Testcases for Policy (#2062)

sunnyhashi · anubhav-goel · web-flow · commit ca368e63489a · 2026-02-09T14:56:30.000+05:30
* feat(tfpolicy): TF-33301 TF-33306: Added: init setup for terraform-policy

* feat(tfpolicy): TF-33301: Added: changelog

* feat(tfpolicy): TF-33301: Refactored: variables cleanup

* feat(tfpolicy): TF-33301: Bumped: terraform-schema

* feat(tfpolicy): TF-33301 TF-33309: Added: readme

* prepend core:: to functions

* Add test for policy feature

* Remove unused test data file

* Cleanup redundant test data

* Update terraform-schema version

* Update version to beta

* Added changelog

---------

Co-authored-by: Anubhav Goel &lt;replyag96@gmail.com&gt;
diff --git a/.changes/unreleased/ENHANCEMENTS-20260209-145217.yaml b/.changes/unreleased/ENHANCEMENTS-20260209-145217.yaml
@@ -0,0 +1,6 @@
+kind: ENHANCEMENTS
+body: Add test cases for policy feature
+time: 2026-02-09T14:52:17.472152+05:30
+custom:
+    Issue: "2062"
+    Repository: terraform-ls
diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/hashicorp/terraform-exec v0.24.0
 	github.com/hashicorp/terraform-json v0.27.2
 	github.com/hashicorp/terraform-registry-address v0.4.0
-	github.com/hashicorp/terraform-schema v0.0.0-20260205154820-1fa83aeadfe8
+	github.com/hashicorp/terraform-schema v0.0.0-20260209091111-f9f8837ceba2
 	github.com/mcuadros/go-defaults v1.2.0
 	github.com/mh-cbon/go-fmt-fail v0.0.0-20160815164508-67765b3fbcb5
 	github.com/mitchellh/cli v1.1.5
diff --git a/go.sum b/go.sum
@@ -128,6 +128,8 @@ github.com/hashicorp/terraform-registry-address v0.4.0 h1:S1yCGomj30Sao4l5BMPjTG
 github.com/hashicorp/terraform-registry-address v0.4.0/go.mod h1:LRS1Ay0+mAiRkUyltGT+UHWkIqTFvigGn/LbMshfflE=
 github.com/hashicorp/terraform-schema v0.0.0-20260205154820-1fa83aeadfe8 h1:PPVlY6fBiz9Cryk5QjKOU+bjXhMzLgIlyNF8jtsvcY8=
 github.com/hashicorp/terraform-schema v0.0.0-20260205154820-1fa83aeadfe8/go.mod h1:pXOhxvzIKX/rL0weM3CzswnU8WBEMSElvC0MYsc8FzQ=
+github.com/hashicorp/terraform-schema v0.0.0-20260209091111-f9f8837ceba2 h1:QbBEhzv5Fl7b+IL9JcikW3g+b+/Puw3y2+oywQvzCbI=
+github.com/hashicorp/terraform-schema v0.0.0-20260209091111-f9f8837ceba2/go.mod h1:pXOhxvzIKX/rL0weM3CzswnU8WBEMSElvC0MYsc8FzQ=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
 github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
 github.com/hexops/autogold v1.3.1 h1:YgxF9OHWbEIUjhDbpnLhgVsjUDsiHDTyDfy2lrfdlzo=
diff --git a/internal/features/policy/decoder/functions.go b/internal/features/policy/decoder/functions.go
@@ -17,10 +17,14 @@ func functionsForPolicy(policy *state.PolicyRecord, stateReader CombinedReader)
 }
 
 func mustFunctionsForVersion(v *version.Version) map[string]schema.FunctionSignature {
-	s, err := tfschema.FunctionsForVersion(v)
+	fs, err := tfschema.FunctionsForVersion(v)
 	if err != nil {
 		// this should never happen
 		panic(err)
 	}
-	return s
+	coreFunctions := make(map[string]schema.FunctionSignature, len(fs))
+	for name, signature := range fs {
+		coreFunctions["core::"+name] = signature
+	}
+	return coreFunctions
 }
diff --git a/internal/features/policy/jobs/parse_test.go b/internal/features/policy/jobs/parse_test.go
@@ -0,0 +1,103 @@
+// Copyright IBM Corp. 2020, 2026
+// SPDX-License-Identifier: MPL-2.0
+
+package jobs
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	lsctx "github.com/hashicorp/terraform-ls/internal/context"
+	"github.com/hashicorp/terraform-ls/internal/features/policy/ast"
+	"github.com/hashicorp/terraform-ls/internal/features/policy/state"
+	"github.com/hashicorp/terraform-ls/internal/filesystem"
+	"github.com/hashicorp/terraform-ls/internal/job"
+	ilsp "github.com/hashicorp/terraform-ls/internal/lsp"
+	globalState "github.com/hashicorp/terraform-ls/internal/state"
+	globalAst "github.com/hashicorp/terraform-ls/internal/terraform/ast"
+	"github.com/hashicorp/terraform-ls/internal/uri"
+)
+
+func TestParsePolicyConfiguration(t *testing.T) {
+	ctx := context.Background()
+	gs, err := globalState.NewStateStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ps, err := state.NewPolicyStore(gs.ChangeStore)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testData, err := filepath.Abs("testdata")
+	if err != nil {
+		t.Fatal(err)
+	}
+	testFs := filesystem.NewFilesystem(gs.DocumentStore)
+
+	simplePolicyPath := filepath.Join(testData, "simple-policy")
+
+	err = ps.Add(simplePolicyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx = lsctx.WithDocumentContext(ctx, lsctx.Document{})
+	err = ParsePolicyConfiguration(ctx, testFs, ps, simplePolicyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	before, err := ps.PolicyRecordByPath(simplePolicyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(before.ParsedPolicyFiles) == 0 {
+		t.Fatal("expected parsed policy files, got none")
+	}
+
+	// Verify specific files are in the store
+	mainFile := ast.PolicyFilename("config.policy.hcl")
+
+	if _, exists := before.ParsedPolicyFiles[mainFile]; !exists {
+		t.Fatalf("expected %s to be parsed", mainFile)
+	}
+
+	// ignore job state for next test
+	ctx = job.WithIgnoreState(ctx, true)
+
+	mainURI, err := filepath.Abs(filepath.Join(simplePolicyPath, "config.policy.hcl"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Simulate a didChange request for one file
+	changeCtx := lsctx.WithDocumentContext(ctx, lsctx.Document{
+		Method:     "textDocument/didChange",
+		LanguageID: ilsp.Policy.String(),
+		URI:        uri.FromPath(mainURI),
+	})
+
+	err = ParsePolicyConfiguration(changeCtx, testFs, ps, simplePolicyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	after, err := ps.PolicyRecordByPath(simplePolicyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// config.policy.hcl should have been updated (new pointer)
+	if before.ParsedPolicyFiles[mainFile] == after.ParsedPolicyFiles[mainFile] {
+		t.Errorf("%s should have been re-parsed (new pointer expected)", mainFile)
+	}
+
+	// Verify diagnostics were updated for the changed file
+	if _, ok := after.PolicyDiagnostics[globalAst.HCLParsingSource][mainFile]; !ok {
+		t.Fatal("expected diagnostics for config.policy.hcl")
+	}
+}
diff --git a/internal/features/policy/jobs/testdata/simple-policy/config.policy.hcl b/internal/features/policy/jobs/testdata/simple-policy/config.policy.hcl
@@ -0,0 +1,22 @@
+policy {
+  consumer = terraform
+
+  consumer_config {
+    required_version = ">=1.12"
+  }
+}
+
+locals {
+  parent_value = core::getresources("test_resource", {
+id = attrs.dependent
+}).value
+}
+
+resource_policy "test_resource" "policy" {
+filter = attrs.value == "child"
+
+enforce {
+condition     = local.parent_value == "parent"
+error_message = "Child resource must link to a 'parent' resource."
+}
+}
diff --git a/internal/features/policy/jobs/validation_test.go b/internal/features/policy/jobs/validation_test.go
@@ -0,0 +1,113 @@
+// Copyright IBM Corp. 2020, 2026
+// SPDX-License-Identifier: MPL-2.0
+
+package jobs
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	"github.com/hashicorp/go-version"
+	lsctx "github.com/hashicorp/terraform-ls/internal/context"
+	"github.com/hashicorp/terraform-ls/internal/features/policy/ast"
+	"github.com/hashicorp/terraform-ls/internal/features/policy/state"
+	"github.com/hashicorp/terraform-ls/internal/filesystem"
+	ilsp "github.com/hashicorp/terraform-ls/internal/lsp"
+	globalState "github.com/hashicorp/terraform-ls/internal/state"
+	globalAst "github.com/hashicorp/terraform-ls/internal/terraform/ast"
+	"github.com/hashicorp/terraform-ls/internal/uri"
+	tfmod "github.com/hashicorp/terraform-schema/module"
+)
+
+// --- Mocks & Helpers ---
+
+type PolicyRootReaderMock struct{}
+
+func (r PolicyRootReaderMock) InstalledModuleCalls(modPath string) (map[string]tfmod.InstalledModuleCall, error) {
+	return nil, nil
+}
+func (r PolicyRootReaderMock) TerraformVersion(modPath string) *version.Version {
+	return nil
+}
+func (r PolicyRootReaderMock) InstalledModulePath(rootPath string, normalizedSource string) (string, bool) {
+	return "", false
+}
+
+func setupTestEnv(t *testing.T) (*state.PolicyStore, *filesystem.Filesystem, string) {
+	gs, err := globalState.NewStateStore()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ps, err := state.NewPolicyStore(gs.ChangeStore)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	testData, err := filepath.Abs("testdata")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	policyPath := filepath.Join(testData, "simple-policy")
+	err = ps.Add(policyPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fs := filesystem.NewFilesystem(gs.DocumentStore)
+	return ps, fs, policyPath
+}
+
+func TestParsePolicy_FullPolicy(t *testing.T) {
+	ps, fs, policyPath := setupTestEnv(t)
+	ctx := lsctx.WithDocumentContext(context.Background(), lsctx.Document{
+		Method:     "textDocument/didOpen",
+		LanguageID: ilsp.Policy.String(),
+	})
+
+	// Run Parse
+	if err := ParsePolicyConfiguration(ctx, fs, ps, policyPath); err != nil {
+		t.Fatalf("Full parse failed: %v", err)
+	}
+
+	// Run Validation
+	if err := SchemaPolicyValidation(ctx, ps, PolicyRootReaderMock{}, policyPath); err != nil {
+		t.Fatalf("Full schema validation failed: %v", err)
+	}
+
+	record, _ := ps.PolicyRecordByPath(policyPath)
+	if len(record.ParsedPolicyFiles) == 0 {
+		t.Error("Expected files to be parsed, but map is empty")
+	}
+}
+
+func TestParsePolicy_SingleFile(t *testing.T) {
+	ps, fs, policyPath := setupTestEnv(t)
+
+	mainFile := "config.policy.hcl"
+	absPath, _ := filepath.Abs(filepath.Join(policyPath, mainFile))
+	mainURI := uri.FromPath(absPath)
+
+	ctx := lsctx.WithDocumentContext(context.Background(), lsctx.Document{
+		Method:     "textDocument/didChange",
+		LanguageID: ilsp.Policy.String(),
+		URI:        mainURI,
+	})
+
+	if err := ParsePolicyConfiguration(ctx, fs, ps, policyPath); err != nil {
+		t.Fatalf("Incremental parse failed: %v", err)
+	}
+
+	if err := SchemaPolicyValidation(ctx, ps, PolicyRootReaderMock{}, policyPath); err != nil {
+		t.Fatalf("Incremental schema validation failed: %v", err)
+	}
+
+	record, _ := ps.PolicyRecordByPath(policyPath)
+	filename := ast.PolicyFilename(mainFile)
+
+	if _, ok := record.PolicyDiagnostics[globalAst.SchemaValidationSource][filename]; !ok {
+		t.Errorf("Diagnostic for %s missing from store", filename)
+	}
+}
diff --git a/internal/features/policy/state/policy_store_test.go b/internal/features/policy/state/policy_store_test.go
diff --git a/version/VERSION b/version/VERSION

Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,14 @@ func functionsForPolicy(policy *state.PolicyRecord, stateReader CombinedReader)`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`func mustFunctionsForVersion(v *version.Version) map[string]schema.FunctionSignature {`
`20`		`- s, err := tfschema.FunctionsForVersion(v)`
	`20`	`+ fs, err := tfschema.FunctionsForVersion(v)`
`21`	`21`	`if err != nil {`
`22`	`22`	`// this should never happen`
`23`	`23`	`panic(err)`
`24`	`24`	`}`
`25`		`- return s`
	`25`	`+ coreFunctions := make(map[string]schema.FunctionSignature, len(fs))`
	`26`	`+ for name, signature := range fs {`
	`27`	`+ coreFunctions["core::"+name] = signature`
	`28`	`+ }`
	`29`	`+ return coreFunctions`
`26`	`30`	`}`