Add state migrator for external_member_group_ids in Identity Group (#…

…2043)
hashicorp · Oct 9, 2023 · 9283df7 · 9283df7
1 parent 82ec575
commit 9283df7
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ FEATURES:
 BUGS:
 * Fix duplicate timestamp and incorrect level messages: ([#2031](https://github.com/hashicorp/terraform-provider-vault/pull/2031))
 * Fix panic when setting `key_usage` to an array of empty string and enable it to unset the key usage constraints: ([#2036](https://github.com/hashicorp/terraform-provider-vault/pull/2036))
+* Add state migrator for `external_member_group_ids`  in Identity Group ([#2043](https://github.com/hashicorp/terraform-provider-vault/pull/2043))
 
 IMPROVEMENTS:
 * Ensure sensitive values are masked in `vault_approle_auth_backend_login` plan output ([#2008](https://github.com/hashicorp/terraform-provider-vault/pull/2008))

diff --git a/vault/resource_identity_group.go b/vault/resource_identity_group.go
@@ -4,6 +4,7 @@
 package vault
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"log"
@@ -17,6 +18,10 @@ import (
 	"github.com/hashicorp/terraform-provider-vault/util"
 )
 
+const (
+	fieldExternalMemberGroupIDs = "external_member_group_ids"
+)
+
 func identityGroupResource() *schema.Resource {
 	return &schema.Resource{
 		Create: identityGroupCreate,
@@ -27,6 +32,15 @@ func identityGroupResource() *schema.Resource {
 			State: schema.ImportStatePassthrough,
 		},
 
+		SchemaVersion: 1,
+		StateUpgraders: []schema.StateUpgrader{
+			{
+				Version: 0,
+				Type:    identityGroupExternalGroupIDsResourceV0().CoreConfigSchema().ImpliedType(),
+				Upgrade: identityGroupExternalGroupIDsUpgradeV0,
+			},
+		},
+
 		Schema: map[string]*schema.Schema{
 			"name": {
 				Type:        schema.TypeString,
@@ -76,7 +90,7 @@ func identityGroupResource() *schema.Resource {
 				// Suppress the diff if group type is "external" because we cannot manage
 				// group members
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-					if d.Get("type").(string) == "external" || d.Get("external_member_group_ids").(bool) == true {
+					if d.Get("type").(string) == "external" || d.Get(fieldExternalMemberGroupIDs).(bool) == true {
 						return true
 					}
 					return false
@@ -106,7 +120,7 @@ func identityGroupResource() *schema.Resource {
 				Description: "Manage member entities externally through `vault_identity_group_member_entity_ids`",
 			},
 
-			"external_member_group_ids": {
+			fieldExternalMemberGroupIDs: {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
@@ -132,7 +146,8 @@ func identityGroupUpdateFields(d *schema.ResourceData, data map[string]interface
 				data["member_entity_ids"] = d.Get("member_entity_ids").(*schema.Set).List()
 			}
 
-			if externalMemberGroupIds, ok := d.GetOk("external_member_group_ids"); !(ok && externalMemberGroupIds.(bool)) {
+			externalMemberGroupIds := d.Get(fieldExternalMemberGroupIDs)
+			if !externalMemberGroupIds.(bool) {
 				data["member_group_ids"] = d.Get("member_group_ids").(*schema.Set).List()
 			}
 		}
@@ -151,7 +166,7 @@ func identityGroupUpdateFields(d *schema.ResourceData, data map[string]interface
 					data["member_entity_ids"] = d.Get("member_entity_ids").(*schema.Set).List()
 				}
 
-				if !d.Get("external_member_group_ids").(bool) {
+				if !d.Get(fieldExternalMemberGroupIDs).(bool) {
 					data["member_group_ids"] = d.Get("member_group_ids").(*schema.Set).List()
 				}
 			}
@@ -324,3 +339,26 @@ func readIdentityGroupMemberEntityIds(client *api.Client, groupID string, retry
 	}
 	return make([]interface{}, 0), nil
 }
+
+func identityGroupExternalGroupIDsResourceV0() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			fieldExternalMemberGroupIDs: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Manage member groups externally through `vault_identity_group_member_group_ids`",
+			},
+		},
+	}
+}
+
+func identityGroupExternalGroupIDsUpgradeV0(
+	_ context.Context, rawState map[string]interface{}, _ interface{},
+) (map[string]interface{}, error) {
+	if rawState[fieldExternalMemberGroupIDs] == nil {
+		rawState[fieldExternalMemberGroupIDs] = false
+	}
+
+	return rawState, nil
+}
diff --git a/vault/resource_identity_group_test.go b/vault/resource_identity_group_test.go
@@ -5,6 +5,7 @@ package vault
 
 import (
 	"fmt"
+	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@@ -154,6 +155,40 @@ resource "vault_identity_group" "test_upper" {
 	})
 }
 
+func TestIdentityGroupExternalGroupIDsUpgradeV0(t *testing.T) {
+	tests := []struct {
+		name     string
+		rawState map[string]interface{}
+		want     map[string]interface{}
+		wantErr  bool
+	}{
+		{
+			name: "basic",
+			rawState: map[string]interface{}{
+				fieldExternalMemberGroupIDs: nil,
+			},
+			want: map[string]interface{}{
+				fieldExternalMemberGroupIDs: false,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := identityGroupExternalGroupIDsUpgradeV0(nil, tt.rawState, nil)
+
+			if tt.wantErr {
+				if err == nil {
+					t.Fatalf("identityGroupExternalGroupIDsUpgradeV0() error = %#v, wantErr %#v", err, tt.wantErr)
+				}
+			}
+
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("identityGroupExternalGroupIDsUpgradeV0() got = %#v, want %#v", got, tt.want)
+			}
+		})
+	}
+}
+
 func testAccCheckIdentityGroupDestroy(s *terraform.State) error {
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "vault_identity_group" {