Skip to content

Add scope_mrn to policy_assignment for org and platform support#415

Merged
jaym merged 5 commits intomainfrom
jdm/platform-org-policy-assignment
Apr 17, 2026
Merged

Add scope_mrn to policy_assignment for org and platform support#415
jaym merged 5 commits intomainfrom
jdm/platform-org-policy-assignment

Conversation

@jaym
Copy link
Copy Markdown
Contributor

@jaym jaym commented Apr 15, 2026

Summary

  • Add scope_mrn field to mondoo_policy_assignment resource, allowing policy assignments to organizations and platforms (not just spaces)
  • Deprecate space_id with a deprecation message directing users to scope_mrn
  • Maintain full backwards compatibility — existing space_id configs continue to work

Test plan

  • Existing TestAccPolicyAssignmentResource passes (backwards compat with space_id)
  • New TestAccPolicyAssignmentResourceWithScopeMrn passes (org-scoped assignment)
  • Setting both space_id and scope_mrn produces a conflict error
  • go build ./... compiles cleanly
  • Regenerate docs from main checkout (go generate)

🤖 Generated with Claude Code

jaym and others added 2 commits April 16, 2026 07:46
@jaym @claude
Add scope_mrn to mondoo_policy_assignment for org and platform support
a7203e8 
Deprecate space_id in favor of scope_mrn which accepts the full MRN of
any scope (space, organization, or platform). The change is backwards
compatible — existing space_id configurations continue to work with a
deprecation warning.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jaym
generate docs
4a1e9b7
@jaym jaym force-pushed the jdm/platform-org-policy-assignment branch from 2e4c6e8 to 4a1e9b7 Compare April 16, 2026 12:46
@jaym jaym marked this pull request as ready for review April 16, 2026 12:46
@jaym
Copy link
Copy Markdown
Contributor Author

jaym commented Apr 17, 2026

/review

mondoo-code-review[bot]
mondoo-code-review Bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Policy assignments now support org and platform scopes via scope_mrn, but both attributes being omitted silently falls back to provider space instead of erroring.

Comment thread internal/provider/policy_assignment_resource.go
Comment thread internal/provider/policy_assignment_resource.go
jaym and others added 2 commits April 17, 2026 07:58
@jaym @claude
Add RequiresReplace to space_id and scope_mrn in policy_assignment
f4ee668 
Changing the scope of a policy assignment should destroy and recreate
the resource to ensure policies are properly unassigned from the old
scope and assigned to the new one.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jaym @claude
Fix error message in policy_assignment Delete method
30ff435 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mondoo-code-review[bot]
mondoo-code-review Bot previously approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both previous findings are resolved: error message fixed and RequiresReplace modifiers added.

@jaym @claude
Use space MRN in scope_mrn test to avoid parallel test conflicts
4b35d44 
Org-level policy assignment tests interfere when run in parallel across
multiple Terraform versions since they share the same org. Use a
dedicated space with scope_mrn instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mondoo-code-review[bot]
mondoo-code-review Bot approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds scope_mrn attribute to policy_assignment resource enabling org and platform-level policy assignments.

mondoo-code-review[bot]
mondoo-code-review Bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test now uses a dedicated space to avoid parallel test conflicts, fixing the resource reference names accordingly.

Comment thread internal/provider/policy_assignment_test.go
@jaym jaym merged commit 1927302 into main Apr 17, 2026
12 of 13 checks passed
@jaym jaym deleted the jdm/platform-org-policy-assignment branch April 17, 2026 13:34
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 17, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mondoo-code-review mondoo-code-review[bot] mondoo-code-review[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaym