Feat/stackittpr 189 min max tests (#806)

* feat(serverupdate): added min/max tests * feat(serverbackup): added min/max tests * chore(dns): added min/max tests * fix(dns): correct attribute setting of zone type * chore(secretsmanager): added min/max tests * chore(acceptance tests): fixed linter issues * chore(acceptance tests): cleanup code * updated documentation * chore(acceptance test): fixed review findings
2025-05-09 15:07:47 +02:00 · 2025-05-09 15:07:47 +02:00 · b2af6ac0e4
commit b2af6ac0e4
parent 6a0ccb87ee
14 changed files with 1136 additions and 674 deletions
--- a/stackit/internal/services/secretsmanager/secretsmanager_acc_test.go
+++ b/stackit/internal/services/secretsmanager/secretsmanager_acc_test.go
@ -2,111 +2,88 @@ package secretsmanager_test

 import (
 	"context"
+	_ "embed"
 	"fmt"
+	"maps"
+	"regexp"
 	"strings"
 	"testing"

+	"github.com/hashicorp/terraform-plugin-testing/config"
 	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
-	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	core_config "github.com/stackitcloud/stackit-sdk-go/core/config"
 	"github.com/stackitcloud/stackit-sdk-go/core/utils"
 	"github.com/stackitcloud/stackit-sdk-go/services/secretsmanager"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/testutil"
 )

-// Instance resource data
-var instanceResource = map[string]string{
-	"project_id":    testutil.ProjectId,
-	"name":          fmt.Sprintf("acc-test-%s", acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)),
-	"acl-0":         "1.2.3.4/5",
-	"acl-1":         "111.222.111.222/11",
-	"acl-1-updated": "111.222.111.222/22",
+var (
+	//go:embed testdata/resource-min.tf
+	resourceMinConfig string
+
+	//go:embed testdata/resource-max.tf
+	resourceMaxConfig string
+)
+
+var testConfigVarsMin = config.Variables{
+	"project_id":       config.StringVariable(testutil.ProjectId),
+	"instance_name":    config.StringVariable("tf-acc-" + acctest.RandStringFromCharSet(8, acctest.CharSetAlpha)),
+	"user_description": config.StringVariable("tf-acc-" + acctest.RandStringFromCharSet(8, acctest.CharSetAlpha)),
+	"write_enabled":    config.BoolVariable(true),
 }

-// User resource data
-var userResource = map[string]string{
-	"description":           testutil.ResourceNameWithDateTime("secretsmanager"),
-	"write_enabled":         "false",
-	"write_enabled_updated": "true",
+var testConfigVarsMax = config.Variables{
+	"project_id":       config.StringVariable(testutil.ProjectId),
+	"instance_name":    config.StringVariable("tf-acc-" + acctest.RandStringFromCharSet(8, acctest.CharSetAlpha)),
+	"user_description": config.StringVariable("tf-acc-" + acctest.RandStringFromCharSet(8, acctest.CharSetAlpha)),
+	"acl1":             config.StringVariable("10.100.0.0/24"),
+	"acl2":             config.StringVariable("10.100.1.0/24"),
+	"write_enabled":    config.BoolVariable(true),
 }

-func resourceConfig(acls *string, writeEnabled string) string {
-	if acls == nil {
-		return fmt.Sprintf(`
-					%s
-	
-					resource "stackit_secretsmanager_instance" "instance" {
-						project_id = "%s"
-						name       = "%s"
-					}
-
-					resource "stackit_secretsmanager_user" "user" {
-						project_id = stackit_secretsmanager_instance.instance.project_id
-						instance_id = stackit_secretsmanager_instance.instance.instance_id
-						description = "%s"
-						write_enabled = %s
-					}
-					`,
-			testutil.SecretsManagerProviderConfig(),
-			instanceResource["project_id"],
-			instanceResource["name"],
-			userResource["description"],
-			writeEnabled,
-		)
-	}
-
-	return fmt.Sprintf(`
-				%s
-
-				resource "stackit_secretsmanager_instance" "instance" {
-					project_id = "%s"
-					name       = "%s"
-					acls = %s
-				}
-
-				resource "stackit_secretsmanager_user" "user" {
-					project_id = stackit_secretsmanager_instance.instance.project_id
-					instance_id = stackit_secretsmanager_instance.instance.instance_id
-					description = "%s"
-					write_enabled = %s
-				}
-				`,
-		testutil.SecretsManagerProviderConfig(),
-		instanceResource["project_id"],
-		instanceResource["name"],
-		*acls,
-		userResource["description"],
-		writeEnabled,
-	)
+func configVarsInvalid(vars config.Variables) config.Variables {
+	tempConfig := maps.Clone(vars)
+	delete(tempConfig, "instance_name")
+	return tempConfig
 }

-func TestAccSecretsManager(t *testing.T) {
+func configVarsMinUpdated() config.Variables {
+	tempConfig := maps.Clone(testConfigVarsMin)
+	tempConfig["write_enabled"] = config.BoolVariable(false)
+	return tempConfig
+}
+
+func configVarsMaxUpdated() config.Variables {
+	tempConfig := maps.Clone(testConfigVarsMax)
+	tempConfig["write_enabled"] = config.BoolVariable(false)
+	tempConfig["acl2"] = config.StringVariable("10.100.2.0/24")
+	return tempConfig
+}
+
+func TestAccSecretsManagerMin(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: testutil.TestAccProtoV6ProviderFactories,
 		CheckDestroy:             testAccCheckSecretsManagerDestroy,
 		Steps: []resource.TestStep{
-
+			// Creation fail
+			{
+				Config:          testutil.SecretsManagerProviderConfig() + "\n" + resourceMinConfig,
+				ConfigVariables: configVarsInvalid(testConfigVarsMin),
+				ExpectError:     regexp.MustCompile(`input variable "instance_name" is not set,`),
+			},
 			// Creation
 			{
-				Config: resourceConfig(
-					utils.Ptr(fmt.Sprintf(
-						"[%q, %q, %q]",
-						instanceResource["acl-0"],
-						instanceResource["acl-1"],
-						instanceResource["acl-1"],
-					)),
-					userResource["write_enabled"],
-				),
+				Config:          resourceMinConfig,
+				ConfigVariables: testConfigVarsMin,
 				Check: resource.ComposeAggregateTestCheckFunc(
 					// Instance
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(testConfigVarsMin["project_id"])),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(testConfigVarsMin["instance_name"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "0"),

 					// User
 					resource.TestCheckResourceAttrPair(
@ -118,46 +95,25 @@ func TestAccSecretsManager(t *testing.T) {
 						"stackit_secretsmanager_instance.instance", "instance_id",
 					),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(testConfigVarsMin["user_description"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(testConfigVarsMin["write_enabled"])),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
 				),
 			},
 			// Data source
 			{
-				Config: fmt.Sprintf(`
-					%s
-
-					data "stackit_secretsmanager_instance" "instance" {
-						project_id  = stackit_secretsmanager_instance.instance.project_id
-						instance_id = stackit_secretsmanager_instance.instance.instance_id
-					}
-
-					data "stackit_secretsmanager_user" "user" {
-						project_id  = stackit_secretsmanager_user.user.project_id
-						instance_id = stackit_secretsmanager_user.user.instance_id
-						user_id = stackit_secretsmanager_user.user.user_id
-					}`,
-					resourceConfig(
-						utils.Ptr(fmt.Sprintf(
-							"[%q, %q]",
-							instanceResource["acl-0"],
-							instanceResource["acl-1"],
-						)),
-						userResource["write_enabled"],
-					),
-				),
+				Config:          resourceMinConfig,
+				ConfigVariables: testConfigVarsMin,
 				Check: resource.ComposeAggregateTestCheckFunc(
 					// Instance
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(testConfigVarsMin["project_id"])),
 					resource.TestCheckResourceAttrPair(
 						"stackit_secretsmanager_instance.instance", "instance_id",
 						"data.stackit_secretsmanager_instance.instance", "instance_id",
 					),
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1"]),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(testConfigVarsMin["instance_name"])),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.#", "0"),

 					// User
 					resource.TestCheckResourceAttrPair(
@ -172,8 +128,8 @@ func TestAccSecretsManager(t *testing.T) {
 						"stackit_secretsmanager_user.user", "user_id",
 						"data.stackit_secretsmanager_user.user", "user_id",
 					),
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "description", userResource["description"]),
-					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled"]),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(testConfigVarsMin["user_description"])),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(testConfigVarsMin["write_enabled"])),
 					resource.TestCheckResourceAttrPair(
 						"stackit_secretsmanager_user.user", "username",
 						"data.stackit_secretsmanager_user.user", "username",
@ -182,7 +138,8 @@ func TestAccSecretsManager(t *testing.T) {
 			},
 			// Import
 			{
-				ResourceName: "stackit_secretsmanager_instance.instance",
+				ConfigVariables: testConfigVarsMin,
+				ResourceName:    "stackit_secretsmanager_instance.instance",
 				ImportStateIdFunc: func(s *terraform.State) (string, error) {
 					r, ok := s.RootModule().Resources["stackit_secretsmanager_instance.instance"]
 					if !ok {
@ -198,7 +155,9 @@ func TestAccSecretsManager(t *testing.T) {
 				ImportStateVerify: true,
 			},
 			{
-				ResourceName: "stackit_secretsmanager_user.user",
+				Config:          resourceMinConfig,
+				ConfigVariables: testConfigVarsMin,
+				ResourceName:    "stackit_secretsmanager_user.user",
 				ImportStateIdFunc: func(s *terraform.State) (string, error) {
 					r, ok := s.RootModule().Resources["stackit_secretsmanager_user.user"]
 					if !ok {
@ -222,47 +181,13 @@ func TestAccSecretsManager(t *testing.T) {
 			},
 			// Update
 			{
-				Config: resourceConfig(
-					utils.Ptr(fmt.Sprintf(
-						"[%q, %q]",
-						instanceResource["acl-0"],
-						instanceResource["acl-1-updated"],
-					)),
-					userResource["write_enabled_updated"],
-				),
+				Config:          resourceMinConfig,
+				ConfigVariables: configVarsMinUpdated(),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					// Instance
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(configVarsMinUpdated()["project_id"])),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1-updated"]),
-
-					// User
-					resource.TestCheckResourceAttrPair(
-						"stackit_secretsmanager_user.user", "project_id",
-						"stackit_secretsmanager_instance.instance", "project_id",
-					),
-					resource.TestCheckResourceAttrPair(
-						"stackit_secretsmanager_user.user", "instance_id",
-						"stackit_secretsmanager_instance.instance", "instance_id",
-					),
-					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled_updated"]),
-					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
-					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
-				),
-			},
-			// Update, no ACLs
-			{
-				Config: resourceConfig(nil, userResource["write_enabled_updated"]),
-				Check: resource.ComposeAggregateTestCheckFunc(
-					// Instance data
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
-					resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(configVarsMinUpdated()["instance_name"])),
 					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "0"),

 					// User
@ -275,8 +200,163 @@ func TestAccSecretsManager(t *testing.T) {
 						"stackit_secretsmanager_instance.instance", "instance_id",
 					),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
-					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled_updated"]),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(configVarsMinUpdated()["user_description"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(configVarsMinUpdated()["write_enabled"])),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
+				),
+			},
+
+			// Deletion is done by the framework implicitly
+		},
+	})
+}
+
+func TestAccSecretsManagerMax(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: testutil.TestAccProtoV6ProviderFactories,
+		CheckDestroy:             testAccCheckSecretsManagerDestroy,
+		Steps: []resource.TestStep{
+			// Creation fail
+			{
+				Config:          testutil.SecretsManagerProviderConfig() + "\n" + resourceMaxConfig,
+				ConfigVariables: configVarsInvalid(testConfigVarsMax),
+				ExpectError:     regexp.MustCompile(`input variable "instance_name" is not set,`),
+			},
+			// Creation
+			{
+				Config:          resourceMaxConfig,
+				ConfigVariables: testConfigVarsMax,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					// Instance
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(testConfigVarsMax["project_id"])),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(testConfigVarsMax["instance_name"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", testutil.ConvertConfigVariable(testConfigVarsMax["acl1"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", testutil.ConvertConfigVariable(testConfigVarsMax["acl2"])),
+
+					// User
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "project_id",
+						"stackit_secretsmanager_instance.instance", "project_id",
+					),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "instance_id",
+						"stackit_secretsmanager_instance.instance", "instance_id",
+					),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(testConfigVarsMax["user_description"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(testConfigVarsMax["write_enabled"])),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
+				),
+			},
+			// Data source
+			{
+				Config:          resourceMaxConfig,
+				ConfigVariables: testConfigVarsMax,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					// Instance
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(testConfigVarsMax["project_id"])),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_instance.instance", "instance_id",
+						"data.stackit_secretsmanager_instance.instance", "instance_id",
+					),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(testConfigVarsMax["instance_name"])),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.#", "2"),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.0", testutil.ConvertConfigVariable(testConfigVarsMax["acl1"])),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.1", testutil.ConvertConfigVariable(testConfigVarsMax["acl2"])),
+
+					// User
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "project_id",
+						"data.stackit_secretsmanager_user.user", "project_id",
+					),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "instance_id",
+						"data.stackit_secretsmanager_user.user", "instance_id",
+					),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "user_id",
+						"data.stackit_secretsmanager_user.user", "user_id",
+					),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(testConfigVarsMax["user_description"])),
+					resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(testConfigVarsMax["write_enabled"])),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "username",
+						"data.stackit_secretsmanager_user.user", "username",
+					),
+				),
+			},
+			// Import
+			{
+				ConfigVariables: testConfigVarsMax,
+				ResourceName:    "stackit_secretsmanager_instance.instance",
+				ImportStateIdFunc: func(s *terraform.State) (string, error) {
+					r, ok := s.RootModule().Resources["stackit_secretsmanager_instance.instance"]
+					if !ok {
+						return "", fmt.Errorf("couldn't find resource stackit_secretsmanager_instance.instance")
+					}
+					instanceId, ok := r.Primary.Attributes["instance_id"]
+					if !ok {
+						return "", fmt.Errorf("couldn't find attribute instance_id")
+					}
+					return fmt.Sprintf("%s,%s", testutil.ProjectId, instanceId), nil
+				},
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config:          resourceMaxConfig,
+				ConfigVariables: testConfigVarsMax,
+				ResourceName:    "stackit_secretsmanager_user.user",
+				ImportStateIdFunc: func(s *terraform.State) (string, error) {
+					r, ok := s.RootModule().Resources["stackit_secretsmanager_user.user"]
+					if !ok {
+						return "", fmt.Errorf("couldn't find resource stackit_secretsmanager_user.user")
+					}
+					instanceId, ok := r.Primary.Attributes["instance_id"]
+					if !ok {
+						return "", fmt.Errorf("couldn't find attribute instance_id")
+					}
+					userId, ok := r.Primary.Attributes["user_id"]
+					if !ok {
+						return "", fmt.Errorf("couldn't find attribute user_id")
+					}
+
+					return fmt.Sprintf("%s,%s,%s", testutil.ProjectId, instanceId, userId), nil
+				},
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"password"},
+				Check:                   resource.TestCheckNoResourceAttr("stackit_secretsmanager_user.user", "password"),
+			},
+			// Update
+			{
+				Config:          resourceMaxConfig,
+				ConfigVariables: configVarsMaxUpdated(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					// Instance
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", testutil.ConvertConfigVariable(configVarsMaxUpdated()["project_id"])),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", testutil.ConvertConfigVariable(configVarsMaxUpdated()["instance_name"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", testutil.ConvertConfigVariable(configVarsMaxUpdated()["acl1"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", testutil.ConvertConfigVariable(configVarsMaxUpdated()["acl2"])),
+
+					// User
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "project_id",
+						"stackit_secretsmanager_instance.instance", "project_id",
+					),
+					resource.TestCheckResourceAttrPair(
+						"stackit_secretsmanager_user.user", "instance_id",
+						"stackit_secretsmanager_instance.instance", "instance_id",
+					),
+					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", testutil.ConvertConfigVariable(configVarsMaxUpdated()["user_description"])),
+					resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", testutil.ConvertConfigVariable(configVarsMaxUpdated()["write_enabled"])),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
 					resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
 				),
@ -292,11 +372,11 @@ func testAccCheckSecretsManagerDestroy(s *terraform.State) error {
 	var err error
 	if testutil.SecretsManagerCustomEndpoint == "" {
 		client, err = secretsmanager.NewAPIClient(
-			config.WithRegion("eu01"),
+			core_config.WithRegion("eu01"),
 		)
 	} else {
 		client, err = secretsmanager.NewAPIClient(
-			config.WithEndpoint(testutil.SecretsManagerCustomEndpoint),
+			core_config.WithEndpoint(testutil.SecretsManagerCustomEndpoint),
 		)
 	}
 	if err != nil {
--- a/stackit/internal/services/secretsmanager/testdata/resource-max.tf
+++ b/stackit/internal/services/secretsmanager/testdata/resource-max.tf
@ -0,0 +1,34 @@
+variable "project_id" {}
+variable "instance_name" {}
+variable "user_description" {}
+variable "write_enabled" {}
+variable "acl1" {}
+variable "acl2" {}
+
+resource "stackit_secretsmanager_instance" "instance" {
+  project_id = var.project_id
+  name       = var.instance_name
+  acls = [
+    var.acl1,
+    var.acl2,
+  ]
+}
+
+resource "stackit_secretsmanager_user" "user" {
+  project_id    = var.project_id
+  instance_id   = stackit_secretsmanager_instance.instance.instance_id
+  description   = var.user_description
+  write_enabled = var.write_enabled
+}
+
+
+data "stackit_secretsmanager_instance" "instance" {
+  project_id  = var.project_id
+  instance_id = stackit_secretsmanager_instance.instance.instance_id
+}
+
+data "stackit_secretsmanager_user" "user" {
+  project_id  = var.project_id
+  instance_id = stackit_secretsmanager_instance.instance.instance_id
+  user_id     = stackit_secretsmanager_user.user.user_id
+}
--- a/stackit/internal/services/secretsmanager/testdata/resource-min.tf
+++ b/stackit/internal/services/secretsmanager/testdata/resource-min.tf
@ -0,0 +1,28 @@
+variable "project_id" {}
+variable "instance_name" {}
+variable "user_description" {}
+variable "write_enabled" {}
+
+resource "stackit_secretsmanager_instance" "instance" {
+  project_id = var.project_id
+  name       = var.instance_name
+}
+
+resource "stackit_secretsmanager_user" "user" {
+  project_id    = var.project_id
+  instance_id   = stackit_secretsmanager_instance.instance.instance_id
+  description   = var.user_description
+  write_enabled = var.write_enabled
+}
+
+
+data "stackit_secretsmanager_instance" "instance" {
+  project_id  = var.project_id
+  instance_id = stackit_secretsmanager_instance.instance.instance_id
+}
+
+data "stackit_secretsmanager_user" "user" {
+  project_id  = var.project_id
+  instance_id = stackit_secretsmanager_instance.instance.instance_id
+  user_id     = stackit_secretsmanager_user.user.user_id
+}