test hardcoded authentication_strength_policy

hashicorp · Dec 19, 2024 · ec84335 · ec84335
1 parent eed0cc5
commit ec84335
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/internal/services/conditionalaccess/conditional_access_policy_resource_test.go b/internal/services/conditionalaccess/conditional_access_policy_resource_test.go
@@ -297,6 +297,24 @@ func TestAccConditionalAccessPolicy_authenticationStrength(t *testing.T) {
 	})
 }
 
+func TestAccConditionalAccessPolicy_authenticationStrengthHardcoded(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azuread_conditional_access_policy", "test")
+	r := ConditionalAccessPolicyResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.authenticationStrengthPolicyHardcoded(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("id").Exists(),
+				check.That(data.ResourceName).Key("display_name").HasValue(fmt.Sprintf("acctest-CONPOLICY-%d", data.RandomInteger)),
+				check.That(data.ResourceName).Key("grant_controls.0.authentication_strength_policy_id").HasValue("/policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000004"),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func TestAccConditionalAccessPolicy_guestsOrExternalUsers(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azuread_conditional_access_policy", "test")
 	r := ConditionalAccessPolicyResource{}
@@ -789,6 +807,36 @@ resource "azuread_conditional_access_policy" "test" {
 `, data.RandomInteger)
 }
 
+func (ConditionalAccessPolicyResource) authenticationStrengthPolicyHardcoded(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azuread" {}
+
+resource "azuread_conditional_access_policy" "test" {
+  display_name = "acctest-CONPOLICY-%[1]d"
+  state        = "disabled"
+
+  conditions {
+    client_app_types = ["browser"]
+
+    applications {
+      included_applications = ["None"]
+    }
+
+    users {
+      included_users = ["All"]
+      excluded_users = ["GuestsOrExternalUsers"]
+    }
+  }
+
+  # Hard-code the Phishing resistant MFA policy
+  grant_controls {
+    operator                          = "OR"
+    authentication_strength_policy_id = "/policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000004"
+  }
+}
+`, data.RandomInteger)
+}
+
 func (ConditionalAccessPolicyResource) guestsOrExternalUsersAllServiceProvidersIncluded(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 resource "azuread_conditional_access_policy" "test" {