fix(IAM Policy Management): Added nest conditions to rule.conditions (#…

…4896)

* fix(IAM Policy Management): Added nest conditions to rule.conditions

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

* fix(IAM Policy Management): Updated go.mod and go.sum with latest go SDK

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

* fix(IAM Policy Management): Updated based on incoming sdk changes

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

* fix(IAM Policy Management): update based on sdk change

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

* fix(IAM Policy Management): update based on sdk change

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

* fix(IAM Policy Management): Fix commented out test case

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

---------

Signed-off-by: Shaun Colley <shaun.colley@ibm.com>

go.mod

@@ -24,7 +24,7 @@ require (
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta
 	github.com/IBM/keyprotect-go-client v0.12.2
 	github.com/IBM/networking-go-sdk v0.42.2
-	github.com/IBM/platform-services-go-sdk v0.52.0
+	github.com/IBM/platform-services-go-sdk v0.53.1
 	github.com/IBM/project-go-sdk v0.0.99
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
 	github.com/IBM/scc-go-sdk/v5 v5.1.3

go.sum

@@ -157,6 +157,10 @@ github.com/IBM/networking-go-sdk v0.42.2 h1:caqjx4jyFHi10Vlf3skHvlL6K3YJRVstsmCB
 github.com/IBM/networking-go-sdk v0.42.2/go.mod h1:lTUZwtUkMANMnrLHFIgRhHrkBfwASY/Iho1fabaPHxo=
 github.com/IBM/platform-services-go-sdk v0.52.0 h1:hbf640xE8T0Rwy2IUf5Pu4OATabGS4IDMnEInXUXs4o=
 github.com/IBM/platform-services-go-sdk v0.52.0/go.mod h1:6LxcUhIaSLP4SuQJXF9oLXBamSQogs5D9BcVwr4hmfU=
+github.com/IBM/platform-services-go-sdk v0.52.1 h1:fUCtYMAekzsWO/ylZi31j6BpyJ1xKb39NG62zBXePbg=
+github.com/IBM/platform-services-go-sdk v0.52.1/go.mod h1:6LxcUhIaSLP4SuQJXF9oLXBamSQogs5D9BcVwr4hmfU=
+github.com/IBM/platform-services-go-sdk v0.53.1 h1:axpK4dzlf+C+KgHQZWXoKSUMoV2t6OrR5kGGumUEXrI=
+github.com/IBM/platform-services-go-sdk v0.53.1/go.mod h1:CWSprvsCsXWvujmBzbtoJSmbRZS9FVV3O594b0t/GiM=
 github.com/IBM/project-go-sdk v0.0.99 h1:rQU/uQLW83OsAUfP/d8fFSIjp8ooEQIFjalYQD4i4aY=
 github.com/IBM/project-go-sdk v0.0.99/go.mod h1:lqe0M4cKvABI1iHR1b+KfasVcxQL6nl2VJ8eOyQs8Ig=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4=

ibm/flex/structures.go

@@ -1641,42 +1641,55 @@ func FlattenV2PolicyResourceTags(resource iampolicymanagementv1.V2PolicyResource
 	return result
 }
 
+func getConditionValues(v interface{}) []string {
+	var values []string
+	switch value := v.(type) {
+	case string:
+		values = append(values, value)
+	case []interface{}:
+		for _, v := range value {
+			values = append(values, fmt.Sprint(v))
+		}
+	case nil:
+	default:
+		values = append(values, fmt.Sprintf("%v", value))
+	}
+	return values
+}
+
 func FlattenRuleConditions(rule iampolicymanagementv1.V2PolicyRule) []map[string]interface{} {
 	result := make([]map[string]interface{}, 0)
 	if len(rule.Conditions) > 0 {
-		for _, c := range rule.Conditions {
-			var values []string
-			switch value := c.Value.(type) {
-			case string:
-				values = append(values, value)
-			case []interface{}:
-				for _, v := range value {
-					values = append(values, fmt.Sprint(v))
+		for _, cIntf := range rule.Conditions {
+			c := cIntf.(*iampolicymanagementv1.NestedCondition)
+			if len(c.Conditions) > 0 {
+				nestedConditions := make([]map[string]interface{}, 0)
+				for _, nc := range c.Conditions {
+					values := getConditionValues(nc.Value)
+					nestedCondition := map[string]interface{}{
+						"key":      nc.Key,
+						"value":    values,
+						"operator": nc.Operator,
+					}
+					nestedConditions = append(nestedConditions, nestedCondition)
 				}
-			default:
-				values = append(values, value.(string))
-			}
-
-			condition := map[string]interface{}{
-				"key":      c.Key,
-				"value":    values,
-				"operator": c.Operator,
+				condition := map[string]interface{}{
+					"operator":   c.Operator,
+					"conditions": nestedConditions,
+				}
+				result = append(result, condition)
+			} else {
+				values := getConditionValues(c.Value)
+				condition := map[string]interface{}{
+					"key":      c.Key,
+					"value":    values,
+					"operator": c.Operator,
+				}
+				result = append(result, condition)
 			}
-			result = append(result, condition)
 		}
 	} else {
-		var values []string
-		switch value := rule.Value.(type) {
-		case string:
-			values = append(values, value)
-		case []interface{}:
-			for _, v := range value {
-				values = append(values, fmt.Sprint(v))
-			}
-		default:
-			values = append(values, value.(string))
-		}
-
+		values := getConditionValues(rule.Value)
 		condition := map[string]interface{}{
 			"key":      rule.Key,
 			"value":    values,
@@ -3932,39 +3945,64 @@ func GenerateV2PolicyOptions(d *schema.ResourceData, meta interface{}) (iampolic
 	return iampolicymanagementv1.CreateV2PolicyOptions{Control: policyControl, Resource: &policyResource}, nil
 }
 
-func GeneratePolicyRule(d *schema.ResourceData, ruleConditions interface{}) *iampolicymanagementv1.V2PolicyRule {
-	conditions := []iampolicymanagementv1.RuleAttribute{}
+func generatePolicyRuleCondition(c map[string]interface{}) iampolicymanagementv1.RuleAttribute {
+	key := c["key"].(string)
+	operator := c["operator"].(string)
+	r := iampolicymanagementv1.RuleAttribute{
+		Key:      &key,
+		Operator: &operator,
+	}
 
-	for _, condition := range ruleConditions.(*schema.Set).List() {
-		c := condition.(map[string]interface{})
-		key := c["key"].(string)
-		operator := c["operator"].(string)
-		r := iampolicymanagementv1.RuleAttribute{
-			Key:      &key,
-			Operator: &operator,
-		}
+	interfaceValues := c["value"].([]interface{})
+	values := make([]string, len(interfaceValues))
+	for i, v := range interfaceValues {
+		values[i] = fmt.Sprint(v)
+	}
 
-		interfaceValues := c["value"].([]interface{})
-		values := make([]string, len(interfaceValues))
-		for i, v := range interfaceValues {
-			values[i] = fmt.Sprint(v)
-		}
+	if len(values) > 1 {
+		r.Value = &values
+	} else if operator == "stringExists" && values[0] == "true" {
+		r.Value = true
+	} else if operator == "stringExists" && values[0] == "false" {
+		r.Value = false
+	} else {
+		r.Value = &values[0]
+	}
+	return r
+}
 
-		if len(values) > 1 {
-			r.Value = &values
-		} else if operator == "stringExists" && values[0] == "true" {
-			r.Value = true
+func GeneratePolicyRule(d *schema.ResourceData, ruleConditions interface{}) *iampolicymanagementv1.V2PolicyRule {
+	conditions := []iampolicymanagementv1.NestedConditionIntf{}
+
+	for _, ruleCondition := range ruleConditions.(*schema.Set).List() {
+		rc := ruleCondition.(map[string]interface{})
+		con := rc["conditions"].([]interface{})
+		if len(con) > 0 {
+			nestedConditions := []iampolicymanagementv1.RuleAttribute{}
+			for _, nc := range con {
+				nestedConditions = append(nestedConditions, generatePolicyRuleCondition(nc.(map[string]interface{})))
+			}
+			nestedCondition := &iampolicymanagementv1.NestedCondition{}
+			nestedConditionsOperator := rc["operator"].(string)
+			nestedCondition.Operator = &nestedConditionsOperator
+			nestedCondition.Conditions = nestedConditions
+			conditions = append(conditions, nestedCondition)
 		} else {
-			r.Value = &values[0]
+			ruleAttribute := generatePolicyRuleCondition(rc)
+			nestedCondition := &iampolicymanagementv1.NestedCondition{
+				Key:      ruleAttribute.Key,
+				Operator: ruleAttribute.Operator,
+				Value:    ruleAttribute.Value,
+			}
+			conditions = append(conditions, nestedCondition)
 		}
-
-		conditions = append(conditions, r)
 	}
 	rule := new(iampolicymanagementv1.V2PolicyRule)
 	if len(conditions) == 1 {
-		rule.Key = conditions[0].Key
-		rule.Operator = conditions[0].Operator
-		rule.Value = conditions[0].Value
+		ruleCondition := conditions[0].(*iampolicymanagementv1.NestedCondition)
+		rule.Key = ruleCondition.Key
+		rule.Operator = ruleCondition.Operator
+		rule.Value = ruleCondition.Value
 	} else {
 		ruleOperator := d.Get("rule_operator").(string)
 		rule.Operator = &ruleOperator

ibm/service/iampolicy/data_source_ibm_iam_access_group_policy.go

@@ -145,7 +145,7 @@ func DataSourceIBMIAMAccessGroupPolicy() *schema.Resource {
 								Schema: map[string]*schema.Schema{
 									"key": {
 										Type:        schema.TypeString,
-										Required:    true,
+										Optional:    true,
 										Description: "Key of the condition",
 									},
 									"operator": {
@@ -155,10 +155,35 @@ func DataSourceIBMIAMAccessGroupPolicy() *schema.Resource {
 									},
 									"value": {
 										Type:        schema.TypeList,
-										Required:    true,
+										Optional:    true,
 										Elem:        &schema.Schema{Type: schema.TypeString},
 										Description: "Value of the condition",
 									},
+									"conditions": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: "Additional Rule conditions enforced by the policy",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"key": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Key of the condition",
+												},
+												"operator": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Operator of the condition",
+												},
+												"value": {
+													Type:        schema.TypeList,
+													Required:    true,
+													Elem:        &schema.Schema{Type: schema.TypeString},
+													Description: "Value of the condition",
+												},
+											},
+										},
+									},
 								},
 							},
 						},

ibm/service/iampolicy/data_source_ibm_iam_policy_template.go

@@ -137,7 +137,7 @@ func DataSourceIBMIAMPolicyTemplate() *schema.Resource {
 											Schema: map[string]*schema.Schema{
 												"key": {
 													Type:        schema.TypeString,
-													Required:    true,
+													Optional:    true,
 													Description: "Key of the condition",
 												},
 												"operator": {
@@ -147,10 +147,35 @@ func DataSourceIBMIAMPolicyTemplate() *schema.Resource {
 												},
 												"value": {
 													Type:        schema.TypeList,
-													Required:    true,
+													Optional:    true,
 													Elem:        &schema.Schema{Type: schema.TypeString},
 													Description: "Value of the condition",
 												},
+												"conditions": {
+													Type:        schema.TypeList,
+													Optional:    true,
+													Description: "Additional Rule conditions enforced by the policy",
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+															"key": {
+																Type:        schema.TypeString,
+																Required:    true,
+																Description: "Key of the condition",
+															},
+															"operator": {
+																Type:        schema.TypeString,
+																Required:    true,
+																Description: "Operator of the condition",
+															},
+															"value": {
+																Type:        schema.TypeList,
+																Required:    true,
+																Elem:        &schema.Schema{Type: schema.TypeString},
+																Description: "Value of the condition",
+															},
+														},
+													},
+												},
 											},
 										},
 									},

ibm/service/iampolicy/data_source_ibm_iam_policy_template_version.go

@@ -136,7 +136,7 @@ func DataSourceIBMIAMPolicyTemplateVersion() *schema.Resource {
 								Schema: map[string]*schema.Schema{
 									"key": {
 										Type:        schema.TypeString,
-										Required:    true,
+										Optional:    true,
 										Description: "Key of the condition",
 									},
 									"operator": {
@@ -146,10 +146,35 @@ func DataSourceIBMIAMPolicyTemplateVersion() *schema.Resource {
 									},
 									"value": {
 										Type:        schema.TypeList,
-										Required:    true,
+										Optional:    true,
 										Elem:        &schema.Schema{Type: schema.TypeString},
 										Description: "Value of the condition",
 									},
+									"conditions": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: "Additional Rule conditions enforced by the policy",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"key": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Key of the condition",
+												},
+												"operator": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Operator of the condition",
+												},
+												"value": {
+													Type:        schema.TypeList,
+													Required:    true,
+													Elem:        &schema.Schema{Type: schema.TypeString},
+													Description: "Value of the condition",
+												},
+											},
+										},
+									},
 								},
 							},
 						},

ibm/service/iampolicy/data_source_ibm_iam_service_policy.go

@@ -154,7 +154,7 @@ func DataSourceIBMIAMServicePolicy() *schema.Resource {
 								Schema: map[string]*schema.Schema{
 									"key": {
 										Type:        schema.TypeString,
-										Required:    true,
+										Optional:    true,
 										Description: "Key of the condition",
 									},
 									"operator": {
@@ -164,10 +164,35 @@ func DataSourceIBMIAMServicePolicy() *schema.Resource {
 									},
 									"value": {
 										Type:        schema.TypeList,
-										Required:    true,
+										Optional:    true,
 										Elem:        &schema.Schema{Type: schema.TypeString},
 										Description: "Value of the condition",
 									},
+									"conditions": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: "Additional Rule conditions enforced by the policy",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"key": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Key of the condition",
+												},
+												"operator": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "Operator of the condition",
+												},
+												"value": {
+													Type:        schema.TypeList,
+													Required:    true,
+													Elem:        &schema.Schema{Type: schema.TypeString},
+													Description: "Value of the condition",
+												},
+											},
+										},
+									},
 								},
 							},
 						},