Revert "Revert "fix: zt org test assertions and normalizations""

vaishakdinesh · web-flow · commit 788ab0d8eb5f · 2025-08-14T21:49:34.000-07:00
diff --git a/internal/services/zero_trust_organization/normalizations.go b/internal/services/zero_trust_organization/normalizations.go
@@ -44,7 +44,8 @@ func normalizeImportZeroTrustOrganizationAPIData(_ context.Context, data *ZeroTr
 		data.AutoRedirectToIdentity = types.BoolValue(false)
 	}
 
-	if data.LoginDesign != nil && *data.LoginDesign == (ZeroTrustOrganizationLoginDesignModel{}) {
+	var empty ZeroTrustOrganizationLoginDesignModel
+	if data.LoginDesign != nil || *data.LoginDesign == empty {
 		data.LoginDesign = nil
 	}
 
diff --git a/internal/services/zero_trust_organization/resource_test.go b/internal/services/zero_trust_organization/resource_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/utils"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 )
 
@@ -43,7 +44,7 @@ func TestAccCloudflareAccessOrganization(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "auth_domain", rnd+"-"+testAuthDomain()),
 					resource.TestCheckResourceAttr(name, "is_ui_read_only", "false"),
 					resource.TestCheckResourceAttr(name, "user_seat_expiration_inactive_time", "1460h"),
-					resource.TestCheckNoResourceAttr(name, "auto_redirect_to_identity"),
+					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
 					resource.TestCheckResourceAttr(name, "login_design.background_color", "#FFFFFF"),
 					resource.TestCheckResourceAttr(name, "login_design.text_color", "#000000"),
 					resource.TestCheckResourceAttr(name, "login_design.logo_path", "https://example.com/logo.png"),
@@ -53,29 +54,33 @@ func TestAccCloudflareAccessOrganization(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "warp_auth_session_duration", "36h"),
 					resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "false"),
 				),
-				ResourceName:     name,
-				ImportState:      true,
-				ImportStateId:    accountID,
-				ImportStateCheck: accessOrgImportStateCheck,
 			},
 			{
-				Config: testAccCloudflareAccessOrganizationConfigBasic(rnd, accountID, headerText+" updated", testAuthDomain()),
+				Config: testAccCloudflareAccessOrganizationConfigBasic(rnd, accountID, headerText, testAuthDomain()),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID),
 					resource.TestCheckResourceAttr(name, "name", testAuthDomain()),
 					resource.TestCheckResourceAttr(name, "auth_domain", rnd+"-"+testAuthDomain()),
 					resource.TestCheckResourceAttr(name, "is_ui_read_only", "false"),
 					resource.TestCheckResourceAttr(name, "user_seat_expiration_inactive_time", "1460h"),
-					resource.TestCheckNoResourceAttr(name, "auto_redirect_to_identity"),
+					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
 					resource.TestCheckResourceAttr(name, "login_design.background_color", "#FFFFFF"),
 					resource.TestCheckResourceAttr(name, "login_design.text_color", "#000000"),
 					resource.TestCheckResourceAttr(name, "login_design.logo_path", "https://example.com/logo.png"),
-					resource.TestCheckResourceAttr(name, "login_design.header_text", headerText+" updated"),
+					resource.TestCheckResourceAttr(name, "login_design.header_text", headerText),
 					resource.TestCheckResourceAttr(name, "login_design.footer_text", "My footer text"),
 					resource.TestCheckResourceAttr(name, "session_duration", "12h"),
 					resource.TestCheckResourceAttr(name, "warp_auth_session_duration", "36h"),
 					resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "false"),
 				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(name, plancheck.ResourceActionNoop),
+						plancheck.ExpectEmptyPlan(),
+					},
+				},
+			},
+			{
 				ResourceName:     name,
 				ImportState:      true,
 				ImportStateId:    accountID,
@@ -95,6 +100,8 @@ func TestAccCloudflareAccessOrganization(t *testing.T) {
 					resource.TestCheckNoResourceAttr(name, "login_design.header_text"),
 					resource.TestCheckNoResourceAttr(name, "login_design.footer_text"),
 				),
+			},
+			{
 				ResourceName:     name,
 				ImportState:      true,
 				ImportStateId:    accountID,
@@ -168,7 +175,7 @@ func accessOrgImportStateCheckEmpty(instanceStates []*terraform.InstanceState) e
 		{field: consts.AccountIDSchemaKey, stateValue: attrs[consts.AccountIDSchemaKey], expectedValue: accountID},
 		{field: "is_ui_read_only", stateValue: attrs["is_ui_read_only"], expectedValue: "false"},
 		{field: "auto_redirect_to_identity", stateValue: attrs["auto_redirect_to_identity"], expectedValue: "false"},
-		{field: "user_seat_expiration_inactive_time", stateValue: attrs["user_seat_expiration_inactive_time"], expectedValue: "1460h"},
+		{field: "user_seat_expiration_inactive_time", stateValue: attrs["user_seat_expiration_inactive_time"], expectedValue: ""},
 	}
 
 	for _, check := range stateChecks {

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,8 @@ func normalizeImportZeroTrustOrganizationAPIData(_ context.Context, data *ZeroTr`
`44`	`44`	`data.AutoRedirectToIdentity = types.BoolValue(false)`
`45`	`45`	`}`
`46`	`46`
`47`		`- if data.LoginDesign != nil && *data.LoginDesign == (ZeroTrustOrganizationLoginDesignModel{}) {`
	`47`	`+ var empty ZeroTrustOrganizationLoginDesignModel`
	`48`	`+ if data.LoginDesign != nil \|\| *data.LoginDesign == empty {`
`48`	`49`	`data.LoginDesign = nil`
`49`	`50`	`}`
`50`	`51`