More robust policy test

* remove compartment resource dependency
* merge data source scenario test into main scenario test

Author: ccushing

oci/identity_policies_data_source_test.go

@@ -15,30 +15,26 @@ import (
 
 type ResourceIdentityPolicyTestSuite struct {
 	suite.Suite
-	Providers    map[string]terraform.ResourceProvider
-	Config       string
-	ResourceName string
-	Token        string
-	TokenFn      func(string, map[string]string) string
+	Providers      map[string]terraform.ResourceProvider
+	Config         string
+	ResourceName   string
+	DataSourceName string
+	Token          string
+	TokenFn        func(string, map[string]string) string
 }
 
 func (s *ResourceIdentityPolicyTestSuite) SetupTest() {
 	s.Token, s.TokenFn = tokenize()
 	s.Providers = testAccProviders
 	testAccPreCheck(s.T())
 	s.Config = legacyTestProviderConfig() + s.TokenFn(`
-	resource "oci_identity_compartment" "t" {
-		name = "-tf-compartment"
-		description = "tf test compartment"
-		compartment_id = "${var.tenancy_ocid}"
-	}
-	
 	resource "oci_identity_group" "t" {
 		name = "{{.token}}"
 		description = "automated test group"
 		compartment_id = "${var.tenancy_ocid}"
 	}`, nil)
 	s.ResourceName = "oci_identity_policy.p"
+	s.DataSourceName = "data.oci_identity_policies.p"
 }
 
 func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_basic() {
@@ -50,11 +46,11 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_basic()
 			{
 				Config: s.Config + s.TokenFn(`
 				resource "oci_identity_policy" "p" {
-					compartment_id = "${oci_identity_compartment.t.id}"
+					compartment_id = "${var.tenancy_ocid}"
 					name = "p1-{{.token}}"
 					description = "automated test policy"
 					version_date = "2018-04-17"
-					statements = ["Allow group ${oci_identity_group.t.name} to read instances in compartment ${oci_identity_compartment.t.name}"]
+					statements = ["Allow group ${oci_identity_group.t.name} to read instances in tenancy"]
 				}`, nil),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrSet(s.ResourceName, "id"),
@@ -79,17 +75,17 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_basic()
 			{
 				Config: s.Config + s.TokenFn(`
 				resource "oci_identity_policy" "p" {
-					compartment_id = "${oci_identity_compartment.t.id}"
-					name = "p2-{{.token}}"
+					compartment_id = "${var.tenancy_ocid}"
+					name = "{{.token}}"
 					description = "automated test policy (updated)"
 					version_date = "2018-04-18"
 					statements = [
-						"Allow group ${oci_identity_group.t.name} to inspect instances in compartment ${oci_identity_compartment.t.name}",
-						"Allow group ${oci_identity_group.t.name} to read instances in compartment ${oci_identity_compartment.t.name}"
+						"Allow group ${oci_identity_group.t.name} to inspect instances in tenancy",
+						"Allow group ${oci_identity_group.t.name} to read instances in tenancy"
 					]
 				}`, nil),
 				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr(s.ResourceName, "name", "p2-"+s.Token),
+					resource.TestCheckResourceAttr(s.ResourceName, "name", s.Token),
 					resource.TestCheckResourceAttr(s.ResourceName, "description", "automated test policy (updated)"),
 					resource.TestCheckResourceAttr(s.ResourceName, "version_date", "2018-04-18"),
 					resource.TestCheckResourceAttr(s.ResourceName, "statements.#", "2"),
@@ -102,6 +98,39 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_basic()
 					},
 				),
 			},
+			// verify data source, + filtering against array of items
+			{
+				Config: s.Config + s.TokenFn(`
+				resource "oci_identity_policy" "p" {
+					compartment_id = "${var.tenancy_ocid}"
+					name = "{{.token}}"
+					description = "automated test policy (updated)"
+					version_date = "2018-04-18"
+					statements = [
+						"Allow group ${oci_identity_group.t.name} to inspect instances in tenancy",
+						"Allow group ${oci_identity_group.t.name} to read instances in tenancy"
+					]
+				}
+				data "oci_identity_policies" "p" {
+					compartment_id = "${var.tenancy_ocid}"
+					filter {
+						name   = "statements"
+						values = ["Allow group ${oci_identity_group.t.name} to inspect instances in tenancy"]
+					}
+				}`, nil),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.#", "1"),
+					resource.TestCheckResourceAttrSet(s.DataSourceName, "policies.0.id"),
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.0.name", s.Token),
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.0.description", "automated test policy (updated)"),
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.0.state", string(identity.PolicyLifecycleStateActive)),
+					// TODO: This field is not being returned by the service call but is still showing up in the datasource
+					// resource.TestCheckNoResourceAttr(s.ResourceName, "policies.0.inactive_state"),
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.0.statements.#", "2"),
+					resource.TestCheckResourceAttrSet(s.DataSourceName, "policies.0.time_created"),
+					resource.TestCheckResourceAttr(s.DataSourceName, "policies.0.version_date", "2018-04-18"),
+				),
+			},
 		},
 	},
 	)
@@ -115,14 +144,14 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_emptySta
 			{
 				Config: s.Config + s.TokenFn(`
 				resource "oci_identity_policy" "p" {
-					compartment_id = "${oci_identity_compartment.t.id}"
+					compartment_id = "${var.tenancy_ocid}"
 					name = "p1-{{.token}}"
 					description = "automated test policy"
 					version_date = "2018-04-17"
 					statements = [
-"Allow group ${oci_identity_group.t.name} to inspect instances in compartment ${oci_identity_compartment.t.name}",
+"Allow group ${oci_identity_group.t.name} to inspect instances in tenancy",
 "",
-"Allow group ${oci_identity_group.t.name} to inspect instances in compartment ${oci_identity_compartment.t.name}"]
+"Allow group ${oci_identity_group.t.name} to inspect instances in tenancy"]
 				}`, nil),
 				ExpectError: regexp.MustCompile("Service error:InvalidParameter"),
 			},
@@ -140,15 +169,15 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_formatti
 			{
 				Config: s.Config + s.TokenFn(`
 				resource "oci_identity_policy" "p" {
-					compartment_id = "${oci_identity_compartment.t.id}"
+					compartment_id = "${var.tenancy_ocid}"
 					name = "{{.token}}"
 					description = "automated test policy"
-					statements = ["Allow group ${oci_identity_group.t.name} to read instances in >> compartment ${oci_identity_compartment.t.name}"]
+					statements = ["Allow group ${oci_identity_group.t.name} to read instances in >> tenancy"]
 				}`, nil),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					// policy statements may or may not have invalid characters stripped (">>" above), accommodate this uncertainty as specifically as possible
 					resource.TestMatchResourceAttr(s.ResourceName, "statements.0",
-						regexp.MustCompile(`Allow group `+s.Token+` to read instances in (>> )?compartment.+`)),
+						regexp.MustCompile(`Allow group `+s.Token+` to read instances in (>> )?tenancy`)),
 					func(s *terraform.State) (err error) {
 						if policyHash, err = fromInstanceState(s, "oci_identity_policy.p", "policyHash"); err == nil {
 							lastUpdateETag, err = fromInstanceState(s, "oci_identity_policy.p", "lastUpdateETag")
@@ -161,10 +190,10 @@ func (s *ResourceIdentityPolicyTestSuite) TestAccResourceIdentityPolicy_formatti
 			{
 				Config: s.Config + s.TokenFn(`
 				resource "oci_identity_policy" "p" {
-					compartment_id = "${oci_identity_compartment.t.id}"
+					compartment_id = "${var.tenancy_ocid}"
 					name = "{{.token}}"
 					description = "automated test policy"
-					statements = ["Allow group ${oci_identity_group.t.name} to read instances in >> compartment ${oci_identity_compartment.t.name}"]
+					statements = ["Allow group ${oci_identity_group.t.name} to read instances in >> tenancy"]
 				}`, nil),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					func(s *terraform.State) (err error) {

oci/identity_policy_resource_test.go renamed to oci/identity_policy_scenario_test.go

@@ -31,26 +31,13 @@ var (
 		"compartment_id": Representation{repType: Required, create: `${var.tenancy_ocid}`},
 		"description":    Representation{repType: Required, create: `Policy for users who need to launch instances, attach volumes, manage images`, update: `description2`},
 		"name":           Representation{repType: Required, create: `LaunchInstances`},
-		"statements":     Representation{repType: Required, create: []string{`Allow group ${oci_identity_group.t.name} to read instances in compartment ${oci_identity_compartment.t.name}`}},
+		"statements":     Representation{repType: Required, create: []string{`Allow group Administrators to read instances in tenancy`}},
 		"defined_tags":   Representation{repType: Optional, create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
 		"freeform_tags":  Representation{repType: Optional, create: map[string]string{"Department": "Finance"}, update: map[string]string{"Department": "Accounting"}},
 		"version_date":   Representation{repType: Optional, create: ``, update: `2018-01-01`},
 	}
 
-	PolicyResourceDependencies = DefinedTagsDependencies + `
-resource "oci_identity_compartment" "t" {
-	name = "Network"
-	description = "For network components"
-	compartment_id = "${var.tenancy_ocid}"
-}
-
-resource "oci_identity_group" "t" {
-	#Required
-	compartment_id = "${var.tenancy_ocid}"
-	description = "group for policy test"
-	name = "GroupName"
-}
-`
+	PolicyResourceDependencies = DefinedTagsDependencies
 )
 
 func TestIdentityPolicyResource_basic(t *testing.T) {