Add OPA support for list policy set API + tests

hashicorp · Nov 1, 2022 · d16920d · d16920d
1 parent f16efbb
commit d16920d
Show file tree

Hide file tree

Showing 6 changed files with 104 additions and 42 deletions.
diff --git a/helper_test.go b/helper_test.go
@@ -499,7 +499,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()
@@ -525,7 +525,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	}
 }
 
-func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace) (*PolicySet, func()) {
+func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace, kind PolicyKind) (*PolicySet, func()) {
 	var orgCleanup func()
 
 	if org == nil {
@@ -537,6 +537,7 @@ func createPolicySet(t *testing.T, client *Client, org *Organization, policies [
 		Name:       String(randomString(t)),
 		Policies:   policies,
 		Workspaces: workspaces,
+		Kind:       kind,
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -559,7 +560,7 @@ func createPolicySetVersion(t *testing.T, client *Client, ps *PolicySet) (*Polic
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()

diff --git a/policy_check_integration_test.go b/policy_check_integration_test.go
@@ -31,7 +31,7 @@ func TestPolicyChecksList(t *testing.T) {
 	defer policyCleanup2()
 	wTest, wsCleanup := createWorkspace(t, client, orgTest)
 	defer wsCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, "")
 
 	rTest, runCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer runCleanup()
@@ -95,7 +95,7 @@ func TestPolicyChecksRead(t *testing.T) {
 
 	pTest, _ := createUploadedPolicy(t, client, true, orgTest)
 	wTest, _ := createWorkspace(t, client, orgTest)
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, _ := createPolicyCheckedRun(t, client, wTest)
 	require.Equal(t, 1, len(rTest.PolicyChecks))
@@ -142,7 +142,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, tTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer tTestCleanup()
 
@@ -167,7 +167,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer rTestCleanup()
 
@@ -201,7 +201,7 @@ func TestPolicyChecksLogs(t *testing.T) {
 	defer pTestCleanup()
 	wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 	defer wTestCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer rTestCleanup()

diff --git a/policy_set.go b/policy_set.go
@@ -70,17 +70,18 @@ type PolicySetList struct {
 
 // PolicySet represents a Terraform Enterprise policy set.
 type PolicySet struct {
-	ID             string    `jsonapi:"primary,policy-sets"`
-	Name           string    `jsonapi:"attr,name"`
-	Description    string    `jsonapi:"attr,description"`
-	Kind           string    `jsonapi:"attr,kind"`
-	Global         bool      `jsonapi:"attr,global"`
-	PoliciesPath   string    `jsonapi:"attr,policies-path"`
-	PolicyCount    int       `jsonapi:"attr,policy-count"`
-	VCSRepo        *VCSRepo  `jsonapi:"attr,vcs-repo"`
-	WorkspaceCount int       `jsonapi:"attr,workspace-count"`
-	CreatedAt      time.Time `jsonapi:"attr,created-at,iso8601"`
-	UpdatedAt      time.Time `jsonapi:"attr,updated-at,iso8601"`
+	ID             string     `jsonapi:"primary,policy-sets"`
+	Name           string     `jsonapi:"attr,name"`
+	Description    string     `jsonapi:"attr,description"`
+	Kind           PolicyKind `jsonapi:"attr,kind"`
+	Overridable    bool       `jsonapi:"attr,overridable"`
+	Global         bool       `jsonapi:"attr,global"`
+	PoliciesPath   string     `jsonapi:"attr,policies-path"`
+	PolicyCount    int        `jsonapi:"attr,policy-count"`
+	VCSRepo        *VCSRepo   `jsonapi:"attr,vcs-repo"`
+	WorkspaceCount int        `jsonapi:"attr,workspace-count"`
+	CreatedAt      time.Time  `jsonapi:"attr,created-at,iso8601"`
+	UpdatedAt      time.Time  `jsonapi:"attr,updated-at,iso8601"`
 
 	// Relations
 	// The organization to which the policy set belongs to.
@@ -115,6 +116,9 @@ type PolicySetListOptions struct {
 	// Optional: A search string (partial policy set name) used to filter the results.
 	Search string `url:"search[name],omitempty"`
 
+	// Optional: A kind string used to filter the results by the policy set kind.
+	Kind PolicyKind `url:"filter[kind],omitempty"`
+
 	// Optional: A list of relations to include. See available resources
 	// https://www.terraform.io/cloud-docs/api-docs/policy-sets#available-related-resources
 	Include []PolicySetIncludeOpt `url:"include,omitempty"`
@@ -149,6 +153,9 @@ type PolicySetCreateOptions struct {
 	// Optional: The underlying technology that the policy set supports
 	Kind PolicyKind `jsonapi:"attr,kind,omitempty"`
 
+	// Optional: Whether or not users can override this policy when it fails during a run. Only valid for OPA policies.
+	Overridable *bool `jsonapi:"attr,overridable,omitempty"`
+
 	// Optional: The sub-path within the attached VCS repository to ingress. All
 	// files and directories outside of this sub-path will be ignored.
 	// This option may only be specified when a VCS repo is present.

diff --git a/policy_set_integration_test.go b/policy_set_integration_test.go
@@ -29,19 +29,22 @@ func TestPolicySetsList(t *testing.T) {
 	workspace, workspaceCleanup := createWorkspace(t, client, orgTest)
 	defer workspaceCleanup()
 
-	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace})
+	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, "")
 	defer psTestCleanup1()
-	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace})
+	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, "")
 	defer psTestCleanup2()
+	psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, OPA)
+	defer psTestCleanup3()
 
 	t.Run("without list options", func(t *testing.T) {
 		psl, err := client.PolicySets.List(ctx, orgTest.Name, nil)
 		require.NoError(t, err)
 
 		assert.Contains(t, psl.Items, psTest1)
 		assert.Contains(t, psl.Items, psTest2)
+		assert.Contains(t, psl.Items, psTest3)
 		assert.Equal(t, 1, psl.CurrentPage)
-		assert.Equal(t, 2, psl.TotalCount)
+		assert.Equal(t, 3, psl.TotalCount)
 	})
 
 	t.Run("with pagination", func(t *testing.T) {
@@ -58,7 +61,7 @@ func TestPolicySetsList(t *testing.T) {
 
 		assert.Empty(t, psl.Items)
 		assert.Equal(t, 999, psl.CurrentPage)
-		assert.Equal(t, 2, psl.TotalCount)
+		assert.Equal(t, 3, psl.TotalCount)
 	})
 
 	t.Run("with search", func(t *testing.T) {
@@ -81,7 +84,21 @@ func TestPolicySetsList(t *testing.T) {
 		})
 		require.NoError(t, err)
 
-		assert.Equal(t, 2, len(psl.Items))
+		assert.Equal(t, 3, len(psl.Items))
+
+		assert.NotNil(t, psl.Items[0].Workspaces)
+		assert.Equal(t, 1, len(psl.Items[0].Workspaces))
+		assert.Equal(t, workspace.ID, psl.Items[0].Workspaces[0].ID)
+	})
+
+	t.Run("filter by kind", func(t *testing.T) {
+		psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{
+			Include: []PolicySetIncludeOpt{PolicySetWorkspaces},
+			Kind:    OPA,
+		})
+		require.NoError(t, err)
+
+		assert.Equal(t, 1, len(psl.Items))
 
 		assert.NotNil(t, psl.Items[0].Workspaces)
 		assert.Equal(t, 1, len(psl.Items[0].Workspaces))
@@ -120,7 +137,7 @@ func TestPolicySetsCreate(t *testing.T) {
 
 		assert.Equal(t, ps.Name, *options.Name)
 		assert.Equal(t, ps.Description, "")
-		assert.Equal(t, ps.Kind, "opa")
+		assert.Equal(t, ps.Kind, OPA)
 		assert.False(t, ps.Global)
 	})
 
@@ -134,11 +151,11 @@ func TestPolicySetsCreate(t *testing.T) {
 
 		assert.Equal(t, ps.Name, *options.Name)
 		assert.Equal(t, ps.Description, "")
-		assert.Equal(t, ps.Kind, "sentinel")
+		assert.Equal(t, ps.Kind, Sentinel)
 		assert.False(t, ps.Global)
 	})
 
-	t.Run("with all attributes provided", func(t *testing.T) {
+	t.Run("with all attributes provided - sentinel", func(t *testing.T) {
 		options := PolicySetCreateOptions{
 			Name:        String("global"),
 			Description: String("Policies in this set will be checked in ALL workspaces!"),
@@ -151,7 +168,44 @@ func TestPolicySetsCreate(t *testing.T) {
 
 		assert.Equal(t, ps.Name, *options.Name)
 		assert.Equal(t, ps.Description, *options.Description)
-		assert.Equal(t, ps.Kind, "sentinel")
+		assert.Equal(t, ps.Kind, Sentinel)
+		assert.True(t, ps.Global)
+	})
+
+	t.Run("with all attributes provided - OPA", func(t *testing.T) {
+		options := PolicySetCreateOptions{
+			Name:        String("global2"),
+			Description: String("Policies in this set will be checked in ALL workspaces!"),
+			Kind:        OPA,
+			Overridable: Bool(true),
+			Global:      Bool(true),
+		}
+
+		ps, err := client.PolicySets.Create(ctx, orgTest.Name, options)
+		require.NoError(t, err)
+
+		assert.Equal(t, ps.Name, *options.Name)
+		assert.Equal(t, ps.Description, *options.Description)
+		assert.Equal(t, ps.Overridable, *options.Overridable)
+		assert.Equal(t, ps.Kind, OPA)
+		assert.True(t, ps.Global)
+	})
+
+	t.Run("with missing overridable attribute", func(t *testing.T) {
+		options := PolicySetCreateOptions{
+			Name:        String("global3"),
+			Description: String("Policies in this set will be checked in ALL workspaces!"),
+			Kind:        OPA,
+			Global:      Bool(true),
+		}
+
+		ps, err := client.PolicySets.Create(ctx, orgTest.Name, options)
+		require.NoError(t, err)
+
+		assert.Equal(t, ps.Name, *options.Name)
+		assert.Equal(t, ps.Description, *options.Description)
+		assert.Equal(t, ps.Overridable, false)
+		assert.Equal(t, ps.Kind, OPA)
 		assert.True(t, ps.Global)
 	})
 
@@ -175,7 +229,7 @@ func TestPolicySetsCreate(t *testing.T) {
 		assert.Equal(t, ps.PolicyCount, 1)
 		assert.Equal(t, ps.Policies[0].ID, pTest.ID)
 		assert.Equal(t, ps.WorkspaceCount, 1)
-		assert.Equal(t, ps.Kind, "sentinel")
+		assert.Equal(t, ps.Kind, Sentinel)
 		assert.Equal(t, ps.Workspaces[0].ID, wTest.ID)
 	})
 
@@ -211,7 +265,7 @@ func TestPolicySetsCreate(t *testing.T) {
 		assert.False(t, ps.Global)
 		assert.Equal(t, ps.PoliciesPath, "/policy-sets/foo")
 		assert.Equal(t, ps.VCSRepo.Branch, "policies")
-		assert.Equal(t, ps.Kind, "sentinel")
+		assert.Equal(t, ps.Kind, Sentinel)
 		assert.Equal(t, ps.VCSRepo.DisplayIdentifier, githubIdentifier)
 		assert.Equal(t, ps.VCSRepo.Identifier, githubIdentifier)
 		assert.Equal(t, ps.VCSRepo.IngressSubmodules, true)
@@ -293,7 +347,7 @@ func TestPolicySetsRead(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with a valid ID", func(t *testing.T) {
@@ -362,7 +416,7 @@ func TestPolicySetsUpdate(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid attributes", func(t *testing.T) {
@@ -413,7 +467,7 @@ func TestPolicySetsAddPolicies(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createPolicy(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with policies provided", func(t *testing.T) {
@@ -471,7 +525,7 @@ func TestPolicySetsRemovePolicies(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createPolicy(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with policies provided", func(t *testing.T) {
@@ -523,7 +577,7 @@ func TestPolicySetsAddWorkspaces(t *testing.T) {
 	defer wTestCleanup1()
 	wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest)
 	defer wTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with workspaces provided", func(t *testing.T) {
@@ -595,7 +649,7 @@ func TestPolicySetsRemoveWorkspaces(t *testing.T) {
 	defer wTestCleanup1()
 	wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest)
 	defer wTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2})
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2}, "")
 	defer psTestCleanup()
 
 	t.Run("with workspaces provided", func(t *testing.T) {
@@ -657,7 +711,7 @@ func TestPolicySetsDelete(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, _ := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, _ := createPolicySet(t, client, orgTest, nil, nil, "")
 
 	t.Run("with valid options", func(t *testing.T) {
 		err := client.PolicySets.Delete(ctx, psTest.ID)

diff --git a/policy_set_parameter_integration_test.go b/policy_set_parameter_integration_test.go
@@ -21,7 +21,7 @@ func TestPolicySetParametersList(t *testing.T) {
 	orgTest, orgTestCleanup := createOrganization(t, client)
 	defer orgTestCleanup()
 
-	psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil)
+	psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "")
 	defer pTestCleanup()
 
 	pTest1, pTestCleanup1 := createPolicySetParameter(t, client, psTest)
@@ -71,7 +71,7 @@ func TestPolicySetParametersCreate(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid options", func(t *testing.T) {
@@ -281,7 +281,7 @@ func TestPolicySetParametersDelete(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	pTest, _ := createPolicySetParameter(t, client, psTest)

diff --git a/policy_set_version_integration_test.go b/policy_set_version_integration_test.go
@@ -21,7 +21,7 @@ func TestPolicySetVersionsCreate(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid identifier", func(t *testing.T) {
@@ -46,7 +46,7 @@ func TestPolicySetVersionsRead(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil)
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	origPSV, err := client.PolicySetVersions.Create(ctx, psTest.ID)