From 1aaaf46425988b702dd3496356289c8ac6343655 Mon Sep 17 00:00:00 2001
From: Isaac Chung <isaacchung1990@gmail.com>
Date: Fri, 23 Aug 2024 10:55:57 -0700
Subject: [PATCH 1/5] fix bug

---
 README.md                        | 2 +-
 internal/provider/common/role.go | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2daf6683..9ca029fc 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 ## Requirements
 
-- [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.0
+- [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.7
 - [Go](https://golang.org/doc/install) >= 1.21
 
 ## Building The Provider
diff --git a/internal/provider/common/role.go b/internal/provider/common/role.go
index 29cbcc2c..8d4dcb87 100644
--- a/internal/provider/common/role.go
+++ b/internal/provider/common/role.go
@@ -120,6 +120,7 @@ func ValidateWorkspaceDeploymentRoles(ctx context.Context, input ValidateWorkspa
 	deploymentWorkspaceIds := lo.Map(listDeployments.JSON200.Deployments, func(deployment platform.Deployment, _ int) string {
 		return deployment.WorkspaceId
 	})
+	deploymentWorkspaceIds = lo.Uniq(deploymentWorkspaceIds)
 
 	// get list of workspaceIds
 	workspaceIds := lo.Map(input.WorkspaceRoles, func(role iam.WorkspaceRole, _ int) string {
@@ -127,7 +128,7 @@ func ValidateWorkspaceDeploymentRoles(ctx context.Context, input ValidateWorkspa
 	})
 
 	// check if deploymentWorkspaceIds are in workspaceIds
-	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), lo.Uniq(deploymentWorkspaceIds))
+	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), deploymentWorkspaceIds)
 	if len(workspaceIds) != len(deploymentWorkspaceIds) {
 		tflog.Error(ctx, "failed to mutate roles")
 		return diag.Diagnostics{diag.NewErrorDiagnostic(

From dac16ec3a9426effd0aba02a9c7e16732a2728e9 Mon Sep 17 00:00:00 2001
From: Isaac Chung <isaacchung1990@gmail.com>
Date: Fri, 23 Aug 2024 13:09:14 -0700
Subject: [PATCH 2/5] remove release name from script release

---
 .github/workflows/build-release-import-script.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-release-import-script.yml b/.github/workflows/build-release-import-script.yml
index 68f5fbb0..4b1e23e0 100644
--- a/.github/workflows/build-release-import-script.yml
+++ b/.github/workflows/build-release-import-script.yml
@@ -80,7 +80,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag_name: ${{ steps.get_version.outputs.VERSION }}
-          release_name: Release Astro Import Script ${{ steps.get_version.outputs.VERSION }}
+          release_name: Astro Import Script ${{ steps.get_version.outputs.VERSION }}
           draft: false
           prerelease: false
 

From dcaf3430db7d8e554cb0db1fd69f0bb75afa30fd Mon Sep 17 00:00:00 2001
From: Isaac Chung <isaacchung1990@gmail.com>
Date: Fri, 23 Aug 2024 13:25:10 -0700
Subject: [PATCH 3/5] test for error

---
 internal/provider/common/role.go              |  6 ++---
 .../resources/resource_user_roles_test.go     | 24 +++++++++++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/internal/provider/common/role.go b/internal/provider/common/role.go
index 8d4dcb87..251bd8a8 100644
--- a/internal/provider/common/role.go
+++ b/internal/provider/common/role.go
@@ -120,15 +120,15 @@ func ValidateWorkspaceDeploymentRoles(ctx context.Context, input ValidateWorkspa
 	deploymentWorkspaceIds := lo.Map(listDeployments.JSON200.Deployments, func(deployment platform.Deployment, _ int) string {
 		return deployment.WorkspaceId
 	})
-	deploymentWorkspaceIds = lo.Uniq(deploymentWorkspaceIds)
-
+	//deploymentWorkspaceIds = lo.Uniq(deploymentWorkspaceIds)
 	// get list of workspaceIds
 	workspaceIds := lo.Map(input.WorkspaceRoles, func(role iam.WorkspaceRole, _ int) string {
 		return role.WorkspaceId
 	})
 
 	// check if deploymentWorkspaceIds are in workspaceIds
-	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), deploymentWorkspaceIds)
+	//workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), deploymentWorkspaceIds)
+	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), lo.Uniq(deploymentWorkspaceIds))
 	if len(workspaceIds) != len(deploymentWorkspaceIds) {
 		tflog.Error(ctx, "failed to mutate roles")
 		return diag.Diagnostics{diag.NewErrorDiagnostic(
diff --git a/internal/provider/resources/resource_user_roles_test.go b/internal/provider/resources/resource_user_roles_test.go
index 3cd9b53e..260436fb 100644
--- a/internal/provider/resources/resource_user_roles_test.go
+++ b/internal/provider/resources/resource_user_roles_test.go
@@ -55,6 +55,30 @@ func TestAcc_ResourceUserRoles(t *testing.T) {
 					}),
 				ExpectError: regexp.MustCompile("Unable to mutate roles, not every deployment role has a corresponding workspace role"),
 			},
+			// Test failure: check for missing corresponding workspace role if deployment role is present
+			{
+				Config: astronomerprovider.ProviderConfig(t, astronomerprovider.HOSTED) +
+					userRoles(userRolesInput{
+						OrganizationRole: string(iam.ORGANIZATIONOWNER),
+						WorkspaceRoles: []utils.Role{
+							{
+								Role:     string(iam.WORKSPACEOWNER),
+								EntityId: workspaceId,
+							},
+						},
+						DeploymentRoles: []utils.Role{
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: deploymentId,
+							},
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: "cm070pg0r00wd01qgnskk0dir",
+							},
+						},
+					}),
+				ExpectError: regexp.MustCompile("Unable to mutate roles, not every deployment role has a corresponding workspace role"),
+			},
 			// Test failure: check for multiple roles with same entity id
 			{
 				Config: astronomerprovider.ProviderConfig(t, astronomerprovider.HOSTED) +

From 17e741d52b1462cf26ed454b5aa2bc6ea3e763e6 Mon Sep 17 00:00:00 2001
From: Isaac Chung <isaacchung1990@gmail.com>
Date: Fri, 23 Aug 2024 14:08:42 -0700
Subject: [PATCH 4/5] fix role bug

---
 .github/workflows/testacc.yml                           | 3 +++
 internal/provider/common/role.go                        | 6 +++---
 internal/provider/resources/resource_user_roles_test.go | 3 ++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/testacc.yml b/.github/workflows/testacc.yml
index de4cb2f3..d25c9072 100644
--- a/.github/workflows/testacc.yml
+++ b/.github/workflows/testacc.yml
@@ -94,6 +94,7 @@ jobs:
           HOSTED_USER_ID: clz3a4ymt004x01on8w5ydq8j
           HOSTED_DUMMY_USER_ID: clzawipbm00bm01qw98vzzoca
           HOSTED_DEPLOYMENT_ID: clyn6kxud003x01mtxmccegnh
+          HOSTED_STANDARD_DEPLOYMENT_ID: cm070pg0r00wd01qgnskk0dir
           HOSTED_WORKSPACE_ID: clx42sxw501gl01o0gjenthnh
           HOSTED_API_TOKEN_ID: clxm4836f00ql01me3nigmcr6
           TESTARGS: "-failfast"
@@ -145,6 +146,7 @@ jobs:
           HOSTED_USER_ID: clz3a95hw00j301jj5jfmcgwd
           HOSTED_DUMMY_USER_ID: clzawlsb701vv01ikvsqz5mws
           HOSTED_DEPLOYMENT_ID: cly6exz4a00zd01k18t5bo1vf
+          HOSTED_STANDARD_DEPLOYMENT_ID: cm077ee2807g301kpjkqdoc15
           HOSTED_WORKSPACE_ID: clx480rvx068u01j9mp7t7fqh
           HOSTED_API_TOKEN_ID: clxm46ged05b301neuucdqwox
           TESTARGS: "-failfast"
@@ -196,6 +198,7 @@ jobs:
           HOSTED_USER_ID: clz3a4ymt004x01on8w5ydq8j
           HOSTED_DUMMY_USER_ID: clzawipbm00bm01qw98vzzoca
           HOSTED_DEPLOYMENT_ID: clyn6kxud003x01mtxmccegnh
+          HOSTED_STANDARD_DEPLOYMENT_ID: cm070pg0r00wd01qgnskk0dir
           HOSTED_WORKSPACE_ID: clx42sxw501gl01o0gjenthnh
           HOSTED_API_TOKEN_ID: clxm4836f00ql01me3nigmcr6
           TESTARGS: "-failfast"
diff --git a/internal/provider/common/role.go b/internal/provider/common/role.go
index 251bd8a8..8d4dcb87 100644
--- a/internal/provider/common/role.go
+++ b/internal/provider/common/role.go
@@ -120,15 +120,15 @@ func ValidateWorkspaceDeploymentRoles(ctx context.Context, input ValidateWorkspa
 	deploymentWorkspaceIds := lo.Map(listDeployments.JSON200.Deployments, func(deployment platform.Deployment, _ int) string {
 		return deployment.WorkspaceId
 	})
-	//deploymentWorkspaceIds = lo.Uniq(deploymentWorkspaceIds)
+	deploymentWorkspaceIds = lo.Uniq(deploymentWorkspaceIds)
+
 	// get list of workspaceIds
 	workspaceIds := lo.Map(input.WorkspaceRoles, func(role iam.WorkspaceRole, _ int) string {
 		return role.WorkspaceId
 	})
 
 	// check if deploymentWorkspaceIds are in workspaceIds
-	//workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), deploymentWorkspaceIds)
-	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), lo.Uniq(deploymentWorkspaceIds))
+	workspaceIds = lo.Intersect(lo.Uniq(workspaceIds), deploymentWorkspaceIds)
 	if len(workspaceIds) != len(deploymentWorkspaceIds) {
 		tflog.Error(ctx, "failed to mutate roles")
 		return diag.Diagnostics{diag.NewErrorDiagnostic(
diff --git a/internal/provider/resources/resource_user_roles_test.go b/internal/provider/resources/resource_user_roles_test.go
index 260436fb..18bb5c0e 100644
--- a/internal/provider/resources/resource_user_roles_test.go
+++ b/internal/provider/resources/resource_user_roles_test.go
@@ -21,6 +21,7 @@ import (
 func TestAcc_ResourceUserRoles(t *testing.T) {
 	workspaceId := os.Getenv("HOSTED_WORKSPACE_ID")
 	deploymentId := os.Getenv("HOSTED_DEPLOYMENT_ID")
+	standardDeploymentId := os.Getenv("HOSTED_STANDARD_DEPLOYMENT_ID")
 	userId := os.Getenv("HOSTED_DUMMY_USER_ID")
 	tfVarName := fmt.Sprintf("astro_user_roles.%v", userId)
 	resource.Test(t, resource.TestCase{
@@ -73,7 +74,7 @@ func TestAcc_ResourceUserRoles(t *testing.T) {
 							},
 							{
 								Role:     "DEPLOYMENT_ADMIN",
-								EntityId: "cm070pg0r00wd01qgnskk0dir",
+								EntityId: standardDeploymentId,
 							},
 						},
 					}),

From 3e598cf468c2ad0dd6c18195ae4e7be7a84157dc Mon Sep 17 00:00:00 2001
From: Isaac Chung <isaacchung1990@gmail.com>
Date: Fri, 23 Aug 2024 14:10:58 -0700
Subject: [PATCH 5/5] fix role test

---
 .../resources/resource_user_roles_test.go     | 77 +++++++++++++------
 1 file changed, 53 insertions(+), 24 deletions(-)

diff --git a/internal/provider/resources/resource_user_roles_test.go b/internal/provider/resources/resource_user_roles_test.go
index 18bb5c0e..a8ad5f10 100644
--- a/internal/provider/resources/resource_user_roles_test.go
+++ b/internal/provider/resources/resource_user_roles_test.go
@@ -56,30 +56,6 @@ func TestAcc_ResourceUserRoles(t *testing.T) {
 					}),
 				ExpectError: regexp.MustCompile("Unable to mutate roles, not every deployment role has a corresponding workspace role"),
 			},
-			// Test failure: check for missing corresponding workspace role if deployment role is present
-			{
-				Config: astronomerprovider.ProviderConfig(t, astronomerprovider.HOSTED) +
-					userRoles(userRolesInput{
-						OrganizationRole: string(iam.ORGANIZATIONOWNER),
-						WorkspaceRoles: []utils.Role{
-							{
-								Role:     string(iam.WORKSPACEOWNER),
-								EntityId: workspaceId,
-							},
-						},
-						DeploymentRoles: []utils.Role{
-							{
-								Role:     "DEPLOYMENT_ADMIN",
-								EntityId: deploymentId,
-							},
-							{
-								Role:     "DEPLOYMENT_ADMIN",
-								EntityId: standardDeploymentId,
-							},
-						},
-					}),
-				ExpectError: regexp.MustCompile("Unable to mutate roles, not every deployment role has a corresponding workspace role"),
-			},
 			// Test failure: check for multiple roles with same entity id
 			{
 				Config: astronomerprovider.ProviderConfig(t, astronomerprovider.HOSTED) +
@@ -155,6 +131,59 @@ func TestAcc_ResourceUserRoles(t *testing.T) {
 					),
 				),
 			},
+			// Check that multiple deployment roles under one workspace are correctly set
+			{
+				Config: astronomerprovider.ProviderConfig(t, astronomerprovider.HOSTED) +
+					userRoles(userRolesInput{
+						OrganizationRole: string(iam.ORGANIZATIONOWNER),
+						WorkspaceRoles: []utils.Role{
+							{
+								Role:     string(iam.WORKSPACEOWNER),
+								EntityId: workspaceId,
+							},
+						},
+						DeploymentRoles: []utils.Role{
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: deploymentId,
+							},
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: standardDeploymentId,
+							},
+						},
+					}),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(tfVarName, "user_id", userId),
+					resource.TestCheckResourceAttr(tfVarName, "organization_role", string(iam.ORGANIZATIONOWNER)),
+					resource.TestCheckResourceAttr(tfVarName, "workspace_roles.#", "1"),
+					resource.TestCheckResourceAttr(tfVarName, "deployment_roles.#", "2"),
+					resource.TestCheckResourceAttr(tfVarName, "workspace_roles.0.role", string(iam.WORKSPACEOWNER)),
+					resource.TestCheckResourceAttr(tfVarName, "deployment_roles.0.role", "DEPLOYMENT_ADMIN"),
+					resource.TestCheckResourceAttr(tfVarName, "deployment_roles.1.role", "DEPLOYMENT_ADMIN"),
+
+					// Check via API that user has correct roles
+					testAccCheckUserRolesCorrect(t,
+						string(iam.ORGANIZATIONOWNER),
+						[]utils.Role{
+							{
+								Role:     string(iam.WORKSPACEOWNER),
+								EntityId: workspaceId,
+							},
+						},
+						[]utils.Role{
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: deploymentId,
+							},
+							{
+								Role:     "DEPLOYMENT_ADMIN",
+								EntityId: standardDeploymentId,
+							},
+						},
+					),
+				),
+			},
 			// Import existing user_roles and check it is correctly imported - https://stackoverflow.com/questions/68824711/how-can-i-test-terraform-import-in-acceptance-tests
 			{
 				ResourceName:                         tfVarName,