Update policy_set to support excluded workspaces relation on CREATE (#…

…757) * init * test * update * rename * add test * skip test * new struct * change api * api changes * new test * skip test * fixed test * lint fix * test fix --------- Co-authored-by: Netra Mali <netra.mali@hashicorp.com>
hashicorp · Aug 31, 2023 · a1edca1 · a1edca1
1 parent e3805be
commit a1edca1
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 41 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,9 @@
 <!-- Add CHANGELOG entry to this section for any PR awaiting the next release -->
 * Removed beta tags for TeamProjectAccess by @rberecka [#756](https://github.com/hashicorp/go-tfe/pull/756)
 
+## Enhancements
+* Added BETA support for including `workspaceExclusions` relationship to policy_set on create by @Netra2104 [#757](https://github.com/hashicorp/go-tfe/pull/757)
+
 # v1.32.1
 
 ## Dependency Update

diff --git a/helper_test.go b/helper_test.go
@@ -593,7 +593,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, nil, "")
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()
@@ -619,7 +619,8 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	}
 }
 
-func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace, projects []*Project, kind PolicyKind) (*PolicySet, func()) {
+func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace,
+	excludedWorkspace []*Workspace, projects []*Project, kind PolicyKind) (*PolicySet, func()) {
 	var orgCleanup func()
 
 	if org == nil {
@@ -628,11 +629,12 @@ func createPolicySet(t *testing.T, client *Client, org *Organization, policies [
 
 	ctx := context.Background()
 	ps, err := client.PolicySets.Create(ctx, org.Name, PolicySetCreateOptions{
-		Name:       String(randomString(t)),
-		Policies:   policies,
-		Workspaces: workspaces,
-		Projects:   projects,
-		Kind:       kind,
+		Name:                String(randomString(t)),
+		Policies:            policies,
+		Workspaces:          workspaces,
+		WorkspaceExclusions: excludedWorkspace,
+		Projects:            projects,
+		Kind:                kind,
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -685,7 +687,7 @@ func createPolicySetVersion(t *testing.T, client *Client, ps *PolicySet) (*Polic
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, nil, "")
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()

diff --git a/policy_check_integration_test.go b/policy_check_integration_test.go
@@ -28,7 +28,7 @@ func TestPolicyChecksList(t *testing.T) {
 	defer policyCleanup2()
 	wTest, wsCleanup := createWorkspace(t, client, orgTest)
 	defer wsCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, nil, "")
+	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, nil, nil, "")
 
 	rTest, runCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer runCleanup()
@@ -90,7 +90,7 @@ func TestPolicyChecksRead(t *testing.T) {
 
 	pTest, _ := createUploadedPolicy(t, client, true, orgTest)
 	wTest, _ := createWorkspace(t, client, orgTest)
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, "")
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, nil, "")
 
 	rTest, _ := createPolicyCheckedRun(t, client, wTest)
 	require.Equal(t, 1, len(rTest.PolicyChecks))
@@ -134,7 +134,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, "")
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, nil, "")
 		rTest, tTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer tTestCleanup()
 
@@ -159,7 +159,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, "")
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, nil, "")
 		rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer rTestCleanup()
 
@@ -190,7 +190,7 @@ func TestPolicyChecksLogs(t *testing.T) {
 	defer pTestCleanup()
 	wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 	defer wTestCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, "")
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, nil, nil, "")
 
 	rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer rTestCleanup()

diff --git a/policy_evaluation_beta_test.go b/policy_evaluation_beta_test.go
@@ -37,7 +37,7 @@ func TestPolicyEvaluationList_Beta(t *testing.T) {
 	defer policyTestCleanup()
 
 	policySet := []*Policy{policyTest}
-	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, OPA)
+	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, nil, OPA)
 	defer psTestCleanup1()
 
 	rTest, rTestCleanup := createRun(t, client, wkspaceTest)
@@ -92,7 +92,7 @@ func TestPolicySetOutcomeList_Beta(t *testing.T) {
 	defer policyTestCleanup()
 
 	policySet := []*Policy{policyTest}
-	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, OPA)
+	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, nil, OPA)
 	defer psTestCleanup1()
 
 	rTest, rTestCleanup := createPlannedRun(t, client, wkspaceTest)
@@ -203,7 +203,7 @@ func TestPolicySetOutcomeRead_Beta(t *testing.T) {
 	defer policyTestCleanup()
 
 	policySet := []*Policy{policyTest}
-	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, OPA)
+	_, psTestCleanup1 := createPolicySet(t, client, orgTest, policySet, []*Workspace{wkspaceTest}, nil, nil, OPA)
 	defer psTestCleanup1()
 
 	rTest, rTestCleanup := createPlannedRun(t, client, wkspaceTest)

diff --git a/policy_set.go b/policy_set.go
@@ -108,6 +108,9 @@ type PolicySet struct {
 	// The most recent successful policy set version.
 	CurrentVersion *PolicySetVersion `jsonapi:"relation,current-version"`
 	// **Note: This field is still in BETA and subject to change.**
+	// The workspace exclusions to which the policy set applies.
+	WorkspaceExclusions []*Workspace `jsonapi:"relation,workspace-exclusions"`
+	// **Note: This field is still in BETA and subject to change.**
 	// The projects to which the policy set applies.
 	Projects []*Project `jsonapi:"relation,projects"`
 }
@@ -122,7 +125,8 @@ const (
 	PolicySetCurrentVersion PolicySetIncludeOpt = "current_version"
 	PolicySetNewestVersion  PolicySetIncludeOpt = "newest_version"
 	// **Note: This field is still in BETA and subject to change.**
-	PolicySetProjects PolicySetIncludeOpt = "projects"
+	PolicySetWorkspaceExclusions PolicySetIncludeOpt = "workspace_exclusions"
+	PolicySetProjects            PolicySetIncludeOpt = "projects"
 )
 
 // PolicySetListOptions represents the options for listing policy sets.
@@ -193,6 +197,10 @@ type PolicySetCreateOptions struct {
 	// Optional: The initial list of workspaces for which the policy set should be enforced.
 	Workspaces []*Workspace `jsonapi:"relation,workspaces,omitempty"`
 
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: The initial list of workspace exclusions for which the policy set should be enforced.
+	WorkspaceExclusions []*Workspace `jsonapi:"relation,workspace-exclusions,omitempty"`
+
 	// **Note: This field is still in BETA and subject to change.**
 	// Optional: The initial list of projects for which the policy set should be enforced.
 	Projects []*Project `jsonapi:"relation,projects,omitempty"`
@@ -588,7 +596,7 @@ func (o *PolicySetReadOptions) valid() error {
 func validatePolicySetIncludeParams(params []PolicySetIncludeOpt) error {
 	for _, p := range params {
 		switch p {
-		case PolicySetPolicies, PolicySetWorkspaces, PolicySetCurrentVersion, PolicySetNewestVersion, PolicySetProjects:
+		case PolicySetPolicies, PolicySetWorkspaces, PolicySetCurrentVersion, PolicySetNewestVersion, PolicySetWorkspaceExclusions, PolicySetProjects:
 			// do nothing
 		default:
 			return ErrInvalidIncludeValue

diff --git a/policy_set_integration_beta_test.go b/policy_set_integration_beta_test.go
@@ -28,11 +28,11 @@ func TestPolicySetsList_Beta(t *testing.T) {
 	workspace, workspaceCleanup := createWorkspace(t, client, orgTest)
 	defer workspaceCleanup()
 
-	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "")
+	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, nil, "")
 	defer psTestCleanup1()
-	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "")
+	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, nil, "")
 	defer psTestCleanup2()
-	psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, OPA)
+	psTest3, psTestCleanup3 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, nil, OPA)
 	defer psTestCleanup3()
 
 	t.Run("without list options", func(t *testing.T) {
@@ -344,7 +344,7 @@ func TestPolicySetsUpdate_Beta(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "opa")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "opa")
 	defer psTestCleanup()
 
 	t.Run("with valid attributes", func(t *testing.T) {

diff --git a/policy_set_integration_test.go b/policy_set_integration_test.go
@@ -26,10 +26,12 @@ func TestPolicySetsList(t *testing.T) {
 
 	workspace, workspaceCleanup := createWorkspace(t, client, orgTest)
 	defer workspaceCleanup()
+	excludedWorkspace, excludedWorkspaceCleanup := createWorkspace(t, client, orgTest)
+	defer excludedWorkspaceCleanup()
 
-	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "")
+	psTest1, psTestCleanup1 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, []*Workspace{excludedWorkspace}, nil, "")
 	defer psTestCleanup1()
-	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, nil, "")
+	psTest2, psTestCleanup2 := createPolicySet(t, client, orgTest, nil, []*Workspace{workspace}, []*Workspace{excludedWorkspace}, nil, "")
 	defer psTestCleanup2()
 
 	t.Run("without list options", func(t *testing.T) {
@@ -86,6 +88,21 @@ func TestPolicySetsList(t *testing.T) {
 		assert.Equal(t, workspace.ID, psl.Items[0].Workspaces[0].ID)
 	})
 
+	t.Run("with workspace exclusion include param", func(t *testing.T) {
+		skipUnlessBeta(t)
+		psl, err := client.PolicySets.List(ctx, orgTest.Name, &PolicySetListOptions{
+			Include: []PolicySetIncludeOpt{PolicySetWorkspaceExclusions},
+		})
+		require.NoError(t, err)
+		assert.Equal(t, 2, len(psl.Items))
+
+		assert.NotNil(t, psl.Items[0].WorkspaceExclusions)
+		assert.Equal(t, 1, len(psl.Items[0].WorkspaceExclusions))
+		assert.Equal(t, excludedWorkspace.ID, psl.Items[0].WorkspaceExclusions[0].ID)
+		assert.Equal(t, excludedWorkspace.Name, psl.Items[0].WorkspaceExclusions[0].Name)
+		assert.Equal(t, excludedWorkspace.CreatedAt, psl.Items[0].WorkspaceExclusions[0].CreatedAt)
+	})
+
 	t.Run("without a valid organization", func(t *testing.T) {
 		ps, err := client.PolicySets.List(ctx, badIdentifier, nil)
 		assert.Nil(t, ps)
@@ -182,6 +199,29 @@ func TestPolicySetsCreate(t *testing.T) {
 		assert.Equal(t, ps.Projects[0].ID, prjTest.ID)
 	})
 
+	t.Run("with policies and excluded workspaces provided", func(t *testing.T) {
+		skipUnlessBeta(t)
+		pTest, pTestCleanup := createPolicy(t, client, orgTest)
+		defer pTestCleanup()
+		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
+		defer wTestCleanup()
+
+		options := PolicySetCreateOptions{
+			Name:                String("exclusion-policy-set"),
+			Policies:            []*Policy{pTest},
+			WorkspaceExclusions: []*Workspace{wTest},
+		}
+
+		ps, err := client.PolicySets.Create(ctx, orgTest.Name, options)
+		require.NoError(t, err)
+
+		assert.Equal(t, ps.Name, *options.Name)
+		assert.Equal(t, ps.PolicyCount, 1)
+		assert.Equal(t, ps.Policies[0].ID, pTest.ID)
+		assert.Equal(t, ps.WorkspaceExclusions[0].ID, wTest.ID)
+		assert.Equal(t, len(ps.WorkspaceExclusions), 1)
+	})
+
 	t.Run("with vcs policy set", func(t *testing.T) {
 		githubIdentifier := os.Getenv("GITHUB_POLICY_SET_IDENTIFIER")
 		if githubIdentifier == "" {
@@ -373,7 +413,7 @@ func TestPolicySetsRead(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with a valid ID", func(t *testing.T) {
@@ -443,7 +483,7 @@ func TestPolicySetsUpdate(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid attributes", func(t *testing.T) {
@@ -491,7 +531,7 @@ func TestPolicySetsAddPolicies(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createPolicy(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with policies provided", func(t *testing.T) {
@@ -546,7 +586,7 @@ func TestPolicySetsRemovePolicies(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createPolicy(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with policies provided", func(t *testing.T) {
@@ -595,7 +635,7 @@ func TestPolicySetsAddWorkspaces(t *testing.T) {
 	defer wTestCleanup1()
 	wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest)
 	defer wTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with workspaces provided", func(t *testing.T) {
@@ -664,7 +704,7 @@ func TestPolicySetsRemoveWorkspaces(t *testing.T) {
 	defer wTestCleanup1()
 	wTest2, wTestCleanup2 := createWorkspace(t, client, orgTest)
 	defer wTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2}, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, []*Workspace{wTest1, wTest2}, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with workspaces provided", func(t *testing.T) {
@@ -728,7 +768,7 @@ func TestPolicySetsAddProjects(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createProject(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with projects provided", func(t *testing.T) {
@@ -798,7 +838,7 @@ func TestPolicySetsRemoveProjects(t *testing.T) {
 	defer pTestCleanup1()
 	pTest2, pTestCleanup2 := createProject(t, client, orgTest)
 	defer pTestCleanup2()
-	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, []*Project{pTest1, pTest2}, "")
+	psTest, psTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, []*Project{pTest1, pTest2}, "")
 	defer psTestCleanup()
 
 	t.Run("with projects provided", func(t *testing.T) {
@@ -857,7 +897,7 @@ func TestPolicySetsDelete(t *testing.T) {
 
 	upgradeOrganizationSubscription(t, client, orgTest)
 
-	psTest, _ := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, _ := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 
 	t.Run("with valid options", func(t *testing.T) {
 		err := client.PolicySets.Delete(ctx, psTest.ID)

diff --git a/policy_set_parameter_integration_test.go b/policy_set_parameter_integration_test.go
@@ -18,7 +18,7 @@ func TestPolicySetParametersList(t *testing.T) {
 	orgTest, orgTestCleanup := createOrganization(t, client)
 	defer orgTestCleanup()
 
-	psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, "")
+	psTest, pTestCleanup := createPolicySet(t, client, orgTest, nil, nil, nil, nil, "")
 	defer pTestCleanup()
 
 	pTest1, pTestCleanup1 := createPolicySetParameter(t, client, psTest)
@@ -65,7 +65,7 @@ func TestPolicySetParametersCreate(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid options", func(t *testing.T) {
@@ -266,7 +266,7 @@ func TestPolicySetParametersDelete(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	pTest, _ := createPolicySetParameter(t, client, psTest)

diff --git a/policy_set_version_integration_test.go b/policy_set_version_integration_test.go
@@ -18,7 +18,7 @@ func TestPolicySetVersionsCreate(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	t.Run("with valid identifier", func(t *testing.T) {
@@ -40,7 +40,7 @@ func TestPolicySetVersionsRead(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
-	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, "")
+	psTest, psTestCleanup := createPolicySet(t, client, nil, nil, nil, nil, nil, "")
 	defer psTestCleanup()
 
 	origPSV, err := client.PolicySetVersions.Create(ctx, psTest.ID)