review changes

h3adex · h3adex · commit 30451ac3e05c · 2025-03-19T17:01:25.000+01:00
diff --git a/docs/resources/service_account_access_token.md b/docs/resources/service_account_access_token.md
@@ -79,6 +79,6 @@ resource "stackit_service_account_access_token" "sa1" {
 - `access_token_id` (String) Identifier for the access token linked to the service account.
 - `active` (Boolean) Indicate whether the token is currently active or inactive
 - `created_at` (String) Timestamp indicating when the access token was created.
-- `id` (String) Unique internal resource ID for Terraform, formatted as "project_id,access_token_id".
+- `id` (String) Unique internal resource ID for Terraform, formatted as "`project_id`,`access_token_id`".
 - `token` (String, Sensitive) JWT access token for API authentication. Prefixed by 'Bearer' and should be stored securely as it is irretrievable once lost.
 - `valid_until` (String) Estimated expiration timestamp of the access token. For precise validity, check the JWT details.
diff --git a/stackit/internal/services/serviceaccount/token/resource.go b/stackit/internal/services/serviceaccount/token/resource.go
@@ -119,7 +119,7 @@ func (r *serviceAccountTokenResource) Metadata(_ context.Context, req resource.M
 // Schema defines the resource schema for the service account access token.
 func (r *serviceAccountTokenResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
 	descriptions := map[string]string{
-		"id":                    "Unique internal resource ID for Terraform, formatted as \"project_id,access_token_id\".",
+		"id":                    "Unique internal resource ID for Terraform, formatted as \"`project_id`,`access_token_id`\".",
 		"project_id":            "STACKIT project ID associated with the service account token.",
 		"service_account_email": "Email address linked to the service account.",
 		"ttl_days":              "Specifies the token's validity duration in days. If unspecified, defaults to 90 days.",
@@ -133,7 +133,7 @@ func (r *serviceAccountTokenResource) Schema(_ context.Context, _ resource.Schem
 
 	resp.Schema = schema.Schema{
 		MarkdownDescription: markdownDescription,
-		Description:         "Schema for managing a STACKIT service account access token.",
+		Description:         "STACKIT service account access token schema.",
 
 		Attributes: map[string]schema.Attribute{
 			"id": schema.StringAttribute{
@@ -269,6 +269,7 @@ func (r *serviceAccountTokenResource) Read(ctx context.Context, req resource.Rea
 	if err != nil {
 		var oapiErr *oapierror.GenericOpenAPIError
 		ok := errors.As(err, &oapiErr) //nolint:errorlint //complaining that error.As should be used to catch wrapped errors, but this error should not be wrapped
+		// due to security purposes, attempting to list access tokens for a non-existent Service Account will return 403.
 		if ok && oapiErr.StatusCode == http.StatusNotFound || oapiErr.StatusCode == http.StatusForbidden {
 			resp.State.RemoveResource(ctx)
 			return
diff --git a/stackit/internal/services/serviceaccount/token/resource_test.go b/stackit/internal/services/serviceaccount/token/resource_test.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/stackitcloud/stackit-sdk-go/core/utils"
 	"github.com/stackitcloud/stackit-sdk-go/services/serviceaccount"
@@ -70,10 +71,11 @@ func TestMapCreateResponse(t *testing.T) {
 				Token: utils.Ptr("token"),
 			},
 			Model{
-				Id:            types.StringValue("pid,aid"),
-				ProjectId:     types.StringValue("pid"),
-				Token:         types.StringValue("token"),
-				AccessTokenId: types.StringValue("aid"),
+				Id:                types.StringValue("pid,aid"),
+				ProjectId:         types.StringValue("pid"),
+				Token:             types.StringValue("token"),
+				AccessTokenId:     types.StringValue("aid"),
+				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -84,14 +86,17 @@ func TestMapCreateResponse(t *testing.T) {
 				Token:      utils.Ptr("token"),
 				CreatedAt:  utils.Ptr(time.Now()),
 				ValidUntil: utils.Ptr(time.Now().Add(24 * time.Hour)),
+				Active:     utils.Ptr(true),
 			},
 			Model{
-				Id:            types.StringValue("pid,aid"),
-				ProjectId:     types.StringValue("pid"),
-				Token:         types.StringValue("token"),
-				AccessTokenId: types.StringValue("aid"),
-				CreatedAt:     types.StringValue(time.Now().Format(time.RFC3339)),                     // Adjust to the format used
-				ValidUntil:    types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)), // Adjust format
+				Id:                types.StringValue("pid,aid"),
+				ProjectId:         types.StringValue("pid"),
+				Token:             types.StringValue("token"),
+				AccessTokenId:     types.StringValue("aid"),
+				Active:            types.BoolValue(true),
+				CreatedAt:         types.StringValue(time.Now().Format(time.RFC3339)),
+				ValidUntil:        types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)),
+				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -126,16 +131,23 @@ func TestMapCreateResponse(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
-			state := &Model{
-				ProjectId: tt.expected.ProjectId,
+			model := &Model{
+				ProjectId:         tt.expected.ProjectId,
+				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			}
-			err := mapCreateResponse(tt.input, state)
+			err := mapCreateResponse(tt.input, model)
 			if !tt.isValid && err == nil {
 				t.Fatalf("Should have failed")
 			}
 			if tt.isValid && err != nil {
 				t.Fatalf("Should not have failed: %v", err)
 			}
+			if tt.isValid {
+				diff := cmp.Diff(*model, tt.expected)
+				if diff != "" {
+					t.Fatalf("Data does not match: %s", diff)
+				}
+			}
 		})
 	}
 }
@@ -155,11 +167,12 @@ func TestMapListResponse(t *testing.T) {
 				ValidUntil: utils.Ptr(time.Now().Add(24 * time.Hour)),
 			},
 			Model{
-				Id:            types.StringValue("pid,aid"),
-				ProjectId:     types.StringValue("pid"),
-				AccessTokenId: types.StringValue("aid"),
-				CreatedAt:     types.StringValue(time.Now().Format(time.RFC3339)),                     // Adjusted for test setup time
-				ValidUntil:    types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)), // Adjust for format
+				Id:                types.StringValue("pid,aid"),
+				ProjectId:         types.StringValue("pid"),
+				AccessTokenId:     types.StringValue("aid"),
+				CreatedAt:         types.StringValue(time.Now().Format(time.RFC3339)),                     // Adjusted for test setup time
+				ValidUntil:        types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)), // Adjust for format
+				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -190,16 +203,23 @@ func TestMapListResponse(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
-			state := &Model{
-				ProjectId: tt.expected.ProjectId,
+			model := &Model{
+				ProjectId:         tt.expected.ProjectId,
+				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			}
-			err := mapListResponse(tt.input, state)
+			err := mapListResponse(tt.input, model)
 			if !tt.isValid && err == nil {
 				t.Fatalf("Expected an error but did not get one")
 			}
 			if tt.isValid && err != nil {
 				t.Fatalf("Did not expect an error but got one: %v", err)
 			}
+			if tt.isValid {
+				diff := cmp.Diff(*model, tt.expected)
+				if diff != "" {
+					t.Fatalf("Data does not match: %s", diff)
+				}
+			}
 		})
 	}
 }
