From e1f614b026f13a68fef0c2c341554bd732f97551 Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Fri, 13 Nov 2020 14:20:54 +0000 Subject: [PATCH] Enable removal of Application owners --- .../services/aadgraph/application_resource.go | 7 +- .../aadgraph/application_resource_test.go | 84 +++++++++++++++++++ 2 files changed, 87 insertions(+), 4 deletions(-) diff --git a/internal/services/aadgraph/application_resource.go b/internal/services/aadgraph/application_resource.go index 529133c75c..70641b6a73 100644 --- a/internal/services/aadgraph/application_resource.go +++ b/internal/services/aadgraph/application_resource.go @@ -212,7 +212,6 @@ func applicationResource() *schema.Resource { Type: schema.TypeSet, Optional: true, Computed: true, - MinItems: 1, Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validate.NoEmptyStrings, @@ -404,9 +403,9 @@ func applicationResourceCreate(d *schema.ResourceData, meta interface{}) error { } // there is a default owner that we must account so use this shared function - if v, ok := d.GetOk("owners"); ok { - members := *tf.ExpandStringSlicePtr(v.(*schema.Set).List()) - if err := applicationSetOwnersTo(ctx, client, *app.ObjectID, members); err != nil { + if v, ok := d.GetOkExists("owners"); ok { + desiredOwners := *tf.ExpandStringSlicePtr(v.(*schema.Set).List()) + if err := applicationSetOwnersTo(ctx, client, *app.ObjectID, desiredOwners); err != nil { return err } } diff --git a/internal/services/aadgraph/application_resource_test.go b/internal/services/aadgraph/application_resource_test.go index fbc19dc3bd..80f0ba106c 100644 --- a/internal/services/aadgraph/application_resource_test.go +++ b/internal/services/aadgraph/application_resource_test.go @@ -522,6 +522,51 @@ func TestAccApplication_duplicateAppRolesOauth2PermissionsValues(t *testing.T) { }) } +func TestAccApplication_ownersUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azuread_application", "test") + pw := "utils@$$wR2" + acctest.RandStringFromCharSet(7, acctest.CharSetAlphaNum) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckApplicationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccApplication_removeOwners(data.RandomInteger, pw), + Check: resource.ComposeTestCheckFunc( + testCheckApplicationExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "owners.#", "0"), + ), + }, + data.ImportStep(), + { + Config: testAccApplication_singleOwner(data.RandomInteger, pw), + Check: resource.ComposeTestCheckFunc( + testCheckApplicationExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "owners.#", "1"), + ), + }, + data.ImportStep(), + { + Config: testAccApplication_threeOwners(data.RandomInteger, pw), + Check: resource.ComposeTestCheckFunc( + testCheckApplicationExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "owners.#", "3"), + ), + }, + data.ImportStep(), + { + Config: testAccApplication_removeOwners(data.RandomInteger, pw), + Check: resource.ComposeTestCheckFunc( + testCheckApplicationExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "owners.#", "0"), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckApplicationExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] @@ -887,3 +932,42 @@ resource "azuread_application" "test" { } `, ri) } + +func testAccApplication_singleOwner(ri int, pw string) string { + return fmt.Sprintf(` +%[1]s + +resource "azuread_application" "test" { + name = "acctest-APP-%[2]d" + owners = [ + azuread_user.testA.object_id, + ] +} +`, testAccUser_threeUsersABC(ri, pw), ri) +} + +func testAccApplication_threeOwners(ri int, pw string) string { + return fmt.Sprintf(` +%[1]s + +resource "azuread_application" "test" { + name = "acctest-APP-%[2]d" + owners = [ + azuread_user.testA.object_id, + azuread_user.testB.object_id, + azuread_user.testC.object_id, + ] +} +`, testAccUser_threeUsersABC(ri, pw), ri) +} + +func testAccApplication_removeOwners(ri int, pw string) string { + return fmt.Sprintf(` +%[1]s + +resource "azuread_application" "test" { + name = "acctest-APP-%[2]d" + owners = [] +} +`, testAccUser_threeUsersABC(ri, pw), ri) +}