Authorization policy to support any service specific attributes

IBM-Cloud · Jan 10, 2022 · 33bced6 · 33bced6
1 parent fe888aa
commit 33bced6
Show file tree

Hide file tree

Showing 3 changed files with 379 additions and 115 deletions.
diff --git a/ibm/resource_ibm_iam_authorization.policy_test.go b/ibm/resource_ibm_iam_authorization.policy_test.go
@@ -129,6 +129,27 @@ func TestAccIBMIAMAuthorizationPolicyDelegatorRole(t *testing.T) {
 	})
 }
 
+func TestAccIBMIAMAuthorizationPolicy_ResourceAttributes(t *testing.T) {
+	var conf iampolicymanagementv1.Policy
+	sServiceInstance := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
+	tServiceInstance := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIBMIAMAuthorizationPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIAMAuthorizationPolicyResourceAttributes(sServiceInstance, tServiceInstance, tg_cross_network_account_id, tg_cross_network_account_id),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIAMAuthorizationPolicyExists("ibm_iam_authorization_policy.policy", conf),
+					resource.TestCheckResourceAttrSet("ibm_iam_authorization_policy.policy", "id"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckIBMIAMAuthorizationPolicyDestroy(s *terraform.State) error {
 	iamPolicyManagementClient, err := testAccProvider.Meta().(ClientSession).IAMPolicyManagementV1API()
 	if err != nil {
@@ -264,3 +285,53 @@ func testAccCheckIBMIAMAuthorizationPolicyResourceGroup(sResourceGroup, tResourc
 	  
 	`, sResourceGroup, tResourceGroup)
 }
+
+func testAccCheckIBMIAMAuthorizationPolicyResourceAttributes(sServiceInstance, tServiceInstance, sAccountID, tAccountID string) string {
+
+	return fmt.Sprintf(`
+	
+	resource "ibm_resource_instance" "cos" {
+		name     = "%s"
+		service  = "cloud-object-storage"
+		plan     = "lite"
+		location = "global"
+	}
+	
+	resource "ibm_resource_instance" "kms" {
+		name     = "%s"
+		service  = "kms"
+		plan     = "tiered-pricing"
+		location = "us-south"
+	}
+
+	resource "ibm_iam_authorization_policy" "policy" {
+		roles                       = ["Reader"]
+
+		subject_attributes {
+			name   = "accountId"
+			value = "%s"
+		}
+		subject_attributes {
+			name   = "serviceInstance"
+			value = ibm_resource_instance.cos.id
+		}
+		subject_attributes {
+			name   = "serviceName"
+			value = "cloud-object-storage"
+		}
+
+		resource_attributes {
+			name   = "serviceName"
+			value = "kms"
+		}
+		resource_attributes {
+			name   = "accountId"
+			value = "%s"
+		}
+		resource_attributes {
+			name   = "serviceInstance"
+			value = ibm_resource_instance.kms.id
+		}
+	}
+	`, sServiceInstance, tServiceInstance, sAccountID, tAccountID)
+}