use optional infer

Author: wasaga

example/main.tf

@@ -105,6 +105,7 @@ resource "pomerium_route" "test_route" {
     pomerium_policy.test_policy.id,
   ]
   jwt_groups_filter = {
+    groups         = ["group1", "group2"]
     infer_from_ppl = true
   }
 }

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-go v0.25.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/iancoleman/strcase v0.3.0
-	github.com/pomerium/enterprise-client-go v0.28.1-0.20250124233741-2592eb1169f7
+	github.com/pomerium/enterprise-client-go v0.28.1-0.20250129215653-11b7f67dcbf4
 	github.com/pomerium/pomerium v0.28.1-0.20250122205906-0bd6d8cc8315
 	github.com/rs/zerolog v1.33.0
 	github.com/stretchr/testify v1.10.0

go.sum

@@ -231,6 +231,8 @@ github.com/pomerium/csrf v1.7.0 h1:Qp4t6oyEod3svQtKfJZs589mdUTWKVf7q0PgCKYCshY=
 github.com/pomerium/csrf v1.7.0/go.mod h1:hAPZV47mEj2T9xFs+ysbum4l7SF1IdrryYaY6PdoIqw=
 github.com/pomerium/enterprise-client-go v0.28.1-0.20250124233741-2592eb1169f7 h1:m5rq102yZxD4UWUfyq5M0+butxmhuIeh5STMjMSQzJI=
 github.com/pomerium/enterprise-client-go v0.28.1-0.20250124233741-2592eb1169f7/go.mod h1:fnT1uLizb7e1aodN9SqSiqg6iYlWoppWFdaPlSR5eKc=
+github.com/pomerium/enterprise-client-go v0.28.1-0.20250129215653-11b7f67dcbf4 h1:hT9HWRvA54ujeCl4OS8voVl5oeRhyAjxKs/7ODBJoGo=
+github.com/pomerium/enterprise-client-go v0.28.1-0.20250129215653-11b7f67dcbf4/go.mod h1:fnT1uLizb7e1aodN9SqSiqg6iYlWoppWFdaPlSR5eKc=
 github.com/pomerium/pomerium v0.28.1-0.20250122205906-0bd6d8cc8315 h1:pdCpEr39m9UomjVkTp17Q4qeTbDZj7yxEffdBXZADe4=
 github.com/pomerium/pomerium v0.28.1-0.20250122205906-0bd6d8cc8315/go.mod h1:ujclJDq2BGZuSe2/9Lz2w4MpTVIR8DrR05qyjk1OcsU=
 github.com/pomerium/protoutil v0.0.0-20240813175624-47b7ac43ff46 h1:NRTg8JOXCxcIA1lAgD74iYud0rbshbWOB3Ou4+Huil8=

internal/provider/jwt_group_filter.go

@@ -12,7 +12,7 @@ import (
 )
 
 var (
-	jwtGroupsFilterSchema = schema.SingleNestedAttribute{
+	JWTGroupsFilterSchema = schema.SingleNestedAttribute{
 		Optional:    true,
 		Description: "JWT Groups Filter",
 		Attributes: map[string]schema.Attribute{
@@ -28,7 +28,7 @@ var (
 			},
 		},
 	}
-	jwtGroupsFilterSchemaAttr = map[string]attr.Type{
+	JWTGroupsFilterSchemaAttr = map[string]attr.Type{
 		"groups": types.SetType{
 			ElemType: types.StringType,
 		},
@@ -41,7 +41,7 @@ func JWTGroupsFilterFromPB(
 	src *pb.JwtGroupsFilter,
 ) {
 	if src == nil {
-		*dst = types.ObjectNull(jwtGroupsFilterSchemaAttr)
+		*dst = types.ObjectNull(JWTGroupsFilterSchemaAttr)
 		return
 	}
 
@@ -56,9 +56,9 @@ func JWTGroupsFilterFromPB(
 		attrs["groups"] = types.SetValueMust(types.StringType, vals)
 	}
 
-	attrs["infer_from_ppl"] = types.BoolValue(src.InferFromPpl)
+	attrs["infer_from_ppl"] = types.BoolPointerValue(src.InferFromPpl)
 
-	*dst = types.ObjectValueMust(jwtGroupsFilterSchemaAttr, attrs)
+	*dst = types.ObjectValueMust(JWTGroupsFilterSchemaAttr, attrs)
 }
 
 func JWTGroupsFilterToPB(
@@ -74,7 +74,7 @@ func JWTGroupsFilterToPB(
 
 	type jwtOptions struct {
 		Groups       []string `tfsdk:"groups"`
-		InferFromPpl bool     `tfsdk:"infer_from_ppl"`
+		InferFromPpl *bool    `tfsdk:"infer_from_ppl"`
 	}
 	var opts jwtOptions
 	d := src.As(ctx, &opts, basetypes.ObjectAsOptions{

internal/provider/jwt_group_filter_test.go

@@ -1,4 +1,4 @@
-package provider
+package provider_test
 
 import (
 	"context"
@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/pomerium/enterprise-client-go/pb"
+	"github.com/pomerium/enterprise-terraform-provider/internal/provider"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/protobuf/testing/protocmp"
 )
@@ -22,15 +23,15 @@ func TestJWTGroupsFilterFromPB(t *testing.T) {
 		{
 			name:     "nil input",
 			input:    nil,
-			expected: types.ObjectNull(jwtGroupsFilterSchemaAttr),
+			expected: types.ObjectNull(provider.JWTGroupsFilterSchemaAttr),
 		},
 		{
 			name: "empty groups",
 			input: &pb.JwtGroupsFilter{
 				Groups:       []string{},
-				InferFromPpl: false,
+				InferFromPpl: P(false),
 			},
-			expected: types.ObjectValueMust(jwtGroupsFilterSchemaAttr, map[string]attr.Value{
+			expected: types.ObjectValueMust(provider.JWTGroupsFilterSchemaAttr, map[string]attr.Value{
 				"groups":         types.SetValueMust(types.StringType, []attr.Value{}),
 				"infer_from_ppl": types.BoolValue(false),
 			}),
@@ -39,9 +40,9 @@ func TestJWTGroupsFilterFromPB(t *testing.T) {
 			name: "with groups",
 			input: &pb.JwtGroupsFilter{
 				Groups:       []string{"group1", "group2"},
-				InferFromPpl: true,
+				InferFromPpl: P(true),
 			},
-			expected: types.ObjectValueMust(jwtGroupsFilterSchemaAttr, map[string]attr.Value{
+			expected: types.ObjectValueMust(provider.JWTGroupsFilterSchemaAttr, map[string]attr.Value{
 				"groups": types.SetValueMust(types.StringType, []attr.Value{
 					types.StringValue("group1"),
 					types.StringValue("group2"),
@@ -54,7 +55,7 @@ func TestJWTGroupsFilterFromPB(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			var result types.Object
-			JWTGroupsFilterFromPB(&result, tc.input)
+			provider.JWTGroupsFilterFromPB(&result, tc.input)
 			diff := cmp.Diff(tc.expected, result)
 			assert.Empty(t, diff)
 		})
@@ -70,23 +71,23 @@ func TestJWTGroupsFilterToPB(t *testing.T) {
 	}{
 		{
 			name:     "null input",
-			input:    types.ObjectNull(jwtGroupsFilterSchemaAttr),
+			input:    types.ObjectNull(provider.JWTGroupsFilterSchemaAttr),
 			expected: nil,
 		},
 		{
 			name: "empty groups",
-			input: types.ObjectValueMust(jwtGroupsFilterSchemaAttr, map[string]attr.Value{
+			input: types.ObjectValueMust(provider.JWTGroupsFilterSchemaAttr, map[string]attr.Value{
 				"groups":         types.SetValueMust(types.StringType, []attr.Value{}),
 				"infer_from_ppl": types.BoolValue(false),
 			}),
 			expected: &pb.JwtGroupsFilter{
 				Groups:       []string{},
-				InferFromPpl: false,
+				InferFromPpl: P(false),
 			},
 		},
 		{
 			name: "with groups",
-			input: types.ObjectValueMust(jwtGroupsFilterSchemaAttr, map[string]attr.Value{
+			input: types.ObjectValueMust(provider.JWTGroupsFilterSchemaAttr, map[string]attr.Value{
 				"groups": types.SetValueMust(types.StringType, []attr.Value{
 					types.StringValue("group1"),
 					types.StringValue("group2"),
@@ -95,7 +96,7 @@ func TestJWTGroupsFilterToPB(t *testing.T) {
 			}),
 			expected: &pb.JwtGroupsFilter{
 				Groups:       []string{"group1", "group2"},
-				InferFromPpl: true,
+				InferFromPpl: P(true),
 			},
 		},
 	}
@@ -104,7 +105,7 @@ func TestJWTGroupsFilterToPB(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			var diags diag.Diagnostics
 			var result *pb.JwtGroupsFilter
-			JWTGroupsFilterToPB(ctx, &result, tc.input, &diags)
+			provider.JWTGroupsFilterToPB(ctx, &result, tc.input, &diags)
 			assert.False(t, diags.HasError())
 			diff := cmp.Diff(tc.expected, result, protocmp.Transform())
 			assert.Empty(t, diff)

internal/provider/route.go

@@ -198,7 +198,7 @@ func (r *RouteResource) Schema(_ context.Context, _ resource.SchemaRequest, resp
 				Optional:    true,
 				Computed:    true,
 			},
-			"jwt_groups_filter": jwtGroupsFilterSchema,
+			"jwt_groups_filter": JWTGroupsFilterSchema,
 		},
 	}
 }

internal/provider/settings_schema.go

@@ -190,7 +190,7 @@ var SettingsResourceSchema = schema.Schema{
 			Optional:    true,
 			Description: "JWT claims headers mapping",
 		},
-		"jwt_groups_filter": jwtGroupsFilterSchema,
+		"jwt_groups_filter": JWTGroupsFilterSchema,
 		"default_upstream_timeout": schema.StringAttribute{
 			Optional:    true,
 			Description: "Default upstream timeout",