add new test for restricted permission

DataDog · Jan 2, 2025 · b18d445 · b18d445
1 parent cfa8873
commit b18d445
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 37 deletions.
diff --git a/datadog/resource_datadog_role.go b/datadog/resource_datadog_role.go
@@ -145,7 +145,7 @@ func resourceDatadogRoleCustomizeDiff(ctx context.Context, diff *schema.Resource
 
 		if permAttributes.IsDefaultPermission && !defaultPermissionsOptOut.(bool) {
 			return fmt.Errorf(
-				"permission with ID %s is a restricted (default) permission and cannot be managed by terraform, set `default_permissions_opt_out` to `true` to manage default permissions, or remove it from your configuration",
+				"permission with ID %s is a restricted (default) permission and cannot be managed by terraform, remove it from your configuration",
 				permID,
 			)
 		}

diff --git a/datadog/tests/cassettes/TestAccDatadogRole_InvalidPerm.freeze b/datadog/tests/cassettes/TestAccDatadogRole_InvalidPerm.freeze
@@ -1 +1 @@
-2022-07-26T10:43:12.182854-04:00
+2025-01-02T11:18:48.106262-05:00
diff --git a/datadog/tests/cassettes/TestAccDatadogRole_InvalidPerm.yaml b/datadog/tests/cassettes/TestAccDatadogRole_InvalidPerm.yaml
diff --git a/datadog/tests/resource_datadog_role_test.go b/datadog/tests/resource_datadog_role_test.go
@@ -111,9 +111,13 @@ func TestAccDatadogRole_InvalidPerm(t *testing.T) {
 		ProviderFactories: accProviders,
 		Steps: []resource.TestStep{
 			{
-				Config:      testAccCheckDatadogRoleConfigInvalidPerm(rolename),
+				Config:      testAccCheckDatadogRoleConfigInvalidNonexistentPerm(rolename),
 				ExpectError: regexp.MustCompile("permission with ID .* does not exist"),
 			},
+			{
+				Config:      testAccCheckDatadogRoleConfigInvalidRestrictedPerm(rolename),
+				ExpectError: regexp.MustCompile("permission with ID .* is a restricted"),
+			},
 		},
 	})
 }
@@ -241,7 +245,7 @@ resource "datadog_role" "foo" {
 }`, uniq)
 }
 
-func testAccCheckDatadogRoleConfigInvalidPerm(uniq string) string {
+func testAccCheckDatadogRoleConfigInvalidNonexistentPerm(uniq string) string {
 	return fmt.Sprintf(`
 resource "datadog_role" "foo" {
   name      = "%sinvalid"
@@ -250,3 +254,17 @@ resource "datadog_role" "foo" {
   }
 }`, uniq)
 }
+
+func testAccCheckDatadogRoleConfigInvalidRestrictedPerm(uniq string) string {
+	return fmt.Sprintf(`
+data "datadog_permissions" foo {
+  include_restricted = true
+}
+
+resource "datadog_role" "foo" {
+  name      = "%s invalid restricted"
+  permission {
+    id = "${data.datadog_permissions.foo.permissions.dashboards_read}"
+  }
+}`, uniq)
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		2022-07-26T10:43:12.182854-04:00
		2025-01-02T11:18:48.106262-05:00