acl: sso auth methods RPC/API/CLI should return created or updated objects (#15410)

Currently CRUD code that operates on SSO auth methods does not return created or updated object upon creation/update. This is bad UX and inconsistent behavior compared to other ACL objects like roles, policies or tokens.

This PR fixes it.

Relates to #13120

command/acl_auth_method_create.go

@@ -168,12 +168,12 @@ func (a *ACLAuthMethodCreateCommand) Run(args []string) int {
 	}
 
 	// Create the auth method via the API.
-	_, err = client.ACLAuthMethods().Create(&authMethod, nil)
+	method, _, err := client.ACLAuthMethods().Create(&authMethod, nil)
 	if err != nil {
 		a.Ui.Error(fmt.Sprintf("Error creating ACL auth method: %v", err))
 		return 1
 	}
 
-	a.Ui.Output(fmt.Sprintf("Created ACL auth method %s", a.name))
+	a.Ui.Output(fmt.Sprintf("Created ACL auth method:\n%s", formatAuthMethod(method)))
 	return 0
 }

command/acl_auth_method_update.go

@@ -185,13 +185,13 @@ func (a *ACLAuthMethodUpdateCommand) Run(args []string) int {
 	}
 
 	// Update the auth method via the API.
-	_, err = client.ACLAuthMethods().Update(&updatedMethod, nil)
+	method, _, err := client.ACLAuthMethods().Update(&updatedMethod, nil)
 	if err != nil {
 		a.Ui.Error(fmt.Sprintf("Error updating ACL auth method: %v", err))
 		return 1
 	}
 
-	a.Ui.Output(fmt.Sprintf("Updated ACL auth method %s", originalMethodName))
+	a.Ui.Output(fmt.Sprintf("Updated ACL auth method:\n%s", formatAuthMethod(method)))
 	return 0
 }
 

command/agent/acl_endpoint.go

@@ -670,5 +670,9 @@ func (s *HTTPServer) aclAuthMethodUpsertRequest(
 		return nil, err
 	}
 	setIndex(resp, out.Index)
+
+	if len(out.AuthMethods) > 0 {
+		return out.AuthMethods[0], nil
+	}
 	return nil, nil
 }

command/agent/acl_endpoint_test.go

@@ -1104,14 +1104,14 @@ func TestHTTPServer_ACLAuthMethodRequest(t *testing.T) {
 
 				// Build the HTTP request.
 				req, err := http.NewRequest(http.MethodPut, "/v1/acl/auth-method", encodeReq(mockACLRole))
-				require.NoError(t, err)
+				must.NoError(t, err)
 				respW := httptest.NewRecorder()
 
 				// Send the HTTP request.
 				obj, err := srv.Server.ACLAuthMethodRequest(respW, req)
-				require.Error(t, err)
-				require.ErrorContains(t, err, "Permission denied")
-				require.Nil(t, obj)
+				must.Error(t, err)
+				must.StrContains(t, err.Error(), "Permission denied")
+				must.Nil(t, obj)
 			},
 		},
 		{
@@ -1120,7 +1120,7 @@ func TestHTTPServer_ACLAuthMethodRequest(t *testing.T) {
 
 				// Build the HTTP request.
 				req, err := http.NewRequest(http.MethodConnect, "/v1/acl/auth-method", nil)
-				require.NoError(t, err)
+				must.NoError(t, err)
 				respW := httptest.NewRecorder()
 
 				// Ensure we have a token set.
@@ -1128,9 +1128,9 @@ func TestHTTPServer_ACLAuthMethodRequest(t *testing.T) {
 
 				// Send the HTTP request.
 				obj, err := srv.Server.ACLAuthMethodRequest(respW, req)
-				require.Error(t, err)
-				require.ErrorContains(t, err, "Invalid method")
-				require.Nil(t, obj)
+				must.Error(t, err)
+				must.StrContains(t, err.Error(), "Invalid method")
+				must.Nil(t, obj)
 			},
 		},
 		{
@@ -1142,7 +1142,7 @@ func TestHTTPServer_ACLAuthMethodRequest(t *testing.T) {
 
 				// Build the HTTP request.
 				req, err := http.NewRequest(http.MethodPut, "/v1/acl/auth-method", encodeReq(mockACLAuthMethod))
-				require.NoError(t, err)
+				must.NoError(t, err)
 				respW := httptest.NewRecorder()
 
 				// Ensure we have a token set.
@@ -1150,8 +1150,10 @@ func TestHTTPServer_ACLAuthMethodRequest(t *testing.T) {
 
 				// Send the HTTP request.
 				obj, err := srv.Server.ACLAuthMethodRequest(respW, req)
-				require.NoError(t, err)
-				require.Nil(t, obj)
+				must.NoError(t, err)
+
+				result := obj.(*structs.ACLAuthMethod)
+				must.Eq(t, result, mockACLAuthMethod)
 			},
 		},
 	}