ci: add more verifications to validate the resource

Author: tembleking

sysdig/resource_sysdig_secure_vulnerability_rule_bundle.go

@@ -20,7 +20,6 @@ func vulnerabilityRuleSchemaImageConfigLabel() *schema.Schema {
 		Type:     schema.TypeSet,
 		Optional: true,
 		MaxItems: 1,
-		MinItems: 1,
 		Elem: &schema.Resource{
 			Schema: map[string]*schema.Schema{
 				"id": {
@@ -93,8 +92,10 @@ func resourceSysdigSecureVulnerabilityRuleBundle() *schema.Resource {
 			},
 
 			"rule": {
-				Type:     schema.TypeList,
-				Required: true,
+				Type:        schema.TypeList,
+				Required:    true,
+				MinItems:    1,
+				Description: "Rules for this bundle",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"image_label": vulnerabilityRuleSchemaImageConfigLabel(),
@@ -307,6 +308,9 @@ func vulnerabilityRulesFromList(list []any) ([]v2.VulnerabilityRule, error) {
 	var out []v2.VulnerabilityRule
 
 	for _, ruleRaw := range list {
+		if ruleRaw == nil {
+			return nil, errors.New("empty rule detected, you need to specify one")
+		}
 		rule, err := vulnerabilityRuleFromMap(ruleRaw.(map[string]any))
 		if err != nil {
 			return nil, err
@@ -381,5 +385,9 @@ func vulnerabilityRuleImageConfigLabelFromMap(ruleBody map[string]any) (v2.Vulne
 		})
 	}
 
+	if len(rule.Predicates) == 0 {
+		return v2.VulnerabilityRule{}, errors.New("no predicate has been specified for image label rule")
+	}
+
 	return rule, nil
 }

sysdig/resource_sysdig_secure_vulnerability_rule_bundle_test.go

@@ -5,6 +5,7 @@ package sysdig_test
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/draios/terraform-provider-sysdig/sysdig"
@@ -26,22 +27,82 @@ func TestAccVulnerabilityRuleBundle(t *testing.T) {
 			"sysdig": func() (*schema.Provider, error) { return sysdig.Provider(), nil },
 		},
 		Steps: []resource.TestStep{
+			{
+				Config:      incorrectVulnerabilityRuleBundleConfig(random()),
+				ExpectError: regexp.MustCompile("empty rule detected, you need to specify one"),
+			},
+			{
+				Config:      incorrectVulnerabilityRuleBundleConfig2(random()),
+				ExpectError: regexp.MustCompile(`No more than 1 "image_label" blocks are allowed`),
+			},
+			{
+				Config:      incorrectVulnerabilityRuleBundleConfig3(random()),
+				ExpectError: regexp.MustCompile(`no predicate has been specified for image label rule`),
+			},
 			{
 				Config: minimalVulnerabilityRuleBundleConfig(random()),
 			},
-			// {
-			// 	ResourceName:      "sysdig_secure_vulnerability_rule_bundle.sample",
-			// 	ImportState:       true,
-			// 	ImportStateVerify: true,
-			// },
+			{
+				Config: fullVulnerabilityRuleBundleConfig(random()),
+			},
+			{
+				ResourceName:      "sysdig_secure_vulnerability_rule_bundle.sample",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
 
+func incorrectVulnerabilityRuleBundleConfig(suffix string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_vulnerability_rule_bundle" "sample" {
+  name    = "TERRAFORM TEST %s"
+  rule {}
+}
+`, suffix)
+}
+
+func incorrectVulnerabilityRuleBundleConfig2(suffix string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_vulnerability_rule_bundle" "sample" {
+  name    = "TERRAFORM TEST %s"
+  rule {
+  	image_label {}
+  	image_label {}
+  }
+}
+`, suffix)
+}
+
+func incorrectVulnerabilityRuleBundleConfig3(suffix string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_vulnerability_rule_bundle" "sample" {
+  name    = "TERRAFORM TEST %s"
+  rule {
+  	image_label {}
+  }
+}
+`, suffix)
+}
+
 func minimalVulnerabilityRuleBundleConfig(suffix string) string {
 	return fmt.Sprintf(`
 resource "sysdig_secure_vulnerability_rule_bundle" "sample" {
   name    = "TERRAFORM TEST %s"
+  rule {
+  	image_label {
+  		label_must_exist = "required-label"
+  	}
+  }
+}
+`, suffix)
+}
+
+func fullVulnerabilityRuleBundleConfig(suffix string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_vulnerability_rule_bundle" "sample" {
+  name    = "TERRAFORM TEST %s"
 
   rule {
   	image_label {