Testing Optional Removal Configs

GNUmakefile

@@ -41,7 +41,7 @@ test-ci: fmtcheck
 	go test -coverprofile=coverage.out ./...
 	go tool cover -html=coverage.out -o coverage.html
 
-testacc: fmtcheck
+testacc:
 	@if [ "$(TESTARGS)" = "-run=TestAccXXX" ]; then \
 		echo ""; \
 		echo "Error: Skipping example acceptance testing pattern. Update TESTARGS to match the test naming in the relevant *_test.go file."; \

docs/data-sources/boundary_cluster.md

@@ -33,8 +33,9 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 
 ### Read-Only
 
+- `auth_token_time_to_live` (String) The time to live for the auth token in golang's time.Duration string format.
+- `auth_token_time_to_stale` (String) The time to stale for the auth token in golang's time.Duration string format.
 - `cluster_url` (String) A unique URL identifying the Boundary cluster.
-- `controller_config` (List of Object) (see [below for nested schema](#nestedatt--controller_config))
 - `created_at` (String) The time that the Boundary cluster was created.
 - `id` (String) The ID of this resource.
 - `maintenance_window_config` (List of Object) (see [below for nested schema](#nestedatt--maintenance_window_config))
@@ -50,15 +51,6 @@ Optional:
 - `default` (String)
 
 
-<a id="nestedatt--controller_config"></a>
-### Nested Schema for `controller_config`
-
-Read-Only:
-
-- `auth_token_time_to_live` (String)
-- `auth_token_time_to_stale` (String)
-
-
 <a id="nestedatt--maintenance_window_config"></a>
 ### Nested Schema for `maintenance_window_config`
 

docs/resources/boundary_cluster.md

@@ -22,10 +22,8 @@ resource "hcp_boundary_cluster" "example" {
     end          = 12
     upgrade_type = "SCHEDULED"
   }
-  controller_config {
-    auth_token_time_to_live  = "36h0m0s"
-    auth_token_time_to_stale = "12h0m0s"
-  }
+  auth_token_time_to_live  = "36h0m0s"
+  auth_token_time_to_stale = "12h0m0s"
 }
 ```
 
@@ -41,7 +39,8 @@ resource "hcp_boundary_cluster" "example" {
 
 ### Optional
 
-- `controller_config` (Block List, Max: 1) The controller configuration for the Boundary cluster. (see [below for nested schema](#nestedblock--controller_config))
+- `auth_token_time_to_live` (String) The time to live for the auth token in golang's time.Duration string format.
+- `auth_token_time_to_stale` (String) The time to stale for the auth token in golang's time.Duration string format.
 - `maintenance_window_config` (Block List, Max: 1) The maintenance window configuration for when cluster upgrades can take place. (see [below for nested schema](#nestedblock--maintenance_window_config))
 - `project_id` (String) The ID of the HCP project where the Boundary cluster is located.
 If not specified, the project specified in the HCP Provider config block will be used, if configured.
@@ -56,15 +55,6 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 - `state` (String) The state of the Boundary cluster.
 - `version` (String) The version of the Boundary cluster.
 
-<a id="nestedblock--controller_config"></a>
-### Nested Schema for `controller_config`
-
-Optional:
-
-- `auth_token_time_to_live` (String) The time to live for the auth token in the format of golang's time.Duration string.
-- `auth_token_time_to_stale` (String) The time to stale for the auth token in the format of golang's time.Duration string.
-
-
 <a id="nestedblock--maintenance_window_config"></a>
 ### Nested Schema for `maintenance_window_config`
 

examples/resources/hcp_boundary_cluster/resource.tf

@@ -8,8 +8,6 @@ resource "hcp_boundary_cluster" "example" {
     end          = 12
     upgrade_type = "SCHEDULED"
   }
-  controller_config {
-    auth_token_time_to_live  = "36h0m0s"
-    auth_token_time_to_stale = "12h0m0s"
-  }
+  auth_token_time_to_live  = "36h0m0s"
+  auth_token_time_to_stale = "12h0m0s"
 }

internal/providersdkv2/data_source_boundary_cluster.go

@@ -94,23 +94,15 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
-			"controller_config": {
-				Type:     schema.TypeList,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"auth_token_time_to_live": {
-							Description: "The time to live for the auth token in time.Duration format.",
-							Type:        schema.TypeString,
-							Computed:    true,
-						},
-						"auth_token_time_to_stale": {
-							Description: "The time to stale for the auth token in time.Duration format.",
-							Type:        schema.TypeString,
-							Computed:    true,
-						},
-					},
-				},
+			"auth_token_time_to_live": {
+				Description: "The time to live for the auth token in golang's time.Duration string format.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"auth_token_time_to_stale": {
+				Description: "The time to stale for the auth token in golang's time.Duration string format.",
+				Type:        schema.TypeString,
+				Computed:    true,
 			},
 		},
 	}

internal/providersdkv2/resource_boundary_cluster.go

@@ -166,51 +166,42 @@ If a project is not configured in the HCP Provider config block, the oldest proj
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
-			"controller_config": {
-				Description: "The controller configuration for the Boundary cluster.",
-				Type:        schema.TypeList,
-				Optional:    true,
-				Computed:    true,
-				MaxItems:    1,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"auth_token_time_to_live": {
-							Description: "The time to live for the auth token in the format of golang's time.Duration string.",
-							Type:        schema.TypeString,
-							Optional:    true,
-							ValidateFunc: func(i any, k string) (warnings []string, errors []error) {
-								_, err := time.ParseDuration(i.(string))
-								if err != nil {
-									errors = append(errors, fmt.Errorf("expected %s to be a valid duration, got %s", k, i))
-								}
-								return warnings, errors
-							},
-							RequiredWith: []string{"controller_config.0.auth_token_time_to_stale"},
-							DiffSuppressFunc: func(_, old, new string, _ *schema.ResourceData) bool {
-								oldTime, _ := time.ParseDuration(old)
-								newTime, _ := time.ParseDuration(new)
-								return newTime == oldTime
-							},
-						},
-						"auth_token_time_to_stale": {
-							Description: "The time to stale for the auth token in the format of golang's time.Duration string.",
-							Type:        schema.TypeString,
-							Optional:    true,
-							ValidateFunc: func(i any, k string) (warnings []string, errors []error) {
-								_, err := time.ParseDuration(i.(string))
-								if err != nil {
-									errors = append(errors, fmt.Errorf("expected %s to be a valid duration, got %s", k, i))
-								}
-								return warnings, errors
-							},
-							RequiredWith: []string{"controller_config.0.auth_token_time_to_live"},
-							DiffSuppressFunc: func(_, old, new string, _ *schema.ResourceData) bool {
-								oldTime, _ := time.ParseDuration(old)
-								newTime, _ := time.ParseDuration(new)
-								return newTime == oldTime
-							},
-						},
-					},
+			"auth_token_time_to_live": {
+				Description:  "The time to live for the auth token in golang's time.Duration string format.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "1680h0m0s",
+				RequiredWith: []string{"auth_token_time_to_stale"},
+				ValidateFunc: func(i any, k string) (warnings []string, errors []error) {
+					_, err := time.ParseDuration(i.(string))
+					if err != nil {
+						errors = append(errors, fmt.Errorf("expected %s to be a valid duration, got %s", k, i))
+					}
+					return warnings, errors
+				},
+				DiffSuppressFunc: func(_, old, new string, _ *schema.ResourceData) bool {
+					oldTime, _ := time.ParseDuration(old)
+					newTime, _ := time.ParseDuration(new)
+					return newTime == oldTime
+				},
+			},
+			"auth_token_time_to_stale": {
+				Description:  "The time to stale for the auth token in golang's time.Duration string format.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "24h0m0s",
+				RequiredWith: []string{"auth_token_time_to_live"},
+				ValidateFunc: func(i any, k string) (warnings []string, errors []error) {
+					_, err := time.ParseDuration(i.(string))
+					if err != nil {
+						errors = append(errors, fmt.Errorf("expected %s to be a valid duration, got %s", k, i))
+					}
+					return warnings, errors
+				},
+				DiffSuppressFunc: func(_, old, new string, _ *schema.ResourceData) bool {
+					oldTime, _ := time.ParseDuration(old)
+					newTime, _ := time.ParseDuration(new)
+					return newTime == oldTime
 				},
 			},
 		},
@@ -325,14 +316,8 @@ func resourceBoundaryClusterCreate(ctx context.Context, d *schema.ResourceData,
 		currentUpgradeType = upgradeType
 	}
 
-	// Retrieve the controller configuration in the case it was not provided
-	currentControllerConfig, err := clients.GetBoundaryClusterControllerConfigByID(ctx, client, loc, clusterID)
-	if err != nil {
-		return diag.Errorf("unable to fetch controller configuration for Boundary cluster (%s): %v", clusterID, err)
-	}
-
 	// set Boundary cluster resource data
-	err = setBoundaryClusterResourceData(d, cluster, currentUpgradeType, currentMaintenanceWindow, currentControllerConfig)
+	err = setBoundaryClusterResourceData(d, cluster, currentUpgradeType, currentMaintenanceWindow, controllerConfig)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -586,21 +571,21 @@ func setBoundaryClusterResourceData(d *schema.ResourceData, cluster *boundarymod
 		return err
 	}
 
-	ctrlConfig := map[string]any{}
-	if clusterCtrlConfig != nil {
-		authTTL, err := time.ParseDuration(clusterCtrlConfig.AuthTokenTimeToLive)
-		if err != nil {
-			return fmt.Errorf("unable to parse auth_token_time_to_live to time: %v", err)
-		}
-		authTTS, err := time.ParseDuration(clusterCtrlConfig.AuthTokenTimeToStale)
-		if err != nil {
-			return fmt.Errorf("unable to parse auth_token_time_to_stale to time: %v", err)
-		}
-		ctrlConfig["auth_token_time_to_live"] = authTTL.String()
-		ctrlConfig["auth_token_time_to_stale"] = authTTS.String()
+	authTTL, err := time.ParseDuration(clusterCtrlConfig.AuthTokenTimeToLive)
+	if err != nil {
+		return fmt.Errorf("unable to parse auth_token_time_to_live to time: %v", err)
+	}
+
+	authTTS, err := time.ParseDuration(clusterCtrlConfig.AuthTokenTimeToStale)
+	if err != nil {
+		return fmt.Errorf("unable to parse auth_token_time_to_stale to time: %v", err)
+	}
+
+	if err := d.Set("auth_token_time_to_live", authTTL.String()); err != nil {
+		return err
 	}
 
-	if err := d.Set("controller_config", []any{ctrlConfig}); err != nil {
+	if err := d.Set("auth_token_time_to_stale", authTTS.String()); err != nil {
 		return err
 	}
 
@@ -671,33 +656,21 @@ func getBoundaryClusterMaintainanceWindowConfig(d *schema.ResourceData) (*bounda
 }
 
 func getBoundaryClusterControllerConfig(d *schema.ResourceData) (*boundarymodels.HashicorpCloudBoundary20211221ControllerConfiguration, diag.Diagnostics) {
-	if !d.HasChange("controller_config") {
+	if !d.HasChange("auth_token_time_to_live") && !d.HasChange("auth_token_time_to_stale") {
 		return nil, nil
 	}
 
-	// get the controller_config resources
-	controllerConfigParam, ok := d.GetOk("controller_config")
-	if !ok {
-		return nil, nil
-	}
+	controllerConfig := &boundarymodels.HashicorpCloudBoundary20211221ControllerConfiguration{}
 
-	// convert to []any is required even though we set a MaxItems=1
-	controllerConfigs, ok := controllerConfigParam.([]any)
-	if !ok || len(controllerConfigs) == 0 {
-		return nil, nil
+	authTTL, err := time.ParseDuration(d.Get("auth_token_time_to_live").(string))
+	if err != nil {
+		return nil, diag.Errorf("unable to parse auth_token_time_to_live to time: %v", err)
 	}
-
-	// get the elements in the config
-	controllerConfigElems, ok := controllerConfigs[0].(map[string]any)
-	if !ok || len(controllerConfigElems) == 0 {
-		return nil, nil
+	authTTS, err := time.ParseDuration(d.Get("auth_token_time_to_stale").(string))
+	if err != nil {
+		return nil, diag.Errorf("unable to parse auth_token_time_to_stale to time: %v", err)
 	}
 
-	controllerConfig := &boundarymodels.HashicorpCloudBoundary20211221ControllerConfiguration{}
-
-	authTTL, _ := time.ParseDuration(controllerConfigElems["auth_token_time_to_live"].(string))
-	authTTS, _ := time.ParseDuration(controllerConfigElems["auth_token_time_to_stale"].(string))
-
 	controllerConfig.AuthTokenTimeToLive = authTTL.String()
 	controllerConfig.AuthTokenTimeToStale = authTTS.String()
 

internal/providersdkv2/resource_boundary_cluster_test.go

@@ -35,8 +35,14 @@ var maintenanceWindowConfig = `
 	}
 `
 
+var controllerConfig = `
+	auth_token_time_to_live = "12h0m0s"
+	auth_token_time_to_stale = "1h0m0s"
+`
+
 var boundaryCluster = fmt.Sprintf(boundaryClusterResourceTemplate, "")
 var boundaryClusterWithMaintenanceWindow = fmt.Sprintf(boundaryClusterResourceTemplate, maintenanceWindowConfig)
+var boundaryClusterWithControllerConfig = fmt.Sprintf(boundaryClusterResourceTemplate, controllerConfig)
 
 func setTestAccBoundaryClusterConfig(boundaryCluster string) string {
 	return fmt.Sprintf(`
@@ -69,6 +75,8 @@ func TestAccBoundaryCluster(t *testing.T) {
 					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "state"),
 					resource.TestCheckResourceAttr(boundaryClusterResourceName, "tier", "PLUS"),
 					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "version"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_live"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_stale"),
 				),
 			},
 			{
@@ -98,6 +106,8 @@ func TestAccBoundaryCluster(t *testing.T) {
 					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "state"),
 					resource.TestCheckResourceAttr(boundaryClusterResourceName, "tier", "PLUS"),
 					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "version"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_live"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_stale"),
 				),
 			},
 			{
@@ -111,6 +121,8 @@ func TestAccBoundaryCluster(t *testing.T) {
 					resource.TestCheckResourceAttrPair(boundaryClusterResourceName, "state", boundaryClusterDataSourceName, "state"),
 					resource.TestCheckResourceAttr(boundaryClusterResourceName, "tier", "PLUS"),
 					resource.TestCheckResourceAttrPair(boundaryClusterResourceName, "version", boundaryClusterDataSourceName, "version"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_live"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_stale"),
 				),
 			},
 			{
@@ -129,6 +141,24 @@ func TestAccBoundaryCluster(t *testing.T) {
 					resource.TestCheckResourceAttr(boundaryClusterResourceName, "maintenance_window_config.0.start", "2"),
 					resource.TestCheckResourceAttr(boundaryClusterResourceName, "maintenance_window_config.0.end", "12"),
 					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "version"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_live"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "auth_token_time_to_stale"),
+				),
+			},
+			{
+				// this test step tests creating a boundary cluster with non-default controller config settings.
+				Config: testConfig(setTestAccBoundaryClusterConfig(boundaryClusterWithControllerConfig)),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckBoundaryClusterExists(boundaryClusterResourceName),
+					resource.TestCheckResourceAttr(boundaryClusterResourceName, "cluster_id", boundaryUniqueID),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "created_at"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "cluster_url"),
+					testAccCheckFullURL(boundaryClusterResourceName, "cluster_url", ""),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "state"),
+					resource.TestCheckResourceAttr(boundaryClusterResourceName, "tier", "PLUS"),
+					resource.TestCheckResourceAttrSet(boundaryClusterResourceName, "version"),
+					resource.TestCheckResourceAttr(boundaryClusterResourceName, "auth_token_time_to_live", "12h0m0s"),
+					resource.TestCheckResourceAttr(boundaryClusterResourceName, "auth_token_time_to_stale", "1h0m0s"),
 				),
 			},
 		},