From 7f022efe1c48e8559951a55590e3a5f3a3f99eb9 Mon Sep 17 00:00:00 2001 From: mrinalirao Date: Fri, 11 Aug 2023 11:51:59 +1000 Subject: [PATCH] initial commit --- policy_evaluation_beta_test.go | 20 +- policy_integration_beta_test.go | 359 --------------------------- policy_integration_test.go | 239 +++++++++++++++++- policy_set_integration_beta_test.go | 366 ---------------------------- policy_set_integration_test.go | 102 +++++++- 5 files changed, 347 insertions(+), 739 deletions(-) delete mode 100644 policy_integration_beta_test.go delete mode 100644 policy_set_integration_beta_test.go diff --git a/policy_evaluation_beta_test.go b/policy_evaluation_beta_test.go index 7165311e8..ddcc18210 100644 --- a/policy_evaluation_beta_test.go +++ b/policy_evaluation_beta_test.go @@ -12,7 +12,7 @@ import ( ) func TestPolicyEvaluationList_Beta(t *testing.T) { - skipUnlessBeta(t) + //skipUnlessBeta(t) client := testClient(t) ctx := context.Background() @@ -20,6 +20,8 @@ func TestPolicyEvaluationList_Beta(t *testing.T) { orgTest, orgTestCleanup := createOrganization(t, client) defer orgTestCleanup() + upgradeOrganizationSubscription(t, client, orgTest) + wkspaceTest, wkspaceTestCleanup := createWorkspace(t, client, orgTest) defer wkspaceTestCleanup() @@ -67,7 +69,7 @@ func TestPolicyEvaluationList_Beta(t *testing.T) { } func TestPolicySetOutcomeList_Beta(t *testing.T) { - skipUnlessBeta(t) + //skipUnlessBeta(t) client := testClient(t) ctx := context.Background() @@ -75,6 +77,8 @@ func TestPolicySetOutcomeList_Beta(t *testing.T) { orgTest, orgTestCleanup := createOrganization(t, client) defer orgTestCleanup() + upgradeOrganizationSubscription(t, client, orgTest) + wkspaceTest, wkspaceTestCleanup := createWorkspace(t, client, orgTest) defer wkspaceTestCleanup() @@ -178,7 +182,7 @@ func TestPolicySetOutcomeList_Beta(t *testing.T) { } func TestPolicySetOutcomeRead_Beta(t *testing.T) { - skipUnlessBeta(t) + //skipUnlessBeta(t) client := testClient(t) ctx := context.Background() @@ -186,6 +190,8 @@ func TestPolicySetOutcomeRead_Beta(t *testing.T) { orgTest, orgTestCleanup := createOrganization(t, client) defer orgTestCleanup() + upgradeOrganizationSubscription(t, client, orgTest) + wkspaceTest, wkspaceTestCleanup := createWorkspace(t, client, orgTest) defer wkspaceTestCleanup() @@ -203,10 +209,14 @@ func TestPolicySetOutcomeRead_Beta(t *testing.T) { defer policyTestCleanup() policySet := []*Policy{policyTest} - _, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, OPA) + policySetOpts := PolicySetCreateOptions{ + Kind: OPA, + Overridable: Bool(true), + } + _, psTestCleanup1 := createPolicySetWithOptions(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, policySetOpts) defer psTestCleanup1() - rTest, rTestCleanup := createPlannedRun(t, client, wkspaceTest) + rTest, rTestCleanup := createRunWaitForStatus(t, client, wkspaceTest, RunPostPlanAwaitingDecision) defer rTestCleanup() t.Run("with a valid policy set outcome ID", func(t *testing.T) { diff --git a/policy_integration_beta_test.go b/policy_integration_beta_test.go deleted file mode 100644 index f50c770e1..000000000 --- a/policy_integration_beta_test.go +++ /dev/null @@ -1,359 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package tfe - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestPoliciesCreate_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - t.Run("with valid options - Sentinel", func(t *testing.T) { - name := randomString(t) - options := PolicyCreateOptions{ - Name: String(name), - Description: String("A sample policy"), - Kind: Sentinel, - Enforce: []*EnforcementOptions{ - { - Path: String(name + ".sentinel"), - Mode: EnforcementMode(EnforcementSoft), - }, - }, - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - // Get a refreshed view from the API. - refreshed, err := client.Policies.Read(ctx, p.ID) - require.NoError(t, err) - - for _, item := range []*Policy{ - p, - refreshed, - } { - assert.NotEmpty(t, item.ID) - assert.Equal(t, *options.Name, item.Name) - assert.Equal(t, options.Kind, item.Kind) - assert.Nil(t, options.Query) - assert.Equal(t, *options.Description, item.Description) - } - }) - - t.Run("with no kind", func(t *testing.T) { - name := randomString(t) - options := PolicyCreateOptions{ - Name: String(name), - Description: String("A sample policy"), - Enforce: []*EnforcementOptions{ - { - Path: String(name + ".sentinel"), - Mode: EnforcementMode(EnforcementSoft), - }, - }, - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - // Get a refreshed view from the API. - refreshed, err := client.Policies.Read(ctx, p.ID) - require.NoError(t, err) - - for _, item := range []*Policy{ - p, - refreshed, - } { - assert.NotEmpty(t, item.ID) - assert.Equal(t, *options.Name, item.Name) - assert.Equal(t, Sentinel, item.Kind) - assert.Equal(t, *options.Description, item.Description) - } - }) - - t.Run("with valid options - OPA", func(t *testing.T) { - name := randomString(t) - options := PolicyCreateOptions{ - Name: String(name), - Description: String("A sample policy"), - Kind: OPA, - Query: String("terraform.main"), - Enforce: []*EnforcementOptions{ - { - Path: String(name + ".rego"), - Mode: EnforcementMode(EnforcementMandatory), - }, - }, - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - // Get a refreshed view from the API. - refreshed, err := client.Policies.Read(ctx, p.ID) - require.NoError(t, err) - - for _, item := range []*Policy{ - p, - refreshed, - } { - assert.NotEmpty(t, item.ID) - assert.Equal(t, *options.Name, item.Name) - assert.Equal(t, options.Kind, item.Kind) - assert.Equal(t, *options.Query, *item.Query) - assert.Equal(t, *options.Description, item.Description) - } - }) - - t.Run("when options has an invalid name - OPA", func(t *testing.T) { - p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ - Name: String(badIdentifier), - Kind: OPA, - Query: String("terraform.main"), - Enforce: []*EnforcementOptions{ - { - Path: String(badIdentifier + ".rego"), - Mode: EnforcementMode(EnforcementAdvisory), - }, - }, - }) - assert.Nil(t, p) - assert.EqualError(t, err, ErrInvalidName.Error()) - }) - - t.Run("when options is missing name - OPA", func(t *testing.T) { - p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ - Kind: OPA, - Query: String("terraform.main"), - Enforce: []*EnforcementOptions{ - { - Path: String(randomString(t) + ".rego"), - Mode: EnforcementMode(EnforcementSoft), - }, - }, - }) - assert.Nil(t, p) - assert.EqualError(t, err, ErrRequiredName.Error()) - }) - - t.Run("when options is missing query - OPA", func(t *testing.T) { - name := randomString(t) - p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ - Name: String(name), - Kind: OPA, - Enforce: []*EnforcementOptions{ - { - Path: String(randomString(t) + ".rego"), - Mode: EnforcementMode(EnforcementSoft), - }, - }, - }) - assert.Nil(t, p) - assert.Equal(t, err, ErrRequiredQuery) - }) - - t.Run("when options is missing an enforcement", func(t *testing.T) { - options := PolicyCreateOptions{ - Name: String(randomString(t)), - Kind: OPA, - Query: String("terraform.main"), - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - assert.Nil(t, p) - assert.Equal(t, err, ErrRequiredEnforce) - }) - - t.Run("when options is missing enforcement path", func(t *testing.T) { - options := PolicyCreateOptions{ - Name: String(randomString(t)), - Kind: OPA, - Query: String("terraform.main"), - Enforce: []*EnforcementOptions{ - { - Mode: EnforcementMode(EnforcementSoft), - }, - }, - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - assert.Nil(t, p) - assert.Equal(t, err, ErrRequiredEnforcementPath) - }) - - t.Run("when options is missing enforcement mode", func(t *testing.T) { - name := randomString(t) - options := PolicyCreateOptions{ - Name: String(name), - Kind: OPA, - Query: String("terraform.main"), - Enforce: []*EnforcementOptions{ - { - Path: String(name + ".sentinel"), - }, - }, - } - - p, err := client.Policies.Create(ctx, orgTest.Name, options) - assert.Nil(t, p) - assert.Equal(t, err, ErrRequiredEnforcementMode) - }) - - t.Run("when options has an invalid organization", func(t *testing.T) { - p, err := client.Policies.Create(ctx, badIdentifier, PolicyCreateOptions{ - Name: String("foo"), - }) - assert.Nil(t, p) - assert.EqualError(t, err, ErrInvalidOrg.Error()) - }) -} - -func TestPoliciesList_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - pTest1, pTestCleanup1 := createPolicy(t, client, orgTest) - defer pTestCleanup1() - pTest2, pTestCleanup2 := createPolicy(t, client, orgTest) - defer pTestCleanup2() - opaOptions := PolicyCreateOptions{ - Kind: OPA, - Query: String("data.example.rule"), - Enforce: []*EnforcementOptions{ - { - Mode: EnforcementMode(EnforcementMandatory), - }, - }, - } - pTest3, pTestCleanup3 := createPolicyWithOptions(t, client, orgTest, opaOptions) - defer pTestCleanup3() - - t.Run("without list options", func(t *testing.T) { - pl, err := client.Policies.List(ctx, orgTest.Name, nil) - require.NoError(t, err) - assert.Contains(t, pl.Items, pTest1) - assert.Contains(t, pl.Items, pTest2) - assert.Contains(t, pl.Items, pTest3) - - assert.Equal(t, 1, pl.CurrentPage) - assert.Equal(t, 3, pl.TotalCount) - }) - - t.Run("with pagination", func(t *testing.T) { - // Request a page number which is out of range. The result should - // be successful, but return no results if the paging options are - // properly passed along. - pl, err := client.Policies.List(ctx, orgTest.Name, &PolicyListOptions{ - ListOptions: ListOptions{ - PageNumber: 999, - PageSize: 100, - }, - }) - require.NoError(t, err) - - assert.Empty(t, pl.Items) - assert.Equal(t, 999, pl.CurrentPage) - assert.Equal(t, 3, pl.TotalCount) - }) - - t.Run("with search", func(t *testing.T) { - // Search by one of the policy's names; we should get only that policy - // and pagination data should reflect the search as well - pl, err := client.Policies.List(ctx, orgTest.Name, &PolicyListOptions{ - Search: pTest1.Name, - }) - require.NoError(t, err) - - assert.Contains(t, pl.Items, pTest1) - assert.NotContains(t, pl.Items, pTest2) - assert.Equal(t, 1, pl.CurrentPage) - assert.Equal(t, 1, pl.TotalCount) - }) - - t.Run("with filter by kind", func(t *testing.T) { - pl, err := client.Policies.List(ctx, orgTest.Name, &PolicyListOptions{ - Kind: OPA, - }) - require.NoError(t, err) - - assert.Contains(t, pl.Items, pTest3) - assert.NotContains(t, pl.Items, pTest1) - assert.NotContains(t, pl.Items, pTest2) - assert.Equal(t, 1, pl.CurrentPage) - assert.Equal(t, 1, pl.TotalCount) - }) - - t.Run("without a valid organization", func(t *testing.T) { - ps, err := client.Policies.List(ctx, badIdentifier, nil) - assert.Nil(t, ps) - assert.EqualError(t, err, ErrInvalidOrg.Error()) - }) -} - -func TestPoliciesUpdate_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - t.Run("with a new query", func(t *testing.T) { - options := PolicyCreateOptions{ - Description: String("A sample policy"), - Kind: OPA, - Query: String("data.example.rule"), - Enforce: []*EnforcementOptions{ - { - Mode: EnforcementMode(EnforcementMandatory), - }, - }, - } - pBefore, pBeforeCleanup := createUploadedPolicyWithOptions(t, client, true, orgTest, options) - defer pBeforeCleanup() - - pAfter, err := client.Policies.Update(ctx, pBefore.ID, PolicyUpdateOptions{ - Query: String("terraform.policy1.deny"), - }) - require.NoError(t, err) - - assert.Equal(t, pBefore.Name, pAfter.Name) - assert.Equal(t, pBefore.Enforce, pAfter.Enforce) - assert.NotEqual(t, *pBefore.Query, *pAfter.Query) - assert.Equal(t, "terraform.policy1.deny", *pAfter.Query) - }) - - t.Run("update query when kind is not OPA", func(t *testing.T) { - pBefore, pBeforeCleanup := createUploadedPolicy(t, client, true, orgTest) - defer pBeforeCleanup() - - pAfter, err := client.Policies.Update(ctx, pBefore.ID, PolicyUpdateOptions{ - Query: String("terraform.policy1.deny"), - }) - require.NoError(t, err) - - assert.Equal(t, pBefore.Name, pAfter.Name) - assert.Equal(t, pBefore.Enforce, pAfter.Enforce) - assert.Equal(t, Sentinel, pAfter.Kind) - assert.Nil(t, pAfter.Query) - }) -} diff --git a/policy_integration_test.go b/policy_integration_test.go index 5bc6591a7..ce3b87604 100644 --- a/policy_integration_test.go +++ b/policy_integration_test.go @@ -27,14 +27,27 @@ func TestPoliciesList(t *testing.T) { pTest2, pTestCleanup2 := createPolicy(t, client, orgTest) defer pTestCleanup2() + opaOptions := PolicyCreateOptions{ + Kind: OPA, + Query: String("data.example.rule"), + Enforce: []*EnforcementOptions{ + { + Mode: EnforcementMode(EnforcementMandatory), + }, + }, + } + pTest3, pTestCleanup3 := createPolicyWithOptions(t, client, orgTest, opaOptions) + defer pTestCleanup3() + t.Run("without list options", func(t *testing.T) { pl, err := client.Policies.List(ctx, orgTest.Name, nil) require.NoError(t, err) assert.Contains(t, pl.Items, pTest1) assert.Contains(t, pl.Items, pTest2) + assert.Contains(t, pl.Items, pTest3) assert.Equal(t, 1, pl.CurrentPage) - assert.Equal(t, 2, pl.TotalCount) + assert.Equal(t, 3, pl.TotalCount) }) t.Run("with pagination", func(t *testing.T) { @@ -51,7 +64,7 @@ func TestPoliciesList(t *testing.T) { assert.Empty(t, pl.Items) assert.Equal(t, 999, pl.CurrentPage) - assert.Equal(t, 2, pl.TotalCount) + assert.Equal(t, 3, pl.TotalCount) }) t.Run("with search", func(t *testing.T) { @@ -64,6 +77,20 @@ func TestPoliciesList(t *testing.T) { assert.Contains(t, pl.Items, pTest1) assert.NotContains(t, pl.Items, pTest2) + assert.NotContains(t, pl.Items, pTest3) + assert.Equal(t, 1, pl.CurrentPage) + assert.Equal(t, 1, pl.TotalCount) + }) + + t.Run("with filter by kind", func(t *testing.T) { + pl, err := client.Policies.List(ctx, orgTest.Name, &PolicyListOptions{ + Kind: OPA, + }) + require.NoError(t, err) + + assert.Contains(t, pl.Items, pTest3) + assert.NotContains(t, pl.Items, pTest1) + assert.NotContains(t, pl.Items, pTest2) assert.Equal(t, 1, pl.CurrentPage) assert.Equal(t, 1, pl.TotalCount) }) @@ -82,7 +109,7 @@ func TestPoliciesCreate(t *testing.T) { orgTest, orgTestCleanup := createOrganization(t, client) defer orgTestCleanup() - t.Run("with valid options", func(t *testing.T) { + t.Run("with no kind", func(t *testing.T) { name := randomString(t) options := PolicyCreateOptions{ Name: String(name), @@ -108,6 +135,74 @@ func TestPoliciesCreate(t *testing.T) { } { assert.NotEmpty(t, item.ID) assert.Equal(t, *options.Name, item.Name) + assert.Equal(t, Sentinel, item.Kind) + assert.Equal(t, *options.Description, item.Description) + } + }) + + t.Run("with valid options - Sentinel", func(t *testing.T) { + name := randomString(t) + options := PolicyCreateOptions{ + Name: String(name), + Description: String("A sample policy"), + Kind: Sentinel, + Enforce: []*EnforcementOptions{ + { + Path: String(name + ".sentinel"), + Mode: EnforcementMode(EnforcementSoft), + }, + }, + } + + p, err := client.Policies.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + // Get a refreshed view from the API. + refreshed, err := client.Policies.Read(ctx, p.ID) + require.NoError(t, err) + + for _, item := range []*Policy{ + p, + refreshed, + } { + assert.NotEmpty(t, item.ID) + assert.Equal(t, *options.Name, item.Name) + assert.Equal(t, options.Kind, item.Kind) + assert.Nil(t, options.Query) + assert.Equal(t, *options.Description, item.Description) + } + }) + + t.Run("with valid options - OPA", func(t *testing.T) { + name := randomString(t) + options := PolicyCreateOptions{ + Name: String(name), + Description: String("A sample policy"), + Kind: OPA, + Query: String("terraform.main"), + Enforce: []*EnforcementOptions{ + { + Path: String(name + ".rego"), + Mode: EnforcementMode(EnforcementMandatory), + }, + }, + } + + p, err := client.Policies.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + // Get a refreshed view from the API. + refreshed, err := client.Policies.Read(ctx, p.ID) + require.NoError(t, err) + + for _, item := range []*Policy{ + p, + refreshed, + } { + assert.NotEmpty(t, item.ID) + assert.Equal(t, *options.Name, item.Name) + assert.Equal(t, options.Kind, item.Kind) + assert.Equal(t, *options.Query, *item.Query) assert.Equal(t, *options.Description, item.Description) } }) @@ -126,6 +221,22 @@ func TestPoliciesCreate(t *testing.T) { assert.EqualError(t, err, ErrInvalidName.Error()) }) + t.Run("when options has an invalid name - OPA", func(t *testing.T) { + p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ + Name: String(badIdentifier), + Kind: OPA, + Query: String("terraform.main"), + Enforce: []*EnforcementOptions{ + { + Path: String(badIdentifier + ".rego"), + Mode: EnforcementMode(EnforcementAdvisory), + }, + }, + }) + assert.Nil(t, p) + assert.EqualError(t, err, ErrInvalidName.Error()) + }) + t.Run("when options is missing name", func(t *testing.T) { p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ Enforce: []*EnforcementOptions{ @@ -139,7 +250,50 @@ func TestPoliciesCreate(t *testing.T) { assert.EqualError(t, err, ErrRequiredName.Error()) }) - t.Run("when options is missing an enforcement", func(t *testing.T) { + t.Run("when options is missing name - OPA", func(t *testing.T) { + p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ + Kind: OPA, + Query: String("terraform.main"), + Enforce: []*EnforcementOptions{ + { + Path: String(randomString(t) + ".rego"), + Mode: EnforcementMode(EnforcementSoft), + }, + }, + }) + assert.Nil(t, p) + assert.EqualError(t, err, ErrRequiredName.Error()) + }) + + t.Run("when options is missing query - OPA", func(t *testing.T) { + name := randomString(t) + p, err := client.Policies.Create(ctx, orgTest.Name, PolicyCreateOptions{ + Name: String(name), + Kind: OPA, + Enforce: []*EnforcementOptions{ + { + Path: String(randomString(t) + ".rego"), + Mode: EnforcementMode(EnforcementSoft), + }, + }, + }) + assert.Nil(t, p) + assert.Equal(t, err, ErrRequiredQuery) + }) + + t.Run("when options is missing an enforcement-OPA", func(t *testing.T) { + options := PolicyCreateOptions{ + Name: String(randomString(t)), + Kind: OPA, + Query: String("terraform.main"), + } + + p, err := client.Policies.Create(ctx, orgTest.Name, options) + assert.Nil(t, p) + assert.Equal(t, err, ErrRequiredEnforce) + }) + + t.Run("when options is missing an enforcement-Sentinel", func(t *testing.T) { options := PolicyCreateOptions{ Name: String(randomString(t)), } @@ -149,7 +303,7 @@ func TestPoliciesCreate(t *testing.T) { assert.Equal(t, err, ErrRequiredEnforce) }) - t.Run("when options is missing enforcement path", func(t *testing.T) { + t.Run("when options is missing enforcement path-Sentinel", func(t *testing.T) { options := PolicyCreateOptions{ Name: String(randomString(t)), Enforce: []*EnforcementOptions{ @@ -164,6 +318,23 @@ func TestPoliciesCreate(t *testing.T) { assert.Equal(t, err, ErrRequiredEnforcementPath) }) + t.Run("when options is missing enforcement path-OPA", func(t *testing.T) { + options := PolicyCreateOptions{ + Name: String(randomString(t)), + Kind: OPA, + Query: String("terraform.main"), + Enforce: []*EnforcementOptions{ + { + Mode: EnforcementMode(EnforcementSoft), + }, + }, + } + + p, err := client.Policies.Create(ctx, orgTest.Name, options) + assert.Nil(t, p) + assert.Equal(t, err, ErrRequiredEnforcementPath) + }) + t.Run("when options is missing enforcement path", func(t *testing.T) { name := randomString(t) options := PolicyCreateOptions{ @@ -180,6 +351,24 @@ func TestPoliciesCreate(t *testing.T) { assert.Equal(t, err, ErrRequiredEnforcementMode) }) + t.Run("when options is missing enforcement mode-OPA", func(t *testing.T) { + name := randomString(t) + options := PolicyCreateOptions{ + Name: String(name), + Kind: OPA, + Query: String("terraform.main"), + Enforce: []*EnforcementOptions{ + { + Path: String(name + ".sentinel"), + }, + }, + } + + p, err := client.Policies.Create(ctx, orgTest.Name, options) + assert.Nil(t, p) + assert.Equal(t, err, ErrRequiredEnforcementMode) + }) + t.Run("when options has an invalid organization", func(t *testing.T) { p, err := client.Policies.Create(ctx, badIdentifier, PolicyCreateOptions{ Name: String("foo"), @@ -315,6 +504,46 @@ func TestPoliciesUpdate(t *testing.T) { assert.Equal(t, "A brand new description", pAfter.Description) }) + t.Run("with a new query", func(t *testing.T) { + options := PolicyCreateOptions{ + Description: String("A sample OPA policy"), + Kind: OPA, + Query: String("data.example.rule"), + Enforce: []*EnforcementOptions{ + { + Mode: EnforcementMode(EnforcementMandatory), + }, + }, + } + pBefore, pBeforeCleanup := createUploadedPolicyWithOptions(t, client, true, orgTest, options) + defer pBeforeCleanup() + + pAfter, err := client.Policies.Update(ctx, pBefore.ID, PolicyUpdateOptions{ + Query: String("terraform.policy1.deny"), + }) + require.NoError(t, err) + + assert.Equal(t, pBefore.Name, pAfter.Name) + assert.Equal(t, pBefore.Enforce, pAfter.Enforce) + assert.NotEqual(t, *pBefore.Query, *pAfter.Query) + assert.Equal(t, "terraform.policy1.deny", *pAfter.Query) + }) + + t.Run("update query when kind is not OPA", func(t *testing.T) { + pBefore, pBeforeCleanup := createUploadedPolicy(t, client, true, orgTest) + defer pBeforeCleanup() + + pAfter, err := client.Policies.Update(ctx, pBefore.ID, PolicyUpdateOptions{ + Query: String("terraform.policy1.deny"), + }) + require.NoError(t, err) + + assert.Equal(t, pBefore.Name, pAfter.Name) + assert.Equal(t, pBefore.Enforce, pAfter.Enforce) + assert.Equal(t, Sentinel, pAfter.Kind) + assert.Nil(t, pAfter.Query) + }) + t.Run("without a valid policy ID", func(t *testing.T) { p, err := client.Policies.Update(ctx, badIdentifier, PolicyUpdateOptions{}) assert.Nil(t, p) diff --git a/policy_set_integration_beta_test.go b/policy_set_integration_beta_test.go deleted file mode 100644 index 470f3722f..000000000 --- a/policy_set_integration_beta_test.go +++ /dev/null @@ -1,366 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package tfe - -import ( - "context" - "fmt" - "os" - "regexp" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestPolicySetsList_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - upgradeOrganizationSubscription(t, client, orgTest) - - workspace, workspaceCleanup := createWorkspace(t, client, orgTest) - defer workspaceCleanup() - - psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "") - defer psTestCleanup1() - psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "") - defer psTestCleanup2() - psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, OPA) - defer psTestCleanup3() - - t.Run("without list options", func(t *testing.T) { - psl, err := client.PolicySets.List(ctx, orgTest.Name, nil) - require.NoError(t, err) - - assert.Contains(t, psl.Items, psTest1) - assert.Contains(t, psl.Items, psTest2) - assert.Contains(t, psl.Items, psTest3) - assert.Equal(t, 1, psl.CurrentPage) - assert.Equal(t, 3, psl.TotalCount) - }) - - t.Run("with pagination", func(t *testing.T) { - // Request a page number which is out of range. The result should - // be successful, but return no results if the paging options are - // properly passed along. - psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{ - ListOptions: ListOptions{ - PageNumber: 999, - PageSize: 100, - }, - }) - require.NoError(t, err) - - assert.Empty(t, psl.Items) - assert.Equal(t, 999, psl.CurrentPage) - assert.Equal(t, 3, psl.TotalCount) - }) - - t.Run("with search", func(t *testing.T) { - // Search by one of the policy set's names; we should get only that policy - // set and pagination data should reflect the search as well - psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{ - Search: psTest1.Name, - }) - require.NoError(t, err) - - assert.Contains(t, psl.Items, psTest1) - assert.NotContains(t, psl.Items, psTest2) - assert.Equal(t, 1, psl.CurrentPage) - assert.Equal(t, 1, psl.TotalCount) - }) - - t.Run("with include param", func(t *testing.T) { - psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{ - Include: []PolicySetIncludeOpt{PolicySetWorkspaces}, - }) - require.NoError(t, err) - - assert.Equal(t, 3, len(psl.Items)) - - assert.NotNil(t, psl.Items[0].Workspaces) - assert.Equal(t, 1, len(psl.Items[0].Workspaces)) - assert.Equal(t, workspace.ID, psl.Items[0].Workspaces[0].ID) - }) - - t.Run("filter by kind", func(t *testing.T) { - psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{ - Include: []PolicySetIncludeOpt{PolicySetWorkspaces}, - Kind: OPA, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(psl.Items)) - - assert.NotNil(t, psl.Items[0].Workspaces) - assert.Equal(t, 1, len(psl.Items[0].Workspaces)) - assert.Equal(t, workspace.ID, psl.Items[0].Workspaces[0].ID) - }) - - t.Run("without a valid organization", func(t *testing.T) { - ps, err := client.PolicySets.List(ctx, badIdentifier, nil) - assert.Nil(t, ps) - assert.EqualError(t, err, ErrInvalidOrg.Error()) - }) -} - -func TestPolicySetsCreate_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - upgradeOrganizationSubscription(t, client, orgTest) - - var vcsPolicyID string - - t.Run("with valid attributes", func(t *testing.T) { - options := PolicySetCreateOptions{ - Name: String("policy-set"), - Kind: OPA, - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, "") - assert.Equal(t, ps.Kind, OPA) - assert.False(t, ps.Global) - }) - - t.Run("with kind missing", func(t *testing.T) { - options := PolicySetCreateOptions{ - Name: String("policy-set1"), - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, "") - assert.Equal(t, ps.Kind, Sentinel) - assert.False(t, ps.Global) - }) - - t.Run("with all attributes provided - sentinel", func(t *testing.T) { - options := PolicySetCreateOptions{ - Name: String("global"), - Description: String("Policies in this set will be checked in ALL workspaces!"), - Kind: Sentinel, - Global: Bool(true), - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, *options.Description) - assert.Equal(t, ps.Kind, Sentinel) - assert.True(t, ps.Global) - }) - - t.Run("with all attributes provided - OPA", func(t *testing.T) { - options := PolicySetCreateOptions{ - Name: String("global1"), - Description: String("Policies in this set will be checked in ALL workspaces!"), - Kind: OPA, - Overridable: Bool(true), - Global: Bool(true), - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, *options.Description) - assert.Equal(t, ps.Overridable, options.Overridable) - assert.Equal(t, ps.Kind, OPA) - assert.True(t, ps.Global) - }) - - t.Run("with missing overridable attribute", func(t *testing.T) { - options := PolicySetCreateOptions{ - Name: String("global2"), - Description: String("Policies in this set will be checked in ALL workspaces!"), - Kind: OPA, - Global: Bool(true), - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, *options.Description) - assert.Equal(t, ps.Overridable, Bool(false)) - assert.Equal(t, ps.Kind, OPA) - assert.True(t, ps.Global) - }) - - t.Run("with policies and workspaces provided", func(t *testing.T) { - pTest, pTestCleanup := createPolicy(t, client, orgTest) - defer pTestCleanup() - wTest, wTestCleanup := createWorkspace(t, client, orgTest) - defer wTestCleanup() - - options := PolicySetCreateOptions{ - Name: String("populated-policy-set"), - Policies: []*Policy{pTest}, - Kind: Sentinel, - Workspaces: []*Workspace{wTest}, - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.PolicyCount, 1) - assert.Equal(t, ps.Policies[0].ID, pTest.ID) - assert.Equal(t, ps.WorkspaceCount, 1) - assert.Equal(t, ps.Kind, Sentinel) - assert.Equal(t, ps.Workspaces[0].ID, wTest.ID) - }) - - t.Run("with vcs policy set", func(t *testing.T) { - githubIdentifier := os.Getenv("GITHUB_POLICY_SET_IDENTIFIER") - if githubIdentifier == "" { - t.Skip("Export a valid GITHUB_POLICY_SET_IDENTIFIER before running this test") - } - - oc, ocTestCleanup := createOAuthToken(t, client, orgTest) - defer ocTestCleanup() - - options := PolicySetCreateOptions{ - Name: String("vcs-policy-set1"), - Kind: Sentinel, - PoliciesPath: String("/policy-sets/foo"), - VCSRepo: &VCSRepoOptions{ - Branch: String("policies"), - Identifier: String(githubIdentifier), - OAuthTokenID: String(oc.ID), - IngressSubmodules: Bool(true), - }, - } - - ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) - require.NoError(t, err) - - // Save policy ID to be used by update func - vcsPolicyID = ps.ID - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, "") - assert.False(t, ps.Global) - assert.Equal(t, ps.PoliciesPath, "/policy-sets/foo") - assert.Equal(t, ps.VCSRepo.Branch, "policies") - assert.Equal(t, ps.Kind, Sentinel) - assert.Equal(t, ps.VCSRepo.DisplayIdentifier, githubIdentifier) - assert.Equal(t, ps.VCSRepo.Identifier, githubIdentifier) - assert.Equal(t, ps.VCSRepo.IngressSubmodules, true) - assert.Equal(t, ps.VCSRepo.OAuthTokenID, oc.ID) - assert.Equal(t, ps.VCSRepo.RepositoryHTTPURL, fmt.Sprintf("https://github.com/%s", githubIdentifier)) - assert.Equal(t, ps.VCSRepo.ServiceProvider, string(ServiceProviderGithub)) - assert.Regexp(t, fmt.Sprintf("^%s/webhooks/vcs/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", regexp.QuoteMeta(DefaultConfig().Address)), ps.VCSRepo.WebhookURL) - }) - - t.Run("with vcs policy updated", func(t *testing.T) { - githubIdentifier := os.Getenv("GITHUB_POLICY_SET_IDENTIFIER") - if githubIdentifier == "" { - t.Skip("Export a valid GITHUB_POLICY_SET_IDENTIFIER before running this test") - } - - oc, ocTestCleanup := createOAuthToken(t, client, orgTest) - defer ocTestCleanup() - - options := PolicySetUpdateOptions{ - Name: String("vcs-policy-set"), - PoliciesPath: String("/policy-sets/bar"), - VCSRepo: &VCSRepoOptions{ - Branch: String("policies"), - Identifier: String(githubIdentifier), - OAuthTokenID: String(oc.ID), - IngressSubmodules: Bool(false), - }, - } - - ps, err := client.PolicySets.Update(ctx, vcsPolicyID, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, "") - assert.False(t, ps.Global) - assert.Equal(t, ps.PoliciesPath, "/policy-sets/bar") - assert.Equal(t, ps.VCSRepo.Branch, "policies") - assert.Equal(t, ps.VCSRepo.DisplayIdentifier, githubIdentifier) - assert.Equal(t, ps.VCSRepo.Identifier, githubIdentifier) - assert.Equal(t, ps.VCSRepo.IngressSubmodules, false) - assert.Equal(t, ps.VCSRepo.OAuthTokenID, oc.ID) - assert.Equal(t, ps.VCSRepo.RepositoryHTTPURL, fmt.Sprintf("https://github.com/%s", githubIdentifier)) - assert.Equal(t, ps.VCSRepo.ServiceProvider, string(ServiceProviderGithub)) - assert.Regexp(t, fmt.Sprintf("^%s/webhooks/vcs/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", regexp.QuoteMeta(DefaultConfig().Address)), ps.VCSRepo.WebhookURL) - }) - - t.Run("without a name provided", func(t *testing.T) { - ps, err := client.PolicySets.Create(ctx, orgTest.Name, PolicySetCreateOptions{}) - assert.Nil(t, ps) - assert.EqualError(t, err, ErrRequiredName.Error()) - }) - - t.Run("with an invalid name provided", func(t *testing.T) { - ps, err := client.PolicySets.Create(ctx, orgTest.Name, PolicySetCreateOptions{ - Name: String("nope!"), - }) - assert.Nil(t, ps) - assert.EqualError(t, err, ErrInvalidName.Error()) - }) - - t.Run("without a valid organization", func(t *testing.T) { - ps, err := client.PolicySets.Create(ctx, badIdentifier, PolicySetCreateOptions{ - Name: String("policy-set"), - }) - assert.Nil(t, ps) - assert.EqualError(t, err, ErrInvalidOrg.Error()) - }) -} - -func TestPolicySetsUpdate_Beta(t *testing.T) { - skipUnlessBeta(t) - - client := testClient(t) - ctx := context.Background() - - orgTest, orgTestCleanup := createOrganization(t, client) - defer orgTestCleanup() - - upgradeOrganizationSubscription(t, client, orgTest) - - psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "opa") - defer psTestCleanup() - - t.Run("with valid attributes", func(t *testing.T) { - options := PolicySetUpdateOptions{ - Name: String("global"), - Description: String("Policies in this set will be checked in ALL workspaces!"), - Global: Bool(true), - Overridable: Bool(true), - } - - ps, err := client.PolicySets.Update(ctx, psTest.ID, options) - require.NoError(t, err) - - assert.Equal(t, ps.Name, *options.Name) - assert.Equal(t, ps.Description, *options.Description) - assert.True(t, ps.Global) - assert.True(t, *ps.Overridable) - }) -} diff --git a/policy_set_integration_test.go b/policy_set_integration_test.go index 48b7156a9..b62f5b783 100644 --- a/policy_set_integration_test.go +++ b/policy_set_integration_test.go @@ -31,6 +31,8 @@ func TestPolicySetsList(t *testing.T) { defer psTestCleanup1() psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "") defer psTestCleanup2() + psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, OPA) + defer psTestCleanup3() t.Run("without list options", func(t *testing.T) { psl, err := client.PolicySets.List(ctx, orgTest.Name, nil) @@ -38,8 +40,9 @@ func TestPolicySetsList(t *testing.T) { assert.Contains(t, psl.Items, psTest1) assert.Contains(t, psl.Items, psTest2) + assert.Contains(t, psl.Items, psTest3) assert.Equal(t, 1, psl.CurrentPage) - assert.Equal(t, 2, psl.TotalCount) + assert.Equal(t, 3, psl.TotalCount) }) t.Run("with pagination", func(t *testing.T) { @@ -56,7 +59,7 @@ func TestPolicySetsList(t *testing.T) { assert.Empty(t, psl.Items) assert.Equal(t, 999, psl.CurrentPage) - assert.Equal(t, 2, psl.TotalCount) + assert.Equal(t, 3, psl.TotalCount) }) t.Run("with search", func(t *testing.T) { @@ -79,7 +82,7 @@ func TestPolicySetsList(t *testing.T) { }) require.NoError(t, err) - assert.Equal(t, 2, len(psl.Items)) + assert.Equal(t, 3, len(psl.Items)) assert.NotNil(t, psl.Items[0].Workspaces) assert.Equal(t, 1, len(psl.Items[0].Workspaces)) @@ -117,10 +120,40 @@ func TestPolicySetsCreate(t *testing.T) { assert.False(t, ps.Global) }) - t.Run("with all attributes provided", func(t *testing.T) { + t.Run("OPA policy set with valid attributes", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("opa-policy-set"), + Kind: OPA, + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, "") + assert.Equal(t, ps.Kind, OPA) + assert.False(t, ps.Global) + }) + + t.Run("with kind missing", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("policy-set1"), + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, "") + assert.Equal(t, ps.Kind, Sentinel) + assert.False(t, ps.Global) + }) + + t.Run("with all attributes provided - sentinel", func(t *testing.T) { options := PolicySetCreateOptions{ Name: String("global"), Description: String("Policies in this set will be checked in ALL workspaces!"), + Kind: Sentinel, Global: Bool(true), } @@ -129,6 +162,44 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.Name, *options.Name) assert.Equal(t, ps.Description, *options.Description) + assert.Equal(t, ps.Kind, Sentinel) + assert.True(t, ps.Global) + }) + + t.Run("with all attributes provided - OPA", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("global1"), + Description: String("Policies in this set will be checked in ALL workspaces!"), + Kind: OPA, + Overridable: Bool(true), + Global: Bool(true), + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, *options.Description) + assert.Equal(t, ps.Overridable, options.Overridable) + assert.Equal(t, ps.Kind, OPA) + assert.True(t, ps.Global) + }) + + t.Run("with missing overridable attribute", func(t *testing.T) { + options := PolicySetCreateOptions{ + Name: String("global2"), + Description: String("Policies in this set will be checked in ALL workspaces!"), + Kind: OPA, + Global: Bool(true), + } + + ps, err := client.PolicySets.Create(ctx, orgTest.Name, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, *options.Description) + assert.Equal(t, ps.Overridable, Bool(false)) + assert.Equal(t, ps.Kind, OPA) assert.True(t, ps.Global) }) @@ -141,6 +212,7 @@ func TestPolicySetsCreate(t *testing.T) { options := PolicySetCreateOptions{ Name: String("populated-policy-set"), Policies: []*Policy{pTest}, + Kind: Sentinel, Workspaces: []*Workspace{wTest}, } @@ -151,6 +223,7 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.PolicyCount, 1) assert.Equal(t, ps.Policies[0].ID, pTest.ID) assert.Equal(t, ps.WorkspaceCount, 1) + assert.Equal(t, ps.Kind, Sentinel) assert.Equal(t, ps.Workspaces[0].ID, wTest.ID) }) @@ -193,6 +266,7 @@ func TestPolicySetsCreate(t *testing.T) { options := PolicySetCreateOptions{ Name: String("vcs-policy-set"), + Kind: Sentinel, PoliciesPath: String("/policy-sets/foo"), VCSRepo: &VCSRepoOptions{ Branch: String("policies"), @@ -211,6 +285,7 @@ func TestPolicySetsCreate(t *testing.T) { assert.Equal(t, ps.Name, *options.Name) assert.Equal(t, ps.Description, "") assert.False(t, ps.Global) + assert.Equal(t, ps.Kind, Sentinel) assert.Equal(t, ps.PoliciesPath, "/policy-sets/foo") assert.Equal(t, ps.VCSRepo.Branch, "policies") assert.Equal(t, ps.VCSRepo.DisplayIdentifier, githubIdentifier) @@ -445,6 +520,8 @@ func TestPolicySetsUpdate(t *testing.T) { psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "") defer psTestCleanup() + psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, nil, nil, "opa") + defer psTestCleanup2() t.Run("with valid attributes", func(t *testing.T) { options := PolicySetUpdateOptions{ @@ -461,6 +538,23 @@ func TestPolicySetsUpdate(t *testing.T) { assert.True(t, ps.Global) }) + t.Run("with valid attributes-OPA", func(t *testing.T) { + options := PolicySetUpdateOptions{ + Name: String("global2"), + Description: String("Policies in this set will be checked in ALL workspaces!"), + Global: Bool(true), + Overridable: Bool(true), + } + + ps, err := client.PolicySets.Update(ctx, psTest2.ID, options) + require.NoError(t, err) + + assert.Equal(t, ps.Name, *options.Name) + assert.Equal(t, ps.Description, *options.Description) + assert.True(t, ps.Global) + assert.True(t, *ps.Overridable) + }) + t.Run("with invalid attributes", func(t *testing.T) { ps, err := client.PolicySets.Update(ctx, psTest.ID, PolicySetUpdateOptions{ Name: String("nope!"),