Commit0e3df53

committed

fix: validate password logintype combos

1 parent9aa27ba commit0e3df53Copy full SHA for 0e3df53

File tree

2 files changed

+56

-33

lines changed

internal/provider
- user_resource.go
- user_resource_test.go

2 files changed

+56

-33

lines changed

`‎internal/provider/user_resource.go‎`

Lines changed: 33 additions & 30 deletions

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,6 @@ func (r *UserResource) Metadata(ctx context.Context, req resource.MetadataReques`
`56`	`56`	`func (rUserResource)Schema(ctx context.Context,req resource.SchemaRequest,respresource.SchemaResponse) {`
`57`	`57`	`resp.Schema= schema.Schema{`
`58`	`58`	`MarkdownDescription:"A user on the Coder deployment.",`
`59`		`-`
`60`	`59`	`Attributes:map[string]schema.Attribute{`
`61`	`60`	`"id": schema.StringAttribute{`
`62`	`61`	`CustomType:UUIDType,`
`@@ -66,27 +65,23 @@ func (r *UserResource) Schema(ctx context.Context, req resource.SchemaRequest, r`
`66`	`65`	`stringplanmodifier.UseStateForUnknown(),`
`67`	`66`	`},`
`68`	`67`	`},`
`69`		`-`
`70`	`68`	`"username": schema.StringAttribute{`
`71`	`69`	`MarkdownDescription:"Username of the user.",`
`72`	`70`	`Required:true,`
`73`	`71`	`},`
`74`	`72`	`"name": schema.StringAttribute{`
`75`		`-Computed:true,`
`76`	`73`	`MarkdownDescription:"Display name of the user. Defaults to username.",`
`77`		`-Required:false,`
	`74`	`+Computed:true,`
`78`	`75`	`Optional:true,`
`79`		`-// Defaulted in Create`
`80`	`76`	`},`
`81`	`77`	`"email": schema.StringAttribute{`
`82`	`78`	`MarkdownDescription:"Email address of the user.",`
`83`	`79`	`Required:true,`
`84`	`80`	`},`
`85`	`81`	`"roles": schema.SetAttribute{`
`86`	`82`	`MarkdownDescription:"Roles assigned to the user. Valid roles are 'owner', 'template-admin', 'user-admin', and 'auditor'.",`
`87`		`-Required:false,`
`88`		`-Optional:true,`
`89`	`83`	`Computed:true,`
	`84`	`+Optional:true,`
`90`	`85`	`ElementType:types.StringType,`
`91`	`86`	`Validators: []validator.Set{`
`92`	`87`	`setvalidator.ValueStringsAre(`
`@@ -97,24 +92,24 @@ func (r *UserResource) Schema(ctx context.Context, req resource.SchemaRequest, r`
`97`	`92`	`},`
`98`	`93`	`"login_type": schema.StringAttribute{`
`99`	`94`	`MarkdownDescription:"Type of login for the user. Valid types are 'none', 'password', 'github', and 'oidc'.",`
`100`		`-Required:false,`
`101`		`-Optional:true,`
`102`	`95`	`Computed:true,`
	`96`	`+Optional:true,`
`103`	`97`	`Validators: []validator.String{`
`104`	`98`	`stringvalidator.OneOf("none","password","github","oidc"),`
`105`	`99`	`},`
`106`	`100`	`Default:stringdefault.StaticString("none"),`
	`101`	`+PlanModifiers: []planmodifier.String{`
	`102`	`+stringplanmodifier.RequiresReplaceIfConfigured(),`
	`103`	`+},`
`107`	`104`	`},`
`108`	`105`	`"password": schema.StringAttribute{`
`109`	`106`	`MarkdownDescription:"Password for the user. Required when login_type is 'password'. Passwords are saved into the state as plain text and should only be used for testing purposes.",`
`110`		`-Required:false,`
`111`	`107`	`Optional:true,`
`112`	`108`	`Sensitive:true,`
`113`	`109`	`},`
`114`	`110`	`"suspended": schema.BoolAttribute{`
`115`		`-Computed:true,`
`116`	`111`	`MarkdownDescription:"Whether the user is suspended.",`
`117`		`-Required:false,`
	`112`	`+Computed:true,`
`118`	`113`	`Optional:true,`
`119`	`114`	`Default:booldefault.StaticBool(false),`
`120`	`115`	`},`
`@@ -164,14 +159,15 @@ func (r *UserResource) Create(ctx context.Context, req resource.CreateRequest, r`
`164`	`159`	`}`
`165`	`160`
`166`	`161`	`tflog.Trace(ctx,"creating user")`
`167`		`-loginType:=codersdk.LoginTypeNone`
`168`		`-ifdata.LoginType.ValueString()!="" {`
`169`		`-loginType=codersdk.LoginType(data.LoginType.ValueString())`
`170`		`-}`
`171`		`-ifloginType==codersdk.LoginTypePassword&&data.Password.ValueString()=="" {`
	`162`	`+loginType:=codersdk.LoginType(data.LoginType.ValueString())`
	`163`	`+ifloginType==codersdk.LoginTypePassword&&data.Password.IsNull() {`
`172`	`164`	`resp.Diagnostics.AddError("Data Error","Password is required when login_type is 'password'")`
`173`	`165`	`return`
`174`	`166`	`}`
	`167`	`+ifloginType!=codersdk.LoginTypePassword&&!data.Password.IsNull() {`
	`168`	`+resp.Diagnostics.AddError("Data Error","Password is only allowed when login_type is 'password'")`
	`169`	`+return`
	`170`	`+}`
`175`	`171`	`user,err:=client.CreateUser(ctx, codersdk.CreateUserRequest{`
`176`	`172`	`Email:data.Email.ValueString(),`
`177`	`173`	`Username:data.Username.ValueString(),`
`@@ -189,13 +185,13 @@ func (r *UserResource) Create(ctx context.Context, req resource.CreateRequest, r`
`189`	`185`	`data.ID=UUIDValue(user.ID)`
`190`	`186`
`191`	`187`	`tflog.Trace(ctx,"updating user profile")`
`192`		`-name:=data.Username.ValueString()`
	`188`	`+name:=data.Username`
`193`	`189`	`ifdata.Name.ValueString()!="" {`
`194`		`-name=data.Name.ValueString()`
	`190`	`+name=data.Name`
`195`	`191`	`}`
`196`	`192`	`user,err=client.UpdateUserProfile(ctx,user.ID.String(), codersdk.UpdateUserProfileRequest{`
`197`	`193`	`Username:data.Username.ValueString(),`
`198`		`-Name:name,`
	`194`	`+Name:name.ValueString(),`
`199`	`195`	`})`
`200`	`196`	`iferr!=nil {`
`201`	`197`	`resp.Diagnostics.AddError("Client Error",fmt.Sprintf("Unable to update newly created user profile, got error: %s",err))`
`@@ -290,18 +286,23 @@ func (r *UserResource) Update(ctx context.Context, req resource.UpdateRequest, r`
`290`	`286`	`return`
`291`	`287`	`}`
`292`	`288`
	`289`	`+name:=data.Username`
	`290`	`+ifdata.Name.ValueString()!="" {`
	`291`	`+name=data.Name`
	`292`	`+}`
`293`	`293`	`tflog.Trace(ctx,"updating user",map[string]any{`
`294`	`294`	`"new_username":data.Username.ValueString(),`
`295`		`-"new_name":data.Name.ValueString(),`
	`295`	`+"new_name":name.ValueString(),`
`296`	`296`	`})`
`297`	`297`	`_,err=client.UpdateUserProfile(ctx,user.ID.String(), codersdk.UpdateUserProfileRequest{`
`298`	`298`	`Username:data.Username.ValueString(),`
`299`		`-Name:data.Name.ValueString(),`
	`299`	`+Name:name.ValueString(),`
`300`	`300`	`})`
`301`	`301`	`iferr!=nil {`
`302`	`302`	`resp.Diagnostics.AddError("Client Error",fmt.Sprintf("Unable to update user profile, got error: %s",err))`
`303`	`303`	`return`
`304`	`304`	`}`
	`305`	`+data.Name=name`
`305`	`306`	`tflog.Trace(ctx,"successfully updated user profile")`
`306`	`307`
`307`	`308`	`varroles []string`
`@@ -320,15 +321,17 @@ func (r *UserResource) Update(ctx context.Context, req resource.UpdateRequest, r`
`320`	`321`	`}`
`321`	`322`	`tflog.Trace(ctx,"successfully updated user roles")`
`322`	`323`
`323`		`-tflog.Trace(ctx,"updating password")`
`324`		`-err=client.UpdateUserPassword(ctx,user.ID.String(), codersdk.UpdateUserPasswordRequest{`
`325`		`-Password:data.Password.ValueString(),`
`326`		`-})`
`327`		`-iferr!=nil&&!strings.Contains(err.Error(),"New password cannot match old password.") {`
`328`		`-resp.Diagnostics.AddError("Client Error",fmt.Sprintf("Unable to update password, got error: %s",err))`
`329`		`-return`
	`324`	`+ifdata.LoginType.ValueString()==string(codersdk.LoginTypePassword)&&!data.Password.IsNull() {`
	`325`	`+tflog.Trace(ctx,"updating password")`
	`326`	`+err=client.UpdateUserPassword(ctx,user.ID.String(), codersdk.UpdateUserPasswordRequest{`
	`327`	`+Password:data.Password.ValueString(),`
	`328`	`+})`
	`329`	`+iferr!=nil&&!strings.Contains(err.Error(),"New password cannot match old password.") {`
	`330`	`+resp.Diagnostics.AddError("Client Error",fmt.Sprintf("Unable to update password, got error: %s",err))`
	`331`	`+return`
	`332`	`+}`
	`333`	`+tflog.Trace(ctx,"successfully updated password")`
`330`	`334`	`}`
`331`		`-tflog.Trace(ctx,"successfully updated password")`
`332`	`335`
`333`	`336`	`varstatusErrerror`
`334`	`337`	`ifdata.Suspended.ValueBool() {`

`‎internal/provider/user_resource_test.go‎`

Lines changed: 23 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,9 +32,16 @@ func TestAccUserResource(t *testing.T) {`
`32`	`32`
`33`	`33`	`cfg2:=cfg1`
`34`	`34`	`cfg2.Username=PtrTo("exampleNew")`
`35`		`-cfg2.Name=PtrTo("Example User New")`
	`35`	`+`
	`36`	`+cfg3:=cfg2`
	`37`	`+cfg3.Name=PtrTo("Example New")`
	`38`	`+`
	`39`	`+cfg4:=cfg3`
	`40`	`+cfg4.LoginType=PtrTo("github")`
	`41`	`+cfg4.Password=nil`
`36`	`42`
`37`	`43`	`resource.Test(t, resource.TestCase{`
	`44`	`+IsUnitTest:true,`
`38`	`45`	`PreCheck:func() {testAccPreCheck(t) },`
`39`	`46`	`ProtoV6ProviderFactories:testAccProtoV6ProviderFactories,`
`40`	`47`	`Steps: []resource.TestStep{`
`@@ -66,10 +73,23 @@ func TestAccUserResource(t *testing.T) {`
`66`	`73`	`Config:cfg2.String(t),`
`67`	`74`	`Check:resource.ComposeAggregateTestCheckFunc(`
`68`	`75`	`resource.TestCheckResourceAttr("coderd_user.test","username","exampleNew"),`
`69`		`-resource.TestCheckResourceAttr("coderd_user.test","name","Example User New"),`
	`76`	`+resource.TestCheckResourceAttr("coderd_user.test","name","Example User"),`
	`77`	`+),`
	`78`	`+},`
	`79`	`+{`
	`80`	`+Config:cfg3.String(t),`
	`81`	`+Check:resource.ComposeAggregateTestCheckFunc(`
	`82`	`+resource.TestCheckResourceAttr("coderd_user.test","username","exampleNew"),`
	`83`	`+resource.TestCheckResourceAttr("coderd_user.test","name","Example New"),`
	`84`	`+),`
	`85`	`+},`
	`86`	`+// Replace triggered`
	`87`	`+{`
	`88`	`+Config:cfg4.String(t),`
	`89`	`+Check:resource.ComposeAggregateTestCheckFunc(`
	`90`	`+resource.TestCheckResourceAttr("coderd_user.test","login_type","github"),`
`70`	`91`	`),`
`71`	`92`	`},`
`72`		`-// Delete testing automatically occurs in TestCase`
`73`	`93`	`},`
`74`	`94`	`})`
`75`	`95`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0e3df53

File tree

2 files changed

2 files changed

`‎internal/provider/user_resource.go‎`

`‎internal/provider/user_resource_test.go‎`

0 commit comments