From a9d9efbba3f1f65b39a5cda54f7f54cb289a7b56 Mon Sep 17 00:00:00 2001
From: Marc Barlo <marc.barlo@segment.com>
Date: Fri, 22 Jul 2022 15:58:01 -0700
Subject: [PATCH] Add e2e test cases for the quiet policy checks flag

---
 .../events/events_controller_e2e_test.go      | 45 ++++++++++++++++++-
 .../atlantis.yaml                             |  4 ++
 .../exp-output-apply.txt                      | 12 +++++
 .../exp-output-autoplan.txt                   | 23 ++++++++++
 .../exp-output-merge.txt                      |  3 ++
 .../policy-checks-success-silent/main.tf      |  3 ++
 .../policies/policy.rego                      | 28 ++++++++++++
 .../policy-checks-success-silent/repos.yaml   | 12 +++++
 8 files changed, 129 insertions(+), 1 deletion(-)
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/atlantis.yaml
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-apply.txt
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-autoplan.txt
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-merge.txt
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/main.tf
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/policies/policy.rego
 create mode 100644 server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/repos.yaml

diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go
index d3dee486f5..57e5a26352 100644
--- a/server/controllers/events/events_controller_e2e_test.go
+++ b/server/controllers/events/events_controller_e2e_test.go
@@ -653,6 +653,12 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 		ExpAutomerge bool
 		// ExpAutoplan is true if we expect Atlantis to autoplan.
 		ExpAutoplan bool
+		// ExpQuietPolicyChecks is true if we expect Atlantis to exclude policy check output
+		// when there's no error
+		ExpQuietPolicyChecks bool
+		// ExpQuietPolicyCheckFailure is true when we expect Atlantis to post back policy check failures
+		// even when QuietPolicyChecks is enabled
+		ExpQuietPolicyCheckFailure bool
 		// ExpParallel is true if we expect Atlantis to run parallel plans or applies.
 		ExpParallel bool
 		// ExpReplies is a list of files containing the expected replies that
@@ -737,6 +743,38 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 				{"exp-output-merge.txt"},
 			},
 		},
+		{
+			Description:          "successful policy checks with quiet flag enabled",
+			RepoDir:              "policy-checks-success-silent",
+			ModifiedFiles:        []string{"main.tf"},
+			ExpAutoplan:          true,
+			ExpQuietPolicyChecks: true,
+			Comments: []string{
+				"atlantis apply",
+			},
+			ExpReplies: [][]string{
+				{"exp-output-autoplan.txt"},
+				{"exp-output-apply.txt"},
+				{"exp-output-merge.txt"},
+			},
+		},
+		{
+			Description:                "failing policy checks with quiet flag enabled",
+			RepoDir:                    "policy-checks",
+			ModifiedFiles:              []string{"main.tf"},
+			ExpAutoplan:                true,
+			ExpQuietPolicyChecks:       true,
+			ExpQuietPolicyCheckFailure: true,
+			Comments: []string{
+				"atlantis apply",
+			},
+			ExpReplies: [][]string{
+				{"exp-output-autoplan.txt"},
+				{"exp-output-auto-policy-check.txt"},
+				{"exp-output-apply-failed.txt"},
+				{"exp-output-merge.txt"},
+			},
+		},
 	}
 
 	for _, c := range cases {
@@ -746,6 +784,7 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 			// reset userConfig
 			userConfig = server.UserConfig{}
 			userConfig.EnablePolicyChecksFlag = true
+			userConfig.QuietPolicyChecks = c.ExpQuietPolicyChecks
 
 			ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t, c.RepoDir)
 
@@ -805,6 +844,10 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 				expNumReplies++
 			}
 
+			if c.ExpQuietPolicyChecks && !c.ExpQuietPolicyCheckFailure {
+				expNumReplies--
+			}
+
 			_, _, actReplies, _ := vcsClient.VerifyWasCalled(Times(expNumReplies)).CreateComment(AnyRepo(), AnyInt(), AnyString(), AnyString()).GetAllCapturedArguments()
 			Assert(t, len(c.ExpReplies) == len(actReplies), "missing expected replies, got %d but expected %d", len(actReplies), len(c.ExpReplies))
 			for i, expReply := range c.ExpReplies {
@@ -1007,7 +1050,7 @@ func setupE2E(t *testing.T, repoDir string) (events_controllers.VCSEventsControl
 		projectCommandRunner,
 		parallelPoolSize,
 		false,
-		false,
+		userConfig.QuietPolicyChecks,
 	)
 
 	planCommandRunner := events.NewPlanCommandRunner(
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/atlantis.yaml b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/atlantis.yaml
new file mode 100644
index 0000000000..8435733cd2
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/atlantis.yaml
@@ -0,0 +1,4 @@
+version: 3
+projects:
+- dir: .
+  workspace: default
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-apply.txt b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-apply.txt
new file mode 100644
index 0000000000..9de07e2f3d
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-apply.txt
@@ -0,0 +1,12 @@
+Ran Apply for dir: `.` workspace: `default`
+
+```diff
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+workspace = "default"
+
+```
+
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-autoplan.txt b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-autoplan.txt
new file mode 100644
index 0000000000..99281c779d
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-autoplan.txt
@@ -0,0 +1,23 @@
+Ran Plan for dir: `.` workspace: `default`
+
+```diff
+
+Changes to Outputs:
++ workspace = "default"
+
+You can apply this plan to save these new output values to the Terraform
+state, without changing any real infrastructure.
+
+```
+
+* :arrow_forward: To **apply** this plan, comment:
+    * `atlantis apply -d .`
+* :put_litter_in_its_place: To **delete** this plan click [here](lock-url)
+* :repeat: To **plan** this project again, comment:
+    * `atlantis plan -d .`
+
+---
+* :fast_forward: To **apply** all unapplied plans from this pull request, comment:
+    * `atlantis apply`
+* :put_litter_in_its_place: To delete all plans and locks for the PR, comment:
+    * `atlantis unlock`
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-merge.txt b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-merge.txt
new file mode 100644
index 0000000000..872c5ee40c
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/exp-output-merge.txt
@@ -0,0 +1,3 @@
+Locks and plans deleted for the projects and workspaces modified in this pull request:
+
+- dir: `.` workspace: `default`
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/main.tf b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/main.tf
new file mode 100644
index 0000000000..23701278b9
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/main.tf
@@ -0,0 +1,3 @@
+output "workspace" {
+  value = terraform.workspace
+}
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/policies/policy.rego b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/policies/policy.rego
new file mode 100644
index 0000000000..126c2e4591
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/policies/policy.rego
@@ -0,0 +1,28 @@
+package main
+
+import input as tfplan
+
+deny[reason] {
+	num_deletes.null_resource > 0
+	reason := "WARNING: Null Resource creation is prohibited."
+}
+
+resource_types = {"null_resource"}
+
+resources[resource_type] = all {
+	some resource_type
+	resource_types[resource_type]
+	all := [name |
+		name := tfplan.resource_changes[_]
+		name.type == resource_type
+	]
+}
+
+# number of deletions of resources of a given type
+num_deletes[resource_type] = num {
+	some resource_type
+	resource_types[resource_type]
+	all := resources[resource_type]
+	deletions := [res | res := all[_]; res.change.actions[_] == "create"]
+	num := count(deletions)
+}
diff --git a/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/repos.yaml b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/repos.yaml
new file mode 100644
index 0000000000..32434be4e3
--- /dev/null
+++ b/server/controllers/events/testfixtures/test-repos/policy-checks-success-silent/repos.yaml
@@ -0,0 +1,12 @@
+repos:
+- id: /.*/
+  apply_requirements: [approved]
+policies:
+  owners:
+    users:
+      - runatlantis
+  policy_sets:
+    - name: test_policy
+      path: policies/policy.rego
+      source: local
+