Fix an error where expires_at and member_role_id were not computed

Changelog: BUGFIXES Subsystem: resource/gitlab_group_membership

Fix an error where expires_at and member_role_id were not computed
22f5f0ac · Patrick Rice · 119a3209 · 22f5f0ac · 22f5f0ac · 22f5f0ac
Commit 22f5f0ac authored 6 days ago by Patrick Rice
--- a/.gitpod/automations.yml
+++ b/.gitpod/automations.yml
 services:
-  gitlab:
-    name: GitLab Local Container
+  gitlab-ce:
+    name: GitLab-CE Local Container
    description: A locally running GitLab instance, used for acceptance testing
    triggeredBy:
-      - postEnvironmentStart
+      - manual
+    commands:
+      start: SERVICE=gitlab-ce make testacc-up
+      stop: SERVICE=gitlab-ce make testacc-down
+        
+  gitlab-ee:
+    name: GitLab-EE Local Container
+    description: A locally running GitLab instance, used for acceptance testing
+    triggeredBy:
+      - manual
    commands:
-      start: >-
-        make testacc-up
+      start: SERVICE=gitlab-ee make testacc-up
+      stop: SERVICE=gitlab-ee make testacc-down

 tasks:
  getDependencies:

--- a/internal/provider/resource_gitlab_group_membership.go
+++ b/internal/provider/resource_gitlab_group_membership.go
@@ -89,11 +89,15 @@ func (r *gitlabGroupMembershipResource) Schema(ctc context.Context, req resource
 			},
 			"member_role_id": schema.Int64Attribute{
 				MarkdownDescription: "The ID of a custom member role. Only available for Ultimate instances.",
+				PlanModifiers:       []planmodifier.Int64{int64planmodifier.UseStateForUnknown()},
 				Optional:            true,
+				Computed:            true,
 			},
 			"expires_at": schema.StringAttribute{
 				MarkdownDescription: "Expiration date for the group membership. Format: `YYYY-MM-DD`",
+				PlanModifiers:       []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
 				Optional:            true,
+				Computed:            true,
 			},
 			"skip_subresources_on_destroy": schema.BoolAttribute{
 				MarkdownDescription: "Whether the deletion of direct memberships of the removed member in subgroups and projects should be skipped. Only used during a destroy.",
@@ -146,7 +150,7 @@ func (d *gitlabGroupMembershipResource) Create(ctx context.Context, req resource
 		ExpiresAt:   &expiresAt,
 	}

-	if !data.MemberRoleID.IsNull() {
+	if !data.MemberRoleID.IsNull() && !data.MemberRoleID.IsUnknown() {
 		options.MemberRoleID = gitlab.Ptr(int(data.MemberRoleID.ValueInt64()))
 	}

@@ -217,7 +221,7 @@ func (d *gitlabGroupMembershipResource) Update(ctx context.Context, req resource
 		ExpiresAt:   &expiresAt,
 	}

-	if !data.MemberRoleID.IsNull() {
+	if !data.MemberRoleID.IsNull() && !data.MemberRoleID.IsUnknown() {
 		options.MemberRoleID = gitlab.Ptr(int(data.MemberRoleID.ValueInt64()))
 	}

@@ -280,10 +284,14 @@ func (data *gitlabGroupMembershipResourceModel) groupMembershipToStateModel(grou

 	if groupMember.MemberRole != nil {
 		data.MemberRoleID = types.Int64Value(int64(groupMember.MemberRole.ID))
+	} else {
+		data.MemberRoleID = types.Int64Null()
 	}

 	if groupMember.ExpiresAt != nil {
 		data.ExpiresAt = types.StringValue(groupMember.ExpiresAt.String())
+	} else {
+		data.ExpiresAt = types.StringNull()
 	}

 	if data.SkipSubresourcesOnDestroy.IsNull() {

--- a/internal/provider/resource_gitlab_group_membership_test.go
+++ b/internal/provider/resource_gitlab_group_membership_test.go
@@ -4,11 +4,11 @@
 package provider

 import (
-	"errors"
 	"fmt"
 	"strconv"
 	"testing"

+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	gitlab "gitlab.com/gitlab-org/api/client-go"
@@ -17,6 +17,7 @@ import (
 )

 func TestAccGitlabGroupMembership_basic(t *testing.T) {
+
 	var groupMember gitlab.GroupMember
 	group := testutil.CreateGroups(t, 1)[0]
 	user := testutil.CreateUsers(t, 1)[0]
@@ -148,36 +149,25 @@ func TestAccGitlabGroupMembership_useCustomRole(t *testing.T) {
 	// custom roles only available to EE ultimate
 	testutil.SkipIfCE(t)

-	// Group level custom roles don't work on self managed, so we can't test them without a SaaS project.
-	// See https://gitlab.com/gitlab-org/gitlab/-/issues/439284 for more details
-	t.Skip()
-
 	// create a user
 	user := testutil.CreateUsers(t, 1)[0]
 	// create a group to give them a membership to
 	group := testutil.CreateGroups(t, 1)[0]

-	// Create a custom role on that group - we don't need to clean this up, since it's bound to the group
-	// which will be deleted when the test finishes.
-	roleOne, _, errOne := testutil.TestGitlabClient.MemberRolesService.CreateMemberRole(group.ID, &gitlab.CreateMemberRoleOptions{
-		Name:              gitlab.Ptr("test-role"),
+	// Create an instance role (since group roles don't work on self-hosted anymore)
+	rInt := acctest.RandInt()
+	roleOne := testutil.CreateCustomInstanceRole(t, &gitlab.CreateMemberRoleOptions{
+		Name:              gitlab.Ptr(fmt.Sprintf("test-role-%d", rInt)),
 		BaseAccessLevel:   gitlab.Ptr(gitlab.MaintainerPermissions),
 		ReadVulnerability: gitlab.Ptr(true),
 	})

-	// Create a second custom role on that group (for testing update)
-	roleTwo, _, errTwo := testutil.TestGitlabClient.MemberRolesService.CreateMemberRole(group.ID, &gitlab.CreateMemberRoleOptions{
-		Name:              gitlab.Ptr("test-role-update"),
+	roleTwo := testutil.CreateCustomInstanceRole(t, &gitlab.CreateMemberRoleOptions{
+		Name:              gitlab.Ptr(fmt.Sprintf("test-role-two-%d", rInt)),
 		BaseAccessLevel:   gitlab.Ptr(gitlab.MaintainerPermissions),
 		ReadVulnerability: gitlab.Ptr(true),
 	})

-	// If either of our role creations fail, short-circuit the test
-	err := errors.Join(errOne, errTwo)
-	if err != nil {
-		t.Fatalf("Failed to create one of the two testing roles. Error: %v", err)
-	}
-
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
 		CheckDestroy:             testAccCheckGitlabGroupMembershipDestroy,

--- a/internal/provider/testutil/helpers.go
+++ b/internal/provider/testutil/helpers.go
@@ -1293,3 +1293,19 @@ func CreateGroupAccessToken(t *testing.T, groupID int) *gitlab.GroupAccessToken

 	return groupAccessToken
 }
+
+func CreateCustomInstanceRole(t *testing.T, input *gitlab.CreateMemberRoleOptions) *gitlab.MemberRole {
+	role, _, err := TestGitlabClient.MemberRolesService.CreateInstanceMemberRole(input)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Cleanup(func() {
+		_, err = TestGitlabClient.MemberRolesService.DeleteInstanceMemberRole(role.ID)
+		if err != nil {
+			t.Fatalf("Failed to destroy custom role: %v", err)
+		}
+	})
+
+	return role
+}