add ValidateFunc to resourceTFEPolicySet to catch syntax errors at tf plan time #168
Conversation
ghost
added
the
tfe/resource_tfe_policy_set.go
Outdated
| @@ -22,6 +23,17 @@ func resourceTFEPolicySet() *schema.Resource { | |||
| "name": { | |||
| Type: schema.TypeString, | |||
| Required: true, | |||
| ValidateFunc: func(v interface{}, k string) (ws []string, errs []error) { | |||
| value := v.(string) | |||
| matched, err := regexp.Match(`^[A-Za-z\d-_]+$`, []byte(value)) | |||
There was a problem hiding this comment.
As described here https://www.terraform.io/docs/cloud/api/policy-sets.html
There was a problem hiding this comment.
Thanks for submitting this PR. Having reviewed the contents I was wondering if any consideration was given to using one of the validators that are available in the validation package?
I think the use of the StringMatch validator will simplify things a great deal. As an example:
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[\w\.\-]+$`), "The name of the policy set. Can only include letters, numbers, -, and _."),
},
There was a problem hiding this comment.
Yup, makes sense. I'll adjust. Thanks
There was a problem hiding this comment.
Updated the validation function to the native validation call and updated the test to match the new error message
There was a problem hiding this comment.
Tests still show passing
$ TESTARGS="-run TestAccTFEPolicySet_invalidname" make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run TestAccTFEPolicySet_invalidname -timeout 15m
? github.com/terraform-providers/terraform-provider-tfe [no test files]
=== RUN TestAccTFEPolicySet_invalidname
--- PASS: TestAccTFEPolicySet_invalidname (0.01s)
PASS
ok github.com/terraform-providers/terraform-provider-tfe/tfe (cached)
? github.com/terraform-providers/terraform-provider-tfe/version [no test files]
tfe/resource_tfe_policy_set.go
Outdated
| @@ -22,6 +23,17 @@ func resourceTFEPolicySet() *schema.Resource { | |||
| "name": { | |||
| Type: schema.TypeString, | |||
| Required: true, | |||
| ValidateFunc: func(v interface{}, k string) (ws []string, errs []error) { | |||
| value := v.(string) | |||
| matched, err := regexp.Match(`^[A-Za-z\d-_]+$`, []byte(value)) | |||
There was a problem hiding this comment.
Thanks for submitting this PR. Having reviewed the contents I was wondering if any consideration was given to using one of the validators that are available in the validation package?
I think the use of the StringMatch validator will simplify things a great deal. As an example:
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[\w\.\-]+$`), "The name of the policy set. Can only include letters, numbers, -, and _."),
},
…atch and update tests to match new error message
There was a problem hiding this comment.
Hi there. This is a great idea! Thank you for opening up a PR to add this.
Overall this looks good. I requested some small changes to make sure the regexp you've added matches exactly what the API expects and to make your changes consistent with the rest of the repo.
Once these changes are made, please tag @hcrhall and myself so we can run this through our internal CI and get it merged and released :]
I'm also happy to make these changes myself by opening up a branch containing your changes and my requested changes. Just let me know what works best for you!
tfe/resource_tfe_policy_set.go
Outdated
| Required: true, | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[\w\.\-]+$`), "The name of the policy set. Can only include letters, numbers, -, and _."), |
There was a problem hiding this comment.
This regex allows ., which isn't allowed in policy set names. The regexp in my suggestion below will match exactly what the API accepts.
I think it would be good to adjust the error message we return here as well, so it is consistent with other error messages. This should result in an error message that look something like this:
"invalid value for name (can only include letters, numbers, -, and _.)"
| ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[\w\.\-]+$`), "The name of the policy set. Can only include letters, numbers, -, and _."), | |
| ValidateFunc: validation.StringMatch(regexp.MustCompile(`\A[\w\_\-]+\z`), "can only include letters, numbers, -, and _."), |
tfe/resource_tfe_policy_set_test.go
Outdated
| func TestAccTFEPolicySet_invalidname(t *testing.T) { | ||
| resource.Test(t, resource.TestCase{ | ||
| PreCheck: func() { testAccPreCheck(t) }, | ||
| Providers: testAccProviders, | ||
| CheckDestroy: testAccCheckTFEPolicySetDestroy, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccTFEPolicySet_invalidname, | ||
| ExpectError: regexp.MustCompile(`The name of the policy set. Can only include letters, numbers, -, and _.`), | ||
| }, | ||
| }, | ||
| }) | ||
| } |
There was a problem hiding this comment.
There would need to be a change here as well, to make sure this lines up with my suggestions above.
This test should also be moved above the import test TestAccTFEPolicySetImport on line 295.
| func TestAccTFEPolicySet_invalidname(t *testing.T) { | |
| resource.Test(t, resource.TestCase{ | |
| PreCheck: func() { testAccPreCheck(t) }, | |
| Providers: testAccProviders, | |
| CheckDestroy: testAccCheckTFEPolicySetDestroy, | |
| Steps: []resource.TestStep{ | |
| { | |
| Config: testAccTFEPolicySet_invalidname, | |
| ExpectError: regexp.MustCompile(`The name of the policy set. Can only include letters, numbers, -, and _.`), | |
| }, | |
| }, | |
| }) | |
| } | |
| func TestAccTFEPolicySet_invalidName(t *testing.T) { | |
| resource.Test(t, resource.TestCase{ | |
| PreCheck: func() { testAccPreCheck(t) }, | |
| Providers: testAccProviders, | |
| CheckDestroy: testAccCheckTFEPolicySetDestroy, | |
| Steps: []resource.TestStep{ | |
| { | |
| Config: testAccTFEPolicySet_invalidName, | |
| ExpectError: regexp.MustCompile(`can only include letters, numbers, -, and _.`), | |
| }, | |
| }, | |
| }) | |
| } |
tfe/resource_tfe_policy_set_test.go
Outdated
| const testAccTFEPolicySet_invalidname = ` | ||
| resource "tfe_organization" "foobar" { | ||
| name = "tst-terraform" | ||
| email = "admin@company.com" | ||
| } | ||
|
|
||
| resource "tfe_sentinel_policy" "foo" { | ||
| name = "policy-foo" | ||
| policy = "main = rule { true }" | ||
| organization = "${tfe_organization.foobar.id}" | ||
| } | ||
|
|
||
| resource "tfe_policy_set" "foobar" { | ||
| name = "not the right format" | ||
| description = "Policy Set" | ||
| organization = "${tfe_organization.foobar.id}" | ||
| policy_ids = ["${tfe_sentinel_policy.foo.id}"] | ||
| }` |
There was a problem hiding this comment.
Small change here as well, for consistency.
| const testAccTFEPolicySet_invalidname = ` | |
| resource "tfe_organization" "foobar" { | |
| name = "tst-terraform" | |
| email = "admin@company.com" | |
| } | |
| resource "tfe_sentinel_policy" "foo" { | |
| name = "policy-foo" | |
| policy = "main = rule { true }" | |
| organization = "${tfe_organization.foobar.id}" | |
| } | |
| resource "tfe_policy_set" "foobar" { | |
| name = "not the right format" | |
| description = "Policy Set" | |
| organization = "${tfe_organization.foobar.id}" | |
| policy_ids = ["${tfe_sentinel_policy.foo.id}"] | |
| }` | |
| const testAccTFEPolicySet_invalidName = ` | |
| resource "tfe_organization" "foobar" { | |
| name = "tst-terraform" | |
| email = "admin@company.com" | |
| } | |
| resource "tfe_sentinel_policy" "foo" { | |
| name = "policy-foo" | |
| policy = "main = rule { true }" | |
| organization = "${tfe_organization.foobar.id}" | |
| } | |
| resource "tfe_policy_set" "foobar" { | |
| name = "not the right format" | |
| description = "Policy Set" | |
| organization = "${tfe_organization.foobar.id}" | |
| policy_ids = ["${tfe_sentinel_policy.foo.id}"] | |
| }` |
|
Thanks for the detailed review @lafentres . Changes implemented. cc @hcrhall Tests pass |
|
Thanks @mathyourlife-fitbit! I've started the process of getting this through CI in #205 and will be working on getting this ready for merge this week. |
|
@mathyourlife-fitbit this has been released! It is available now as part of 0.21.0 |
|
thanks for you help @lafentres @hcrhall 🥇 |
Description
When using terraform, it can be frustrating to have a plan complete successfully as part of PR validation processes, only to have it fail after merged and attempting to apply. In this case, using a
namefortfe_policy_setthat includes a space would pass PR validation but throw an error on apply as the name should only contain letters, numbers, dash, and underscore as specified in the UI.Testing plan
Output from acceptance tests
Apologies for only running a targeted test here instead of a full suite, but I do not yet have a full acceptance test environment setup.