", viewScopePolicyId, policyId) + if viewScopePolicyId != authzClientView.Policies[0] { + return fmt.Errorf("computed view scope policy ID %s was not equal to %s", viewScopePolicyId, authzClientView.Policies[0]) + } + if authzClientView.Description != viewScopeDescription { + return fmt.Errorf("description %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDescription) + } + if authzClientView.DecisionStrategy != viewScopeDecisionStrategy { + return fmt.Errorf("decision strategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDecisionStrategy) } return nil } } -func testAccCheckKeycloakOpenidClientPermissionDoentExists(resourceName string) resource.TestCheckFunc { +func testAccCheckKeycloakOpenidClientPermissionsAreDisabled(clientId string) resource.TestCheckFunc { return func(s *terraform.State) error { - permissions, err := getOpenidClientPermissionsFromState(s, resourceName) + client, err := keycloakClient.GetOpenidClientByClientId(testAccRealm.Realm, clientId) if err != nil { return err } - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("resource not found: %s", resourceName) + permissions, err := keycloakClient.GetOpenidClientPermissions(testAccRealm.Realm, client.Id) + if err != nil { + return fmt.Errorf("error getting openid_client permissions with realm id %s and client id %s: %s", testAccRealm.Realm, clientId, err) } if permissions.Enabled != false { - return fmt.Errorf("Client Permission in Keycloak is not disabled") - } - if rs.Primary.Attributes["enabled"] != "false" { - return fmt.Errorf("Client Permission State is not disabled") + return fmt.Errorf("expected openid client permission in Keycloak to be disabled") } return nil @@ -94,8 +99,6 @@ func testAccCheckKeycloakOpenidClientPermissionDoentExists(resourceName string) } func getOpenidClientPermissionsFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientPermissions, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -104,22 +107,22 @@ func getOpenidClientPermissionsFromState(s *terraform.State, resourceName string realmId := rs.Primary.Attributes["realm_id"] clientId := rs.Primary.Attributes["client_id"] - permissions, err := keycloakClient.GetOpenidClientPermissions(realmId, clientId) + permissions, err := keycloakClient.GetOpenidClientPermissions(testAccRealm.Realm, clientId) if err != nil { return nil, fmt.Errorf("error getting openid_client permissions with realm id %s and client id %s: %s", realmId, clientId, err) - } + return permissions, nil } -func testKeycloakOpenidClientPermission_basic(realmId, clientId string) string { +func testKeycloakOpenidClientPermission_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } -resource keycloak_openid_client "my_openid_client" { - realm_id = keycloak_realm.realm.id +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id name = "my_openid_client" client_id = "%s" client_secret = "secret" @@ -130,20 +133,19 @@ resource keycloak_openid_client "my_openid_client" { ] } -data keycloak_openid_client "realm_management" { - realm_id = keycloak_realm.realm.id - client_id = "realm-management" +data "keycloak_openid_client" "realm_management" { + realm_id = data.keycloak_realm.realm.id + client_id = "realm-management" } resource keycloak_openid_client_permissions "realm-management_permission" { - realm_id = keycloak_realm.realm.id - client_id = data.keycloak_openid_client.realm_management.id - enabled = true + realm_id = data.keycloak_realm.realm.id + client_id = data.keycloak_openid_client.realm_management.id } resource keycloak_user test { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id username = "test-user" email = "test-user@fakedomain.com" @@ -152,43 +154,44 @@ resource keycloak_user test { } resource keycloak_openid_client_user_policy test { - resource_server_id = "${data.keycloak_openid_client.realm_management.id}" - realm_id = keycloak_realm.realm.id - name = "client_user_policy_test" - users = ["${keycloak_user.test.id}"] - logic = "POSITIVE" + realm_id = data.keycloak_realm.realm.id + resource_server_id = data.keycloak_openid_client.realm_management.id + + name = "client_user_policy_test" + users = [ + keycloak_user.test.id + ] + + logic = "POSITIVE" decision_strategy = "UNANIMOUS" + depends_on = [ keycloak_openid_client_permissions.realm-management_permission, ] } resource "keycloak_openid_client_permissions" "my_permission" { - realm_id = keycloak_realm.realm.id - client_id = keycloak_openid_client.my_openid_client.id - - enabled = true - - view_scope_policy_id = keycloak_openid_client_user_policy.test.id - manage_scope_policy_id = keycloak_openid_client_user_policy.test.id - configure_scope_policy_id = keycloak_openid_client_user_policy.test.id - map_roles_scope_policy_id = keycloak_openid_client_user_policy.test.id - map_roles_client_scope_scope_policy_id = keycloak_openid_client_user_policy.test.id - map_roles_composite_scope_policy_id = keycloak_openid_client_user_policy.test.id - token_exchange_scope_policy_id = keycloak_openid_client_user_policy.test.id -} - - `, realmId, clientId) + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id + + view_scope { + policies = [ + keycloak_openid_client_user_policy.test.id + ] + description = "view_scope" + decision_strategy = "CONSENSUS" + } +}`, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClientPermissionDelete_basic(realmId, clientId string) string { +func testKeycloakOpenidClientPermissionDelete_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { - realm = "%s" +data "keycloak_realm" "realm" { + realm = "%s" } -resource keycloak_openid_client "my_openid_client" { - realm_id = keycloak_realm.realm.id +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id name = "my_openid_client" client_id = "%s" client_secret = "secret" @@ -199,20 +202,19 @@ resource keycloak_openid_client "my_openid_client" { ] } -data keycloak_openid_client "realm_management" { - realm_id = keycloak_realm.realm.id - client_id = "realm-management" +data "keycloak_openid_client" "realm_management" { + realm_id = data.keycloak_realm.realm.id + client_id = "realm-management" } resource keycloak_openid_client_permissions "realm-management_permission" { - realm_id = keycloak_realm.realm.id - client_id = data.keycloak_openid_client.realm_management.id - enabled = true + realm_id = data.keycloak_realm.realm.id + client_id = data.keycloak_openid_client.realm_management.id } resource keycloak_user test { - realm_id = keycloak_realm.realm.id + realm_id = data.keycloak_realm.realm.id username = "test-user" email = "test-user@fakedomain.com" @@ -221,23 +223,19 @@ resource keycloak_user test { } resource keycloak_openid_client_user_policy test { - resource_server_id = "${data.keycloak_openid_client.realm_management.id}" - realm_id = keycloak_realm.realm.id - name = "client_user_policy_test" - users = ["${keycloak_user.test.id}"] - logic = "POSITIVE" + realm_id = data.keycloak_realm.realm.id + resource_server_id = data.keycloak_openid_client.realm_management.id + + name = "client_user_policy_test" + users = [ + keycloak_user.test.id + ] + + logic = "POSITIVE" decision_strategy = "UNANIMOUS" + depends_on = [ keycloak_openid_client_permissions.realm-management_permission, ] -} - -resource "keycloak_openid_client_permissions" "my_permission" { - realm_id = keycloak_realm.realm.id - client_id = keycloak_openid_client.my_openid_client.id - - enabled = false -} - - `, realmId, clientId) +}`, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_scope_test.go b/provider/resource_keycloak_openid_client_scope_test.go index c517d9a4..b1e7e336 100644 --- a/provider/resource_keycloak_openid_client_scope_test.go +++ b/provider/resource_keycloak_openid_client_scope_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakClientScope_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -21,23 +21,23 @@ func TestAccKeycloakClientScope_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, { ResourceName: "keycloak_openid_client_scope.client_scope", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { + t.Parallel() var clientScope = &keycloak.OpenidClientScope{} - realmName := "terraform-" + acctest.RandString(10) clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -46,7 +46,7 @@ func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), testAccCheckKeycloakClientScopeFetch("keycloak_openid_client_scope.client_scope", clientScope), @@ -54,14 +54,12 @@ func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientScope(clientScope.RealmId, clientScope.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, }, @@ -69,8 +67,7 @@ func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakClientScope_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -79,17 +76,17 @@ func TestAccKeycloakClientScope_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_updateRealmBefore(realmOne, realmTwo, clientScopeName), + Config: testKeycloakClientScope_updateRealmBefore(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), - testAccCheckKeycloakClientScopeBelongsToRealm("keycloak_openid_client_scope.client_scope", realmOne), + testAccCheckKeycloakClientScopeBelongsToRealm("keycloak_openid_client_scope.client_scope", testAccRealm.Realm), ), }, { - Config: testKeycloakClientScope_updateRealmAfter(realmOne, realmTwo, clientScopeName), + Config: testKeycloakClientScope_updateRealmAfter(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), - testAccCheckKeycloakClientScopeBelongsToRealm("keycloak_openid_client_scope.client_scope", realmTwo), + testAccCheckKeycloakClientScopeBelongsToRealm("keycloak_openid_client_scope.client_scope", testAccRealmTwo.Realm), ), }, }, @@ -97,7 +94,7 @@ func TestAccKeycloakClientScope_updateRealm(t *testing.T) { } func TestAccKeycloakClientScope_consentScreenText(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -106,15 +103,15 @@ func TestAccKeycloakClientScope_consentScreenText(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, { - Config: testKeycloakClientScope_withConsentText(realmName, clientScopeName, acctest.RandString(10)), + Config: testKeycloakClientScope_withConsentText(clientScopeName, acctest.RandString(10)), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, }, @@ -122,7 +119,7 @@ func TestAccKeycloakClientScope_consentScreenText(t *testing.T) { } func TestAccKeycloakClientScope_includeInTokenScope(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) includeInTokenScope := false @@ -132,18 +129,18 @@ func TestAccKeycloakClientScope_includeInTokenScope(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, { - Config: testKeycloakClientScope_withIncludeInTokenScope(realmName, clientScopeName, includeInTokenScope), + Config: testKeycloakClientScope_withIncludeInTokenScope(clientScopeName, includeInTokenScope), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), testAccCheckKeycloakClientScopeExistsWithCorrectIncludeInTokenScope("keycloak_openid_client_scope.client_scope", includeInTokenScope), ), }, { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, }, @@ -151,7 +148,7 @@ func TestAccKeycloakClientScope_includeInTokenScope(t *testing.T) { } func TestAccKeycloakClientScope_guiOrder(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) guiOrder := acctest.RandIntRange(0, 1000) @@ -161,18 +158,18 @@ func TestAccKeycloakClientScope_guiOrder(t *testing.T) { CheckDestroy: testAccCheckKeycloakClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, { - Config: testKeycloakClientScope_withGuiOrder(realmName, clientScopeName, guiOrder), + Config: testKeycloakClientScope_withGuiOrder(clientScopeName, guiOrder), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), testAccCheckKeycloakClientScopeExistsWithCorrectGuiOrder("keycloak_openid_client_scope.client_scope", guiOrder), ), }, { - Config: testKeycloakClientScope_basic(realmName, clientScopeName), + Config: testKeycloakClientScope_basic(clientScopeName), Check: testAccCheckKeycloakClientScopeExistsWithCorrectProtocol("keycloak_openid_client_scope.client_scope"), }, }, @@ -263,8 +260,6 @@ func testAccCheckKeycloakClientScopeDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - clientScope, _ := keycloakClient.GetOpenidClientScope(realm, id) if clientScope != nil { return fmt.Errorf("openid client scope %s still exists", id) @@ -294,102 +289,102 @@ func getClientScopeFromState(s *terraform.State, resourceName string) (*keycloak return clientScope, nil } -func testKeycloakClientScope_basic(realm, clientScopeName string) string { +func testKeycloakClientScope_basic(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } - `, realm, clientScopeName) + `, testAccRealm.Realm, clientScopeName) } -func testKeycloakClientScope_withConsentText(realm, clientScopeName, consentText string) string { +func testKeycloakClientScope_withConsentText(clientScopeName, consentText string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" consent_screen_text = "%s" } - `, realm, clientScopeName, consentText) + `, testAccRealm.Realm, clientScopeName, consentText) } -func testKeycloakClientScope_withIncludeInTokenScope(realm, clientScopeName string, includeInTokenScope bool) string { +func testKeycloakClientScope_withIncludeInTokenScope(clientScopeName string, includeInTokenScope bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" include_in_token_scope = %t } - `, realm, clientScopeName, includeInTokenScope) + `, testAccRealm.Realm, clientScopeName, includeInTokenScope) } -func testKeycloakClientScope_withGuiOrder(realm, clientScopeName string, guiOrder int) string { +func testKeycloakClientScope_withGuiOrder(clientScopeName string, guiOrder int) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" gui_order = %d } - `, realm, clientScopeName, guiOrder) + `, testAccRealm.Realm, clientScopeName, guiOrder) } -func testKeycloakClientScope_updateRealmBefore(realmOne, realmTwo, clientScopeName string) string { +func testKeycloakClientScope_updateRealmBefore(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id } - `, realmOne, realmTwo, clientScopeName) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientScopeName) } -func testKeycloakClientScope_updateRealmAfter(realmOne, realmTwo, clientScopeName string) string { +func testKeycloakClientScope_updateRealmAfter(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id } - `, realmOne, realmTwo, clientScopeName) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientScopeName) } diff --git a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go index 34e4a4da..a3747402 100644 --- a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resourceName := "keycloak_openid_client_service_account_realm_role.test" @@ -21,7 +21,7 @@ func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists(resourceName), }, { @@ -35,9 +35,9 @@ func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { } func TestAccKeycloakOpenidClientServiceAccountRealmRole_createAfterManualDestroy(t *testing.T) { + t.Parallel() var serviceAccountRole = &keycloak.OpenidClientServiceAccountRealmRole{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -46,53 +46,23 @@ func TestAccKeycloakOpenidClientServiceAccountRealmRole_createAfterManualDestroy CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleFetch("keycloak_openid_client_service_account_realm_role.test", serviceAccountRole), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientServiceAccountRealmRole(serviceAccountRole.RealmId, serviceAccountRole.ServiceAccountUserId, serviceAccountRole.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists("keycloak_openid_client_service_account_realm_role.test"), }, }, }) } -func TestAccKeycloakOpenidClientServiceAccountRealmRole_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - clientId := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRealmRoleDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(firstRealm, clientId), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists("keycloak_openid_client_service_account_realm_role.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_service_account_realm_role.test", "realm_id", firstRealm), - ), - }, - { - Config: testKeycloakOpenidClientServiceAccountRealmRole_basic(secondRealm, clientId), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists("keycloak_openid_client_service_account_realm_role.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_service_account_realm_role.test", "realm_id", secondRealm), - ), - }, - }, - }) -} - func testAccCheckKeycloakOpenidClientServiceAccountRealmRoleExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { _, err := getKeycloakOpenidClientServiceAccountRealmRoleFromState(s, resourceName) @@ -126,13 +96,11 @@ func testAccCheckKeycloakOpenidClientServiceAccountRealmRoleDestroy() resource.T continue } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] serviceAccountUserId := rs.Primary.Attributes["service_account_user_id"] id := strings.Split(rs.Primary.ID, "/")[1] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - serviceAccountRole, _ := keycloakClient.GetOpenidClientServiceAccountRealmRole(realmId, serviceAccountUserId, id) + serviceAccountRole, _ := keycloakClient.GetOpenidClientServiceAccountRealmRole(realm, serviceAccountUserId, id) if serviceAccountRole != nil { return fmt.Errorf("service account role exists") } @@ -143,18 +111,16 @@ func testAccCheckKeycloakOpenidClientServiceAccountRealmRoleDestroy() resource.T } func getKeycloakOpenidClientServiceAccountRealmRoleFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientServiceAccountRealmRole, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] serviceAccountUserId := rs.Primary.Attributes["service_account_user_id"] id := strings.Split(rs.Primary.ID, "/")[1] - serviceAccountRole, err := keycloakClient.GetOpenidClientServiceAccountRealmRole(realmId, serviceAccountUserId, id) + serviceAccountRole, err := keycloakClient.GetOpenidClientServiceAccountRealmRole(realm, serviceAccountUserId, id) if err != nil { return nil, fmt.Errorf("error getting service account role mapping: %s", err) } @@ -173,23 +139,23 @@ func getKeycloakOpenidClientServiceAccountRealmRoleImportId(resourceName string) } } -func testKeycloakOpenidClientServiceAccountRealmRole_basic(realm, clientId string) string { +func testKeycloakOpenidClientServiceAccountRealmRole_basic(clientId string) string { return fmt.Sprintf(` -resource keycloak_realm test { +data "keycloak_realm" "realm" { realm = "%s" } resource keycloak_openid_client test { client_id = "%s" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true } resource keycloak_openid_client_service_account_realm_role test { service_account_user_id = "${keycloak_openid_client.test.service_account_user_id}" - realm_id = "${keycloak_realm.test.id}" + realm_id = data.keycloak_realm.realm.id role = "offline_access" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_openid_client_service_account_role_test.go b/provider/resource_keycloak_openid_client_service_account_role_test.go index 77e7e4a7..08f9df61 100644 --- a/provider/resource_keycloak_openid_client_service_account_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_role_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenidClientServiceAccountRole_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resourceName := "keycloak_openid_client_service_account_role.test" @@ -21,7 +21,7 @@ func TestAccKeycloakOpenidClientServiceAccountRole_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientServiceAccountRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRoleExists(resourceName), }, { @@ -35,9 +35,9 @@ func TestAccKeycloakOpenidClientServiceAccountRole_basic(t *testing.T) { } func TestAccKeycloakOpenidClientServiceAccountRole_createAfterManualDestroy(t *testing.T) { + t.Parallel() var serviceAccountRole = &keycloak.OpenidClientServiceAccountRole{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -46,55 +46,25 @@ func TestAccKeycloakOpenidClientServiceAccountRole_createAfterManualDestroy(t *t CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientServiceAccountRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRoleFetch("keycloak_openid_client_service_account_role.test", serviceAccountRole), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClientServiceAccountRole(serviceAccountRole.RealmId, serviceAccountRole.ServiceAccountUserId, serviceAccountRole.ContainerId, serviceAccountRole.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClientServiceAccountRole_basic(realmName, clientId), + Config: testKeycloakOpenidClientServiceAccountRole_basic(clientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRoleExists("keycloak_openid_client_service_account_role.test"), }, }, }) } -func TestAccKeycloakOpenidClientServiceAccountRole_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - clientId := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenidClientServiceAccountRole_basic(firstRealm, clientId), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientServiceAccountRoleExists("keycloak_openid_client_service_account_role.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_service_account_role.test", "realm_id", firstRealm), - ), - }, - { - Config: testKeycloakOpenidClientServiceAccountRole_basic(secondRealm, clientId), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakOpenidClientServiceAccountRoleExists("keycloak_openid_client_service_account_role.test"), - resource.TestCheckResourceAttr("keycloak_openid_client_service_account_role.test", "realm_id", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakOpenidClientServiceAccountRole_enableAfterCreate(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() bearerClientId := "terraform-" + acctest.RandString(10) consumerClientId := "terraform-" + acctest.RandString(10) resourceName := "keycloak_openid_client_service_account_role.consumer_service_account_role" @@ -105,10 +75,10 @@ func TestAccKeycloakOpenidClientServiceAccountRole_enableAfterCreate(t *testing. CheckDestroy: testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(realmName, bearerClientId, consumerClientId), + Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(bearerClientId, consumerClientId), }, { - Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(realmName, bearerClientId, consumerClientId), + Config: testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(bearerClientId, consumerClientId), Check: testAccCheckKeycloakOpenidClientServiceAccountRoleExists(resourceName), }, }, @@ -150,14 +120,12 @@ func testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy() resource.TestCh continue } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] serviceAccountUserId := rs.Primary.Attributes["service_account_user_id"] clientId := rs.Primary.Attributes["client_id"] id := strings.Split(rs.Primary.ID, "/")[1] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - serviceAccountRole, _ := keycloakClient.GetOpenidClientServiceAccountRole(realmId, serviceAccountUserId, clientId, id) + serviceAccountRole, _ := keycloakClient.GetOpenidClientServiceAccountRole(realm, serviceAccountUserId, clientId, id) if serviceAccountRole != nil { return fmt.Errorf("service account role exists") } @@ -168,19 +136,17 @@ func testAccCheckKeycloakOpenidClientServiceAccountRoleDestroy() resource.TestCh } func getKeycloakOpenidClientServiceAccountRoleFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClientServiceAccountRole, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) } - realmId := rs.Primary.Attributes["realm_id"] + realm := rs.Primary.Attributes["realm_id"] serviceAccountUserId := rs.Primary.Attributes["service_account_user_id"] clientId := rs.Primary.Attributes["client_id"] id := strings.Split(rs.Primary.ID, "/")[1] - serviceAccountRole, err := keycloakClient.GetOpenidClientServiceAccountRole(realmId, serviceAccountUserId, clientId, id) + serviceAccountRole, err := keycloakClient.GetOpenidClientServiceAccountRole(realm, serviceAccountUserId, clientId, id) if err != nil { return nil, fmt.Errorf("error getting service account role mapping: %s", err) } @@ -204,81 +170,81 @@ func getKeycloakOpenidClientServiceAccountRoleImportId(resourceName string) reso } } -func testKeycloakOpenidClientServiceAccountRole_basic(realm, clientId string) string { +func testKeycloakOpenidClientServiceAccountRole_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "test" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "test" { client_id = "%s" - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" service_accounts_enabled = true } data "keycloak_openid_client" "broker" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = "broker" } resource "keycloak_openid_client_service_account_role" "test" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = data.keycloak_openid_client.broker.id service_account_user_id = keycloak_openid_client.test.service_account_user_id role = "read-token" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(realm, bearerClientId, consumerClientId string) string { +func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_before(bearerClientId, consumerClientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "test" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "bearer" { client_id = "%s" - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" } resource "keycloak_role" "bearer_role" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = keycloak_openid_client.bearer.id name = "bearer-role" } resource "keycloak_openid_client" "consumer" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "CONFIDENTIAL" service_accounts_enabled = false } - `, realm, bearerClientId, consumerClientId) + `, testAccRealm.Realm, bearerClientId, consumerClientId) } -func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(realm, bearerClientId, consumerClientId string) string { +func testKeycloakOpenidClientServiceAccountRole_enableAfterCreate_after(bearerClientId, consumerClientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "test" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "bearer" { client_id = "%s" - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" } resource "keycloak_role" "bearer_role" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = keycloak_openid_client.bearer.id name = "bearer-role" } resource "keycloak_openid_client" "consumer" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "CONFIDENTIAL" @@ -286,10 +252,10 @@ resource "keycloak_openid_client" "consumer" { } resource "keycloak_openid_client_service_account_role" "consumer_service_account_role" { - realm_id = keycloak_realm.test.id + realm_id = data.keycloak_realm.realm.id service_account_user_id = keycloak_openid_client.consumer.service_account_user_id client_id = keycloak_openid_client.bearer.id role = keycloak_role.bearer_role.name } - `, realm, bearerClientId, consumerClientId) + `, testAccRealm.Realm, bearerClientId, consumerClientId) } diff --git a/provider/resource_keycloak_openid_client_test.go b/provider/resource_keycloak_openid_client_test.go index 796ce0fd..03962f8f 100644 --- a/provider/resource_keycloak_openid_client_test.go +++ b/provider/resource_keycloak_openid_client_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakOpenidClient_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -21,14 +21,14 @@ func TestAccKeycloakOpenidClient_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_basic(realmName, clientId), + Config: testKeycloakOpenidClient_basic(clientId), Check: testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), }, { ResourceName: "keycloak_openid_client.client", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", ImportStateVerifyIgnore: []string{"exclude_session_state_from_auth_response"}, }, }, @@ -36,9 +36,9 @@ func TestAccKeycloakOpenidClient_basic(t *testing.T) { } func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { + t.Parallel() var client = &keycloak.OpenidClient{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -47,7 +47,7 @@ func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_basic(realmName, clientId), + Config: testKeycloakOpenidClient_basic(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), testAccCheckKeycloakOpenidClientFetch("keycloak_openid_client.client", client), @@ -55,14 +55,12 @@ func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenidClient(client.RealmId, client.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakOpenidClient_basic(realmName, clientId), + Config: testKeycloakOpenidClient_basic(clientId), Check: testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), }, }, @@ -70,8 +68,8 @@ func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakOpenidClient_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -80,17 +78,17 @@ func TestAccKeycloakOpenidClient_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_updateRealmBefore(realmOne, realmTwo, clientId), + Config: testKeycloakOpenidClient_updateRealmBefore(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), - testAccCheckKeycloakOpenidClientBelongsToRealm("keycloak_openid_client.client", realmOne), + testAccCheckKeycloakOpenidClientBelongsToRealm("keycloak_openid_client.client", testAccRealm.Realm), ), }, { - Config: testKeycloakOpenidClient_updateRealmAfter(realmOne, realmTwo, clientId), + Config: testKeycloakOpenidClient_updateRealmAfter(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), - testAccCheckKeycloakOpenidClientBelongsToRealm("keycloak_openid_client.client", realmTwo), + testAccCheckKeycloakOpenidClientBelongsToRealm("keycloak_openid_client.client", testAccRealmTwo.Realm), ), }, }, @@ -98,7 +96,7 @@ func TestAccKeycloakOpenidClient_updateRealm(t *testing.T) { } func TestAccKeycloakOpenidClient_accessType(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -107,15 +105,15 @@ func TestAccKeycloakOpenidClient_accessType(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_accessType(realmName, clientId, "CONFIDENTIAL"), + Config: testKeycloakOpenidClient_accessType(clientId, "CONFIDENTIAL"), Check: testAccCheckKeycloakOpenidClientAccessType("keycloak_openid_client.client", false, false), }, { - Config: testKeycloakOpenidClient_accessType(realmName, clientId, "PUBLIC"), + Config: testKeycloakOpenidClient_accessType(clientId, "PUBLIC"), Check: testAccCheckKeycloakOpenidClientAccessType("keycloak_openid_client.client", true, false), }, { - Config: testKeycloakOpenidClient_accessType(realmName, clientId, "BEARER-ONLY"), + Config: testKeycloakOpenidClient_accessType(clientId, "BEARER-ONLY"), Check: testAccCheckKeycloakOpenidClientAccessType("keycloak_openid_client.client", false, true), }, }, @@ -123,7 +121,7 @@ func TestAccKeycloakOpenidClient_accessType(t *testing.T) { } func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) adminUrl := "https://www.example.com/admin" @@ -133,7 +131,7 @@ func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_adminUrl(realmName, clientId, adminUrl), + Config: testKeycloakOpenidClient_adminUrl(clientId, adminUrl), Check: testAccCheckKeycloakOpenidClientAdminUrl("keycloak_openid_client.client", adminUrl), }, }, @@ -141,7 +139,7 @@ func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { } func TestAccKeycloakOpenidClient_baseUrl(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) baseUrl := "https://www.example.com" @@ -151,7 +149,7 @@ func TestAccKeycloakOpenidClient_baseUrl(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_baseUrl(realmName, clientId, baseUrl), + Config: testKeycloakOpenidClient_baseUrl(clientId, baseUrl), Check: testAccCheckKeycloakOpenidClientBaseUrl("keycloak_openid_client.client", baseUrl), }, }, @@ -159,7 +157,7 @@ func TestAccKeycloakOpenidClient_baseUrl(t *testing.T) { } func TestAccKeycloakOpenidClient_rootUrl(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) rootUrl := "https://www.example.com" @@ -169,7 +167,7 @@ func TestAccKeycloakOpenidClient_rootUrl(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_rootUrl(realmName, clientId, rootUrl), + Config: testKeycloakOpenidClient_rootUrl(clientId, rootUrl), Check: testAccCheckKeycloakOpenidClientRootUrl("keycloak_openid_client.client", rootUrl), }, }, @@ -177,7 +175,7 @@ func TestAccKeycloakOpenidClient_rootUrl(t *testing.T) { } func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) enabled := randomBool() standardFlowEnabled := randomBool() @@ -191,7 +189,6 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { rootUrlBefore := "http://localhost:2222/" + acctest.RandString(20) openidClientBefore := &keycloak.OpenidClient{ - RealmId: realm, ClientId: clientId, Name: acctest.RandString(10), Enabled: enabled, @@ -212,7 +209,6 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { rootUrlAfter := "http://localhost:2222/" + acctest.RandString(20) openidClientAfter := &keycloak.OpenidClient{ - RealmId: realm, ClientId: clientId, Name: acctest.RandString(10), Enabled: !enabled, @@ -247,7 +243,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { ), }, { - Config: testKeycloakOpenidClient_basic(realm, clientId), + Config: testKeycloakOpenidClient_basic(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), ), @@ -257,7 +253,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { } func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) accessTokenLifespan := "1800" @@ -268,14 +264,14 @@ func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_AccessToken_basic(realmName, clientId, accessTokenLifespan), + Config: testKeycloakOpenidClient_AccessToken_basic(clientId, accessTokenLifespan), Check: testAccCheckKeycloakOpenidClientExistsWithCorrectLifespan("keycloak_openid_client.client", accessTokenLifespan), }, { ResourceName: "keycloak_openid_client.client", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", ImportStateVerifyIgnore: []string{"exclude_session_state_from_auth_response"}, }, }, @@ -283,7 +279,7 @@ func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) { } func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) offlineSessionIdleTimeout := "1800" @@ -297,7 +293,7 @@ func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_ClientTimeouts(realmName, clientId, + Config: testKeycloakOpenidClient_ClientTimeouts(clientId, offlineSessionIdleTimeout, offlineSessionMaxLifespan, sessionIdleTimeout, sessionMaxLifespan), Check: testAccCheckKeycloakOpenidClientExistsWithCorrectClientTimeouts("keycloak_openid_client.client", offlineSessionIdleTimeout, offlineSessionMaxLifespan, sessionIdleTimeout, sessionMaxLifespan, @@ -307,7 +303,7 @@ func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { ResourceName: "keycloak_openid_client.client", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", ImportStateVerifyIgnore: []string{"exclude_session_state_from_auth_response"}, }, }, @@ -315,7 +311,7 @@ func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { } func TestAccKeycloakOpenidClient_secret(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) clientSecret := acctest.RandString(10) @@ -325,14 +321,14 @@ func TestAccKeycloakOpenidClient_secret(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_basic(realmName, clientId), + Config: testKeycloakOpenidClient_basic(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), testAccCheckKeycloakOpenidClientHasNonEmptyClientSecret("keycloak_openid_client.client"), ), }, { - Config: testKeycloakOpenidClient_secret(realmName, clientId, clientSecret), + Config: testKeycloakOpenidClient_secret(clientId, clientSecret), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientExistsWithCorrectProtocol("keycloak_openid_client.client"), testAccCheckKeycloakOpenidClientHasClientSecret("keycloak_openid_client.client", clientSecret), @@ -343,7 +339,7 @@ func TestAccKeycloakOpenidClient_secret(t *testing.T) { } func TestAccKeycloakOpenidClient_redirectUrisValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) accessType := randomStringInSlice([]string{"PUBLIC", "CONFIDENTIAL"}) @@ -353,11 +349,11 @@ func TestAccKeycloakOpenidClient_redirectUrisValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_invalidRedirectUris(realmName, clientId, accessType, true, false), + Config: testKeycloakOpenidClient_invalidRedirectUris(clientId, accessType, true, false), ExpectError: regexp.MustCompile("validation error: standard \\(authorization code\\) and implicit flows require at least one valid redirect uri"), }, { - Config: testKeycloakOpenidClient_invalidRedirectUris(realmName, clientId, accessType, false, true), + Config: testKeycloakOpenidClient_invalidRedirectUris(clientId, accessType, false, true), ExpectError: regexp.MustCompile("validation error: standard \\(authorization code\\) and implicit flows require at least one valid redirect uri"), }, }, @@ -365,7 +361,7 @@ func TestAccKeycloakOpenidClient_redirectUrisValidation(t *testing.T) { } func TestAccKeycloakOpenidClient_publicClientCredentialsValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -374,7 +370,7 @@ func TestAccKeycloakOpenidClient_publicClientCredentialsValidation(t *testing.T) CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_invalidPublicClientWithClientCredentials(realmName, clientId), + Config: testKeycloakOpenidClient_invalidPublicClientWithClientCredentials(clientId), ExpectError: regexp.MustCompile("validation error: service accounts \\(client credentials flow\\) cannot be enabled on public clients"), }, }, @@ -382,7 +378,7 @@ func TestAccKeycloakOpenidClient_publicClientCredentialsValidation(t *testing.T) } func TestAccKeycloakOpenidClient_bearerClientNoGrantsValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -391,19 +387,19 @@ func TestAccKeycloakOpenidClient_bearerClientNoGrantsValidation(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(realmName, clientId, true, false, false, false), + Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(clientId, true, false, false, false), ExpectError: regexp.MustCompile("validation error: Keycloak cannot issue tokens for bearer-only clients; no oauth2 flows can be enabled for this client"), }, { - Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(realmName, clientId, false, true, false, false), + Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(clientId, false, true, false, false), ExpectError: regexp.MustCompile("validation error: Keycloak cannot issue tokens for bearer-only clients; no oauth2 flows can be enabled for this client"), }, { - Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(realmName, clientId, false, false, true, false), + Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(clientId, false, false, true, false), ExpectError: regexp.MustCompile("validation error: Keycloak cannot issue tokens for bearer-only clients; no oauth2 flows can be enabled for this client"), }, { - Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(realmName, clientId, false, false, false, true), + Config: testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(clientId, false, false, false, true), ExpectError: regexp.MustCompile("validation error: Keycloak cannot issue tokens for bearer-only clients; no oauth2 flows can be enabled for this client"), }, }, @@ -411,7 +407,7 @@ func TestAccKeycloakOpenidClient_bearerClientNoGrantsValidation(t *testing.T) { } func TestAccKeycloakOpenidClient_pkceCodeChallengeMethod(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -420,32 +416,32 @@ func TestAccKeycloakOpenidClient_pkceCodeChallengeMethod(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_pkceChallengeMethod(realmName, clientId, "invalidMethod"), + Config: testKeycloakOpenidClient_pkceChallengeMethod(clientId, "invalidMethod"), ExpectError: regexp.MustCompile(`expected pkce_code_challenge_method to be one of \[\ plain S256\], got invalidMethod`), }, { - Config: testKeycloakOpenidClient_omitPkceChallengeMethod(realmName, clientId), + Config: testKeycloakOpenidClient_omitPkceChallengeMethod(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", ""), testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), ), }, { - Config: testKeycloakOpenidClient_pkceChallengeMethod(realmName, clientId, "plain"), + Config: testKeycloakOpenidClient_pkceChallengeMethod(clientId, "plain"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", "plain"), testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), ), }, { - Config: testKeycloakOpenidClient_pkceChallengeMethod(realmName, clientId, "S256"), + Config: testKeycloakOpenidClient_pkceChallengeMethod(clientId, "S256"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", "S256"), testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), ), }, { - Config: testKeycloakOpenidClient_pkceChallengeMethod(realmName, clientId, ""), + Config: testKeycloakOpenidClient_pkceChallengeMethod(clientId, ""), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", ""), testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), @@ -456,7 +452,7 @@ func TestAccKeycloakOpenidClient_pkceCodeChallengeMethod(t *testing.T) { } func TestAccKeycloakOpenidClient_excludeSessionStateFromAuthResponse(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -465,28 +461,28 @@ func TestAccKeycloakOpenidClient_excludeSessionStateFromAuthResponse(t *testing. CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_omitExcludeSessionStateFromAuthResponse(realmName, clientId, "plain"), + Config: testKeycloakOpenidClient_omitExcludeSessionStateFromAuthResponse(clientId, "plain"), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", "plain"), ), }, { - Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(realmName, clientId, false), + Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(clientId, false), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", ""), ), }, { - Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(realmName, clientId, true), + Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(clientId, true), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", true), testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", ""), ), }, { - Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(realmName, clientId, false), + Config: testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(clientId, false), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakOpenidClientHasExcludeSessionStateFromAuthResponse("keycloak_openid_client.client", false), testAccCheckKeycloakOpenidClientHasPkceCodeChallengeMethod("keycloak_openid_client.client", ""), @@ -497,7 +493,7 @@ func TestAccKeycloakOpenidClient_excludeSessionStateFromAuthResponse(t *testing. } func TestAccKeycloakOpenidClient_authenticationFlowBindingOverrides(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -506,11 +502,11 @@ func TestAccKeycloakOpenidClient_authenticationFlowBindingOverrides(t *testing.T CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_authenticationFlowBindingOverrides(realmName, clientId), + Config: testKeycloakOpenidClient_authenticationFlowBindingOverrides(clientId), Check: testAccCheckKeycloakOpenidClientAuthenticationFlowBindingOverrides("keycloak_openid_client.client", "keycloak_authentication_flow.another_flow"), }, { - Config: testKeycloakOpenidClient_withoutAuthenticationFlowBindingOverrides(realmName, clientId), + Config: testKeycloakOpenidClient_withoutAuthenticationFlowBindingOverrides(clientId), Check: testAccCheckKeycloakOpenidClientAuthenticationFlowBindingOverrides("keycloak_openid_client.client", ""), }, }, @@ -518,7 +514,7 @@ func TestAccKeycloakOpenidClient_authenticationFlowBindingOverrides(t *testing.T } func TestAccKeycloakOpenidClient_loginTheme(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) loginThemeKeycloak := "keycloak" loginThemeBase := "base" @@ -530,19 +526,19 @@ func TestAccKeycloakOpenidClient_loginTheme(t *testing.T) { CheckDestroy: testAccCheckKeycloakOpenidClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenidClient_loginTheme(realmName, clientId, loginThemeKeycloak), + Config: testKeycloakOpenidClient_loginTheme(clientId, loginThemeKeycloak), Check: testAccCheckKeycloakOpenidClientLoginTheme("keycloak_openid_client.client", loginThemeKeycloak), }, { - Config: testKeycloakOpenidClient_loginTheme(realmName, clientId, loginThemeBase), + Config: testKeycloakOpenidClient_loginTheme(clientId, loginThemeBase), Check: testAccCheckKeycloakOpenidClientLoginTheme("keycloak_openid_client.client", loginThemeBase), }, { - Config: testKeycloakOpenidClient_loginTheme(realmName, clientId, loginThemeRandom), + Config: testKeycloakOpenidClient_loginTheme(clientId, loginThemeRandom), ExpectError: regexp.MustCompile("validation error: theme \".+\" does not exist on the server"), }, { - Config: testKeycloakOpenidClient_loginTheme(realmName, clientId, loginThemeKeycloak), + Config: testKeycloakOpenidClient_loginTheme(clientId, loginThemeKeycloak), Check: testAccCheckKeycloakOpenidClientLoginTheme("keycloak_openid_client.client", loginThemeKeycloak), }, }, @@ -726,8 +722,6 @@ func testAccCheckKeycloakOpenidClientDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - client, _ := keycloakClient.GetOpenidClient(realm, id) if client != nil { return fmt.Errorf("openid client %s still exists", id) @@ -834,8 +828,6 @@ func testAccCheckKeycloakOpenidClientLoginTheme(resourceName string, loginTheme } func getOpenidClientFromState(s *terraform.State, resourceName string) (*keycloak.OpenidClient, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -852,46 +844,46 @@ func getOpenidClientFromState(s *terraform.State, resourceName string) (*keycloa return client, nil } -func testKeycloakOpenidClient_basic(realm, clientId string) string { +func testKeycloakOpenidClient_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClient_AccessToken_basic(realm, clientId, accessTokenLifespan string) string { +func testKeycloakOpenidClient_AccessToken_basic(clientId, accessTokenLifespan string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" access_token_lifespan = "%s" } - `, realm, clientId, accessTokenLifespan) + `, testAccRealm.Realm, clientId, accessTokenLifespan) } -func testKeycloakOpenidClient_ClientTimeouts(realm, clientId, +func testKeycloakOpenidClient_ClientTimeouts(clientId, offlineSessionIdleTimeout string, offlineSessionMaxLifespan string, sessionIdleTimeout string, sessionMaxLifespan string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" client_offline_session_idle_timeout = "%s" @@ -899,61 +891,61 @@ resource "keycloak_openid_client" "client" { client_session_idle_timeout = "%s" client_session_max_lifespan = "%s" } - `, realm, clientId, offlineSessionIdleTimeout, offlineSessionMaxLifespan, sessionIdleTimeout, sessionMaxLifespan) + `, testAccRealm.Realm, clientId, offlineSessionIdleTimeout, offlineSessionMaxLifespan, sessionIdleTimeout, sessionMaxLifespan) } -func testKeycloakOpenidClient_accessType(realm, clientId, accessType string) string { +func testKeycloakOpenidClient_accessType(clientId, accessType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "%s" } - `, realm, clientId, accessType) + `, testAccRealm.Realm, clientId, accessType) } -func testKeycloakOpenidClient_adminUrl(realm, clientId, adminUrl string) string { +func testKeycloakOpenidClient_adminUrl(clientId, adminUrl string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id admin_url = "%s" access_type = "PUBLIC" } - `, realm, clientId, adminUrl) + `, testAccRealm.Realm, clientId, adminUrl) } -func testKeycloakOpenidClient_baseUrl(realm, clientId, baseUrl string) string { +func testKeycloakOpenidClient_baseUrl(clientId, baseUrl string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id base_url = "%s" access_type = "PUBLIC" } - `, realm, clientId, baseUrl) + `, testAccRealm.Realm, clientId, baseUrl) } -func testKeycloakOpenidClient_rootUrl(realm, clientId, rootUrl string) string { +func testKeycloakOpenidClient_rootUrl(clientId, rootUrl string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id root_url = "%s" valid_redirect_uris = ["http://example.com"] web_origins = ["http://example.com"] @@ -961,117 +953,117 @@ resource "keycloak_openid_client" "client" { access_type = "CONFIDENTIAL" standard_flow_enabled = true } - `, realm, clientId, rootUrl) + `, testAccRealm.Realm, clientId, rootUrl) } -func testKeycloakOpenidClient_pkceChallengeMethod(realm, clientId, pkceChallengeMethod string) string { +func testKeycloakOpenidClient_pkceChallengeMethod(clientId, pkceChallengeMethod string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" pkce_code_challenge_method = "%s" } - `, realm, clientId, pkceChallengeMethod) + `, testAccRealm.Realm, clientId, pkceChallengeMethod) } -func testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(realm, clientId string, excludeSessionStateFromAuthResponse bool) string { +func testKeycloakOpenidClient_excludeSessionStateFromAuthResponse(clientId string, excludeSessionStateFromAuthResponse bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" exclude_session_state_from_auth_response = %t } - `, realm, clientId, excludeSessionStateFromAuthResponse) + `, testAccRealm.Realm, clientId, excludeSessionStateFromAuthResponse) } -func testKeycloakOpenidClient_omitPkceChallengeMethod(realm, clientId string) string { +func testKeycloakOpenidClient_omitPkceChallengeMethod(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClient_omitExcludeSessionStateFromAuthResponse(realm, clientId, pkceChallengeMethod string) string { +func testKeycloakOpenidClient_omitExcludeSessionStateFromAuthResponse(clientId, pkceChallengeMethod string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" pkce_code_challenge_method = "%s" } - `, realm, clientId, pkceChallengeMethod) + `, testAccRealm.Realm, clientId, pkceChallengeMethod) } -func testKeycloakOpenidClient_updateRealmBefore(realmOne, realmTwo, clientId string) string { +func testKeycloakOpenidClient_updateRealmBefore(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id access_type = "BEARER-ONLY" } - `, realmOne, realmTwo, clientId) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientId) } -func testKeycloakOpenidClient_updateRealmAfter(realmOne, realmTwo, clientId string) string { +func testKeycloakOpenidClient_updateRealmAfter(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id access_type = "BEARER-ONLY" } - `, realmOne, realmTwo, clientId) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientId) } func testKeycloakOpenidClient_fromInterface(openidClient *keycloak.OpenidClient) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "%s" enabled = %t description = "%s" @@ -1090,66 +1082,66 @@ resource "keycloak_openid_client" "client" { base_url = "%s" root_url = "%s" } - `, openidClient.RealmId, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.DirectAccessGrantsEnabled, openidClient.ServiceAccountsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl, openidClient.BaseUrl, *openidClient.RootUrl) + `, testAccRealm.Realm, openidClient.ClientId, openidClient.Name, openidClient.Enabled, openidClient.Description, openidClient.ClientSecret, openidClient.StandardFlowEnabled, openidClient.ImplicitFlowEnabled, openidClient.DirectAccessGrantsEnabled, openidClient.ServiceAccountsEnabled, arrayOfStringsForTerraformResource(openidClient.ValidRedirectUris), arrayOfStringsForTerraformResource(openidClient.WebOrigins), openidClient.AdminUrl, openidClient.BaseUrl, *openidClient.RootUrl) } -func testKeycloakOpenidClient_secret(realm, clientId, clientSecret string) string { +func testKeycloakOpenidClient_secret(clientId, clientSecret string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" client_secret = "%s" } - `, realm, clientId, clientSecret) + `, testAccRealm.Realm, clientId, clientSecret) } -func testKeycloakOpenidClient_invalidRedirectUris(realm, clientId, accessType string, standardFlowEnabled, implicitFlowEnabled bool) string { +func testKeycloakOpenidClient_invalidRedirectUris(clientId, accessType string, standardFlowEnabled, implicitFlowEnabled bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "%s" standard_flow_enabled = %t implicit_flow_enabled = %t } - `, realm, clientId, accessType, standardFlowEnabled, implicitFlowEnabled) + `, testAccRealm.Realm, clientId, accessType, standardFlowEnabled, implicitFlowEnabled) } -func testKeycloakOpenidClient_invalidPublicClientWithClientCredentials(realm, clientId string) string { +func testKeycloakOpenidClient_invalidPublicClientWithClientCredentials(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" service_accounts_enabled = true } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(realm, clientId string, standardFlowEnabled, implicitFlowEnabled, directAccessGrantsEnabled, serviceAccountsEnabled bool) string { +func testKeycloakOpenidClient_bearerOnlyClientsCannotIssueTokens(clientId string, standardFlowEnabled, implicitFlowEnabled, directAccessGrantsEnabled, serviceAccountsEnabled bool) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "BEARER-ONLY" standard_flow_enabled = %t @@ -1157,64 +1149,64 @@ resource "keycloak_openid_client" "client" { direct_access_grants_enabled = %t service_accounts_enabled = %t } - `, realm, clientId, standardFlowEnabled, implicitFlowEnabled, directAccessGrantsEnabled, serviceAccountsEnabled) + `, testAccRealm.Realm, clientId, standardFlowEnabled, implicitFlowEnabled, directAccessGrantsEnabled, serviceAccountsEnabled) } -func testKeycloakOpenidClient_authenticationFlowBindingOverrides(realm, clientId string) string { +func testKeycloakOpenidClient_authenticationFlowBindingOverrides(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "another_flow" { alias = "anotherFlow" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "this is another flow" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" authentication_flow_binding_overrides { browser_id = "${keycloak_authentication_flow.another_flow.id}" direct_grant_id = "${keycloak_authentication_flow.another_flow.id}" } } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClient_withoutAuthenticationFlowBindingOverrides(realm, clientId string) string { +func testKeycloakOpenidClient_withoutAuthenticationFlowBindingOverrides(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_authentication_flow" "another_flow" { alias = "anotherFlow" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "this is another flow" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakOpenidClient_loginTheme(realm, clientId, loginTheme string) string { +func testKeycloakOpenidClient_loginTheme(clientId, loginTheme string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "PUBLIC" login_theme = "%s" } - `, realm, clientId, loginTheme) + `, testAccRealm.Realm, clientId, loginTheme) } diff --git a/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go b/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go index 3b8846f1..15b80b59 100644 --- a/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) @@ -22,7 +22,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -30,7 +30,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) @@ -42,7 +42,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClientScope(t *testing.T) CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -50,7 +50,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClientScope(t *testing.T) } func TestAccKeycloakOpenIdFullNameProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) @@ -64,7 +64,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdFullNameProtocolMapperExists(clientResourceName), testKeycloakOpenIdFullNameProtocolMapperExists(clientScopeResourceName), @@ -87,11 +87,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdFullNameProtocolMapper_update(t *testing.T) { + t.Parallel() resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper" mapperOne := &keycloak.OpenIdFullNameProtocolMapper{ Name: acctest.RandString(10), - RealmId: "terraform-realm-" + acctest.RandString(10), ClientId: "terraform-client-" + acctest.RandString(10), AddToIdToken: randomBool(), AddToAccessToken: randomBool(), @@ -100,7 +100,6 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_update(t *testing.T) { mapperTwo := &keycloak.OpenIdFullNameProtocolMapper{ Name: mapperOne.Name, - RealmId: mapperOne.RealmId, ClientId: mapperOne.ClientId, AddToIdToken: randomBool(), AddToAccessToken: randomBool(), @@ -125,9 +124,9 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdFullNameProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdFullNameProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) @@ -139,19 +138,17 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_createAfterManualDestroy(t *tes CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserAttributeProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -159,7 +156,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_createAfterManualDestroy(t *tes } func TestAccKeycloakOpenIdFullNameProtocolMapper_updateMapperNameForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperNameOne := acctest.RandString(10) mapperNameTwo := acctest.RandString(10) @@ -172,11 +169,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateMapperNameForceNew(t *tes CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperNameOne), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperNameOne), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperNameTwo), + Config: testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperNameTwo), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -184,7 +181,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateMapperNameForceNew(t *tes } func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientIdOne := "terraform-client-" + acctest.RandString(10) clientIdTwo := "terraform-client-" + acctest.RandString(10) @@ -196,11 +193,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientIdForceNew(t *testi CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(realmName, clientIdOne, clientIdTwo, "openid_client_one"), + Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, "openid_client_one"), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(realmName, clientIdOne, clientIdTwo, "openid_client_two"), + Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, "openid_client_two"), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -208,7 +205,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientIdForceNew(t *testi } func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeOne := "terraform-client-scope-" + acctest.RandString(10) clientScopeTwo := "terraform-client-scope-" + acctest.RandString(10) @@ -220,11 +217,11 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(t *te CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(realmName, clientScopeOne, clientScopeTwo, "client_scope_one"), + Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(clientScopeOne, clientScopeTwo, "client_scope_one"), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(realmName, clientScopeOne, clientScopeTwo, "client_scope_two"), + Config: testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(clientScopeOne, clientScopeTwo, "client_scope_two"), Check: testKeycloakOpenIdFullNameProtocolMapperExists(resourceName), }, }, @@ -288,8 +285,6 @@ func getFullNameMapperUsingState(state *terraform.State, resourceName string) (* clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdFullNameProtocolMapper(realm, clientId, clientScopeId, id) } @@ -323,14 +318,14 @@ func getGenericProtocolMapperIdForClientScope(resourceName string) resource.Impo } } -func testKeycloakOpenIdFullNameProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdFullNameProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -338,37 +333,37 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdFullNameProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdFullNameProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdFullNameProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdFullNameProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -376,30 +371,30 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } func testKeycloakOpenIdFullNameProtocolMapper_fromInterface(mapper *keycloak.OpenIdFullNameProtocolMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -407,30 +402,30 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" add_to_id_token = %t add_to_access_token = %t add_to_userinfo = %t -}`, mapper.RealmId, mapper.ClientId, mapper.Name, mapper.AddToIdToken, mapper.AddToAccessToken, mapper.AddToUserInfo) +}`, testAccRealm.Realm, mapper.ClientId, mapper.Name, mapper.AddToIdToken, mapper.AddToAccessToken, mapper.AddToUserInfo) } -func testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(realmId, clientIdOne, clientIdTwo, currentClient string) string { +func testKeycloakOpenIdFullNameProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, currentClient string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client_one" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_client" "openid_client_two" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -438,30 +433,30 @@ resource "keycloak_openid_client" "openid_client_two" { resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client" { name = "group-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.%s.id}" -}`, realmId, clientIdOne, clientIdTwo, currentClient) +}`, testAccRealm.Realm, clientIdOne, clientIdTwo, currentClient) } -func testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(realmId, clientScopeIdOne, clientScopeIdTwo, currentClientScope string) string { +func testKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(clientScopeIdOne, clientScopeIdTwo, currentClientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client_scope" "client_scope_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_full_name_protocol_mapper" "full_name_mapper_client_scope" { name = "group-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.%s.id}" -}`, realmId, clientScopeIdOne, clientScopeIdTwo, currentClientScope) +}`, testAccRealm.Realm, clientScopeIdOne, clientScopeIdTwo, currentClientScope) } diff --git a/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go b/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go index 95a95313..6c6d3477 100644 --- a/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) @@ -22,7 +22,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClient(t *testing.T CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -30,7 +30,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClient(t *testing.T } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) @@ -42,7 +42,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClientScope(t *test CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -50,7 +50,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClientScope(t *test } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) @@ -64,7 +64,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdGroupMembershipProtocolMapperExists(clientResourceName), testKeycloakOpenIdGroupMembershipProtocolMapperExists(clientScopeResourceName), @@ -87,11 +87,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_update(t *testing.T) { + t.Parallel() resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper" mapperOne := &keycloak.OpenIdGroupMembershipProtocolMapper{ Name: acctest.RandString(10), - RealmId: "terraform-realm-" + acctest.RandString(10), ClientId: "terraform-client-" + acctest.RandString(10), ClaimName: acctest.RandString(10), FullPath: randomBool(), @@ -102,7 +102,6 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_update(t *testing.T) { mapperTwo := &keycloak.OpenIdGroupMembershipProtocolMapper{ Name: mapperOne.Name, - RealmId: mapperOne.RealmId, ClientId: mapperOne.ClientId, ClaimName: acctest.RandString(10), FullPath: randomBool(), @@ -129,9 +128,9 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdGroupMembershipProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) @@ -143,19 +142,17 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_createAfterManualDestroy CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserAttributeProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -163,7 +160,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_createAfterManualDestroy } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateMapperNameForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperNameOne := acctest.RandString(10) mapperNameTwo := acctest.RandString(10) @@ -176,11 +173,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateMapperNameForceNew CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperNameOne), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperNameOne), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperNameTwo), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperNameTwo), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -188,7 +185,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateMapperNameForceNew } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientIdOne := "terraform-client-" + acctest.RandString(10) clientIdTwo := "terraform-client-" + acctest.RandString(10) @@ -200,11 +197,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientIdForceNew(t CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(realmName, clientIdOne, clientIdTwo, "openid_client_one"), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, "openid_client_one"), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(realmName, clientIdOne, clientIdTwo, "openid_client_two"), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, "openid_client_two"), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -212,7 +209,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientIdForceNew(t } func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeOne := "terraform-client-scope-" + acctest.RandString(10) clientScopeTwo := "terraform-client-scope-" + acctest.RandString(10) @@ -224,11 +221,11 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNe CheckDestroy: testAccKeycloakOpenIdGroupMembershipProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(realmName, clientScopeOne, clientScopeTwo, "client_scope_one"), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(clientScopeOne, clientScopeTwo, "client_scope_one"), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(realmName, clientScopeOne, clientScopeTwo, "client_scope_two"), + Config: testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(clientScopeOne, clientScopeTwo, "client_scope_two"), Check: testKeycloakOpenIdGroupMembershipProtocolMapperExists(resourceName), }, }, @@ -292,19 +289,17 @@ func getGroupMembershipMapperUsingState(state *terraform.State, resourceName str clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdGroupMembershipProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -312,39 +307,39 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "bar" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "bar" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -352,32 +347,32 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "bar" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "bar" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } func testKeycloakOpenIdGroupMembershipProtocolMapper_fromInterface(mapper *keycloak.OpenIdGroupMembershipProtocolMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -385,7 +380,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "%s" @@ -393,24 +388,24 @@ resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_ma add_to_id_token = %t add_to_access_token = %t add_to_userinfo = %t -}`, mapper.RealmId, mapper.ClientId, mapper.Name, mapper.ClaimName, mapper.FullPath, mapper.AddToIdToken, mapper.AddToAccessToken, mapper.AddToUserinfo) +}`, testAccRealm.Realm, mapper.ClientId, mapper.Name, mapper.ClaimName, mapper.FullPath, mapper.AddToIdToken, mapper.AddToAccessToken, mapper.AddToUserinfo) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(realmId, clientIdOne, clientIdTwo, currentClient string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientForceNew(clientIdOne, clientIdTwo, currentClient string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client_one" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_client" "openid_client_two" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -418,34 +413,34 @@ resource "keycloak_openid_client" "openid_client_two" { resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client" { name = "group-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.%s.id}" claim_name = "foo" -}`, realmId, clientIdOne, clientIdTwo, currentClient) +}`, testAccRealm.Realm, clientIdOne, clientIdTwo, currentClient) } -func testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(realmId, clientScopeIdOne, clientScopeIdTwo, currentClientScope string) string { +func testKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(clientScopeIdOne, clientScopeIdTwo, currentClientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client_scope" "client_scope_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper_client_scope" { name = "group-mapper" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.%s.id}" claim_name = "foo" -}`, realmId, clientScopeIdOne, clientScopeIdTwo, currentClientScope) +}`, testAccRealm.Realm, clientScopeIdOne, clientScopeIdTwo, currentClientScope) } diff --git a/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go b/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go index 100da5c0..1627a630 100644 --- a/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -23,7 +23,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClient(t *testing.T) CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -31,7 +31,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClient(t *testing.T) } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -43,7 +43,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClientScope(t *testi CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -51,7 +51,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClientScope(t *testi } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -65,7 +65,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdHardcodedClaimProtocolMapperExists(clientResourceName), testKeycloakOpenIdHardcodedClaimProtocolMapperExists(clientScopeResourceName), @@ -88,7 +88,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -105,11 +105,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, clientId, mapperName, claimName, claimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, claimName, claimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, clientId, mapperName, updatedClaimName, updatedClaimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, updatedClaimName, updatedClaimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -117,9 +117,9 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdHardcodedClaimProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -131,19 +131,17 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_createAfterManualDestroy( CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdHardcodedClaimProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -151,7 +149,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_createAfterManualDestroy( } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -161,7 +159,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(t CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -169,7 +167,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(t } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -184,11 +182,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientIdForceNew(t CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, clientId, mapperName, claimName, claimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, claimName, claimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, updatedClientId, mapperName, claimName, claimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(updatedClientId, mapperName, claimName, claimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -196,7 +194,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientIdForceNew(t } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -208,11 +206,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientScopeForceNew CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -220,8 +218,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientScopeForceNew } func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) @@ -235,11 +232,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateRealmIdForceNew(t * CheckDestroy: testAccKeycloakOpenIdHardcodedClaimProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, clientId, mapperName, claimName, claimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, claimName, claimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(newRealmName, clientId, mapperName, claimName, claimValue), + Config: testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, claimName, claimValue), Check: testKeycloakOpenIdHardcodedClaimProtocolMapperExists(resourceName), }, }, @@ -302,19 +299,17 @@ func getHardcodedClaimMapperUsingState(state *terraform.State, resourceName stri clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdHardcodedClaimProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -322,45 +317,45 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -368,7 +363,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" @@ -378,28 +373,28 @@ resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapp resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value = "bar" claim_value_type = "String" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(realmName, clientId, mapperName, claimName, claimValue string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_claimNameAndValue(clientId, mapperName, claimName, claimValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -407,22 +402,22 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "%s" claim_value = "%s" -}`, realmName, clientId, mapperName, claimName, claimValue) +}`, testAccRealm.Realm, clientId, mapperName, claimName, claimValue) } -func testKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "openid-client" access_type = "BEARER-ONLY" @@ -430,11 +425,11 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_claim_protocol_mapper" "hardcoded_claim_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_value = "foo" claim_name = "bar" claim_value_type = "%s" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } diff --git a/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go index 91281350..f4e393d9 100644 --- a/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() role := "terraform-role-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) @@ -23,7 +23,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(t *t CheckDestroy: testAccKeycloakOpenIdHardcodedRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(realmName, role, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(role, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, }, @@ -31,7 +31,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(t *t } func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientIdForRole := "terraform-client-" + acctest.RandString(10) role := "terraform-role-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) @@ -45,7 +45,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(t * CheckDestroy: testAccKeycloakOpenIdHardcodedRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(realmName, clientIdForRole, role, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(clientIdForRole, role, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, }, @@ -53,7 +53,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(t * } func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() role := "terraform-role-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope CheckDestroy: testAccKeycloakOpenIdHardcodedRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(realmName, role, clientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(role, clientScopeId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, }, @@ -74,7 +74,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope } func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() role := "terraform-role-" + acctest.RandString(10) clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -89,7 +89,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_import(realmName, role, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_import(role, clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdHardcodedRoleProtocolMapperExists(clientResourceName), testKeycloakOpenIdHardcodedRoleProtocolMapperExists(clientScopeResourceName), @@ -112,7 +112,7 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() roleOne := "terraform-role-" + acctest.RandString(10) roleTwo := "terraform-role-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) @@ -126,11 +126,11 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdHardcodedRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateBefore(realmName, roleOne, roleTwo, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateBefore(roleOne, roleTwo, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateAfter(realmName, roleOne, roleTwo, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateAfter(roleOne, roleTwo, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, }, @@ -138,9 +138,9 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdHardcodedRoleProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) role := "terraform-role-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) @@ -153,19 +153,17 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_createAfterManualDestroy(t CheckDestroy: testAccKeycloakOpenIdHardcodedRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(realmName, role, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(role, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdHardcodedRoleProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(realmName, role, clientId, mapperName), + Config: testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(role, clientId, mapperName), Check: testKeycloakOpenIdHardcodedRoleProtocolMapperExists(resourceName), }, }, @@ -228,24 +226,22 @@ func getHardcodedRoleMapperUsingState(state *terraform.State, resourceName strin clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdHardcodedRoleProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(realmName, role, clientId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(role, clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -253,49 +249,49 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" role_id = "${keycloak_role.role.id}" -}`, realmName, role, clientId, mapperName) +}`, testAccRealm.Realm, role, clientId, mapperName) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(realmName, role, clientScopeId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(role, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" role_id = "${keycloak_role.role.id}" -}`, realmName, role, clientScopeId, mapperName) +}`, testAccRealm.Realm, role, clientScopeId, mapperName) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_import(realmName, role, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_import(role, clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -303,7 +299,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" role_id = "${keycloak_role.role.id}" @@ -311,36 +307,36 @@ resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" role_id = "${keycloak_role.role.id}" -}`, realmName, role, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, role, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateBefore(realmName, roleOne, roleTwo, clientId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateBefore(roleOne, roleTwo, clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -348,30 +344,30 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" role_id = "${keycloak_role.role_one.id}" -}`, realmName, roleOne, roleTwo, clientId, mapperName) +}`, testAccRealm.Realm, roleOne, roleTwo, clientId, mapperName) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateAfter(realmName, roleOne, roleTwo, clientId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientUpdateAfter(roleOne, roleTwo, clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -379,20 +375,20 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" role_id = "${keycloak_role.role_two.id}" -}`, realmName, roleOne, roleTwo, clientId, mapperName) +}`, testAccRealm.Realm, roleOne, roleTwo, clientId, mapperName) } -func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(realmName, clientIdForRole, role, clientId, mapperName string) string { +func testKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(clientIdForRole, role, clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client_for_role" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -400,12 +396,12 @@ resource "keycloak_openid_client" "openid_client_for_role" { resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client_for_role.id}" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -413,8 +409,8 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_hardcoded_role_protocol_mapper" "hardcoded_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" role_id = "${keycloak_role.role.id}" -}`, realmName, clientIdForRole, role, clientId, mapperName) +}`, testAccRealm.Realm, clientIdForRole, role, clientId, mapperName) } diff --git a/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go index 6f901e6e..5837e00e 100644 --- a/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -23,7 +23,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClient(t *testing.T) CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -31,7 +31,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClient(t *testing.T) } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -43,7 +43,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClientScope(t *testin CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -51,7 +51,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClientScope(t *testin } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -65,7 +65,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdUserAttributeProtocolMapperExists(clientResourceName), testKeycloakOpenIdUserAttributeProtocolMapperExists(clientScopeResourceName), @@ -88,7 +88,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -102,11 +102,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, clientId, mapperName, attributeName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(clientId, mapperName, attributeName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, clientId, mapperName, updatedAttributeName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(clientId, mapperName, updatedAttributeName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -114,9 +114,9 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdUserAttributeProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -128,19 +128,17 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_createAfterManualDestroy(t CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserAttributeProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -148,7 +146,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_createAfterManualDestroy(t } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -158,7 +156,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClaimValueType(t * CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_claimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -166,7 +164,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClaimValueType(t * } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) @@ -180,11 +178,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientIdForceNew(t * CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, clientId, mapperName, attributeName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(clientId, mapperName, attributeName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, updatedClientId, mapperName, attributeName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(updatedClientId, mapperName, attributeName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -192,7 +190,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientIdForceNew(t * } func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -204,37 +202,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientScopeForceNew( CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), - Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), - }, - }, - }) -} - -func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) - - attributeName := "claim-" + acctest.RandString(10) - resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper" - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccKeycloakOpenIdUserAttributeProtocolMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, clientId, mapperName, attributeName), - Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), - }, - { - Config: testKeycloakOpenIdUserAttributeProtocolMapper_claim(newRealmName, clientId, mapperName, attributeName), + Config: testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdUserAttributeProtocolMapperExists(resourceName), }, }, @@ -297,19 +269,17 @@ func getUserAttributeMapperUsingState(state *terraform.State, resourceName strin clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdUserAttributeProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -317,41 +287,41 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_attribute = "foo" claim_name = "bar" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" user_attribute = "foo" claim_name = "bar" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdUserAttributeProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -359,7 +329,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_attribute = "foo" claim_name = "bar" @@ -367,26 +337,26 @@ resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" user_attribute = "foo" claim_name = "bar" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdUserAttributeProtocolMapper_claim(realmName, clientId, mapperName, attributeName string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_claim(clientId, mapperName, attributeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -394,24 +364,24 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_attribute = "%s" claim_name = "bar" -}`, realmName, clientId, mapperName, attributeName) +}`, testAccRealm.Realm, clientId, mapperName, attributeName) } -func testKeycloakOpenIdUserAttributeProtocolMapper_claimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdUserAttributeProtocolMapper_claimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_attribute_protocol_mapper" "user_attribute_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_attribute = "foo" claim_name = "bar" claim_value_type = "%s" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } diff --git a/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go index f1160876..64ef0ed7 100644 --- a/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -24,7 +24,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClient(t *testing.T) CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClient(t *testing.T) } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -44,7 +44,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClientScope(t *testi CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -52,7 +52,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClientScope(t *testi } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdUserClientRoleProtocolMapperExists(clientResourceName), testKeycloakOpenIdUserClientRoleProtocolMapperExists(clientScopeResourceName), @@ -89,7 +89,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -104,11 +104,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, clientId, mapperName, updatedClaimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, updatedClaimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -116,9 +116,9 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdUserClientRoleProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -130,19 +130,17 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_createAfterManualDestroy( CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserClientRoleProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -150,7 +148,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_createAfterManualDestroy( } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -160,7 +158,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(t CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -168,7 +166,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(t } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -182,11 +180,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientIdForceNew(t CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, updatedClientId, mapperName, claimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(updatedClientId, mapperName, claimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -194,7 +192,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientIdForceNew(t } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -206,11 +204,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientScopeForceNew CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -218,8 +216,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientScopeForceNew } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -232,11 +229,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateRealmIdForceNew(t * CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(newRealmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -244,7 +241,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateRealmIdForceNew(t * } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) assignedClientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -256,11 +253,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(t *testi CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(realmName, clientId, assignedClientId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(clientId, assignedClientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(realmName, clientId, assignedClientId, mapperName), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(clientId, assignedClientId, mapperName), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -268,7 +265,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(t *testi } func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) assignedClientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) @@ -281,11 +278,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefi CheckDestroy: testAccKeycloakOpenIdUserClientRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(realmName, clientId, assignedClientId, mapperName, rolePrefix), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(clientId, assignedClientId, mapperName, rolePrefix), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(realmName, clientId, assignedClientId, mapperName, rolePrefix), + Config: testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(clientId, assignedClientId, mapperName, rolePrefix), Check: testKeycloakOpenIdUserClientRoleProtocolMapperExists(resourceName), }, }, @@ -348,173 +345,171 @@ func getUserClientRoleMapperUsingState(state *terraform.State, resourceName stri clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdUserClientRoleProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_claim(clientId, mapperName, claimName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "%s" claim_value_type = "String" -}`, realmName, clientId, mapperName, claimName) +}`, testAccRealm.Realm, clientId, mapperName, claimName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "openid-client" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "%s" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(realmName, clientId, assignedClientId, mapperName string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(clientId, assignedClientId, mapperName string) string { return fmt.Sprintf(` - resource "keycloak_realm" "realm" { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" - access_type = "BEARER-ONLY" - } - resource "keycloak_openid_client" "openid_client_assigned" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" + access_type = "BEARER-ONLY" +} +resource "keycloak_openid_client" "openid_client_assigned" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" - access_type = "BEARER-ONLY" - } + access_type = "BEARER-ONLY" +} - resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_validation" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" +resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_validation" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = "${keycloak_openid_client.openid_client.id}" - claim_name = "foo" - claim_value_type = "String" - client_id_for_role_mappings = "${keycloak_openid_client.openid_client_assigned.id}" - }`, realmName, clientId, assignedClientId, mapperName) + claim_name = "foo" + claim_value_type = "String" + client_id_for_role_mappings = "${keycloak_openid_client.openid_client_assigned.id}" +}`, testAccRealm.Realm, clientId, assignedClientId, mapperName) } -func testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(realmName, clientId, assignedClientId, mapperName, rolePrefix string) string { +func testKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(clientId, assignedClientId, mapperName, rolePrefix string) string { return fmt.Sprintf(` - resource "keycloak_realm" "realm" { - realm = "%s" - } +data "keycloak_realm" "realm" { + realm = "%s" +} - resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" - access_type = "BEARER-ONLY" - } - resource "keycloak_openid_client" "openid_client_assigned" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "%s" + access_type = "BEARER-ONLY" +} +resource "keycloak_openid_client" "openid_client_assigned" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" - access_type = "BEARER-ONLY" - } + access_type = "BEARER-ONLY" +} - resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_validation" { - name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.openid_client.id}" +resource "keycloak_openid_user_client_role_protocol_mapper" "user_client_role_mapper_validation" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = "${keycloak_openid_client.openid_client.id}" - claim_name = "foo" - claim_value_type = "String" - client_id_for_role_mappings = "${keycloak_openid_client.openid_client_assigned.id}" - client_role_prefix= "%s" - }`, realmName, clientId, assignedClientId, mapperName, rolePrefix) + claim_name = "foo" + claim_value_type = "String" + client_id_for_role_mappings = "${keycloak_openid_client.openid_client_assigned.id}" + client_role_prefix= "%s" +}`, testAccRealm.Realm, clientId, assignedClientId, mapperName, rolePrefix) } diff --git a/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go index 4b4c0226..8c3096c2 100644 --- a/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -23,7 +23,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -31,7 +31,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -43,7 +43,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClientScope(t *testing CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -51,7 +51,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClientScope(t *testing } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -65,7 +65,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdUserPropertyProtocolMapperExists(clientResourceName), testKeycloakOpenIdUserPropertyProtocolMapperExists(clientScopeResourceName), @@ -88,7 +88,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -102,11 +102,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, clientId, mapperName, propertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, propertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, clientId, mapperName, updatedPropertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, updatedPropertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -114,9 +114,9 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdUserPropertyProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -128,19 +128,17 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_createAfterManualDestroy(t CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserPropertyProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -148,7 +146,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_createAfterManualDestroy(t } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -158,7 +156,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClaimValueType(t *t CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -166,7 +164,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClaimValueType(t *t } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -180,11 +178,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientIdForceNew(t *t CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, clientId, mapperName, propertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, propertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, updatedClientId, mapperName, propertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(updatedClientId, mapperName, propertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -192,7 +190,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientIdForceNew(t *t } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -204,11 +202,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientScopeForceNew(t CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -216,8 +214,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientScopeForceNew(t } func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) @@ -230,11 +227,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateRealmIdForceNew(t *te CheckDestroy: testAccKeycloakOpenIdUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, clientId, mapperName, propertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, propertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(newRealmName, clientId, mapperName, propertyName), + Config: testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, propertyName), Check: testKeycloakOpenIdUserPropertyProtocolMapperExists(resourceName), }, }, @@ -297,19 +294,17 @@ func getUserPropertyMapperUsingState(state *terraform.State, resourceName string clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdUserPropertyProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -317,41 +312,41 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_property = "foo" claim_name = "bar" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" user_property = "foo" claim_name = "bar" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdUserPropertyProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -359,7 +354,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_property = "foo" claim_name = "bar" @@ -367,26 +362,26 @@ resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_c resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" user_property = "foo" claim_name = "bar" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdUserPropertyProtocolMapper_claim(realmName, clientId, mapperName, propertyName string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_claim(clientId, mapperName, propertyName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -394,24 +389,24 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" user_property = "%s" claim_name = "bar" -}`, realmName, clientId, mapperName, propertyName) +}`, testAccRealm.Realm, clientId, mapperName, propertyName) } -func testKeycloakOpenIdUserPropertyProtocolMapper_claimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdUserPropertyProtocolMapper_claimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_user_property_protocol_mapper" "user_property_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_property = "foo" claim_name = "bar" claim_value_type = "%s" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } diff --git a/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go index 50043c6c..cc9aafaf 100644 --- a/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -24,7 +24,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClient(t *testing.T) CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClient(t *testing.T) } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -44,7 +44,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClientScope(t *testin CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -52,7 +52,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClientScope(t *testin } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdFullNameProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdUserRealmRoleProtocolMapperExists(clientResourceName), testKeycloakOpenIdUserRealmRoleProtocolMapperExists(clientScopeResourceName), @@ -89,7 +89,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -104,11 +104,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, clientId, mapperName, updatedClaimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, updatedClaimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -116,9 +116,9 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_update(t *testing.T) { } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdUserRealmRoleProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -130,19 +130,17 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_createAfterManualDestroy(t CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserRealmRoleProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -150,7 +148,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_createAfterManualDestroy(t } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -160,7 +158,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(t * CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -168,7 +166,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(t * } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -182,11 +180,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientIdForceNew(t * CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, updatedClientId, mapperName, claimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(updatedClientId, mapperName, claimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -194,7 +192,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientIdForceNew(t * } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -206,11 +204,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientScopeForceNew( CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -218,8 +216,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientScopeForceNew( } func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) @@ -232,11 +229,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateRealmIdForceNew(t *t CheckDestroy: testAccKeycloakOpenIdUserRealmRoleProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(newRealmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserRealmRoleProtocolMapperExists(resourceName), }, }, @@ -299,19 +296,17 @@ func getUserRealmRoleMapperUsingState(state *terraform.State, resourceName strin clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdUserRealmRoleProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -319,43 +314,43 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(realmName, clientId, mapperName, claimName string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_claim(clientId, mapperName, claimName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -363,22 +358,22 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "%s" claim_value_type = "String" -}`, realmName, clientId, mapperName, claimName) +}`, testAccRealm.Realm, clientId, mapperName, claimName) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" @@ -386,7 +381,7 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" @@ -395,27 +390,27 @@ resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapp resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "openid-client" access_type = "BEARER-ONLY" @@ -423,10 +418,10 @@ resource "keycloak_openid_client" "openid_client" { resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "%s" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } diff --git a/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go index a2494c44..b74f6d9c 100644 --- a/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -24,7 +24,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClient(t *testing.T CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -32,7 +32,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClient(t *testing.T } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClientScope(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -44,7 +44,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClientScope(t *test CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -52,7 +52,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClientScope(t *test } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-openid-client-" + acctest.RandString(10) clientScopeId := "terraform-client-scope-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -66,7 +66,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_import(realmName, clientId, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_import(clientId, clientScopeId, mapperName), Check: resource.ComposeTestCheckFunc( testKeycloakOpenIdUserSessionNoteProtocolMapperExists(clientResourceName), testKeycloakOpenIdUserSessionNoteProtocolMapperExists(clientScopeResourceName), @@ -89,7 +89,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_import(t *testing.T) { } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClaim(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -104,11 +104,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClaim(t *testing.T CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, clientId, mapperName, updatedClaimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, updatedClaimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -116,7 +116,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClaim(t *testing.T } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateNote(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -131,11 +131,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateNote(t *testing.T) CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_note(realmName, clientId, mapperName, noteName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_note(clientId, mapperName, noteName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_note(realmName, clientId, mapperName, updatedNoteName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_note(clientId, mapperName, updatedNoteName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -143,9 +143,9 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateNote(t *testing.T) } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.OpenIdUserSessionNoteProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -157,19 +157,17 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_createAfterManualDestroy CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteOpenIdUserSessionNoteProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -177,7 +175,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_createAfterManualDestroy } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(10) invalidClaimValueType := acctest.RandString(5) @@ -187,7 +185,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(t CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(realmName, mapperName, invalidClaimValueType), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(mapperName, invalidClaimValueType), ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), }, }, @@ -195,7 +193,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(t } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -209,11 +207,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientIdForceNew(t CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, updatedClientId, mapperName, claimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(updatedClientId, mapperName, claimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -221,7 +219,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientIdForceNew(t } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientScopeForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) clientScopeId := "terraform-client-" + acctest.RandString(10) newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) @@ -233,11 +231,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientScopeForceNe CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(clientScopeId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(realmName, newClientScopeId, mapperName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(newClientScopeId, mapperName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -245,8 +243,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientScopeForceNe } func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) @@ -259,11 +256,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateRealmIdForceNew(t CheckDestroy: testAccKeycloakOpenIdUserSessionNoteProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, { - Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(newRealmName, clientId, mapperName, claimName), + Config: testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, claimName), Check: testKeycloakOpenIdUserSessionNoteProtocolMapperExists(resourceName), }, }, @@ -326,102 +323,100 @@ func getUserSessionNoteMapperUsingState(state *terraform.State, resourceName str clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetOpenIdUserSessionNoteProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" session_note = "bar" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(realmName, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" session_note = "bar" -}`, realmName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientScopeId, mapperName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(realmName, clientId, mapperName, claimName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_claim(clientId, mapperName, claimName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "%s" claim_value_type = "String" -}`, realmName, clientId, mapperName, claimName) +}`, testAccRealm.Realm, clientId, mapperName, claimName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_note(realmName, clientId, mapperName, noteName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_note(clientId, mapperName, noteName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" session_note = "%s" -}`, realmName, clientId, mapperName, noteName) +}`, testAccRealm.Realm, clientId, mapperName, noteName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_import(realmName, clientId, clientScopeId, mapperName string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_import(clientId, clientScopeId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "String" @@ -429,34 +424,34 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_ } resource "keycloak_openid_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_scope_id = "${keycloak_openid_client_scope.client_scope.id}" claim_name = "foo" claim_value_type = "String" session_note = "bar" -}`, realmName, clientId, mapperName, clientScopeId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) } -func testKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(realmName, mapperName, claimValueType string) string { +func testKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(mapperName, claimValueType string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "openid-client" access_type = "BEARER-ONLY" } resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_mapper_validation" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" claim_name = "foo" claim_value_type = "%s" session_note = "bar" -}`, realmName, mapperName, claimValueType) +}`, testAccRealm.Realm, mapperName, claimValueType) } diff --git a/provider/resource_keycloak_realm_events_test.go b/provider/resource_keycloak_realm_events_test.go index fd26836e..aad0d1ec 100644 --- a/provider/resource_keycloak_realm_events_test.go +++ b/provider/resource_keycloak_realm_events_test.go @@ -38,7 +38,6 @@ func TestAccKeycloakRealmEvents_destroy(t *testing.T) { { Config: testKeycloakRealmEvents_realmOnly(realmName), Check: func(state *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) realmEventsConfig, err := keycloakClient.GetRealmEventsConfig(realmName) if err != nil { return err @@ -165,8 +164,12 @@ func TestAccKeycloakRealmEvents_unsetEnabledEventTypes(t *testing.T) { return err } - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_7) { //keycloak versions < 7.0.0 have 63 events, versions >=7.0.0 have 67 events + //keycloak versions < 7.0.0 have 63 events, versions >=7.0.0 have 67 events, versions >=12.0.0 have 69 events + if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_12) { + if len(realmEventsConfig.EnabledEventTypes) != 69 { + return fmt.Errorf("exptected to enabled_event_types to contain all(69) event types, but it contains %d", len(realmEventsConfig.EnabledEventTypes)) + } + } else if keycloakClient.VersionIsGreaterThanOrEqualTo(keycloak.Version_7) { if len(realmEventsConfig.EnabledEventTypes) != 67 { return fmt.Errorf("exptected to enabled_event_types to contain all(67) event types, but it contains %d", len(realmEventsConfig.EnabledEventTypes)) } @@ -185,8 +188,6 @@ func TestAccKeycloakRealmEvents_unsetEnabledEventTypes(t *testing.T) { } func getRealmEventsFromState(s *terraform.State, resourceName string) (*keycloak.RealmEventsConfig, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -216,25 +217,25 @@ func testAccCheckKeycloakRealmEventsExists(resourceName string) resource.TestChe func testKeycloakRealmEvents_basic(realm string) string { return fmt.Sprintf(` resource "keycloak_realm" "realm" { - realm = "%s" +realm = "%s" } resource "keycloak_realm_events" "realm_events" { - realm_id = "${keycloak_realm.realm.id}" +realm_id = "${keycloak_realm.realm.id}" - admin_events_enabled = true - admin_events_details_enabled = true - events_enabled = true - events_expiration = 1234 +admin_events_enabled = true +admin_events_details_enabled = true +events_enabled = true +events_expiration = 1234 - enabled_event_types = [ +enabled_event_types = [ "LOGIN", "LOGOUT", - ] +] - events_listeners = [ - "jboss-logging", +events_listeners = [ + "jboss-logging", "example-listener", - ] +] } `, realm) } @@ -242,7 +243,7 @@ resource "keycloak_realm_events" "realm_events" { func testKeycloakRealmEvents_realmOnly(realm string) string { return fmt.Sprintf(` resource "keycloak_realm" "realm" { - realm = "%s" +realm = "%s" } `, realm) } @@ -254,16 +255,16 @@ resource "keycloak_realm" "realm" { } resource "keycloak_realm_events" "realm_events" { - realm_id = "${keycloak_realm.realm.id}" +realm_id = "${keycloak_realm.realm.id}" - admin_events_enabled = %t - admin_events_details_enabled = %t - events_enabled = %t - events_expiration = %d +admin_events_enabled = %t +admin_events_details_enabled = %t +events_enabled = %t +events_expiration = %d - enabled_event_types = %s +enabled_event_types = %s - events_listeners = %s +events_listeners = %s } `, realm, realmEventsConfig.AdminEventsEnabled, realmEventsConfig.AdminEventsDetailsEnabled, realmEventsConfig.EventsEnabled, realmEventsConfig.EventsExpiration, arrayOfStringsForTerraformResource(realmEventsConfig.EnabledEventTypes), arrayOfStringsForTerraformResource(realmEventsConfig.EventsListeners)) } diff --git a/provider/resource_keycloak_realm_test.go b/provider/resource_keycloak_realm_test.go index 3a8d5339..62a5abfe 100644 --- a/provider/resource_keycloak_realm_test.go +++ b/provider/resource_keycloak_realm_test.go @@ -56,8 +56,6 @@ func TestAccKeycloakRealm_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteRealm(realmName) if err != nil { t.Fatal(err) @@ -921,8 +919,6 @@ func testAccCheckKeycloakRealmDestroy() resource.TestCheckFunc { } realmName := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - realm, _ := keycloakClient.GetRealm(realmName) if realm != nil { return fmt.Errorf("realm %s still exists", realmName) @@ -934,8 +930,6 @@ func testAccCheckKeycloakRealmDestroy() resource.TestCheckFunc { } func getRealmFromState(s *terraform.State, resourceName string) (*keycloak.Realm, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) diff --git a/provider/resource_keycloak_required_action_test.go b/provider/resource_keycloak_required_action_test.go index bdabeefe..5becf747 100644 --- a/provider/resource_keycloak_required_action_test.go +++ b/provider/resource_keycloak_required_action_test.go @@ -5,7 +5,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/mrparkers/terraform-provider-keycloak/keycloak" "regexp" "testing" ) @@ -182,7 +181,6 @@ resource "keycloak_required_action" "required_action2" { func testAccCheckKeycloakRequiresActionExistsWithCorrectPriority(realm, requiredActionAlias string, priority int) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) action, err := keycloakClient.GetRequiredAction(realm, requiredActionAlias) if err != nil { return fmt.Errorf("required action not found: %s", requiredActionAlias) @@ -198,7 +196,6 @@ func testAccCheckKeycloakRequiresActionExistsWithCorrectPriority(realm, required func testAccCheckKeycloakRequiresActionExists(realm, requiredActionAlias string) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) _, err := keycloakClient.GetRequiredAction(realm, requiredActionAlias) if err != nil { return fmt.Errorf("required action not found: %s", requiredActionAlias) diff --git a/provider/resource_keycloak_role_test.go b/provider/resource_keycloak_role_test.go index bdf1da02..81399888 100644 --- a/provider/resource_keycloak_role_test.go +++ b/provider/resource_keycloak_role_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakRole_basicRealm(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() roleName := "terraform-role-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -19,21 +19,21 @@ func TestAccKeycloakRole_basicRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicRealm(realmName, roleName), + Config: testKeycloakRole_basicRealm(roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { ResourceName: "keycloak_role.role", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakRole_basicRealmUrlRoleName(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() roleName := "terraform-role-httpfoo.bara1b2" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -42,21 +42,21 @@ func TestAccKeycloakRole_basicRealmUrlRoleName(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicRealm(realmName, roleName), + Config: testKeycloakRole_basicRealm(roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { ResourceName: "keycloak_role.role", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakRole_basicClient(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) roleName := "terraform-role-" + acctest.RandString(10) @@ -66,21 +66,21 @@ func TestAccKeycloakRole_basicClient(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicClient(realmName, clientId, roleName), + Config: testKeycloakRole_basicClient(clientId, roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { ResourceName: "keycloak_role.role", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakRole_basicSamlClient(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) roleName := "terraform-role-" + acctest.RandString(10) @@ -90,21 +90,21 @@ func TestAccKeycloakRole_basicSamlClient(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicSamlClient(realmName, clientId, roleName), + Config: testKeycloakRole_basicSamlClient(clientId, roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { ResourceName: "keycloak_role.role", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakRole_basicRealmUpdate(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() roleName := "terraform-role-" + acctest.RandString(10) descriptionOne := acctest.RandString(50) descriptionTwo := acctest.RandString(50) @@ -115,15 +115,15 @@ func TestAccKeycloakRole_basicRealmUpdate(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicRealmWithDescription(realmName, roleName, descriptionOne), + Config: testKeycloakRole_basicRealmWithDescription(roleName, descriptionOne), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { - Config: testKeycloakRole_basicRealmWithDescription(realmName, roleName, descriptionTwo), + Config: testKeycloakRole_basicRealmWithDescription(roleName, descriptionTwo), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { - Config: testKeycloakRole_basicRealm(realmName, roleName), + Config: testKeycloakRole_basicRealm(roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, }, @@ -131,7 +131,7 @@ func TestAccKeycloakRole_basicRealmUpdate(t *testing.T) { } func TestAccKeycloakRole_basicClientUpdate(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) roleName := "terraform-role-" + acctest.RandString(10) descriptionOne := acctest.RandString(50) @@ -143,15 +143,15 @@ func TestAccKeycloakRole_basicClientUpdate(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicClientWithDescription(realmName, clientId, roleName, descriptionOne), + Config: testKeycloakRole_basicClientWithDescription(clientId, roleName, descriptionOne), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { - Config: testKeycloakRole_basicClientWithDescription(realmName, clientId, roleName, descriptionTwo), + Config: testKeycloakRole_basicClientWithDescription(clientId, roleName, descriptionTwo), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, { - Config: testKeycloakRole_basicClient(realmName, clientId, roleName), + Config: testKeycloakRole_basicClient(clientId, roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, }, @@ -159,9 +159,9 @@ func TestAccKeycloakRole_basicClientUpdate(t *testing.T) { } func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { + t.Parallel() var role = &keycloak.Role{} - realmName := "terraform-" + acctest.RandString(10) roleName := "terraform-role-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -170,7 +170,7 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakRoleDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakRole_basicRealm(realmName, roleName), + Config: testKeycloakRole_basicRealm(roleName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakRoleExists("keycloak_role.role"), testAccCheckKeycloakRoleFetch("keycloak_role.role", role), @@ -178,14 +178,12 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteRole(role.RealmId, role.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakRole_basicRealm(realmName, roleName), + Config: testKeycloakRole_basicRealm(roleName), Check: testAccCheckKeycloakRoleExists("keycloak_role.role"), }, }, @@ -193,7 +191,7 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakRole_composites(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientOne := "terraform-client-" + acctest.RandString(10) clientTwo := "terraform-client-" + acctest.RandString(10) roleOne := "terraform-role-one-" + acctest.RandString(10) @@ -210,7 +208,7 @@ func TestAccKeycloakRole_composites(t *testing.T) { Steps: []resource.TestStep{ // initial setup - no composites attached { - Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}), + Config: testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakRoleExists("keycloak_role.role_1"), testAccCheckKeycloakRoleExists("keycloak_role.role_2"), @@ -221,7 +219,7 @@ func TestAccKeycloakRole_composites(t *testing.T) { }, // add all composites { - Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ + Config: testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ "${keycloak_role.role_1.id}", "${keycloak_role.role_2.id}", "${keycloak_role.role_3.id}", @@ -236,7 +234,7 @@ func TestAccKeycloakRole_composites(t *testing.T) { }, // remove two composites { - Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ + Config: testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ "${keycloak_role.role_1.id}", "${keycloak_role.role_2.id}", }), @@ -247,7 +245,7 @@ func TestAccKeycloakRole_composites(t *testing.T) { }, // add them back and remove the others { - Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ + Config: testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{ "${keycloak_role.role_3.id}", "${keycloak_role.role_4.id}", }), @@ -258,7 +256,7 @@ func TestAccKeycloakRole_composites(t *testing.T) { }, // remove them all { - Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}), + Config: testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}), Check: testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{}), }, }, @@ -286,8 +284,6 @@ func testAccCheckKeycloakRoleDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - role, _ := keycloakClient.GetRole(realm, id) if role != nil { return fmt.Errorf("role with id %s still exists", id) @@ -316,8 +312,6 @@ func testAccCheckKeycloakRoleFetch(resourceName string, role *keycloak.Role) res func testAccCheckKeycloakRoleHasComposites(resourceName string, compositeRoleNames []string) resource.TestCheckFunc { return func(state *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - role, err := getRoleFromState(state, resourceName) if err != nil { return err @@ -369,8 +363,6 @@ func testAccCheckKeycloakRoleHasComposites(resourceName string, compositeRoleNam } func getRoleFromState(s *terraform.State, resourceName string) (*keycloak.Role, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -387,143 +379,143 @@ func getRoleFromState(s *terraform.State, resourceName string) (*keycloak.Role, return role, nil } -func testKeycloakRole_basicRealm(realm, role string) string { +func testKeycloakRole_basicRealm(role string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } - `, realm, role) + `, testAccRealm.Realm, role) } -func testKeycloakRole_basicRealmWithDescription(realm, role, description string) string { +func testKeycloakRole_basicRealmWithDescription(role, description string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_role" "role" { name = "%s" description = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } - `, realm, role, description) + `, testAccRealm.Realm, role, description) } -func testKeycloakRole_basicClient(realm, clientId, role string) string { +func testKeycloakRole_basicClient(clientId, role string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client.id } - `, realm, clientId, role) + `, testAccRealm.Realm, clientId, role) } -func testKeycloakRole_basicSamlClient(realm, clientId, role string) string { +func testKeycloakRole_basicSamlClient(clientId, role string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.client.id } - `, realm, clientId, role) + `, testAccRealm.Realm, clientId, role) } -func testKeycloakRole_basicClientWithDescription(realm, clientId, role, description string) string { +func testKeycloakRole_basicClientWithDescription(clientId, role, description string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_role" "role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client.id description = "%s" } - `, realm, clientId, role, description) + `, testAccRealm.Realm, clientId, role, description) } -func testKeycloakRole_composites(realm, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites string, composites []string) string { +func testKeycloakRole_composites(clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites string, composites []string) string { var tfComposites string if len(composites) != 0 { tfComposites = fmt.Sprintf("composite_roles = %s", arrayOfStringsForTerraformResource(composites)) } return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client_one" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_openid_client" "client_two" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_role" "role_1" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "role_2" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client_one.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client_one.id } resource "keycloak_role" "role_3" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "role_4" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_openid_client.client_two.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.client_two.id } resource "keycloak_role" "role_with_composites" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id %s } - `, realm, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, tfComposites) + `, testAccRealm.Realm, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, tfComposites) } diff --git a/provider/resource_keycloak_saml_client_default_scopes_test.go b/provider/resource_keycloak_saml_client_default_scopes_test.go index 7b70800e..8ed382ed 100644 --- a/provider/resource_keycloak_saml_client_default_scopes_test.go +++ b/provider/resource_keycloak_saml_client_default_scopes_test.go @@ -16,7 +16,7 @@ import ( var preAssignedDefaultSamlClientScopes = []string{"role_list"} func TestAccKeycloakSamlClientDefaultScopes_basic(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -27,13 +27,13 @@ func TestAccKeycloakSamlClientDefaultScopes_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_basic(realm, client, clientScope), + Config: testKeycloakSamlClientDefaultScopes_basic(client, clientScope), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, // we need a separate test step for destroy instead of using CheckDestroy because this resource is implicitly // destroyed at the end of each test via destroying clients { - Config: testKeycloakSamlClientDefaultScopes_noDefaultScopes(realm, client, clientScope), + Config: testKeycloakSamlClientDefaultScopes_noDefaultScopes(client, clientScope), Check: testAccCheckKeycloakSamlClientHasNoDefaultScopes("keycloak_saml_client.client"), }, }, @@ -41,7 +41,7 @@ func TestAccKeycloakSamlClientDefaultScopes_basic(t *testing.T) { } func TestAccKeycloakSamlClientDefaultScopes_updateClientForceNew(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientOne := "terraform-client-" + acctest.RandString(10) clientTwo := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -53,11 +53,11 @@ func TestAccKeycloakSamlClientDefaultScopes_updateClientForceNew(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_basic(realm, clientOne, clientScope), + Config: testKeycloakSamlClientDefaultScopes_basic(clientOne, clientScope), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, { - Config: testKeycloakSamlClientDefaultScopes_basic(realm, clientTwo, clientScope), + Config: testKeycloakSamlClientDefaultScopes_basic(clientTwo, clientScope), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, }, @@ -65,7 +65,7 @@ func TestAccKeycloakSamlClientDefaultScopes_updateClientForceNew(t *testing.T) { } func TestAccKeycloakSamlClientDefaultScopes_updateInPlace(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -85,17 +85,17 @@ func TestAccKeycloakSamlClientDefaultScopes_updateInPlace(t *testing.T) { Steps: []resource.TestStep{ // init { - Config: testKeycloakSamlClientDefaultScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakSamlClientDefaultScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", allClientScopes), }, // remove { - Config: testKeycloakSamlClientDefaultScopes_listOfScopes(realm, client, clientScope, subsetOfClientScopes), + Config: testKeycloakSamlClientDefaultScopes_listOfScopes(client, clientScope, subsetOfClientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", subsetOfClientScopes), }, // add { - Config: testKeycloakSamlClientDefaultScopes_listOfScopes(realm, client, clientScope, allClientScopes), + Config: testKeycloakSamlClientDefaultScopes_listOfScopes(client, clientScope, allClientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", allClientScopes), }, }, @@ -103,7 +103,7 @@ func TestAccKeycloakSamlClientDefaultScopes_updateInPlace(t *testing.T) { } func TestAccKeycloakSamlClientDefaultScopes_validateClientDoesNotExist(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -112,7 +112,7 @@ func TestAccKeycloakSamlClientDefaultScopes_validateClientDoesNotExist(t *testin PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_validationNoClient(realm, client, clientScope), + Config: testKeycloakSamlClientDefaultScopes_validationNoClient(client, clientScope), ExpectError: regexp.MustCompile("validation error: client with id .+ does not exist"), }, }, @@ -121,7 +121,7 @@ func TestAccKeycloakSamlClientDefaultScopes_validateClientDoesNotExist(t *testin // if a default client scope is manually detached from a client with default scopes controlled by this resource, terraform should add it again func TestAccKeycloakSamlClientDefaultScopes_authoritativeAdd(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScopes := append(preAssignedDefaultSamlClientScopes, "terraform-client-scope-"+acctest.RandString(10), @@ -134,25 +134,23 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeAdd(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetSamlClientByClientId(realm, client) + client, err := keycloakClient.GetSamlClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } clientToManuallyDetach := clientScopes[acctest.RandIntRange(0, len(clientScopes)-1)] - err = keycloakClient.DetachSamlClientDefaultScopes(realm, client.Id, []string{clientToManuallyDetach}) + err = keycloakClient.DetachSamlClientDefaultScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyDetach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(realm, client, clientScopes, clientScopes), + Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(client, clientScopes, clientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, }, @@ -161,7 +159,7 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeAdd(t *testing.T) { // if a default client scope is manually attached to a client with default scopes controlled by this resource, terraform should detach it func TestAccKeycloakSamlClientDefaultScopes_authoritativeRemove(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) randomClientScopes := []string{ @@ -184,24 +182,22 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeRemove(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", attachedClientScopes), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - client, err := keycloakClient.GetSamlClientByClientId(realm, client) + client, err := keycloakClient.GetSamlClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachSamlClientDefaultScopes(realm, client.Id, []string{clientToManuallyAttach}) + err = keycloakClient.AttachSamlClientDefaultScopes(testAccRealm.Realm, client.Id, []string{clientToManuallyAttach}) if err != nil { t.Fatal(err) } }, - Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(realm, client, allClientScopes, attachedClientScopes), + Config: testKeycloakSamlClientDefaultScopes_multipleClientScopes(client, allClientScopes, attachedClientScopes), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", attachedClientScopes), testAccCheckKeycloakSamlClientDefaultScopeIsNotAttached("keycloak_saml_client_default_scopes.default_scopes", clientToManuallyAttach), @@ -213,7 +209,7 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeRemove(t *testing.T) { // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakSamlClientDefaultScopes_noImportNeeded(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -224,24 +220,22 @@ func TestAccKeycloakSamlClientDefaultScopes_noImportNeeded(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_noDefaultScopes(realm, client, clientScope), + Config: testKeycloakSamlClientDefaultScopes_noDefaultScopes(client, clientScope), Check: testAccCheckKeycloakSamlClientDefaultScopeIsNotAttached("keycloak_saml_client.client", clientScope), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - - samlClient, err := keycloakClient.GetSamlClientByClientId(realm, client) + samlClient, err := keycloakClient.GetSamlClientByClientId(testAccRealm.Realm, client) if err != nil { t.Fatal(err) } - err = keycloakClient.AttachSamlClientDefaultScopes(realm, samlClient.Id, clientScopes) + err = keycloakClient.AttachSamlClientDefaultScopes(testAccRealm.Realm, samlClient.Id, clientScopes) if err != nil { t.Fatal(err) } }, - Config: testKeycloakSamlClientDefaultScopes_basic(realm, client, clientScope), + Config: testKeycloakSamlClientDefaultScopes_basic(client, clientScope), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client_default_scopes.default_scopes", clientScopes), }, }, @@ -254,7 +248,7 @@ func TestAccKeycloakSamlClientDefaultScopes_noImportNeeded(t *testing.T) { // result in anything destructive. thus, a following plan will not be empty, as terraform // will think it needs to remove these scopes, which is okay to do during an update func TestAccKeycloakSamlClientDefaultScopes_profileAndEmailDefaultScopes(t *testing.T) { - realm := "terraform-realm-" + acctest.RandString(10) + t.Parallel() client := "terraform-client-" + acctest.RandString(10) clientScope := "terraform-client-scope-" + acctest.RandString(10) @@ -263,7 +257,7 @@ func TestAccKeycloakSamlClientDefaultScopes_profileAndEmailDefaultScopes(t *test PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientDefaultScopes_listOfScopes(realm, client, clientScope, []string{clientScope}), + Config: testKeycloakSamlClientDefaultScopes_listOfScopes(client, clientScope, []string{clientScope}), Check: testAccCheckKeycloakSamlClientHasDefaultScopes("keycloak_saml_client.client", append(preAssignedDefaultSamlClientScopes, clientScope)), ExpectNonEmptyPlan: true, }, @@ -272,15 +266,11 @@ func TestAccKeycloakSamlClientDefaultScopes_profileAndEmailDefaultScopes(t *test } func getDefaultSamlClientScopesFromState(resourceName string, s *terraform.State) ([]*keycloak.SamlClientScope, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) } - realm := rs.Primary.Attributes["realm_id"] - var client string if strings.HasPrefix(resourceName, "keycloak_saml_client_default_scopes") { client = rs.Primary.Attributes["client_id"] @@ -288,7 +278,7 @@ func getDefaultSamlClientScopesFromState(resourceName string, s *terraform.State client = rs.Primary.ID } - keycloakDefaultSamlClientScopes, err := keycloakClient.GetSamlClientDefaultScopes(realm, client) + keycloakDefaultSamlClientScopes, err := keycloakClient.GetSamlClientDefaultScopes(testAccRealm.Realm, client) if err != nil { return nil, err } @@ -355,136 +345,136 @@ func testAccCheckKeycloakSamlClientDefaultScopeIsNotAttached(resourceName, clien } } -func testKeycloakSamlClientDefaultScopes_basic(realm, client, clientScope string) string { +func testKeycloakSamlClientDefaultScopes_basic(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id sign_documents = false sign_assertions = true include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" - signing_private_key = "${file("misc/saml-key.pem")}" + signing_certificate = file("misc/saml-cert.pem") + signing_private_key = file("misc/saml-key.pem") } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_saml_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.client.id default_scopes = [ "role_list", - "${keycloak_saml_client_scope.client_scope.name}" + keycloak_saml_client_scope.client_scope.name ] } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakSamlClientDefaultScopes_noDefaultScopes(realm, client, clientScope string) string { +func testKeycloakSamlClientDefaultScopes_noDefaultScopes(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id sign_documents = false sign_assertions = true include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" - signing_private_key = "${file("misc/saml-key.pem")}" + signing_certificate = file("misc/saml-cert.pem") + signing_private_key = file("misc/saml-key.pem") } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } - `, realm, client, clientScope) + `, testAccRealm.Realm, client, clientScope) } -func testKeycloakSamlClientDefaultScopes_listOfScopes(realm, client, clientScope string, listOfDefaultScopes []string) string { +func testKeycloakSamlClientDefaultScopes_listOfScopes(client, clientScope string, listOfDefaultScopes []string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id sign_documents = false sign_assertions = true include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" - signing_private_key = "${file("misc/saml-key.pem")}" + signing_certificate = file("misc/saml-cert.pem") + signing_private_key = file("misc/saml-key.pem") } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_saml_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.client.id default_scopes = %s depends_on = ["keycloak_saml_client_scope.client_scope"] } - `, realm, client, clientScope, arrayOfStringsForTerraformResource(listOfDefaultScopes)) + `, testAccRealm.Realm, client, clientScope, arrayOfStringsForTerraformResource(listOfDefaultScopes)) } -func testKeycloakSamlClientDefaultScopes_validationNoClient(realm, client, clientScope string) string { +func testKeycloakSamlClientDefaultScopes_validationNoClient(client, clientScope string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } resource "keycloak_saml_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" default_scopes = [ "role_list", - "${keycloak_saml_client_scope.client_scope.name}" + keycloak_saml_client_scope.client_scope.name ] } - `, realm, clientScope, client) + `, testAccRealm.Realm, clientScope, client) } -func testKeycloakSamlClientDefaultScopes_multipleClientScopes(realm, client string, allClientScopes, attachedClientScopes []string) string { +func testKeycloakSamlClientDefaultScopes_multipleClientScopes(client string, allClientScopes, attachedClientScopes []string) string { var clientScopeResources strings.Builder for _, clientScope := range allClientScopes { if strings.HasPrefix(clientScope, "terraform") { clientScopeResources.WriteString(fmt.Sprintf(` resource "keycloak_saml_client_scope" "client_scope_%s" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } `, clientScope, clientScope)) } @@ -500,28 +490,28 @@ resource "keycloak_saml_client_scope" "client_scope_%s" { } return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id sign_documents = false sign_assertions = true include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" - signing_private_key = "${file("misc/saml-key.pem")}" + signing_certificate = file("misc/saml-cert.pem") + signing_private_key = file("misc/saml-key.pem") } %s resource "keycloak_saml_client_default_scopes" "default_scopes" { - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.client.id default_scopes = %s } - `, realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) + `, testAccRealm.Realm, client, clientScopeResources.String(), arrayOfStringsForTerraformResource(attachedClientScopesInterpolated)) } diff --git a/provider/resource_keycloak_saml_client_scope_test.go b/provider/resource_keycloak_saml_client_scope_test.go index aa5a3cf5..d1c75b28 100644 --- a/provider/resource_keycloak_saml_client_scope_test.go +++ b/provider/resource_keycloak_saml_client_scope_test.go @@ -12,7 +12,7 @@ import ( ) func TestAccKeycloakSamlClientScope_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -21,23 +21,23 @@ func TestAccKeycloakSamlClientScope_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, { ResourceName: "keycloak_saml_client_scope.client_scope", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { + t.Parallel() var clientScope = &keycloak.SamlClientScope{} - realmName := "terraform-" + acctest.RandString(10) clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -46,7 +46,7 @@ func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), testAccCheckKeycloakSamlClientScopeFetch("keycloak_saml_client_scope.client_scope", clientScope), @@ -54,14 +54,12 @@ func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteSamlClientScope(clientScope.RealmId, clientScope.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, }, @@ -69,8 +67,7 @@ func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakSamlClientScope_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -79,17 +76,17 @@ func TestAccKeycloakSamlClientScope_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientScope_updateRealmBefore(realmOne, realmTwo, clientScopeName), + Config: testKeycloakSamlClientScope_updateRealmBefore(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), - testAccCheckKeycloakSamlClientScopeBelongsToRealm("keycloak_saml_client_scope.client_scope", realmOne), + testAccCheckKeycloakSamlClientScopeBelongsToRealm("keycloak_saml_client_scope.client_scope", testAccRealm.Realm), ), }, { - Config: testKeycloakSamlClientScope_updateRealmAfter(realmOne, realmTwo, clientScopeName), + Config: testKeycloakSamlClientScope_updateRealmAfter(clientScopeName), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), - testAccCheckKeycloakSamlClientScopeBelongsToRealm("keycloak_saml_client_scope.client_scope", realmTwo), + testAccCheckKeycloakSamlClientScopeBelongsToRealm("keycloak_saml_client_scope.client_scope", testAccRealmTwo.Realm), ), }, }, @@ -97,7 +94,7 @@ func TestAccKeycloakSamlClientScope_updateRealm(t *testing.T) { } func TestAccKeycloakSamlClientScope_consentScreenText(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -106,15 +103,15 @@ func TestAccKeycloakSamlClientScope_consentScreenText(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, { - Config: testKeycloakSamlClientScope_withConsentText(realmName, clientScopeName, acctest.RandString(10)), + Config: testKeycloakSamlClientScope_withConsentText(clientScopeName, acctest.RandString(10)), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, }, @@ -122,7 +119,7 @@ func TestAccKeycloakSamlClientScope_consentScreenText(t *testing.T) { } func TestAccKeycloakSamlClientScope_guiOrder(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientScopeName := "terraform-" + acctest.RandString(10) guiOrder := acctest.RandIntRange(0, 1000) @@ -132,18 +129,18 @@ func TestAccKeycloakSamlClientScope_guiOrder(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientScopeDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, { - Config: testKeycloakSamlClientScope_withGuiOrder(realmName, clientScopeName, guiOrder), + Config: testKeycloakSamlClientScope_withGuiOrder(clientScopeName, guiOrder), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), testAccCheckKeycloakSamlClientScopeExistsWithCorrectGuiOrder("keycloak_saml_client_scope.client_scope", guiOrder), ), }, { - Config: testKeycloakSamlClientScope_basic(realmName, clientScopeName), + Config: testKeycloakSamlClientScope_basic(clientScopeName), Check: testAccCheckKeycloakSamlClientScopeExistsWithCorrectProtocol("keycloak_saml_client_scope.client_scope"), }, }, @@ -219,8 +216,6 @@ func testAccCheckKeycloakSamlClientScopeDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - clientScope, _ := keycloakClient.GetSamlClientScope(realm, id) if clientScope != nil { return fmt.Errorf("saml client scope %s still exists", id) @@ -250,85 +245,85 @@ func getSamlClientScopeFromState(s *terraform.State, resourceName string) (*keyc return clientScope, nil } -func testKeycloakSamlClientScope_basic(realm, clientScopeName string) string { +func testKeycloakSamlClientScope_basic(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" } - `, realm, clientScopeName) + `, testAccRealm.Realm, clientScopeName) } -func testKeycloakSamlClientScope_withConsentText(realm, clientScopeName, consentText string) string { +func testKeycloakSamlClientScope_withConsentText(clientScopeName, consentText string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" consent_screen_text = "%s" } - `, realm, clientScopeName, consentText) + `, testAccRealm.Realm, clientScopeName, consentText) } -func testKeycloakSamlClientScope_withGuiOrder(realm, clientScopeName string, guiOrder int) string { +func testKeycloakSamlClientScope_withGuiOrder(clientScopeName string, guiOrder int) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id description = "test description" gui_order = %d } - `, realm, clientScopeName, guiOrder) + `, testAccRealm.Realm, clientScopeName, guiOrder) } -func testKeycloakSamlClientScope_updateRealmBefore(realmOne, realmTwo, clientScopeName string) string { +func testKeycloakSamlClientScope_updateRealmBefore(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id } - `, realmOne, realmTwo, clientScopeName) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientScopeName) } -func testKeycloakSamlClientScope_updateRealmAfter(realmOne, realmTwo, clientScopeName string) string { +func testKeycloakSamlClientScope_updateRealmAfter(clientScopeName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_saml_client_scope" "client_scope" { name = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id } - `, realmOne, realmTwo, clientScopeName) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientScopeName) } diff --git a/provider/resource_keycloak_saml_client_test.go b/provider/resource_keycloak_saml_client_test.go index 99867932..e9d3d962 100644 --- a/provider/resource_keycloak_saml_client_test.go +++ b/provider/resource_keycloak_saml_client_test.go @@ -13,7 +13,7 @@ import ( ) func TestAccKeycloakSamlClient_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -22,23 +22,23 @@ func TestAccKeycloakSamlClient_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_basic(realmName, clientId), + Config: testKeycloakSamlClient_basic(clientId), Check: testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), }, { ResourceName: "keycloak_saml_client.saml_client", ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { + t.Parallel() var client = &keycloak.SamlClient{} - realmName := "terraform-" + acctest.RandString(10) clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -47,7 +47,7 @@ func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_basic(realmName, clientId), + Config: testKeycloakSamlClient_basic(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), testAccCheckKeycloakSamlClientFetch("keycloak_saml_client.saml_client", client), @@ -55,14 +55,12 @@ func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteSamlClient(client.RealmId, client.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakSamlClient_basic(realmName, clientId), + Config: testKeycloakSamlClient_basic(clientId), Check: testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), }, }, @@ -70,8 +68,8 @@ func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakSamlClient_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) + t.Parallel() + clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -80,17 +78,17 @@ func TestAccKeycloakSamlClient_updateRealm(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_updateRealmBefore(realmOne, realmTwo, clientId), + Config: testKeycloakSamlClient_updateRealmBefore(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), - resource.TestCheckResourceAttr("keycloak_saml_client.saml_client", "realm_id", realmOne), + resource.TestCheckResourceAttr("keycloak_saml_client.saml_client", "realm_id", testAccRealm.Realm), ), }, { - Config: testKeycloakSamlClient_updateRealmAfter(realmOne, realmTwo, clientId), + Config: testKeycloakSamlClient_updateRealmAfter(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), - resource.TestCheckResourceAttr("keycloak_saml_client.saml_client", "realm_id", realmTwo), + resource.TestCheckResourceAttr("keycloak_saml_client.saml_client", "realm_id", testAccRealmTwo.Realm), ), }, }, @@ -100,7 +98,7 @@ func TestAccKeycloakSamlClient_updateRealm(t *testing.T) { // Keycloak typically sets some values as default if they aren't provided // This test asserts that these default values are present if none are provided func TestAccKeycloakSamlClient_keycloakDefaults(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -109,7 +107,7 @@ func TestAccKeycloakSamlClient_keycloakDefaults(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_basic(realmName, clientId), + Config: testKeycloakSamlClient_basic(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), testAccCheckKeycloakSamlClientHasDefaultBooleanAttributes("keycloak_saml_client.saml_client"), @@ -122,7 +120,7 @@ func TestAccKeycloakSamlClient_keycloakDefaults(t *testing.T) { } func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) enabled := randomBool() frontChannelLogout := randomBool() @@ -136,7 +134,7 @@ func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { signingPrivateKeyAfter := acctest.RandString(20) samlClientBefore := &keycloak.SamlClient{ - RealmId: realmName, + RealmId: testAccRealm.Realm, ClientId: clientId, Name: acctest.RandString(10), @@ -177,7 +175,7 @@ func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { } samlClientAfter := &keycloak.SamlClient{ - RealmId: realmName, + RealmId: testAccRealm.Realm, ClientId: clientId, Name: acctest.RandString(10), @@ -233,7 +231,7 @@ func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { } func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -242,7 +240,7 @@ func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_signingCertificateAndKey(realmName, clientId), + Config: testKeycloakSamlClient_signingCertificateAndKey(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), testAccCheckKeycloakSamlClientHasSigningCertificate("keycloak_saml_client.saml_client"), @@ -250,7 +248,7 @@ func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { ), }, { - Config: testKeycloakSamlClient_signingCertificateNoKey(realmName, clientId), + Config: testKeycloakSamlClient_signingCertificateNoKey(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), testAccCheckKeycloakSamlClientHasSigningCertificate("keycloak_saml_client.saml_client"), @@ -262,7 +260,7 @@ func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { } func TestAccKeycloakSamlClient_encryptionCertificate(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-" + acctest.RandString(10) resource.Test(t, resource.TestCase{ @@ -271,14 +269,14 @@ func TestAccKeycloakSamlClient_encryptionCertificate(t *testing.T) { CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlClient_encryptionCertificate(realmName, clientId), + Config: testKeycloakSamlClient_encryptionCertificate(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), testAccCheckKeycloakSamlClientHasEncryptionCertificate("keycloak_saml_client.saml_client"), ), }, { - Config: testKeycloakSamlClient_NoEncryptionCertificate(realmName, clientId), + Config: testKeycloakSamlClient_NoEncryptionCertificate(clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakSamlClientExistsWithCorrectProtocol("keycloak_saml_client.saml_client"), resource.TestCheckResourceAttr("keycloak_saml_client.saml_client", "encryption_certificate", ""), @@ -396,8 +394,6 @@ func testAccCheckKeycloakSamlClientDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - client, _ := keycloakClient.GetSamlClient(realm, id) if client != nil { return fmt.Errorf("saml client %s still exists", id) @@ -409,8 +405,6 @@ func testAccCheckKeycloakSamlClientDestroy() resource.TestCheckFunc { } func getSamlClientFromState(s *terraform.State, resourceName string) (*keycloak.SamlClient, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -491,61 +485,61 @@ func randomBoolAsStringPointer() *string { return &s } -func testKeycloakSamlClient_basic(realm, clientId string) string { +func testKeycloakSamlClient_basic(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakSamlClient_updateRealmBefore(realmOne, realmTwo, clientId string) string { +func testKeycloakSamlClient_updateRealmBefore(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm_1.id}" + realm_id = data.keycloak_realm.realm_1.id } - `, realmOne, realmTwo, clientId) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientId) } -func testKeycloakSamlClient_updateRealmAfter(realmOne, realmTwo, clientId string) string { +func testKeycloakSamlClient_updateRealmAfter(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { +data "keycloak_realm" "realm_1" { realm = "%s" } -resource "keycloak_realm" "realm_2" { +data "keycloak_realm" "realm_2" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm_2.id}" + realm_id = data.keycloak_realm.realm_2.id } - `, realmOne, realmTwo, clientId) + `, testAccRealm.Realm, testAccRealmTwo.Realm, clientId) } func testKeycloakSamlClient_fromInterface(client *keycloak.SamlClient) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" name = "%s" description = "%s" @@ -610,15 +604,15 @@ resource "keycloak_saml_client" "saml_client" { ) } -func testKeycloakSamlClient_signingCertificateAndKey(realm, clientId string) string { +func testKeycloakSamlClient_signingCertificateAndKey(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "test-saml-client" sign_documents = false @@ -626,21 +620,21 @@ resource "keycloak_saml_client" "saml_client" { encrypt_assertions = false include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" - signing_private_key = "${file("misc/saml-key.pem")}" + signing_certificate = file("misc/saml-cert.pem") + signing_private_key = file("misc/saml-key.pem") } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakSamlClient_signingCertificateNoKey(realm, clientId string) string { +func testKeycloakSamlClient_signingCertificateNoKey(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "test-saml-client" sign_documents = false @@ -648,43 +642,43 @@ resource "keycloak_saml_client" "saml_client" { encrypt_assertions = false include_authn_statement = true - signing_certificate = "${file("misc/saml-cert.pem")}" + signing_certificate = file("misc/saml-cert.pem") } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakSamlClient_encryptionCertificate(realm, clientId string) string { +func testKeycloakSamlClient_encryptionCertificate(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "test-saml-client" encrypt_assertions = true include_authn_statement = true - encryption_certificate = "${file("misc/saml-cert.pem")}" + encryption_certificate = file("misc/saml-cert.pem") } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } -func testKeycloakSamlClient_NoEncryptionCertificate(realm, clientId string) string { +func testKeycloakSamlClient_NoEncryptionCertificate(clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "test-saml-client" encrypt_assertions = true include_authn_statement = true } - `, realm, clientId) + `, testAccRealm.Realm, clientId) } diff --git a/provider/resource_keycloak_saml_identity_provider_test.go b/provider/resource_keycloak_saml_identity_provider_test.go index 55ea2d33..d5aea8f5 100644 --- a/provider/resource_keycloak_saml_identity_provider_test.go +++ b/provider/resource_keycloak_saml_identity_provider_test.go @@ -44,8 +44,6 @@ func TestAccKeycloakSamlIdentityProvider_createAfterManualDestroy(t *testing.T) }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProvider(saml.Realm, saml.Alias) if err != nil { t.Fatal(err) @@ -197,8 +195,6 @@ func testAccCheckKeycloakSamlIdentityProviderDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - saml, _ := keycloakClient.GetIdentityProvider(realm, id) if saml != nil { return fmt.Errorf("saml config with id %s still exists", id) @@ -210,8 +206,6 @@ func testAccCheckKeycloakSamlIdentityProviderDestroy() resource.TestCheckFunc { } func getKeycloakSamlIdentityProviderFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProvider, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) diff --git a/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go b/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go index 0a4d87e3..53e40790 100644 --- a/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go +++ b/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go @@ -14,7 +14,7 @@ import ( // because the keycloak_saml_client_scope resource does not exist yet. func TestAccKeycloakSamlUserAttributeProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) @@ -26,7 +26,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, }, @@ -34,7 +34,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakSamlUserAttributeProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-saml-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) @@ -46,7 +46,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserAttributeProtocolMapperExists(clientResourceName), }, { @@ -60,7 +60,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_import(t *testing.T) { } func TestAccKeycloakSamlUserAttributeProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) @@ -74,11 +74,11 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(clientId, mapperName, userAttribute), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, clientId, mapperName, updatedUserAttribute), + Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(clientId, mapperName, updatedUserAttribute), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, }, @@ -86,9 +86,9 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_update(t *testing.T) { } func TestAccKeycloakSamlUserAttributeProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.SamlUserAttributeProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) @@ -100,19 +100,17 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_createAfterManualDestroy(t * CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserAttributeProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteSamlUserAttributeProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserAttributeProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, }, @@ -120,7 +118,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_createAfterManualDestroy(t * } func TestAccKeycloakSamlUserAttributeProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(10) invalidSamlNameFormat := acctest.RandString(5) @@ -131,7 +129,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_validateClaimValueType(t *te CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_samlAttributeNameFormat(realmName, clientId, mapperName, invalidSamlNameFormat), + Config: testKeycloakSamlUserAttributeProtocolMapper_samlAttributeNameFormat(clientId, mapperName, invalidSamlNameFormat), ExpectError: regexp.MustCompile("expected saml_attribute_name_format to be one of .+ got " + invalidSamlNameFormat), }, }, @@ -139,7 +137,7 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_validateClaimValueType(t *te } func TestAccKeycloakSamlUserAttributeProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) @@ -153,37 +151,11 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_updateClientIdForceNew(t *te CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(clientId, mapperName, userAttribute), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, updatedClientId, mapperName, userAttribute), - Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), - }, - }, - }) -} - -func TestAccKeycloakSamlUserAttributeProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) - - userAttribute := "attr-" + acctest.RandString(10) - resourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccKeycloakSamlUserAttributeProtocolMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, clientId, mapperName, userAttribute), - Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), - }, - { - Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(newRealmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserAttributeProtocolMapper_userAttribute(updatedClientId, mapperName, userAttribute), Check: testKeycloakSamlUserAttributeProtocolMapperExists(resourceName), }, }, @@ -246,73 +218,71 @@ func getSamlUserAttributeMapperUsingState(state *terraform.State, resourceName s clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetSamlUserAttributeProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakSamlUserAttributeProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakSamlUserAttributeProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_attribute_protocol_mapper" "saml_user_attribute_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" user_attribute = "foo" saml_attribute_name = "bar" saml_attribute_name_format = "Unspecified" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakSamlUserAttributeProtocolMapper_userAttribute(realmName, clientId, mapperName, userAttribute string) string { +func testKeycloakSamlUserAttributeProtocolMapper_userAttribute(clientId, mapperName, userAttribute string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_attribute_protocol_mapper" "saml_user_attribute_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" user_attribute = "%s" saml_attribute_name = "bar" saml_attribute_name_format = "Unspecified" -}`, realmName, clientId, mapperName, userAttribute) +}`, testAccRealm.Realm, clientId, mapperName, userAttribute) } -func testKeycloakSamlUserAttributeProtocolMapper_samlAttributeNameFormat(realmName, clientName, mapperName, samlAttributeNameFormat string) string { +func testKeycloakSamlUserAttributeProtocolMapper_samlAttributeNameFormat(clientName, mapperName, samlAttributeNameFormat string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_attribute_protocol_mapper" "saml_user_attribute_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" user_attribute = "foo" saml_attribute_name = "bar" saml_attribute_name_format = "%s" -}`, realmName, clientName, mapperName, samlAttributeNameFormat) +}`, testAccRealm.Realm, clientName, mapperName, samlAttributeNameFormat) } diff --git a/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go b/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go index da867c9d..e5465eee 100644 --- a/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go +++ b/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go @@ -14,7 +14,7 @@ import ( // because the keycloak_saml_client_scope resource does not exist yet. func TestAccKeycloakSamlUserPropertyProtocolMapper_basicClient(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) @@ -26,7 +26,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_basicClient(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, }, @@ -34,7 +34,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_basicClient(t *testing.T) { } func TestAccKeycloakSamlUserPropertyProtocolMapper_import(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-saml-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) @@ -46,7 +46,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_import(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserPropertyProtocolMapperExists(clientResourceName), }, { @@ -60,7 +60,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_import(t *testing.T) { } func TestAccKeycloakSamlUserPropertyProtocolMapper_update(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) @@ -74,11 +74,11 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_update(t *testing.T) { CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(clientId, mapperName, userAttribute), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, clientId, mapperName, updatedUserAttribute), + Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(clientId, mapperName, updatedUserAttribute), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, }, @@ -86,9 +86,9 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_update(t *testing.T) { } func TestAccKeycloakSamlUserPropertyProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.SamlUserPropertyProtocolMapper{} - realmName := "terraform-realm-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) @@ -100,19 +100,17 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_createAfterManualDestroy(t *t CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserPropertyProtocolMapperFetch(resourceName, mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteSamlUserPropertyProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) if err != nil { t.Error(err) } }, - Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName), + Config: testKeycloakSamlUserPropertyProtocolMapper_basic_client(clientId, mapperName), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, }, @@ -120,7 +118,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_createAfterManualDestroy(t *t } func TestAccKeycloakSamlUserPropertyProtocolMapper_validateClaimValueType(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(10) invalidSamlNameFormat := acctest.RandString(5) @@ -131,7 +129,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_validateClaimValueType(t *tes CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_samlAttributeNameFormat(realmName, clientId, mapperName, invalidSamlNameFormat), + Config: testKeycloakSamlUserPropertyProtocolMapper_samlAttributeNameFormat(clientId, mapperName, invalidSamlNameFormat), ExpectError: regexp.MustCompile("expected saml_attribute_name_format to be one of .+ got " + invalidSamlNameFormat), }, }, @@ -139,7 +137,7 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_validateClaimValueType(t *tes } func TestAccKeycloakSamlUserPropertyProtocolMapper_updateClientIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) + t.Parallel() clientId := "terraform-client-" + acctest.RandString(10) updatedClientId := "terraform-client-update-" + acctest.RandString(10) mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) @@ -153,37 +151,11 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_updateClientIdForceNew(t *tes CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(clientId, mapperName, userAttribute), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, updatedClientId, mapperName, userAttribute), - Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), - }, - }, - }) -} - -func TestAccKeycloakSamlUserPropertyProtocolMapper_updateRealmIdForceNew(t *testing.T) { - realmName := "terraform-realm-" + acctest.RandString(10) - newRealmName := "terraform-realm-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) - - userAttribute := "attr-" + acctest.RandString(10) - resourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccKeycloakSamlUserPropertyProtocolMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, clientId, mapperName, userAttribute), - Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), - }, - { - Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(newRealmName, clientId, mapperName, userAttribute), + Config: testKeycloakSamlUserPropertyProtocolMapper_userProperty(updatedClientId, mapperName, userAttribute), Check: testKeycloakSamlUserPropertyProtocolMapperExists(resourceName), }, }, @@ -246,73 +218,71 @@ func getSamlUserPropertyMapperUsingState(state *terraform.State, resourceName st clientId := rs.Primary.Attributes["client_id"] clientScopeId := rs.Primary.Attributes["client_scope_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - return keycloakClient.GetSamlUserPropertyProtocolMapper(realm, clientId, clientScopeId, id) } -func testKeycloakSamlUserPropertyProtocolMapper_basic_client(realmName, clientId, mapperName string) string { +func testKeycloakSamlUserPropertyProtocolMapper_basic_client(clientId, mapperName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_property_protocol_mapper" "saml_user_property_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id user_property = "email" saml_attribute_name = "email" saml_attribute_name_format = "Unspecified" -}`, realmName, clientId, mapperName) +}`, testAccRealm.Realm, clientId, mapperName) } -func testKeycloakSamlUserPropertyProtocolMapper_userProperty(realmName, clientId, mapperName, userProperty string) string { +func testKeycloakSamlUserPropertyProtocolMapper_userProperty(clientId, mapperName, userProperty string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_property_protocol_mapper" "saml_user_property_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id user_property = "%s" saml_attribute_name = "test" saml_attribute_name_format = "Unspecified" -}`, realmName, clientId, mapperName, userProperty) +}`, testAccRealm.Realm, clientId, mapperName, userProperty) } -func testKeycloakSamlUserPropertyProtocolMapper_samlAttributeNameFormat(realmName, clientName, mapperName, samlAttributeNameFormat string) string { +func testKeycloakSamlUserPropertyProtocolMapper_samlAttributeNameFormat(clientName, mapperName, samlAttributeNameFormat string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_client" "saml_client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" } resource "keycloak_saml_user_property_protocol_mapper" "saml_user_property_mapper" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" - client_id = "${keycloak_saml_client.saml_client.id}" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_saml_client.saml_client.id user_property = "email" saml_attribute_name = "email" saml_attribute_name_format = "%s" -}`, realmName, clientName, mapperName, samlAttributeNameFormat) +}`, testAccRealm.Realm, clientName, mapperName, samlAttributeNameFormat) } diff --git a/provider/resource_keycloak_user_roles_test.go b/provider/resource_keycloak_user_roles_test.go index 636a1622..a6408fd0 100644 --- a/provider/resource_keycloak_user_roles_test.go +++ b/provider/resource_keycloak_user_roles_test.go @@ -11,7 +11,8 @@ import ( ) func TestAccKeycloakUserRoles_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() + realmRoleName := "terraform-role-" + acctest.RandString(10) openIdClientName := "terraform-openid-client-" + acctest.RandString(10) openIdRoleName := "terraform-role-" + acctest.RandString(10) @@ -24,7 +25,7 @@ func TestAccKeycloakUserRoles_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testKeycloakUserRoles_basic(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName), + Config: testKeycloakUserRoles_basic(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, { @@ -34,7 +35,7 @@ func TestAccKeycloakUserRoles_basic(t *testing.T) { }, // check destroy { - Config: testKeycloakUserRoles_noUserRoles(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName), + Config: testKeycloakUserRoles_noUserRoles(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName), Check: testAccCheckKeycloakUserHasNoRoles("keycloak_user.user"), }, }, @@ -42,7 +43,7 @@ func TestAccKeycloakUserRoles_basic(t *testing.T) { } func TestAccKeycloakUserRoles_update(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() realmRoleOneName := "terraform-role-" + acctest.RandString(10) realmRoleTwoName := "terraform-role-" + acctest.RandString(10) @@ -70,17 +71,17 @@ func TestAccKeycloakUserRoles_update(t *testing.T) { Steps: []resource.TestStep{ // initial setup, resource is defined but no roles are specified { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{}), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{}), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // add all roles { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, allRoleIds), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, allRoleIds), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // remove some { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ "${keycloak_role.realm_role_two.id}", "${keycloak_role.openid_client_role_one.id}", "${keycloak_role.openid_client_role_two.id}", @@ -90,7 +91,7 @@ func TestAccKeycloakUserRoles_update(t *testing.T) { }, // add some and remove some { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ "${keycloak_role.saml_client_role_one.id}", "${keycloak_role.saml_client_role_two.id}", "${keycloak_role.realm_role_one.id}", @@ -99,7 +100,7 @@ func TestAccKeycloakUserRoles_update(t *testing.T) { }, // add some and remove some again { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{ "${keycloak_role.saml_client_role_one.id}", "${keycloak_role.openid_client_role_two.id}", "${keycloak_role.realm_role_two.id}", @@ -109,27 +110,27 @@ func TestAccKeycloakUserRoles_update(t *testing.T) { }, // add all back { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, allRoleIds), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, allRoleIds), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // random scenario 1 { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // random scenario 2 { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // random scenario 3 { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, randomStringSliceSubset(allRoleIds)), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, // remove all { - Config: testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{}), + Config: testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, []string{}), Check: testAccCheckKeycloakUserHasRoles("keycloak_user_roles.user_roles"), }, }, @@ -154,8 +155,6 @@ func flattenRoleMapping(roleMapping *keycloak.RoleMapping) ([]string, error) { func testAccCheckKeycloakUserHasRoles(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("resource not found: %s", resourceName) @@ -225,8 +224,6 @@ func testAccCheckKeycloakUserHasRoles(resourceName string) resource.TestCheckFun func testAccCheckKeycloakUserHasNoRoles(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("resource not found: %s", resourceName) @@ -253,74 +250,74 @@ func testAccCheckKeycloakUserHasNoRoles(resourceName string) resource.TestCheckF } } -func testKeycloakUserRoles_basic(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName string) string { +func testKeycloakUserRoles_basic(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" } resource "keycloak_role" "saml_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" } data "keycloak_openid_client" "account" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "account" } data "keycloak_role" "manage_account" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${data.keycloak_openid_client.account.id}" name = "manage-account" } data "keycloak_role" "view_profile" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${data.keycloak_openid_client.account.id}" name = "view-profile" } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } data "keycloak_role" "uma_authorization" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "uma_authorization" } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } resource "keycloak_user_roles" "user_roles" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_id = "${keycloak_user.user.id}" role_ids = [ @@ -335,123 +332,123 @@ resource "keycloak_user_roles" "user_roles" { "${data.keycloak_role.view_profile.id}", ] } - `, realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName) } -func testKeycloakUserRoles_noUserRoles(realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName string) string { +func testKeycloakUserRoles_noUserRoles(openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" } resource "keycloak_role" "saml_client_role" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } - `, realmName, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleName, openIdRoleName, samlRoleName, userName) } -func testKeycloakUserRoles_update(realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName string, roleIds []string) string { +func testKeycloakUserRoles_update(openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName string, roleIds []string) string { tfRoleIds := fmt.Sprintf("role_ids = %s", arrayOfStringsForTerraformResource(roleIds)) return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "openid_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id access_type = "CONFIDENTIAL" } resource "keycloak_saml_client" "saml_client" { client_id = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "realm_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id } resource "keycloak_role" "openid_client_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" } resource "keycloak_role" "openid_client_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_openid_client.openid_client.id}" } resource "keycloak_role" "saml_client_role_one" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" } resource "keycloak_role" "saml_client_role_two" { name = "%s" - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "${keycloak_saml_client.saml_client.id}" } data "keycloak_role" "offline_access" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id name = "offline_access" } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" } resource "keycloak_user_roles" "user_roles" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id user_id = "${keycloak_user.user.id}" %s } - `, realmName, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, tfRoleIds) + `, testAccRealm.Realm, openIdClientName, samlClientName, realmRoleOneName, realmRoleTwoName, openIdRoleOneName, openIdRoleTwoName, samlRoleOneName, samlRoleTwoName, userName, tfRoleIds) } diff --git a/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go b/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go index b1487f41..c5b695f5 100644 --- a/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakUserTemplateIdentityProviderMapper_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) template := "terraform-" + acctest.RandString(10) @@ -22,7 +22,7 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(realmName, alias, mapperName, template), + Config: testKeycloakUserTemplateIdentityProviderMapper_basic(alias, mapperName, template), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), }, }, @@ -30,7 +30,7 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_basic(t *testing.T) { } func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) template := "terraform-" + acctest.RandString(10) @@ -42,7 +42,7 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(t *testin CheckDestroy: testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, template, syncMode), + Config: testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(alias, mapperName, template, syncMode), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), }, }, @@ -50,9 +50,9 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(t *testin } func TestAccKeycloakUserTemplateIdentityProviderMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) template := "terraform-" + acctest.RandString(10) @@ -63,19 +63,17 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_createAfterManualDestroy( CheckDestroy: testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(realmName, alias, mapperName, template), + Config: testKeycloakUserTemplateIdentityProviderMapper_basic(alias, mapperName, template), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperFetch("keycloak_user_template_importer_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(realmName, alias, mapperName, template), + Config: testKeycloakUserTemplateIdentityProviderMapper_basic(alias, mapperName, template), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), }, }, @@ -83,9 +81,9 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_createAfterManualDestroy( } func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig_createAfterManualDestroy(t *testing.T) { + t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - realmName := "terraform-" + acctest.RandString(10) mapperName := "terraform-" + acctest.RandString(10) alias := "terraform-" + acctest.RandString(10) template := "terraform-" + acctest.RandString(10) @@ -97,61 +95,29 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig_createAft CheckDestroy: testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(realmName, alias, mapperName, template, syncMode), + Config: testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(alias, mapperName, template, syncMode), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperFetch("keycloak_user_template_importer_identity_provider_mapper.oidc", mapper), }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteIdentityProviderMapper(mapper.Realm, mapper.IdentityProviderAlias, mapper.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(realmName, alias, mapperName, template), + Config: testKeycloakUserTemplateIdentityProviderMapper_basic(alias, mapperName, template), Check: testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), }, }, }) } -func TestAccKeycloakUserTemplateIdentityProviderMapper_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - template := "terraform-" + acctest.RandString(10) - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(firstRealm, alias, mapperName, template), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_user_template_importer_identity_provider_mapper.oidc", "realm", firstRealm), - ), - }, - { - Config: testKeycloakUserTemplateIdentityProviderMapper_basic(secondRealm, alias, mapperName, template), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserTemplateIdentityProviderMapperExists("keycloak_user_template_importer_identity_provider_mapper.oidc"), - resource.TestCheckResourceAttr("keycloak_user_template_importer_identity_provider_mapper.oidc", "realm", secondRealm), - ), - }, - }, - }) -} - func TestAccKeycloakUserTemplateIdentityProviderMapper_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() identityProviderAliasName := "terraform-" + acctest.RandString(10) firstMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -160,7 +126,7 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_basicUpdateAll(t *testing } secondMapper := &keycloak.IdentityProviderMapper{ - Realm: realmName, + Realm: testAccRealm.Realm, IdentityProviderAlias: identityProviderAliasName, Name: acctest.RandString(10), Config: &keycloak.IdentityProviderMapperConfig{ @@ -222,8 +188,6 @@ func testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy() resource.Te alias := rs.Primary.Attributes["identity_provider_alias"] id := rs.Primary.ID - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - mapper, _ := keycloakClient.GetIdentityProviderMapper(realm, alias, id) if mapper != nil { return fmt.Errorf("oidc config with id %s still exists", id) @@ -235,8 +199,6 @@ func testAccCheckKeycloakUserTemplateIdentityProviderMapperDestroy() resource.Te } func getKeycloakUserTemplateIdentityProviderMapperFromState(s *terraform.State, resourceName string) (*keycloak.IdentityProviderMapper, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -254,14 +216,14 @@ func getKeycloakUserTemplateIdentityProviderMapperFromState(s *terraform.State, return mapper, nil } -func testKeycloakUserTemplateIdentityProviderMapper_basic(realm, alias, name, template string) string { +func testKeycloakUserTemplateIdentityProviderMapper_basic(alias, name, template string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -270,22 +232,22 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_user_template_importer_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" template = "%s" } - `, realm, alias, name, template) + `, testAccRealm.Realm, alias, name, template) } -func testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(realm, alias, name, template, syncMode string) string { +func testKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(alias, name, template, syncMode string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_oidc_identity_provider" "oidc" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" authorization_url = "https://example.com/auth" token_url = "https://example.com/token" @@ -294,7 +256,7 @@ resource "keycloak_oidc_identity_provider" "oidc" { } resource keycloak_user_template_importer_identity_provider_mapper oidc { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" identity_provider_alias = "${keycloak_oidc_identity_provider.oidc.alias}" template = "%s" @@ -302,23 +264,23 @@ resource keycloak_user_template_importer_identity_provider_mapper oidc { syncMode = "%s" } } - `, realm, alias, name, template, syncMode) + `, testAccRealm.Realm, alias, name, template, syncMode) } func testKeycloakUserTemplateIdentityProviderMapper_basicFromInterface(mapper *keycloak.IdentityProviderMapper) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_saml_identity_provider" "saml" { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id alias = "%s" single_sign_on_service_url = "https://example.com/auth" } resource keycloak_user_template_importer_identity_provider_mapper saml { - realm = "${keycloak_realm.realm.id}" + realm = data.keycloak_realm.realm.id name = "%s" identity_provider_alias = "${keycloak_saml_identity_provider.saml.alias}" template = "%s" diff --git a/provider/resource_keycloak_user_test.go b/provider/resource_keycloak_user_test.go index 91c0790f..1f9fd7c2 100644 --- a/provider/resource_keycloak_user_test.go +++ b/provider/resource_keycloak_user_test.go @@ -16,7 +16,7 @@ import ( ) func TestAccKeycloakUser_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() username := "terraform-user-" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) @@ -29,21 +29,21 @@ func TestAccKeycloakUser_basic(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_basic(realmName, username, attributeName, attributeValue), + Config: testKeycloakUser_basic(username, attributeName, attributeValue), Check: testAccCheckKeycloakUserExists(resourceName), }, { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateIdPrefix: realmName + "/", + ImportStateIdPrefix: testAccRealm.Realm + "/", }, }, }) } func TestAccKeycloakUser_withInitialPassword(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() username := "terraform-user-" + acctest.RandString(10) password := "terraform-password-" + acctest.RandString(10) clientId := "terraform-client-" + acctest.RandString(10) @@ -56,10 +56,10 @@ func TestAccKeycloakUser_withInitialPassword(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_initialPassword(realmName, username, password, clientId), + Config: testKeycloakUser_initialPassword(username, password, clientId), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists(resourceName), - testAccCheckKeycloakUserInitialPasswordLogin(realmName, username, password, clientId), + testAccCheckKeycloakUserInitialPasswordLogin(username, password, clientId), ), }, }, @@ -67,9 +67,9 @@ func TestAccKeycloakUser_withInitialPassword(t *testing.T) { } func TestAccKeycloakUser_createAfterManualDestroy(t *testing.T) { + t.Parallel() var user = &keycloak.User{} - realmName := "terraform-" + acctest.RandString(10) username := "terraform-user-" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) @@ -81,7 +81,7 @@ func TestAccKeycloakUser_createAfterManualDestroy(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_basic(realmName, username, attributeName, attributeValue), + Config: testKeycloakUser_basic(username, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists(resourceName), testAccCheckKeycloakUserFetch(resourceName, user), @@ -89,52 +89,20 @@ func TestAccKeycloakUser_createAfterManualDestroy(t *testing.T) { }, { PreConfig: func() { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - err := keycloakClient.DeleteUser(user.RealmId, user.Id) if err != nil { t.Fatal(err) } }, - Config: testKeycloakUser_basic(realmName, username, attributeName, attributeValue), + Config: testKeycloakUser_basic(username, attributeName, attributeValue), Check: testAccCheckKeycloakUserExists(resourceName), }, }, }) } -func TestAccKeycloakUser_updateRealm(t *testing.T) { - realmOne := "terraform-" + acctest.RandString(10) - realmTwo := "terraform-" + acctest.RandString(10) - username := "terraform-user-" + acctest.RandString(10) - - resourceName := "keycloak_user.user" - - resource.Test(t, resource.TestCase{ - ProviderFactories: testAccProviderFactories, - PreCheck: func() { testAccPreCheck(t) }, - CheckDestroy: testAccCheckKeycloakUserDestroy(), - Steps: []resource.TestStep{ - { - Config: testKeycloakUser_updateRealmBefore(realmOne, realmTwo, username), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "realm_id", realmOne), - ), - }, - { - Config: testKeycloakUser_updateRealmAfter(realmOne, realmTwo, username), - Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "realm_id", realmTwo), - ), - }, - }, - }) -} - func TestAccKeycloakUser_updateUsername(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() usernameOne := "terraform-user-" + acctest.RandString(10) usernameTwo := "terraform-user-" + acctest.RandString(10) attributeName := "terraform-attribute-" + acctest.RandString(10) @@ -148,14 +116,14 @@ func TestAccKeycloakUser_updateUsername(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_basic(realmName, usernameOne, attributeName, attributeValue), + Config: testKeycloakUser_basic(usernameOne, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists(resourceName), resource.TestCheckResourceAttr(resourceName, "username", usernameOne), ), }, { - Config: testKeycloakUser_basic(realmName, usernameTwo, attributeName, attributeValue), + Config: testKeycloakUser_basic(usernameTwo, attributeName, attributeValue), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists(resourceName), resource.TestCheckResourceAttr(resourceName, "username", usernameTwo), @@ -166,7 +134,7 @@ func TestAccKeycloakUser_updateUsername(t *testing.T) { } func TestAccKeycloakUser_updateWithInitialPasswordChangeDoesNotReset(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() username := "terraform-user-" + acctest.RandString(10) passwordOne := "terraform-password1-" + acctest.RandString(10) passwordTwo := "terraform-password2-" + acctest.RandString(10) @@ -178,15 +146,15 @@ func TestAccKeycloakUser_updateWithInitialPasswordChangeDoesNotReset(t *testing. CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_initialPassword(realmName, username, passwordOne, clientId), + Config: testKeycloakUser_initialPassword(username, passwordOne, clientId), Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserInitialPasswordLogin(realmName, username, passwordOne, clientId), + testAccCheckKeycloakUserInitialPasswordLogin(username, passwordOne, clientId), ), }, { - Config: testKeycloakUser_initialPassword(realmName, username, passwordTwo, clientId), + Config: testKeycloakUser_initialPassword(username, passwordTwo, clientId), Check: resource.ComposeTestCheckFunc( - testAccCheckKeycloakUserInitialPasswordLogin(realmName, username, passwordOne, clientId), + testAccCheckKeycloakUserInitialPasswordLogin(username, passwordOne, clientId), ), }, }, @@ -194,6 +162,7 @@ func TestAccKeycloakUser_updateWithInitialPasswordChangeDoesNotReset(t *testing. } func TestAccKeycloakUser_updateInPlace(t *testing.T) { + t.Parallel() userOne := &keycloak.User{ RealmId: "terraform-" + acctest.RandString(10), Username: "terraform-user-" + acctest.RandString(10), @@ -234,6 +203,7 @@ func TestAccKeycloakUser_updateInPlace(t *testing.T) { } func TestAccKeycloakUser_unsetOptionalAttributes(t *testing.T) { + t.Parallel() attributeName := "terraform-attribute-" + acctest.RandString(10) userWithOptionalAttributes := &keycloak.User{ RealmId: "terraform-" + acctest.RandString(10), @@ -262,7 +232,7 @@ func TestAccKeycloakUser_unsetOptionalAttributes(t *testing.T) { Check: testAccCheckKeycloakUserExists(resourceName), }, { - Config: testKeycloakUser_basic(userWithOptionalAttributes.RealmId, userWithOptionalAttributes.Username, attributeName, strings.Join(userWithOptionalAttributes.Attributes[attributeName], "")), + Config: testKeycloakUser_basic(userWithOptionalAttributes.Username, attributeName, strings.Join(userWithOptionalAttributes.Attributes[attributeName], "")), Check: resource.ComposeTestCheckFunc( testAccCheckKeycloakUserExists(resourceName), resource.TestCheckResourceAttr(resourceName, "email", ""), @@ -275,7 +245,7 @@ func TestAccKeycloakUser_unsetOptionalAttributes(t *testing.T) { } func TestAccKeycloakUser_validateLowercaseUsernames(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + t.Parallel() username := "terraform-user-" + strings.ToUpper(acctest.RandString(10)) attributeName := "terraform-attribute-" + acctest.RandString(10) attributeValue := acctest.RandString(250) @@ -286,7 +256,7 @@ func TestAccKeycloakUser_validateLowercaseUsernames(t *testing.T) { CheckDestroy: testAccCheckKeycloakUserDestroy(), Steps: []resource.TestStep{ { - Config: testKeycloakUser_basic(realmName, username, attributeName, attributeValue), + Config: testKeycloakUser_basic(username, attributeName, attributeValue), ExpectError: regexp.MustCompile("expected username .+ to be all lowercase"), }, }, @@ -367,11 +337,11 @@ func testAccCheckKeycloakUserFetch(resourceName string, user *keycloak.User) res } } -func testAccCheckKeycloakUserInitialPasswordLogin(realmName string, username string, password string, clientId string) resource.TestCheckFunc { +func testAccCheckKeycloakUserInitialPasswordLogin(username, password, clientId string) resource.TestCheckFunc { return func(s *terraform.State) error { httpClient := &http.Client{} - resourceUrl := fmt.Sprintf("%s/auth/realms/%s/protocol/openid-connect/token", os.Getenv("KEYCLOAK_URL"), realmName) + resourceUrl := fmt.Sprintf("%s/auth/realms/%s/protocol/openid-connect/token", os.Getenv("KEYCLOAK_URL"), testAccRealm.Realm) form := url.Values{} form.Add("username", username) @@ -410,8 +380,6 @@ func testAccCheckKeycloakUserDestroy() resource.TestCheckFunc { id := rs.Primary.ID realm := rs.Primary.Attributes["realm_id"] - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - user, _ := keycloakClient.GetUser(realm, id) if user != nil { return fmt.Errorf("user with id %s still exists", id) @@ -423,8 +391,6 @@ func testAccCheckKeycloakUserDestroy() resource.TestCheckFunc { } func getUserFromState(s *terraform.State, resourceName string) (*keycloak.User, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -441,30 +407,30 @@ func getUserFromState(s *terraform.State, resourceName string) (*keycloak.User, return user, nil } -func testKeycloakUser_basic(realm, username, attributeName, attributeValue string) string { +func testKeycloakUser_basic(username, attributeName, attributeValue string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" attributes = { "%s" = "%s" } } - `, realm, username, attributeName, attributeValue) + `, testAccRealm.Realm, username, attributeName, attributeValue) } -func testKeycloakUser_initialPassword(realm, username string, password string, clientId string) string { +func testKeycloakUser_initialPassword(username string, password string, clientId string) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_openid_client" "client" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id client_id = "%s" name = "test client" @@ -475,58 +441,24 @@ resource "keycloak_openid_client" "client" { } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" initial_password { value = "%s" temporary = false } } - `, realm, clientId, username, password) -} - -func testKeycloakUser_updateRealmBefore(realmOne, realmTwo, username string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { - realm = "%s" -} - -resource "keycloak_realm" "realm_2" { - realm = "%s" -} - -resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm_1.id}" - username = "%s" -} - `, realmOne, realmTwo, username) -} - -func testKeycloakUser_updateRealmAfter(realmOne, realmTwo, username string) string { - return fmt.Sprintf(` -resource "keycloak_realm" "realm_1" { - realm = "%s" -} - -resource "keycloak_realm" "realm_2" { - realm = "%s" -} - -resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm_2.id}" - username = "%s" -} - `, realmOne, realmTwo, username) + `, testAccRealm.Realm, clientId, username, password) } func testKeycloakUser_fromInterface(user *keycloak.User) string { return fmt.Sprintf(` -resource "keycloak_realm" "realm" { +data "keycloak_realm" "realm" { realm = "%s" } resource "keycloak_user" "user" { - realm_id = "${keycloak_realm.realm.id}" + realm_id = data.keycloak_realm.realm.id username = "%s" email = "%s" @@ -535,7 +467,7 @@ resource "keycloak_user" "user" { enabled = %t email_verified = "%t" } - `, user.RealmId, user.Username, user.Email, user.FirstName, user.LastName, user.Enabled, user.EmailVerified) + `, testAccRealm.Realm, user.Username, user.Email, user.FirstName, user.LastName, user.Enabled, user.EmailVerified) } func testKeycloakUser_FederationLink(sourceRealmUserName, destinationRealmId string) string { diff --git a/provider/resource_keycloak_users_permissions.go b/provider/resource_keycloak_users_permissions.go index 384808ef..27ca354c 100644 --- a/provider/resource_keycloak_users_permissions.go +++ b/provider/resource_keycloak_users_permissions.go @@ -2,36 +2,9 @@ package provider import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mrparkers/terraform-provider-keycloak/keycloak" ) -func userScopePermissionsSchema() *schema.Schema { - return &schema.Schema{ - Type: schema.TypeSet, - Optional: true, - MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "policies": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - "description": { - Type: schema.TypeString, - Optional: true, - }, - "decision_strategy": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringInSlice(keycloakOpenidClientResourcePermissionDecisionStrategies, false), - }, - }, - }, - } -} - func resourceKeycloakUsersPermissions() *schema.Resource { return &schema.Resource{ Create: resourceKeycloakUsersPermissionsCreate, @@ -56,73 +29,16 @@ func resourceKeycloakUsersPermissions() *schema.Resource { Computed: true, Description: "Resource server id representing the realm management client on which this permission is managed", }, - "view_scope": userScopePermissionsSchema(), - "manage_scope": userScopePermissionsSchema(), - "map_roles_scope": userScopePermissionsSchema(), - "manage_group_membership_scope": userScopePermissionsSchema(), - "impersonate_scope": userScopePermissionsSchema(), - "user_impersonated_scope": userScopePermissionsSchema(), + "view_scope": scopePermissionsSchema(), + "manage_scope": scopePermissionsSchema(), + "map_roles_scope": scopePermissionsSchema(), + "manage_group_membership_scope": scopePermissionsSchema(), + "impersonate_scope": scopePermissionsSchema(), + "user_impersonated_scope": scopePermissionsSchema(), }, } } -func getUsersScopePermissions(keycloakClient *keycloak.KeycloakClient, realmId string, realmManagementClientId, permissionId string) (map[string]interface{}, error) { - permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, permissionId) - if err != nil { - return nil, err - } - - if permission.Description == "" && permission.DecisionStrategy == "UNANIMOUS" && len(permission.Policies) == 0 { - return nil, nil - } - - permissionViewSettings := make(map[string]interface{}) - - if permission.Description != "" { - permissionViewSettings["description"] = permission.Description - } - - if permission.DecisionStrategy != "" { - permissionViewSettings["decision_strategy"] = permission.DecisionStrategy - } - - if len(permission.Policies) > 0 { - permissionViewSettings["policies"] = permission.Policies - } - - return permissionViewSettings, nil -} - -func setUsersScopePermission(keycloakClient *keycloak.KeycloakClient, realmId, realmManagementClientId, authorizationPermissionId string, scopeDataSet *schema.Set) error { - var policies []string - - scopeData := scopeDataSet.List()[0] - scopePermission := scopeData.(map[string]interface{}) - - if v, ok := scopePermission["policies"]; ok { - for _, policy := range v.(*schema.Set).List() { - policies = append(policies, policy.(string)) - } - } - - permission, err := keycloakClient.GetOpenidClientAuthorizationPermission(realmId, realmManagementClientId, authorizationPermissionId) - if err != nil { - return err - } - - if v, ok := scopePermission["description"]; ok { - permission.Description = v.(string) - } - - if v, ok := scopePermission["decision_strategy"]; ok { - permission.DecisionStrategy = v.(string) - } - - permission.Policies = policies - - return keycloakClient.UpdateOpenidClientAuthorizationPermission(permission) -} - func resourceKeycloakUsersPermissionsCreate(data *schema.ResourceData, meta interface{}) error { return resourceKeycloakUsersPermissionsUpdate(data, meta) } @@ -149,44 +65,38 @@ func resourceKeycloakUsersPermissionsUpdate(data *schema.ResourceData, meta inte return err } - viewScope, ok := data.GetOk("view_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string), viewScope.(*schema.Set)) + if viewScope, ok := data.GetOk("view_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string), viewScope.(*schema.Set)) if err != nil { return err } } - manageScope, ok := data.GetOk("manage_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string), manageScope.(*schema.Set)) + if manageScope, ok := data.GetOk("manage_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string), manageScope.(*schema.Set)) if err != nil { return err } } - mapRolesScope, ok := data.GetOk("map_roles_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string), mapRolesScope.(*schema.Set)) + if mapRolesScope, ok := data.GetOk("map_roles_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string), mapRolesScope.(*schema.Set)) if err != nil { return err } } - manageGroupMembershipScope, ok := data.GetOk("manage_group_membership_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string), manageGroupMembershipScope.(*schema.Set)) + if manageGroupMembershipScope, ok := data.GetOk("manage_group_membership_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string), manageGroupMembershipScope.(*schema.Set)) if err != nil { return err } } - impersonateScope, ok := data.GetOk("impersonate_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string), impersonateScope.(*schema.Set)) + if impersonateScope, ok := data.GetOk("impersonate_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string), impersonateScope.(*schema.Set)) if err != nil { return err } } - userImpersonatedScope, ok := data.GetOk("user_impersonated_scope") - if ok { - err := setUsersScopePermission(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string), userImpersonatedScope.(*schema.Set)) + if userImpersonatedScope, ok := data.GetOk("user_impersonated_scope"); ok { + err := setOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string), userImpersonatedScope.(*schema.Set)) if err != nil { return err } @@ -214,53 +124,41 @@ func resourceKeycloakUsersPermissionsRead(data *schema.ResourceData, meta interf data.Set("enabled", usersPermissions.Enabled) data.Set("authorization_resource_server_id", realmManagementClient.Id) - permissionView, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string)) - if err != nil { + if viewScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["view"].(string)); err == nil && viewScope != nil { + data.Set("view_scope", []interface{}{viewScope}) + } else if err != nil { return err } - if permissionView != nil { - data.Set("view_scope", []interface{}{permissionView}) - } - permissionManage, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string)) - if err != nil { + if manageScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage"].(string)); err == nil && manageScope != nil { + data.Set("manage_scope", []interface{}{manageScope}) + } else if err != nil { return err } - if permissionManage != nil { - data.Set("manage_scope", []interface{}{permissionManage}) - } - permissionMapRoles, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string)) - if err != nil { + if mapRolesScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["map-roles"].(string)); err == nil && mapRolesScope != nil { + data.Set("map_roles_scope", []interface{}{mapRolesScope}) + } else if err != nil { return err } - if permissionMapRoles != nil { - data.Set("map_roles_scope", []interface{}{permissionMapRoles}) - } - permissionManageGroupMembership, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string)) - if err != nil { + if manageGroupMembershipScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["manage-group-membership"].(string)); err == nil && manageGroupMembershipScope != nil { + data.Set("manage_group_membership_scope", []interface{}{manageGroupMembershipScope}) + } else if err != nil { return err } - if permissionManageGroupMembership != nil { - data.Set("manage_group_membership_scope", []interface{}{permissionManageGroupMembership}) - } - permissionImpersonate, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string)) - if err != nil { + if impersonateScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["impersonate"].(string)); err == nil && impersonateScope != nil { + data.Set("impersonate_scope", []interface{}{impersonateScope}) + } else if err != nil { return err } - if permissionImpersonate != nil { - data.Set("impersonate_scope", []interface{}{permissionImpersonate}) - } - permissionUserImpersonated, err := getUsersScopePermissions(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string)) - if err != nil { + if userImpersonatedScope, err := getOpenidClientScopePermissionPolicy(keycloakClient, realmId, realmManagementClient.Id, usersPermissions.ScopePermissions["user-impersonated"].(string)); err == nil && userImpersonatedScope != nil { + data.Set("user_impersonated_scope", []interface{}{userImpersonatedScope}) + } else if err != nil { return err } - if permissionUserImpersonated != nil { - data.Set("user_impersonated_scope", []interface{}{permissionUserImpersonated}) - } return nil } diff --git a/provider/resource_keycloak_users_permissions_test.go b/provider/resource_keycloak_users_permissions_test.go index a3112477..aae59e40 100644 --- a/provider/resource_keycloak_users_permissions_test.go +++ b/provider/resource_keycloak_users_permissions_test.go @@ -69,15 +69,15 @@ func testAccCheckKeycloakUsersPermissionExists(resourceName string) resource.Tes policyId := authzClientView.Policies[0] if viewScopePolicyId != policyId { - return fmt.Errorf("computed viewScopePolicyId %s was not equal to policyId %s", viewScopePolicyId, policyId) + return fmt.Errorf("computed view scope policy ID %s was not equal to %s", viewScopePolicyId, policyId) } if authzClientView.Description != viewScopeDescription { - return fmt.Errorf("DecisionStrategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDescription) + return fmt.Errorf("description %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDescription) } if authzClientView.DecisionStrategy != viewScopeDecisionStrategy { - return fmt.Errorf("DecisionStrategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDecisionStrategy) + return fmt.Errorf("decision strategy %s was not equal to %s", authzClientView.DecisionStrategy, viewScopeDecisionStrategy) } authzClientManage, err := keycloakClient.GetOpenidClientAuthorizationPermission(permissions.RealmId, realmManagementId, permissions.ScopePermissions["manage"].(string)) @@ -124,8 +124,6 @@ func testAccCheckKeycloakUsersPermissionsAreDisabled(realmId string) resource.Te } func getUsersPermissionsFromState(s *terraform.State, resourceName string) (*keycloak.UsersPermissions, error) { - keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) - rs, ok := s.RootModule().Resources[resourceName] if !ok { return nil, fmt.Errorf("resource not found: %s", resourceName) @@ -152,10 +150,9 @@ data "keycloak_openid_client" "realm_management" { client_id = "realm-management" } -resource "keycloak_openid_client_permissions" "realm-management_permission" { +resource "keycloak_openid_client_permissions" "realm_management_permission" { realm_id = keycloak_realm.realm.id client_id = data.keycloak_openid_client.realm_management.id - enabled = true } resource "keycloak_user" "test" { @@ -179,7 +176,7 @@ resource "keycloak_openid_client_user_policy" "test" { decision_strategy = "UNANIMOUS" depends_on = [ - keycloak_openid_client_permissions.realm-management_permission, + keycloak_openid_client_permissions.realm_management_permission, ] } resource "keycloak_openid_client_user_policy" "test2" { @@ -194,7 +191,7 @@ resource "keycloak_openid_client_user_policy" "test2" { decision_strategy = "UNANIMOUS" depends_on = [ - keycloak_openid_client_permissions.realm-management_permission, + keycloak_openid_client_permissions.realm_management_permission, ] } From 6204f0d0940fbffa85175dcdf25a2fb703a30a58 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sun, 10 Jan 2021 12:38:33 -0600 Subject: [PATCH 09/15] update custom user federation example for keycloak 12 (#458) --- custom-user-federation-example/build.gradle | 2 +- .../mrparkers/keycloak/CustomIdentityProviderFactory.kt | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/custom-user-federation-example/build.gradle b/custom-user-federation-example/build.gradle index e20bfbec..0fa0b0c0 100644 --- a/custom-user-federation-example/build.gradle +++ b/custom-user-federation-example/build.gradle @@ -1,6 +1,6 @@ buildscript { ext.kotlinVersion = '1.3.31' - ext.keycloakVersion = '7.0.0' + ext.keycloakVersion = '12.0.1' ext.shadowJarVersion = '4.0.2' repositories { diff --git a/custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderFactory.kt b/custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderFactory.kt index e60c4d76..7b3480d3 100644 --- a/custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderFactory.kt +++ b/custom-user-federation-example/src/main/kotlin/com/github/mrparkers/keycloak/CustomIdentityProviderFactory.kt @@ -1,6 +1,5 @@ package com.github.mrparkers.keycloak - import org.keycloak.broker.oidc.OIDCIdentityProviderConfig import org.keycloak.broker.provider.AbstractIdentityProviderFactory import org.keycloak.models.IdentityProviderModel @@ -43,4 +42,8 @@ class CustomIdentityProviderFactory : AbstractIdentityProviderFactory Date: Sun, 10 Jan 2021 19:49:27 +0100 Subject: [PATCH 10/15] new resource: keycloak_openid_script_protocol_mapper (#453) --- keycloak/openid_script_protocol_mapper.go | 135 ++++++ keycloak/protocol_mapper.go | 1 + provider/provider.go | 1 + ..._keycloak_openid_script_protocol_mapper.go | 193 +++++++++ ...loak_openid_script_protocol_mapper_test.go | 399 ++++++++++++++++++ 5 files changed, 729 insertions(+) create mode 100644 keycloak/openid_script_protocol_mapper.go create mode 100644 provider/resource_keycloak_openid_script_protocol_mapper.go create mode 100644 provider/resource_keycloak_openid_script_protocol_mapper_test.go diff --git a/keycloak/openid_script_protocol_mapper.go b/keycloak/openid_script_protocol_mapper.go new file mode 100644 index 00000000..3fb23117 --- /dev/null +++ b/keycloak/openid_script_protocol_mapper.go @@ -0,0 +1,135 @@ +package keycloak + +import ( + "fmt" + "strconv" +) + +type OpenIdScriptProtocolMapper struct { + Id string + Name string + RealmId string + ClientId string + ClientScopeId string + + AddToIdToken bool + AddToAccessToken bool + AddToUserInfo bool + + Script string + ClaimName string + ClaimValueType string + + Multivalued bool // indicates whether is this an array of attributes or a single attribute +} + +func (mapper *OpenIdScriptProtocolMapper) convertToGenericProtocolMapper() *protocolMapper { + return &protocolMapper{ + Id: mapper.Id, + Name: mapper.Name, + Protocol: "openid-connect", + ProtocolMapper: "oidc-script-based-protocol-mapper", + Config: map[string]string{ + addToIdTokenField: strconv.FormatBool(mapper.AddToIdToken), + addToAccessTokenField: strconv.FormatBool(mapper.AddToAccessToken), + addToUserInfoField: strconv.FormatBool(mapper.AddToUserInfo), + scriptField: mapper.Script, + claimNameField: mapper.ClaimName, + claimValueTypeField: mapper.ClaimValueType, + multivaluedField: strconv.FormatBool(mapper.Multivalued), + }, + } +} + +func (protocolMapper *protocolMapper) convertToOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId string) (*OpenIdScriptProtocolMapper, error) { + addToIdToken, err := strconv.ParseBool(protocolMapper.Config[addToIdTokenField]) + if err != nil { + return nil, err + } + + addToAccessToken, err := strconv.ParseBool(protocolMapper.Config[addToAccessTokenField]) + if err != nil { + return nil, err + } + + addToUserInfo, err := strconv.ParseBool(protocolMapper.Config[addToUserInfoField]) + if err != nil { + return nil, err + } + + // multivalued's default is "", this is an issue when importing an existing mapper + multivalued, err := parseBoolAndTreatEmptyStringAsFalse(protocolMapper.Config[multivaluedField]) + if err != nil { + return nil, err + } + + return &OpenIdScriptProtocolMapper{ + Id: protocolMapper.Id, + Name: protocolMapper.Name, + RealmId: realmId, + ClientId: clientId, + ClientScopeId: clientScopeId, + + AddToIdToken: addToIdToken, + AddToAccessToken: addToAccessToken, + AddToUserInfo: addToUserInfo, + + Script: protocolMapper.Config[scriptField], + ClaimName: protocolMapper.Config[claimNameField], + ClaimValueType: protocolMapper.Config[claimValueTypeField], + Multivalued: multivalued, + }, nil +} + +func (keycloakClient *KeycloakClient) GetOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId, mapperId string) (*OpenIdScriptProtocolMapper, error) { + var protocolMapper *protocolMapper + + err := keycloakClient.get(individualProtocolMapperPath(realmId, clientId, clientScopeId, mapperId), &protocolMapper, nil) + if err != nil { + return nil, err + } + + return protocolMapper.convertToOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId) +} + +func (keycloakClient *KeycloakClient) DeleteOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId, mapperId string) error { + return keycloakClient.delete(individualProtocolMapperPath(realmId, clientId, clientScopeId, mapperId), nil) +} + +func (keycloakClient *KeycloakClient) NewOpenIdScriptProtocolMapper(mapper *OpenIdScriptProtocolMapper) error { + path := protocolMapperPath(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId) + + _, location, err := keycloakClient.post(path, mapper.convertToGenericProtocolMapper()) + if err != nil { + return err + } + + mapper.Id = getIdFromLocationHeader(location) + + return nil +} + +func (keycloakClient *KeycloakClient) UpdateOpenIdScriptProtocolMapper(mapper *OpenIdScriptProtocolMapper) error { + path := individualProtocolMapperPath(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) + + return keycloakClient.put(path, mapper.convertToGenericProtocolMapper()) +} + +func (keycloakClient *KeycloakClient) ValidateOpenIdScriptProtocolMapper(mapper *OpenIdScriptProtocolMapper) error { + if mapper.ClientId == "" && mapper.ClientScopeId == "" { + return fmt.Errorf("validation error: one of ClientId or ClientScopeId must be set") + } + + protocolMappers, err := keycloakClient.listGenericProtocolMappers(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId) + if err != nil { + return err + } + + for _, protocolMapper := range protocolMappers { + if protocolMapper.Name == mapper.Name && protocolMapper.Id != mapper.Id { + return fmt.Errorf("validation error: a protocol mapper with name %s already exists for this client", mapper.Name) + } + } + + return nil +} diff --git a/keycloak/protocol_mapper.go b/keycloak/protocol_mapper.go index bc95f9cb..848e9dac 100644 --- a/keycloak/protocol_mapper.go +++ b/keycloak/protocol_mapper.go @@ -25,6 +25,7 @@ var ( includedClientAudienceField = "included.client.audience" includedCustomAudienceField = "included.custom.audience" multivaluedField = "multivalued" + scriptField = "script" userAttributeField = "user.attribute" userPropertyField = "user.attribute" userRealmRoleMappingRolePrefixField = "usermodel.realmRoleMapping.rolePrefix" diff --git a/provider/provider.go b/provider/provider.go index 6916f0de..7dab3ef1 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -56,6 +56,7 @@ func KeycloakProvider(client *keycloak.KeycloakClient) *schema.Provider { "keycloak_openid_user_realm_role_protocol_mapper": resourceKeycloakOpenIdUserRealmRoleProtocolMapper(), "keycloak_openid_user_client_role_protocol_mapper": resourceKeycloakOpenIdUserClientRoleProtocolMapper(), "keycloak_openid_user_session_note_protocol_mapper": resourceKeycloakOpenIdUserSessionNoteProtocolMapper(), + "keycloak_openid_script_protocol_mapper": resourceKeycloakOpenIdScriptProtocolMapper(), "keycloak_openid_client_default_scopes": resourceKeycloakOpenidClientDefaultScopes(), "keycloak_openid_client_optional_scopes": resourceKeycloakOpenidClientOptionalScopes(), "keycloak_saml_client": resourceKeycloakSamlClient(), diff --git a/provider/resource_keycloak_openid_script_protocol_mapper.go b/provider/resource_keycloak_openid_script_protocol_mapper.go new file mode 100644 index 00000000..5d37501e --- /dev/null +++ b/provider/resource_keycloak_openid_script_protocol_mapper.go @@ -0,0 +1,193 @@ +package provider + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/mrparkers/terraform-provider-keycloak/keycloak" +) + +func resourceKeycloakOpenIdScriptProtocolMapper() *schema.Resource { + return &schema.Resource{ + Create: resourceKeycloakOpenIdScriptProtocolMapperCreate, + Read: resourceKeycloakOpenIdScriptProtocolMapperRead, + Update: resourceKeycloakOpenIdScriptProtocolMapperUpdate, + Delete: resourceKeycloakOpenIdScriptProtocolMapperDelete, + Importer: &schema.ResourceImporter{ + // import a mapper tied to a client: + // {{realmId}}/client/{{clientId}}/{{protocolMapperId}} + // or a client scope: + // {{realmId}}/client-scope/{{clientScopeId}}/{{protocolMapperId}} + State: genericProtocolMapperImport, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "A human-friendly name that will appear in the Keycloak console.", + }, + "realm_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: "The realm id where the associated client or client scope exists.", + }, + "client_id": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "The mapper's associated client. Cannot be used at the same time as client_scope_id.", + ConflictsWith: []string{"client_scope_id"}, + }, + "client_scope_id": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "The mapper's associated client scope. Cannot be used at the same time as client_id.", + ConflictsWith: []string{"client_id"}, + }, + "add_to_id_token": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Indicates if the attribute should be a claim in the id token.", + }, + "add_to_access_token": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Indicates if the attribute should be a claim in the access token.", + }, + "add_to_userinfo": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Indicates if the attribute should appear in the userinfo response body.", + }, + "multivalued": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Indicates whether this attribute is a single value or an array of values.", + }, + "script": { + Type: schema.TypeString, + Required: true, + Description: "JavaScript used to attach a value to a claim for OIDC tokens.", + }, + "claim_name": { + Type: schema.TypeString, + Required: true, + }, + "claim_value_type": { + Type: schema.TypeString, + Optional: true, + Description: "Claim type used when serializing tokens.", + Default: "String", + ValidateFunc: validation.StringInSlice([]string{"JSON", "String", "long", "int", "boolean"}, true), + }, + }, + } +} + +func mapFromDataToOpenIdScriptProtocolMapper(data *schema.ResourceData) *keycloak.OpenIdScriptProtocolMapper { + return &keycloak.OpenIdScriptProtocolMapper{ + Id: data.Id(), + Name: data.Get("name").(string), + RealmId: data.Get("realm_id").(string), + ClientId: data.Get("client_id").(string), + ClientScopeId: data.Get("client_scope_id").(string), + AddToIdToken: data.Get("add_to_id_token").(bool), + AddToAccessToken: data.Get("add_to_access_token").(bool), + AddToUserInfo: data.Get("add_to_userinfo").(bool), + + Script: data.Get("script").(string), + ClaimName: data.Get("claim_name").(string), + ClaimValueType: data.Get("claim_value_type").(string), + Multivalued: data.Get("multivalued").(bool), + } +} + +func mapFromOpenIdScriptMapperToData(mapper *keycloak.OpenIdScriptProtocolMapper, data *schema.ResourceData) { + data.SetId(mapper.Id) + data.Set("name", mapper.Name) + data.Set("realm_id", mapper.RealmId) + + if mapper.ClientId != "" { + data.Set("client_id", mapper.ClientId) + } else { + data.Set("client_scope_id", mapper.ClientScopeId) + } + + data.Set("add_to_id_token", mapper.AddToIdToken) + data.Set("add_to_access_token", mapper.AddToAccessToken) + data.Set("add_to_userinfo", mapper.AddToUserInfo) + data.Set("script", mapper.Script) + data.Set("claim_name", mapper.ClaimName) + data.Set("claim_value_type", mapper.ClaimValueType) + data.Set("multivalued", mapper.Multivalued) +} + +func resourceKeycloakOpenIdScriptProtocolMapperCreate(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + openIdScriptMapper := mapFromDataToOpenIdScriptProtocolMapper(data) + + err := keycloakClient.ValidateOpenIdScriptProtocolMapper(openIdScriptMapper) + if err != nil { + return err + } + + err = keycloakClient.NewOpenIdScriptProtocolMapper(openIdScriptMapper) + if err != nil { + return err + } + + mapFromOpenIdScriptMapperToData(openIdScriptMapper, data) + + return resourceKeycloakOpenIdScriptProtocolMapperRead(data, meta) +} + +func resourceKeycloakOpenIdScriptProtocolMapperRead(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + realmId := data.Get("realm_id").(string) + clientId := data.Get("client_id").(string) + clientScopeId := data.Get("client_scope_id").(string) + + openIdScriptMapper, err := keycloakClient.GetOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId, data.Id()) + if err != nil { + return handleNotFoundError(err, data) + } + + mapFromOpenIdScriptMapperToData(openIdScriptMapper, data) + + return nil +} + +func resourceKeycloakOpenIdScriptProtocolMapperUpdate(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + openIdScriptMapper := mapFromDataToOpenIdScriptProtocolMapper(data) + + err := keycloakClient.ValidateOpenIdScriptProtocolMapper(openIdScriptMapper) + if err != nil { + return err + } + + err = keycloakClient.UpdateOpenIdScriptProtocolMapper(openIdScriptMapper) + if err != nil { + return err + } + + return resourceKeycloakOpenIdScriptProtocolMapperRead(data, meta) +} + +func resourceKeycloakOpenIdScriptProtocolMapperDelete(data *schema.ResourceData, meta interface{}) error { + keycloakClient := meta.(*keycloak.KeycloakClient) + + realmId := data.Get("realm_id").(string) + clientId := data.Get("client_id").(string) + clientScopeId := data.Get("client_scope_id").(string) + + return keycloakClient.DeleteOpenIdScriptProtocolMapper(realmId, clientId, clientScopeId, data.Id()) +} diff --git a/provider/resource_keycloak_openid_script_protocol_mapper_test.go b/provider/resource_keycloak_openid_script_protocol_mapper_test.go new file mode 100644 index 00000000..6877f19c --- /dev/null +++ b/provider/resource_keycloak_openid_script_protocol_mapper_test.go @@ -0,0 +1,399 @@ +package provider + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/mrparkers/terraform-provider-keycloak/keycloak" + "regexp" + "testing" +) + +func TestAccKeycloakOpenIdScriptProtocolMapper_basicClient(t *testing.T) { + t.Parallel() + + clientId := "terraform-client-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_basic_client(clientId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_basicClientScope(t *testing.T) { + t.Parallel() + + clientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_basic_clientScope(clientScopeId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_import(t *testing.T) { + t.Parallel() + + clientId := "terraform-openid-client-" + acctest.RandString(10) + clientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + clientResourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" + clientScopeResourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_import(clientId, clientScopeId, mapperName), + Check: resource.ComposeTestCheckFunc( + testKeycloakOpenIdScriptProtocolMapperExists(clientResourceName), + testKeycloakOpenIdScriptProtocolMapperExists(clientScopeResourceName), + ), + }, + { + ResourceName: clientResourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: getGenericProtocolMapperIdForClient(clientResourceName), + }, + { + ResourceName: clientScopeResourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: getGenericProtocolMapperIdForClientScope(clientScopeResourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_update(t *testing.T) { + t.Parallel() + + clientId := "terraform-client-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + attributeName := "claim-" + acctest.RandString(10) + updatedAttributeName := "claim-update-" + acctest.RandString(10) + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_claim(clientId, mapperName, attributeName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + { + Config: testKeycloakOpenIdScriptProtocolMapper_claim(clientId, mapperName, updatedAttributeName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_createAfterManualDestroy(t *testing.T) { + t.Parallel() + + var mapper = &keycloak.OpenIdScriptProtocolMapper{} + + clientId := "terraform-client-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_basic_client(clientId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperFetch(resourceName, mapper), + }, + { + PreConfig: func() { + keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + + err := keycloakClient.DeleteOpenIdScriptProtocolMapper(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id) + if err != nil { + t.Error(err) + } + }, + Config: testKeycloakOpenIdScriptProtocolMapper_basic_client(clientId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_validateClaimValueType(t *testing.T) { + t.Parallel() + + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(10) + invalidClaimValueType := acctest.RandString(5) + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_claimValueType(mapperName, invalidClaimValueType), + ExpectError: regexp.MustCompile("expected claim_value_type to be one of .+ got " + invalidClaimValueType), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_updateClientIdForceNew(t *testing.T) { + t.Parallel() + + clientId := "terraform-client-" + acctest.RandString(10) + updatedClientId := "terraform-client-update-" + acctest.RandString(10) + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + + attributeName := "claim-" + acctest.RandString(10) + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_claim(clientId, mapperName, attributeName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + { + Config: testKeycloakOpenIdScriptProtocolMapper_claim(updatedClientId, mapperName, attributeName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func TestAccKeycloakOpenIdScriptProtocolMapper_updateClientScopeForceNew(t *testing.T) { + t.Parallel() + + mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientScopeId := "terraform-client-" + acctest.RandString(10) + newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccKeycloakOpenIdScriptProtocolMapperDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakOpenIdScriptProtocolMapper_basic_clientScope(clientScopeId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + { + Config: testKeycloakOpenIdScriptProtocolMapper_basic_clientScope(newClientScopeId, mapperName), + Check: testKeycloakOpenIdScriptProtocolMapperExists(resourceName), + }, + }, + }) +} + +func testAccKeycloakOpenIdScriptProtocolMapperDestroy() resource.TestCheckFunc { + return func(state *terraform.State) error { + for resourceName, rs := range state.RootModule().Resources { + if rs.Type != "keycloak_openid_script_protocol_mapper" { + continue + } + + mapper, _ := getScriptMapperUsingState(state, resourceName) + + if mapper != nil { + return fmt.Errorf("openid script protocol mapper with id %s still exists", rs.Primary.ID) + } + } + + return nil + } +} + +func testKeycloakOpenIdScriptProtocolMapperExists(resourceName string) resource.TestCheckFunc { + return func(state *terraform.State) error { + _, err := getScriptMapperUsingState(state, resourceName) + if err != nil { + return err + } + + return nil + } +} + +func testKeycloakOpenIdScriptProtocolMapperFetch(resourceName string, mapper *keycloak.OpenIdScriptProtocolMapper) resource.TestCheckFunc { + return func(state *terraform.State) error { + fetchedMapper, err := getScriptMapperUsingState(state, resourceName) + if err != nil { + return err + } + + mapper.Id = fetchedMapper.Id + mapper.ClientId = fetchedMapper.ClientId + mapper.ClientScopeId = fetchedMapper.ClientScopeId + mapper.RealmId = fetchedMapper.RealmId + + return nil + } +} + +func getScriptMapperUsingState(state *terraform.State, resourceName string) (*keycloak.OpenIdScriptProtocolMapper, error) { + rs, ok := state.RootModule().Resources[resourceName] + if !ok { + return nil, fmt.Errorf("resource not found in TF state: %s ", resourceName) + } + + id := rs.Primary.ID + realm := rs.Primary.Attributes["realm_id"] + clientId := rs.Primary.Attributes["client_id"] + clientScopeId := rs.Primary.Attributes["client_scope_id"] + + keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient) + + return keycloakClient.GetOpenIdScriptProtocolMapper(realm, clientId, clientScopeId, id) +} + +func testKeycloakOpenIdScriptProtocolMapper_basic_client(clientId, mapperName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + + access_type = "BEARER-ONLY" +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper_client" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id + script = "exports = 'foo';" + claim_name = "bar" +}`, testAccRealm.Realm, clientId, mapperName) +} + +func testKeycloakOpenIdScriptProtocolMapper_basic_clientScope(clientScopeId, mapperName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client_scope" "client_scope" { + name = "%s" + realm_id = data.keycloak_realm.realm.id +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper_client_scope" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id + script = "exports = 'foo';" + claim_name = "bar" +}`, testAccRealm.Realm, clientScopeId, mapperName) +} + +func testKeycloakOpenIdScriptProtocolMapper_import(clientId, clientScopeId, mapperName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + + access_type = "BEARER-ONLY" +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper_client" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id + script = "exports = 'foo';" + claim_name = "bar" +} + +resource "keycloak_openid_client_scope" "client_scope" { + name = "%s" + realm_id = data.keycloak_realm.realm.id +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper_client_scope" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id + script = "exports = 'foo';" + claim_name = "bar" +}`, testAccRealm.Realm, clientId, mapperName, clientScopeId, mapperName) +} + +func testKeycloakOpenIdScriptProtocolMapper_claim(clientId, mapperName, attributeName string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_client" "openid_client" { + realm_id = data.keycloak_realm.realm.id + client_id = "%s" + + access_type = "BEARER-ONLY" +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id + script = "exports = '%s';" + claim_name = "bar" +}`, testAccRealm.Realm, clientId, mapperName, attributeName) +} + +func testKeycloakOpenIdScriptProtocolMapper_claimValueType(mapperName, claimValueType string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper_validation" { + name = "%s" + realm_id = data.keycloak_realm.realm.id + script = "exports = 'foo';" + claim_name = "bar" + claim_value_type = "%s" +}`, testAccRealm.Realm, mapperName, claimValueType) +} From dca3ac47ff49d915a0cc6d2e70532e3e2b186c90 Mon Sep 17 00:00:00 2001 From: PaulG Date: Sun, 10 Jan 2021 21:12:59 +0200 Subject: [PATCH 11/15] allow commas in keycloak_custom_user_federation config (#455) --- .../resource_keycloak_custom_user_federation.go | 4 ++-- ...esource_keycloak_custom_user_federation_test.go | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/provider/resource_keycloak_custom_user_federation.go b/provider/resource_keycloak_custom_user_federation.go index 368436a1..0dd5c4dc 100644 --- a/provider/resource_keycloak_custom_user_federation.go +++ b/provider/resource_keycloak_custom_user_federation.go @@ -82,7 +82,7 @@ func getCustomUserFederationFromData(data *schema.ResourceData) *keycloak.Custom config := map[string][]string{} if v, ok := data.GetOk("config"); ok { for key, value := range v.(map[string]interface{}) { - config[key] = strings.Split(value.(string), ",") + config[key] = []string{value.(string)} } } parentId := "" @@ -125,7 +125,7 @@ func setCustomUserFederationData(data *schema.ResourceData, custom *keycloak.Cus config := make(map[string]interface{}) for k, v := range custom.Config { - config[k] = strings.Join(v, ",") + config[k] = v[0] } data.Set("config", config) diff --git a/provider/resource_keycloak_custom_user_federation_test.go b/provider/resource_keycloak_custom_user_federation_test.go index 5ed47667..b6e333f2 100644 --- a/provider/resource_keycloak_custom_user_federation_test.go +++ b/provider/resource_keycloak_custom_user_federation_test.go @@ -57,6 +57,20 @@ func TestAccKeycloakCustomUserFederation_customConfig(t *testing.T) { }, }, }) + + configValue = configValue + "," + acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakCustomUserFederationDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakCustomUserFederation_customConfig(name, providerId, configValue), + Check: testAccCheckKeycloakCustomUserFederationExistsWithCustomConfig("keycloak_custom_user_federation.custom", configValue), + }, + }, + }) } func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) { From 5775e4e090e42bbf70dbcb82f277756ca12ce002 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sun, 10 Jan 2021 14:24:25 -0600 Subject: [PATCH 12/15] use better random variables in tests (#459) --- ..._keycloak_authentication_execution_test.go | 6 +- provider/data_source_keycloak_group_test.go | 6 +- provider/data_source_keycloak_realm_test.go | 2 +- provider/data_source_keycloak_role_test.go | 6 +- ..._saml_client_installation_provider_test.go | 2 +- provider/data_source_keycloak_user_test.go | 2 +- ...generic_protocol_mapper_validation_test.go | 72 ++++++------ provider/provider_password_grant_test.go | 2 +- ..._importer_identity_provider_mapper_test.go | 38 +++--- ...e_to_role_identity_provider_mapper_test.go | 46 ++++---- ..._keycloak_authentication_execution_test.go | 6 +- ...ource_keycloak_authentication_flow_test.go | 10 +- ...ce_keycloak_authentication_subflow_test.go | 18 +-- ...ce_keycloak_custom_user_federation_test.go | 18 +-- .../resource_keycloak_default_groups_test.go | 10 +- ...oak_generic_client_protocol_mapper_test.go | 24 ++-- ...eycloak_generic_client_role_mapper_test.go | 44 +++---- ...esource_keycloak_group_memberships_test.go | 34 +++--- .../resource_keycloak_group_roles_test.go | 30 ++--- provider/resource_keycloak_group_test.go | 42 +++---- ...attribute_identity_provider_mapper_test.go | 38 +++--- ...oded_role_identity_provider_mapper_test.go | 30 ++--- ...er_token_exchange_scope_permission_test.go | 4 - ...rce_keycloak_ldap_full_name_mapper_test.go | 8 +- ...esource_keycloak_ldap_group_mapper_test.go | 20 ++-- ...ycloak_ldap_hardcoded_group_mapper_test.go | 8 +- ...eycloak_ldap_hardcoded_role_mapper_test.go | 8 +- ...ad_lds_user_account_control_mapper_test.go | 6 +- ...p_msad_user_account_control_mapper_test.go | 6 +- ...resource_keycloak_ldap_role_mapper_test.go | 16 +-- ...eycloak_ldap_user_attribute_mapper_test.go | 6 +- ...urce_keycloak_ldap_user_federation_test.go | 30 ++--- ...loak_oidc_google_identity_provider_test.go | 2 +- ...ce_keycloak_oidc_identity_provider_test.go | 10 +- ...ak_openid_audience_protocol_mapper_test.go | 50 ++++---- ...ent_authorization_aggregate_policy_test.go | 2 +- ...client_authorization_client_policy_test.go | 2 +- ..._client_authorization_group_policy_test.go | 2 +- ...nid_client_authorization_js_policy_test.go | 2 +- ...id_client_authorization_permission_test.go | 20 ++-- ...enid_client_authorization_resource_test.go | 10 +- ...d_client_authorization_role_policy_test.go | 4 +- ..._openid_client_authorization_scope_test.go | 10 +- ...d_client_authorization_time_policy_test.go | 4 +- ...d_client_authorization_user_policy_test.go | 2 +- ...cloak_openid_client_default_scopes_test.go | 38 +++--- ...loak_openid_client_optional_scopes_test.go | 38 +++--- ...keycloak_openid_client_permissions_test.go | 2 +- ...ource_keycloak_openid_client_scope_test.go | 12 +- ..._client_service_account_realm_role_test.go | 4 +- ...openid_client_service_account_role_test.go | 8 +- .../resource_keycloak_openid_client_test.go | 40 +++---- ...k_openid_full_name_protocol_mapper_test.go | 32 +++--- ...d_group_membership_protocol_mapper_test.go | 32 +++--- ...id_hardcoded_claim_protocol_mapper_test.go | 58 +++++----- ...nid_hardcoded_role_protocol_mapper_test.go | 42 +++---- ...loak_openid_script_protocol_mapper_test.go | 44 +++---- ...nid_user_attribute_protocol_mapper_test.go | 44 +++---- ...d_user_client_role_protocol_mapper_test.go | 64 +++++------ ...enid_user_property_protocol_mapper_test.go | 50 ++++---- ...id_user_realm_role_protocol_mapper_test.go | 50 ++++---- ..._user_session_note_protocol_mapper_test.go | 58 +++++----- .../resource_keycloak_realm_events_test.go | 8 +- provider/resource_keycloak_realm_test.go | 108 +++++++++--------- .../resource_keycloak_required_action_test.go | 14 +-- provider/resource_keycloak_role_test.go | 42 +++---- ...eycloak_saml_client_default_scopes_test.go | 30 ++--- ...esource_keycloak_saml_client_scope_test.go | 10 +- .../resource_keycloak_saml_client_test.go | 26 ++--- ...ce_keycloak_saml_identity_provider_test.go | 16 +-- ...aml_user_attribute_protocol_mapper_test.go | 34 +++--- ...saml_user_property_protocol_mapper_test.go | 34 +++--- provider/resource_keycloak_user_roles_test.go | 30 ++--- ..._importer_identity_provider_mapper_test.go | 30 ++--- provider/resource_keycloak_user_test.go | 42 +++---- ...esource_keycloak_users_permissions_test.go | 2 +- 76 files changed, 878 insertions(+), 882 deletions(-) diff --git a/provider/data_source_keycloak_authentication_execution_test.go b/provider/data_source_keycloak_authentication_execution_test.go index 7077b362..6826dab5 100644 --- a/provider/data_source_keycloak_authentication_execution_test.go +++ b/provider/data_source_keycloak_authentication_execution_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakDataSourceAuthenticationExecution_basic(t *testing.T) { t.Parallel() - parentFlowAlias := acctest.RandString(20) + parentFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -36,7 +36,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_basic(t *testing.T) { func TestAccKeycloakDataSourceAuthenticationExecution_errorNoExecutions(t *testing.T) { t.Parallel() - parentFlowAlias := acctest.RandString(20) + parentFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -53,7 +53,7 @@ func TestAccKeycloakDataSourceAuthenticationExecution_errorNoExecutions(t *testi func TestAccKeycloakDataSourceAuthenticationExecution_errorWrongProviderId(t *testing.T) { t.Parallel() - parentFlowAlias := acctest.RandString(20) + parentFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/data_source_keycloak_group_test.go b/provider/data_source_keycloak_group_test.go index e168c915..89e15443 100644 --- a/provider/data_source_keycloak_group_test.go +++ b/provider/data_source_keycloak_group_test.go @@ -11,7 +11,7 @@ import ( func TestAccKeycloakDataSourceGroup_basic(t *testing.T) { t.Parallel() - group := "terraform-group-" + acctest.RandString(10) + group := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -35,8 +35,8 @@ func TestAccKeycloakDataSourceGroup_basic(t *testing.T) { func TestAccKeycloakDataSourceGroup_nested(t *testing.T) { t.Parallel() - group := "terraform-group-" + acctest.RandString(10) - groupNested := "terraform-group-nested-" + acctest.RandString(10) + group := acctest.RandomWithPrefix("tf-acc") + groupNested := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/data_source_keycloak_realm_test.go b/provider/data_source_keycloak_realm_test.go index e1c073fe..b393a73b 100644 --- a/provider/data_source_keycloak_realm_test.go +++ b/provider/data_source_keycloak_realm_test.go @@ -9,7 +9,7 @@ import ( ) func TestAccKeycloakDataSourceRealm_basic(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + realm := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_realm.my_realm" dataSourceName := "data.keycloak_realm.realm" diff --git a/provider/data_source_keycloak_role_test.go b/provider/data_source_keycloak_role_test.go index b3b607fe..4d445a16 100644 --- a/provider/data_source_keycloak_role_test.go +++ b/provider/data_source_keycloak_role_test.go @@ -10,9 +10,9 @@ import ( func TestAccKeycloakDataSourceRole_basic(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - realmRole := "terraform-role-" + acctest.RandString(10) - clientRole := "terraform-role-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + realmRole := acctest.RandomWithPrefix("tf-acc") + clientRole := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/data_source_keycloak_saml_client_installation_provider_test.go b/provider/data_source_keycloak_saml_client_installation_provider_test.go index 4524d6da..6c0b4291 100644 --- a/provider/data_source_keycloak_saml_client_installation_provider_test.go +++ b/provider/data_source_keycloak_saml_client_installation_provider_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakDataSourceSamlClientInstallationProvider_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_client.saml_client" dataSourceName := "data.keycloak_saml_client_installation_provider.saml_sp_descriptor" diff --git a/provider/data_source_keycloak_user_test.go b/provider/data_source_keycloak_user_test.go index 867e3fd9..57cf9d81 100644 --- a/provider/data_source_keycloak_user_test.go +++ b/provider/data_source_keycloak_user_test.go @@ -11,7 +11,7 @@ import ( func TestAccKeycloakDataSourceUser(t *testing.T) { t.Parallel() - username := acctest.RandString(10) + username := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/generic_protocol_mapper_validation_test.go b/provider/generic_protocol_mapper_validation_test.go index 3bfd8cd2..a3550b77 100644 --- a/provider/generic_protocol_mapper_validation_test.go +++ b/provider/generic_protocol_mapper_validation_test.go @@ -19,8 +19,8 @@ import ( func TestAccKeycloakOpenIdFullNameProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") groupMembershipProtocolMapperResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -43,8 +43,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientDuplicateNameValidation(t func TestAccKeycloakOpenIdFullNameProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") groupMembershipProtocolMapperResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client_scope" @@ -67,8 +67,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_clientScopeDuplicateNameValidat func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") fullNameProtocolMapperResourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" @@ -91,8 +91,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientDuplicateNameValid func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") fullNameProtocolMapperResourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client_scope" @@ -115,8 +115,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_clientScopeDuplicateName func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") groupMembershipProtocolMapperResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -139,8 +139,8 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientDuplicateNameValidat func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") groupMembershipProtocolMapperResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client_scope" @@ -163,8 +163,8 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_clientScopeDuplicateNameVa func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userAttributeProtocolMapperResourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client" @@ -187,8 +187,8 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientDuplicateNameValidati func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userAttributeProtocolMapperResourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client_scope" @@ -211,8 +211,8 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_clientScopeDuplicateNameVal func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userPropertyProtocolMapperResourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client" @@ -235,8 +235,8 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientDuplicateNameValida func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userPropertyProtocolMapperResourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client_scope" @@ -259,8 +259,8 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_clientScopeDuplicateNameV func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") fullNameProtocolMapperResourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client_scope" @@ -283,8 +283,8 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_clientScopeDuplicateNameVa func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userClientRoleProtocolMapperResourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client_scope" @@ -307,8 +307,8 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientScopeDuplicateNameV func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userRealmRoleProtocolMapperResourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client" @@ -331,8 +331,8 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientDuplicateNameValid func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientScopeDuplicateNameValidation(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") userRealmRoleProtocolMapperResourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client_scope" @@ -360,7 +360,7 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_clientScopeDuplicateName func TestAccKeycloakOpenIdFullNameProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -376,7 +376,7 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_validateClientOrClientScopeSet( func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -392,7 +392,7 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_validateClientOrClientSc func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -408,7 +408,7 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClientOrClientScop func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -424,7 +424,7 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClientOrClientScope func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -440,7 +440,7 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClientOrClientSco func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -456,7 +456,7 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClientOrClientScop func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -472,7 +472,7 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClientOrClientSco func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClientOrClientScopeSet(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/provider_password_grant_test.go b/provider/provider_password_grant_test.go index 2493119a..0725c9d7 100644 --- a/provider/provider_password_grant_test.go +++ b/provider/provider_password_grant_test.go @@ -21,7 +21,7 @@ func TestAccKeycloakProvider_passwordGrant(t *testing.T) { provider := KeycloakProvider(keycloakClient) - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: map[string]func() (*schema.Provider, error){ diff --git a/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go b/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go index e7ee5104..1a1da844 100644 --- a/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_attribute_importer_identity_provider_mapper_test.go @@ -12,10 +12,10 @@ import ( func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - userAttribute := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + userAttribute := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -32,11 +32,11 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_basic(t *testing.T) func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - userAttribute := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + userAttribute := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -55,10 +55,10 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_createAfterManualDes t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - userAttribute := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + userAttribute := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -87,11 +87,11 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_crea t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - userAttribute := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + userAttribute := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -118,7 +118,7 @@ func TestAccKeycloakAttributeImporterIdentityProviderMapper_withExtraConfig_crea func TestAccKeycloakAttributeImporterIdentityProviderMapper_basicUpdateAll(t *testing.T) { t.Parallel() - identityProviderAliasName := "terraform-" + acctest.RandString(10) + identityProviderAliasName := acctest.RandomWithPrefix("tf-acc") firstMapper := &keycloak.IdentityProviderMapper{ Realm: testAccRealm.Realm, diff --git a/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go b/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go index 6e64ae1b..b9c0e30e 100644 --- a/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_attribute_to_role_identity_provider_mapper_test.go @@ -12,11 +12,11 @@ import ( func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basic(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - claimValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -33,12 +33,12 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basic(t *testing.T) { func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - claimValue := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -57,11 +57,11 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_createAfterManualDestr t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - claimValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -90,12 +90,12 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig_create t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - claimName := "terraform-" + acctest.RandString(10) - claimValue := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -122,7 +122,7 @@ func TestAccKeycloakAttributeToRoleIdentityProviderMapper_withExtraConfig_create func TestAccKeycloakAttributeToRoleIdentityProviderMapper_basicUpdateAll(t *testing.T) { t.Parallel() - identityProviderAliasName := "terraform-" + acctest.RandString(10) + identityProviderAliasName := acctest.RandomWithPrefix("tf-acc") firstMapper := &keycloak.IdentityProviderMapper{ Realm: testAccRealm.Realm, diff --git a/provider/resource_keycloak_authentication_execution_test.go b/provider/resource_keycloak_authentication_execution_test.go index 05d24060..9c6e5ed1 100644 --- a/provider/resource_keycloak_authentication_execution_test.go +++ b/provider/resource_keycloak_authentication_execution_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakAuthenticationExecution_basic(t *testing.T) { t.Parallel() - parentAuthFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) + parentAuthFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -37,7 +37,7 @@ func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing. t.Parallel() var authenticationExecution = &keycloak.AuthenticationExecution{} - authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) + authParentFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -67,7 +67,7 @@ func TestAccKeycloakAuthenticationExecution_createAfterManualDestroy(t *testing. func TestAccKeycloakAuthenticationExecution_updateAuthenticationExecutionRequirement(t *testing.T) { t.Parallel() - authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) + authParentFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_authentication_flow_test.go b/provider/resource_keycloak_authentication_flow_test.go index ee67e42e..3907d502 100644 --- a/provider/resource_keycloak_authentication_flow_test.go +++ b/provider/resource_keycloak_authentication_flow_test.go @@ -11,7 +11,7 @@ import ( func TestAccKeycloakAuthenticationFlow_basic(t *testing.T) { t.Parallel() - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -36,7 +36,7 @@ func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { t.Parallel() var authenticationFlow = &keycloak.AuthenticationFlow{} - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -67,8 +67,8 @@ func TestAccKeycloakAuthenticationFlow_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakAuthenticationFlow_updateAuthenticationFlow(t *testing.T) { t.Parallel() - authFlowAliasBefore := "terraform-flow-before-" + acctest.RandString(10) - authFlowAliasAfter := "terraform-flow-after-" + acctest.RandString(10) + authFlowAliasBefore := acctest.RandomWithPrefix("tf-acc") + authFlowAliasAfter := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -96,7 +96,7 @@ func TestAccKeycloakAuthenticationFlow_updateAuthenticationFlow(t *testing.T) { func TestAccKeycloakAuthenticationFlow_updateRealm(t *testing.T) { t.Parallel() - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_authentication_subflow_test.go b/provider/resource_keycloak_authentication_subflow_test.go index 32743194..4c23a594 100644 --- a/provider/resource_keycloak_authentication_subflow_test.go +++ b/provider/resource_keycloak_authentication_subflow_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakAuthenticationSubFlow_basic(t *testing.T) { t.Parallel() - parentAuthFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + parentAuthFlowAlias := acctest.RandomWithPrefix("tf-acc") + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,8 +39,8 @@ func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) var authenticationSubFlow = &keycloak.AuthenticationSubFlow{} - authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + authParentFlowAlias := acctest.RandomWithPrefix("tf-acc") + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -71,9 +71,9 @@ func TestAccKeycloakAuthenticationSubFlow_createAfterManualDestroy(t *testing.T) func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlow(t *testing.T) { t.Parallel() - authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) - authFlowAliasBefore := "terraform-flow-before-" + acctest.RandString(10) - authFlowAliasAfter := "terraform-flow-after-" + acctest.RandString(10) + authParentFlowAlias := acctest.RandomWithPrefix("tf-acc") + authFlowAliasBefore := acctest.RandomWithPrefix("tf-acc") + authFlowAliasAfter := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -101,8 +101,8 @@ func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlow(t *testing func TestAccKeycloakAuthenticationSubFlow_updateAuthenticationSubFlowRequirement(t *testing.T) { t.Parallel() - authParentFlowAlias := "terraform-parent-flow-" + acctest.RandString(10) - authFlowAlias := "terraform-flow-" + acctest.RandString(10) + authParentFlowAlias := acctest.RandomWithPrefix("tf-acc") + authFlowAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_custom_user_federation_test.go b/provider/resource_keycloak_custom_user_federation_test.go index b6e333f2..4e59912d 100644 --- a/provider/resource_keycloak_custom_user_federation_test.go +++ b/provider/resource_keycloak_custom_user_federation_test.go @@ -15,7 +15,7 @@ func TestAccKeycloakCustomUserFederation_basic(t *testing.T) { skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom provider in CI - name := "terraform-" + acctest.RandString(10) + name := acctest.RandomWithPrefix("tf-acc") providerId := "custom" resource.Test(t, resource.TestCase{ @@ -42,8 +42,8 @@ func TestAccKeycloakCustomUserFederation_customConfig(t *testing.T) { skipIfEnvSet(t, "CI") // temporary while I figure out how to load this custom provider in CI - name := "terraform-" + acctest.RandString(10) - configValue := "value-" + acctest.RandString(10) + name := acctest.RandomWithPrefix("tf-acc") + configValue := acctest.RandomWithPrefix("tf-acc") providerId := "custom" resource.Test(t, resource.TestCase{ @@ -80,7 +80,7 @@ func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) var customFederation = &keycloak.CustomUserFederation{} - name := "terraform-" + acctest.RandString(10) + name := acctest.RandomWithPrefix("tf-acc") providerId := "custom" resource.Test(t, resource.TestCase{ @@ -109,8 +109,8 @@ func TestAccKeycloakCustomUserFederation_createAfterManualDestroy(t *testing.T) func TestAccKeycloakCustomUserFederation_validation(t *testing.T) { t.Parallel() - name := "terraform-" + acctest.RandString(10) - providerId := acctest.RandString(10) + name := acctest.RandomWithPrefix("tf-acc") + providerId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -126,9 +126,9 @@ func TestAccKeycloakCustomUserFederation_validation(t *testing.T) { } func TestAccKeycloakCustomUserFederation_ParentIdDifferentFromRealmName(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - internalId := acctest.RandString(10) - name := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + internalId := acctest.RandomWithPrefix("tf-acc") + name := acctest.RandomWithPrefix("tf-acc") providerId := "custom" realm := &keycloak.Realm{ diff --git a/provider/resource_keycloak_default_groups_test.go b/provider/resource_keycloak_default_groups_test.go index 83eb30c0..c35dd3f7 100644 --- a/provider/resource_keycloak_default_groups_test.go +++ b/provider/resource_keycloak_default_groups_test.go @@ -11,8 +11,8 @@ import ( ) func TestAccKeycloakDefaultGroups_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - groupName := "terraform-group-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + groupName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -33,8 +33,8 @@ func TestAccKeycloakDefaultGroups_basic(t *testing.T) { } func TestAccKeycloakDefaultGroups_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - groupName := "terraform-group-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + groupName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -55,7 +55,7 @@ func TestAccKeycloakDefaultGroups_import(t *testing.T) { } func TestAccKeycloakDefaultGroups_updateInPlace(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") allGroupsForTest := []string{ "terraform-group-" + acctest.RandString(10), diff --git a/provider/resource_keycloak_generic_client_protocol_mapper_test.go b/provider/resource_keycloak_generic_client_protocol_mapper_test.go index 0f896dd5..f6853cea 100644 --- a/provider/resource_keycloak_generic_client_protocol_mapper_test.go +++ b/provider/resource_keycloak_generic_client_protocol_mapper_test.go @@ -14,8 +14,8 @@ import ( func TestAccKeycloakGenericClientProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" @@ -35,8 +35,8 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakGenericClientProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" @@ -56,8 +56,8 @@ func TestAccKeycloakGenericClientProtocolMapper_basicClientScope(t *testing.T) { func TestAccKeycloakGenericClientProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" @@ -83,15 +83,15 @@ func TestAccKeycloakGenericClientProtocolMapper_import(t *testing.T) { func TestAccKeycloakGenericClientProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-generic-client-protocol-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_protocol_mapper.client_protocol_mapper" - oldAttributeName := "attribute-name-" + acctest.RandString(10) - oldAttributeValue := "attribute-name-" + acctest.RandString(10) - newAttributeName := "attribute-value-" + acctest.RandString(10) - newAttributeValue := "attribute-value-" + acctest.RandString(10) + oldAttributeName := acctest.RandomWithPrefix("tf-acc") + oldAttributeValue := acctest.RandomWithPrefix("tf-acc") + newAttributeName := acctest.RandomWithPrefix("tf-acc") + newAttributeValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_generic_client_role_mapper_test.go b/provider/resource_keycloak_generic_client_role_mapper_test.go index 4da771c3..78787547 100644 --- a/provider/resource_keycloak_generic_client_role_mapper_test.go +++ b/provider/resource_keycloak_generic_client_role_mapper_test.go @@ -13,9 +13,9 @@ import ( func TestAccKeycloakGenericRoleMapper_basic(t *testing.T) { t.Parallel() - parentClientName := "client1-" + acctest.RandString(10) - parentRoleName := "role-" + acctest.RandString(10) - childClientName := "client2-" + acctest.RandString(10) + parentClientName := acctest.RandomWithPrefix("tf-acc") + parentRoleName := acctest.RandomWithPrefix("tf-acc") + childClientName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -35,9 +35,9 @@ func TestAccKeycloakGenericRoleMapper_createAfterManualDestroy(t *testing.T) { var role = &keycloak.Role{} var childClient = &keycloak.GenericClient{} - parentClientName := "client1-" + acctest.RandString(10) - parentRoleName := "role-" + acctest.RandString(10) - childClientName := "client2-" + acctest.RandString(10) + parentClientName := acctest.RandomWithPrefix("tf-acc") + parentRoleName := acctest.RandomWithPrefix("tf-acc") + childClientName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -68,9 +68,9 @@ func TestAccKeycloakGenericRoleMapper_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakGenericRoleMapper_import(t *testing.T) { t.Parallel() - parentClientName := "client1-" + acctest.RandString(10) - parentRoleName := "role-" + acctest.RandString(10) - childClientName := "client2-" + acctest.RandString(10) + parentClientName := acctest.RandomWithPrefix("tf-acc") + parentRoleName := acctest.RandomWithPrefix("tf-acc") + childClientName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_role_mapper.child-client-with-parent-client-role" @@ -95,9 +95,9 @@ func TestAccKeycloakGenericRoleMapper_import(t *testing.T) { func TestAccKeycloakGenericRoleMapperClientScope_basic(t *testing.T) { t.Parallel() - clientName := "client-" + acctest.RandString(10) - roleName := "role-" + acctest.RandString(10) - clientScopeName := "clientscope-" + acctest.RandString(10) + clientName := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -114,9 +114,9 @@ func TestAccKeycloakGenericRoleMapperClientScope_basic(t *testing.T) { func TestAccKeycloakGenericRoleMapperClientScope_import(t *testing.T) { t.Parallel() - clientName := "client-" + acctest.RandString(10) - roleName := "role-" + acctest.RandString(10) - clientScopeName := "clientscope-" + acctest.RandString(10) + clientName := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") + clientScopeName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_generic_client_role_mapper.clientscope-with-client-role" @@ -141,8 +141,8 @@ func TestAccKeycloakGenericRoleMapperClientScope_import(t *testing.T) { func TestAccKeycloakGenericRealmLevelRoleMapperClientScope_basic(t *testing.T) { t.Parallel() - roleName := "role-" + acctest.RandString(10) - clientScopeName := "clientscope-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -162,8 +162,8 @@ func TestAccKeycloakGenericRealmLevelRoleMapperClientScope_createAfterManualDest var role = &keycloak.Role{} var clientScope = &keycloak.OpenidClientScope{} - roleName := "role-" + acctest.RandString(10) - clientScopeName := "clientscope-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -197,9 +197,9 @@ func TestAccKeycloakGenericRoleMapperClientScope_createAfterManualDestroy(t *tes var role = &keycloak.Role{} var clientScope = &keycloak.OpenidClientScope{} - clientName := "client-" + acctest.RandString(10) - roleName := "role-" + acctest.RandString(10) - clientScopeName := "clientscope-" + acctest.RandString(10) + clientName := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_group_memberships_test.go b/provider/resource_keycloak_group_memberships_test.go index 425d0141..459d4f82 100644 --- a/provider/resource_keycloak_group_memberships_test.go +++ b/provider/resource_keycloak_group_memberships_test.go @@ -14,8 +14,8 @@ import ( func TestAccKeycloakGroupMemberships_basic(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - username := "terraform-user-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + username := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakGroupMemberships_basic(t *testing.T) { func TestAccKeycloakGroupMemberships_moreThan100members(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -54,10 +54,10 @@ func TestAccKeycloakGroupMemberships_moreThan100members(t *testing.T) { func TestAccKeycloakGroupMemberships_updateGroupForceNew(t *testing.T) { t.Parallel() - groupOne := "terraform-group-" + acctest.RandString(10) - groupTwo := "terraform-group-" + acctest.RandString(10) + groupOne := acctest.RandomWithPrefix("tf-acc") + groupTwo := acctest.RandomWithPrefix("tf-acc") - username := "terraform-user-" + acctest.RandString(10) + username := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -78,7 +78,7 @@ func TestAccKeycloakGroupMemberships_updateGroupForceNew(t *testing.T) { func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") allUsersForTest := []string{ "terraform-user-" + acctest.RandString(10), @@ -124,8 +124,8 @@ func TestAccKeycloakGroupMemberships_updateInPlace(t *testing.T) { func TestAccKeycloakGroupMemberships_userDoesNotExist(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - username := "terraform-user-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + username := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -143,7 +143,7 @@ func TestAccKeycloakGroupMemberships_userDoesNotExist(t *testing.T) { func TestAccKeycloakGroupMemberships_authoritativeAdd(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") usersInGroup := []string{ "terraform-user-" + acctest.RandString(10), @@ -184,7 +184,7 @@ func TestAccKeycloakGroupMemberships_authoritativeAdd(t *testing.T) { func TestAccKeycloakGroupMemberships_authoritativeRemove(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") allUsersForTest := []string{ "terraform-user-" + acctest.RandString(10), @@ -236,8 +236,8 @@ func TestAccKeycloakGroupMemberships_authoritativeRemove(t *testing.T) { func TestAccKeycloakGroupMemberships_noImportNeeded(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - username := "terraform-user-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + username := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -269,8 +269,8 @@ func TestAccKeycloakGroupMemberships_noImportNeeded(t *testing.T) { func TestAccKeycloakGroupMemberships_validateLowercaseUsernames(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - randomString := acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + randomString := acctest.RandomWithPrefix("tf-acc") username := "terraform-user-" + randomString usernameWithUppercaseCharacters := "terraform-user-" + strings.ToUpper(randomString) @@ -289,8 +289,8 @@ func TestAccKeycloakGroupMemberships_validateLowercaseUsernames(t *testing.T) { func TestAccKeycloakGroupMemberships_createAfterManualDestroy(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - username := "terraform-user-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + username := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_group_memberships.group_members" var groupId *string diff --git a/provider/resource_keycloak_group_roles_test.go b/provider/resource_keycloak_group_roles_test.go index e8e70caf..91355adb 100644 --- a/provider/resource_keycloak_group_roles_test.go +++ b/provider/resource_keycloak_group_roles_test.go @@ -13,12 +13,12 @@ import ( func TestAccKeycloakGroupRoles_basic(t *testing.T) { t.Parallel() - realmRoleName := "terraform-role-" + acctest.RandString(10) - openIdClientName := "terraform-openid-client-" + acctest.RandString(10) - openIdRoleName := "terraform-role-" + acctest.RandString(10) - samlClientName := "terraform-saml-client-" + acctest.RandString(10) - samlRoleName := "terraform-role-" + acctest.RandString(10) - groupName := "terraform-group-" + acctest.RandString(10) + realmRoleName := acctest.RandomWithPrefix("tf-acc") + openIdClientName := acctest.RandomWithPrefix("tf-acc") + openIdRoleName := acctest.RandomWithPrefix("tf-acc") + samlClientName := acctest.RandomWithPrefix("tf-acc") + samlRoleName := acctest.RandomWithPrefix("tf-acc") + groupName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -45,15 +45,15 @@ func TestAccKeycloakGroupRoles_basic(t *testing.T) { func TestAccKeycloakGroupRoles_update(t *testing.T) { t.Parallel() - realmRoleOneName := "terraform-role-" + acctest.RandString(10) - realmRoleTwoName := "terraform-role-" + acctest.RandString(10) - openIdClientName := "terraform-openid-client-" + acctest.RandString(10) - openIdRoleOneName := "terraform-role-" + acctest.RandString(10) - openIdRoleTwoName := "terraform-role-" + acctest.RandString(10) - samlClientName := "terraform-saml-client-" + acctest.RandString(10) - samlRoleOneName := "terraform-role-" + acctest.RandString(10) - samlRoleTwoName := "terraform-role-" + acctest.RandString(10) - groupName := "terraform-group-" + acctest.RandString(10) + realmRoleOneName := acctest.RandomWithPrefix("tf-acc") + realmRoleTwoName := acctest.RandomWithPrefix("tf-acc") + openIdClientName := acctest.RandomWithPrefix("tf-acc") + openIdRoleOneName := acctest.RandomWithPrefix("tf-acc") + openIdRoleTwoName := acctest.RandomWithPrefix("tf-acc") + samlClientName := acctest.RandomWithPrefix("tf-acc") + samlRoleOneName := acctest.RandomWithPrefix("tf-acc") + samlRoleTwoName := acctest.RandomWithPrefix("tf-acc") + groupName := acctest.RandomWithPrefix("tf-acc") allRoleIds := []string{ "${keycloak_role.realm_role_one.id}", diff --git a/provider/resource_keycloak_group_test.go b/provider/resource_keycloak_group_test.go index 0805a002..21599600 100644 --- a/provider/resource_keycloak_group_test.go +++ b/provider/resource_keycloak_group_test.go @@ -14,9 +14,9 @@ import ( func TestAccKeycloakGroup_basic(t *testing.T) { t.Parallel() - groupName := "terraform-group-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + groupName := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") runTestBasicGroup(t, groupName, attributeName, attributeValue) } @@ -24,9 +24,9 @@ func TestAccKeycloakGroup_basic(t *testing.T) { func TestAccKeycloakGroup_basicGroupNameContainsBackSlash(t *testing.T) { t.Parallel() - groupName := "terraform/group/" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + groupName := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") runTestBasicGroup(t, groupName, attributeName, attributeValue) } @@ -56,9 +56,9 @@ func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { var group = &keycloak.Group{} - groupName := "terraform-group-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + groupName := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -89,10 +89,10 @@ func TestAccKeycloakGroup_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakGroup_updateGroupName(t *testing.T) { t.Parallel() - groupNameBefore := "terraform-group-" + acctest.RandString(10) - groupNameAfter := "terraform-group-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + groupNameBefore := acctest.RandomWithPrefix("tf-acc") + groupNameAfter := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -120,7 +120,7 @@ func TestAccKeycloakGroup_updateGroupName(t *testing.T) { func TestAccKeycloakGroup_updateRealm(t *testing.T) { t.Parallel() - group := "terraform-group-" + acctest.RandString(10) + group := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -148,9 +148,9 @@ func TestAccKeycloakGroup_updateRealm(t *testing.T) { func TestAccKeycloakGroup_nested(t *testing.T) { t.Parallel() - parentGroupName := "terraform-parent-group-" + acctest.RandString(10) - firstChildGroupName := "terraform-child-group-" + acctest.RandString(10) - secondChildGroupName := "terraform-child-group-" + acctest.RandString(10) + parentGroupName := acctest.RandomWithPrefix("tf-acc") + firstChildGroupName := acctest.RandomWithPrefix("tf-acc") + secondChildGroupName := acctest.RandomWithPrefix("tf-acc") runTestNestedGroup(t, parentGroupName, firstChildGroupName, secondChildGroupName) } @@ -158,9 +158,9 @@ func TestAccKeycloakGroup_nested(t *testing.T) { func TestAccKeycloakGroup_nestedGroupNameContainsBackSlash(t *testing.T) { t.Parallel() - parentGroupName := "terraform/parent/group/" + acctest.RandString(10) - firstChildGroupName := "terraform/child/group/" + acctest.RandString(10) - secondChildGroupName := "terraform/child/group/" + acctest.RandString(10) + parentGroupName := acctest.RandomWithPrefix("tf-acc") + firstChildGroupName := acctest.RandomWithPrefix("tf-acc") + secondChildGroupName := acctest.RandomWithPrefix("tf-acc") runTestNestedGroup(t, parentGroupName, firstChildGroupName, secondChildGroupName) } @@ -242,7 +242,7 @@ func runTestNestedGroup(t *testing.T, parentGroupName, firstChildGroupName, seco func TestAccKeycloakGroup_unsetOptionalAttributes(t *testing.T) { t.Parallel() - attributeName := "terraform-attribute-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") groupWithOptionalAttributes := &keycloak.Group{ RealmId: "terraform-" + acctest.RandString(10), Name: "terraform-group-" + acctest.RandString(10), diff --git a/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go b/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go index c5e7197d..d176b59f 100644 --- a/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_hardcoded_attribute_identity_provider_mapper_test.go @@ -12,10 +12,10 @@ import ( func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basic(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - attributeName := "terraform-" + acctest.RandString(10) - attributeValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") userSession := randomBool() resource.Test(t, resource.TestCase{ @@ -33,12 +33,12 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basic(t *testing.T) func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - attributeName := "terraform-" + acctest.RandString(10) - attributeValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") userSession := randomBool() - syncMode := "terraform-" + acctest.RandString(10) + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -57,10 +57,10 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_createAfterManualDe t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - attributeName := "terraform-" + acctest.RandString(10) - attributeValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") userSession := randomBool() resource.Test(t, resource.TestCase{ @@ -90,12 +90,12 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig_cre t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - attributeName := "terraform-" + acctest.RandString(10) - attributeValue := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") userSession := randomBool() - syncMode := "terraform-" + acctest.RandString(10) + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -122,7 +122,7 @@ func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_withExtraConfig_cre func TestAccKeycloakHardcodedAttributeIdentityProviderMapper_basicUpdateAll(t *testing.T) { t.Parallel() - identityProviderAliasName := "terraform-" + acctest.RandString(10) + identityProviderAliasName := acctest.RandomWithPrefix("tf-acc") userSession := randomBool() firstMapper := &keycloak.IdentityProviderMapper{ diff --git a/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go b/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go index 1477dd75..736284f8 100644 --- a/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_hardcoded_role_identity_provider_mapper_test.go @@ -13,9 +13,9 @@ import ( func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basic(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -33,10 +33,10 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basic(t *testing.T) { func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -56,9 +56,9 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_createAfterManualDestroy var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -88,10 +88,10 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig_createAf var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - role := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -119,7 +119,7 @@ func TestAccKeycloakHardcodedRoleIdentityProviderMapper_withExtraConfig_createAf func TestAccKeycloakHardcodedRoleIdentityProviderMapper_basicUpdateAll(t *testing.T) { t.Parallel() - identityProviderAliasName := "terraform-" + acctest.RandString(10) + identityProviderAliasName := acctest.RandomWithPrefix("tf-acc") firstMapper := &keycloak.IdentityProviderMapper{ Realm: testAccRealm.Realm, diff --git a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go index 028f4b60..b4daacd5 100644 --- a/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go +++ b/provider/resource_keycloak_identity_provider_token_exchange_scope_permission_test.go @@ -107,10 +107,6 @@ func TestAccKeycloakIdpTokenExchangeScopePermission_updatePolicyMultipleClients( testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId2), ), }, - { - Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId2), - Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId2), - }, { Config: testKeycloakIdpTokenExchangeScopePermission_basic(providerAlias, providerClientId, webappClientId), Check: testAccCheckKeycloakIdpTokenExchangeScopePermissionClientPolicyHasClient("keycloak_identity_provider_token_exchange_scope_permission.my_permission", webappClientId), diff --git a/provider/resource_keycloak_ldap_full_name_mapper_test.go b/provider/resource_keycloak_ldap_full_name_mapper_test.go index 54530012..329e1b95 100644 --- a/provider/resource_keycloak_ldap_full_name_mapper_test.go +++ b/provider/resource_keycloak_ldap_full_name_mapper_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakLdapFullNameMapper_basic(t *testing.T) { t.Parallel() - fullNameMapperName := "terraform-" + acctest.RandString(10) + fullNameMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,7 +39,7 @@ func TestAccKeycloakLdapFullNameMapper_createAfterManualDestroy(t *testing.T) { var mapper = &keycloak.LdapFullNameMapper{} - fullNameMapperName := "terraform-" + acctest.RandString(10) + fullNameMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -90,7 +90,7 @@ func TestAccKeycloakLdapFullNameMapper_readWriteValidation(t *testing.T) { func TestAccKeycloakLdapFullNameMapper_writableValidation(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -112,7 +112,7 @@ func TestAccKeycloakLdapFullNameMapper_writableValidation(t *testing.T) { func TestAccKeycloakLdapFullNameMapper_updateLdapUserFederation(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_group_mapper_test.go b/provider/resource_keycloak_ldap_group_mapper_test.go index a7330491..f5407e63 100644 --- a/provider/resource_keycloak_ldap_group_mapper_test.go +++ b/provider/resource_keycloak_ldap_group_mapper_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakLdapGroupMapper_basic(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,7 +39,7 @@ func TestAccKeycloakLdapGroupMapper_createAfterManualDestroy(t *testing.T) { var mapper = &keycloak.LdapGroupMapper{} - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -68,7 +68,7 @@ func TestAccKeycloakLdapGroupMapper_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakLdapGroupMapper_modeValidation(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") mode := randomStringInSlice(keycloakLdapGroupMapperModes) resource.Test(t, resource.TestCase{ @@ -91,7 +91,7 @@ func TestAccKeycloakLdapGroupMapper_modeValidation(t *testing.T) { func TestAccKeycloakLdapGroupMapper_membershipAttributeTypeValidation(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") membershipAttributeType := randomStringInSlice(keycloakLdapGroupMapperMembershipAttributeTypes) resource.Test(t, resource.TestCase{ @@ -114,7 +114,7 @@ func TestAccKeycloakLdapGroupMapper_membershipAttributeTypeValidation(t *testing func TestAccKeycloakLdapGroupMapper_userRolesRetrieveStrategyValidation(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") userRolesRetrieveStrategy := randomStringInSlice(keycloakLdapGroupMapperUserRolesRetrieveStrategies) resource.Test(t, resource.TestCase{ @@ -137,7 +137,7 @@ func TestAccKeycloakLdapGroupMapper_userRolesRetrieveStrategyValidation(t *testi func TestAccKeycloakLdapGroupMapper_groupsLdapFilterValidation(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") groupsLdapFilter := "(" + acctest.RandString(10) + ")" resource.Test(t, resource.TestCase{ @@ -160,7 +160,7 @@ func TestAccKeycloakLdapGroupMapper_groupsLdapFilterValidation(t *testing.T) { func TestAccKeycloakLdapGroupMapper_groupInheritanceValidation(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -178,7 +178,7 @@ func TestAccKeycloakLdapGroupMapper_groupInheritanceValidation(t *testing.T) { func TestAccKeycloakLdapGroupMapper_updateLdapUserFederationForceNew(t *testing.T) { t.Parallel() - groupMapperName := "terraform-" + acctest.RandString(10) + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -266,8 +266,8 @@ func TestAccKeycloakLdapGroupMapper_groupsPath(t *testing.T) { t.Skip() } - groupName := "terraform-" + acctest.RandString(10) - groupMapperName := "terraform-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go b/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go index 22e4c13f..d47273c3 100644 --- a/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go +++ b/provider/resource_keycloak_ldap_hardcoded_group_mapper_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakLdapHardcodedGroupMapper_basic(t *testing.T) { t.Parallel() - groupName := "terraform-" + acctest.RandString(10) - groupMapperName := "terraform-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,8 +38,8 @@ func TestAccKeycloakLdapHardcodedGroupMapper_createAfterManualDestroy(t *testing t.Parallel() var mapper = &keycloak.LdapHardcodedGroupMapper{} - groupName := "terraform-" + acctest.RandString(10) - groupMapperName := "terraform-" + acctest.RandString(10) + groupName := acctest.RandomWithPrefix("tf-acc") + groupMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go b/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go index bf8a1c28..4d9e5180 100644 --- a/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go +++ b/provider/resource_keycloak_ldap_hardcoded_role_mapper_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakLdapHardcodedRoleMapper_basic(t *testing.T) { t.Parallel() - roleName := "terraform-" + acctest.RandString(10) - roleMapperName := "terraform-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") + roleMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,8 +38,8 @@ func TestAccKeycloakLdapHardcodedRoleMapper_createAfterManualDestroy(t *testing. t.Parallel() var mapper = &keycloak.LdapHardcodedRoleMapper{} - roleName := "terraform-" + acctest.RandString(10) - roleMapperName := "terraform-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") + roleMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go b/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go index d870bfdf..567bae9d 100644 --- a/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go +++ b/provider/resource_keycloak_ldap_msad_lds_user_account_control_mapper_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_basic(t *testing.T) { t.Parallel() - msadLdsUacMapperName := "terraform-" + acctest.RandString(10) + msadLdsUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_createAfterManualDestroy var mapper = &keycloak.LdapMsadLdsUserAccountControlMapper{} - msadLdsUacMapperName := "terraform-" + acctest.RandString(10) + msadLdsUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -66,7 +66,7 @@ func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_createAfterManualDestroy func TestAccKeycloakLdapMsadLdsUserAccountControlMapper_updateLdapUserFederation(t *testing.T) { t.Parallel() - msadLdsUacMapperName := "terraform-" + acctest.RandString(10) + msadLdsUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go b/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go index 22d47f63..59a2a5b8 100644 --- a/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go +++ b/provider/resource_keycloak_ldap_msad_user_account_control_mapper_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakLdapMsadUserAccountControlMapper_basic(t *testing.T) { t.Parallel() - msadUacMapperName := "terraform-" + acctest.RandString(10) + msadUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_createAfterManualDestroy(t var mapper = &keycloak.LdapMsadUserAccountControlMapper{} - msadUacMapperName := "terraform-" + acctest.RandString(10) + msadUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -66,7 +66,7 @@ func TestAccKeycloakLdapMsadUserAccountControlMapper_createAfterManualDestroy(t func TestAccKeycloakLdapMsadUserAccountControlMapper_updateLdapUserFederation(t *testing.T) { t.Parallel() - msadUacMapperName := "terraform-" + acctest.RandString(10) + msadUacMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_role_mapper_test.go b/provider/resource_keycloak_ldap_role_mapper_test.go index 8c6b39ba..d0e00d97 100644 --- a/provider/resource_keycloak_ldap_role_mapper_test.go +++ b/provider/resource_keycloak_ldap_role_mapper_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakLdapRoleMapper_basic(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,7 +39,7 @@ func TestAccKeycloakLdapRoleMapper_createAfterManualDestroy(t *testing.T) { var mapper = &keycloak.LdapRoleMapper{} - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -67,7 +67,7 @@ func TestAccKeycloakLdapRoleMapper_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakLdapRoleMapper_modeValidation(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") mode := randomStringInSlice(keycloakLdapRoleMapperModes) resource.Test(t, resource.TestCase{ @@ -90,7 +90,7 @@ func TestAccKeycloakLdapRoleMapper_modeValidation(t *testing.T) { func TestAccKeycloakLdapRoleMapper_membershipAttributeTypeValidation(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") membershipAttributeType := randomStringInSlice(keycloakLdapRoleMapperMembershipAttributeTypes) resource.Test(t, resource.TestCase{ @@ -113,7 +113,7 @@ func TestAccKeycloakLdapRoleMapper_membershipAttributeTypeValidation(t *testing. func TestAccKeycloakLdapRoleMapper_userRolesRetrieveStrategyValidation(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") userRolesRetrieveStrategy := randomStringInSlice(keycloakLdapRoleMapperUserRolesRetrieveStrategies) resource.Test(t, resource.TestCase{ @@ -136,7 +136,7 @@ func TestAccKeycloakLdapRoleMapper_userRolesRetrieveStrategyValidation(t *testin func TestAccKeycloakLdapRoleMapper_rolesLdapFilterValidation(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") rolesLdapFilter := "(" + acctest.RandString(10) + ")" resource.Test(t, resource.TestCase{ @@ -159,7 +159,7 @@ func TestAccKeycloakLdapRoleMapper_rolesLdapFilterValidation(t *testing.T) { func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationForceNew(t *testing.T) { t.Parallel() - roleMapperName := "terraform-" + acctest.RandString(10) + roleMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -181,7 +181,7 @@ func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationForceNew(t *testing.T func TestAccKeycloakLdapRoleMapper_updateLdapUserFederationInPlace(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") useRealmRolesMapping := randomBool() roleMapperOne := &keycloak.LdapRoleMapper{ diff --git a/provider/resource_keycloak_ldap_user_attribute_mapper_test.go b/provider/resource_keycloak_ldap_user_attribute_mapper_test.go index 8eac8388..9d35aa12 100644 --- a/provider/resource_keycloak_ldap_user_attribute_mapper_test.go +++ b/provider/resource_keycloak_ldap_user_attribute_mapper_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakLdapUserAttributeMapper_basic(t *testing.T) { t.Parallel() - userAttributeMapperName := "terraform-" + acctest.RandString(10) + userAttributeMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakLdapUserAttributeMapper_createAfterManualDestroy(t *testing. var mapper = &keycloak.LdapUserAttributeMapper{} - userAttributeMapperName := "terraform-" + acctest.RandString(10) + userAttributeMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -66,7 +66,7 @@ func TestAccKeycloakLdapUserAttributeMapper_createAfterManualDestroy(t *testing. func TestAccKeycloakLdapUserAttributeMapper_updateLdapUserFederation(t *testing.T) { t.Parallel() - userAttributeMapperName := "terraform-" + acctest.RandString(10) + userAttributeMapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_ldap_user_federation_test.go b/provider/resource_keycloak_ldap_user_federation_test.go index 24682f0f..cbd58eca 100644 --- a/provider/resource_keycloak_ldap_user_federation_test.go +++ b/provider/resource_keycloak_ldap_user_federation_test.go @@ -14,7 +14,7 @@ import ( func TestAccKeycloakLdapUserFederation_basic(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -31,7 +31,7 @@ func TestAccKeycloakLdapUserFederation_basic(t *testing.T) { func TestAccKeycloakLdapUserFederation_import(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") bindCredentialForImport := "admin" @@ -68,7 +68,7 @@ func TestAccKeycloakLdapUserFederation_createAfterManualDestroy(t *testing.T) { t.Parallel() var ldap = &keycloak.LdapUserFederation{} - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -95,7 +95,7 @@ func TestAccKeycloakLdapUserFederation_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakLdapUserFederation_basicUpdateRealm(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -320,7 +320,7 @@ func TestAccKeycloakLdapUserFederation_basicUpdateAll(t *testing.T) { func TestAccKeycloakLdapUserFederation_unsetTimeoutDurationStrings(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -341,7 +341,7 @@ func TestAccKeycloakLdapUserFederation_unsetTimeoutDurationStrings(t *testing.T) func TestAccKeycloakLdapUserFederation_editModeValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") editMode := randomStringInSlice(keycloakLdapUserFederationEditModes) resource.Test(t, resource.TestCase{ @@ -363,7 +363,7 @@ func TestAccKeycloakLdapUserFederation_editModeValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_vendorValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") vendor := randomStringInSlice(keycloakLdapUserFederationVendors) resource.Test(t, resource.TestCase{ @@ -385,7 +385,7 @@ func TestAccKeycloakLdapUserFederation_vendorValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_searchScopeValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") searchScope := randomStringInSlice(keycloakLdapUserFederationSearchScopes) resource.Test(t, resource.TestCase{ @@ -407,7 +407,7 @@ func TestAccKeycloakLdapUserFederation_searchScopeValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_useTrustStoreValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") useTrustStore := randomStringInSlice(keycloakLdapUserFederationTruststoreSpiSettings) resource.Test(t, resource.TestCase{ @@ -429,7 +429,7 @@ func TestAccKeycloakLdapUserFederation_useTrustStoreValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_cachePolicyValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") cachePolicy := randomStringInSlice(keycloakUserFederationCachePolicies) resource.Test(t, resource.TestCase{ @@ -451,7 +451,7 @@ func TestAccKeycloakLdapUserFederation_cachePolicyValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_bindValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -472,7 +472,7 @@ func TestAccKeycloakLdapUserFederation_bindValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_syncPeriodValidation(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") validSyncPeriod := acctest.RandIntRange(1, 3600) invalidNegativeSyncPeriod := -acctest.RandIntRange(1, 3600) @@ -512,9 +512,9 @@ func TestAccKeycloakLdapUserFederation_syncPeriodValidation(t *testing.T) { func TestAccKeycloakLdapUserFederation_bindCredential(t *testing.T) { t.Parallel() - ldapName := "terraform-" + acctest.RandString(10) - firstBindCredential := acctest.RandString(10) - secondBindCredential := acctest.RandString(10) + ldapName := acctest.RandomWithPrefix("tf-acc") + firstBindCredential := acctest.RandomWithPrefix("tf-acc") + secondBindCredential := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_oidc_google_identity_provider_test.go b/provider/resource_keycloak_oidc_google_identity_provider_test.go index f686c0c1..1b7e4870 100644 --- a/provider/resource_keycloak_oidc_google_identity_provider_test.go +++ b/provider/resource_keycloak_oidc_google_identity_provider_test.go @@ -24,7 +24,7 @@ func TestAccKeycloakOidcGoogleIdentityProvider_basic(t *testing.T) { } func TestAccKeycloakOidcGoogleIdentityProvider_customConfig(t *testing.T) { - customConfigValue := "terraform-" + acctest.RandString(10) + customConfigValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_oidc_identity_provider_test.go b/provider/resource_keycloak_oidc_identity_provider_test.go index 75fe4e34..8da04d58 100644 --- a/provider/resource_keycloak_oidc_identity_provider_test.go +++ b/provider/resource_keycloak_oidc_identity_provider_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakOidcIdentityProvider_basic(t *testing.T) { - oidcName := "terraform-" + acctest.RandString(10) + oidcName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -26,8 +26,8 @@ func TestAccKeycloakOidcIdentityProvider_basic(t *testing.T) { } func TestAccKeycloakOidcIdentityProvider_extra_config(t *testing.T) { - oidcName := "terraform-" + acctest.RandString(10) - customConfigValue := "terraform-" + acctest.RandString(10) + oidcName := acctest.RandomWithPrefix("tf-acc") + customConfigValue := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -45,7 +45,7 @@ func TestAccKeycloakOidcIdentityProvider_extra_config(t *testing.T) { } func TestAccKeycloakOidcIdentityProvider_keyDefaultScopes(t *testing.T) { - oidcName := "terraform-" + acctest.RandString(10) + oidcName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -66,7 +66,7 @@ func TestAccKeycloakOidcIdentityProvider_keyDefaultScopes(t *testing.T) { func TestAccKeycloakOidcIdentityProvider_createAfterManualDestroy(t *testing.T) { var oidc = &keycloak.IdentityProvider{} - oidcName := "terraform-" + acctest.RandString(10) + oidcName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go index 2e26a962..058345d9 100644 --- a/provider/resource_keycloak_openid_audience_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_audience_protocol_mapper_test.go @@ -13,8 +13,8 @@ import ( func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client" @@ -33,8 +33,8 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client_scope" @@ -53,9 +53,9 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_basicClientScope(t *testing.T) func TestAccKeycloakOpenIdAudienceProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client" clientScopeResourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client_scope" @@ -90,11 +90,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdAudienceProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - customAudience := "terraform-audience-" + acctest.RandString(10) - updatedCustomAudience := "terraform-audience-" + acctest.RandString(10) + customAudience := acctest.RandomWithPrefix("tf-acc") + updatedCustomAudience := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper" resource.Test(t, resource.TestCase{ @@ -118,8 +118,8 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_createAfterManualDestroy(t *tes t.Parallel() var mapper = &keycloak.OpenIdAudienceProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client" @@ -148,11 +148,11 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_createAfterManualDestroy(t *tes func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - customAudience := "terraform-audience-" + acctest.RandString(10) + customAudience := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper" resource.Test(t, resource.TestCase{ @@ -174,9 +174,9 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientIdForceNew(t *testi func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -198,10 +198,10 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateClientScopeForceNew(t *te func TestAccKeycloakOpenIdAudienceProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - customAudience := "terraform-audience-" + acctest.RandString(10) + customAudience := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_audience_protocol_mapper.audience_mapper" resource.Test(t, resource.TestCase{ @@ -223,8 +223,8 @@ func TestAccKeycloakOpenIdAudienceProtocolMapper_updateRealmIdForceNew(t *testin func TestAccKeycloakOpenIdAudienceProtocolMapper_validateClientAudienceExists(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-audience-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go b/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go index aa707793..621b0c92 100644 --- a/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_aggregate_policy_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientAuthorizationAggregatePolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_client_policy_test.go b/provider/resource_keycloak_openid_client_authorization_client_policy_test.go index fb447e5c..f87c4145 100644 --- a/provider/resource_keycloak_openid_client_authorization_client_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_client_policy_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientAuthorizationClientPolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_group_policy_test.go b/provider/resource_keycloak_openid_client_authorization_group_policy_test.go index ebcccd82..aee400d6 100644 --- a/provider/resource_keycloak_openid_client_authorization_group_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_group_policy_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientAuthorizationGroupPolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_js_policy_test.go b/provider/resource_keycloak_openid_client_authorization_js_policy_test.go index 33558361..a8cea321 100644 --- a/provider/resource_keycloak_openid_client_authorization_js_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_js_policy_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientAuthorizationJSPolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_permission_test.go b/provider/resource_keycloak_openid_client_authorization_permission_test.go index cd1eba9e..cf2bd112 100644 --- a/provider/resource_keycloak_openid_client_authorization_permission_test.go +++ b/provider/resource_keycloak_openid_client_authorization_permission_test.go @@ -12,10 +12,10 @@ import ( func TestAccKeycloakOpenidClientAuthorizationPermission_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) - permissionName := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + resourceName := acctest.RandomWithPrefix("tf-acc") + permissionName := acctest.RandomWithPrefix("tf-acc") + scopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -34,10 +34,10 @@ func TestAccKeycloakOpenidClientAuthorizationPermission_createAfterManualDestroy t.Parallel() var authorizationPermission = &keycloak.OpenidClientAuthorizationPermission{} - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) - permissionName := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + resourceName := acctest.RandomWithPrefix("tf-acc") + permissionName := acctest.RandomWithPrefix("tf-acc") + scopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -64,8 +64,8 @@ func TestAccKeycloakOpenidClientAuthorizationPermission_createAfterManualDestroy func TestAccKeycloakOpenidClientAuthorizationPermission_basicUpdateAll(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + scopeName := acctest.RandomWithPrefix("tf-acc") firstAuthrorizationPermission := &keycloak.OpenidClientAuthorizationPermission{ RealmId: testAccRealm.Realm, diff --git a/provider/resource_keycloak_openid_client_authorization_resource_test.go b/provider/resource_keycloak_openid_client_authorization_resource_test.go index a540acbd..b9f3db0e 100644 --- a/provider/resource_keycloak_openid_client_authorization_resource_test.go +++ b/provider/resource_keycloak_openid_client_authorization_resource_test.go @@ -11,8 +11,8 @@ import ( func TestAccKeycloakOpenidClientAuthorizationResource_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + resourceName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -31,8 +31,8 @@ func TestAccKeycloakOpenidClientAuthorizationResource_createAfterManualDestroy(t t.Parallel() var authorizationResource = &keycloak.OpenidClientAuthorizationResource{} - clientId := "terraform-" + acctest.RandString(10) - resourceName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + resourceName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -59,7 +59,7 @@ func TestAccKeycloakOpenidClientAuthorizationResource_createAfterManualDestroy(t func TestAccKeycloakOpenidClientAuthorizationResource_basicUpdateAll(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") ownerManagedAccess := randomBool() firstAuthrorizationResource := &keycloak.OpenidClientAuthorizationResource{ diff --git a/provider/resource_keycloak_openid_client_authorization_role_policy_test.go b/provider/resource_keycloak_openid_client_authorization_role_policy_test.go index 15ad4e9c..c18a8948 100644 --- a/provider/resource_keycloak_openid_client_authorization_role_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_role_policy_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakOpenidClientAuthorizationRolePolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - roleName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_scope_test.go b/provider/resource_keycloak_openid_client_authorization_scope_test.go index 9c6d36b8..cc2ae258 100644 --- a/provider/resource_keycloak_openid_client_authorization_scope_test.go +++ b/provider/resource_keycloak_openid_client_authorization_scope_test.go @@ -11,8 +11,8 @@ import ( func TestAccKeycloakOpenidClientAuthorizationScope_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + scopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -31,8 +31,8 @@ func TestAccKeycloakOpenidClientAuthorizationScope_createAfterManualDestroy(t *t t.Parallel() var authorizationScope = &keycloak.OpenidClientAuthorizationScope{} - clientId := "terraform-" + acctest.RandString(10) - scopeName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + scopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -59,7 +59,7 @@ func TestAccKeycloakOpenidClientAuthorizationScope_createAfterManualDestroy(t *t func TestAccKeycloakOpenidClientAuthorizationScope_basicUpdateAll(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") firstAuthrorizationScope := &keycloak.OpenidClientAuthorizationScope{ RealmId: testAccRealm.Realm, diff --git a/provider/resource_keycloak_openid_client_authorization_time_policy_test.go b/provider/resource_keycloak_openid_client_authorization_time_policy_test.go index 3874e0cf..e30f2fb5 100644 --- a/provider/resource_keycloak_openid_client_authorization_time_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_time_policy_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakOpenidClientAuthorizationTimePolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - policyName := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + policyName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_authorization_user_policy_test.go b/provider/resource_keycloak_openid_client_authorization_user_policy_test.go index 41131b7e..d218fb3e 100644 --- a/provider/resource_keycloak_openid_client_authorization_user_policy_test.go +++ b/provider/resource_keycloak_openid_client_authorization_user_policy_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientAuthorizationUserPolicy(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_default_scopes_test.go b/provider/resource_keycloak_openid_client_default_scopes_test.go index 020920b7..ad3e8910 100644 --- a/provider/resource_keycloak_openid_client_default_scopes_test.go +++ b/provider/resource_keycloak_openid_client_default_scopes_test.go @@ -16,8 +16,8 @@ var preAssignedDefaultClientScopes = []string{"profile", "email", "web-origins", func TestAccKeycloakOpenidClientDefaultScopes_basic(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultClientScopes, clientScope) @@ -41,9 +41,9 @@ func TestAccKeycloakOpenidClientDefaultScopes_basic(t *testing.T) { func TestAccKeycloakOpenidClientDefaultScopes_updateClientForceNew(t *testing.T) { t.Parallel() - clientOne := "terraform-client-" + acctest.RandString(10) - clientTwo := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + clientOne := acctest.RandomWithPrefix("tf-acc") + clientTwo := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultClientScopes, clientScope) @@ -65,8 +65,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateClientForceNew(t *testing.T) func TestAccKeycloakOpenidClientDefaultScopes_updateInPlace(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") allClientScopes := append(preAssignedDefaultClientScopes, clientScope) @@ -103,8 +103,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_updateInPlace(t *testing.T) { func TestAccKeycloakOpenidClientDefaultScopes_validateClientDoesNotExist(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -120,8 +120,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientDoesNotExist(t *test func TestAccKeycloakOpenidClientDefaultScopes_validateClientAccessType(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -138,7 +138,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_validateClientAccessType(t *testin // if a default client scope is manually detached from a client with default scopes controlled by this resource, terraform should add it again func TestAccKeycloakOpenidClientDefaultScopes_authoritativeAdd(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultClientScopes, "terraform-client-scope-"+acctest.RandString(10), "terraform-client-scope-"+acctest.RandString(10), @@ -176,7 +176,7 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeAdd(t *testing.T) { // if a default client scope is manually attached to a client with default scopes controlled by this resource, terraform should detach it func TestAccKeycloakOpenidClientDefaultScopes_authoritativeRemove(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") randomClientScopes := []string{ "terraform-client-scope-" + acctest.RandString(10), @@ -226,8 +226,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_authoritativeRemove(t *testing.T) // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakOpenidClientDefaultScopes_noImportNeeded(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultClientScopes, clientScope) @@ -265,8 +265,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_noImportNeeded(t *testing.T) { // will think it needs to remove these scopes, which is okay to do during an update func TestAccKeycloakOpenidClientDefaultScopes_profileAndEmailDefaultScopes(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -284,8 +284,8 @@ func TestAccKeycloakOpenidClientDefaultScopes_profileAndEmailDefaultScopes(t *te // Keycloak throws a 500 if you attempt to attach an optional scope that is already attached as an optional scope func TestAccKeycloakOpenidClientDefaultScopes_validateDuplicateScopeAssignment(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") optionalClientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) diff --git a/provider/resource_keycloak_openid_client_optional_scopes_test.go b/provider/resource_keycloak_openid_client_optional_scopes_test.go index 7a0616aa..2f9bdfdf 100644 --- a/provider/resource_keycloak_openid_client_optional_scopes_test.go +++ b/provider/resource_keycloak_openid_client_optional_scopes_test.go @@ -22,8 +22,8 @@ func getPreAssignedOptionalClientScopes() []string { func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) @@ -47,9 +47,9 @@ func TestAccKeycloakOpenidClientOptionalScopes_basic(t *testing.T) { func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T) { t.Parallel() - clientOne := "terraform-client-" + acctest.RandString(10) - clientTwo := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + clientOne := acctest.RandomWithPrefix("tf-acc") + clientTwo := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) @@ -71,8 +71,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateClientForceNew(t *testing.T func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") allClientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) @@ -109,8 +109,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_updateInPlace(t *testing.T) { func TestAccKeycloakOpenidClientOptionalScopes_validateClientDoesNotExist(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -126,8 +126,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientDoesNotExist(t *tes func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -144,7 +144,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_validateClientAccessType(t *testi // if a optional client scope is manually detached from a client with optional scopes controlled by this resource, terraform should add it again func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") clientScopes := append(getPreAssignedOptionalClientScopes(), "terraform-client-scope-"+acctest.RandString(10), "terraform-client-scope-"+acctest.RandString(10), @@ -182,7 +182,7 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeAdd(t *testing.T) { // if an optional client scope is manually attached to a client with optional scopes controlled by this resource, terraform should detach it func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") randomClientScopes := []string{ "terraform-client-scope-" + acctest.RandString(10), @@ -232,8 +232,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_authoritativeRemove(t *testing.T) // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(getPreAssignedOptionalClientScopes(), clientScope) @@ -272,8 +272,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_noImportNeeded(t *testing.T) { // during an update func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -291,8 +291,8 @@ func TestAccKeycloakOpenidClientOptionalScopes_profileAndEmailOptionalScopes(t * // Keycloak throws a 500 if you attempt to attach an optional scope that is already attached as a default scope func TestAccKeycloakOpenidClientOptionalScopes_validateDuplicateScopeAssignment(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") defaultClientScopes := append(preAssignedDefaultClientScopes, clientScope) diff --git a/provider/resource_keycloak_openid_client_permissions_test.go b/provider/resource_keycloak_openid_client_permissions_test.go index 30c81d7c..d17c25dc 100644 --- a/provider/resource_keycloak_openid_client_permissions_test.go +++ b/provider/resource_keycloak_openid_client_permissions_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientPermission_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_scope_test.go b/provider/resource_keycloak_openid_client_scope_test.go index b1e7e336..331d63bb 100644 --- a/provider/resource_keycloak_openid_client_scope_test.go +++ b/provider/resource_keycloak_openid_client_scope_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakClientScope_basic(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { t.Parallel() var clientScope = &keycloak.OpenidClientScope{} - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -68,7 +68,7 @@ func TestAccKeycloakClientScope_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakClientScope_updateRealm(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -95,7 +95,7 @@ func TestAccKeycloakClientScope_updateRealm(t *testing.T) { func TestAccKeycloakClientScope_consentScreenText(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -120,7 +120,7 @@ func TestAccKeycloakClientScope_consentScreenText(t *testing.T) { func TestAccKeycloakClientScope_includeInTokenScope(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") includeInTokenScope := false resource.Test(t, resource.TestCase{ @@ -149,7 +149,7 @@ func TestAccKeycloakClientScope_includeInTokenScope(t *testing.T) { func TestAccKeycloakClientScope_guiOrder(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") guiOrder := acctest.RandIntRange(0, 1000) resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go index a3747402..f4144de8 100644 --- a/provider/resource_keycloak_openid_client_service_account_realm_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_realm_role_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientServiceAccountRealmRole_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_client_service_account_realm_role.test" resource.Test(t, resource.TestCase{ @@ -38,7 +38,7 @@ func TestAccKeycloakOpenidClientServiceAccountRealmRole_createAfterManualDestroy t.Parallel() var serviceAccountRole = &keycloak.OpenidClientServiceAccountRealmRole{} - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_client_service_account_role_test.go b/provider/resource_keycloak_openid_client_service_account_role_test.go index 08f9df61..158e5a68 100644 --- a/provider/resource_keycloak_openid_client_service_account_role_test.go +++ b/provider/resource_keycloak_openid_client_service_account_role_test.go @@ -12,7 +12,7 @@ import ( func TestAccKeycloakOpenidClientServiceAccountRole_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_client_service_account_role.test" resource.Test(t, resource.TestCase{ @@ -38,7 +38,7 @@ func TestAccKeycloakOpenidClientServiceAccountRole_createAfterManualDestroy(t *t t.Parallel() var serviceAccountRole = &keycloak.OpenidClientServiceAccountRole{} - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -65,8 +65,8 @@ func TestAccKeycloakOpenidClientServiceAccountRole_createAfterManualDestroy(t *t func TestAccKeycloakOpenidClientServiceAccountRole_enableAfterCreate(t *testing.T) { t.Parallel() - bearerClientId := "terraform-" + acctest.RandString(10) - consumerClientId := "terraform-" + acctest.RandString(10) + bearerClientId := acctest.RandomWithPrefix("tf-acc") + consumerClientId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_client_service_account_role.consumer_service_account_role" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_client_test.go b/provider/resource_keycloak_openid_client_test.go index 03962f8f..8ca4016d 100644 --- a/provider/resource_keycloak_openid_client_test.go +++ b/provider/resource_keycloak_openid_client_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakOpenidClient_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,7 +39,7 @@ func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { t.Parallel() var client = &keycloak.OpenidClient{} - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -70,7 +70,7 @@ func TestAccKeycloakOpenidClient_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakOpenidClient_updateRealm(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -97,7 +97,7 @@ func TestAccKeycloakOpenidClient_updateRealm(t *testing.T) { func TestAccKeycloakOpenidClient_accessType(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -122,7 +122,7 @@ func TestAccKeycloakOpenidClient_accessType(t *testing.T) { func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") adminUrl := "https://www.example.com/admin" resource.Test(t, resource.TestCase{ @@ -140,7 +140,7 @@ func TestAccKeycloakOpenidClient_adminUrl(t *testing.T) { func TestAccKeycloakOpenidClient_baseUrl(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") baseUrl := "https://www.example.com" resource.Test(t, resource.TestCase{ @@ -158,7 +158,7 @@ func TestAccKeycloakOpenidClient_baseUrl(t *testing.T) { func TestAccKeycloakOpenidClient_rootUrl(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") rootUrl := "https://www.example.com" resource.Test(t, resource.TestCase{ @@ -176,7 +176,7 @@ func TestAccKeycloakOpenidClient_rootUrl(t *testing.T) { func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") enabled := randomBool() standardFlowEnabled := randomBool() implicitFlowEnabled := randomBool() @@ -254,7 +254,7 @@ func TestAccKeycloakOpenidClient_updateInPlace(t *testing.T) { func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") accessTokenLifespan := "1800" @@ -280,7 +280,7 @@ func TestAccKeycloakOpenidClient_AccessToken_basic(t *testing.T) { func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") offlineSessionIdleTimeout := "1800" offlineSessionMaxLifespan := "1900" @@ -312,8 +312,8 @@ func TestAccKeycloakOpenidClient_ClientTimeouts_basic(t *testing.T) { func TestAccKeycloakOpenidClient_secret(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) - clientSecret := acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + clientSecret := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -340,7 +340,7 @@ func TestAccKeycloakOpenidClient_secret(t *testing.T) { func TestAccKeycloakOpenidClient_redirectUrisValidation(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") accessType := randomStringInSlice([]string{"PUBLIC", "CONFIDENTIAL"}) resource.Test(t, resource.TestCase{ @@ -362,7 +362,7 @@ func TestAccKeycloakOpenidClient_redirectUrisValidation(t *testing.T) { func TestAccKeycloakOpenidClient_publicClientCredentialsValidation(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -379,7 +379,7 @@ func TestAccKeycloakOpenidClient_publicClientCredentialsValidation(t *testing.T) func TestAccKeycloakOpenidClient_bearerClientNoGrantsValidation(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -408,7 +408,7 @@ func TestAccKeycloakOpenidClient_bearerClientNoGrantsValidation(t *testing.T) { func TestAccKeycloakOpenidClient_pkceCodeChallengeMethod(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -453,7 +453,7 @@ func TestAccKeycloakOpenidClient_pkceCodeChallengeMethod(t *testing.T) { func TestAccKeycloakOpenidClient_excludeSessionStateFromAuthResponse(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -494,7 +494,7 @@ func TestAccKeycloakOpenidClient_excludeSessionStateFromAuthResponse(t *testing. func TestAccKeycloakOpenidClient_authenticationFlowBindingOverrides(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -515,10 +515,10 @@ func TestAccKeycloakOpenidClient_authenticationFlowBindingOverrides(t *testing.T func TestAccKeycloakOpenidClient_loginTheme(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") loginThemeKeycloak := "keycloak" loginThemeBase := "base" - loginThemeRandom := "theme-" + acctest.RandString(10) + loginThemeRandom := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go b/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go index 15b80b59..1ecd986d 100644 --- a/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_full_name_protocol_mapper_test.go @@ -11,8 +11,8 @@ import ( func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" @@ -31,8 +31,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client_scope" @@ -51,9 +51,9 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_basicClientScope(t *testing.T) func TestAccKeycloakOpenIdFullNameProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" clientScopeResourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client_scope" @@ -127,8 +127,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_createAfterManualDestroy(t *tes t.Parallel() var mapper = &keycloak.OpenIdFullNameProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-full-name-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" @@ -157,9 +157,9 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_createAfterManualDestroy(t *tes func TestAccKeycloakOpenIdFullNameProtocolMapper_updateMapperNameForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperNameOne := acctest.RandString(10) - mapperNameTwo := acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperNameOne := acctest.RandomWithPrefix("tf-acc") + mapperNameTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" @@ -182,8 +182,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateMapperNameForceNew(t *tes func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientIdOne := "terraform-client-" + acctest.RandString(10) - clientIdTwo := "terraform-client-" + acctest.RandString(10) + clientIdOne := acctest.RandomWithPrefix("tf-acc") + clientIdTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client" @@ -206,8 +206,8 @@ func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientIdForceNew(t *testi func TestAccKeycloakOpenIdFullNameProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - clientScopeOne := "terraform-client-scope-" + acctest.RandString(10) - clientScopeTwo := "terraform-client-scope-" + acctest.RandString(10) + clientScopeOne := acctest.RandomWithPrefix("tf-acc") + clientScopeTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_full_name_protocol_mapper.full_name_mapper_client_scope" diff --git a/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go b/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go index 6c6d3477..bad2e248 100644 --- a/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_group_membership_protocol_mapper_test.go @@ -11,8 +11,8 @@ import ( func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -31,8 +31,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClient(t *testing.T func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client_scope" @@ -51,9 +51,9 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_basicClientScope(t *test func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" clientScopeResourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client_scope" @@ -131,8 +131,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_createAfterManualDestroy t.Parallel() var mapper = &keycloak.OpenIdGroupMembershipProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-group-membership-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -161,9 +161,9 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_createAfterManualDestroy func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateMapperNameForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperNameOne := acctest.RandString(10) - mapperNameTwo := acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperNameOne := acctest.RandomWithPrefix("tf-acc") + mapperNameTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -186,8 +186,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateMapperNameForceNew func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientIdOne := "terraform-client-" + acctest.RandString(10) - clientIdTwo := "terraform-client-" + acctest.RandString(10) + clientIdOne := acctest.RandomWithPrefix("tf-acc") + clientIdTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client" @@ -210,8 +210,8 @@ func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientIdForceNew(t func TestAccKeycloakOpenIdGroupMembershipProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - clientScopeOne := "terraform-client-scope-" + acctest.RandString(10) - clientScopeTwo := "terraform-client-scope-" + acctest.RandString(10) + clientScopeOne := acctest.RandomWithPrefix("tf-acc") + clientScopeTwo := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_group_membership_protocol_mapper.group_membership_mapper_client_scope" diff --git a/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go b/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go index 1627a630..163ad457 100644 --- a/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_hardcoded_claim_protocol_mapper_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client" @@ -32,8 +32,8 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClient(t *testing.T) func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client_scope" @@ -52,9 +52,9 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_basicClientScope(t *testi func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client" clientScopeResourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client_scope" @@ -89,13 +89,13 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - updatedClaimName := "claim-name-update-" + acctest.RandString(10) - claimValue := "claim-value-" + acctest.RandString(10) - updatedClaimValue := "claim-value-update-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + updatedClaimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") + updatedClaimValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper" @@ -120,8 +120,8 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_createAfterManualDestroy( t.Parallel() var mapper = &keycloak.OpenIdHardcodedClaimProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client" @@ -150,8 +150,8 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_createAfterManualDestroy( func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -168,12 +168,12 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_validateClaimValueType(t func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - claimValue := "claim-value-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper" resource.Test(t, resource.TestCase{ @@ -195,9 +195,9 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientIdForceNew(t func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -219,11 +219,11 @@ func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateClientScopeForceNew func TestAccKeycloakOpenIdHardcodedClaimProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-claim-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - claimValue := "claim-value-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + claimValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go index f4e393d9..7e7034be 100644 --- a/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_hardcoded_role_protocol_mapper_test.go @@ -11,9 +11,9 @@ import ( func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(t *testing.T) { t.Parallel() - role := "terraform-role-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + role := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client" @@ -32,10 +32,10 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_client(t *t func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(t *testing.T) { t.Parallel() - clientIdForRole := "terraform-client-" + acctest.RandString(10) - role := "terraform-role-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + clientIdForRole := acctest.RandomWithPrefix("tf-acc") + role := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client" @@ -54,9 +54,9 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicClientRole_client(t * func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope(t *testing.T) { t.Parallel() - role := "terraform-role-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + role := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client_scope" @@ -75,10 +75,10 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_basicRealmRole_clientScope func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_import(t *testing.T) { t.Parallel() - role := "terraform-role-" + acctest.RandString(10) - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + role := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client" clientScopeResourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client_scope" @@ -113,10 +113,10 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_update(t *testing.T) { t.Parallel() - roleOne := "terraform-role-" + acctest.RandString(10) - roleTwo := "terraform-role-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + roleOne := acctest.RandomWithPrefix("tf-acc") + roleTwo := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client" @@ -141,9 +141,9 @@ func TestAccKeycloakOpenIdHardcodedRoleProtocolMapper_createAfterManualDestroy(t t.Parallel() var mapper = &keycloak.OpenIdHardcodedRoleProtocolMapper{} - role := "terraform-role-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-hardcoded-role-mapper-" + acctest.RandString(5) + role := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper_client" diff --git a/provider/resource_keycloak_openid_script_protocol_mapper_test.go b/provider/resource_keycloak_openid_script_protocol_mapper_test.go index 6877f19c..2f4aa9e0 100644 --- a/provider/resource_keycloak_openid_script_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_script_protocol_mapper_test.go @@ -13,8 +13,8 @@ import ( func TestAccKeycloakOpenIdScriptProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" @@ -34,8 +34,8 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakOpenIdScriptProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" @@ -55,9 +55,9 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_basicClientScope(t *testing.T) { func TestAccKeycloakOpenIdScriptProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" clientScopeResourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" @@ -93,11 +93,11 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdScriptProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - attributeName := "claim-" + acctest.RandString(10) - updatedAttributeName := "claim-update-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") + updatedAttributeName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper" resource.Test(t, resource.TestCase{ @@ -122,8 +122,8 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_createAfterManualDestroy(t *testi var mapper = &keycloak.OpenIdScriptProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client" @@ -155,8 +155,8 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_createAfterManualDestroy(t *testi func TestAccKeycloakOpenIdScriptProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -174,11 +174,11 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_validateClaimValueType(t *testing func TestAccKeycloakOpenIdScriptProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - attributeName := "claim-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper" resource.Test(t, resource.TestCase{ @@ -201,9 +201,9 @@ func TestAccKeycloakOpenIdScriptProtocolMapper_updateClientIdForceNew(t *testing func TestAccKeycloakOpenIdScriptProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-script-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_script_protocol_mapper.script_mapper_client_scope" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go index 5837e00e..364b2b82 100644 --- a/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_attribute_protocol_mapper_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client" @@ -32,8 +32,8 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClient(t *testing.T) func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client_scope" @@ -52,9 +52,9 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_basicClientScope(t *testin func TestAccKeycloakOpenIdUserAttributeProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client" clientScopeResourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client_scope" @@ -89,11 +89,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdUserAttributeProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - attributeName := "claim-" + acctest.RandString(10) - updatedAttributeName := "claim-update-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") + updatedAttributeName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper" resource.Test(t, resource.TestCase{ @@ -117,8 +117,8 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_createAfterManualDestroy(t t.Parallel() var mapper = &keycloak.OpenIdUserAttributeProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client" @@ -147,8 +147,8 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_createAfterManualDestroy(t func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -165,11 +165,11 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_validateClaimValueType(t * func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - attributeName := "claim-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper" resource.Test(t, resource.TestCase{ @@ -191,9 +191,9 @@ func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientIdForceNew(t * func TestAccKeycloakOpenIdUserAttributeProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-attribute-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper_client_scope" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go index 64ef0ed7..001de58b 100644 --- a/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_client_role_protocol_mapper_test.go @@ -13,8 +13,8 @@ import ( func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client" @@ -33,8 +33,8 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClient(t *testing.T) func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client_scope" @@ -53,9 +53,9 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_basicClientScope(t *testi func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client" clientScopeResourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client_scope" @@ -90,11 +90,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - updatedClaimName := "claim-name-update-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + updatedClaimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper" @@ -119,8 +119,8 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_createAfterManualDestroy( t.Parallel() var mapper = &keycloak.OpenIdUserClientRoleProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client" @@ -149,8 +149,8 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_createAfterManualDestroy( func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -167,11 +167,11 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_validateClaimValueType(t func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper" resource.Test(t, resource.TestCase{ @@ -193,9 +193,9 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientIdForceNew(t func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -217,10 +217,10 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateClientScopeForceNew func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper" resource.Test(t, resource.TestCase{ @@ -242,9 +242,9 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_updateRealmIdForceNew(t * func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - assignedClientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + assignedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_validation" resource.Test(t, resource.TestCase{ @@ -266,10 +266,10 @@ func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignment(t *testi func TestAccKeycloakOpenIdUserClientRoleProtocolMapper_clientAssignmentRolePrefix(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - assignedClientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-client-role-mapper-" + acctest.RandString(5) - rolePrefix := "role-prefix-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + assignedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") + rolePrefix := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper_validation" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go index 8c3096c2..a8b72cfc 100644 --- a/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_property_protocol_mapper_test.go @@ -12,8 +12,8 @@ import ( func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client" @@ -32,8 +32,8 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client_scope" @@ -52,9 +52,9 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_basicClientScope(t *testing func TestAccKeycloakOpenIdUserPropertyProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client" clientScopeResourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client_scope" @@ -89,11 +89,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdUserPropertyProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - propertyName := "claim-" + acctest.RandString(10) - updatedPropertyName := "claim-update-" + acctest.RandString(10) + propertyName := acctest.RandomWithPrefix("tf-acc") + updatedPropertyName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper" resource.Test(t, resource.TestCase{ @@ -117,8 +117,8 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_createAfterManualDestroy(t t.Parallel() var mapper = &keycloak.OpenIdUserPropertyProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client" @@ -147,8 +147,8 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_createAfterManualDestroy(t func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -165,11 +165,11 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_validateClaimValueType(t *t func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - propertyName := "claim-" + acctest.RandString(10) + propertyName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper" resource.Test(t, resource.TestCase{ @@ -191,9 +191,9 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientIdForceNew(t *t func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -215,10 +215,10 @@ func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateClientScopeForceNew(t func TestAccKeycloakOpenIdUserPropertyProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - propertyName := "claim-" + acctest.RandString(10) + propertyName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_property_protocol_mapper.user_property_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go index cc9aafaf..8595cf2d 100644 --- a/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_realm_role_protocol_mapper_test.go @@ -13,8 +13,8 @@ import ( func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client" @@ -33,8 +33,8 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClient(t *testing.T) func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client_scope" @@ -53,9 +53,9 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_basicClientScope(t *testin func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client" clientScopeResourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client_scope" @@ -90,11 +90,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - updatedClaimName := "claim-name-update-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + updatedClaimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper" @@ -119,8 +119,8 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_createAfterManualDestroy(t t.Parallel() var mapper = &keycloak.OpenIdUserRealmRoleProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client" @@ -149,8 +149,8 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_createAfterManualDestroy(t func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -167,11 +167,11 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_validateClaimValueType(t * func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper" resource.Test(t, resource.TestCase{ @@ -193,9 +193,9 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientIdForceNew(t * func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -217,10 +217,10 @@ func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateClientScopeForceNew( func TestAccKeycloakOpenIdUserRealmRoleProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-realm-role-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go b/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go index b74f6d9c..23d94aa3 100644 --- a/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go +++ b/provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go @@ -13,8 +13,8 @@ import ( func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client" @@ -33,8 +33,8 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClient(t *testing.T func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClientScope(t *testing.T) { t.Parallel() - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client_scope" @@ -53,9 +53,9 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_basicClientScope(t *test func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-openid-client-" + acctest.RandString(10) - clientScopeId := "terraform-client-scope-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client" clientScopeResourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client_scope" @@ -90,11 +90,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_import(t *testing.T) { func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClaim(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) - updatedClaimName := "claim-name-update-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") + updatedClaimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper" @@ -117,11 +117,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClaim(t *testing.T func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateNote(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - noteName := "session-note-" + acctest.RandString(10) - updatedNoteName := "session-note-update-" + acctest.RandString(10) + noteName := acctest.RandomWithPrefix("tf-acc") + updatedNoteName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper" @@ -146,8 +146,8 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_createAfterManualDestroy t.Parallel() var mapper = &keycloak.OpenIdUserSessionNoteProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client" @@ -176,8 +176,8 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_createAfterManualDestroy func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(10) - invalidClaimValueType := acctest.RandString(5) + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidClaimValueType := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -194,11 +194,11 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_validateClaimValueType(t func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper" resource.Test(t, resource.TestCase{ @@ -220,9 +220,9 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientIdForceNew(t func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientScopeForceNew(t *testing.T) { t.Parallel() - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) - clientScopeId := "terraform-client-" + acctest.RandString(10) - newClientScopeId := "terraform-client-scope-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + clientScopeId := acctest.RandomWithPrefix("tf-acc") + newClientScopeId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper_client_scope" resource.Test(t, resource.TestCase{ @@ -244,10 +244,10 @@ func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateClientScopeForceNe func TestAccKeycloakOpenIdUserSessionNoteProtocolMapper_updateRealmIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-openid-connect-user-session-note-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - claimName := "claim-name-" + acctest.RandString(10) + claimName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_realm_events_test.go b/provider/resource_keycloak_realm_events_test.go index aad0d1ec..e90b987c 100644 --- a/provider/resource_keycloak_realm_events_test.go +++ b/provider/resource_keycloak_realm_events_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakRealmEvents_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -25,7 +25,7 @@ func TestAccKeycloakRealmEvents_basic(t *testing.T) { } func TestAccKeycloakRealmEvents_destroy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -67,7 +67,7 @@ func TestAccKeycloakRealmEvents_destroy(t *testing.T) { } func TestAccKeycloakRealmEvents_update(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") before := &keycloak.RealmEventsConfig{ AdminEventsDetailsEnabled: true, @@ -126,7 +126,7 @@ func TestAccKeycloakRealmEvents_update(t *testing.T) { } func TestAccKeycloakRealmEvents_unsetEnabledEventTypes(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") before := &keycloak.RealmEventsConfig{ AdminEventsDetailsEnabled: true, diff --git a/provider/resource_keycloak_realm_test.go b/provider/resource_keycloak_realm_test.go index 62a5abfe..121bd157 100644 --- a/provider/resource_keycloak_realm_test.go +++ b/provider/resource_keycloak_realm_test.go @@ -11,9 +11,9 @@ import ( ) func TestAccKeycloakRealm_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -41,9 +41,9 @@ func TestAccKeycloakRealm_basic(t *testing.T) { } func TestAccKeycloakRealm_createAfterManualDestroy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -69,9 +69,9 @@ func TestAccKeycloakRealm_createAfterManualDestroy(t *testing.T) { } func TestAccKeycloakRealm_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -92,8 +92,8 @@ func TestAccKeycloakRealm_import(t *testing.T) { } func TestAccKeycloakRealm_SmtpServer(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realm := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -113,7 +113,7 @@ func TestAccKeycloakRealm_SmtpServer(t *testing.T) { } func TestAccKeycloakRealm_SmtpServerUpdate(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + realm := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -133,7 +133,7 @@ func TestAccKeycloakRealm_SmtpServerUpdate(t *testing.T) { } func TestAccKeycloakRealm_SmtpServerInvalid(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + realm := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -189,7 +189,7 @@ func TestAccKeycloakRealm_themes(t *testing.T) { } func TestAccKeycloakRealm_themesValidation(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + realm := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -217,7 +217,7 @@ func TestAccKeycloakRealm_themesValidation(t *testing.T) { } func TestAccKeycloakRealm_InternationalizationValidation(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) + realm := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -237,8 +237,8 @@ func TestAccKeycloakRealm_InternationalizationValidation(t *testing.T) { } func TestAccKeycloakRealm_Internationalization(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realm := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -262,8 +262,8 @@ func TestAccKeycloakRealm_Internationalization(t *testing.T) { } func TestAccKeycloakRealm_InternationalizationDisabled(t *testing.T) { - realm := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realm := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -323,7 +323,7 @@ func TestAccKeycloakRealm_loginConfigBasic(t *testing.T) { } func TestAccKeycloakRealm_loginConfigValidation(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -347,8 +347,8 @@ func TestAccKeycloakRealm_loginConfigValidation(t *testing.T) { } func TestAccKeycloakRealm_tokenSettings(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -373,9 +373,9 @@ func TestAccKeycloakRealm_tokenSettings(t *testing.T) { } func TestAccKeycloakRealm_computedTokenSettings(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -426,9 +426,9 @@ func TestAccKeycloakRealm_computedTokenSettings(t *testing.T) { } func TestAccKeycloakRealm_securityDefensesHeaders(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -456,9 +456,9 @@ func TestAccKeycloakRealm_securityDefensesHeaders(t *testing.T) { } func TestAccKeycloakRealm_securityDefensesBruteForceDetection(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -491,9 +491,9 @@ func TestAccKeycloakRealm_securityDefensesBruteForceDetection(t *testing.T) { } func TestAccKeycloakRealm_securityDefenses(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -553,9 +553,9 @@ func TestAccKeycloakRealm_securityDefenses(t *testing.T) { } func TestAccKeycloakRealm_passwordPolicy(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") passwordPolicyStringValid1 := "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername" passwordPolicyStringValid2 := "upperCase(1) and length(8)" passwordPolicyStringValid3 := "lowerCase(2)" @@ -590,9 +590,9 @@ func TestAccKeycloakRealm_passwordPolicy(t *testing.T) { } func TestAccKeycloakRealm_browserFlow(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") newBrowserFlow := "registration" resource.Test(t, resource.TestCase{ @@ -617,10 +617,10 @@ func TestAccKeycloakRealm_browserFlow(t *testing.T) { } func TestAccKeycloakRealm_customAttribute(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - key := "terraform-" + acctest.RandString(10) - value := "terraform-" + acctest.RandString(10) - value2 := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + key := acctest.RandomWithPrefix("tf-acc") + value := acctest.RandomWithPrefix("tf-acc") + value2 := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -640,9 +640,9 @@ func TestAccKeycloakRealm_customAttribute(t *testing.T) { } func TestAccKeycloakRealm_passwordPolicyInvalid(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") passwordPolicyStringInvalid1 := "unknownpolicy(1) and length(8) and forceExpiredPasswordChange(365) and notUsername" passwordPolicyStringInvalid2 := "lowerCase(1) and length(8) and unknownpolicy(365) and notUsername" passwordPolicyStringInvalid3 := "unknownpolicy(2)" @@ -673,8 +673,8 @@ func TestAccKeycloakRealm_passwordPolicyInvalid(t *testing.T) { } func TestAccKeycloakRealm_internalId(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - internalId := acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + internalId := acctest.RandomWithPrefix("tf-acc") realm := &keycloak.Realm{ Realm: realmName, Id: internalId, @@ -703,11 +703,11 @@ func TestAccKeycloakRealm_internalId(t *testing.T) { } func TestAccKeycloakRealm_webauthn(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - realmDisplayName := "terraform-" + acctest.RandString(10) - realmDisplayNameHtml := "terraform-" + acctest.RandString(10) + "" - rpName := "terraform-" + acctest.RandString(10) - rpId := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + realmDisplayName := acctest.RandomWithPrefix("tf-acc") + realmDisplayNameHtml := acctest.RandomWithPrefix("tf-acc") + rpName := acctest.RandomWithPrefix("tf-acc") + rpId := acctest.RandomWithPrefix("tf-acc") attestationConveyancePreference := randomStringInSlice([]string{"none", "indirect", "not specified"}) authenticatorAttachment := randomStringInSlice([]string{"platform", "cross-platform", "not specified"}) requireResidentKey := randomStringInSlice([]string{"Yes", "No", "not specified"}) diff --git a/provider/resource_keycloak_required_action_test.go b/provider/resource_keycloak_required_action_test.go index 5becf747..0ef9431f 100644 --- a/provider/resource_keycloak_required_action_test.go +++ b/provider/resource_keycloak_required_action_test.go @@ -10,7 +10,7 @@ import ( ) func TestAccKeycloakRequiredAction_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") requiredActionAlias := "CONFIGURE_TOTP" resource.Test(t, resource.TestCase{ @@ -26,7 +26,7 @@ func TestAccKeycloakRequiredAction_basic(t *testing.T) { } func TestAccKeycloakRequiredAction_unregisteredAction(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") requiredActionAlias := "webauthn-register" resource.Test(t, resource.TestCase{ @@ -42,8 +42,8 @@ func TestAccKeycloakRequiredAction_unregisteredAction(t *testing.T) { } func TestAccKeycloakRequiredAction_invalidAlias(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - randomReqActionAlias := "randomRequiredAction-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + randomReqActionAlias := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -58,7 +58,7 @@ func TestAccKeycloakRequiredAction_invalidAlias(t *testing.T) { } func TestAccKeycloakRequiredAction_import(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") requiredActionAlias := "terms_and_conditions" resource.Test(t, resource.TestCase{ @@ -80,7 +80,7 @@ func TestAccKeycloakRequiredAction_import(t *testing.T) { } func TestAccKeycloakRequiredAction_disabledDefault(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") requiredActionAlias := "terms_and_conditions" resource.Test(t, resource.TestCase{ @@ -95,7 +95,7 @@ func TestAccKeycloakRequiredAction_disabledDefault(t *testing.T) { }) } func TestAccKeycloakRequiredAction_computedPriority(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") requiredActionAlias := "terms_and_conditions" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_role_test.go b/provider/resource_keycloak_role_test.go index 81399888..0cf3c188 100644 --- a/provider/resource_keycloak_role_test.go +++ b/provider/resource_keycloak_role_test.go @@ -11,7 +11,7 @@ import ( func TestAccKeycloakRole_basicRealm(t *testing.T) { t.Parallel() - roleName := "terraform-role-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -34,7 +34,7 @@ func TestAccKeycloakRole_basicRealm(t *testing.T) { func TestAccKeycloakRole_basicRealmUrlRoleName(t *testing.T) { t.Parallel() - roleName := "terraform-role-httpfoo.bara1b2" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -57,8 +57,8 @@ func TestAccKeycloakRole_basicRealmUrlRoleName(t *testing.T) { func TestAccKeycloakRole_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - roleName := "terraform-role-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -81,8 +81,8 @@ func TestAccKeycloakRole_basicClient(t *testing.T) { func TestAccKeycloakRole_basicSamlClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - roleName := "terraform-role-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -105,9 +105,9 @@ func TestAccKeycloakRole_basicSamlClient(t *testing.T) { func TestAccKeycloakRole_basicRealmUpdate(t *testing.T) { t.Parallel() - roleName := "terraform-role-" + acctest.RandString(10) - descriptionOne := acctest.RandString(50) - descriptionTwo := acctest.RandString(50) + roleName := acctest.RandomWithPrefix("tf-acc") + descriptionOne := acctest.RandomWithPrefix("tf-acc") + descriptionTwo := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -132,10 +132,10 @@ func TestAccKeycloakRole_basicRealmUpdate(t *testing.T) { func TestAccKeycloakRole_basicClientUpdate(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - roleName := "terraform-role-" + acctest.RandString(10) - descriptionOne := acctest.RandString(50) - descriptionTwo := acctest.RandString(50) + clientId := acctest.RandomWithPrefix("tf-acc") + roleName := acctest.RandomWithPrefix("tf-acc") + descriptionOne := acctest.RandomWithPrefix("tf-acc") + descriptionTwo := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -162,7 +162,7 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { t.Parallel() var role = &keycloak.Role{} - roleName := "terraform-role-" + acctest.RandString(10) + roleName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -192,13 +192,13 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakRole_composites(t *testing.T) { t.Parallel() - clientOne := "terraform-client-" + acctest.RandString(10) - clientTwo := "terraform-client-" + acctest.RandString(10) - roleOne := "terraform-role-one-" + acctest.RandString(10) - roleTwo := "terraform-role-two-" + acctest.RandString(10) - roleThree := "terraform-role-three-" + acctest.RandString(10) - roleFour := "terraform-role-four-" + acctest.RandString(10) - roleWithComposites := "terraform-role-with-composites-" + acctest.RandString(10) + clientOne := acctest.RandomWithPrefix("tf-acc") + clientTwo := acctest.RandomWithPrefix("tf-acc") + roleOne := acctest.RandomWithPrefix("tf-acc") + roleTwo := acctest.RandomWithPrefix("tf-acc") + roleThree := acctest.RandomWithPrefix("tf-acc") + roleFour := acctest.RandomWithPrefix("tf-acc") + roleWithComposites := acctest.RandomWithPrefix("tf-acc") roleWithCompositesResourceName := "keycloak_role.role_with_composites" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_saml_client_default_scopes_test.go b/provider/resource_keycloak_saml_client_default_scopes_test.go index 8ed382ed..e9ed70f0 100644 --- a/provider/resource_keycloak_saml_client_default_scopes_test.go +++ b/provider/resource_keycloak_saml_client_default_scopes_test.go @@ -17,8 +17,8 @@ var preAssignedDefaultSamlClientScopes = []string{"role_list"} func TestAccKeycloakSamlClientDefaultScopes_basic(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultSamlClientScopes, clientScope) @@ -42,9 +42,9 @@ func TestAccKeycloakSamlClientDefaultScopes_basic(t *testing.T) { func TestAccKeycloakSamlClientDefaultScopes_updateClientForceNew(t *testing.T) { t.Parallel() - clientOne := "terraform-client-" + acctest.RandString(10) - clientTwo := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + clientOne := acctest.RandomWithPrefix("tf-acc") + clientTwo := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultSamlClientScopes, clientScope) @@ -66,8 +66,8 @@ func TestAccKeycloakSamlClientDefaultScopes_updateClientForceNew(t *testing.T) { func TestAccKeycloakSamlClientDefaultScopes_updateInPlace(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") allClientScopes := append(preAssignedDefaultSamlClientScopes, clientScope) @@ -104,8 +104,8 @@ func TestAccKeycloakSamlClientDefaultScopes_updateInPlace(t *testing.T) { func TestAccKeycloakSamlClientDefaultScopes_validateClientDoesNotExist(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -122,7 +122,7 @@ func TestAccKeycloakSamlClientDefaultScopes_validateClientDoesNotExist(t *testin // if a default client scope is manually detached from a client with default scopes controlled by this resource, terraform should add it again func TestAccKeycloakSamlClientDefaultScopes_authoritativeAdd(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultSamlClientScopes, "terraform-client-scope-"+acctest.RandString(10), "terraform-client-scope-"+acctest.RandString(10), @@ -160,7 +160,7 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeAdd(t *testing.T) { // if a default client scope is manually attached to a client with default scopes controlled by this resource, terraform should detach it func TestAccKeycloakSamlClientDefaultScopes_authoritativeRemove(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") randomClientScopes := []string{ "terraform-client-scope-" + acctest.RandString(10), @@ -210,8 +210,8 @@ func TestAccKeycloakSamlClientDefaultScopes_authoritativeRemove(t *testing.T) { // this resource doesn't support import because it can be created even if the desired state already exists in keycloak func TestAccKeycloakSamlClientDefaultScopes_noImportNeeded(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") clientScopes := append(preAssignedDefaultSamlClientScopes, clientScope) @@ -249,8 +249,8 @@ func TestAccKeycloakSamlClientDefaultScopes_noImportNeeded(t *testing.T) { // will think it needs to remove these scopes, which is okay to do during an update func TestAccKeycloakSamlClientDefaultScopes_profileAndEmailDefaultScopes(t *testing.T) { t.Parallel() - client := "terraform-client-" + acctest.RandString(10) - clientScope := "terraform-client-scope-" + acctest.RandString(10) + client := acctest.RandomWithPrefix("tf-acc") + clientScope := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_saml_client_scope_test.go b/provider/resource_keycloak_saml_client_scope_test.go index d1c75b28..2c02fb6f 100644 --- a/provider/resource_keycloak_saml_client_scope_test.go +++ b/provider/resource_keycloak_saml_client_scope_test.go @@ -13,7 +13,7 @@ import ( func TestAccKeycloakSamlClientScope_basic(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -38,7 +38,7 @@ func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { t.Parallel() var clientScope = &keycloak.SamlClientScope{} - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -68,7 +68,7 @@ func TestAccKeycloakSamlClientScope_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakSamlClientScope_updateRealm(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -95,7 +95,7 @@ func TestAccKeycloakSamlClientScope_updateRealm(t *testing.T) { func TestAccKeycloakSamlClientScope_consentScreenText(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -120,7 +120,7 @@ func TestAccKeycloakSamlClientScope_consentScreenText(t *testing.T) { func TestAccKeycloakSamlClientScope_guiOrder(t *testing.T) { t.Parallel() - clientScopeName := "terraform-" + acctest.RandString(10) + clientScopeName := acctest.RandomWithPrefix("tf-acc") guiOrder := acctest.RandIntRange(0, 1000) resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_saml_client_test.go b/provider/resource_keycloak_saml_client_test.go index e9d3d962..7d6eaa7b 100644 --- a/provider/resource_keycloak_saml_client_test.go +++ b/provider/resource_keycloak_saml_client_test.go @@ -14,7 +14,7 @@ import ( func TestAccKeycloakSamlClient_basic(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -39,7 +39,7 @@ func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { t.Parallel() var client = &keycloak.SamlClient{} - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -70,7 +70,7 @@ func TestAccKeycloakSamlClient_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakSamlClient_updateRealm(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -99,7 +99,7 @@ func TestAccKeycloakSamlClient_updateRealm(t *testing.T) { // This test asserts that these default values are present if none are provided func TestAccKeycloakSamlClient_keycloakDefaults(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -121,17 +121,17 @@ func TestAccKeycloakSamlClient_keycloakDefaults(t *testing.T) { func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") enabled := randomBool() frontChannelLogout := randomBool() clientSignatureRequired := "true" - encryptionCertificateBefore := acctest.RandString(20) - encryptionCertificateAfter := acctest.RandString(20) - signingCertificateBefore := acctest.RandString(20) - signingCertificateAfter := acctest.RandString(20) - signingPrivateKeyBefore := acctest.RandString(20) - signingPrivateKeyAfter := acctest.RandString(20) + encryptionCertificateBefore := acctest.RandomWithPrefix("tf-acc") + encryptionCertificateAfter := acctest.RandomWithPrefix("tf-acc") + signingCertificateBefore := acctest.RandomWithPrefix("tf-acc") + signingCertificateAfter := acctest.RandomWithPrefix("tf-acc") + signingPrivateKeyBefore := acctest.RandomWithPrefix("tf-acc") + signingPrivateKeyAfter := acctest.RandomWithPrefix("tf-acc") samlClientBefore := &keycloak.SamlClient{ RealmId: testAccRealm.Realm, @@ -232,7 +232,7 @@ func TestAccKeycloakSamlClient_updateInPlace(t *testing.T) { func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -261,7 +261,7 @@ func TestAccKeycloakSamlClient_certificateAndKey(t *testing.T) { func TestAccKeycloakSamlClient_encryptionCertificate(t *testing.T) { t.Parallel() - clientId := "terraform-" + acctest.RandString(10) + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, diff --git a/provider/resource_keycloak_saml_identity_provider_test.go b/provider/resource_keycloak_saml_identity_provider_test.go index d5aea8f5..af4afa27 100644 --- a/provider/resource_keycloak_saml_identity_provider_test.go +++ b/provider/resource_keycloak_saml_identity_provider_test.go @@ -11,8 +11,8 @@ import ( ) func TestAccKeycloakSamlIdentityProvider_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) - samlName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + samlName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -30,8 +30,8 @@ func TestAccKeycloakSamlIdentityProvider_basic(t *testing.T) { func TestAccKeycloakSamlIdentityProvider_createAfterManualDestroy(t *testing.T) { var saml = &keycloak.IdentityProvider{} - realmName := "terraform-" + acctest.RandString(10) - samlName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") + samlName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -57,9 +57,9 @@ func TestAccKeycloakSamlIdentityProvider_createAfterManualDestroy(t *testing.T) } func TestAccKeycloakSamlIdentityProvider_basicUpdateRealm(t *testing.T) { - firstRealm := "terraform-" + acctest.RandString(10) - secondRealm := "terraform-" + acctest.RandString(10) - samlName := "terraform-" + acctest.RandString(10) + firstRealm := acctest.RandomWithPrefix("tf-acc") + secondRealm := acctest.RandomWithPrefix("tf-acc") + samlName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -85,7 +85,7 @@ func TestAccKeycloakSamlIdentityProvider_basicUpdateRealm(t *testing.T) { } func TestAccKeycloakSamlIdentityProvider_basicUpdateAll(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") firstEnabled := randomBool() firstBackchannel := randomBool() firstValidateSignature := randomBool() diff --git a/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go b/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go index 53e40790..67fc5ffb 100644 --- a/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go +++ b/provider/resource_keycloak_saml_user_attribute_protocol_mapper_test.go @@ -15,8 +15,8 @@ import ( func TestAccKeycloakSamlUserAttributeProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" @@ -35,8 +35,8 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakSamlUserAttributeProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-saml-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" @@ -61,11 +61,11 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_import(t *testing.T) { func TestAccKeycloakSamlUserAttributeProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - userAttribute := "attr-" + acctest.RandString(10) - updatedUserAttribute := "attr-update-" + acctest.RandString(10) + userAttribute := acctest.RandomWithPrefix("tf-acc") + updatedUserAttribute := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" resource.Test(t, resource.TestCase{ @@ -89,8 +89,8 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_createAfterManualDestroy(t * t.Parallel() var mapper = &keycloak.SamlUserAttributeProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" @@ -119,9 +119,9 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_createAfterManualDestroy(t * func TestAccKeycloakSamlUserAttributeProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(10) - invalidSamlNameFormat := acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidSamlNameFormat := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -138,11 +138,11 @@ func TestAccKeycloakSamlUserAttributeProtocolMapper_validateClaimValueType(t *te func TestAccKeycloakSamlUserAttributeProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-saml-user-attribute-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - userAttribute := "attr-" + acctest.RandString(10) + userAttribute := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go b/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go index e5465eee..30ea0527 100644 --- a/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go +++ b/provider/resource_keycloak_saml_user_property_protocol_mapper_test.go @@ -15,8 +15,8 @@ import ( func TestAccKeycloakSamlUserPropertyProtocolMapper_basicClient(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" @@ -35,8 +35,8 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_basicClient(t *testing.T) { func TestAccKeycloakSamlUserPropertyProtocolMapper_import(t *testing.T) { t.Parallel() - clientId := "terraform-saml-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") clientResourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" @@ -61,11 +61,11 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_import(t *testing.T) { func TestAccKeycloakSamlUserPropertyProtocolMapper_update(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - userAttribute := "attr-" + acctest.RandString(10) - updatedUserAttribute := "attr-update-" + acctest.RandString(10) + userAttribute := acctest.RandomWithPrefix("tf-acc") + updatedUserAttribute := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" resource.Test(t, resource.TestCase{ @@ -89,8 +89,8 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_createAfterManualDestroy(t *t t.Parallel() var mapper = &keycloak.SamlUserPropertyProtocolMapper{} - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" @@ -119,9 +119,9 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_createAfterManualDestroy(t *t func TestAccKeycloakSamlUserPropertyProtocolMapper_validateClaimValueType(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(10) - invalidSamlNameFormat := acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") + invalidSamlNameFormat := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -138,11 +138,11 @@ func TestAccKeycloakSamlUserPropertyProtocolMapper_validateClaimValueType(t *tes func TestAccKeycloakSamlUserPropertyProtocolMapper_updateClientIdForceNew(t *testing.T) { t.Parallel() - clientId := "terraform-client-" + acctest.RandString(10) - updatedClientId := "terraform-client-update-" + acctest.RandString(10) - mapperName := "terraform-saml-user-property-mapper-" + acctest.RandString(5) + clientId := acctest.RandomWithPrefix("tf-acc") + updatedClientId := acctest.RandomWithPrefix("tf-acc") + mapperName := acctest.RandomWithPrefix("tf-acc") - userAttribute := "attr-" + acctest.RandString(10) + userAttribute := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper" resource.Test(t, resource.TestCase{ diff --git a/provider/resource_keycloak_user_roles_test.go b/provider/resource_keycloak_user_roles_test.go index a6408fd0..7cc40e3e 100644 --- a/provider/resource_keycloak_user_roles_test.go +++ b/provider/resource_keycloak_user_roles_test.go @@ -13,12 +13,12 @@ import ( func TestAccKeycloakUserRoles_basic(t *testing.T) { t.Parallel() - realmRoleName := "terraform-role-" + acctest.RandString(10) - openIdClientName := "terraform-openid-client-" + acctest.RandString(10) - openIdRoleName := "terraform-role-" + acctest.RandString(10) - samlClientName := "terraform-saml-client-" + acctest.RandString(10) - samlRoleName := "terraform-role-" + acctest.RandString(10) - userName := "terraform-user-" + acctest.RandString(10) + realmRoleName := acctest.RandomWithPrefix("tf-acc") + openIdClientName := acctest.RandomWithPrefix("tf-acc") + openIdRoleName := acctest.RandomWithPrefix("tf-acc") + samlClientName := acctest.RandomWithPrefix("tf-acc") + samlRoleName := acctest.RandomWithPrefix("tf-acc") + userName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -45,15 +45,15 @@ func TestAccKeycloakUserRoles_basic(t *testing.T) { func TestAccKeycloakUserRoles_update(t *testing.T) { t.Parallel() - realmRoleOneName := "terraform-role-" + acctest.RandString(10) - realmRoleTwoName := "terraform-role-" + acctest.RandString(10) - openIdClientName := "terraform-openid-client-" + acctest.RandString(10) - openIdRoleOneName := "terraform-role-" + acctest.RandString(10) - openIdRoleTwoName := "terraform-role-" + acctest.RandString(10) - samlClientName := "terraform-saml-client-" + acctest.RandString(10) - samlRoleOneName := "terraform-role-" + acctest.RandString(10) - samlRoleTwoName := "terraform-role-" + acctest.RandString(10) - userName := "terraform-user-" + acctest.RandString(10) + realmRoleOneName := acctest.RandomWithPrefix("tf-acc") + realmRoleTwoName := acctest.RandomWithPrefix("tf-acc") + openIdClientName := acctest.RandomWithPrefix("tf-acc") + openIdRoleOneName := acctest.RandomWithPrefix("tf-acc") + openIdRoleTwoName := acctest.RandomWithPrefix("tf-acc") + samlClientName := acctest.RandomWithPrefix("tf-acc") + samlRoleOneName := acctest.RandomWithPrefix("tf-acc") + samlRoleTwoName := acctest.RandomWithPrefix("tf-acc") + userName := acctest.RandomWithPrefix("tf-acc") allRoleIds := []string{ "${keycloak_role.realm_role_one.id}", diff --git a/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go b/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go index c5b695f5..a8dc1d83 100644 --- a/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go +++ b/provider/resource_keycloak_user_template_importer_identity_provider_mapper_test.go @@ -12,9 +12,9 @@ import ( func TestAccKeycloakUserTemplateIdentityProviderMapper_basic(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - template := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + template := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -31,10 +31,10 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_basic(t *testing.T) { func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig(t *testing.T) { t.Parallel() - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - template := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + template := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -53,9 +53,9 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_createAfterManualDestroy( t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - template := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + template := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -84,10 +84,10 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig_createAft t.Parallel() var mapper = &keycloak.IdentityProviderMapper{} - mapperName := "terraform-" + acctest.RandString(10) - alias := "terraform-" + acctest.RandString(10) - template := "terraform-" + acctest.RandString(10) - syncMode := "terraform-" + acctest.RandString(10) + mapperName := acctest.RandomWithPrefix("tf-acc") + alias := acctest.RandomWithPrefix("tf-acc") + template := acctest.RandomWithPrefix("tf-acc") + syncMode := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -114,7 +114,7 @@ func TestAccKeycloakUserTemplateIdentityProviderMapper_withExtraConfig_createAft func TestAccKeycloakUserTemplateIdentityProviderMapper_basicUpdateAll(t *testing.T) { t.Parallel() - identityProviderAliasName := "terraform-" + acctest.RandString(10) + identityProviderAliasName := acctest.RandomWithPrefix("tf-acc") firstMapper := &keycloak.IdentityProviderMapper{ Realm: testAccRealm.Realm, diff --git a/provider/resource_keycloak_user_test.go b/provider/resource_keycloak_user_test.go index 1f9fd7c2..7c26e3c8 100644 --- a/provider/resource_keycloak_user_test.go +++ b/provider/resource_keycloak_user_test.go @@ -17,9 +17,9 @@ import ( func TestAccKeycloakUser_basic(t *testing.T) { t.Parallel() - username := "terraform-user-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + username := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_user.user" @@ -44,9 +44,9 @@ func TestAccKeycloakUser_basic(t *testing.T) { func TestAccKeycloakUser_withInitialPassword(t *testing.T) { t.Parallel() - username := "terraform-user-" + acctest.RandString(10) - password := "terraform-password-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) + username := acctest.RandomWithPrefix("tf-acc") + password := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_user.user" @@ -70,9 +70,9 @@ func TestAccKeycloakUser_createAfterManualDestroy(t *testing.T) { t.Parallel() var user = &keycloak.User{} - username := "terraform-user-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + username := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_user.user" resource.Test(t, resource.TestCase{ @@ -103,10 +103,10 @@ func TestAccKeycloakUser_createAfterManualDestroy(t *testing.T) { func TestAccKeycloakUser_updateUsername(t *testing.T) { t.Parallel() - usernameOne := "terraform-user-" + acctest.RandString(10) - usernameTwo := "terraform-user-" + acctest.RandString(10) - attributeName := "terraform-attribute-" + acctest.RandString(10) - attributeValue := acctest.RandString(250) + usernameOne := acctest.RandomWithPrefix("tf-acc") + usernameTwo := acctest.RandomWithPrefix("tf-acc") + attributeName := acctest.RandomWithPrefix("tf-acc") + attributeValue := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_user.user" @@ -135,10 +135,10 @@ func TestAccKeycloakUser_updateUsername(t *testing.T) { func TestAccKeycloakUser_updateWithInitialPasswordChangeDoesNotReset(t *testing.T) { t.Parallel() - username := "terraform-user-" + acctest.RandString(10) - passwordOne := "terraform-password1-" + acctest.RandString(10) - passwordTwo := "terraform-password2-" + acctest.RandString(10) - clientId := "terraform-client-" + acctest.RandString(10) + username := acctest.RandomWithPrefix("tf-acc") + passwordOne := acctest.RandomWithPrefix("tf-acc") + passwordTwo := acctest.RandomWithPrefix("tf-acc") + clientId := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, @@ -204,7 +204,7 @@ func TestAccKeycloakUser_updateInPlace(t *testing.T) { func TestAccKeycloakUser_unsetOptionalAttributes(t *testing.T) { t.Parallel() - attributeName := "terraform-attribute-" + acctest.RandString(10) + attributeName := acctest.RandomWithPrefix("tf-acc") userWithOptionalAttributes := &keycloak.User{ RealmId: "terraform-" + acctest.RandString(10), Username: "terraform-user-" + acctest.RandString(10), @@ -264,9 +264,9 @@ func TestAccKeycloakUser_validateLowercaseUsernames(t *testing.T) { } func TestAccKeycloakUser_federatedLink(t *testing.T) { - sourceUserName := "terraform-source-user-" + acctest.RandString(10) - sourceUserName2 := "terraform-source-user2-" + acctest.RandString(10) - destinationRealmName := "terraform-dest-" + acctest.RandString(10) + sourceUserName := acctest.RandomWithPrefix("tf-acc") + sourceUserName2 := acctest.RandomWithPrefix("tf-acc") + destinationRealmName := acctest.RandomWithPrefix("tf-acc") resourceName := "keycloak_user.destination_user" diff --git a/provider/resource_keycloak_users_permissions_test.go b/provider/resource_keycloak_users_permissions_test.go index aae59e40..1385313d 100644 --- a/provider/resource_keycloak_users_permissions_test.go +++ b/provider/resource_keycloak_users_permissions_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccKeycloakUsersPermission_basic(t *testing.T) { - realmName := "terraform-" + acctest.RandString(10) + realmName := acctest.RandomWithPrefix("tf-acc") resource.Test(t, resource.TestCase{ ProviderFactories: testAccProviderFactories, From 35286354bfdae03bf223d8852240bb81ec0a5e28 Mon Sep 17 00:00:00 2001 From: Adrien Date: Sun, 10 Jan 2021 21:41:08 +0100 Subject: [PATCH 13/15] feat: add flow_binding_overrides to SAML client resource (#448) --- docs/resources/saml_client.md | 3 + keycloak/saml_client.go | 7 ++ provider/resource_keycloak_saml_client.go | 35 ++++++ .../resource_keycloak_saml_client_test.go | 102 ++++++++++++++++++ 4 files changed, 147 insertions(+) diff --git a/docs/resources/saml_client.md b/docs/resources/saml_client.md index 1b35b862..7fa24ffc 100644 --- a/docs/resources/saml_client.md +++ b/docs/resources/saml_client.md @@ -62,6 +62,9 @@ resource "keycloak_saml_client" "saml_client" { - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token +- `authentication_flow_binding_overrides` - (Optional) Override realm authentication flow bindings + - `browser_id` - (Optional) Browser flow id, (flow needs to exist) + - `direct_grant_id` - (Optional) Direct grant flow id (flow needs to exist) ## Import diff --git a/keycloak/saml_client.go b/keycloak/saml_client.go index 2be7e9bd..a12f6553 100644 --- a/keycloak/saml_client.go +++ b/keycloak/saml_client.go @@ -26,6 +26,11 @@ type SamlClientAttributes struct { LogoutServiceRedirectBindingURL string `json:"saml_single_logout_service_url_redirect"` } +type SamlAuthenticationFlowBindingOverrides struct { + BrowserId string `json:"browser"` + DirectGrantId string `json:"direct_grant"` +} + type SamlClient struct { Id string `json:"id,omitempty"` ClientId string `json:"clientId"` @@ -47,6 +52,8 @@ type SamlClient struct { FullScopeAllowed bool `json:"fullScopeAllowed"` Attributes *SamlClientAttributes `json:"attributes"` + + AuthenticationFlowBindingOverrides SamlAuthenticationFlowBindingOverrides `json:"authenticationFlowBindingOverrides,omitempty"` } func (keycloakClient *KeycloakClient) NewSamlClient(client *SamlClient) error { diff --git a/provider/resource_keycloak_saml_client.go b/provider/resource_keycloak_saml_client.go index d7d8cfe6..a9ec1045 100644 --- a/provider/resource_keycloak_saml_client.go +++ b/provider/resource_keycloak_saml_client.go @@ -167,6 +167,23 @@ func resourceKeycloakSamlClient() *schema.Resource { Optional: true, Default: true, }, + "authentication_flow_binding_overrides": { + Type: schema.TypeSet, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "browser_id": { + Type: schema.TypeString, + Optional: true, + }, + "direct_grant_id": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, }, } } @@ -277,6 +294,15 @@ func mapToSamlClientFromData(data *schema.ResourceData) *keycloak.SamlClient { Attributes: samlAttributes, } + if v, ok := data.GetOk("authentication_flow_binding_overrides"); ok { + authenticationFlowBindingOverridesData := v.(*schema.Set).List()[0] + authenticationFlowBindingOverrides := authenticationFlowBindingOverridesData.(map[string]interface{}) + samlClient.AuthenticationFlowBindingOverrides = keycloak.SamlAuthenticationFlowBindingOverrides{ + BrowserId: authenticationFlowBindingOverrides["browser_id"].(string), + DirectGrantId: authenticationFlowBindingOverrides["direct_grant_id"].(string), + } + } + return samlClient } @@ -357,6 +383,15 @@ func mapToDataFromSamlClient(data *schema.ResourceData, client *keycloak.SamlCli data.Set("signing_private_key", *client.Attributes.SigningPrivateKey) } + if (keycloak.SamlAuthenticationFlowBindingOverrides{}) == client.AuthenticationFlowBindingOverrides { + data.Set("authentication_flow_binding_overrides", nil) + } else { + authenticationFlowBindingOverridesSettings := make(map[string]interface{}) + authenticationFlowBindingOverridesSettings["browser_id"] = client.AuthenticationFlowBindingOverrides.BrowserId + authenticationFlowBindingOverridesSettings["direct_grant_id"] = client.AuthenticationFlowBindingOverrides.DirectGrantId + data.Set("authentication_flow_binding_overrides", []interface{}{authenticationFlowBindingOverridesSettings}) + } + data.Set("client_id", client.ClientId) data.Set("realm_id", client.RealmId) data.Set("name", client.Name) diff --git a/provider/resource_keycloak_saml_client_test.go b/provider/resource_keycloak_saml_client_test.go index 7d6eaa7b..9dad1dcd 100644 --- a/provider/resource_keycloak_saml_client_test.go +++ b/provider/resource_keycloak_saml_client_test.go @@ -286,6 +286,28 @@ func TestAccKeycloakSamlClient_encryptionCertificate(t *testing.T) { }) } +func TestAccCheckKeycloakSamlClient_authenticationFlowBindingOverrides(t *testing.T) { + t.Parallel() + + clientId := acctest.RandomWithPrefix("tf-acc") + + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + PreCheck: func() { testAccPreCheck(t) }, + CheckDestroy: testAccCheckKeycloakSamlClientDestroy(), + Steps: []resource.TestStep{ + { + Config: testKeycloakSamlClient_authenticationFlowBindingOverrides(clientId), + Check: testAccCheckKeycloakSamlClientAuthenticationFlowBindingOverrides("keycloak_saml_client.client", "keycloak_authentication_flow.another_flow"), + }, + { + Config: testKeycloakSamlClient_withoutFlowBindingOverrides(clientId), + Check: testAccCheckKeycloakSamlClientAuthenticationFlowBindingOverrides("keycloak_saml_client.client", ""), + }, + }, + }) +} + func testAccCheckKeycloakSamlClientExistsWithCorrectProtocol(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client, err := getSamlClientFromState(s, resourceName) @@ -471,6 +493,41 @@ func testAccCheckKeycloakSamlClientHasDefaultBooleanAttributes(resourceName stri } } +func testAccCheckKeycloakSamlClientAuthenticationFlowBindingOverrides(resourceName, flowResourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client, err := getSamlClientFromState(s, resourceName) + if err != nil { + return err + } + + if flowResourceName == "" { + if client.AuthenticationFlowBindingOverrides.BrowserId != "" { + return fmt.Errorf("expected openid client to have browserId set to empty, but got %s", client.AuthenticationFlowBindingOverrides.BrowserId) + } + + if client.AuthenticationFlowBindingOverrides.DirectGrantId != "" { + return fmt.Errorf("expected openid client to have directGrantId set to empty, but got %s", client.AuthenticationFlowBindingOverrides.DirectGrantId) + } + + } else { + flow, err := getAuthenticationFlowFromState(s, flowResourceName) + if err != nil { + return err + } + + if client.AuthenticationFlowBindingOverrides.BrowserId != flow.Id { + return fmt.Errorf("expected openid client to have browserId set to %s, but got %s", flow.Id, client.AuthenticationFlowBindingOverrides.BrowserId) + } + + if client.AuthenticationFlowBindingOverrides.DirectGrantId != flow.Id { + return fmt.Errorf("expected openid client to have directGrantId set to %s, but got %s", flow.Id, client.AuthenticationFlowBindingOverrides.DirectGrantId) + } + } + + return nil + } +} + func parseBoolAndTreatEmptyStringAsFalse(b string) (bool, error) { if b == "" { return false, nil @@ -682,3 +739,48 @@ resource "keycloak_saml_client" "saml_client" { } `, testAccRealm.Realm, clientId) } + +func testKeycloakSamlClient_authenticationFlowBindingOverrides(clientId string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_authentication_flow" "another_flow" { + alias = "anotherFlow" + realm_id = data.keycloak_realm.realm.id + description = "this is another flow" +} + +resource "keycloak_saml_client" "client" { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + name = "test-saml-client" + + authentication_flow_binding_overrides { + browser_id = keycloak_authentication_flow.another_flow.id + direct_grant_id = keycloak_authentication_flow.another_flow.id + } +} + `, testAccRealm.Realm, clientId) +} + +func testKeycloakSamlClient_withoutFlowBindingOverrides(clientId string) string { + return fmt.Sprintf(` +data "keycloak_realm" "realm" { + realm = "%s" +} + +resource "keycloak_authentication_flow" "another_flow" { + alias = "anotherFlow" + realm_id = data.keycloak_realm.realm.id + description = "this is another flow" +} + +resource "keycloak_saml_client" "client" { + client_id = "%s" + realm_id = data.keycloak_realm.realm.id + name = "test-saml-client" +} + `, testAccRealm.Realm, clientId) +} From b8a0be79ce3c8ce2d215998bed431bbadaf91399 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sun, 10 Jan 2021 17:05:47 -0600 Subject: [PATCH 14/15] add missing docs for openid_script_protocol_mapper --- .../openid_script_protocol_mapper.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 docs/resources/openid_script_protocol_mapper.md diff --git a/docs/resources/openid_script_protocol_mapper.md b/docs/resources/openid_script_protocol_mapper.md new file mode 100644 index 00000000..ae28a2a6 --- /dev/null +++ b/docs/resources/openid_script_protocol_mapper.md @@ -0,0 +1,93 @@ +--- +page_title: "keycloak_openid_script_protocol_mapper Resource" +--- + +# keycloak\_openid\_script\_protocol\_mapper Resource + +Allows for creating and managing script protocol mappers within Keycloak. + +Script protocol mappers evaluate a JavaScript function to produce a token claim based on context information. + +Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between +multiple different clients. + +## Example Usage (Client) + +```hcl +resource "keycloak_realm" "realm" { + realm = "my-realm" + enabled = true +} + +resource "keycloak_openid_client" "openid_client" { + realm_id = keycloak_realm.realm.id + client_id = "client" + + name = "client" + enabled = true + + access_type = "CONFIDENTIAL" + valid_redirect_uris = [ + "http://localhost:8080/openid-callback" + ] +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper" { + realm_id = keycloak_realm.realm.id + client_id = keycloak_openid_client.openid_client.id + name = "script-mapper" + + claim_name = "foo" + script = "exports = 'foo';" +} +``` + +## Example Usage (Client Scope) + +```hcl +resource "keycloak_realm" "realm" { + realm = "my-realm" + enabled = true +} + +resource "keycloak_openid_client_scope" "client_scope" { + realm_id = keycloak_realm.realm.id + name = "client-scope" +} + +resource "keycloak_openid_script_protocol_mapper" "script_mapper" { + realm_id = keycloak_realm.realm.id + client_scope_id = keycloak_openid_client_scope.client_scope.id + name = "script-mapper" + + claim_name = "foo" + script = "exports = 'foo';" +} +``` + +## Argument Reference + +- `realm_id` - (Required) The realm this protocol mapper exists within. +- `name` - (Required) The display name of this protocol mapper in the GUI. +- `claim_name` - (Required) The name of the claim to insert into a token. +- `script` - (Required) JavaScript code to compute the claim value. +- `client_id` - (Optional) The client this protocol mapper should be attached to. Conflicts with `client_scope_id`. One of `client_id` or `client_scope_id` must be specified. +- `client_scope_id` - (Optional) The client scope this protocol mapper should be attached to. Conflicts with `client_id`. One of `client_id` or `client_scope_id` must be specified. +- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`. +- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`. +- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`. +- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`. +- `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `false`. + +## Import + +Protocol mappers can be imported using one of the following formats: +- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` +- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` + +Example: + +```bash +$ terraform import keycloak_openid_script_protocol_mapper.script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 +$ terraform import keycloak_openid_script_protocol_mapper.script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 +``` From e02a71bb8c600b8547c4b5b151295f4bfc89f08d Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sun, 10 Jan 2021 17:06:14 -0600 Subject: [PATCH 15/15] update CHANGELOG.md --- CHANGELOG.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cb3ceaa..ddda86de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +## v2.1.0 (January 10, 2021) + +FEATURES: + +- new resource: `keycloak_openid_client_permissions` ([#364](https://github.com/mrparkers/terraform-provider-keycloak/pull/364)) +- new resource: `keycloak_users_permissions` ([#400](https://github.com/mrparkers/terraform-provider-keycloak/pull/400)) +- new resource: `keycloak_openid_client_script_protocol_mapper` ([#453](https://github.com/mrparkers/terraform-provider-keycloak/pull/453)) + +IMPROVEMENTS: + +- add `authorization.decision_strategy` attribute to `keycloak_openid_client` resource ([#392](https://github.com/mrparkers/terraform-provider-keycloak/pull/392)) +- support `IMPORT` mode for `keycloak_ldap_group_mapper` resource ([#397](https://github.com/mrparkers/terraform-provider-keycloak/pull/397)) +- add client session length attributes to `keycloak_openid_client` resource ([#415](https://github.com/mrparkers/terraform-provider-keycloak/pull/415)) +- update to go 1.5 ([#445](https://github.com/mrparkers/terraform-provider-keycloak/pull/360)) +- add `groups_path` attribute to `keycloak_ldap_group_mapper` resource ([#436](https://github.com/mrparkers/terraform-provider-keycloak/pull/436)) +- add `authentication_flow_binding_overrides` attribute to `keycloak_saml_client` resource ([#448](https://github.com/mrparkers/terraform-provider-keycloak/pull/448)) + +BUG FIXES: + +- fix inconsistent plan when enabling service account in `keycloak_openid_client` resource ([#437](https://github.com/mrparkers/terraform-provider-keycloak/pull/437)) +- fix import for `keycloak_openid_client_service_account_realm_role` resource ([#441](https://github.com/mrparkers/terraform-provider-keycloak/pull/441)) +- remove unneeded validation checks for registration attributes for `keycloak_realm` resource ([#438](https://github.com/mrparkers/terraform-provider-keycloak/pull/438)) +- allow commas in `config` attribute for `keycloak_custom_user_federation` resource ([#455](https://github.com/mrparkers/terraform-provider-keycloak/pull/455)) + ## v2.0.0 (September 20, 2020) BREAKING CHANGES: