Does anyone have an example of a test suite yaml file where more than 1 resource is being tested with each principal? I have something like this right now, and the test results are not what I'm expecting. Specifically I am getting a test result for

michelle x account_d6455851-3f86-48d8-b102-8d996eb92645

which I didn't think I was testing yet

---
name: AccountTestSuite 
description: Tests for verifying the account resource policy 
options:
  now: "2022-08-02T15:00:00Z" 
tests: 
  - name: Accessing an album 
    options:
      now: "2022-08-03T15:00:00Z" 
    input: 
      principals: 
        - michelle
        - elaine
      resources: 
        - account_1
        - account_053a1a75-acc5-4cd8-9206-a194335d2afa
        - account_d6455851-3f86-48d8-b102-8d996eb92645
      actions: 
        - view
        - edit
    expected: 
      - principal: michelle 
        resource: account_1
        actions: 
          view: EFFECT_ALLOW
          edit: EFFECT_ALLOW
      - principal: michelle
        resource: account_053a1a75-acc5-4cd8-9206-a194335d2afa
        actions:
          view: EFFECT_ALLOW
          edit: EFFECT_ALLOW
      - principal: elaine
        resource: account_1
        actions: 
          view: EFFECT_DENY
          edit: EFFECT_DENY
      - principal: elaine
        resource: account_d6455851-3f86-48d8-b102-8d996eb92645
        actions:
          view: EFFECT_DENY
          edit: EFFECT_DENY

Specifically I am getting a test result for

michelle x account_d6455851-3f86-48d8-b102-8d996eb92645

This combination is tested by an implicit test. The test framework tests each combination of principals, resources and actions. The default outcome expectation is

EFFECT_DENY

. The

expected

section can be used to specify the outcome (if it is different from the default).

ah got it, that's helpful, thanks!

It has to be an entry per principal+resource combination as in your first example

cool 👍