Remove cloud access policy scope validation (#1049)

* Remove cloud access policy scope validation Closes #1045 It seems like various services can add whatever. This will be more future proof * Fix test * Fix test. API returns ordered
grafana · Sep 21, 2023 · 080914b · 080914b
1 parent 1c66c50
commit 080914b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 11 deletions.
diff --git a/internal/resources/cloud/resource_cloud_access_policy.go b/internal/resources/cloud/resource_cloud_access_policy.go
@@ -192,17 +192,10 @@ func DeleteCloudAccessPolicy(ctx context.Context, d *schema.ResourceData, meta i
 }
 
 func validateCloudAccessPolicyScope(v interface{}, path cty.Path) diag.Diagnostics {
-	_, permission, found := strings.Cut(v.(string), ":")
-	if !found || strings.ContainsRune(permission, ':') {
+	if strings.Count(v.(string), ":") != 1 {
 		return diag.Errorf("invalid scope: %s. Should be in the `service:permission` format", v.(string))
 	}
 
-	// Validate permission
-	switch permission {
-	case "read", "write", "delete":
-	default:
-		return diag.Errorf("invalid scope: %s. Permission should be one of `read`, `write`, `delete`", v.(string))
-	}
 	return nil
 }
 

diff --git a/internal/resources/cloud/resource_cloud_access_policy_token_test.go b/internal/resources/cloud/resource_cloud_access_policy_token_test.go
@@ -30,6 +30,7 @@ func TestResourceAccessPolicyToken_Basic(t *testing.T) {
 		"accesspolicies:read",
 		"accesspolicies:write",
 		"accesspolicies:delete",
+		"datadog:validate",
 	}
 	updatedScopes := []string{
 		"metrics:write",
@@ -50,12 +51,13 @@ func TestResourceAccessPolicyToken_Basic(t *testing.T) {
 
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "name", "initial"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "display_name", "initial"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "5"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.#", "6"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.0", "accesspolicies:delete"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.1", "accesspolicies:read"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.2", "accesspolicies:write"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.3", "logs:write"),
-					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.4", "metrics:read"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.3", "datadog:validate"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.4", "logs:write"),
+					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "scopes.5", "metrics:read"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.#", "1"),
 					resource.TestCheckResourceAttr("grafana_cloud_access_policy.test", "realm.0.type", "org"),