fix: test setup

internal/provider/resource_globalaccount_security_settings.go

@@ -3,7 +3,9 @@ package provider
 import (
 	"context"
 	"fmt"
+	"regexp"
 
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
@@ -14,6 +16,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/setdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	"github.com/SAP/terraform-provider-btp/internal/btpcli"
@@ -85,6 +88,9 @@ __Further documentation:__
 				MarkdownDescription: "The new domains of the iframe. Enter as string. To provide multiple domains, separate them by spaces.",
 				Optional:            true,
 				Computed:            true,
+				Validators: []validator.String{
+					stringvalidator.RegexMatches(regexp.MustCompile(`^(|.{4,})$`), "The attribute iframe_domains must be empty or contain domains."),
+				},
 			},
 			"id": schema.StringAttribute{ // required by hashicorps terraform plugin testing framework for imports
 				DeprecationMessage:  "Automatically filled with the subdomain of the global account",
@@ -185,23 +191,15 @@ func (rs *globalaccountSecuritySettingsResource) Update(ctx context.Context, req
 	diags = plan.CustomEmailDomains.ElementsAs(ctx, &customEmailDomains, false)
 	resp.Diagnostics.Append(diags...)
 
-	// Special handling of IFrame:
-	var IframeDomainsValue string
-	if plan.IframeDomains.ValueString() == "" && currentState.IframeDomains.ValueString() != "" {
-		// The string should be empty, however to do the update the value must be " " (space)
-		// otherwise the API will ignore it
-		IframeDomainsValue = " "
-	} else {
-		IframeDomainsValue = plan.IframeDomains.ValueString()
-	}
+	iFrameDomain := transformIframeDomain(plan.IframeDomains.ValueString(), currentState.IframeDomains.ValueString())
 
 	res, _, err := rs.cli.Security.Settings.UpdateByGlobalAccount(ctx, btpcli.SecuritySettingsUpdateInput{
 		CustomEmail:                       customEmailDomains,
 		DefaultIDPForNonInteractiveLogon:  plan.DefaultIdentityProvider.ValueString(),
 		TreatUsersWithSameEmailAsSameUser: plan.TreatUsersWithSameEmailAsSameUser.ValueBool(),
 		AccessTokenValidity:               int(plan.AccessTokenValidity.ValueInt64()),
 		RefreshTokenValidity:              int(plan.RefreshTokenValidity.ValueInt64()),
-		IFrame:                            IframeDomainsValue,
+		IFrame:                            iFrameDomain,
 	})
 
 	if err != nil {

internal/provider/resource_globalaccount_security_settings_test.go

@@ -2,14 +2,13 @@ package provider
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
 func TestResourceGlobalaccountSecuritySettings(t *testing.T) {
-	t.Parallel()
-
 	t.Run("happy path - complete configuration", func(t *testing.T) {
 		rec, user := setupVCR(t, "fixtures/resource_globalaccount_security_settings.complete")
 		defer stopQuietly(rec)
@@ -31,12 +30,13 @@ func TestResourceGlobalaccountSecuritySettings(t *testing.T) {
 					),
 				},
 				{
-					Config: hclProviderFor(user) + hclResourceGlobalaccountSecuritySettings("uut", "sap.default", 4500, 4500, false, "[]", "https://iframedomain.test https://updated.iframedomain.test"),
+					Config: hclProviderFor(user) + hclResourceGlobalaccountSecuritySettings("uut", "terraformint-platform", 4500, 4500, false, "[\"domain1.test\"]", "https://iframedomain.test https://updated.iframedomain.test"),
 					Check: resource.ComposeAggregateTestCheckFunc(
 						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "access_token_validity", "4500"),
 						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "refresh_token_validity", "4500"),
 						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "treat_users_with_same_email_as_same_user", "false"),
-						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.#", "0"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.#", "1"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.0", "domain1.test"),
 						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "iframe_domains", "https://iframedomain.test https://updated.iframedomain.test"),
 					),
 				},
@@ -48,6 +48,58 @@ func TestResourceGlobalaccountSecuritySettings(t *testing.T) {
 			},
 		})
 	})
+
+	t.Run("happy path - IFrame deletion", func(t *testing.T) {
+		rec, user := setupVCR(t, "fixtures/resource_globalaccount_security_settings.destroy")
+		defer stopQuietly(rec)
+
+		resource.Test(t, resource.TestCase{
+			IsUnitTest:               true,
+			ProtoV6ProviderFactories: getProviders(rec.GetDefaultClient()),
+			Steps: []resource.TestStep{
+				{
+					Config: hclProviderFor(user) + hclResourceGlobalaccountSecuritySettings("uut", "terraformint-platform", 4500, 4500, true, "[\"domain1.test\",\"domain2.test\"]", "https://iframedomain.test"),
+					Check: resource.ComposeAggregateTestCheckFunc(
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "access_token_validity", "4500"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "refresh_token_validity", "4500"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "treat_users_with_same_email_as_same_user", "true"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.#", "2"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.0", "domain1.test"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.1", "domain2.test"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "iframe_domains", "https://iframedomain.test"),
+					),
+				},
+				{
+					Config: hclProviderFor(user) + hclResourceGlobalaccountSecuritySettings("uut", "sap.default", 4500, 4500, false, "[]", ""),
+					Check: resource.ComposeAggregateTestCheckFunc(
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "access_token_validity", "4500"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "refresh_token_validity", "4500"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "treat_users_with_same_email_as_same_user", "false"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "custom_email_domains.#", "0"),
+						resource.TestCheckResourceAttr("btp_globalaccount_security_settings.uut", "iframe_domains", ""),
+					),
+				},
+				{
+					ResourceName:      "btp_globalaccount_security_settings.uut",
+					ImportState:       true,
+					ImportStateVerify: true,
+				},
+			},
+		})
+	})
+
+	t.Run("error path - invalid iframe value", func(t *testing.T) {
+		resource.Test(t, resource.TestCase{
+			IsUnitTest:               true,
+			ProtoV6ProviderFactories: getProviders(nil),
+			Steps: []resource.TestStep{
+				{
+					Config:      hclResourceGlobalaccountSecuritySettings("uut", "sap.default", 4500, 4500, false, "[]", " "),
+					ExpectError: regexp.MustCompile(`Attribute iframe_domains The attribute iframe_domains must be empty`),
+				},
+			},
+		})
+	})
 }
 
 func hclResourceGlobalaccountSecuritySettings(resourceName string, defaultIdp string, accessTokenValidity int, refreshTokenValidity int, treatUsersWithSameEmailAsSameUser bool, customEmailDomains string, iFrameDomains string) string {

internal/provider/resource_subaccount_security_settings.go

@@ -248,16 +248,3 @@ func (rs *subaccountSecuritySettingsResource) Delete(ctx context.Context, req re
 func (rs *subaccountSecuritySettingsResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
 	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("subaccount_id"), req.ID)...)
 }
-
-func transformIframeDomain(plannedValue string, currentValue string) (iFrameDomainValueNew string) {
-	// The deletion of an Iframe must be triggered by setting the value to " " (space)
-	// We handle this by comparing the planned value with the current value
-
-	iFrameDomainValueNew = plannedValue
-
-	// User wants to delete all values as the current value is not empty
-	if plannedValue == "" && currentValue != "" {
-		iFrameDomainValueNew = " "
-	}
-	return
-}

internal/provider/resource_subaccount_security_settings_test.go

@@ -10,8 +10,6 @@ import (
 )
 
 func TestResourceSubaccountSecuritySettings(t *testing.T) {
-	t.Parallel()
-
 	t.Run("happy path - complete configuration", func(t *testing.T) {
 		rec, user := setupVCR(t, "fixtures/resource_subaccount_security_settings.complete")
 		defer stopQuietly(rec)
@@ -58,8 +56,8 @@ func TestResourceSubaccountSecuritySettings(t *testing.T) {
 		})
 	})
 
-	t.Run("special path - IFrame deletion", func(t *testing.T) {
-		rec, user := setupVCR(t, "fixtures/resource_subaccount_security_settings.complete")
+	t.Run("happy path - IFrame deletion", func(t *testing.T) {
+		rec, user := setupVCR(t, "fixtures/resource_subaccount_security_settings.destroy")
 		defer stopQuietly(rec)
 
 		resource.Test(t, resource.TestCase{

internal/provider/type_globalaccount_security_settings.go

@@ -76,3 +76,16 @@ func globalaccountSecuritySettingsDataSourceValueFrom(ctx context.Context, value
 
 	return
 }
+
+func transformIframeDomain(plannedValue string, currentValue string) (iFrameDomainValueNew string) {
+	// The deletion of an Iframe must be triggered by setting the value to " " (space)
+	// We handle this by comparing the planned value with the current value
+
+	iFrameDomainValueNew = plannedValue
+
+	// User wants to delete all values as the current value is not empty
+	if plannedValue == "" && currentValue != "" {
+		iFrameDomainValueNew = " "
+	}
+	return
+}