composite roles test

keycloak · Aug 31, 2019 · c9986c3 · c9986c3
1 parent 187a95d
commit c9986c3
Showing 1 changed file with 181 additions and 0 deletions.
diff --git a/provider/resource_keycloak_role_test.go b/provider/resource_keycloak_role_test.go
@@ -145,6 +145,79 @@ func TestAccKeycloakRole_createAfterManualDestroy(t *testing.T) {
 	})
 }
 
+func TestAccKeycloakRole_composites(t *testing.T) {
+	realmName := "terraform-" + acctest.RandString(10)
+	clientOne := "terraform-client-" + acctest.RandString(10)
+	clientTwo := "terraform-client-" + acctest.RandString(10)
+	roleOne := "terraform-role-one-" + acctest.RandString(10)
+	roleTwo := "terraform-role-two-" + acctest.RandString(10)
+	roleThree := "terraform-role-three-" + acctest.RandString(10)
+	roleFour := "terraform-role-four-" + acctest.RandString(10)
+	roleWithComposites := "terraform-role-with-composites-" + acctest.RandString(10)
+	roleWithCompositesResourceName := "keycloak_role.role_with_composites"
+
+	resource.Test(t, resource.TestCase{
+		Providers:    testAccProviders,
+		PreCheck:     func() { testAccPreCheck(t) },
+		CheckDestroy: testAccCheckKeycloakRoleDestroy(),
+		Steps: []resource.TestStep{
+			// initial setup - no composites attached
+			{
+				Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckKeycloakRoleExists("keycloak_role.role_1"),
+					testAccCheckKeycloakRoleExists("keycloak_role.role_2"),
+					testAccCheckKeycloakRoleExists("keycloak_role.role_3"),
+					testAccCheckKeycloakRoleExists("keycloak_role.role_with_composites"),
+					testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{}),
+				),
+			},
+			// add all composites
+			{
+				Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{
+					"${keycloak_role.role_1.id}",
+					"${keycloak_role.role_2.id}",
+					"${keycloak_role.role_3.id}",
+					"${keycloak_role.role_4.id}",
+				}),
+				Check: testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{
+					roleOne,
+					roleTwo,
+					roleThree,
+					roleFour,
+				}),
+			},
+			// remove two composites
+			{
+				Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{
+					"${keycloak_role.role_1.id}",
+					"${keycloak_role.role_2.id}",
+				}),
+				Check: testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{
+					roleOne,
+					roleTwo,
+				}),
+			},
+			// add them back and remove the others
+			{
+				Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{
+					"${keycloak_role.role_3.id}",
+					"${keycloak_role.role_4.id}",
+				}),
+				Check: testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{
+					roleThree,
+					roleFour,
+				}),
+			},
+			// remove them all
+			{
+				Config: testKeycloakRole_composites(realmName, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, []string{}),
+				Check:  testAccCheckKeycloakRoleHasComposites(roleWithCompositesResourceName, []string{}),
+			},
+		},
+	})
+}
+
 func testAccCheckKeycloakRoleExists(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		_, err := getRoleFromState(s, resourceName)
@@ -193,6 +266,60 @@ func testAccCheckKeycloakRoleFetch(resourceName string, role *keycloak.Role) res
 	}
 }
 
+func testAccCheckKeycloakRoleHasComposites(resourceName string, compositeRoleNames []string) resource.TestCheckFunc {
+	return func(state *terraform.State) error {
+		keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient)
+
+		role, err := getRoleFromState(state, resourceName)
+		if err != nil {
+			return err
+		}
+
+		if len(compositeRoleNames) != 0 && !role.Composite {
+			return fmt.Errorf("expected role %s to have composites, but has none", role.Name)
+		}
+
+		if len(compositeRoleNames) == 0 && role.Composite {
+			return fmt.Errorf("expected role %s to have no composites, but has some", role.Name)
+		}
+
+		composites, err := keycloakClient.GetRoleComposites(role)
+		if err != nil {
+			return err
+		}
+
+		for _, compositeRoleName := range compositeRoleNames {
+			var found bool
+
+			for _, composite := range composites {
+				if composite.Name == compositeRoleName {
+					found = true
+				}
+			}
+
+			if !found {
+				return fmt.Errorf("expected role %s to have composite %s", role.Name, compositeRoleName)
+			}
+		}
+
+		for _, composite := range composites {
+			var found bool
+
+			for _, compositeRoleName := range compositeRoleNames {
+				if composite.Name == compositeRoleName {
+					found = true
+				}
+			}
+
+			if !found {
+				return fmt.Errorf("role %s had unexpected composite %s", role.Name, composite.Name)
+			}
+		}
+
+		return nil
+	}
+}
+
 func getRoleFromState(s *terraform.State, resourceName string) (*keycloak.Role, error) {
 	keycloakClient := testAccProvider.Meta().(*keycloak.KeycloakClient)
 
@@ -279,3 +406,57 @@ resource "keycloak_role" "role" {
 }
 	`, realm, clientId, role, description)
 }
+
+func testKeycloakRole_composites(realm, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites string, composites []string) string {
+	var tfComposites string
+	if len(composites) != 0 {
+		tfComposites = fmt.Sprintf("composite_roles = %s", arrayOfStringsForTerraformResource(composites))
+	}
+
+	return fmt.Sprintf(`
+resource "keycloak_realm" "realm" {
+	realm = "%s"
+}
+
+resource "keycloak_openid_client" "client_one" {
+	client_id   = "%s"
+	realm_id    = "${keycloak_realm.realm.id}"
+	access_type = "CONFIDENTIAL"
+}
+
+resource "keycloak_openid_client" "client_two" {
+	client_id   = "%s"
+	realm_id    = "${keycloak_realm.realm.id}"
+	access_type = "CONFIDENTIAL"
+}
+
+resource "keycloak_role" "role_1" {
+	name     = "%s"
+	realm_id = "${keycloak_realm.realm.id}"
+}
+
+resource "keycloak_role" "role_2" {
+	name      = "%s"
+	realm_id  = "${keycloak_realm.realm.id}"
+	client_id = "${keycloak_openid_client.client_one.id}"
+}
+
+resource "keycloak_role" "role_3" {
+	name     = "%s"
+	realm_id = "${keycloak_realm.realm.id}"
+}
+
+resource "keycloak_role" "role_4" {
+	name      = "%s"
+	realm_id  = "${keycloak_realm.realm.id}"
+	client_id = "${keycloak_openid_client.client_two.id}"
+}
+
+resource "keycloak_role" "role_with_composites" {
+	name     = "%s"
+	realm_id = "${keycloak_realm.realm.id}"
+
+	%s
+}
+	`, realm, clientOne, clientTwo, roleOne, roleTwo, roleThree, roleFour, roleWithComposites, tfComposites)
+}