diff --git a/CHANGELOG.md b/CHANGELOG.md index 81a26b861..4dc3771f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## 9.3.1 (Oct 6, 2023). Tested on Artifactory 7.68.13 with Terraform CLI v1.6.0 + +BUG FIX: +* resource/artifactory_scoped_token: Remove default value for `expires_in` attribute which should fix state drift when upgrading from 7.11.2 or earlier. Issue: [#818](https://github.com/jfrog/terraform-provider-artifactory/issues/818) PR: [#820](https://github.com/jfrog/terraform-provider-artifactory/pull/820) + ## 9.3.0 (Oct 3, 2023). Tested on Artifactory 7.68.13 with Terraform CLI v1.5.7 IMPROVEMENTS: diff --git a/docs/resources/scoped_token.md b/docs/resources/scoped_token.md index 0784e6535..da3ac1177 100644 --- a/docs/resources/scoped_token.md +++ b/docs/resources/scoped_token.md @@ -75,7 +75,7 @@ resource "artifactory_scoped_token" "audience" { - `audiences` (Set of String) A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '*@*' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this [documentation](https://jfrog.com/help/r/jfrog-rest-apis/get-service-id) - `description` (String) Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters. -- `expires_in` (Number) The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/revoke-token-by-id) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/using-the-revocable-and-persistency-thresholds) for details. +- `expires_in` (Number) The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/create-token) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/using-the-revocable-and-persistency-thresholds) for details. - `grant_type` (String) The grant type used to authenticate the request. In this case, the only value supported is `client_credentials` which is also the default value if this parameter is not specified. - `include_reference_token` (Boolean) Also create a reference token which can be used like an API key. - `refreshable` (Boolean) Is this token refreshable? Default is `false`. diff --git a/pkg/artifactory/resource/security/resource_artifactory_scoped_token.go b/pkg/artifactory/resource/security/resource_artifactory_scoped_token.go index c41b8bd43..85b159c83 100644 --- a/pkg/artifactory/resource/security/resource_artifactory_scoped_token.go +++ b/pkg/artifactory/resource/security/resource_artifactory_scoped_token.go @@ -16,7 +16,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier" - "github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default" "github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/setplanmodifier" @@ -198,7 +197,6 @@ func (r *ScopedTokenResource) Schema(ctx context.Context, req resource.SchemaReq MarkdownDescription: "The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/revoke-token-by-id) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/using-the-revocable-and-persistency-thresholds) for details.", Optional: true, Computed: true, - Default: int64default.StaticInt64(0), PlanModifiers: []planmodifier.Int64{ int64planmodifier.RequiresReplaceIfConfigured(), int64planmodifier.UseStateForUnknown(), diff --git a/pkg/artifactory/resource/security/resource_artifactory_scoped_token_test.go b/pkg/artifactory/resource/security/resource_artifactory_scoped_token_test.go index eb879b5d6..636254637 100644 --- a/pkg/artifactory/resource/security/resource_artifactory_scoped_token_test.go +++ b/pkg/artifactory/resource/security/resource_artifactory_scoped_token_test.go @@ -91,6 +91,64 @@ func TestAccScopedToken_UpgradeGH_792(t *testing.T) { }) } +func TestAccScopedToken_UpgradeGH_818(t *testing.T) { + _, fqrn, name := testutil.MkNames("test-scope-token", "artifactory_scoped_token") + config := utilsdk.ExecuteTemplate( + "TestAccScopedToken", + `resource "artifactory_user" "test-user" { + name = "testuser" + email = "testuser@tempurl.org" + admin = true + disable_ui_access = false + groups = ["readers"] + password = "Passw0rd!" + } + + resource "artifactory_scoped_token" "{{ .name }}" { + scopes = ["applied-permissions/user"] + username = artifactory_user.test-user.name + }`, + map[string]interface{}{ + "name": name, + }, + ) + + resource.Test(t, resource.TestCase{ + Steps: []resource.TestStep{ + { + ExternalProviders: map[string]resource.ExternalProvider{ + "artifactory": { + VersionConstraint: "7.2.0", + Source: "registry.terraform.io/jfrog/artifactory", + }, + }, + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(fqrn, "username", "testuser"), + resource.TestCheckResourceAttr(fqrn, "scopes.#", "1"), + resource.TestCheckResourceAttr(fqrn, "expires_in", "31536000"), + resource.TestCheckNoResourceAttr(fqrn, "audiences"), + resource.TestCheckResourceAttrSet(fqrn, "access_token"), + resource.TestCheckNoResourceAttr(fqrn, "refresh_token"), + resource.TestCheckNoResourceAttr(fqrn, "reference_token"), + resource.TestCheckResourceAttr(fqrn, "token_type", "Bearer"), + resource.TestCheckResourceAttrSet(fqrn, "subject"), + resource.TestCheckResourceAttrSet(fqrn, "expiry"), + resource.TestCheckResourceAttrSet(fqrn, "issued_at"), + resource.TestCheckResourceAttrSet(fqrn, "issuer"), + ), + ConfigPlanChecks: acctest.ConfigPlanChecks, + }, + { + ProtoV5ProviderFactories: acctest.ProtoV5MuxProviderFactories, + Config: config, + PlanOnly: true, + ConfigPlanChecks: acctest.ConfigPlanChecks, + }, + }, + }) +} + func scopedTokenUpgradeTestCase(version string, t *testing.T) (*testing.T, resource.TestCase) { _, fqrn, name := testutil.MkNames("test-access-token", "artifactory_scoped_token") @@ -246,7 +304,7 @@ func TestAccScopedToken_WithAttributes(t *testing.T) { scopes = ["applied-permissions/admin", "system:metrics:r"] description = "test description" refreshable = true - expires_in = 31536000 + expires_in = 0 audiences = ["jfrt@1", "jfxr@*"] }`, map[string]interface{}{ @@ -275,7 +333,7 @@ func TestAccScopedToken_WithAttributes(t *testing.T) { resource.TestCheckTypeSetElemAttr(fqrn, "scopes.*", "applied-permissions/admin"), resource.TestCheckTypeSetElemAttr(fqrn, "scopes.*", "system:metrics:r"), resource.TestCheckResourceAttr(fqrn, "refreshable", "true"), - resource.TestCheckResourceAttr(fqrn, "expires_in", "31536000"), + resource.TestCheckResourceAttr(fqrn, "expires_in", "0"), resource.TestCheckResourceAttr(fqrn, "description", "test description"), resource.TestCheckResourceAttr(fqrn, "audiences.#", "2"), resource.TestCheckTypeSetElemAttr(fqrn, "audiences.*", "jfrt@1"),