generate docs + modify test file

QuentinGuillard · QuentinGuillard · commit f715a3a5c718 · 2025-02-28T16:35:26.000+01:00
diff --git a/datadog/fwprovider/resource_datadog_csm_threats_multi_policies.go b/datadog/fwprovider/resource_datadog_csm_threats_multi_policies.go
@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	"github.com/terraform-providers/terraform-provider-datadog/datadog/internal/utils"
@@ -78,22 +77,23 @@ func (r *csmThreatsPoliciesListResource) Schema(_ context.Context, _ resource.Sc
 						},
 						"name": schema.StringAttribute{
 							Description: "Name of the policy.",
-							Optional:    true,
+							Required:    true,
 						},
 						"description": schema.StringAttribute{
 							Description: "A description for the policy.",
 							Optional:    true,
+							Computed:    true,
 						},
 						"enabled": schema.BoolAttribute{
 							Description: "Indicates whether the policy is enabled.",
 							Optional:    true,
-							Default:     booldefault.StaticBool(false),
 							Computed:    true,
 						},
 						"tags": schema.SetAttribute{
 							Description: "Host tags that define where the policy is deployed.",
 							Optional:    true,
 							ElementType: types.StringType,
+							Computed:    true,
 						},
 					},
 				},
@@ -242,7 +242,7 @@ func (r *csmThreatsPoliciesListResource) applyBatchPolicies(ctx context.Context,
 
 	// add deleted policies to the batch request
 	for _, policy := range toDelete {
-		policyID := policy.PolicyLabel.ValueString()
+		policyID := policy.ID.ValueString()
 		DeleteTrue := true
 		item := datadogV2.CloudWorkloadSecurityAgentPolicyBatchUpdateAttributesPoliciesItems{
 			Id:     &policyID,
@@ -257,7 +257,7 @@ func (r *csmThreatsPoliciesListResource) applyBatchPolicies(ctx context.Context,
 		name := policy.Name.ValueString()
 		description := policy.Description.ValueString()
 		enabled := policy.Enabled.ValueBool()
-		var tags []string
+		tags := []string{}
 		if !policy.Tags.IsNull() && !policy.Tags.IsUnknown() {
 			for _, tag := range policy.Tags.Elements() {
 				tagStr, ok := tag.(types.String)
@@ -307,6 +307,7 @@ func (r *csmThreatsPoliciesListResource) applyBatchPolicies(ctx context.Context,
 	respMapByName := make(map[string]datadogV2.CloudWorkloadSecurityAgentPolicyAttributes)
 
 	for _, policy := range batchResp.GetData() {
+
 		respID := policy.GetId()
 		respAttr := policy.Attributes
 		if respAttr == nil {
diff --git a/datadog/tests/resource_datadog_csm_threats_policies_list_test.go b/datadog/tests/resource_datadog_csm_threats_policies_list_test.go
@@ -15,48 +15,42 @@ import (
 func TestAccCSMThreatsPoliciesList_CreateAndUpdate(t *testing.T) {
 	_, providers, accProviders := testAccFrameworkMuxProviders(context.Background(), t)
 
-	resourceName := "datadog_csm_threats_policies_list.all"
+	resourceName := "datadog_csm_threats_policies.all_policies"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:                 func() { testAccPreCheck(t) },
 		ProtoV5ProviderFactories: accProviders,
-		CheckDestroy:             testAccCheckCSMThreatsPoliciesListDestroy(providers.frameworkProvider),
+		CheckDestroy:             testAccCheckCSMThreatsPoliciesDestroy(providers.frameworkProvider),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCSMThreatsPoliciesListConfigBasic(),
+				Config: testAccCSMThreatsPoliciesConfig(),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckCSMThreatsPoliciesListExists(providers.frameworkProvider, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "entries.#", "2"),
-					resource.TestCheckResourceAttr(resourceName, "entries.0.name", "TERRAFORM_POLICY1"),
-					resource.TestCheckResourceAttr(resourceName, "entries.0.priority", "2"),
-					resource.TestCheckResourceAttr(resourceName, "entries.1.name", "TERRAFORM_POLICY2"),
-					resource.TestCheckResourceAttr(resourceName, "entries.1.priority", "3"),
+					testAccCheckCSMThreatsPoliciesExists(providers.frameworkProvider, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "policies.0.name", "terraform_policy"),
+					resource.TestCheckResourceAttr(resourceName, "policies.0.enabled", "false"),
 				),
 			},
 			{
-				Config: testAccCSMThreatsPoliciesListConfigUpdate(),
+				Config: testAccCSMThreatsPoliciesConfigUpdate(),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckCSMThreatsPoliciesListExists(providers.frameworkProvider, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "entries.#", "2"),
-					resource.TestCheckResourceAttr(resourceName, "entries.0.name", "TERRAFORM_POLICY1"),
-					resource.TestCheckResourceAttr(resourceName, "entries.0.priority", "2"),
-					resource.TestCheckResourceAttr(resourceName, "entries.1.name", "TERRAFORM_POLICY2 UPDATED"),
-					resource.TestCheckResourceAttr(resourceName, "entries.1.priority", "5"),
+					testAccCheckCSMThreatsPoliciesExists(providers.frameworkProvider, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "policies.0.name", "terraform_policy updated"),
+					resource.TestCheckResourceAttr(resourceName, "policies.0.enabled", "true"),
 				),
 			},
 		},
 	})
 }
 
-func testAccCheckCSMThreatsPoliciesListExists(accProvider *fwprovider.FrameworkProvider, resourceName string) resource.TestCheckFunc {
+func testAccCheckCSMThreatsPoliciesExists(accProvider *fwprovider.FrameworkProvider, resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resourceName]
 		if !ok {
 			return fmt.Errorf("resource '%s' not found in state", resourceName)
 		}
-		if rs.Type != "datadog_csm_threats_policies_list" {
+		if rs.Type != "datadog_csm_threats_policies" {
 			return fmt.Errorf(
-				"resource %s is not a datadog_csm_threats_policies_list, got: %s",
+				"resource %s is not a datadog_csm_threats_policies, got: %s",
 				resourceName,
 				rs.Type,
 			)
@@ -70,85 +64,44 @@ func testAccCheckCSMThreatsPoliciesListExists(accProvider *fwprovider.FrameworkP
 	}
 }
 
-func testAccCheckCSMThreatsPoliciesListDestroy(accProvider *fwprovider.FrameworkProvider) resource.TestCheckFunc {
+func testAccCheckCSMThreatsPoliciesDestroy(accProvider *fwprovider.FrameworkProvider) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		apiInstances := accProvider.DatadogApiInstances
-		auth := accProvider.Auth
-
 		for _, r := range s.RootModule().Resources {
-			if r.Type != "datadog_csm_threats_policies_list" {
+			if r.Type != "datadog_csm_threats_policies" {
 				continue
 			}
 
-			resp, httpResponse, err := apiInstances.GetCSMThreatsApiV2().ListCSMThreatsAgentPolicies(auth)
-			if err != nil {
-				if httpResponse != nil && httpResponse.StatusCode == 404 {
-					return nil
-				}
-				return fmt.Errorf("Received an error while listing the policies: %s", err)
-			}
-
-			if len(resp.GetData()) > 1 { // CWS_DD is always present
-				return fmt.Errorf("Policies list not empty, some policies are still present")
+			if _, ok := s.RootModule().Resources[r.Primary.ID]; ok {
+				return fmt.Errorf("Resource %s still exists in state", r.Primary.ID)
 			}
 		}
 		return nil
 	}
 }
 
-func testAccCSMThreatsPoliciesListConfigBasic() string {
+func testAccCSMThreatsPoliciesConfig() string {
 	return `
-		resource "datadog_csm_threats_policy" "policy1" {
-			description = "created with terraform"
-			enabled     = false
-			tags        = []
-		}
-
-		resource "datadog_csm_threats_policy" "policy2" {
-			description = "created with terraform 2"
-			enabled     = true
-			tags        = ["env:staging"]
-		}
-
-		resource "datadog_csm_threats_policies_list" "all" {
-			entries {
-				policy_id = datadog_csm_threats_policy.policy1.id
-				name      = "TERRAFORM_POLICY1"
-				priority  = 2
-			}
-			entries {
-				policy_id = datadog_csm_threats_policy.policy2.id
-				name      = "TERRAFORM_POLICY2"
-				priority  = 3
+		resource "datadog_csm_threats_policies" "all_policies" {
+			policies {
+				policy_label = "policy1"
+				name         = "terraform_policy"
+				description  = "description"
+				enabled      = false
+				tags         = ["env:staging"]
 			}
 		}
 	`
 }
 
-func testAccCSMThreatsPoliciesListConfigUpdate() string {
+func testAccCSMThreatsPoliciesConfigUpdate() string {
 	return `
-		resource "datadog_csm_threats_policy" "policy1" {
-			description = "created with terraform"
-			enabled     = false
-			tags        = []
-		}
-
-		resource "datadog_csm_threats_policy" "policy2" {
-			description = "created with terraform 2"
-			enabled     = true
-			tags        = ["env:staging"]
-		}
-
-		resource "datadog_csm_threats_policies_list" "all" {
-			entries {
-				policy_id = datadog_csm_threats_policy.policy1.id
-				name      = "TERRAFORM_POLICY1"
-				priority  = 2
-			}
-			entries {
-				policy_id = datadog_csm_threats_policy.policy2.id
-				name      = "TERRAFORM_POLICY2 UPDATED"
-				priority  = 5
+		resource "datadog_csm_threats_policies" "all_policies" {
+			policies {
+				policy_label = "policy"
+				name         = "terraform_policy updated"
+				description  = "new description"
+				enabled      = true
+				tags         = ["foo:bar"]
 			}
 		}
 	`
diff --git a/docs/resources/csm_threats_policies.md b/docs/resources/csm_threats_policies.md
@@ -0,0 +1,42 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "datadog_csm_threats_policies Resource - terraform-provider-datadog"
+subcategory: ""
+description: |-
+  Manages multiple Datadog CSM Threats policies in a single resource.
+---
+
+# datadog_csm_threats_policies (Resource)
+
+Manages multiple Datadog CSM Threats policies in a single resource.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `policies` (Block Set) Set of policy blocks. Each block requires a unique policy_label. (see [below for nested schema](#nestedblock--policies))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--policies"></a>
+### Nested Schema for `policies`
+
+Required:
+
+- `name` (String) Name of the policy.
+- `policy_label` (String) The ID of the policy to manage (from csm_threats_policy).
+
+Optional:
+
+- `description` (String) A description for the policy.
+- `enabled` (Boolean) Indicates whether the policy is enabled.
+- `tags` (Set of String) Host tags that define where the policy is deployed.
+
+Read-Only:
+
+- `id` (String) The Datadog-assigned policy ID.
diff --git a/docs/resources/csm_threats_policies_list.md b/docs/resources/csm_threats_policies_list.md
