Merge pull request #1035 from hashicorp/Netra2104/TF-7898-add_excluded_workspace_ids_to_policy_set

Netra2104 · web-flow · commit 01abda0490cb · 2023-09-06T12:38:18.000-04:00
Add excluded_workspace_ids to policy sets data source
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 BUG FIXES:
 * `r/tfe_team_project_access`: Fixes a panic that occurs when the client is configured against an older TFE release, by @sebasslash [1011](https://github.com/hashicorp/terraform-provider-tfe/pull/1011)
 * The provider no longer makes two service discovery requests per provider config, by @brandonc [1034](https://github.com/hashicorp/terraform-provider-tfe/pull/1034)
+* `d/tfe_policy_set`: Add `excluded_workspace_ids` attribute, by @Netra2104 [1035](https://github.com/hashicorp/terraform-provider-tfe/pull/1035)
 
 FEATURES:
 * `d/tfe_organization_membership`: Add `organization_membership_id` attribute, by @laurenolivia [997](https://github.com/hashicorp/terraform-provider-tfe/pull/997)
diff --git a/internal/provider/data_source_policy_set.go b/internal/provider/data_source_policy_set.go
@@ -98,6 +98,12 @@ func dataSourceTFEPolicySet() *schema.Resource {
 				Computed: true,
 			},
 
+			"excluded_workspace_ids": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
+			},
+
 			"project_ids": {
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
@@ -170,6 +176,12 @@ func dataSourceTFEPolicySetRead(d *schema.ResourceData, meta interface{}) error
 				}
 				d.Set("workspace_ids", workspaceIDs)
 
+				var excludedWorkspaceIDs []interface{}
+				for _, excludedWorkspace := range policySet.WorkspaceExclusions {
+					excludedWorkspaceIDs = append(excludedWorkspaceIDs, excludedWorkspace.ID)
+				}
+				d.Set("excluded_workspace_ids", excludedWorkspaceIDs)
+
 				var projectIDs []interface{}
 				if !policySet.Global {
 					for _, project := range policySet.Projects {
diff --git a/internal/provider/data_source_policy_set_test.go b/internal/provider/data_source_policy_set_test.go
@@ -45,6 +45,8 @@ func TestAccTFEPolicySetDataSource_basic(t *testing.T) {
 						"data.tfe_policy_set.bar", "policy_ids.#", "1"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "workspace_ids.#", "1"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_policy_set.bar", "excluded_workspace_ids.#", "1"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "project_ids.#", "1"),
 					resource.TestCheckResourceAttr(
@@ -90,6 +92,8 @@ func TestAccTFEPolicySetDataSourceOPA_basic(t *testing.T) {
 						"data.tfe_policy_set.bar", "overridable", "true"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "workspace_ids.#", "1"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_policy_set.bar", "excluded_workspace_ids.#", "1"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "project_ids.#", "1"),
 					resource.TestCheckResourceAttr(
@@ -149,6 +153,8 @@ func TestAccTFEPolicySetDataSource_vcs(t *testing.T) {
 						"data.tfe_policy_set.bar", "policy_ids.#", "0"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "workspace_ids.#", "0"),
+					resource.TestCheckResourceAttr(
+						"data.tfe_policy_set.bar", "excluded_workspace_ids.#", "0"),
 					resource.TestCheckResourceAttr(
 						"data.tfe_policy_set.bar", "project_ids.#", "0"),
 					resource.TestCheckResourceAttr(
@@ -204,14 +210,18 @@ resource "tfe_policy_set" "foobar" {
   organization = local.organization_name
   policy_ids   = [tfe_sentinel_policy.foo.id]
   workspace_ids = [tfe_workspace.foobar.id]
-  
 }
 
 resource "tfe_project_policy_set" "foobar" {
 	policy_set_id = tfe_policy_set.foobar.id
 	project_id = tfe_project.foobar.id
 }
 
+resource "tfe_workspace_policy_set_exclusion" "foobar" {
+	policy_set_id = tfe_policy_set.foobar.id
+	workspace_id = tfe_workspace.foobar.id
+}
+
 data "tfe_policy_set" "bar" {
   name = tfe_policy_set.foobar.name
   organization = local.organization_name
@@ -248,6 +258,11 @@ resource "tfe_project_policy_set" "foobar" {
 	project_id = tfe_project.foobar.id
 }
 
+resource "tfe_workspace_policy_set_exclusion" "foobar" {
+	policy_set_id = tfe_policy_set.foobar.id
+	workspace_id = tfe_workspace.foobar.id
+}
+
 data "tfe_policy_set" "bar" {
   name = tfe_policy_set.foobar.name
   organization = local.organization_name
diff --git a/website/docs/d/policy_set.html.markdown b/website/docs/d/policy_set.html.markdown
@@ -37,6 +37,7 @@ The following arguments are supported:
 * `kind` - The policy-as-code framework for the policy. Valid values are "sentinel" and "opa".
 * `overridable` - Whether users can override this policy when it fails during a run. Only valid for OPA policies.
 * `workspace_ids` - IDs of the workspaces that use the policy set.
+* `excluded_workspace_ids` - IDs of the workspaces that do not use the policy set.
 * `project_ids` - IDs of the projects that use the policy set.
 * `policy_ids` - IDs of the policies attached to the policy set.
 * `policies_path` - The sub-path within the attached VCS repository when using `vcs_repo`.
