DXCDT-470: Updating ordering of value.difference, updating tests (#650)

Co-authored-by: Will Vedder <will.vedder@okta.com>

internal/auth0/connection/expand.go

@@ -792,11 +792,12 @@ func expandConnectionOptionsScopes(d *schema.ResourceData, s scoper) {
 	scopesList := d.Get("options.0.scopes").(*schema.Set).List()
 
 	_, scopesToDisable := value.Difference(d, "options.0.scopes")
-	for _, scope := range scopesList {
-		s.SetScopes(true, scope.(string))
-	}
 
 	for _, scope := range scopesToDisable {
 		s.SetScopes(false, scope.(string))
 	}
+
+	for _, scope := range scopesList {
+		s.SetScopes(true, scope.(string))
+	}
 }

internal/auth0/connection/resource_test.go

@@ -1454,6 +1454,40 @@ func TestAccConnectionGitHub(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.github", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
 				),
 			},
+			{
+				Config: acctest.ParseTestName(testAccConnectionGitHubConfigRemoveScopes, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_connection.github", "options.0.scopes.#", "2"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "email"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "profile"),
+				),
+			},
+			{
+				Config: acctest.ParseTestName(testAccConnectionGitHubConfig, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_connection.github", "options.0.scopes.#", "20"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "email"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "profile"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "follow"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "read_repo_hook"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "admin_public_key"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "write_public_key"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "write_repo_hook"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "write_org"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "read_user"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "admin_repo_hook"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "admin_org"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "repo"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "repo_status"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "read_org"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "gist"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "repo_deployment"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "public_repo"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "notifications"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "delete_repo"),
+					resource.TestCheckTypeSetElemAttr("auth0_connection.github", "options.0.scopes.*", "read_public_key"),
+				),
+			},
 		},
 	})
 }
@@ -1478,6 +1512,23 @@ resource "auth0_connection" "github" {
 }
 `
 
+const testAccConnectionGitHubConfigRemoveScopes = `
+resource "auth0_connection" "github" {
+	name = "Acceptance-Test-GitHub-{{.testName}}"
+	strategy = "github"
+	options {
+		client_id = "client-id"
+		client_secret = "client-secret"
+		scopes = [ "email", "profile"]
+		upstream_params = jsonencode({
+			"screen_name": {
+				"alias": "login_hint"
+			}
+		})
+	}
+}
+`
+
 func TestAccConnectionWindowslive(t *testing.T) {
 	acctest.Test(t, resource.TestCase{
 		Steps: []resource.TestStep{

internal/auth0/organization/resource_member.go

@@ -84,11 +84,11 @@ func assignMemberRoles(d *schema.ResourceData, meta interface{}) error {
 
 	toAdd, toRemove := value.Difference(d, "roles")
 
-	if err := addMemberRoles(meta, organizationID, userID, toAdd); err != nil {
+	if err := removeMemberRoles(meta, organizationID, userID, toRemove); err != nil {
 		return err
 	}
 
-	return removeMemberRoles(meta, organizationID, userID, toRemove)
+	return addMemberRoles(meta, organizationID, userID, toAdd)
 }
 
 func removeMemberRoles(meta interface{}, organizationID string, userID string, roles []interface{}) error {

internal/auth0/role/resource.go

@@ -182,19 +182,19 @@ func expandRole(d *schema.ResourceData) *management.Role {
 func assignRolePermissions(d *schema.ResourceData, m interface{}) error {
 	toAdd, toRemove := value.Difference(d, "permissions")
 
-	var addPermissions []*management.Permission
-	for _, addPermission := range toAdd {
-		permission := addPermission.(map[string]interface{})
-		addPermissions = append(addPermissions, &management.Permission{
+	var rmPermissions []*management.Permission
+	for _, rmPermission := range toRemove {
+		permission := rmPermission.(map[string]interface{})
+		rmPermissions = append(rmPermissions, &management.Permission{
 			Name:                     auth0.String(permission["name"].(string)),
 			ResourceServerIdentifier: auth0.String(permission["resource_server_identifier"].(string)),
 		})
 	}
 
-	var rmPermissions []*management.Permission
-	for _, rmPermission := range toRemove {
-		permission := rmPermission.(map[string]interface{})
-		rmPermissions = append(rmPermissions, &management.Permission{
+	var addPermissions []*management.Permission
+	for _, addPermission := range toAdd {
+		permission := addPermission.(map[string]interface{})
+		addPermissions = append(addPermissions, &management.Permission{
 			Name:                     auth0.String(permission["name"].(string)),
 			ResourceServerIdentifier: auth0.String(permission["resource_server_identifier"].(string)),
 		})

internal/auth0/role/resource_test.go

@@ -48,6 +48,18 @@ func TestAccRole(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.1.resource_server_name", fmt.Sprintf("Role - Acceptance Test - %s", t.Name())),
 				),
 			},
+			{
+				Config: acctest.ParseTestName(testAccRoleCreate, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_role.the_one", "name", fmt.Sprintf("The One - Acceptance Test - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "description", "The One - Acceptance Test"),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.#", "1"),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.0.name", "stop:bullets"),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.0.description", "Stop bullets"),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.0.resource_server_identifier", fmt.Sprintf("https://%s.matrix.com/", t.Name())),
+					resource.TestCheckResourceAttr("auth0_role.the_one", "permissions.0.resource_server_name", fmt.Sprintf("Role - Acceptance Test - %s", t.Name())),
+				),
+			},
 			{
 				Config: acctest.ParseTestName(testAccRoleEmptyAgain, t.Name()),
 				Check: resource.ComposeTestCheckFunc(