update acceptance tests

define each resource as separate string then join, parametrize resource name in attribute checks, add attribute check on external_id
hashicorp · Nov 16, 2024 · f991ca1 · f991ca1
1 parent 1e97558
commit f991ca1
Showing 1 changed file with 49 additions and 34 deletions.
diff --git a/vault/resource_aws_auth_backend_sts_role_test.go b/vault/resource_aws_auth_backend_sts_role_test.go
@@ -6,12 +6,14 @@ package vault
 import (
 	"fmt"
 	"strconv"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 
+	"github.com/hashicorp/terraform-provider-vault/internal/consts"
 	"github.com/hashicorp/terraform-provider-vault/internal/provider"
 	"github.com/hashicorp/terraform-provider-vault/testutil"
 )
@@ -82,64 +84,77 @@ func testAccCheckAWSAuthBackendSTSRoleDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccAWSAuthBackendSTSRoleCheck_attrs(backend, accountID, stsRole string) resource.TestCheckFunc {
+func testAccAWSAuthBackendSTSRoleCheck_attrs(backend, accountID string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		resourceState := s.Modules[0].Resources["vault_aws_auth_backend_sts_role.role"]
-		if resourceState == nil {
-			return fmt.Errorf("resource not found in state")
+		resources := []string{
+			"vault_aws_auth_backend_sts_role.role",
 		}
 
-		instanceState := resourceState.Primary
-		if instanceState == nil {
-			return fmt.Errorf("resource has no primary instance state")
-		}
+		for _, resource := range resources {
+			resourceState := s.Modules[0].Resources[resource]
+			if resourceState == nil {
+				return fmt.Errorf("resource not found in state")
+			}
 
-		endpoint := instanceState.ID
+			instanceState := resourceState.Primary
+			if instanceState == nil {
+				return fmt.Errorf("resource has no primary instance state")
+			}
 
-		if endpoint != "auth/"+backend+"/config/sts/"+accountID {
-			return fmt.Errorf("expected ID to be %q, got %q instead", "auth/"+backend+"/config/sts/"+accountID, endpoint)
-		}
+			endpoint := instanceState.ID
 
-		client, e := provider.GetClient(instanceState, testProvider.Meta())
-		if e != nil {
-			return e
-		}
+			if endpoint != "auth/"+backend+"/config/sts/"+accountID {
+				return fmt.Errorf("expected ID to be %q, got %q instead", "auth/"+backend+"/config/sts/"+accountID, endpoint)
+			}
 
-		resp, err := client.Logical().Read(endpoint)
-		if err != nil {
-			return fmt.Errorf("error reading back sts role from %q: %s", endpoint, err)
-		}
+			client, e := provider.GetClient(instanceState, testProvider.Meta())
+			if e != nil {
+				return e
+			}
 
-		if resp == nil {
-			return fmt.Errorf("%q doesn't exist", endpoint)
-		}
+			resp, err := client.Logical().Read(endpoint)
+			if err != nil {
+				return fmt.Errorf("error reading back sts role from %q: %s", endpoint, err)
+			}
 
-		attrs := map[string]string{
-			"sts_role": "sts_role",
-		}
-		for stateAttr, apiAttr := range attrs {
-			if resp.Data[apiAttr] == nil && instanceState.Attributes[stateAttr] == "" {
-				continue
+			if resp == nil {
+				return fmt.Errorf("%q doesn't exist", endpoint)
+			}
+
+			attrs := map[string]string{
+				"sts_role":             "sts_role",
+				consts.FieldExternalID: consts.FieldExternalID,
 			}
-			if resp.Data[apiAttr] != instanceState.Attributes[stateAttr] {
-				return fmt.Errorf("Expected %s (%s) of %q to be %q, got %q", apiAttr, stateAttr, endpoint, instanceState.Attributes[stateAttr], resp.Data[apiAttr])
+			for stateAttr, apiAttr := range attrs {
+				if resp.Data[apiAttr] == nil && instanceState.Attributes[stateAttr] == "" {
+					continue
+				}
+				if resp.Data[apiAttr] != instanceState.Attributes[stateAttr] {
+					return fmt.Errorf("Expected %s (%s) of %q to be %q, got %q", apiAttr, stateAttr, endpoint, instanceState.Attributes[stateAttr], resp.Data[apiAttr])
+				}
 			}
 		}
+
 		return nil
 	}
 }
 
 func testAccAWSAuthBackendSTSRoleConfig_basic(backend, accountID, stsRole string) string {
-	return fmt.Sprintf(`
+	resources := []string{
+		fmt.Sprintf(`
 resource "vault_auth_backend" "aws" {
   type = "aws"
   path = "%s"
 }
-
+`, backend),
+		fmt.Sprintf(`
 resource "vault_aws_auth_backend_sts_role" "role" {
   backend = vault_auth_backend.aws.path
   account_id = "%s"
   sts_role = "%s"
 }
-`, backend, accountID, stsRole)
+`, accountID, stsRole),
+	}
+
+	return strings.Join(resources, "\n")
 }