Merge pull request #129 from jfrog/GH-126-add-validation-for-project-…

…group-roles

Add validation for project group and project user roles attribute

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.6.1 (May 31, 2024)
+
+BUG FIXES:
+
+* Add validation to `roles` attribute for `project_group` and `project_user` resources to ensure at least one role is defined. Issue: [#126](https://github.com/jfrog/terraform-provider-project/issues/126) PR: [#129](https://github.com/jfrog/terraform-provider-project/pull/129)
+
 ## 1.6.0 (May 22, 2024)
 
 FEATURES:

GNUmakefile

@@ -86,6 +86,6 @@ fmt:
 
 doc:
 	rm -rfv docs/*
-	go generate
+	./bin/tfplugindocs generate
 
 .PHONY: build fmt

pkg/project/resource/resource_project_group.go

@@ -46,7 +46,8 @@ func ProjectGroupResource() *schema.Resource {
 			Type:        schema.TypeSet,
 			Required:    true,
 			Elem:        &schema.Schema{Type: schema.TypeString},
-			Description: "List of pre-defined Project or custom roles",
+			MinItems:    1,
+			Description: "List of pre-defined Project or custom roles. Must have at least 1 role, e.g. 'Viewer'",
 		},
 	}
 

pkg/project/resource/resource_project_group_test.go

@@ -2,6 +2,7 @@ package project_test
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 	"testing"
 
@@ -107,6 +108,71 @@ func TestAccProjectGroup(t *testing.T) {
 	})
 }
 
+func TestAccProjectGroup_invalid_roles(t *testing.T) {
+	projectName := fmt.Sprintf("tftestprojects%s", acctest.RandSeq(10))
+	projectKey := strings.ToLower(acctest.RandSeq(10))
+
+	group := fmt.Sprintf("group%s", strings.ToLower(acctest.RandSeq(5)))
+
+	resourceName := "project_group." + group
+
+	params := map[string]interface{}{
+		"project_name": projectName,
+		"project_key":  projectKey,
+		"group":        group,
+	}
+
+	template := `
+		resource "artifactory_group" "{{ .group }}" {
+			name = "{{ .group }}"
+		}
+
+		resource "project" "{{ .project_name }}" {
+			key = "{{ .project_key }}"
+			display_name = "{{ .project_name }}"
+			description = "test description"
+			admin_privileges {
+				manage_members = true
+				manage_resources = true
+				index_resources = true
+			}
+			max_storage_in_gibibytes = 1
+			block_deployments_on_limit = true
+			email_notification = false
+
+			use_project_group_resource = true
+		}
+
+		resource "project_group" "{{ .group }}" {
+			project_key = project.{{ .project_name }}.key
+			name = artifactory_group.{{ .group }}.name
+			roles = []
+		}
+	`
+
+	config := util.ExecuteTemplate("TestAccProjectGroup", template, params)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { acctest.PreCheck(t) },
+		CheckDestroy: acctest.VerifyDeleted(resourceName, func(id string, request *resty.Request) (*resty.Response, error) {
+			return verifyProjectGroup(group, projectKey, request)
+		}),
+		ProtoV6ProviderFactories: acctest.ProtoV6MuxProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"artifactory": {
+				Source:            "jfrog/artifactory",
+				VersionConstraint: "10.1.4",
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config:      config,
+				ExpectError: regexp.MustCompile(`.*Attribute roles requires 1 item minimum, but config has only 0 declared.*`),
+			},
+		},
+	})
+}
+
 func verifyProjectGroup(name string, projectKey string, request *resty.Request) (*resty.Response, error) {
 	return request.
 		SetPathParams(map[string]string{

pkg/project/resource/resource_project_user.go

@@ -47,7 +47,8 @@ func ProjectUserResource() *schema.Resource {
 			Type:        schema.TypeSet,
 			Required:    true,
 			Elem:        &schema.Schema{Type: schema.TypeString},
-			Description: "List of pre-defined Project or custom roles",
+			MinItems:    1,
+			Description: "List of pre-defined Project or custom roles. Must have at least 1 role, e.g. 'Viewer'",
 		},
 		"ignore_missing_user": {
 			Type:        schema.TypeBool,

pkg/project/resource/resource_project_user_test.go

@@ -116,6 +116,70 @@ func TestAccProjectUser(t *testing.T) {
 	})
 }
 
+func TestAccProjectUser_invalid_roles(t *testing.T) {
+	projectName := fmt.Sprintf("tftestprojects%s", acctest.RandSeq(10))
+	projectKey := strings.ToLower(acctest.RandSeq(10))
+
+	username := fmt.Sprintf("not_existing%s", strings.ToLower(acctest.RandSeq(5)))
+	email := username + "@tempurl.org"
+
+	params := map[string]interface{}{
+		"project_name": projectName,
+		"project_key":  projectKey,
+		"username":     username,
+		"email":        email,
+	}
+
+	template := `
+		resource "artifactory_managed_user" "{{ .username }}" {
+			name     = "{{ .username }}"
+			email    = "{{ .email }}"
+			password = "Password1!"
+			admin    = false
+		}
+
+		resource "project" "{{ .project_name }}" {
+			key = "{{ .project_key }}"
+			display_name = "{{ .project_name }}"
+			description = "test description"
+			admin_privileges {
+				manage_members = true
+				manage_resources = true
+				index_resources = true
+			}
+			max_storage_in_gibibytes = 1
+			block_deployments_on_limit = true
+			email_notification = false
+
+			use_project_user_resource = true
+		}
+
+		resource "project_user" "{{ .username }}" {
+			project_key = project.{{ .project_name }}.key
+			name = artifactory_managed_user.{{ .username }}.name
+			roles = []
+			ignore_missing_user = false
+		}		
+	`
+
+	config := util.ExecuteTemplate("TestAccProjectUser", template, params)
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV6ProviderFactories: acctest.ProtoV6MuxProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"artifactory": {
+				Source: "jfrog/artifactory",
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config:      config,
+				ExpectError: regexp.MustCompile(`.*Attribute roles requires 1 item minimum, but config has only 0 declared.*`),
+			},
+		},
+	})
+}
+
 func TestAccProjectUser_missing_user_fails(t *testing.T) {
 	projectName := fmt.Sprintf("tftestprojects%s", acctest.RandSeq(10))
 	projectKey := strings.ToLower(acctest.RandSeq(10))