stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add encypted instance test for postgres
Some checks failed
CI Workflow / Check GoReleaser config (pull_request) Successful in 5s
Details
CI Workflow / Test readiness for publishing provider (pull_request) Failing after 5m21s
Details
CI Workflow / CI run build and linting (pull_request) Failing after 7m10s
Details
CI Workflow / CI run tests (pull_request) Failing after 7m25s
Details
CI Workflow / Code coverage report (pull_request) Has been skipped
Details

Browse source
This commit is contained in:
Marcel S. Henselin 2026-03-03 09:21:10 +01:00
parent 872c06ec68
commit 411e99739a
2 changed files with 138 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

136
stackit/internal/services/postgresflexalpha/postgresflex_acc_test.go
View file

@ -5,6 +5,7 @@ import (
_ "embed" _ "embed"
"fmt" "fmt"
"log" "log"
"math"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@ -183,8 +184,56 @@ func TestAccInstance(t *testing.T) {
exData, exData,
), ),
Check: resource.ComposeAggregateTestCheckFunc( Check: resource.ComposeAggregateTestCheckFunc(
// check params acl count
resource.TestCheckResourceAttr(testItemID, "acl.#", "1"),
// check params are set // check params are set
resource.TestCheckResourceAttrSet(testItemID, "backup_schedule"),
//// connection_info should contain 1 sub entry
// resource.TestCheckResourceAttr(testItemID, "connection_info.%", "1"),
//
//// connection_info.write should contain 2 sub entries
// resource.TestCheckResourceAttr(testItemID, "connection_info.write", "2"),
//
// resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.host"),
// resource.TestCheckResourceAttrSet(testItemID, "connection_info.write.port"),
resource.TestCheckResourceAttrSet(testItemID, "flavor_id"),
resource.TestCheckResourceAttrSet(testItemID, "id"), resource.TestCheckResourceAttrSet(testItemID, "id"),
resource.TestCheckResourceAttrSet(testItemID, "instance_id"),
resource.TestCheckResourceAttrSet(testItemID, "is_deletable"),
resource.TestCheckResourceAttrSet(testItemID, "name"),
// network should contain 4 sub entries
resource.TestCheckResourceAttr(testItemID, "network.%", "4"),
resource.TestCheckResourceAttrSet(testItemID, "network.access_scope"),
// on unencrypted instances we expect this to be empty
resource.TestCheckResourceAttr(testItemID, "network.instance_address", ""),
resource.TestCheckResourceAttr(testItemID, "network.router_address", ""),
// only one acl entry should be set
resource.TestCheckResourceAttr(testItemID, "network.acl.#", "1"),
resource.TestCheckResourceAttrSet(testItemID, "replicas"),
resource.TestCheckResourceAttrSet(testItemID, "retention_days"),
resource.TestCheckResourceAttrSet(testItemID, "status"),
// storage should contain 2 sub entries
resource.TestCheckResourceAttr(testItemID, "storage.%", "2"),
resource.TestCheckResourceAttrSet(testItemID, "storage.performance_class"),
resource.TestCheckResourceAttrSet(testItemID, "storage.size"),
resource.TestCheckResourceAttrSet(testItemID, "version"),
// check absent attr
resource.TestCheckNoResourceAttr(testItemID, "encryption"),
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_id"),
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_ring_id"),
resource.TestCheckNoResourceAttr(testItemID, "encryption.kek_key_version"),
resource.TestCheckNoResourceAttr(testItemID, "encryption.service_account"),
// check param values // check param values
resource.TestCheckResourceAttr(testItemID, "name", exData.Name), resource.TestCheckResourceAttr(testItemID, "name", exData.Name),
@ -341,6 +390,93 @@ func TestAccInstanceWithDatabases(t *testing.T) {
) )
} }
func TestAccEncryptedInstanceWithDatabases(t *testing.T) {
encKekKeyID, ok := os.LookupEnv("TF_ACC_KEK_KEY_ID")
if !ok || encKekKeyID == "" {
t.Skip("env var TF_ACC_KEK_KEY_ID needed for encryption test")
}
encKekKeyRingID, ok := os.LookupEnv("TF_ACC_KEK_KEY_RING_ID")
if !ok || encKekKeyRingID == "" {
t.Skip("env var TF_ACC_KEK_KEY_RING_ID needed for encryption test")
}
encKekKeyVersion, ok := os.LookupEnv("TF_ACC_KEK_KEY_VERSION")
if !ok || encKekKeyVersion == "" {
t.Skip("env var TF_ACC_KEK_KEY_VERSION needed for encryption test")
}
encSvcAcc, ok := os.LookupEnv("TF_ACC_KEK_SERVICE_ACCOUNT")
if !ok || encSvcAcc == "" {
t.Skip("env var TF_ACC_KEK_SERVICE_ACCOUNT needed for encryption test")
}
data := getExample()
data.UseEncryption = true
data.KekKeyID = encKekKeyID
data.KekKeyRingID = encKekKeyRingID
data.KekServiceAccount = encSvcAcc
encKekKeyVersionInt, err := strconv.Atoi(encKekKeyVersion)
if err != nil {
t.Errorf("error converting string to int")
}
if encKekKeyVersionInt > math.MaxUint8 {
t.Errorf("value too large to convert to uint8")
}
data.KekKeyVersion = uint8(encKekKeyVersionInt) //nolint:gosec // handled above
dbName := "testdb"
userName := "testUser"
data.Users = []User{
{
Name: userName,
ProjectID: os.Getenv("TF_ACC_PROJECT_ID"),
Roles: []string{"login"},
},
}
data.Databases = []Database{
{
Name: dbName,
ProjectID: os.Getenv("TF_ACC_PROJECT_ID"),
Owner: userName,
},
}
resource.ParallelTest(
t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
t.Logf(" ... working on instance %s", data.TfName)
},
CheckDestroy: testAccCheckPostgresFlexDestroy,
ProtoV6ProviderFactories: testutils.TestAccProtoV6ProviderFactories,
Steps: []resource.TestStep{
// Create and verify
{
Config: testutils.StringFromTemplateMust(
"testdata/instance_template.gompl",
data,
),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(
testutils.ResStr(pfx, "instance", data.TfName),
"name",
data.Name,
),
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "instance", data.TfName), "id"),
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "user", userName), "name", userName),
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "user", userName), "id"),
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "name", dbName),
resource.TestCheckResourceAttr(testutils.ResStr(pfx, "database", dbName), "owner", userName),
resource.TestCheckResourceAttrSet(testutils.ResStr(pfx, "database", dbName), "id"),
),
},
},
},
)
}
// func setupMockServer() *httptest.Server { // func setupMockServer() *httptest.Server {
// mux := http.NewServeMux() // mux := http.NewServeMux()
// //

4
stackit/internal/services/postgresflexalpha/testdata/instance_template.gompl vendored
View file

@ -16,8 +16,8 @@ resource "stackitprivatepreview_postgresflexalpha_instance" "{{ .TfName }}" {
} }
{{ if .UseEncryption }} {{ if .UseEncryption }}
encryption = { encryption = {
kek_key_id = {{ .KekKeyID }} kek_key_id = "{{ .KekKeyID }}"
kek_key_ring_id = {{ .KekKeyRingID }} kek_key_ring_id = "{{ .KekKeyRingID }}"
kek_key_version = {{ .KekKeyVersion }} kek_key_version = {{ .KekKeyVersion }}
service_account = "{{ .KekServiceAccount }}" service_account = "{{ .KekServiceAccount }}"
} }