resource_tfe_aws_oidc_configuration.go and basic test

helenjw · helenjw · commit 145a88851ddd · 2025-09-16T17:36:53.000-04:00
diff --git a/internal/provider/resource_tfe_aws_oidc_configuration.go b/internal/provider/resource_tfe_aws_oidc_configuration.go
@@ -32,8 +32,9 @@ type resourceTFEAWSOIDCConfiguration struct {
 }
 
 type modelTFEAWSOIDCConfiguration struct {
-	ID      types.String `tfsdk:"id"`
-	RoleARN types.String `tfsdk:"role_arn"`
+	ID           types.String `tfsdk:"id"`
+	RoleARN      types.String `tfsdk:"role_arn"`
+	Organization types.String `tfsdk:"organization"`
 }
 
 func (r *resourceTFEAWSOIDCConfiguration) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
@@ -73,13 +74,20 @@ func (r *resourceTFEAWSOIDCConfiguration) Schema(_ context.Context, _ resource.S
 					stringplanmodifier.RequiresReplace(),
 				},
 			},
+			"organization": schema.StringAttribute{
+				Description: "Name of the organization to which the TFE AWS OIDC configuration belongs.",
+				Optional:    true,
+				Computed:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
 		},
 		Description: "Generates a new TFE AWS OIDC Configuration.",
 	}
 }
 
 func (r *resourceTFEAWSOIDCConfiguration) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
-	// TODO: confirm this is right
 	resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
 }
 
@@ -115,7 +123,7 @@ func (r *resourceTFEAWSOIDCConfiguration) Create(ctx context.Context, req resour
 
 func (r *resourceTFEAWSOIDCConfiguration) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
 	// Read Terraform state into the model
-	var state modelTFETeamToken
+	var state modelTFEAWSOIDCConfiguration
 	diags := req.State.Get(ctx, &state)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
@@ -191,7 +199,8 @@ func (r *resourceTFEAWSOIDCConfiguration) Delete(ctx context.Context, req resour
 
 func modelFromTFEAWSOIDCConfiguration(p *tfe.AWSOIDCConfiguration) modelTFEAWSOIDCConfiguration {
 	return modelTFEAWSOIDCConfiguration{
-		ID:      types.StringValue(p.ID),
-		RoleARN: types.StringValue(p.RoleARN),
+		ID:           types.StringValue(p.ID),
+		RoleARN:      types.StringValue(p.RoleARN),
+		Organization: types.StringValue(p.Organization.Name),
 	}
 }
diff --git a/internal/provider/resource_tfe_aws_oidc_configuration_test.go b/internal/provider/resource_tfe_aws_oidc_configuration_test.go
@@ -0,0 +1,78 @@
+package provider
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+)
+
+func TestAccTFEAWSOIDCConfiguration_basic(t *testing.T) {
+	orgName := os.Getenv("HYOK_ORGANIZATION_NAME")
+
+	if orgName == "" {
+		t.Skip("Test skipped: HYOK_ORGANIZATION_NAME environment variable is not set")
+	}
+
+	originalRoleARN := "arn:aws:iam::123456789012:role/terraform-provider-tfe-example-1"
+	newRoleARN := "arn:aws:iam::123456789012:role/terraform-provider-tfe-example-2"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV5ProviderFactories: testAccMuxedProviders,
+		CheckDestroy:             testAccCheckTFEAWSOIDCConfigurationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEAWSOIDCConfigurationConfig(orgName, originalRoleARN),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tfe_aws_oidc_configuration.test", "id"),
+					resource.TestCheckResourceAttr("tfe_aws_oidc_configuration.test", "role_arn", originalRoleARN),
+				),
+			},
+			// Import
+			{
+				ResourceName:      "tfe_aws_oidc_configuration.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Update role ARN
+			{
+				Config: testAccTFEAWSOIDCConfigurationConfig(orgName, newRoleARN),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tfe_aws_oidc_configuration.test", "id"),
+					resource.TestCheckResourceAttr("tfe_aws_oidc_configuration.test", "role_arn", newRoleARN),
+				),
+			},
+		},
+	})
+}
+
+func testAccTFEAWSOIDCConfigurationConfig(orgName string, roleARN string) string {
+	return fmt.Sprintf(`
+resource "tfe_aws_oidc_configuration" "test" {
+	role_arn    = "%s"
+	organization = "%s"
+}
+`, roleARN, orgName)
+}
+
+func testAccCheckTFEAWSOIDCConfigurationDestroy(s *terraform.State) error {
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "tfe_aws_oidc_configuration" {
+			continue
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("no instance ID is set")
+		}
+
+		_, err := testAccConfiguredClient.Client.AWSOIDCConfigurations.Read(ctx, rs.Primary.ID)
+		if err == nil {
+			return fmt.Errorf("TFE AWS OIDC Configuration %s still exists", rs.Primary.ID)
+		}
+	}
+
+	return nil
+}
