Remove cloud access policy scope validation (#1049)

julienduchesne · web-flow · commit 080914b6704f · 2023-09-21T08:01:31.000-04:00
* Remove cloud access policy scope validation Closes #1045 It seems like various services can add whatever. This will be more future proof * Fix test * Fix test. API returns ordered
diff --git a/internal/resources/cloud/resource_cloud_access_policy.go b/internal/resources/cloud/resource_cloud_access_policy.go
@@ -192,17 +192,10 @@ func DeleteCloudAccessPolicy(ctx context.Context, d *schema.ResourceData, meta i
 }
 
 func validateCloudAccessPolicyScope(v interface{}, path cty.Path) diag.Diagnostics {
-	_, permission, found := strings.Cut(v.(string), ":")
-	if !found || strings.ContainsRune(permission, ':') {
+	if strings.Count(v.(string), ":") != 1 {
 		return diag.Errorf("invalid scope: %s. Should be in the `service:permission` format", v.(string))
 	}
 
-	// Validate permission
-	switch permission {
-	case "read", "write", "delete":
-	default:
-		return diag.Errorf("invalid scope: %s. Permission should be one of `read`, `write`, `delete`", v.(string))
-	}
 	return nil
 }
 
diff --git a/internal/resources/cloud/resource_cloud_access_policy_token_test.go b/internal/resources/cloud/resource_cloud_access_policy_token_test.go
@@ -30,6 +30,7 @@ func TestResourceAccessPolicyToken_Basic(t *testing.T) {
 		"accesspolicies:read",
 		"accesspolicies:write",
 		"accesspolicies:delete",
+		"datadog:validate",
 	}
 	updatedScopes := []string{
 		"metrics:write",
@@ -50,12 +51,13 @@ func TestResourceAccessPolicyToken_Basic(t *testing.T) {
 
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "name", "initial"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "display_name", "initial"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "5"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "6"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "accesspolicies:delete"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.1", "accesspolicies:read"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.2", "accesspolicies:write"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.3", "logs:write"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.4", "metrics:read"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.3", "datadog:validate"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.4", "logs:write"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.5", "metrics:read"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.#", "1"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.0.type", "org"),
 

Original file line number	Diff line number	Diff line change
`@@ -192,17 +192,10 @@ func DeleteCloudAccessPolicy(ctx context.Context, d *schema.ResourceData, meta i`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`func validateCloudAccessPolicyScope(v interface{}, path cty.Path) diag.Diagnostics {`
`195`		`- _, permission, found := strings.Cut(v.(string), ":")`
`196`		`- if !found \|\| strings.ContainsRune(permission, ':') {`
	`195`	`+ if strings.Count(v.(string), ":") != 1 {`
`197`	`196`	return diag.Errorf("invalid scope: %s. Should be in the `service:permission` format", v.(string))
`198`	`197`	`}`
`199`	`198`
`200`		`- // Validate permission`
`201`		`- switch permission {`
`202`		`- case "read", "write", "delete":`
`203`		`- default:`
`204`		- return diag.Errorf("invalid scope: %s. Permission should be one of `read`, `write`, `delete`", v.(string))
`205`		`- }`
`206`	`199`	`return nil`
`207`	`200`	`}`
`208`	`201`