adding validation for tmc-block-rolebinding-subjects recipe schema

Vasundharashukla · Vasundharashukla · commit ee2cccfc5bea · 2022-11-25T16:18:55.000+05:30
Signed-off-by: Vasundhara Shukla &lt;vasundharas@vmware.com&gt;
diff --git a/docs/resources/custom_policy.md b/docs/resources/custom_policy.md
@@ -172,7 +172,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_scoped_tmc-block-rolebin
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "Group"
             name = "subject-1"
           }
         }
@@ -513,7 +513,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_group_scoped_tmc-block-r
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "User"
             name = "subject-1"
           }
         }
@@ -848,7 +848,7 @@ resource "tanzu-mission-control_custom_policy" "organization_scoped_tmc-block-ro
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "ServiceAccount"
             name = "subject-1"
           }
         }
diff --git a/examples/resources/custom_policy/resource_cluster_group_tmc_block_rolebinding_subjects_custom_policy.tf b/examples/resources/custom_policy/resource_cluster_group_tmc_block_rolebinding_subjects_custom_policy.tf
@@ -18,7 +18,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_group_scoped_tmc-block-r
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "User"
             name = "subject-1"
           }
         }
diff --git a/examples/resources/custom_policy/resource_cluster_tmc_block_rolebinding_subjects_custom_policy.tf b/examples/resources/custom_policy/resource_cluster_tmc_block_rolebinding_subjects_custom_policy.tf
@@ -20,7 +20,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_scoped_tmc-block-rolebin
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "Group"
             name = "subject-1"
           }
         }
diff --git a/examples/resources/custom_policy/resource_organization_tmc_block_rolebinding_subjects_custom_policy.tf b/examples/resources/custom_policy/resource_organization_tmc_block_rolebinding_subjects_custom_policy.tf
@@ -18,7 +18,7 @@ resource "tanzu-mission-control_custom_policy" "organization_scoped_tmc-block-ro
         audit = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "ServiceAccount"
             name = "subject-1"
           }
         }
diff --git a/internal/resources/policy/kind/custom/recipe/tmc_block_rolebinding_subjects_flatten_test.go b/internal/resources/policy/kind/custom/recipe/tmc_block_rolebinding_subjects_flatten_test.go
@@ -35,7 +35,7 @@ func TestFlattenTMCBlockRolebindingSubjects(t *testing.T) {
 				Parameters: &policyrecipecustommodel.VmwareTanzuManageV1alpha1CommonPolicySpecCustomV1TMCBlockRoleBindingSubjectsParameters{
 					DisallowedSubjects: []*policyrecipecustommodel.VmwareTanzuManageV1alpha1CommonPolicySpecCustomV1TMCBlockRoleBindingSubjectsParametersDisallowedSubjects{
 						{
-							Kind: "nodes",
+							Kind: "User",
 							Name: "test",
 						},
 					},
@@ -54,7 +54,7 @@ func TestFlattenTMCBlockRolebindingSubjects(t *testing.T) {
 						map[string]interface{}{
 							disallowedSubjectsKey: []interface{}{
 								map[string]interface{}{
-									kindKey: "nodes",
+									kindKey: "User",
 									nameKey: "test",
 								},
 							},
diff --git a/internal/resources/policy/kind/custom/recipe/tmc_block_rolebinding_subjects_schema.go b/internal/resources/policy/kind/custom/recipe/tmc_block_rolebinding_subjects_schema.go
@@ -9,6 +9,7 @@ package recipe
 
 import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	"github.com/vmware/terraform-provider-tanzu-mission-control/internal/helper"
 	policyrecipecustommodel "github.com/vmware/terraform-provider-tanzu-mission-control/internal/models/policy/recipe/custom"
@@ -43,9 +44,10 @@ var TMCBlockRolebindingSubjects = &schema.Schema{
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									kindKey: {
-										Type:        schema.TypeString,
-										Description: "The kind of subject to disallow, can be User/Group/ServiceAccount.",
-										Required:    true,
+										Type:         schema.TypeString,
+										Description:  "The kind of subject to disallow, can be User/Group/ServiceAccount.",
+										Required:     true,
+										ValidateFunc: validation.StringInSlice([]string{"User", "Group", "ServiceAccount"}, false),
 									},
 									nameKey: {
 										Type:        schema.TypeString,
@@ -136,11 +138,11 @@ func expandDisallowedSubjects(data interface{}) (disallowedSubjects *policyrecip
 
 	disallowedSubjects = &policyrecipecustommodel.VmwareTanzuManageV1alpha1CommonPolicySpecCustomV1TMCBlockRoleBindingSubjectsParametersDisallowedSubjects{}
 
-	if v, ok := disallowedSubjectsData[labelKey]; ok {
+	if v, ok := disallowedSubjectsData[kindKey]; ok {
 		helper.SetPrimitiveValue(v, &disallowedSubjects.Kind, kindKey)
 	}
 
-	if v, ok := disallowedSubjectsData[labelValueKey]; ok {
+	if v, ok := disallowedSubjectsData[nameKey]; ok {
 		helper.SetPrimitiveValue(v, &disallowedSubjects.Name, nameKey)
 	}
 
diff --git a/internal/resources/policy/kind/custom/resource/resource_custom_policy_test.go b/internal/resources/policy/kind/custom/resource/resource_custom_policy_test.go
@@ -375,7 +375,7 @@ func (testConfig *testAcceptanceConfig) getTestCustomPolicyResourceInput(recipe
         audit              = false
         parameters {
           disallowed_subjects {
-            kind = "node"
+            kind = "User"
             name = "subject-1"
           }
         }

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_scoped_tmc-block-rolebin`
`172`	`172`	`audit = false`
`173`	`173`	`parameters {`
`174`	`174`	`disallowed_subjects {`
`175`		`- kind = "node"`
	`175`	`+ kind = "Group"`
`176`	`176`	`name = "subject-1"`
`177`	`177`	`}`
`178`	`178`	`}`
`@@ -513,7 +513,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_group_scoped_tmc-block-r`
`513`	`513`	`audit = false`
`514`	`514`	`parameters {`
`515`	`515`	`disallowed_subjects {`
`516`		`- kind = "node"`
	`516`	`+ kind = "User"`
`517`	`517`	`name = "subject-1"`
`518`	`518`	`}`
`519`	`519`	`}`
`@@ -848,7 +848,7 @@ resource "tanzu-mission-control_custom_policy" "organization_scoped_tmc-block-ro`
`848`	`848`	`audit = false`
`849`	`849`	`parameters {`
`850`	`850`	`disallowed_subjects {`
`851`		`- kind = "node"`
	`851`	`+ kind = "ServiceAccount"`
`852`	`852`	`name = "subject-1"`
`853`	`853`	`}`
`854`	`854`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_group_scoped_tmc-block-r`
`18`	`18`	`audit = false`
`19`	`19`	`parameters {`
`20`	`20`	`disallowed_subjects {`
`21`		`- kind = "node"`
	`21`	`+ kind = "User"`
`22`	`22`	`name = "subject-1"`
`23`	`23`	`}`
`24`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ resource "tanzu-mission-control_custom_policy" "cluster_scoped_tmc-block-rolebin`
`20`	`20`	`audit = false`
`21`	`21`	`parameters {`
`22`	`22`	`disallowed_subjects {`
`23`		`- kind = "node"`
	`23`	`+ kind = "Group"`
`24`	`24`	`name = "subject-1"`
`25`	`25`	`}`
`26`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -375,7 +375,7 @@ func (testConfig *testAcceptanceConfig) getTestCustomPolicyResourceInput(recipe`
`375`	`375`	`audit = false`
`376`	`376`	`parameters {`
`377`	`377`	`disallowed_subjects {`
`378`		`- kind = "node"`
	`378`	`+ kind = "User"`
`379`	`379`	`name = "subject-1"`
`380`	`380`	`}`
`381`	`381`	`}`