SCALRCORE-33013 - Allow users to link the OPA common functions folder to the policy group in Scalr provider

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- `scalr_policy_group` and `data.scalr_policy_group`: new attribute `common_functions_folder` ([#380](https://github.com/Scalr/terraform-provider-scalr/pull/380))
+
 ## [2.3.0] - 2024-12-20
 
 ### Changed

GNUmakefile

@@ -6,7 +6,7 @@ BUILD_ENV=CGO_ENABLED=0
 TAG=$(shell PAGER= git tag --points-at HEAD)
 BRANCH=$(subst /,-,$(shell git branch --show-current))
 VERSION=$(if $(VER),$(VER),$(if $(TAG),$(TAG),$(BRANCH)))
-USER_PLUGIN_DIR=${HOME}/.terraform.d/plugins/scalr.io/scalr/scalr/$(VERSION)/$(PLATFORM)
+USER_PLUGIN_DIR=${HOME}/.terraform.d/plugins/registry.scalr.io/scalr/scalr/$(VERSION)/$(PLATFORM)
 BIN_NAME := terraform-provider-scalr_$(VERSION)
 ARGS=-ldflags='-X github.com/scalr/terraform-provider-scalr/version.ProviderVersion=$(TAG) -X github.com/scalr/terraform-provider-scalr/version.Branch=$(BRANCH)'
 UPSTREAM_COMMIT_DESCRIPTION="Scalr terraform provider acceptance tests"
@@ -22,6 +22,11 @@ test:
 	echo $(TEST) | \
 		$(BUILD_ENV) xargs -t -n4  go test $(TESTARGS) -timeout=30s -parallel=4
 
+
+install: build
+	@echo "Installing version $(VERSION) for $(PLATFORM)"
+	mkdir -p $(USER_PLUGIN_DIR); cp $(BIN_NAME) $(USER_PLUGIN_DIR)
+
 testacc:
 	TF_ACC=1 go test -race $(TEST) -v $(TESTARGS) -timeout 15m  -covermode atomic -coverprofile=covprofile
 

docs/data-sources/policy_group.md

@@ -24,7 +24,7 @@ data "scalr_policy_group" "example2" {
 }
 ```
 
-<!-- Manually filling the schema here because of https://github.com/hashicorp/terraform-plugin-docs/issues/28 -->
+<!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Optional
@@ -35,7 +35,8 @@ data "scalr_policy_group" "example2" {
 
 ### Read-Only
 
-- `environments` (List of String) A list of the environments the policy group is linked to.
+- `common_functions_folder` (String) An absolute path from the repository root to the folder that contains common rego functions.
+- `environments` (List of String) A list of the environments the policy group is linked to, or `["*"]` if enforced in all environments.
 - `error_message` (String) An error details if Scalr failed to process the policy group.
 - `opa_version` (String) The version of the Open Policy Agent that the policy group is using.
 - `policies` (List of Object) A list of the OPA policies the policy group verifies each run. (see [below for nested schema](#nestedatt--policies))
@@ -48,16 +49,16 @@ data "scalr_policy_group" "example2" {
 
 Read-Only:
 
-- `enabled` (Boolean) If set to `false`, the policy will not be verified on a run.
-- `enforced_level` (String) An enforcement level of a policy.
-- `name` (String) A name of a policy.
+- `enabled` (Boolean)
+- `enforced_level` (String)
+- `name` (String)
 
 
 <a id="nestedatt--vcs_repo"></a>
 ### Nested Schema for `vcs_repo`
 
 Read-Only:
 
-- `branch` (String) A branch of a repository the policy group is associated with.
-- `identifier` (String) A reference to the VCS repository in the format `:org/:repo`, it stands for the organization and repository.
-- `path` (String) A subdirectory of a VCS repository where OPA policies are stored.
+- `branch` (String)
+- `identifier` (String)
+- `path` (String)

docs/resources/policy_group.md

@@ -38,6 +38,7 @@ resource "scalr_policy_group" "example" {
 ### Optional
 
 - `account_id` (String) The identifier of the Scalr account, in the format `acc-<RANDOM STRING>`.
+- `common_functions_folder` (String) An absolute path from the repository root to the folder that contains common rego functions.
 - `environments` (List of String) A list of the environments the policy group is linked to. Use `["*"]` to enforce in all environments. To manage a linkage use either this attribute or the `scalr_policy_group_linkage` resource.
 - `opa_version` (String) The version of Open Policy Agent to run policies against. If omitted, the system default version is assigned.
 

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.35.0
 	github.com/hashicorp/terraform-plugin-testing v1.11.0
 	github.com/hashicorp/terraform-svchost v0.1.1
-	github.com/scalr/go-scalr v0.0.0-20241217115214-520118b5f6e3
+	github.com/scalr/go-scalr v0.0.0-20250106085405-b4b290b8364e
 )
 
 require (

go.sum

@@ -201,8 +201,8 @@ github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBO
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
-github.com/scalr/go-scalr v0.0.0-20241217115214-520118b5f6e3 h1:S1NUPU0JSImn29HJfPRaRxQLPSR4G8HwWi6tl99bgbo=
-github.com/scalr/go-scalr v0.0.0-20241217115214-520118b5f6e3/go.mod h1:p34SHb25YRvbgft7SUjSDYESeoQhWzAlxGXId/BbaSE=
+github.com/scalr/go-scalr v0.0.0-20250106085405-b4b290b8364e h1:Ae/dv3iR7viRcrqxsGzs4e1g6i/3gT+1m8nYWuV+U5U=
+github.com/scalr/go-scalr v0.0.0-20250106085405-b4b290b8364e/go.mod h1:p34SHb25YRvbgft7SUjSDYESeoQhWzAlxGXId/BbaSE=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=

internal/provider/data_source_scalr_policy_group.go

@@ -71,6 +71,11 @@ func dataSourceScalrPolicyGroup() *schema.Resource {
 					},
 				},
 			},
+			"common_functions_folder": {
+				Description: "An absolute path from the repository root to the folder that contains common rego functions.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
 			"account_id": {
 				Description: "The identifier of the Scalr account.",
 				Type:        schema.TypeString,
@@ -156,6 +161,7 @@ func dataSourceScalrPolicyGroupRead(ctx context.Context, d *schema.ResourceData,
 	_ = d.Set("status", pg.Status)
 	_ = d.Set("error_message", pg.ErrorMessage)
 	_ = d.Set("opa_version", pg.OpaVersion)
+	_ = d.Set("common_functions_folder", pg.CommonFunctionsFolder)
 
 	if pg.VcsProvider != nil {
 		_ = d.Set("vcs_provider_id", pg.VcsProvider.ID)

internal/provider/resource_scalr_policy_group.go

@@ -70,6 +70,11 @@ func resourceScalrPolicyGroup() *schema.Resource {
 					},
 				},
 			},
+			"common_functions_folder": {
+				Description: "An absolute path from the repository root to the folder that contains common rego functions.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
 			"account_id": {
 				Description: "The identifier of the Scalr account, in the format `acc-<RANDOM STRING>`.",
 				Type:        schema.TypeString,
@@ -168,6 +173,10 @@ func resourceScalrPolicyGroupCreate(ctx context.Context, d *schema.ResourceData,
 		opts.OpaVersion = ptr(opaVersion.(string))
 	}
 
+	if commonFunctionFolder, ok := d.GetOk("common_functions_folder"); ok {
+		opts.CommonFunctionsFolder = ptr(commonFunctionFolder.(string))
+	}
+
 	pg, err := scalrClient.PolicyGroups.Create(ctx, opts)
 	if err != nil {
 		return diag.Errorf("error creating policy group: %v", err)
@@ -216,6 +225,7 @@ func resourceScalrPolicyGroupRead(ctx context.Context, d *schema.ResourceData, m
 	_ = d.Set("status", pg.Status)
 	_ = d.Set("error_message", pg.ErrorMessage)
 	_ = d.Set("opa_version", pg.OpaVersion)
+	_ = d.Set("common_functions_folder", pg.CommonFunctionsFolder)
 	_ = d.Set("account_id", pg.Account.ID)
 	_ = d.Set("vcs_provider_id", pg.VcsProvider.ID)
 	_ = d.Set("vcs_repo", []map[string]interface{}{{
@@ -257,7 +267,7 @@ func resourceScalrPolicyGroupUpdate(ctx context.Context, d *schema.ResourceData,
 
 	if d.HasChange("name") || d.HasChange("opa_version") ||
 		d.HasChange("vcs_provider_id") || d.HasChange("vcs_repo") ||
-		d.HasChange("environments") {
+		d.HasChange("environments") || d.HasChange("common_functions_folder") {
 
 		name := d.Get("name").(string)
 		vcsProviderID := d.Get("vcs_provider_id").(string)
@@ -283,6 +293,10 @@ func resourceScalrPolicyGroupUpdate(ctx context.Context, d *schema.ResourceData,
 			opts.OpaVersion = ptr(opaVersion.(string))
 		}
 
+		if commonFunctionsFolder, ok := d.GetOk("common_functions_folder"); ok {
+			opts.CommonFunctionsFolder = ptr(commonFunctionsFolder.(string))
+		}
+
 		environments := make([]*scalr.Environment, 0)
 		if environmentsI, ok := d.GetOk("environments"); ok {
 			environmentsIDs := environmentsI.([]interface{})

internal/provider/resource_scalr_policy_group_test.go

@@ -14,6 +14,7 @@ import (
 const (
 	policyGroupVcsRepoID   = "Scalr/tf-revizor-fixtures"
 	policyGroupVcsRepoPath = "policies/clouds"
+	commonFunctionsFolder  = "policies/instances"
 )
 
 func TestAccPolicyGroup_basic(t *testing.T) {
@@ -63,6 +64,11 @@ func TestAccPolicyGroup_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "vcs_repo.0.branch"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "policies.#"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "environments.#"),
+					resource.TestCheckResourceAttr(
+						"scalr_policy_group.test",
+						"common_functions_folder",
+						commonFunctionsFolder,
+					),
 				),
 			},
 		},
@@ -116,6 +122,11 @@ func TestAccPolicyGroup_update(t *testing.T) {
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "vcs_repo.0.branch"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "policies.#"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "environments.#"),
+					resource.TestCheckResourceAttr(
+						"scalr_policy_group.test",
+						"common_functions_folder",
+						commonFunctionsFolder,
+					),
 				),
 			},
 			{
@@ -153,6 +164,7 @@ func TestAccPolicyGroup_update(t *testing.T) {
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "vcs_repo.0.branch"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "policies.#"),
 					resource.TestCheckResourceAttrSet("scalr_policy_group.test", "environments.#"),
+					resource.TestCheckResourceAttr("scalr_policy_group.test", "common_functions_folder", ""),
 				),
 			},
 		},
@@ -350,8 +362,17 @@ resource "scalr_policy_group" "test" {
 	identifier = "%s"
     path       = "%s"
   }
+  common_functions_folder = "%s"
 }
-`, rInt, string(scalr.Github), githubToken, defaultAccount, policyGroupVcsRepoID, policyGroupVcsRepoPath)
+`,
+		rInt,
+		string(scalr.Github),
+		githubToken,
+		defaultAccount,
+		policyGroupVcsRepoID,
+		policyGroupVcsRepoPath,
+		commonFunctionsFolder,
+	)
 }
 
 func testAccPolicyGroupUpdateConfig(rInt int) string {