1package tfe 2 3import ( 4 "context" 5 "io/ioutil" 6 "testing" 7 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10) 11 12func TestPolicyChecksList(t *testing.T) { 13 client := testClient(t) 14 ctx := context.Background() 15 16 orgTest, orgTestCleanup := createOrganization(t, client) 17 defer orgTestCleanup() 18 19 pTest1, _ := createUploadedPolicy(t, client, true, orgTest) 20 pTest2, _ := createUploadedPolicy(t, client, true, orgTest) 21 wTest, _ := createWorkspace(t, client, orgTest) 22 createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}) 23 24 rTest, _ := createPlannedRun(t, client, wTest) 25 26 t.Run("without list options", func(t *testing.T) { 27 pcl, err := client.PolicyChecks.List(ctx, rTest.ID, PolicyCheckListOptions{}) 28 require.NoError(t, err) 29 require.Equal(t, 1, len(pcl.Items)) 30 31 t.Run("pagination is properly decoded", func(t *testing.T) { 32 t.Skip("paging not supported yet in API") 33 assert.Equal(t, 1, pcl.CurrentPage) 34 assert.Equal(t, 1, pcl.TotalCount) 35 }) 36 37 t.Run("permissions are properly decoded", func(t *testing.T) { 38 assert.NotEmpty(t, pcl.Items[0].Permissions) 39 }) 40 41 t.Run("result is properly decoded", func(t *testing.T) { 42 require.NotEmpty(t, pcl.Items[0].Result) 43 assert.Equal(t, 2, pcl.Items[0].Result.Passed) 44 }) 45 46 t.Run("timestamps are properly decoded", func(t *testing.T) { 47 assert.NotEmpty(t, pcl.Items[0].StatusTimestamps) 48 }) 49 }) 50 51 t.Run("with list options", func(t *testing.T) { 52 t.Skip("paging not supported yet in API") 53 // Request a page number which is out of range. The result should 54 // be successful, but return no results if the paging options are 55 // properly passed along. 56 pcl, err := client.PolicyChecks.List(ctx, rTest.ID, PolicyCheckListOptions{ 57 ListOptions: ListOptions{ 58 PageNumber: 999, 59 PageSize: 100, 60 }, 61 }) 62 require.NoError(t, err) 63 assert.Empty(t, pcl.Items) 64 assert.Equal(t, 999, pcl.CurrentPage) 65 assert.Equal(t, 1, pcl.TotalCount) 66 }) 67 68 t.Run("without a valid run ID", func(t *testing.T) { 69 pcl, err := client.PolicyChecks.List(ctx, badIdentifier, PolicyCheckListOptions{}) 70 assert.Nil(t, pcl) 71 assert.EqualError(t, err, "invalid value for run ID") 72 }) 73} 74 75func TestPolicyChecksRead(t *testing.T) { 76 client := testClient(t) 77 ctx := context.Background() 78 79 orgTest, orgTestCleanup := createOrganization(t, client) 80 defer orgTestCleanup() 81 82 pTest, _ := createUploadedPolicy(t, client, true, orgTest) 83 wTest, _ := createWorkspace(t, client, orgTest) 84 createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) 85 86 rTest, _ := createPlannedRun(t, client, wTest) 87 require.Equal(t, 1, len(rTest.PolicyChecks)) 88 89 t.Run("when the policy check exists", func(t *testing.T) { 90 pc, err := client.PolicyChecks.Read(ctx, rTest.PolicyChecks[0].ID) 91 require.NoError(t, err) 92 93 t.Run("result is properly decoded", func(t *testing.T) { 94 require.NotEmpty(t, pc.Result) 95 assert.NotEmpty(t, pc.Permissions) 96 assert.Equal(t, PolicyScopeOrganization, pc.Scope) 97 assert.Equal(t, PolicyPasses, pc.Status) 98 assert.NotEmpty(t, pc.StatusTimestamps) 99 assert.Equal(t, 1, pc.Result.Passed) 100 assert.NotEmpty(t, pc.Run) 101 }) 102 }) 103 104 t.Run("when the policy check does not exist", func(t *testing.T) { 105 pc, err := client.PolicyChecks.Read(ctx, "nonexisting") 106 assert.Nil(t, pc) 107 assert.Equal(t, ErrResourceNotFound, err) 108 }) 109 110 t.Run("without a valid policy check ID", func(t *testing.T) { 111 pc, err := client.PolicyChecks.Read(ctx, badIdentifier) 112 assert.Nil(t, pc) 113 assert.EqualError(t, err, "invalid value for policy check ID") 114 }) 115} 116 117func TestPolicyChecksOverride(t *testing.T) { 118 client := testClient(t) 119 ctx := context.Background() 120 121 orgTest, orgTestCleanup := createOrganization(t, client) 122 defer orgTestCleanup() 123 124 t.Run("when the policy failed", func(t *testing.T) { 125 pTest, pTestCleanup := createUploadedPolicy(t, client, false, orgTest) 126 defer pTestCleanup() 127 128 wTest, _ := createWorkspace(t, client, orgTest) 129 createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) 130 rTest, _ := createPlannedRun(t, client, wTest) 131 132 pcl, err := client.PolicyChecks.List(ctx, rTest.ID, PolicyCheckListOptions{}) 133 require.NoError(t, err) 134 require.Equal(t, 1, len(pcl.Items)) 135 require.Equal(t, PolicySoftFailed, pcl.Items[0].Status) 136 137 pc, err := client.PolicyChecks.Override(ctx, pcl.Items[0].ID) 138 require.NoError(t, err) 139 140 assert.NotEmpty(t, pc.Result) 141 assert.Equal(t, PolicyOverridden, pc.Status) 142 }) 143 144 t.Run("when the policy passed", func(t *testing.T) { 145 pTest, pTestCleanup := createUploadedPolicy(t, client, true, orgTest) 146 defer pTestCleanup() 147 148 wTest, _ := createWorkspace(t, client, orgTest) 149 createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) 150 rTest, _ := createPlannedRun(t, client, wTest) 151 152 pcl, err := client.PolicyChecks.List(ctx, rTest.ID, PolicyCheckListOptions{}) 153 require.NoError(t, err) 154 require.Equal(t, 1, len(pcl.Items)) 155 require.Equal(t, PolicyPasses, pcl.Items[0].Status) 156 157 _, err = client.PolicyChecks.Override(ctx, pcl.Items[0].ID) 158 assert.Error(t, err) 159 }) 160 161 t.Run("without a valid policy check ID", func(t *testing.T) { 162 p, err := client.PolicyChecks.Override(ctx, badIdentifier) 163 assert.Nil(t, p) 164 assert.EqualError(t, err, "invalid value for policy check ID") 165 }) 166} 167 168func TestPolicyChecksLogs(t *testing.T) { 169 client := testClient(t) 170 ctx := context.Background() 171 172 orgTest, orgTestCleanup := createOrganization(t, client) 173 defer orgTestCleanup() 174 175 pTest, _ := createUploadedPolicy(t, client, true, orgTest) 176 wTest, _ := createWorkspace(t, client, orgTest) 177 createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}) 178 179 rTest, _ := createPlannedRun(t, client, wTest) 180 require.Equal(t, 1, len(rTest.PolicyChecks)) 181 182 t.Run("when the log exists", func(t *testing.T) { 183 pc, err := client.PolicyChecks.Read(ctx, rTest.PolicyChecks[0].ID) 184 require.NoError(t, err) 185 186 logReader, err := client.PolicyChecks.Logs(ctx, pc.ID) 187 require.NoError(t, err) 188 189 logs, err := ioutil.ReadAll(logReader) 190 require.NoError(t, err) 191 192 assert.Contains(t, string(logs), "1 policies evaluated") 193 }) 194 195 t.Run("when the log does not exist", func(t *testing.T) { 196 logs, err := client.PolicyChecks.Logs(ctx, "nonexisting") 197 assert.Nil(t, logs) 198 assert.Error(t, err) 199 }) 200} 201