Merge pull request #575 from hashicorp/TF-1450

Add OPA support for Policy Set API's

CHANGELOG.md

@@ -1,3 +1,9 @@
+# Unreleased
+
+## Enhancements
+
+* Add OPA support to the Policy Set API's by @mrinalirao [#575](https://github.com/hashicorp/go-tfe/pull/575)
+
 # v1.12.0
 
 ## Enhancements

helper_test.go

@@ -499,7 +499,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()
@@ -525,7 +525,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	}
 }
 
-func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace) (*PolicySet, func()) {
+func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace, kind PolicyKind) (*PolicySet, func()) {
 	var orgCleanup func()
 
 	if org == nil {
@@ -537,6 +537,7 @@ func createPolicySet(t *testing.T, client *Client, org *Organization, policies [
 		Name:       String(randomString(t)),
 		Policies:   policies,
 		Workspaces: workspaces,
+		Kind:       kind,
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -559,7 +560,7 @@ func createPolicySetVersion(t *testing.T, client *Client, ps *PolicySet) (*Polic
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()

policy_check_integration_test.go

@@ -31,7 +31,7 @@ func TestPolicyChecksList(t *testing.T) {
 	defer policyCleanup2()
 	wTest, wsCleanup := createWorkspace(t, client, orgTest)
 	defer wsCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, "")
 
 	rTest, runCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer runCleanup()
@@ -95,7 +95,7 @@ func TestPolicyChecksRead(t *testing.T) {
 
 	pTest, _ := createUploadedPolicy(t, client, true, orgTest)
 	wTest, _ := createWorkspace(t, client, orgTest)
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, _ := createPolicyCheckedRun(t, client, wTest)
 	require.Equal(t, 1, len(rTest.PolicyChecks))
@@ -142,7 +142,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, tTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer tTestCleanup()
 
@@ -167,7 +167,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer rTestCleanup()
 
@@ -201,7 +201,7 @@ func TestPolicyChecksLogs(t *testing.T) {
 	defer pTestCleanup()
 	wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 	defer wTestCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer rTestCleanup()

policy_set.go

@@ -10,6 +10,15 @@ import (
 // Compile-time proof of interface implementation.
 var _ PolicySets = (*policySets)(nil)
 
+// PolicyKind is an indicator of the underlying technology that the policy or policy set supports.
+// There are two kinds documented in the enum.
+type PolicyKind string
+
+const (
+	OPA      PolicyKind = "opa"
+	Sentinel PolicyKind = "sentinel"
+)
+
 // PolicySets describes all the policy set related methods that the Terraform
 // Enterprise API supports.
 //
@@ -61,16 +70,18 @@ type PolicySetList struct {
 
 // PolicySet represents a Terraform Enterprise policy set.
 type PolicySet struct {
-	ID             string    `jsonapi:"primary,policy-sets"`
-	Name           string    `jsonapi:"attr,name"`
-	Description    string    `jsonapi:"attr,description"`
-	Global         bool      `jsonapi:"attr,global"`
-	PoliciesPath   string    `jsonapi:"attr,policies-path"`
-	PolicyCount    int       `jsonapi:"attr,policy-count"`
-	VCSRepo        *VCSRepo  `jsonapi:"attr,vcs-repo"`
-	WorkspaceCount int       `jsonapi:"attr,workspace-count"`
-	CreatedAt      time.Time `jsonapi:"attr,created-at,iso8601"`
-	UpdatedAt      time.Time `jsonapi:"attr,updated-at,iso8601"`
+	ID             string     `jsonapi:"primary,policy-sets"`
+	Name           string     `jsonapi:"attr,name"`
+	Description    string     `jsonapi:"attr,description"`
+	Kind           PolicyKind `jsonapi:"attr,kind"`
+	Overridable    *bool      `jsonapi:"attr,overridable"`
+	Global         bool       `jsonapi:"attr,global"`
+	PoliciesPath   string     `jsonapi:"attr,policies-path"`
+	PolicyCount    int        `jsonapi:"attr,policy-count"`
+	VCSRepo        *VCSRepo   `jsonapi:"attr,vcs-repo"`
+	WorkspaceCount int        `jsonapi:"attr,workspace-count"`
+	CreatedAt      time.Time  `jsonapi:"attr,created-at,iso8601"`
+	UpdatedAt      time.Time  `jsonapi:"attr,updated-at,iso8601"`
 
 	// Relations
 	// The organization to which the policy set belongs to.
@@ -105,6 +116,10 @@ type PolicySetListOptions struct {
 	// Optional: A search string (partial policy set name) used to filter the results.
 	Search string `url:"search[name],omitempty"`
 
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: A kind string used to filter the results by the policy set kind.
+	Kind PolicyKind `url:"filter[kind],omitempty"`
+
 	// Optional: A list of relations to include. See available resources
 	// https://www.terraform.io/cloud-docs/api-docs/policy-sets#available-related-resources
 	Include []PolicySetIncludeOpt `url:"include,omitempty"`
@@ -136,6 +151,14 @@ type PolicySetCreateOptions struct {
 	// Optional: Whether or not the policy set is global.
 	Global *bool `jsonapi:"attr,global,omitempty"`
 
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: The underlying technology that the policy set supports
+	Kind PolicyKind `jsonapi:"attr,kind,omitempty"`
+
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: Whether or not users can override this policy when it fails during a run. Only valid for OPA policies.
+	Overridable *bool `jsonapi:"attr,overridable,omitempty"`
+
 	// Optional: The sub-path within the attached VCS repository to ingress. All
 	// files and directories outside of this sub-path will be ignored.
 	// This option may only be specified when a VCS repo is present.