From fb2c1a78f6792c957bec83da7712dbf28a01369f Mon Sep 17 00:00:00 2001 From: Norbert Dopjera Date: Wed, 1 Nov 2023 16:07:48 +0100 Subject: [PATCH] bug(iam): iam_member using groups API for assignment (#61) --- monte_carlo/client/monte_carlo_client.go | 32 +++- monte_carlo/resources/iam_group.go | 2 - monte_carlo/resources/iam_member.go | 118 ++++++------- monte_carlo/resources/iam_member_test.go | 207 ++++------------------- 4 files changed, 117 insertions(+), 242 deletions(-) diff --git a/monte_carlo/client/monte_carlo_client.go b/monte_carlo/client/monte_carlo_client.go index 107d6ed..669f928 100644 --- a/monte_carlo/client/monte_carlo_client.go +++ b/monte_carlo/client/monte_carlo_client.go @@ -210,7 +210,7 @@ type GetTables struct { } `graphql:"getTables(dwId: $dwId, first: $first, after: $after, isDeleted: $isDeleted, isExcluded: $isExcluded)"` } -type User struct { +type AuthorizationGroupUser struct { CognitoUserId string Email string FirstName string @@ -226,13 +226,13 @@ type AuthorizationGroup struct { Roles []struct{ Name string } DomainRestrictions []struct{ Uuid string } SsoGroup *string - Users []User + Users []AuthorizationGroupUser } type CreateOrUpdateAuthorizationGroup struct { CreateOrUpdateAuthorizationGroup struct { AuthorizationGroup AuthorizationGroup - } `graphql:"createOrUpdateAuthorizationGroup(name: $name, label: $label, description: $description, roles: $roles, memberUserIds: $memberUserIds, domainRestrictionIds: $domainRestrictionIds, ssoGroup: $ssoGroup)"` + } `graphql:"createOrUpdateAuthorizationGroup(name: $name, label: $label, description: $description, roles: $roles, domainRestrictionIds: $domainRestrictionIds, ssoGroup: $ssoGroup)"` } type GetAuthorizationGroups struct { @@ -245,6 +245,17 @@ type DeleteAuthorizationGroup struct { } `graphql:"deleteAuthorizationGroup(name: $name)"` } +type User struct { + CognitoUserId string + Email string + FirstName string + LastName string + IsSso bool + Auth struct { + Groups []string + } +} + type GetUsersInAccount struct { GetUsersInAccount struct { Edges []struct { @@ -257,3 +268,18 @@ type GetUsersInAccount struct { } } `graphql:"getUsersInAccount(email: $email, first: $first, after: $after)"` } + +type UpdateUserAuthorizationGroupMembership struct { + UpdateUserAuthorizationGroupMembership struct { + AddedToGroups []struct { + Name string + Label string + Description string + } + RemovedFromGroups []struct { + Name string + Label string + Description string + } + } `graphql:"updateUserAuthorizationGroupMembership(memberUserId: $memberUserId, groupNames: $groupNames)"` +} diff --git a/monte_carlo/resources/iam_group.go b/monte_carlo/resources/iam_group.go index cc69e40..25dd077 100644 --- a/monte_carlo/resources/iam_group.go +++ b/monte_carlo/resources/iam_group.go @@ -122,7 +122,6 @@ func (r *IamGroupResource) Create(ctx context.Context, req resource.CreateReques "roles": []string{data.Role.ValueString()}, "domainRestrictionIds": normalize[client.UUID](data.Domains), "ssoGroup": data.SsoGroup.ValueStringPointer(), - "memberUserIds": (*[]string)(nil), } if err := r.client.Mutate(ctx, &createResult, variables); err == nil { @@ -187,7 +186,6 @@ func (r *IamGroupResource) Update(ctx context.Context, req resource.UpdateReques "roles": []string{data.Role.ValueString()}, "domainRestrictionIds": normalize[client.UUID](data.Domains), "ssoGroup": data.SsoGroup.ValueStringPointer(), - "memberUserIds": (*[]string)(nil), } if err := r.client.Mutate(ctx, &updateResult, variables); err == nil { diff --git a/monte_carlo/resources/iam_member.go b/monte_carlo/resources/iam_member.go index 439bac9..5b35b61 100644 --- a/monte_carlo/resources/iam_member.go +++ b/monte_carlo/resources/iam_member.go @@ -111,7 +111,6 @@ func (r *IamMemberResource) Create(ctx context.Context, req resource.CreateReque return } - groupName := strings.Split(data.Group.ValueString(), "groups/")[1] getGroupResult := client.GetAuthorizationGroups{} variables = map[string]interface{}{} if err := r.client.Query(ctx, &getGroupResult, variables); err != nil { @@ -120,39 +119,30 @@ func (r *IamMemberResource) Create(ctx context.Context, req resource.CreateReque return } - var found *client.AuthorizationGroup + var group *client.AuthorizationGroup + groupName := strings.Split(data.Group.ValueString(), "groups/")[1] if index := slices.IndexFunc(getGroupResult.GetAuthorizationGroups, func(group client.AuthorizationGroup) bool { - return !group.IsManaged && group.Name == groupName - }); index >= 0 && getGroupResult.GetAuthorizationGroups[index].SsoGroup == nil { - found = &getGroupResult.GetAuthorizationGroups[index] + return group.SsoGroup == nil && group.Name == groupName + }); index >= 0 { + group = &getGroupResult.GetAuthorizationGroups[index] } else { to_print := fmt.Sprintf("Group %s not found or is SSO managed", data.Group.ValueString()) resp.Diagnostics.AddError(to_print, "") return } - memberUserIds := make([]string, len(found.Users)+1) - memberUserIds[len(found.Users)] = getUserResult.GetUsersInAccount.Edges[0].Node.CognitoUserId - for i, user := range found.Users { - memberUserIds[i] = user.CognitoUserId - } - - updateResult := client.CreateOrUpdateAuthorizationGroup{} + user := &getUserResult.GetUsersInAccount.Edges[0].Node + updateResult := client.UpdateUserAuthorizationGroupMembership{} variables = map[string]interface{}{ - "name": found.Name, - "label": found.Label, - "description": found.Description, - "roles": rolesToNames(found.Roles), - "domainRestrictionIds": domainsToUuids[client.UUID](found.DomainRestrictions), - "ssoGroup": found.SsoGroup, - "memberUserIds": memberUserIds, + "memberUserId": user.CognitoUserId, + "groupNames": append(user.Auth.Groups, group.Name), } if err := r.client.Mutate(ctx, &updateResult, variables); err != nil { - to_print := fmt.Sprintf("MC client 'createOrUpdateAuthorizationGroup' mutation result - %s", err.Error()) + to_print := fmt.Sprintf("MC client 'updateUserAuthorizationGroupMembership' mutation result - %s", err.Error()) resp.Diagnostics.AddError(to_print, "") } else { - data.MemberId = types.StringValue(getUserResult.GetUsersInAccount.Edges[0].Node.CognitoUserId) + data.MemberId = types.StringValue(user.CognitoUserId) resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } } @@ -172,17 +162,20 @@ func (r *IamMemberResource) Read(ctx context.Context, req resource.ReadRequest, "after": (*string)(nil), } + var foundUser *client.User if err := r.client.Query(ctx, &getUserResult, variables); err != nil { to_print := fmt.Sprintf("MC client 'getUsersInAccount' query result - %s", err.Error()) resp.Diagnostics.AddError(to_print, "") return - } else if len(getUserResult.GetUsersInAccount.Edges) == 0 { + } else if len(getUserResult.GetUsersInAccount.Edges) >= 1 { + foundUser = &getUserResult.GetUsersInAccount.Edges[0].Node + } else { to_print := fmt.Sprintf("User %s not found", userEmail) - resp.Diagnostics.AddError(to_print, "") + resp.Diagnostics.AddWarning(to_print, "") + resp.State.RemoveResource(ctx) return } - groupName := strings.Split(data.Group.ValueString(), "groups/")[1] getGroupResult := client.GetAuthorizationGroups{} variables = map[string]interface{}{} if err := r.client.Query(ctx, &getGroupResult, variables); err != nil { @@ -191,20 +184,22 @@ func (r *IamMemberResource) Read(ctx context.Context, req resource.ReadRequest, return } - var found *client.AuthorizationGroup - for _, group := range getGroupResult.GetAuthorizationGroups { - if !group.IsManaged && group.Name == groupName { - found = &group - break - } - } - - if found == nil || found.SsoGroup != nil { + var group *client.AuthorizationGroup + groupName := strings.Split(data.Group.ValueString(), "groups/")[1] + if index := slices.IndexFunc(getGroupResult.GetAuthorizationGroups, func(group client.AuthorizationGroup) bool { + return group.SsoGroup == nil && group.Name == groupName + }); index >= 0 { + group = &getGroupResult.GetAuthorizationGroups[index] + } else { + data.Group = types.StringNull() to_print := fmt.Sprintf("Group %s not found or is SSO managed", data.Group.ValueString()) resp.Diagnostics.AddWarning(to_print, "") resp.State.RemoveResource(ctx) - } else if !slices.Contains(found.Users, getUserResult.GetUsersInAccount.Edges[0].Node) { - to_print := fmt.Sprintf("User %s not found in group %s", userEmail, data.Group.ValueString()) + return + } + + if !slices.Contains(foundUser.Auth.Groups, group.Name) { + to_print := fmt.Sprintf("User %s is not a member of group %s", userEmail, data.Group.ValueString()) resp.Diagnostics.AddWarning(to_print, "") resp.State.RemoveResource(ctx) } else { @@ -214,7 +209,10 @@ func (r *IamMemberResource) Read(ctx context.Context, req resource.ReadRequest, } func (r *IamMemberResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { - // TODO + resp.Diagnostics.AddError( + "Resource 'montecarlo_iam_member' does not support updates", + "If you encounter this error please raise a issue at 'https://github.com/kiwicom/terraform-provider-montecarlo'", + ) } func (r *IamMemberResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { @@ -224,45 +222,37 @@ func (r *IamMemberResource) Delete(ctx context.Context, req resource.DeleteReque return } - groupName := strings.Split(data.Group.ValueString(), "groups/")[1] - getGroupResult := client.GetAuthorizationGroups{} - variables := map[string]interface{}{} - if err := r.client.Query(ctx, &getGroupResult, variables); err != nil { - to_print := fmt.Sprintf("MC client 'GetAuthorizationGroups' query result - %s", err.Error()) - resp.Diagnostics.AddError(to_print, "") - return + userEmail := strings.Split(data.Member.ValueString(), "user:")[1] + getUserResult := client.GetUsersInAccount{} + variables := map[string]interface{}{ + "email": userEmail, + "first": 1, + "after": (*string)(nil), } - var found *client.AuthorizationGroup - if index := slices.IndexFunc(getGroupResult.GetAuthorizationGroups, func(group client.AuthorizationGroup) bool { - return !group.IsManaged && group.Name == groupName - }); index >= 0 && getGroupResult.GetAuthorizationGroups[index].SsoGroup == nil { - found = &getGroupResult.GetAuthorizationGroups[index] + var foundUser *client.User + if err := r.client.Query(ctx, &getUserResult, variables); err != nil { + to_print := fmt.Sprintf("MC client 'getUsersInAccount' query result - %s", err.Error()) + resp.Diagnostics.AddError(to_print, "") + return + } else if len(getUserResult.GetUsersInAccount.Edges) >= 1 { + foundUser = &getUserResult.GetUsersInAccount.Edges[0].Node } else { - to_print := fmt.Sprintf("Group %s not found or is SSO managed", data.Group.ValueString()) + to_print := fmt.Sprintf("User %s not found", userEmail) resp.Diagnostics.AddWarning(to_print, "") return } - memberUserIds := make([]string, len(found.Users)) - for i, user := range found.Users { - memberUserIds[i] = user.CognitoUserId - } - - updateResult := client.CreateOrUpdateAuthorizationGroup{} - memberUserIds = slices.DeleteFunc(memberUserIds, func(userId string) bool { return userId == data.MemberId.ValueString() }) + updateResult := client.UpdateUserAuthorizationGroupMembership{} variables = map[string]interface{}{ - "name": found.Name, - "label": found.Label, - "description": found.Description, - "roles": rolesToNames(found.Roles), - "domainRestrictionIds": domainsToUuids[client.UUID](found.DomainRestrictions), - "ssoGroup": found.SsoGroup, - "memberUserIds": memberUserIds, + "memberUserId": foundUser.CognitoUserId, + "groupNames": slices.DeleteFunc(foundUser.Auth.Groups, func(groupName string) bool { + return groupName == strings.Split(data.Group.ValueString(), "groups/")[1] + }), } if err := r.client.Mutate(ctx, &updateResult, variables); err != nil { - to_print := fmt.Sprintf("MC client 'createOrUpdateAuthorizationGroup' mutation result - %s", err.Error()) + to_print := fmt.Sprintf("MC client 'updateUserAuthorizationGroupMembership' mutation result - %s", err.Error()) resp.Diagnostics.AddError(to_print, "") } } diff --git a/monte_carlo/resources/iam_member_test.go b/monte_carlo/resources/iam_member_test.go index 85936d3..53f7cc6 100644 --- a/monte_carlo/resources/iam_member_test.go +++ b/monte_carlo/resources/iam_member_test.go @@ -78,7 +78,7 @@ resource "montecarlo_iam_member" "test" { func initIamMemberMonteCarloClient(groupName, groupNameUpdated, memberEmail, memberId string) client.MonteCarloClient { mcClient := cmock.MonteCarloClient{} - mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetUsersInAccount"), mock.MatchedBy(func(in map[string]interface{}) bool { + readUser := mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetUsersInAccount"), mock.MatchedBy(func(in map[string]interface{}) bool { return in["email"] == memberEmail && in["after"] == (*string)(nil) })).Return(nil).Run(func(args mock.Arguments) { getResult := args.Get(1).(*client.GetUsersInAccount) @@ -96,190 +96,51 @@ func initIamMemberMonteCarloClient(groupName, groupNameUpdated, memberEmail, mem Roles: []struct{ Name string }{{Name: "mcd/owner"}}, DomainRestrictions: []struct{ Uuid string }{}, SsoGroup: nil, - }} - }) - - // create operation - mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.CreateOrUpdateAuthorizationGroup"), mock.MatchedBy(func(in map[string]interface{}) bool { - roles, rolesOk := in["roles"].([]string) - domainRestrictions, domainRestrictionsOk := in["domainRestrictionIds"].([]client.UUID) - memberUserIds, memberUserIdsOk := in["memberUserIds"].([]string) - return in["name"] == groupName && - in["label"] == groupName && - in["description"] == "" && - memberUserIdsOk && len(memberUserIds) == 1 && memberUserIds[0] == memberId && - rolesOk && len(roles) == 1 && roles[0] == "mcd/owner" && - domainRestrictionsOk && len(domainRestrictions) == 0 && - in["ssoGroup"] == (*string)(nil) - })).Return(nil).Run(func(args mock.Arguments) { - createResult := args.Get(1).(*client.CreateOrUpdateAuthorizationGroup) - createResult.CreateOrUpdateAuthorizationGroup.AuthorizationGroup = client.AuthorizationGroup{ - Name: groupName, - Label: groupName, + }, { + Name: groupNameUpdated, + Label: groupNameUpdated, Description: "", Roles: []struct{ Name string }{{Name: "mcd/owner"}}, DomainRestrictions: []struct{ Uuid string }{}, SsoGroup: nil, - Users: []client.User{{ - CognitoUserId: memberId, - Email: memberEmail, - }}, - } - - mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { - return call.Arguments.Is(mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything) - }) - mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything).Return(nil).Run(func(args mock.Arguments) { - getResult := args.Get(1).(*client.GetAuthorizationGroups) - getResult.GetAuthorizationGroups = []client.AuthorizationGroup{{ - Name: groupName, - Label: groupName, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{{ - CognitoUserId: memberId, - Email: memberEmail, - }}, - }} - }) + }} }) - // delete operation - mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.CreateOrUpdateAuthorizationGroup"), mock.MatchedBy(func(in map[string]interface{}) bool { - roles, rolesOk := in["roles"].([]string) - domainRestrictions, domainRestrictionsOk := in["domainRestrictionIds"].([]client.UUID) - memberUserIds, memberUserIdsOk := in["memberUserIds"].([]string) - return in["name"] == groupName && - in["label"] == groupName && - in["description"] == "" && - memberUserIdsOk && len(memberUserIds) == 0 && - rolesOk && len(roles) == 1 && roles[0] == "mcd/owner" && - domainRestrictionsOk && len(domainRestrictions) == 0 && - in["ssoGroup"] == (*string)(nil) + // create operation + mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.UpdateUserAuthorizationGroupMembership"), mock.MatchedBy(func(in map[string]interface{}) bool { + groupNames, groupNamesOk := in["groupNames"].([]string) + return in["memberUserId"] == memberId && groupNamesOk && len(groupNames) == 1 && groupNames[0] == groupName })).Return(nil).Run(func(args mock.Arguments) { - createResult := args.Get(1).(*client.CreateOrUpdateAuthorizationGroup) - createResult.CreateOrUpdateAuthorizationGroup.AuthorizationGroup = client.AuthorizationGroup{ - Name: groupName, - Label: groupName, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{}, - } - - mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { - return call.Arguments.Is(mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything) - }) - mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything).Return(nil).Run(func(args mock.Arguments) { - getResult := args.Get(1).(*client.GetAuthorizationGroups) - getResult.GetAuthorizationGroups = []client.AuthorizationGroup{{ - Name: groupName, - Label: groupName, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{}, - }, { - Name: groupNameUpdated, - Label: groupNameUpdated, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{}, - }} + mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { return call.Arguments.Is(readUser.Arguments...) }) + readUser = mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetUsersInAccount"), mock.MatchedBy(func(in map[string]interface{}) bool { + return in["email"] == memberEmail && in["after"] == (*string)(nil) + })).Return(nil).Run(func(args mock.Arguments) { + getResult := args.Get(1).(*client.GetUsersInAccount) + node := client.User{CognitoUserId: memberId, IsSso: false, Email: memberEmail} + node.Auth.Groups = []string{groupName} + getResult.GetUsersInAccount.Edges = []struct{ Node client.User }{{Node: node}} }) }) - // update - mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.CreateOrUpdateAuthorizationGroup"), mock.MatchedBy(func(in map[string]interface{}) bool { - roles, rolesOk := in["roles"].([]string) - domainRestrictions, domainRestrictionsOk := in["domainRestrictionIds"].([]client.UUID) - memberUserIds, memberUserIdsOk := in["memberUserIds"].([]string) - return in["name"] == groupNameUpdated && - in["label"] == groupNameUpdated && - in["description"] == "" && - memberUserIdsOk && len(memberUserIds) == 1 && memberUserIds[0] == memberId && - rolesOk && len(roles) == 1 && roles[0] == "mcd/owner" && - domainRestrictionsOk && len(domainRestrictions) == 0 && - in["ssoGroup"] == (*string)(nil) - })).Return(nil).Run(func(args mock.Arguments) { - createResult := args.Get(1).(*client.CreateOrUpdateAuthorizationGroup) - createResult.CreateOrUpdateAuthorizationGroup.AuthorizationGroup = client.AuthorizationGroup{ - Name: groupNameUpdated, - Label: groupNameUpdated, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{{ - CognitoUserId: memberId, - Email: memberEmail, - }}, - } - - mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { - return call.Arguments.Is(mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything) - }) - mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything).Return(nil).Run(func(args mock.Arguments) { - getResult := args.Get(1).(*client.GetAuthorizationGroups) - getResult.GetAuthorizationGroups = []client.AuthorizationGroup{{ - Name: groupNameUpdated, - Label: groupNameUpdated, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{{ - CognitoUserId: memberId, - Email: memberEmail, - }}, - }} - }) - }) + // delete operation + mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.UpdateUserAuthorizationGroupMembership"), mock.MatchedBy(func(in map[string]interface{}) bool { + groupNames, groupNamesOk := in["groupNames"].([]string) + return in["memberUserId"] == memberId && groupNamesOk && len(groupNames) == 0 + })).Return(nil) - // delete after update operation - mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.CreateOrUpdateAuthorizationGroup"), mock.MatchedBy(func(in map[string]interface{}) bool { - roles, rolesOk := in["roles"].([]string) - domainRestrictions, domainRestrictionsOk := in["domainRestrictionIds"].([]client.UUID) - memberUserIds, memberUserIdsOk := in["memberUserIds"].([]string) - return in["name"] == groupNameUpdated && - in["label"] == groupNameUpdated && - in["description"] == "" && - memberUserIdsOk && len(memberUserIds) == 0 && - rolesOk && len(roles) == 1 && roles[0] == "mcd/owner" && - domainRestrictionsOk && len(domainRestrictions) == 0 && - in["ssoGroup"] == (*string)(nil) + // update + mcClient.On("Mutate", mock.Anything, mock.AnythingOfType("*client.UpdateUserAuthorizationGroupMembership"), mock.MatchedBy(func(in map[string]interface{}) bool { + groupNames, groupNamesOk := in["groupNames"].([]string) + return in["memberUserId"] == memberId && groupNamesOk && slices.Contains(groupNames, groupNameUpdated) })).Return(nil).Run(func(args mock.Arguments) { - createResult := args.Get(1).(*client.CreateOrUpdateAuthorizationGroup) - createResult.CreateOrUpdateAuthorizationGroup.AuthorizationGroup = client.AuthorizationGroup{ - Name: groupNameUpdated, - Label: groupNameUpdated, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{}, - } - - mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { - return call.Arguments.Is(mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything) - }) - mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetAuthorizationGroups"), mock.Anything).Return(nil).Run(func(args mock.Arguments) { - getResult := args.Get(1).(*client.GetAuthorizationGroups) - getResult.GetAuthorizationGroups = []client.AuthorizationGroup{{ - Name: groupNameUpdated, - Label: groupNameUpdated, - Description: "", - Roles: []struct{ Name string }{{Name: "mcd/owner"}}, - DomainRestrictions: []struct{ Uuid string }{}, - SsoGroup: nil, - Users: []client.User{}, - }} + mcClient.ExpectedCalls = slices.DeleteFunc(mcClient.ExpectedCalls, func(call *mock.Call) bool { return call.Arguments.Is(readUser.Arguments...) }) + readUser = mcClient.On("Query", mock.Anything, mock.AnythingOfType("*client.GetUsersInAccount"), mock.MatchedBy(func(in map[string]interface{}) bool { + return in["email"] == memberEmail && in["after"] == (*string)(nil) + })).Return(nil).Run(func(args mock.Arguments) { + getResult := args.Get(1).(*client.GetUsersInAccount) + node := client.User{CognitoUserId: memberId, IsSso: false, Email: memberEmail} + node.Auth.Groups = []string{groupNameUpdated} + getResult.GetUsersInAccount.Edges = []struct{ Node client.User }{{Node: node}} }) }) return &mcClient