diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 90adebe6..c629eab0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -12,8 +12,10 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 + - name: Self-hosted Renovate - uses: renovatebot/github-action@v41.0.0 + uses: renovatebot/github-action@v46.1.4 with: configurationFile: .github/renovate.json - token: ${{ secrets.RENOVATE_TOKEN }} + # token: ${{ secrets.RENOVATE_TOKEN }} + token: ${{ env.FORGEJO_TOKEN }} diff --git a/.golang-ci.yaml b/.golang-ci.yaml index a9fa6be5..7f429da2 100644 --- a/.golang-ci.yaml +++ b/.golang-ci.yaml @@ -31,10 +31,10 @@ linters: main: list-mode: lax allow: - - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview - github.com/hashicorp/terraform-plugin-framework - github.com/hashicorp/terraform-plugin-log - github.com/stackitcloud/stackit-sdk-go + - tf-provider.git.onstackit.cloud/stackit-dev-tools/terraform-provider-stackitprivatepreview deny: - pkg: github.com/stretchr/testify desc: Do not use a testing framework @@ -76,6 +76,7 @@ linters: exclusions: paths: - generator/ + - internal/testutils generated: lax warn-unused: true # Excluding configuration per-path, per-linter, per-text and per-source. @@ -86,7 +87,7 @@ linters: - gochecknoinits formatters: enable: - #- gofmt + - gofmt - goimports settings: goimports: diff --git a/internal/testutils/functions.go b/internal/testutils/functions.go index 5b8f2970..f797259a 100644 --- a/internal/testutils/functions.go +++ b/internal/testutils/functions.go @@ -53,7 +53,7 @@ func CreateTemporaryHome(createValidCredentialsFile bool, t *testing.T) string { // Define content, default = invalid token token := "foo_token" - //if createValidCredentialsFile { + // if createValidCredentialsFile { // token = GetTestProjectServiceAccountJson("") //} if _, err = file.WriteString(token); err != nil { diff --git a/internal/testutils/testutils.go b/internal/testutils/testutils.go index 142efe13..cfe400cd 100644 --- a/internal/testutils/testutils.go +++ b/internal/testutils/testutils.go @@ -99,7 +99,7 @@ func ResourceNameWithDateTime(name string) string { return fmt.Sprintf("tf-acc-%s-%s", name, dateTimeTrimmed) } -//func GetTestProjectServiceAccountJson(path string) string { +// func GetTestProjectServiceAccountJson(path string) string { // var err error // json, ok := os.LookupEnv("TF_ACC_SERVICE_ACCOUNT_JSON_CONTENT") // if !ok || json == "" { @@ -153,7 +153,7 @@ func ResourceNameWithDateTime(name string) string { // return credentials.TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_TOKEN, nil //} -//func readTestServiceAccountJsonFromFile(path string) (string, error) { +// func readTestServiceAccountJsonFromFile(path string) (string, error) { // if path == "" { // customPath, ok := os.LookupEnv("TF_ACC_SERVICE_ACCOUNT_FILE") // if !ok || customPath == "" { diff --git a/stackit/internal/services/postgresflexalpha/postgresflex_acc_test.go b/stackit/internal/services/postgresflexalpha/postgresflex_acc_test.go index b5707376..0afc46ad 100644 --- a/stackit/internal/services/postgresflexalpha/postgresflex_acc_test.go +++ b/stackit/internal/services/postgresflexalpha/postgresflex_acc_test.go @@ -7,14 +7,20 @@ import ( "log" "math" "os" + "regexp" "strconv" "strings" "testing" "time" + "github.com/hashicorp/terraform-plugin-testing/compare" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/plancheck" + "github.com/hashicorp/terraform-plugin-testing/statecheck" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" "github.com/stackitcloud/stackit-sdk-go/core/config" "github.com/stackitcloud/stackit-sdk-go/core/utils" "github.com/stackitcloud/stackit-sdk-go/services/postgresflex/v3alpha1api" @@ -30,7 +36,12 @@ import ( fwresource "github.com/hashicorp/terraform-plugin-framework/resource" ) -const pfx = "stackitprivatepreview_postgresflexalpha" +const ( + pfx = "stackitprivatepreview_postgresflexalpha" + + singleFlavorID = "2.4" + replicasFlavorID = "2.4-replica" +) func TestInstanceResourceSchema(t *testing.T) { // t.Parallel() @@ -83,7 +94,7 @@ type resData struct { PerformanceClass string Replicas uint32 Size uint32 - ACLString string + ACLStrings []string AccessScope string RetentionDays uint32 Version string @@ -111,14 +122,14 @@ func getExample() resData { ProjectID: os.Getenv("TF_ACC_PROJECT_ID"), Name: name, TfName: name, - FlavorID: "2.4", + FlavorID: singleFlavorID, BackupSchedule: "0 0 * * *", UseEncryption: false, RetentionDays: 33, Replicas: 1, PerformanceClass: "premium-perf2-stackit", Size: 10, - ACLString: "0.0.0.0/0", + ACLStrings: []string{"0.0.0.0/0"}, AccessScope: "PUBLIC", Version: "17", } @@ -137,11 +148,12 @@ func TestAccInstance(t *testing.T) { // api should complain about more than one daily backup updBackupSched.BackupSchedule = "30 3 * * *" + updNetACL := updBackupSched + updNetACL.ACLStrings = append(updNetACL.ACLStrings, "192.168.0.0/24") + /* { - "backupSchedule": "6 6 * * *", "flavorId": "1.2", - "name": "postgres-instance", "network": { "acl": [ "198.51.100.0/24" @@ -158,6 +170,8 @@ func TestAccInstance(t *testing.T) { testItemID := testutils.ResStr(pfx, "instance", exData.TfName) + compareValuesSame := statecheck.CompareValue(compare.ValuesSame()) + resource.ParallelTest( t, resource.TestCase{ PreCheck: func() { @@ -176,61 +190,66 @@ func TestAccInstance(t *testing.T) { "testdata/instance_template.gompl", exData, ), - Check: resource.ComposeAggregateTestCheckFunc( - // check params acl count - resource.TestCheckResourceAttr(testItemID, "acl.#", "1"), - - // check params are set - resource.TestCheckResourceAttrSet(testItemID, "backup_schedule"), - - //// connection_info should contain 1 sub entry - // resource.TestCheckResourceAttr(testItemID, "connection_info.%", "1"), - // - //// connection_info.write should contain 2 sub entries - // resource.TestCheckResourceAttr(testItemID, "connection_info.write", "2"), - // - // resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.host"), - // resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.port"), - - resource.TestCheckResourceAttrSet(testItemID, "flavor_id"), - resource.TestCheckResourceAttrSet(testItemID, "id"), - resource.TestCheckResourceAttrSet(testItemID, "instance_id"), - resource.TestCheckResourceAttrSet(testItemID, "is_deletable"), - resource.TestCheckResourceAttrSet(testItemID, "name"), - - // network should contain 4 sub entries - resource.TestCheckResourceAttr(testItemID, "network.%", "4"), - - resource.TestCheckResourceAttrSet(testItemID, "network.access_scope"), - - // on unencrypted instances we expect this to be empty - resource.TestCheckResourceAttr(testItemID, "network.instance_address", ""), - resource.TestCheckResourceAttr(testItemID, "network.router_address", ""), - - // only one acl entry should be set - resource.TestCheckResourceAttr(testItemID, "network.acl.#", "1"), - - resource.TestCheckResourceAttrSet(testItemID, "replicas"), - resource.TestCheckResourceAttrSet(testItemID, "retention_days"), - resource.TestCheckResourceAttrSet(testItemID, "status"), - - // storage should contain 2 sub entries - resource.TestCheckResourceAttr(testItemID, "storage.%", "2"), - - resource.TestCheckResourceAttrSet(testItemID, "storage.performance_class"), - resource.TestCheckResourceAttrSet(testItemID, "storage.size"), - resource.TestCheckResourceAttrSet(testItemID, "version"), - - // check absent attr - resource.TestCheckNoResourceAttr(testItemID, "encryption"), - resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_id"), - resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_ring_id"), - resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_version"), - resource.TestCheckNoResourceAttr(testItemID, "encryption.service_account"), - - // check param values - resource.TestCheckResourceAttr(testItemID, "name", exData.Name), + ConfigStateChecks: []statecheck.StateCheck{ + compareValuesSame.AddStateValue( + testItemID, + tfjsonpath.New("id"), + ), + statecheck.ExpectKnownValue( + testItemID, + tfjsonpath.New("is_deletable"), + knownvalue.Bool(true), + ), + statecheck.ExpectKnownValue( + testItemID, + tfjsonpath.New("connection_info"), + knownvalue.MapExact(map[string]knownvalue.Check{ + "write": knownvalue.MapExact(map[string]knownvalue.Check{ + "host": knownvalue.StringRegexp(regexp.MustCompile("[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}.postgresql.[a-z0-9]+.onstackit.cloud")), + "port": knownvalue.Int32Func(func(v int32) error { + if v < 0 { + return fmt.Errorf("value is negative") + } + if v <= 1024 { + return fmt.Errorf("value uses protected port range") + } + return nil + }), + }), + }), + ), + }, + Check: defaultNoEncInstanceTestChecks(testItemID, exData), + }, + // Second apply should not have changes + { + //PreConfig: func() { + // // + // }, + Config: testutils.StringFromTemplateMust( + "testdata/instance_template.gompl", + exData, ), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + plancheck.ExpectEmptyPlan(), + }, + }, + ConfigStateChecks: []statecheck.StateCheck{ + compareValuesSame.AddStateValue( + testItemID, + tfjsonpath.New("id"), + ), + statecheck.ExpectKnownValue( + testItemID, + tfjsonpath.New("is_deletable"), + knownvalue.Bool(true), + ), + }, + }, + // Refresh state test + { + RefreshState: true, }, // Update name and verify { @@ -240,11 +259,16 @@ func TestAccInstance(t *testing.T) { ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", exData.TfName), + testItemID, "name", updNameData.Name, ), ), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + plancheck.ExpectNonEmptyPlan(), + }, + }, }, // Update size and verify { @@ -254,10 +278,12 @@ func TestAccInstance(t *testing.T) { ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", exData.TfName), + testItemID, "storage.size", strconv.Itoa(int(updSizeData.Size)), ), + // network should contain 4 sub entries + resource.TestCheckResourceAttr(testItemID, "network.acl.#", "1"), ), }, // Update backup schedule @@ -268,18 +294,72 @@ func TestAccInstance(t *testing.T) { ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", exData.TfName), + testItemID, "backup_schedule", updBackupSched.BackupSchedule, ), + // network should contain 4 sub entries + resource.TestCheckResourceAttr(testItemID, "network.acl.#", "1"), ), }, - //// Import test - //{ - // ResourceName: "example_resource.test", - // ImportState: true, - // ImportStateVerify: true, - // }, + // Update network ACL + { + Config: testutils.StringFromTemplateMust( + "testdata/instance_template.gompl", + updNetACL, + ), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + testItemID, + "backup_schedule", + updBackupSched.BackupSchedule, + ), + // network should contain 4 sub entries + resource.TestCheckResourceAttr(testItemID, "network.acl.#", "2"), + ), + }, + // Import test + /* + { + ImportState: true, + ImportStateKind: resource.ImportBlockWithResourceIdentity, + ResourceName: testItemID, + }, + { + ImportState: true, + ImportStateKind: resource.ImportCommandWithID, + ResourceName: testItemID, + }, + */ + }, + }, + ) +} + +func TestAccInstanceHA(t *testing.T) { + data := getExample() + data.FlavorID = replicasFlavorID + data.Replicas = 3 + + testItemID := testutils.ResStr(pfx, "instance", data.TfName) + + resource.ParallelTest( + t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + t.Logf(" ... working on instance %s", data.TfName) + }, + CheckDestroy: testAccCheckPostgresFlexDestroy, + ProtoV6ProviderFactories: testutils.TestAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + // Create and verify + { + Config: testutils.StringFromTemplateMust( + "testdata/instance_template.gompl", + data, + ), + Check: defaultNoEncInstanceTestChecks(testItemID, data), + }, }, }, ) @@ -297,6 +377,10 @@ func TestAccInstanceWithUsers(t *testing.T) { }, } + testItemID := testutils.ResStr(pfx, "instance", data.TfName) + // TODO : implement check multiple users + testUserItemID := testutils.ResStr(pfx, "user", userName) + resource.ParallelTest( t, resource.TestCase{ PreCheck: func() { @@ -313,14 +397,11 @@ func TestAccInstanceWithUsers(t *testing.T) { data, ), Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", data.TfName), - "name", - data.Name, - ), - resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "instance", data.TfName), "id"), - resource.TestCheckResourceAttr(testutils.ResStr(pfx, "user", userName), "name", userName), - resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "user", userName), "id"), + defaultNoEncInstanceTestChecks(testItemID, data), + + resource.TestCheckResourceAttr(testUserItemID, "name", userName), + resource.TestCheckResourceAttrSet(testUserItemID, "id"), + resource.TestCheckResourceAttr(testUserItemID, "roles.#", "1"), ), }, }, @@ -349,6 +430,7 @@ func TestAccInstanceWithDatabases(t *testing.T) { }, } + testItemID := testutils.ResStr(pfx, "instance", data.TfName) resource.ParallelTest( t, resource.TestCase{ PreCheck: func() { @@ -365,12 +447,8 @@ func TestAccInstanceWithDatabases(t *testing.T) { data, ), Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", data.TfName), - "name", - data.Name, - ), - resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "instance", data.TfName), "id"), + defaultNoEncInstanceTestChecks(testItemID, data), + resource.TestCheckResourceAttr(testutils.ResStr(pfx, "user", userName), "name", userName), resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "user", userName), "id"), resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "name", dbName), @@ -436,6 +514,7 @@ func TestAccEncryptedInstanceWithDatabases(t *testing.T) { }, } + testItemID := testutils.ResStr(pfx, "instance", data.TfName) resource.ParallelTest( t, resource.TestCase{ PreCheck: func() { @@ -452,12 +531,8 @@ func TestAccEncryptedInstanceWithDatabases(t *testing.T) { data, ), Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttr( - testutils.ResStr(pfx, "instance", data.TfName), - "name", - data.Name, - ), - resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "instance", data.TfName), "id"), + defaultEncInstanceTestChecks(testItemID, data), + resource.TestCheckResourceAttr(testutils.ResStr(pfx, "user", userName), "name", userName), resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "user", userName), "id"), resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "name", dbName), @@ -470,659 +545,6 @@ func TestAccEncryptedInstanceWithDatabases(t *testing.T) { ) } -// func setupMockServer() *httptest.Server { -// mux := http.NewServeMux() -// -// mux.HandleFunc("/api/resources", func(w http.ResponseWriter, r *http.Request) { -// switch r.Method { -// case http.MethodPost: -// w.WriteHeader(http.StatusCreated) -// err := json.NewEncoder(w).Encode(map[string]string{ -// "id": "mock-id-123", -// "name": "test-resource", -// }) -// if err != nil { -// log.Fatalln(err) -// } -// case http.MethodGet: -// w.WriteHeader(http.StatusOK) -// err := json.NewEncoder(w).Encode([]map[string]string{}) -// if err != nil { -// log.Fatalln(err) -// } -// } -// }) -// -// return httptest.NewServer(mux) -//} -// -// func TestUnitResourceCreate(t *testing.T) { -// server := setupMockServer() -// defer server.Close() -// -// // Configure provider to use mock server URL -// err := os.Setenv("API_ENDPOINT", server.URL) -// if err != nil { -// log.Fatalln(err) -// } -// -// // Run unit tests against mock -//} - -// func TestNewInstanceResource(t *testing.T) { -// exData := resData{ -// Region: "eu01", -// ServiceAccountFilePath: sa_file, -// ProjectID: project_id, -// Name: "testRes", -// } -// resource.ParallelTest(t, resource.TestCase{ -// ProtoV6ProviderFactories: testutils.TestAccProtoV6ProviderFactories, -// Steps: []resource.TestStep{ -// { -// Config: testAccResourceEncryptionExampleConfig(exData), -// Check: resource.ComposeAggregateTestCheckFunc( -// resource.TestCheckResourceAttr("example_resource.test", "name", exData.Name), -// resource.TestCheckResourceAttrSet("example_resource.test", "id"), -// ), -// }, -// }, -// }) -// -// //tests := []struct { -// // name string -// // want resource.Resource -// //}{ -// // { -// // name: "create empty instance resource", -// // want: &instanceResource{}, -// // }, -// //} -// //for _, tt := range tests { -// // t.Run(tt.name, func(t *testing.T) { -// // if got := NewInstanceResource(); !reflect.DeepEqual(got, tt.want) { -// // t.Errorf("NewInstanceResource() = %v, want %v", got, tt.want) -// // } -// // }) -// //} -//} - -//// Instance resource data -// var instanceResource = map[string]string{ -// "project_id": testutils.ProjectId, -// "region": "eu01", -// "name": fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(7, acctest.CharSetAlphaNum)), -// "acl": "192.168.0.0/16", -// "backup_schedule": "00 16 * * *", -// "backup_schedule_updated": "00 12 * * *", -// "retention_days": "33", -// "flavor_cpu": "2", -// "flavor_ram": "4", -// "flavor_description": "Small, Compute optimized", -// "replicas": "1", -// "storage_class": "premium-perf12-stackit", -// "storage_size": "5", -// "version": "14", -// "flavor_id": "2.4", -// "kek_key_id": "UUID1", -// "kek_key_ring_id": "UUID2", -// "kek_key_version": "1", -// "service_account": "service@account.com", -// "access_scope": "SNA", -//} -// -//// User resource data -// var userResource = map[string]string{ -// "username": fmt.Sprintf("tfaccuser%s", acctest.RandStringFromCharSet(4, acctest.CharSetAlpha)), -// "role": "createdb", -// "project_id": testutils.ProjectId, -//} -// -//// Database resource data -// var databaseResource = map[string]string{ -// "name": fmt.Sprintf("tfaccdb%s", acctest.RandStringFromCharSet(4, acctest.CharSetAlphaNum)), -// "project_id": testutils.ProjectId, -//} -// -// func configResources(backupSchedule string, _ *string) string { -// return fmt.Sprintf( -// ` -// %s -// -// -// resource "stackitprivatepreview_postgresflexalpha_instance" "instance" { -// project_id = "%s" -// region = "%s" -// name = "%s" -// backup_schedule = "%s" -// retention_days = %s -// flavor_id = %s -// replicas = %s -// storage = { -// performance_class = "%s" -// size = %s -// } -// encryption = { -// kek_key_id = "%s" -// kek_key_ring_id = "%s" -// kek_key_version = "%s" -// service_account = "%s" -// } -// network = { -// acl = ["%s"] -// access_scope = "%s" -// } -// version = %s -// } -// -// resource "stackitprivatepreview_postgresflexalpha_user" "user" { -// project_id = "%s" -// instance_id = stackitprivatepreview_postgresflexalpha_instance.instance.instance_id -// username = "%s" -// roles = ["%s"] -// } -// -// resource "stackitprivatepreview_postgresflexalpha_database" "database" { -// project_id = "%s" -// instance_id = stackitprivatepreview_postgresflexalpha_instance.instance.instance_id -// name = "%s" -// owner = stackitprivatepreview_postgresflexalpha_user.user.username -// } -// `, -// testutils.PostgresFlexProviderConfig( -// utils.GetEnvOrDefault("TF_ACC_TEST_PROJECT_SERVICE_ACCOUNT_FILE", "~/service-account.json"), -// ), -// instanceResource["project_id"], -// instanceResource["region"], -// instanceResource["name"], -// backupSchedule, -// instanceResource["retention_days"], -// instanceResource["flavor_id"], -// instanceResource["replicas"], -// instanceResource["storage_class"], -// instanceResource["storage_size"], -// instanceResource["kek_key_id"], -// instanceResource["kek_key_ring_id"], -// instanceResource["kek_key_version"], -// instanceResource["service_account"], -// instanceResource["acl"], -// instanceResource["access_scope"], -// instanceResource["version"], -// -// userResource["project_id"], -// userResource["username"], -// userResource["role"], -// -// databaseResource["project_id"], -// databaseResource["name"], -// ) -//} -// -// func TestAccPostgresFlexFlexResource(t *testing.T) { -// resource.ParallelTest( -// t, resource.TestCase{ -// ProtoV6ProviderFactories: testutils.TestAccProtoV6ProviderFactories, -// CheckDestroy: testAccCheckPostgresFlexDestroy, -// Steps: []resource.TestStep{ -// // Creation -// { -// // testdata/ -// // ConfigDirectory: config.TestNameDirectory(), -// -// // testdata// -// // ConfigDirectory: config.TestStepDirectory(), -// Config: configResources(instanceResource["backup_schedule"], &testutils.Region), -// Check: resource.ComposeAggregateTestCheckFunc( -// // Instance -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "project_id", -// instanceResource["project_id"], -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "instance_id", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "name", -// instanceResource["name"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.#", -// "1", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.0", -// instanceResource["acl"], -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.id", -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.description", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "backup_schedule", -// instanceResource["backup_schedule"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.cpu", -// instanceResource["flavor_cpu"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.ram", -// instanceResource["flavor_ram"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "replicas", -// instanceResource["replicas"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "storage.class", -// instanceResource["storage_class"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "storage.size", -// instanceResource["storage_size"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "version", -// instanceResource["version"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "region", -// testutils.Region, -// ), -// -// // User -// resource.TestCheckResourceAttrPair( -// "stackitprivatepreview_postgresflexalpha_user.user", "project_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "project_id", -// ), -// resource.TestCheckResourceAttrPair( -// "stackitprivatepreview_postgresflexalpha_user.user", "instance_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "instance_id", -// ), -// resource.TestCheckResourceAttrSet("stackitprivatepreview_postgresflexalpha_user.user", "user_id"), -// resource.TestCheckResourceAttrSet("stackitprivatepreview_postgresflexalpha_user.user", "password"), -// -// // Database -// resource.TestCheckResourceAttrPair( -// "stackitprivatepreview_postgresflexalpha_database.database", "project_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "project_id", -// ), -// resource.TestCheckResourceAttrPair( -// "stackitprivatepreview_postgresflexalpha_database.database", "instance_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "instance_id", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_database.database", -// "name", -// databaseResource["name"], -// ), -// resource.TestCheckResourceAttrPair( -// "stackitprivatepreview_postgresflexalpha_database.database", "owner", -// "stackitprivatepreview_postgresflexalpha_user.user", "username", -// ), -// ), -// }, -// // data source -// { -// Config: fmt.Sprintf( -// ` -// %s -// -// data "stackitprivatepreview_postgresflexalpha_instance" "instance" { -// project_id = stackitprivatepreview_postgresflexalpha_instance.instance.project_id -// instance_id = stackitprivatepreview_postgresflexalpha_instance.instance.instance_id -// } -// -// data "stackitprivatepreview_postgresflexalpha_user" "user" { -// project_id = stackitprivatepreview_postgresflexalpha_instance.instance.project_id -// instance_id = stackitprivatepreview_postgresflexalpha_instance.instance.instance_id -// user_id = stackitprivatepreview_postgresflexalpha_user.user.user_id -// } -// -// data "stackitprivatepreview_postgresflexalpha_database" "database" { -// project_id = stackitprivatepreview_postgresflexalpha_instance.instance.project_id -// instance_id = stackitprivatepreview_postgresflexalpha_instance.instance.instance_id -// database_id = stackitprivatepreview_postgresflexalpha_database.database.database_id -// } -// `, -// configResources(instanceResource["backup_schedule"], nil), -// ), -// Check: resource.ComposeAggregateTestCheckFunc( -// // Instance data -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "project_id", -// instanceResource["project_id"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "name", -// instanceResource["name"], -// ), -// resource.TestCheckResourceAttrPair( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", "project_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "project_id", -// ), -// resource.TestCheckResourceAttrPair( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", "instance_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", "instance_id", -// ), -// resource.TestCheckResourceAttrPair( -// "data.stackitprivatepreview_postgresflexalpha_user.user", "instance_id", -// "stackitprivatepreview_postgresflexalpha_user.user", "instance_id", -// ), -// -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.#", -// "1", -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.0", -// instanceResource["acl"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "backup_schedule", -// instanceResource["backup_schedule"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.id", -// instanceResource["flavor_id"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.description", -// instanceResource["flavor_description"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.cpu", -// instanceResource["flavor_cpu"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.ram", -// instanceResource["flavor_ram"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_instance.instance", -// "replicas", -// instanceResource["replicas"], -// ), -// -// // User data -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "project_id", -// userResource["project_id"], -// ), -// resource.TestCheckResourceAttrSet( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "user_id", -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "username", -// userResource["username"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "roles.#", -// "1", -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "roles.0", -// userResource["role"], -// ), -// resource.TestCheckResourceAttrSet( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "host", -// ), -// resource.TestCheckResourceAttrSet( -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "port", -// ), -// -// // Database data -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_database.database", -// "project_id", -// instanceResource["project_id"], -// ), -// resource.TestCheckResourceAttr( -// "data.stackitprivatepreview_postgresflexalpha_database.database", -// "name", -// databaseResource["name"], -// ), -// resource.TestCheckResourceAttrPair( -// "data.stackitprivatepreview_postgresflexalpha_database.database", -// "instance_id", -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "instance_id", -// ), -// resource.TestCheckResourceAttrPair( -// "data.stackitprivatepreview_postgresflexalpha_database.database", -// "owner", -// "data.stackitprivatepreview_postgresflexalpha_user.user", -// "username", -// ), -// ), -// }, -// // Import -// { -// ResourceName: "stackitprivatepreview_postgresflexalpha_instance.instance", -// ImportStateIdFunc: func(s *terraform.State) (string, error) { -// r, ok := s.RootModule().Resources["stackitprivatepreview_postgresflexalpha_instance.instance"] -// if !ok { -// return "", fmt.Errorf("couldn't find resource stackitprivatepreview_postgresflexalpha_instance.instance") -// } -// instanceId, ok := r.Primary.Attributes["instance_id"] -// if !ok { -// return "", fmt.Errorf("couldn't find attribute instance_id") -// } -// -// return fmt.Sprintf("%s,%s,%s", testutils.ProjectId, testutils.Region, instanceId), nil -// }, -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"password"}, -// }, -// { -// ResourceName: "stackitprivatepreview_postgresflexalpha_user.user", -// ImportStateIdFunc: func(s *terraform.State) (string, error) { -// r, ok := s.RootModule().Resources["stackitprivatepreview_postgresflexalpha_user.user"] -// if !ok { -// return "", fmt.Errorf("couldn't find resource stackitprivatepreview_postgresflexalpha_user.user") -// } -// instanceId, ok := r.Primary.Attributes["instance_id"] -// if !ok { -// return "", fmt.Errorf("couldn't find attribute instance_id") -// } -// userId, ok := r.Primary.Attributes["user_id"] -// if !ok { -// return "", fmt.Errorf("couldn't find attribute user_id") -// } -// -// return fmt.Sprintf("%s,%s,%s,%s", testutils.ProjectId, testutils.Region, instanceId, userId), nil -// }, -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"password", "uri"}, -// }, -// { -// ResourceName: "stackitprivatepreview_postgresflexalpha_database.database", -// ImportStateIdFunc: func(s *terraform.State) (string, error) { -// r, ok := s.RootModule().Resources["stackitprivatepreview_postgresflexalpha_database.database"] -// if !ok { -// return "", fmt.Errorf("couldn't find resource stackitprivatepreview_postgresflexalpha_database.database") -// } -// instanceId, ok := r.Primary.Attributes["instance_id"] -// if !ok { -// return "", fmt.Errorf("couldn't find attribute instance_id") -// } -// databaseId, ok := r.Primary.Attributes["database_id"] -// if !ok { -// return "", fmt.Errorf("couldn't find attribute database_id") -// } -// -// return fmt.Sprintf( -// "%s,%s,%s,%s", -// testutils.ProjectId, -// testutils.Region, -// instanceId, -// databaseId, -// ), nil -// }, -// ImportState: true, -// ImportStateVerify: true, -// }, -// // Update -// { -// Config: configResources(instanceResource["backup_schedule_updated"], nil), -// Check: resource.ComposeAggregateTestCheckFunc( -// // Instance data -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "project_id", -// instanceResource["project_id"], -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "instance_id", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "name", -// instanceResource["name"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.#", -// "1", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "acl.0", -// instanceResource["acl"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "backup_schedule", -// instanceResource["backup_schedule_updated"], -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.id", -// ), -// resource.TestCheckResourceAttrSet( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.description", -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.cpu", -// instanceResource["flavor_cpu"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "flavor.ram", -// instanceResource["flavor_ram"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "replicas", -// instanceResource["replicas"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "storage.class", -// instanceResource["storage_class"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "storage.size", -// instanceResource["storage_size"], -// ), -// resource.TestCheckResourceAttr( -// "stackitprivatepreview_postgresflexalpha_instance.instance", -// "version", -// instanceResource["version"], -// ), -// ), -// }, -// // Deletion is done by the framework implicitly -// }, -// }, -// ) -//} -// -// func testAccCheckPostgresFlexDestroy(s *terraform.State) error { -// ctx := context.Background() -// var client *postgresflex.APIClient -// var err error -// if testutils.PostgresFlexCustomEndpoint == "" { -// client, err = postgresflex.NewAPIClient() -// } else { -// client, err = postgresflex.NewAPIClient( -// config.WithEndpoint(testutils.PostgresFlexCustomEndpoint), -// ) -// } -// if err != nil { -// return fmt.Errorf("creating client: %w", err) -// } -// -// instancesToDestroy := []string{} -// for _, rs := range s.RootModule().Resources { -// if rs.Type != "stackitprivatepreview_postgresflexalpha_instance" { -// continue -// } -// // instance terraform ID: = "[project_id],[region],[instance_id]" -// instanceId := strings.Split(rs.Primary.ID, core.Separator)[2] -// instancesToDestroy = append(instancesToDestroy, instanceId) -// } -// -// instancesResp, err := client.ListInstancesRequest(ctx, testutils.ProjectId, testutils.Region).Execute() -// if err != nil { -// return fmt.Errorf("getting instancesResp: %w", err) -// } -// -// items := *instancesResp.Instances -// for i := range items { -// if items[i].Id == nil { -// continue -// } -// if utils.Contains(instancesToDestroy, *items[i].Id) { -// // TODO @mhenselin - does force still exist? -// err := client.DeleteInstanceRequestExecute(ctx, testutils.ProjectId, testutils.Region, *items[i].Id) -// if err != nil { -// return fmt.Errorf("deleting instance %s during CheckDestroy: %w", *items[i].Id, err) -// } -// } -// } -// return nil -//} - func testAccCheckPostgresFlexDestroy(s *terraform.State) error { testutils.Setup() @@ -1206,3 +628,100 @@ func testAccCheckPostgresFlexDestroy(s *terraform.State) error { } return nil } + +func defaultNoEncInstanceTestChecks(testItemID string, data resData) resource.TestCheckFunc { + return resource.ComposeAggregateTestCheckFunc( + defaultInstanceTestChecks(testItemID, data), + + // on unencrypted instances we expect this to be empty + resource.TestCheckResourceAttr(testItemID, "network.instance_address", ""), + resource.TestCheckResourceAttr(testItemID, "network.router_address", ""), + + // check absent attr + resource.TestCheckNoResourceAttr(testItemID, "encryption"), + resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_id"), + resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_ring_id"), + resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_version"), + resource.TestCheckNoResourceAttr(testItemID, "encryption.service_account"), + ) +} + +func defaultEncInstanceTestChecks(testItemID string, data resData) resource.TestCheckFunc { + return resource.ComposeAggregateTestCheckFunc( + defaultInstanceTestChecks(testItemID, data), + + // on unencrypted instances we expect this to be empty + resource.TestCheckResourceAttrSet(testItemID, "network.instance_address"), + resource.TestCheckResourceAttrSet(testItemID, "network.router_address"), + + // check absent attr + resource.TestCheckResourceAttrSet(testItemID, "encryption"), + resource.TestCheckResourceAttrSet(testItemID, "encryption.kek_key_id"), + resource.TestCheckResourceAttr(testItemID, "encryption.kek_key_id", data.KekKeyID), + resource.TestCheckResourceAttrSet(testItemID, "encryption.kek_key_ring_id"), + resource.TestCheckResourceAttr(testItemID, "encryption.kek_key_ring_id", data.KekKeyRingID), + resource.TestCheckResourceAttrSet(testItemID, "encryption.kek_key_version"), + resource.TestCheckResourceAttr(testItemID, "encryption.kek_key_version", strconv.Itoa(int(data.KekKeyVersion))), + resource.TestCheckResourceAttrSet(testItemID, "encryption.service_account"), + resource.TestCheckResourceAttr(testItemID, "encryption.service_account", data.KekServiceAccount), + ) +} + +func defaultInstanceTestChecks(testItemID string, data resData) resource.TestCheckFunc { + return resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet(testItemID, "backup_schedule"), + resource.TestCheckResourceAttr(testItemID, "backup_schedule", data.BackupSchedule), + + resource.TestCheckResourceAttrSet(testItemID, "connection_info"), + resource.TestCheckResourceAttrSet(testItemID, "connection_info.write"), + resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.host"), + resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.port"), + + resource.TestCheckResourceAttrSet(testItemID, "flavor_id"), + resource.TestCheckResourceAttr(testItemID, "flavor_id", data.FlavorID), + + resource.TestCheckResourceAttrSet(testItemID, "id"), + resource.TestCheckResourceAttrSet(testItemID, "instance_id"), + + resource.TestCheckResourceAttrSet(testItemID, "is_deletable"), + resource.TestCheckResourceAttr(testItemID, "is_deletable", "true"), + + resource.TestCheckResourceAttrSet(testItemID, "name"), + resource.TestCheckResourceAttr(testItemID, "name", data.Name), + + // network params check + resource.TestCheckResourceAttr(testItemID, "network.%", "4"), + resource.TestCheckResourceAttrSet(testItemID, "network"), + resource.TestCheckResourceAttrSet(testItemID, "network.access_scope"), + resource.TestCheckResourceAttr(testItemID, "network.access_scope", data.AccessScope), + resource.TestCheckResourceAttrSet(testItemID, "network.acl"), + resource.TestCheckResourceAttr(testItemID, "network.acl.#", strconv.Itoa(len(data.ACLStrings))), + resource.TestCheckResourceAttrSet(testItemID, "network.instance_address"), + // router address is checken in noenc/ enc + + resource.TestCheckResourceAttrSet(testItemID, "project_id"), + resource.TestCheckResourceAttr(testItemID, "project_id", data.ProjectID), + + resource.TestCheckResourceAttrSet(testItemID, "region"), + resource.TestCheckResourceAttr(testItemID, "region", data.Region), + + resource.TestCheckResourceAttrSet(testItemID, "replicas"), + resource.TestCheckResourceAttr(testItemID, "replicas", strconv.Itoa(int(data.Replicas))), + + resource.TestCheckResourceAttrSet(testItemID, "retention_days"), + resource.TestCheckResourceAttr(testItemID, "retention_days", strconv.Itoa(int(data.RetentionDays))), + + resource.TestCheckResourceAttrSet(testItemID, "status"), + resource.TestCheckResourceAttr(testItemID, "status", "READY"), + + // storage params check + resource.TestCheckResourceAttr(testItemID, "storage.%", "2"), + resource.TestCheckResourceAttrSet(testItemID, "storage.performance_class"), + resource.TestCheckResourceAttr(testItemID, "storage.performance_class", data.PerformanceClass), + resource.TestCheckResourceAttrSet(testItemID, "storage.size"), + resource.TestCheckResourceAttr(testItemID, "storage.size", strconv.Itoa(int(data.Size))), + + resource.TestCheckResourceAttrSet(testItemID, "version"), + resource.TestCheckResourceAttr(testItemID, "version", data.Version), + ) +} diff --git a/stackit/internal/services/postgresflexalpha/testdata/instance_template.gompl b/stackit/internal/services/postgresflexalpha/testdata/instance_template.gompl index d0ab3f25..00a51e60 100644 --- a/stackit/internal/services/postgresflexalpha/testdata/instance_template.gompl +++ b/stackit/internal/services/postgresflexalpha/testdata/instance_template.gompl @@ -23,7 +23,7 @@ resource "stackitprivatepreview_postgresflexalpha_instance" "{{ .TfName }}" { } {{ end }} network = { - acl = ["{{ .ACLString }}"] + acl = [{{ range $i, $v := .ACLStrings }}{{if $i}},{{end}}"{{$v}}"{{end}}] access_scope = "{{ .AccessScope }}" } version = {{ .Version }} diff --git a/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go b/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go index f6971fd1..6419406d 100644 --- a/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go +++ b/stackit/internal/services/sqlserverflexalpha/sqlserverflex_acc_test.go @@ -198,7 +198,7 @@ func TestAccInstanceNoEncryption(t *testing.T) { Roles: []string{ "##STACKIT_DatabaseManager##", "##STACKIT_LoginManager##", - //"##STACKIT_ProcessManager##", + // "##STACKIT_ProcessManager##", //"##STACKIT_SQLAgentManager##", //"##STACKIT_SQLAgentUser##", //"##STACKIT_ServerManager##", diff --git a/stackit/internal/wait/postgresflexalpha/wait.go b/stackit/internal/wait/postgresflexalpha/wait.go index 198f075d..ed945f3d 100644 --- a/stackit/internal/wait/postgresflexalpha/wait.go +++ b/stackit/internal/wait/postgresflexalpha/wait.go @@ -161,7 +161,7 @@ func CreateInstanceWaitHandler( if !ok { return false, nil, err } - // TODO: refactor and cooperate with api guys to mitigate + // TODO: refactor and cooperate with api guys to mitigate // nolint: // reason upfront if oapiErr.StatusCode < 500 { return true, instanceGetResponse, fmt.Errorf( "users request after instance creation returned %d status code",