From 96f49519f67ea065cfaf32c1b9993aea2c1bebc3 Mon Sep 17 00:00:00 2001
From: Ian Duffy <iduffy@cloudsmith.io>
Date: Sun, 1 Dec 2024 21:21:46 +0000
Subject: [PATCH 1/2] chore(no-ticket): valid provided credentials in the plan
 phase

---
 cloudsmith/provider_config.go |  5 +++
 cloudsmith/provider_test.go   | 62 ++++++++++++++++++++++++++++++++++-
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/cloudsmith/provider_config.go b/cloudsmith/provider_config.go
index 70d2ab3..92f6860 100644
--- a/cloudsmith/provider_config.go
+++ b/cloudsmith/provider_config.go
@@ -46,6 +46,11 @@ func newProviderConfig(apiHost, apiKey, userAgent string) (*providerConfig, diag
 		},
 	)
 
+	req := apiClient.UserApi.UserSelf(auth)
+	if _, _, err := apiClient.UserApi.UserSelfExecute(req); err != nil {
+		return nil, diag.FromErr(errors.New("invalid API credentials"))
+	}
+
 	return &providerConfig{Auth: auth, APIClient: apiClient}, nil
 }
 
diff --git a/cloudsmith/provider_test.go b/cloudsmith/provider_test.go
index d206f86..112c2e8 100644
--- a/cloudsmith/provider_test.go
+++ b/cloudsmith/provider_test.go
@@ -2,9 +2,14 @@
 package cloudsmith
 
 import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"os"
+	"regexp"
 	"testing"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -31,8 +36,63 @@ func testAccPreCheck(t *testing.T) {
 	if v := os.Getenv("CLOUDSMITH_API_KEY"); v == "" {
 		t.Fatal("CLOUDSMITH_API_KEY must be set for acceptance tests")
 	}
-
 	if v := os.Getenv("CLOUDSMITH_NAMESPACE"); v == "" {
 		t.Fatal("CLOUDSMITH_NAMESPACE must be set for acceptance tests")
 	}
 }
+func TestAccProvider_UserSelfValidation(t *testing.T) {
+	// Create mock server
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/user/self/" {
+			w.Header().Set("Content-Type", "application/json")
+			if r.Header.Get("X-Api-Key") == "valid-token" {
+				w.WriteHeader(http.StatusOK)
+				fmt.Fprintln(w, `{"email": "test@example.com", "name": "Test User", "slug": "test-user", "slug_perm": "test-user"}`)
+			} else {
+				w.WriteHeader(http.StatusUnauthorized)
+				fmt.Fprintln(w, `{"error": "invalid API credentials"}`)
+			}
+		}
+	}))
+	defer server.Close()
+
+	tests := []struct {
+		name   string
+		apiKey string
+	}{
+		{
+			name:   "ValidToken",
+			apiKey: "valid-token",
+		},
+		{
+			name:   "InvalidToken",
+			apiKey: "invalid-token",
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Setenv("CLOUDSMITH_API_HOST", server.URL)
+			t.Setenv("CLOUDSMITH_API_KEY", tc.apiKey)
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { testAccPreCheck(t) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config:      selfConfig,
+						ExpectError: regexp.MustCompile("invalid API credentials"),
+						SkipFunc: func() (bool, error) {
+							// Skip error check for valid token case
+							return tc.apiKey == "valid-token", nil
+						},
+					},
+				},
+			})
+		})
+	}
+}
+
+var selfConfig string = `
+data "cloudsmith_user_self" "this" {
+}`

From ba92d2cfaf9a395e072b792678cc6cf6450e8774 Mon Sep 17 00:00:00 2001
From: Ian Duffy <iduffy@cloudsmith.io>
Date: Sun, 1 Dec 2024 22:09:14 +0000
Subject: [PATCH 2/2] Fix tests

---
 cloudsmith/resource_service_test.go | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/cloudsmith/resource_service_test.go b/cloudsmith/resource_service_test.go
index fa2f7dc..40dedb0 100644
--- a/cloudsmith/resource_service_test.go
+++ b/cloudsmith/resource_service_test.go
@@ -4,6 +4,7 @@ package cloudsmith
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -32,7 +33,7 @@ func TestAccService_basic(t *testing.T) {
 					testAccServiceCheckExists("cloudsmith_service.test"),
 					// check a sample of computed properties have been set correctly
 					resource.TestCheckResourceAttr("cloudsmith_service.test", "description", ""),
-					resource.TestCheckResourceAttr("cloudsmith_service.test", "slug", "tf-test-service"),
+					resource.TestMatchResourceAttr("cloudsmith_service.test", "slug", regexp.MustCompile("^tf-test-service.*$")),
 					resource.TestCheckResourceAttrSet("cloudsmith_service.test", "key"),
 					resource.TestCheckResourceAttr("cloudsmith_service.test", "role", "Member"),
 					resource.TestCheckNoResourceAttr("cloudsmith_service.test", "team.#"),
@@ -60,13 +61,15 @@ func TestAccService_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccServiceCheckExists("cloudsmith_service.test"),
 					resource.TestCheckResourceAttrSet("cloudsmith_service.test", "team.#"),
-					resource.TestCheckTypeSetElemNestedAttrs("cloudsmith_service.test", "team.*", map[string]string{
-						"slug": "tf-test-team-svc",
-						"role": "Member",
+
+					resource.TestMatchTypeSetElemNestedAttrs("cloudsmith_service.test", "team.*", map[string]*regexp.Regexp{
+						"slug": regexp.MustCompile("^tf-test-team-svc(-[^2].*)?$"),
+						"role": regexp.MustCompile("^Member$"),
 					}),
-					resource.TestCheckTypeSetElemNestedAttrs("cloudsmith_service.test", "team.*", map[string]string{
-						"slug": "tf-test-team-svc-2",
-						"role": "Manager",
+
+					resource.TestMatchTypeSetElemNestedAttrs("cloudsmith_service.test", "team.*", map[string]*regexp.Regexp{
+						"slug": regexp.MustCompile("^tf-test-team-svc-2.*$"),
+						"role": regexp.MustCompile("^Manager$"),
 					}),
 				),
 			},