fix(oidc-auth): comma formatted bound claims required space formatting

Infisical · Dec 10, 2024 · acfb3fa · acfb3fa
1 parent 98edea0
commit acfb3fa
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 8 deletions.
diff --git a/internal/pkg/modifiers/comma_space_map_modifier.go b/internal/pkg/modifiers/comma_space_map_modifier.go
@@ -0,0 +1,60 @@
+package pkg
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// CommaSpaceMapModifier ensures consistent formatting of comma-separated strings in map values
+type CommaSpaceMapModifier struct{}
+
+func (m CommaSpaceMapModifier) Description(ctx context.Context) string {
+	return "Ensures consistent formatting of comma-separated strings in map values with spaces after commas"
+}
+
+func (m CommaSpaceMapModifier) MarkdownDescription(ctx context.Context) string {
+	return "Ensures consistent formatting of comma-separated strings in map values with spaces after commas"
+}
+
+func (m CommaSpaceMapModifier) PlanModifyMap(ctx context.Context, req planmodifier.MapRequest, resp *planmodifier.MapResponse) {
+	if req.PlanValue.IsUnknown() || req.PlanValue.IsNull() {
+		return
+	}
+
+	planElements := req.PlanValue.Elements()
+	newElements := make(map[string]types.String)
+
+	for key, value := range planElements {
+		strValue := value.(types.String)
+		if !strValue.IsNull() && !strValue.IsUnknown() {
+			parts := strings.Split(strValue.ValueString(), ",")
+
+			// Trim spaces from each part and rejoin with ", "
+			for i, part := range parts {
+				parts[i] = strings.TrimSpace(part)
+			}
+
+			formattedValue := strings.Join(parts, ", ")
+
+			newElements[key] = types.StringValue(formattedValue)
+		} else {
+			// Preserve null/unknown values
+			newElements[key] = strValue
+		}
+	}
+
+	newMapValue, diags := types.MapValueFrom(ctx, types.StringType, newElements)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	resp.PlanValue = newMapValue
+}
+
+func CommaSpaceMap() CommaSpaceMapModifier {
+	return CommaSpaceMapModifier{}
+}
diff --git a/internal/provider/resource/identity_oidc_auth.go b/internal/provider/resource/identity_oidc_auth.go
@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"strings"
 	infisical "terraform-provider-infisical/internal/client"
-	infisicalclient "terraform-provider-infisical/internal/client"
+	pkg "terraform-provider-infisical/internal/pkg/modifiers"
 	infisicalstrings "terraform-provider-infisical/internal/pkg/strings"
 	"terraform-provider-infisical/internal/pkg/terraform"
 
@@ -88,11 +88,14 @@ func (r *IdentityOidcAuthResource) Schema(_ context.Context, _ resource.SchemaRe
 				PlanModifiers: []planmodifier.List{listplanmodifier.UseStateForUnknown()},
 			},
 			"bound_claims": schema.MapAttribute{
-				Description:   "The attributes that should be present in the JWT for it to be valid. The provided values can be a glob pattern.",
-				Optional:      true,
-				Computed:      true,
-				ElementType:   types.StringType,
-				PlanModifiers: []planmodifier.Map{mapplanmodifier.UseStateForUnknown()},
+				Description: "The attributes that should be present in the JWT for it to be valid. The provided values can be a glob pattern.",
+				Optional:    true,
+				Computed:    true,
+				ElementType: types.StringType,
+				PlanModifiers: []planmodifier.Map{
+					mapplanmodifier.UseStateForUnknown(),
+					pkg.CommaSpaceMapModifier{},
+				},
 			},
 			"bound_subject": schema.StringAttribute{
 				Description:   "The expected principal that is the subject of the JWT.",
@@ -163,7 +166,7 @@ func (r *IdentityOidcAuthResource) Configure(_ context.Context, req resource.Con
 	r.client = client
 }
 
-func updateOidcAuthStateByApi(ctx context.Context, diagnose diag.Diagnostics, plan *IdentityOidcAuthResourceModel, newIdentityOidcAuth *infisicalclient.IdentityOidcAuth) {
+func updateOidcAuthStateByApi(ctx context.Context, diagnose diag.Diagnostics, plan *IdentityOidcAuthResourceModel, newIdentityOidcAuth *infisical.IdentityOidcAuth) {
 	plan.AccessTokenMaxTTL = types.Int64Value(newIdentityOidcAuth.AccessTokenMaxTTL)
 	plan.AccessTokenTTL = types.Int64Value(newIdentityOidcAuth.AccessTokenTTL)
 	plan.AccessTokenNumUsesLimit = types.Int64Value(newIdentityOidcAuth.AccessTokenNumUsesLimit)
@@ -309,7 +312,7 @@ func (r *IdentityOidcAuthResource) Read(ctx context.Context, req resource.ReadRe
 	})
 
 	if err != nil {
-		if err == infisicalclient.ErrNotFound {
+		if err == infisical.ErrNotFound {
 			resp.State.RemoveResource(ctx)
 			return
 		} else {