add test file for policies_list

Author: QuentinGuillard

datadog/fwprovider/resource_datadog_csm_threats_multi_policies.go

@@ -60,11 +60,11 @@ func (r *csmThreatsPoliciesListResource) Schema(_ context.Context, _ resource.Sc
 		},
 		Blocks: map[string]schema.Block{
 			"entries": schema.SetNestedBlock{
-				Description: "A set of policies that belong to this list/batch. All non-listed policies get deleted.",
+				Description: "A set of policies that belong to this list. Only one policies_list resource can be defined in Terraform, containing all unique policies. All non-listed policies get deleted.",
 				NestedObject: schema.NestedBlockObject{
 					Attributes: map[string]schema.Attribute{
 						"policy_id": schema.StringAttribute{
-							Description: "The ID of the policy to manage (from `csm_threats_policy`).",
+							Description: "The ID of the policy to manage (from csm_threats_policy).",
 							Required:    true,
 						},
 						"priority": schema.Int64Attribute{

datadog/tests/provider_test.go

@@ -115,6 +115,7 @@ var testFiles2EndpointTags = map[string]string{
 	"tests/resource_datadog_csm_threats_agent_rule_test":                     "cloud-workload-security",
 	"tests/resource_datadog_csm_threats_multi_policy_agent_rule_test":        "cloud-workload-security",
 	"tests/resource_datadog_csm_threats_policy_test":                         "cloud-workload-security",
+	"tests/resource_datadog_csm_threats_policies_list_test":                  "cloud-workload-security",
 	"tests/resource_datadog_dashboard_alert_graph_test":                      "dashboards",
 	"tests/resource_datadog_dashboard_alert_value_test":                      "dashboards",
 	"tests/resource_datadog_dashboard_change_test":                           "dashboards",

datadog/tests/resource_datadog_csm_threats_policies_list_test.go

@@ -0,0 +1,155 @@
+package test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+
+	"github.com/terraform-providers/terraform-provider-datadog/datadog/fwprovider"
+)
+
+// Create a policies_list and update the name and priority of its policy
+func TestAccCSMThreatsPoliciesList_CreateAndUpdate(t *testing.T) {
+	_, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
+
+	resourceName := "datadog_csm_threats_policies_list.all"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV5ProviderFactories: accProviders,
+		CheckDestroy:             testAccCheckCSMThreatsPoliciesListDestroy(providers.frameworkProvider),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCSMThreatsPoliciesListConfigBasic(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCSMThreatsPoliciesListExists(providers.frameworkProvider, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "entries.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "entries.0.name", "TERRAFORM_POLICY1"),
+					resource.TestCheckResourceAttr(resourceName, "entries.0.priority", "2"),
+					resource.TestCheckResourceAttr(resourceName, "entries.1.name", "TERRAFORM_POLICY2"),
+					resource.TestCheckResourceAttr(resourceName, "entries.1.priority", "3"),
+				),
+			},
+			{
+				Config: testAccCSMThreatsPoliciesListConfigUpdate(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCSMThreatsPoliciesListExists(providers.frameworkProvider, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "entries.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "entries.0.name", "TERRAFORM_POLICY1"),
+					resource.TestCheckResourceAttr(resourceName, "entries.0.priority", "2"),
+					resource.TestCheckResourceAttr(resourceName, "entries.1.name", "TERRAFORM_POLICY2 UPDATED"),
+					resource.TestCheckResourceAttr(resourceName, "entries.1.priority", "5"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCSMThreatsPoliciesListExists(accProvider *fwprovider.FrameworkProvider, resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("resource '%s' not found in state", resourceName)
+		}
+		if rs.Type != "datadog_csm_threats_policies_list" {
+			return fmt.Errorf(
+				"resource %s is not a datadog_csm_threats_policies_list, got: %s",
+				resourceName,
+				rs.Type,
+			)
+		}
+
+		if rs.Primary.ID != "policies_list" {
+			return fmt.Errorf("expected resource ID to be 'policies_list', got %s", rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckCSMThreatsPoliciesListDestroy(accProvider *fwprovider.FrameworkProvider) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		apiInstances := accProvider.DatadogApiInstances
+		auth := accProvider.Auth
+
+		for _, r := range s.RootModule().Resources {
+			if r.Type != "datadog_csm_threats_policies_list" {
+				continue
+			}
+
+			resp, httpResponse, err := apiInstances.GetCSMThreatsApiV2().ListCSMThreatsAgentPolicies(auth)
+			if err != nil {
+				if httpResponse != nil && httpResponse.StatusCode == 404 {
+					return nil
+				}
+				return fmt.Errorf("Received an error while listing the policies: %s", err)
+			}
+
+			if len(resp.GetData()) > 1 { // CWS_DD is always present
+				return fmt.Errorf("Policies list not empty, some policies are still present")
+			}
+		}
+		return nil
+	}
+}
+
+func testAccCSMThreatsPoliciesListConfigBasic() string {
+	return `
+		resource "datadog_csm_threats_policy" "policy1" {
+			description = "created with terraform"
+			enabled     = false
+			tags        = []
+		}
+
+		resource "datadog_csm_threats_policy" "policy2" {
+			description = "created with terraform 2"
+			enabled     = true
+			tags        = ["env:staging"]
+		}
+
+		resource "datadog_csm_threats_policies_list" "all" {
+			entries {
+				policy_id = datadog_csm_threats_policy.policy1.id
+				name      = "TERRAFORM_POLICY1"
+				priority  = 2
+			}
+			entries {
+				policy_id = datadog_csm_threats_policy.policy2.id
+				name      = "TERRAFORM_POLICY2"
+				priority  = 3
+			}
+		}
+	`
+}
+
+func testAccCSMThreatsPoliciesListConfigUpdate() string {
+	return `
+		resource "datadog_csm_threats_policy" "policy1" {
+			description = "created with terraform"
+			enabled     = false
+			tags        = []
+		}
+
+		resource "datadog_csm_threats_policy" "policy2" {
+			description = "created with terraform 2"
+			enabled     = true
+			tags        = ["env:staging"]
+		}
+
+		resource "datadog_csm_threats_policies_list" "all" {
+			entries {
+				policy_id = datadog_csm_threats_policy.policy1.id
+				name      = "TERRAFORM_POLICY1"
+				priority  = 2
+			}
+			entries {
+				policy_id = datadog_csm_threats_policy.policy2.id
+				name      = "TERRAFORM_POLICY2 UPDATED"
+				priority  = 5
+			}
+		}
+	`
+}

datadog/tests/resource_datadog_csm_threats_policy_test.go

@@ -14,9 +14,8 @@ import (
 
 // Create an agent policy and update its description
 func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
-	ctx, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
+	_, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
 
-	policyName := uniqueAgentRuleName(ctx)
 	resourceName := "datadog_csm_threats_policy.policy_test"
 	tags := []string{"host_name:test_host"}
 	resource.Test(t, resource.TestCase{
@@ -25,39 +24,35 @@ func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
 		CheckDestroy:             testAccCheckCSMThreatsPolicyDestroy(providers.frameworkProvider),
 		Steps: []resource.TestStep{
 			{
-				Config: fmt.Sprintf(`
+				Config: `
 				resource "datadog_csm_threats_policy" "policy_test" {
-					name              = "%s"
 					enabled           = true
 					description       = "im a policy"
 					tags              = ["host_name:test_host"]
 				}
-				`, policyName),
+				`,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCSMThreatsPolicyExists(providers.frameworkProvider, "datadog_csm_threats_policy.policy_test"),
 					checkCSMThreatsPolicyContent(
 						resourceName,
-						policyName,
 						"im a policy",
 						tags,
 					),
 				),
 			},
 			// Update description
 			{
-				Config: fmt.Sprintf(`
+				Config: `
 				resource "datadog_csm_threats_policy" "policy_test" {
-					name              = "%s"
 					enabled           = true
 					description       = "updated policy for terraform provider test"
 					tags              = ["host_name:test_host"]
 				}
-				`, policyName),
+				`,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCSMThreatsPolicyExists(providers.frameworkProvider, resourceName),
 					checkCSMThreatsPolicyContent(
 						resourceName,
-						policyName,
 						"updated policy for terraform provider test",
 						tags,
 					),
@@ -67,9 +62,9 @@ func TestAccCSMThreatsPolicy_CreateAndUpdate(t *testing.T) {
 	})
 }
 
-func checkCSMThreatsPolicyContent(resourceName string, name string, description string, tags []string) resource.TestCheckFunc {
+func checkCSMThreatsPolicyContent(resourceName string, description string, tags []string) resource.TestCheckFunc {
 	return resource.ComposeTestCheckFunc(
-		resource.TestCheckResourceAttr(resourceName, "name", name),
+		resource.TestCheckResourceAttrSet(resourceName, "name"),
 		resource.TestCheckResourceAttr(resourceName, "description", description),
 		resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
 		resource.TestCheckResourceAttr(resourceName, "tags.0", tags[0]),

docs/resources/csm_threats_policies_list.md

@@ -17,7 +17,7 @@ Provides a Datadog CSM Threats policies API resource.
 
 ### Optional
 
-- `entries` (Block Set) A set of policies that belong to this list/batch. All non-listed policies get deleted. (see [below for nested schema](#nestedblock--entries))
+- `entries` (Block Set) A set of policies that belong to this list. Only one policies_list resource can be defined in Terraform, containing all unique policies. All non-listed policies get deleted. (see [below for nested schema](#nestedblock--entries))
 
 ### Read-Only
 
@@ -28,7 +28,7 @@ Provides a Datadog CSM Threats policies API resource.
 
 Required:
 
-- `policy_id` (String) The ID of the policy to manage (from `csm_threats_policy`).
+- `policy_id` (String) The ID of the policy to manage (from csm_threats_policy).
 - `priority` (Number) The priority of the policy in this list.
 
 Optional:

go.mod

@@ -97,4 +97,3 @@ require (
 )
 
 go 1.23
-replace github.com/DataDog/datadog-api-client-go/v2 v2.34.1-0.20241226155556-e60f30b0e84e => ../datadog-api-spec/generated/datadog-api-client-go