From d16920da0384a261635e8a32c145d154752fec89 Mon Sep 17 00:00:00 2001 From: mrinalirao Date: Tue, 1 Nov 2022 15:55:25 +1100 Subject: [PATCH] Add OPA support for list policy set API + tests --- helper_test.go | 7 +- policy_check_integration_test.go | 10 +-- policy_set.go | 29 +++++--- policy_set_integration_test.go | 90 +++++++++++++++++++----- policy_set_parameter_integration_test.go | 6 +- policy_set_version_integration_test.go | 4 +- 6 files changed, 104 insertions(+), 42 deletions(-) diff --git a/helper_test.go b/helper_test.go index 1a3f6b194..40a7b364d 100644 --- a/helper_test.go +++ b/helper_test.go @@ -499,7 +499,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol var psCleanup func() if ps == nil { - ps, psCleanup = createPolicySet(t, client, nil, nil, nil) + ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "") } ctx := context.Background() @@ -525,7 +525,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol } } -func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace) (*PolicySet, func()) { +func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace, kind PolicyKind) (*PolicySet, func()) { var orgCleanup func() if org == nil { @@ -537,6 +537,7 @@ func createPolicySet(t *testing.T, client *Client, org *Organization, policies [ Name: String(randomString(t)), Policies: policies, Workspaces: workspaces, + Kind: kind, }) if err != nil { t.Fatal(err) @@ -559,7 +560,7 @@ func createPolicySetVersion(t *testing.T, client *Client, ps *PolicySet) (*Polic var psCleanup func() if ps == nil { - ps, psCleanup = createPolicySet(t, client, nil, nil, nil) + ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "") } ctx := context.Background() diff --git a/policy_check_integration_test.go b/policy_check_integration_test.go index 2bdac797f..d230fc9f9 100644 --- a/policy_check_integration_test.go +++ b/policy_check_integration_test.go @@ -31,7 +31,7 @@ func TestPolicyChecksList(t *testing.T) { defer policyCleanup2() wTest, wsCleanup := createWorkspace(t, client, orgTest) defer wsCleanup() - createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}) + createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, "") rTest, runCleanup := createPolicyCheckedRun(t, client, wTest) defer runCleanup() @@ -95,7 +95,7 @@ func TestPolicyChecksRead(t *testing.T) { pTest, _ := createUploadedPolicy(t, client, true, orgTest) wTest, _ := createWorkspace(t, client, orgTest) - createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) + createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "") rTest, _ := createPolicyCheckedRun(t, client, wTest) require.Equal(t, 1, len(rTest.PolicyChecks)) @@ -142,7 +142,7 @@ func TestPolicyChecksOverride(t *testing.T) { wTest, wTestCleanup := createWorkspace(t, client, orgTest) defer wTestCleanup() - createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) + createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "") rTest, tTestCleanup := createPolicyCheckedRun(t, client, wTest) defer tTestCleanup() @@ -167,7 +167,7 @@ func TestPolicyChecksOverride(t *testing.T) { wTest, wTestCleanup := createWorkspace(t, client, orgTest) defer wTestCleanup() - createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) + createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "") rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest) defer rTestCleanup() @@ -201,7 +201,7 @@ func TestPolicyChecksLogs(t *testing.T) { defer pTestCleanup() wTest, wTestCleanup := createWorkspace(t, client, orgTest) defer wTestCleanup() - createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) + createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "") rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest) defer rTestCleanup() diff --git a/policy_set.go b/policy_set.go index 8aff3e199..589922285 100644 --- a/policy_set.go +++ b/policy_set.go @@ -70,17 +70,18 @@ type PolicySetList struct { // PolicySet represents a Terraform Enterprise policy set. type PolicySet struct { - ID string `jsonapi:"primary,policy-sets"` - Name string `jsonapi:"attr,name"` - Description string `jsonapi:"attr,description"` - Kind string `jsonapi:"attr,kind"` - Global bool `jsonapi:"attr,global"` - PoliciesPath string `jsonapi:"attr,policies-path"` - PolicyCount int `jsonapi:"attr,policy-count"` - VCSRepo *VCSRepo `jsonapi:"attr,vcs-repo"` - WorkspaceCount int `jsonapi:"attr,workspace-count"` - CreatedAt time.Time `jsonapi:"attr,created-at,iso8601"` - UpdatedAt time.Time `jsonapi:"attr,updated-at,iso8601"` + ID string `jsonapi:"primary,policy-sets"` + Name string `jsonapi:"attr,name"` + Description string `jsonapi:"attr,description"` + Kind PolicyKind `jsonapi:"attr,kind"` + Overridable bool `jsonapi:"attr,overridable"` + Global bool `jsonapi:"attr,global"` + PoliciesPath string `jsonapi:"attr,policies-path"` + PolicyCount int `jsonapi:"attr,policy-count"` + VCSRepo *VCSRepo `jsonapi:"attr,vcs-repo"` + WorkspaceCount int `jsonapi:"attr,workspace-count"` + CreatedAt time.Time `jsonapi:"attr,created-at,iso8601"` + UpdatedAt time.Time `jsonapi:"attr,updated-at,iso8601"` // Relations // The organization to which the policy set belongs to. @@ -115,6 +116,9 @@ type PolicySetListOptions struct { // Optional: A search string (partial policy set name) used to filter the results. Search string `url:"search[name],omitempty"` + // Optional: A kind string used to filter the results by the policy set kind. + Kind PolicyKind `url:"filter[kind],omitempty"` + // Optional: A list of relations to include. See available resources // https://www.terraform.io/cloud-docs/api-docs/policy-sets#available-related-resources Include []PolicySetIncludeOpt `url:"include,omitempty"` @@ -149,6 +153,9 @@ type PolicySetCreateOptions struct { // Optional: The underlying technology that the policy set supports Kind PolicyKind `jsonapi:"attr,kind,omitempty"` + // Optional: Whether or not users can override this policy when it fails during a run. Only valid for OPA policies. + Overridable *bool `jsonapi:"attr,overridable,omitempty"` + // Optional: The sub-path within the attached VCS repository to ingress. All // files and directories outside of this sub-path will be ignored. // This option may only be specified when a VCS repo is present. diff --git a/policy_set_integration_test.go b/policy_set_integration_test.go index a77ee26a3..72d278276 100644 --- a/policy_set_integration_test.go +++ b/policy_set_integration_test.go @@ -29,10 +29,12 @@ func TestPolicySetsList(t *testing.T) { workspace, workspaceCleanup := createWorkspace(t, client, orgTest) defer workspaceCleanup() - psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}) + psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, "") defer psTestCleanup1() - psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}) + psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, "") defer psTestCleanup2() + psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, OPA) + defer psTestCleanup3() t.Run("without list options", func(t *testing.T) { psl, err := client.PolicySets.List(ctx, orgTest.Name, nil) @@ -40,8 +42,9 @@ func TestPolicySetsList(t *testing.T) { assert.Contains(t, psl.Items, psTest1) assert.Contains(t, psl.Items, psTest2) + assert.Contains(t, psl.Items, psTest3) assert.Equal(t, 1, psl.CurrentPage) - assert.Equal(t, 2, psl.TotalCount) + assert.Equal(t, 3, psl.TotalCount) }) t.Run("with pagination", func(t *testing.T) { @@ -58,7 +61,7 @@ func TestPolicySetsList(t *testing.T) { assert.Empty(t, psl.Items) assert.Equal(t, 999, psl.CurrentPage) - assert.Equal(t, 2, psl.TotalCount) + assert.Equal(t, 3, psl.TotalCount) }) t.Run("with search", func(t *testing.T) { @@ -81,7 +84,21 @@ func TestPolicySetsList(t *testing.T) { }) require.NoError(t, err) - assert.Equal(t, 2, len(psl.Items)) + assert.Equal(t, 3, len(psl.Items)) + + assert.NotNil(t, psl.Items[0].Workspaces) + assert.Equal(t, 1, len(psl.Items[0].Workspaces)) + assert.Equal(t, workspace.ID, psl.Items[0].Workspaces[0].ID) + }) + + t.Run("filter by kind", func(t *testing.T) { + psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{ + Include: []PolicySetIncludeOpt{PolicySetWorkspaces}, + Kind: OPA, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(psl.Items)) assert.NotNil(t, psl.Items[0].Workspaces) assert.Equal(t, 1, len(psl.Items[0].Workspaces)) @@ -120,7 +137,7 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.Name, *options.Name) assert.Equal(t, ps.Description, "") - assert.Equal(t, ps.Kind, "opa") + assert.Equal(t, ps.Kind, OPA) assert.False(t, ps.Global) }) @@ -134,11 +151,11 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.Name, *options.Name) assert.Equal(t, ps.Description, "") - assert.Equal(t, ps.Kind, "sentinel") + assert.Equal(t, ps.Kind, Sentinel) assert.False(t, ps.Global) }) - t.Run("with all attributes provided", func(t *testing.T) { + t.Run("with all attributes provided - sentinel", func(t *testing.T) { options := PolicySetCreateOptions{ Name: String("global"), Description: String("Policies in this set will be checked in ALL workspaces!"), @@ -151,7 +168,44 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.Name, *options.Name) assert.Equal(t, ps.Description, *options.Description) - assert.Equal(t, ps.Kind, "sentinel") + assert.Equal(t, ps.Kind, Sentinel) + assert.True(t, ps.Global) + }) + + t.Run("with all attributes provided - OPA", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("global2"), + Description: String("Policies in this set will be checked in ALL workspaces!"), + Kind: OPA, + Overridable: Bool(true), + Global: Bool(true), + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, *options.Description) + assert.Equal(t, ps.Overridable, *options.Overridable) + assert.Equal(t, ps.Kind, OPA) + assert.True(t, ps.Global) + }) + + t.Run("with missing overridable attribute", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("global3"), + Description: String("Policies in this set will be checked in ALL workspaces!"), + Kind: OPA, + Global: Bool(true), + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, *options.Description) + assert.Equal(t, ps.Overridable, false) + assert.Equal(t, ps.Kind, OPA) assert.True(t, ps.Global) }) @@ -175,7 +229,7 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.PolicyCount, 1) assert.Equal(t, ps.Policies[0].ID, pTest.ID) assert.Equal(t, ps.WorkspaceCount, 1) - assert.Equal(t, ps.Kind, "sentinel") + assert.Equal(t, ps.Kind, Sentinel) assert.Equal(t, ps.Workspaces[0].ID, wTest.ID) }) @@ -211,7 +265,7 @@ func TestPolicySetsCreate(t *testing.T) { assert.False(t, ps.Global) assert.Equal(t, ps.PoliciesPath, "/policy-sets/foo") assert.Equal(t, ps.VCSRepo.Branch, "policies") - assert.Equal(t, ps.Kind, "sentinel") + assert.Equal(t, ps.Kind, Sentinel) assert.Equal(t, ps.VCSRepo.DisplayIdentifier, githubIdentifier) assert.Equal(t, ps.VCSRepo.Identifier, githubIdentifier) assert.Equal(t, ps.VCSRepo.IngressSubmodules, true) @@ -293,7 +347,7 @@ func TestPolicySetsRead(t *testing.T) { upgradeOrganizationSubscription(t, client, orgTest) - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "") defer psTestCleanup() t.Run("with a valid ID", func(t *testing.T) { @@ -362,7 +416,7 @@ func TestPolicySetsUpdate(t *testing.T) { upgradeOrganizationSubscription(t, client, orgTest) - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "") defer psTestCleanup() t.Run("with valid attributes", func(t *testing.T) { @@ -413,7 +467,7 @@ func TestPolicySetsAddPolicies(t *testing.T) { defer pTestCleanup1() pTest2, pTestCleanup2 := createPolicy(t, client, orgTest) defer pTestCleanup2() - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "") defer psTestCleanup() t.Run("with policies provided", func(t *testing.T) { @@ -471,7 +525,7 @@ func TestPolicySetsRemovePolicies(t *testing.T) { defer pTestCleanup1() pTest2, pTestCleanup2 := createPolicy(t, client, orgTest) defer pTestCleanup2() - psTest, psTestCleanup := createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, nil) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, nil, "") defer psTestCleanup() t.Run("with policies provided", func(t *testing.T) { @@ -523,7 +577,7 @@ func TestPolicySetsAddWorkspaces(t *testing.T) { defer wTestCleanup1() wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest) defer wTestCleanup2() - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "") defer psTestCleanup() t.Run("with workspaces provided", func(t *testing.T) { @@ -595,7 +649,7 @@ func TestPolicySetsRemoveWorkspaces(t *testing.T) { defer wTestCleanup1() wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest) defer wTestCleanup2() - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2}) + psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2}, "") defer psTestCleanup() t.Run("with workspaces provided", func(t *testing.T) { @@ -657,7 +711,7 @@ func TestPolicySetsDelete(t *testing.T) { upgradeOrganizationSubscription(t, client, orgTest) - psTest, _ := createPolicySet(t, client, orgTest, nil, nil) + psTest, _ := createPolicySet(t, client, orgTest, nil, nil, "") t.Run("with valid options", func(t *testing.T) { err := client.PolicySets.Delete(ctx, psTest.ID) diff --git a/policy_set_parameter_integration_test.go b/policy_set_parameter_integration_test.go index 8d8f97cae..d630314d3 100644 --- a/policy_set_parameter_integration_test.go +++ b/policy_set_parameter_integration_test.go @@ -21,7 +21,7 @@ func TestPolicySetParametersList(t *testing.T) { orgTest, orgTestCleanup := createOrganization(t, client) defer orgTestCleanup() - psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil) + psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil, "") defer pTestCleanup() pTest1, pTestCleanup1 := createPolicySetParameter(t, client, psTest) @@ -71,7 +71,7 @@ func TestPolicySetParametersCreate(t *testing.T) { client := testClient(t) ctx := context.Background() - psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "") defer psTestCleanup() t.Run("with valid options", func(t *testing.T) { @@ -281,7 +281,7 @@ func TestPolicySetParametersDelete(t *testing.T) { client := testClient(t) ctx := context.Background() - psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "") defer psTestCleanup() pTest, _ := createPolicySetParameter(t, client, psTest) diff --git a/policy_set_version_integration_test.go b/policy_set_version_integration_test.go index 1094ad85b..ad0c4d3c2 100644 --- a/policy_set_version_integration_test.go +++ b/policy_set_version_integration_test.go @@ -21,7 +21,7 @@ func TestPolicySetVersionsCreate(t *testing.T) { client := testClient(t) ctx := context.Background() - psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "") defer psTestCleanup() t.Run("with valid identifier", func(t *testing.T) { @@ -46,7 +46,7 @@ func TestPolicySetVersionsRead(t *testing.T) { client := testClient(t) ctx := context.Background() - psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil) + psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, "") defer psTestCleanup() origPSV, err := client.PolicySetVersions.Create(ctx, psTest.ID)