fix(IAM Policy Management): Update check for authorization policy sub…

…ject and add test coverage (#5144) * fix(IAM Policy Management): Update check for authorization policy subject and add test coverage Signed-off-by: Shaun Colley <shaun.colley@ibm.com> * fix(IAM Policy Management): Fixed error message Signed-off-by: Shaun Colley <shaun.colley@ibm.com> * fix(IAM Policy Management): Fixed typo in test Signed-off-by: Shaun Colley <shaun.colley@ibm.com> --------- Signed-off-by: Shaun Colley <shaun.colley@ibm.com>
IBM-Cloud · Mar 4, 2024 · c146be1 · c146be1
1 parent 384312c
commit c146be1
Show file tree

Hide file tree

Showing 5 changed files with 176 additions and 1 deletion.
diff --git a/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go
@@ -544,6 +544,27 @@ func TestAccIBMIAMAccessGroupPolicy_With_Attribute_Based_Condition(t *testing.T)
 	})
 }
 
+func TestAccIBMIAMAccessGroupPolicy_StringMatch_Without_Wildcard(t *testing.T) {
+	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
+	name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMIAMAccessGroupPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIAMAccessGroupStringMatchWithoutWildcard(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_access_group_policy.policy", conf),
+					resource.TestCheckResourceAttr("ibm_iam_access_group.accgrp", "name", name),
+					resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "resource_attributes.#", "2"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckIBMIAMAccessGroupPolicyDestroy(s *terraform.State) error {
 	iamPolicyManagementClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API()
 	if err != nil {
@@ -1291,3 +1312,25 @@ func testAccCheckIBMIAMAccessGroupPolicyUpdateAttributeBasedCondition(name strin
 		}
 	`, name)
 }
+
+func testAccCheckIBMIAMAccessGroupStringMatchWithoutWildcard(name string) string {
+	return fmt.Sprintf(`
+		resource "ibm_iam_access_group" "accgrp" {
+			name = "%s"
+	  	}
+	  
+	  	resource "ibm_iam_access_group_policy" "policy" {
+			access_group_id = ibm_iam_access_group.accgrp.id
+			roles           = ["Viewer"]
+			resource_attributes {
+				name     = "resource"
+				value    = "test"
+				operator = "stringMatch"
+			}
+			resource_attributes {
+				name     = "serviceName"
+				value    = "messagehub"
+			}
+	  	}
+	`, name)
+}
diff --git a/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go b/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go
@@ -362,8 +362,10 @@ func resourceIBMIAMAuthorizationPolicyCreate(d *schema.ResourceData, meta interf
 				var resourceValue bool
 				if value == "true" {
 					resourceValue = true
-				} else {
+				} else if value == "false" {
 					resourceValue = false
+				} else {
+					return fmt.Errorf("[ERROR] When operator equals stringExists, value should be either \"true\" or \"false\", instead of %s", value)
 				}
 				at := iampolicymanagementv1.V2PolicyResourceAttribute{
 					Key:      &name,

diff --git a/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go
@@ -505,6 +505,27 @@ func TestAccIBMIAMServicePolicy_With_Attribute_Based_Condition(t *testing.T) {
 	})
 }
 
+func TestAccIBMIAMServicePolicy_With_Resource_Attributes_Without_Wildcard(t *testing.T) {
+	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
+	name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMIAMServicePolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIAMServicePolicyResourceAttributesWithoutWildcard(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIAMServicePolicyExists("ibm_iam_service_policy.policy", conf),
+					resource.TestCheckResourceAttr("ibm_iam_service_id.serviceID", "name", name),
+					resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "resource_attributes.#", "2"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckIBMIAMServicePolicyDestroy(s *terraform.State) error {
 	rsContClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API()
 	if err != nil {
@@ -1238,3 +1259,25 @@ func testAccCheckIBMIAMServicePolicyUpdateAttributeBasedCondition(name string) s
 		}
 	`, name)
 }
+
+func testAccCheckIBMIAMServicePolicyResourceAttributesWithoutWildcard(name string) string {
+	return fmt.Sprintf(`
+	resource "ibm_iam_service_id" "serviceID" {
+		name = "%s"
+	  }
+  
+	  resource "ibm_iam_service_policy" "policy" {
+		iam_service_id     = ibm_iam_service_id.serviceID.id
+		roles              = ["Viewer"]
+		resource_attributes {
+			name     = "resource"
+			value    = "test"
+			operator = "stringMatch"
+		}
+		resource_attributes {
+			name     = "serviceName"
+			value    = "messagehub"
+		}
+	  }
+	`, name)
+}
diff --git a/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go
@@ -271,6 +271,27 @@ func TestAccIBMIAMTrustedProfilePolicy_With_Resource_Attributes(t *testing.T) {
 	})
 }
 
+func TestAccIBMIAMTrustedProfilePolicy_With_Resource_Attributes_Without_Wildcard(t *testing.T) {
+	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
+	name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMIAMTrustedProfilePolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIAMTrustedProfilePolicyResourceAttributesWithoutWildcard(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIAMTrustedProfilePolicyExists("ibm_iam_trusted_profile_policy.policy", conf),
+					resource.TestCheckResourceAttr("ibm_iam_trusted_profile.profileID", "name", name),
+					resource.TestCheckResourceAttr("ibm_iam_trusted_profile_policy.policy", "resource_attributes.#", "2"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccIBMIAMTrustedProfilePolicy_With_Resource_Tags(t *testing.T) {
 	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
 	name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
@@ -807,6 +828,29 @@ func testAccCheckIBMIAMTrustedProfilePolicyResourceAttributes(name string) strin
 	  }
 	`, name)
 }
+
+func testAccCheckIBMIAMTrustedProfilePolicyResourceAttributesWithoutWildcard(name string) string {
+	return fmt.Sprintf(`
+	resource "ibm_iam_trusted_profile" "profileID" {
+		name = "%s"
+	  }
+  
+	  resource "ibm_iam_trusted_profile_policy" "policy" {
+		profile_id     = ibm_iam_trusted_profile.profileID.id
+		roles              = ["Viewer"]
+		resource_attributes {
+			name     = "resource"
+			value    = "test"
+			operator = "stringMatch"
+		}
+		resource_attributes {
+			name     = "serviceName"
+			value    = "messagehub"
+		}
+	  }
+	`, name)
+}
+
 func testAccCheckIBMIAMTrustedProfilePolicyResourceAttributesUpdate(name string) string {
 	return fmt.Sprintf(`
 	resource "ibm_iam_trusted_profile" "profileID" {

diff --git a/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go
@@ -180,6 +180,7 @@ func TestAccIBMIAMUserPolicy_import(t *testing.T) {
 		},
 	})
 }
+
 func TestAccIBMIAMUserPolicy_With_Resource_Attributes(t *testing.T) {
 	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
 
@@ -206,6 +207,26 @@ func TestAccIBMIAMUserPolicy_With_Resource_Attributes(t *testing.T) {
 	})
 }
 
+func TestAccIBMIAMUserPolicy_With_Resource_Attributes_Without_Wildcard(t *testing.T) {
+	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMIAMServicePolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIAMUserPolicyResourceAttributesWithoutWildcard(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIAMUserPolicyExists("ibm_iam_user_policy.policy", conf),
+					resource.TestCheckResourceAttr("ibm_iam_user_policy.policy", "resource_attributes.#", "2"),
+				),
+			},
+		},
+	})
+}
+
+
 func TestAccIBMIAMUserPolicy_account_management(t *testing.T) {
 	var conf iampolicymanagementv1.V2PolicyTemplateMetaData
 	name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
@@ -806,6 +827,28 @@ func testAccCheckIBMIAMUserPolicyResourceAttributes() string {
 	  
 `, acc.IAMUser)
 }
+
+func testAccCheckIBMIAMUserPolicyResourceAttributesWithoutWildcard() string {
+	return fmt.Sprintf(`
+  
+	  resource "ibm_iam_user_policy" "policy" {
+		ibm_id = "%s"
+		roles  = ["Viewer"]
+		resource_attributes {
+			name     = "resource"
+			value    = "test"
+			operator = "stringMatch"
+		}
+		resource_attributes {
+			name     = "serviceName"
+			value    = "messagehub"
+		}
+	  }
+	  
+`, acc.IAMUser)
+}
+
+
 func testAccCheckIBMIAMUserPolicyResourceAttributesUpdate() string {
 	return fmt.Sprintf(`
 	resource "ibm_iam_user_policy" "policy" {