From c66f2a786bad2f37955c517b785c28d23fcab360 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Fri, 3 Jun 2022 11:21:38 +0300 Subject: [PATCH 1/9] SCALRCORE-21901 add validation for aws provider configuration. --- go.mod | 2 +- go.sum | 4 +- .../resource_scalr_provider_configuration.go | 126 +++++++++++++++--- ...ource_scalr_provider_configuration_test.go | 68 +++++++--- 4 files changed, 161 insertions(+), 39 deletions(-) diff --git a/go.mod b/go.mod index d43d175e..6adaaca9 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ require ( github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 - github.com/scalr/go-scalr v0.0.0-20220509095836-2578ecfec9e3 + github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702 ) require ( diff --git a/go.sum b/go.sum index c8b948cb..a02ed1b0 100644 --- a/go.sum +++ b/go.sum @@ -299,8 +299,8 @@ github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6D github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/scalr/go-scalr v0.0.0-20220509095836-2578ecfec9e3 h1:P03PrnjjQ4eG7E94FvOn0L40v1gpWiVVq1RfdmPWNzk= -github.com/scalr/go-scalr v0.0.0-20220509095836-2578ecfec9e3/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE= +github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702 h1:rp50DdNsoIeXBwPSmV5DVB85JtZFFDnCBN2bYlJJzR0= +github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= diff --git a/scalr/resource_scalr_provider_configuration.go b/scalr/resource_scalr_provider_configuration.go index f69120f1..60e454f6 100644 --- a/scalr/resource_scalr_provider_configuration.go +++ b/scalr/resource_scalr_provider_configuration.go @@ -61,6 +61,26 @@ func resourceScalrProviderConfiguration() *schema.Resource { ExactlyOneOf: []string{"google", "azurerm", "custom"}, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "account_type": { + Type: schema.TypeString, + Required: true, + }, + "credentials_type": { + Type: schema.TypeString, + Required: true, + }, + "trusted_entity_type": { + Type: schema.TypeString, + Optional: true, + }, + "role_arn": { + Type: schema.TypeString, + Optional: true, + }, + "external_id": { + Type: schema.TypeString, + Optional: true, + }, "access_key": { Type: schema.TypeString, Optional: true, @@ -180,11 +200,38 @@ func resourceScalrProviderConfigurationCreate(d *schema.ResourceData, meta inter if _, ok := d.GetOk("aws"); ok { configurationOptions.ProviderName = scalr.String("aws") - if v, ok := d.GetOk("aws.0.access_key"); ok { - configurationOptions.AwsAccessKey = scalr.String(v.(string)) + configurationOptions.AwsAccountType = scalr.String(d.Get("aws.0.account_type").(string)) + configurationOptions.AwsCredentialsType = scalr.String(d.Get("aws.0.credentials_type").(string)) + + accessKeyIdI, accessKeyIdExists := d.GetOk("aws.0.access_key") + accessKeyIdExists = accessKeyIdExists && len(accessKeyIdI.(string)) > 0 + accessSecretKeyI, accessSecretKeyExists := d.GetOk("aws.0.secret_key") + accessSecretKeyExists = accessSecretKeyExists && len(accessSecretKeyI.(string)) > 0 + + if accessKeyIdExists && accessSecretKeyExists { + configurationOptions.AwsAccessKey = scalr.String(accessKeyIdI.(string)) + configurationOptions.AwsSecretKey = scalr.String(accessSecretKeyI.(string)) + } else if accessKeyIdExists || accessSecretKeyExists { + return fmt.Errorf("'access_key' and 'secret_key' fields can be used only together") } - if v, ok := d.GetOk("aws.0.secret_key"); ok { - configurationOptions.AwsSecretKey = scalr.String(v.(string)) + + if *configurationOptions.AwsCredentialsType == "role_delegation" { + configurationOptions.AwsTrustedEntityType = scalr.String(d.Get("aws.0.trusted_entity_type").(string)) + configurationOptions.AwsRoleArn = scalr.String(d.Get("aws.0.role_arn").(string)) + configurationOptions.AwsExternalId = scalr.String(d.Get("aws.0.external_id").(string)) + if len(*configurationOptions.AwsTrustedEntityType) == 0 { + return fmt.Errorf("'trusted_entity_type' field is required for 'role_delegation' credentials type of aws provider configuration") + } + if len(*configurationOptions.AwsRoleArn) == 0 { + return fmt.Errorf("'role_arn' field is required for 'role_delegation' credentials type of aws provider configuration") + } + if len(*configurationOptions.AwsExternalId) == 0 { + return fmt.Errorf("'external_id' field is required for 'role_delegation' credentials type of aws provider configuration") + } + } else if *configurationOptions.AwsCredentialsType != "access_keys" { + return fmt.Errorf("unknown aws provider configuration credentials type: %s, allowed: 'role_delegation', 'access_keys'", *configurationOptions.AwsCredentialsType) + } else if !accessKeyIdExists || !accessSecretKeyExists { + return fmt.Errorf("'access_key' and 'secret_key' fields are required for 'access_keys' credentials type of aws provider configuration") } } else if _, ok := d.GetOk("google"); ok { @@ -276,15 +323,29 @@ func resourceScalrProviderConfigurationRead(d *schema.ResourceData, meta interfa switch providerConfiguration.ProviderName { case "aws": - stateAwsParameters := d.Get("aws").([]interface{})[0].(map[string]interface{}) - stateSecretKey := stateAwsParameters["secret_key"].(string) + aws := make(map[string]interface{}) - d.Set("aws", []map[string]interface{}{ - { - "access_key": providerConfiguration.AwsAccessKey, - "secret_key": stateSecretKey, - }, - }) + aws["account_type"] = providerConfiguration.AwsAccountType + aws["credentials_type"] = providerConfiguration.AwsCredentialsType + + if stateSecretKeyI, ok := d.GetOk("aws.0.secret_key"); ok { + aws["secret_key"] = stateSecretKeyI.(string) + } + + if len(providerConfiguration.AwsAccessKey) > 0 { + aws["access_key"] = providerConfiguration.AwsAccessKey + } + if len(providerConfiguration.AwsTrustedEntityType) > 0 { + aws["trusted_entity_type"] = providerConfiguration.AwsTrustedEntityType + } + if len(providerConfiguration.AwsTrustedEntityType) > 0 { + aws["role_arn"] = providerConfiguration.AwsRoleArn + } + if len(providerConfiguration.AwsTrustedEntityType) > 0 { + aws["external_id"] = providerConfiguration.AwsExternalId + } + + d.Set("aws", []map[string]interface{}{aws}) case "google": stateGoogleParameters := d.Get("google").([]interface{})[0].(map[string]interface{}) stateCredentials := stateGoogleParameters["credentials"].(string) @@ -354,21 +415,48 @@ func resourceScalrProviderConfigurationUpdate(d *schema.ResourceData, meta inter ExportShellVariables: scalr.Bool(d.Get("export_shell_variables").(bool)), } - if d.HasChange("aws") { - if v, ok := d.GetOk("aws.0.access_key"); ok { - configurationOptions.AwsAccessKey = scalr.String(v.(string)) + if _, ok := d.GetOk("aws"); ok { + configurationOptions.AwsAccountType = scalr.String(d.Get("aws.0.account_type").(string)) + configurationOptions.AwsCredentialsType = scalr.String(d.Get("aws.0.credentials_type").(string)) + + accessKeyIdI, accessKeyIdExists := d.GetOk("aws.0.access_key") + accessKeyIdExists = accessKeyIdExists && len(accessKeyIdI.(string)) > 0 + accessSecretKeyI, accessSecretKeyExists := d.GetOk("aws.0.secret_key") + accessSecretKeyExists = accessSecretKeyExists && len(accessSecretKeyI.(string)) > 0 + + if accessKeyIdExists && accessSecretKeyExists { + configurationOptions.AwsAccessKey = scalr.String(accessKeyIdI.(string)) + configurationOptions.AwsSecretKey = scalr.String(accessSecretKeyI.(string)) + } else if accessKeyIdExists || accessSecretKeyExists { + return fmt.Errorf("'access_key' and 'secret_key' fields can be used only together") } - if v, ok := d.GetOk("aws.0.secret_key"); ok { - configurationOptions.AwsSecretKey = scalr.String(v.(string)) + + if *configurationOptions.AwsCredentialsType == "role_delegation" { + configurationOptions.AwsTrustedEntityType = scalr.String(d.Get("aws.0.trusted_entity_type").(string)) + configurationOptions.AwsRoleArn = scalr.String(d.Get("aws.0.role_arn").(string)) + configurationOptions.AwsExternalId = scalr.String(d.Get("aws.0.external_id").(string)) + if len(*configurationOptions.AwsTrustedEntityType) == 0 { + return fmt.Errorf("'trusted_entity_type' field is required for 'role_delegation' credentials type of aws provider configuration") + } + if len(*configurationOptions.AwsRoleArn) == 0 { + return fmt.Errorf("'role_arn' field is required for 'role_delegation' credentials type of aws provider configuration") + } + if len(*configurationOptions.AwsExternalId) == 0 { + return fmt.Errorf("'external_id' field is required for 'role_delegation' credentials type of aws provider configuration") + } + } else if *configurationOptions.AwsCredentialsType != "access_keys" { + return fmt.Errorf("unknown aws provider configuration credentials type: %s, allowed: 'role_delegation', 'access_keys'", *configurationOptions.AwsCredentialsType) + } else if !accessKeyIdExists || !accessSecretKeyExists { + return fmt.Errorf("'access_key' and 'secret_key' fields are required for 'access_keys' credentials type of aws provider configuration") } - } else if d.HasChange("google") { + } else if _, ok := d.GetOk("google"); ok { if v, ok := d.GetOk("google.0.project"); ok { configurationOptions.GoogleProject = scalr.String(v.(string)) } if v, ok := d.GetOk("google.0.credentials"); ok { configurationOptions.GoogleCredentials = scalr.String(v.(string)) } - } else if d.HasChange("azurerm") { + } else if _, ok := d.GetOk("azurerm"); ok { if v, ok := d.GetOk("azurerm.0.client_id"); ok { configurationOptions.AzurermClientId = scalr.String(v.(string)) } diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index c57da5a9..8479aec2 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -2,6 +2,7 @@ package scalr import ( "fmt" + "os" "regexp" "strings" "testing" @@ -90,6 +91,7 @@ func TestAccProviderConfiguration_aws(t *testing.T) { var providerConfiguration scalr.ProviderConfiguration rName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) rNewName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) + accessKeyId, secretAccessKey, roleArn, externalId := getAwsTestingCreds(t) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -97,7 +99,7 @@ func TestAccProviderConfiguration_aws(t *testing.T) { CheckDestroy: testAccCheckProviderConfigurationResourceDestroy, Steps: []resource.TestStep{ { - Config: testAccScalrPorivderConfigurationAwsConfig(rName), + Config: testAccScalrProviderConfigurationAwsConfig(rName, accessKeyId, secretAccessKey, roleArn, externalId), Check: resource.ComposeTestCheckFunc( testAccCheckProviderConfigurationExists("scalr_provider_configuration.aws", &providerConfiguration), testAccCheckProviderConfigurationAwsValues(&providerConfiguration, rName), @@ -107,12 +109,12 @@ func TestAccProviderConfiguration_aws(t *testing.T) { resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "google.#", "0"), resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "azurerm.#", "0"), resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "custom.#", "0"), - resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.access_key", "my-access-key"), - resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.secret_key", "my-secret-key"), + resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.credentials_type", "role_delegation"), + resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.account_type", "regular"), ), }, { - Config: testAccScalrPorivderConfigurationAwsUpdatedConfig(rNewName), + Config: testAccScalrProviderConfigurationAwsUpdatedConfig(rNewName, accessKeyId, secretAccessKey, roleArn, externalId), Check: resource.ComposeTestCheckFunc( testAccCheckProviderConfigurationExists("scalr_provider_configuration.aws", &providerConfiguration), testAccCheckProviderConfigurationAwsUpdatedValues(&providerConfiguration, rNewName), @@ -122,8 +124,8 @@ func TestAccProviderConfiguration_aws(t *testing.T) { resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "google.#", "0"), resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "azurerm.#", "0"), resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "custom.#", "0"), - resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.access_key", ""), - resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.secret_key", "my-new-secret-key"), + resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.credentials_type", "role_delegation"), + resource.TestCheckResourceAttr("scalr_provider_configuration.aws", "aws.0.account_type", "gov-cloud"), ), }, }, @@ -302,8 +304,11 @@ func testAccCheckProviderConfigurationAwsValues(providerConfiguration *scalr.Pro if providerConfiguration.ExportShellVariables != false { return fmt.Errorf("bad export shell variables, expected \"%t\", got: %#v", false, providerConfiguration.ExportShellVariables) } - if providerConfiguration.AwsAccessKey != "my-access-key" { - return fmt.Errorf("bad aws access key, expected \"%s\", got: %#v", "my-access-key", providerConfiguration.AwsAccessKey) + if providerConfiguration.AwsCredentialsType != "role_delegation" { + return fmt.Errorf("bad aws credentials type, expected \"%s\", got: %#v", "role_delegation", providerConfiguration.AwsCredentialsType) + } + if providerConfiguration.AwsAccountType != "regular" { + return fmt.Errorf("bad aws account type, expected \"%s\", got: %#v", "regular", providerConfiguration.AwsAccountType) } return nil } @@ -317,8 +322,11 @@ func testAccCheckProviderConfigurationAwsUpdatedValues(providerConfiguration *sc if providerConfiguration.ExportShellVariables != true { return fmt.Errorf("bad export shell variables, expected \"%t\", got: %#v", true, providerConfiguration.ExportShellVariables) } - if providerConfiguration.AwsAccessKey != "" { - return fmt.Errorf("bad aws access key, expected \"%s\", got: %#v", "my-new-access-key", providerConfiguration.AwsAccessKey) + if providerConfiguration.AwsCredentialsType != "role_delegation" { + return fmt.Errorf("bad aws credentials type, expected \"%s\", got: %#v", "role_delegation", providerConfiguration.AwsCredentialsType) + } + if providerConfiguration.AwsAccountType != "gov-cloud" { + return fmt.Errorf("bad aws account type, expected \"%s\", got: %#v", "gov-cloud", providerConfiguration.AwsAccountType) } return nil } @@ -444,6 +452,20 @@ func testAccCheckProviderConfigurationResourceDestroy(s *terraform.State) error return nil } +func getAwsTestingCreds(t *testing.T) (accessKeyId, secretAccessKey, roleArn, externalId string) { + accessKeyId = os.Getenv("TEST_AWS_ACCESS_KEY") + secretAccessKey = os.Getenv("TEST_AWS_SECRET_KEY") + roleArn = os.Getenv("TEST_AWS_ROLE_ARN") + externalId = os.Getenv("TEST_AWS_EXTERNAL_ID") + if len(accessKeyId) == 0 || + len(secretAccessKey) == 0 || + len(roleArn) == 0 || + len(externalId) == 0 { + t.Fatal("TEST_AWS_ACCESS_KEY, TEST_AWS_SECRET_KEY, TEST_AWS_ROLE_ARN and TEST_AWS_EXTERNAL_ID env variables should be specified.") + } + return +} + func testAccScalrPorivderConfigurationCustomConfig(name string) string { return fmt.Sprintf(` resource "scalr_provider_configuration" "kubernetes" { @@ -511,31 +533,43 @@ resource "scalr_provider_configuration" "kubernetes" { `, name, defaultAccount) } -func testAccScalrPorivderConfigurationAwsConfig(name string) string { +func testAccScalrProviderConfigurationAwsConfig(name, accessKeyId, secretAccessKey, roleArn, externalId string) string { return fmt.Sprintf(` resource "scalr_provider_configuration" "aws" { name = "%s" account_id = "%s" export_shell_variables = false aws { - secret_key = "my-secret-key" - access_key = "my-access-key" + account_type = "regular" + credentials_type = "role_delegation" + access_key = "%s" + secret_key = "%s" + role_arn = "%s" + external_id = "%s" + trusted_entity_type = "aws_account" } } -`, name, defaultAccount) +`, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId) } -func testAccScalrPorivderConfigurationAwsUpdatedConfig(name string) string { +func testAccScalrProviderConfigurationAwsUpdatedConfig(name, accessKeyId, secretAccessKey, roleArn, externalId string) string { return fmt.Sprintf(` resource "scalr_provider_configuration" "aws" { name = "%s" account_id = "%s" export_shell_variables = true aws { - secret_key = "my-new-secret-key" + account_type = "gov-cloud" + credentials_type = "role_delegation" + access_key = "%s" + secret_key = "%s" + role_arn = "%s" + external_id = "%s" + trusted_entity_type = "aws_account" + } } -`, name, defaultAccount) +`, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId) } func testAccScalrPorivderConfigurationGoogleConfig(name string) string { From ae27d9cd0d57a33a4bec1d9ee101064797ebbce2 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Fri, 3 Jun 2022 11:31:54 +0300 Subject: [PATCH 2/9] SCALRCORE-21901 pass testing credentials through github secrets. --- .github/workflows/default.yml | 4 ++++ .github/workflows/upstream.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml index ac232d8e..8542a7ec 100644 --- a/.github/workflows/default.yml +++ b/.github/workflows/default.yml @@ -54,6 +54,10 @@ jobs: env: SCALR_HOSTNAME: ${{ steps.create.outputs.hostname }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TEST_AWS_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_KEY }} + TEST_AWS_SECRET_KEY: ${{ secrets.TEST_AWS_SECRET_KEY }} + TEST_AWS_ROLE_ARN: ${{ secrets.TEST_AWS_ROLE_ARN }} + TEST_AWS_EXTERNAL_ID: ${{ secrets.TEST_AWS_EXTERNAL_ID }} run: make testacc - name: Install goveralls env: diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index 0af59d7c..70a0edfb 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -39,6 +39,10 @@ jobs: env: SCALR_HOSTNAME: ${{ steps.create.outputs.hostname }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TEST_AWS_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_KEY }} + TEST_AWS_SECRET_KEY: ${{ secrets.TEST_AWS_SECRET_KEY }} + TEST_AWS_ROLE_ARN: ${{ secrets.TEST_AWS_ROLE_ARN }} + TEST_AWS_EXTERNAL_ID: ${{ secrets.TEST_AWS_EXTERNAL_ID }} run: make testacc - name: Delete container id: delete From f10831d8c2ce873f29cba10793a1d04dbb0cba76 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Fri, 3 Jun 2022 12:47:39 +0300 Subject: [PATCH 3/9] SCALRCORE-21901 skip aws provider configuration tests if credentials variables are not set. --- go.mod | 2 +- go.sum | 4 ++-- scalr/resource_scalr_provider_configuration_test.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6adaaca9..84e4f147 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ require ( github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 - github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702 + github.com/scalr/go-scalr v0.0.0-20220603085712-4b9b0f33b65d ) require ( diff --git a/go.sum b/go.sum index a02ed1b0..a013b4b8 100644 --- a/go.sum +++ b/go.sum @@ -299,8 +299,8 @@ github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6D github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702 h1:rp50DdNsoIeXBwPSmV5DVB85JtZFFDnCBN2bYlJJzR0= -github.com/scalr/go-scalr v0.0.0-20220602113126-7f3f96281702/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE= +github.com/scalr/go-scalr v0.0.0-20220603085712-4b9b0f33b65d h1:k89cNj1h4TWGFQqZLdYOLttCky9ejP0pSoY9a38faas= +github.com/scalr/go-scalr v0.0.0-20220603085712-4b9b0f33b65d/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index 8479aec2..ce313d6b 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -461,7 +461,7 @@ func getAwsTestingCreds(t *testing.T) (accessKeyId, secretAccessKey, roleArn, ex len(secretAccessKey) == 0 || len(roleArn) == 0 || len(externalId) == 0 { - t.Fatal("TEST_AWS_ACCESS_KEY, TEST_AWS_SECRET_KEY, TEST_AWS_ROLE_ARN and TEST_AWS_EXTERNAL_ID env variables should be specified.") + t.Skip("Please set TEST_AWS_ACCESS_KEY, TEST_AWS_SECRET_KEY, TEST_AWS_ROLE_ARN and TEST_AWS_EXTERNAL_ID env variables to run this test.") } return } From 339d1597d9c7879c19965e6e4a90309dc5678edd Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 16:47:16 +0300 Subject: [PATCH 4/9] SCALRCORE-21901 fix provider_configuration data source test. --- ...ource_scalr_provider_configuration_test.go | 102 +++++++----------- 1 file changed, 40 insertions(+), 62 deletions(-) diff --git a/scalr/data_source_scalr_provider_configuration_test.go b/scalr/data_source_scalr_provider_configuration_test.go index 683e9327..430abef2 100644 --- a/scalr/data_source_scalr_provider_configuration_test.go +++ b/scalr/data_source_scalr_provider_configuration_test.go @@ -7,88 +7,66 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" ) -func TestAccScalrProviderConfigurationDataSource_name(t *testing.T) { +func TestAccScalrProviderConfigurationDataSource(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ { - Config: testAccScalrProviderConfigurationAwsDataSourceInitConfig, // depends_on works improperly with data sources + Config: testAccScalrProviderConfigurationDataSourceInitConfig, // depends_on works improperly with data sources }, { - Config: testAccScalrProviderConfigurationAwsDataSourceConfig, + Config: testAccScalrProviderConfigurationDataSourceConfig, Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckEqualID("data.scalr_provider_configuration.aws", "scalr_provider_configuration.aws"), + testAccCheckEqualID("data.scalr_provider_configuration.kubernetes", "scalr_provider_configuration.kubernetes"), + testAccCheckEqualID("data.scalr_provider_configuration.consul", "scalr_provider_configuration.consul"), ), }, { - Config: testAccScalrProviderConfigurationAwsDataSourceInitConfig, - }, - }, - }) -} -func TestAccScalrProviderConfigurationDataSource_provider_name(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccScalrProviderConfigurationGoogleDataSourceInitConfig, - }, - { - Config: testAccScalrProviderConfigurationGoogleDataSourceConfig, - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckEqualID("data.scalr_provider_configuration.google", "scalr_provider_configuration.google"), - ), - }, - { - Config: testAccScalrProviderConfigurationAwsDataSourceInitConfig, + Config: testAccScalrProviderConfigurationDataSourceInitConfig, }, }, }) } -var testAccScalrProviderConfigurationAwsDataSourceInitConfig = fmt.Sprintf(` -resource "scalr_provider_configuration" "google" { - name = "google_pcfg" +var testAccScalrProviderConfigurationDataSourceInitConfig = fmt.Sprintf(` +resource "scalr_provider_configuration" "kubernetes" { + name = "kubernetes1" account_id = "%[1]s" - google { - project = "my-new-project" - credentials = "my-new-credentials" + custom { + provider_name = "kubernetes" + argument { + name = "host" + value = "my-host" + } + argument { + name = "username" + value = "my-username" + } } } -resource "scalr_provider_configuration" "aws" { - name = "aws_pcfg" - account_id = "%[1]s" - aws { - secret_key = "my-new-secret-key" - access_key = "my-new-access-key" +resource "scalr_provider_configuration" "consul" { + name = "consul" + account_id = "%[1]s" + custom { + provider_name = "consul" + argument { + name = "address" + value = "demo.consul.io:80" + } + argument { + name = "datacenter" + value = "nyc1" + } } -}`, defaultAccount) -var testAccScalrProviderConfigurationAwsDataSourceConfig = testAccScalrProviderConfigurationAwsDataSourceInitConfig + ` -data "scalr_provider_configuration" "aws" { - name = scalr_provider_configuration.aws.name } -` +`, defaultAccount) -var testAccScalrProviderConfigurationGoogleDataSourceInitConfig = fmt.Sprintf(` -resource "scalr_provider_configuration" "google" { - name = "google_pcfg" - account_id = "%[1]s" - google { - project = "my-new-project" - credentials = "my-new-credentials" - } +var testAccScalrProviderConfigurationDataSourceConfig = testAccScalrProviderConfigurationDataSourceInitConfig + ` +data "scalr_provider_configuration" "kubernetes" { + name = scalr_provider_configuration.kubernetes.name } -resource "scalr_provider_configuration" "aws" { - name = "aws_pcfg" - account_id = "%[1]s" - aws { - secret_key = "my-new-secret-key" - access_key = "my-new-access-key" - } -}`, defaultAccount) -var testAccScalrProviderConfigurationGoogleDataSourceConfig = testAccScalrProviderConfigurationGoogleDataSourceInitConfig + ` -data "scalr_provider_configuration" "google" { - provider_name = "google" -}` +data "scalr_provider_configuration" "consul" { + provider_name = "consul" +} +` From be72d9c8fca79a5002afb0240e2f56c3e7960c31 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 16:51:11 +0300 Subject: [PATCH 5/9] SCALRCORE-21901 fix TestAccProviderConfiguration_custom --- scalr/resource_scalr_provider_configuration_test.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index ce313d6b..0371ac02 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -526,8 +526,11 @@ resource "scalr_provider_configuration" "kubernetes" { account_id = "%s" export_shell_variables = false aws { - secret_key = "my-secret-key" - access_key = "my-access-key" + account_type = "gov-cloud" + credentials_type = "access_keys" + access_key = "access_key" + secret_key = "secret_key" + trusted_entity_type = "aws_account" } } `, name, defaultAccount) @@ -561,12 +564,11 @@ resource "scalr_provider_configuration" "aws" { aws { account_type = "gov-cloud" credentials_type = "role_delegation" - access_key = "%s" + access_key = "%s" secret_key = "%s" role_arn = "%s" external_id = "%s" trusted_entity_type = "aws_account" - } } `, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId) From 5771067b1d91987b206514b4fa9c1d7b43d13413 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 16:52:58 +0300 Subject: [PATCH 6/9] SCALRCORE-21901 skip azurerm tests --- scalr/resource_scalr_provider_configuration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index 0371ac02..701cd8cd 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -177,6 +177,7 @@ func TestAccProviderConfiguration_google(t *testing.T) { } func TestAccProviderConfiguration_azurerm(t *testing.T) { + t.Skip("TODO: add a valid credentials for azurerm testing.") var providerConfiguration scalr.ProviderConfiguration rName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) rNewName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) From 2ac791d24fe398e04fbb4ee850964e6cf2b28ca4 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 16:58:02 +0300 Subject: [PATCH 7/9] SCALRCORE-21901 format testing configurations. --- ...ource_scalr_provider_configuration_test.go | 73 ++++++++++--------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index 701cd8cd..307b30a2 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -476,10 +476,10 @@ resource "scalr_provider_configuration" "kubernetes" { custom { provider_name = "kubernetes" argument { - name = "config_path" - value = "~/.kube/config" - sensitive = false - description = "A path to a kube config file. some typo..." + name = "config_path" + value = "~/.kube/config" + sensitive = false + description = "A path to a kube config file. some typo..." } argument { name = "client_certificate" @@ -487,8 +487,8 @@ resource "scalr_provider_configuration" "kubernetes" { sensitive = true } argument { - name = "host" - value = "my-host" + name = "host" + value = "my-host" } } } @@ -497,24 +497,25 @@ resource "scalr_provider_configuration" "kubernetes" { func testAccScalrPorivderConfigurationCustomConfigUpdated(name string) string { return fmt.Sprintf(` resource "scalr_provider_configuration" "kubernetes" { - name = "%s" - account_id = "%s" + name = "%s" + account_id = "%s" custom { provider_name = "kubernetes" argument { - name = "config_path" - value = "~/.kube/config" - sensitive = true - description = "A path to a kube config file." + name = "config_path" + value = "~/.kube/config" + sensitive = true + description = "A path to a kube config file." } argument { - name = "host" - value = "my-host" + name = "host" + value = "my-host" } - argument { - name = "username" - value = "my-username" - } + argument { + name = "username" + value = "my-username" + } + } } `, name, defaultAccount) @@ -527,11 +528,11 @@ resource "scalr_provider_configuration" "kubernetes" { account_id = "%s" export_shell_variables = false aws { - account_type = "gov-cloud" - credentials_type = "access_keys" - access_key = "access_key" - secret_key = "secret_key" - trusted_entity_type = "aws_account" + account_type = "gov-cloud" + credentials_type = "access_keys" + access_key = "access_key" + secret_key = "secret_key" + trusted_entity_type = "aws_account" } } `, name, defaultAccount) @@ -544,13 +545,13 @@ resource "scalr_provider_configuration" "aws" { account_id = "%s" export_shell_variables = false aws { - account_type = "regular" - credentials_type = "role_delegation" + account_type = "regular" + credentials_type = "role_delegation" access_key = "%s" - secret_key = "%s" - role_arn = "%s" - external_id = "%s" - trusted_entity_type = "aws_account" + secret_key = "%s" + role_arn = "%s" + external_id = "%s" + trusted_entity_type = "aws_account" } } `, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId) @@ -563,13 +564,13 @@ resource "scalr_provider_configuration" "aws" { account_id = "%s" export_shell_variables = true aws { - account_type = "gov-cloud" - credentials_type = "role_delegation" - access_key = "%s" - secret_key = "%s" - role_arn = "%s" - external_id = "%s" - trusted_entity_type = "aws_account" + account_type = "gov-cloud" + credentials_type = "role_delegation" + access_key = "%s" + secret_key = "%s" + role_arn = "%s" + external_id = "%s" + trusted_entity_type = "aws_account" } } `, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId) From 69bbbf1198f0e50085b1ce67632fb65bbb76b3d5 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 17:56:17 +0300 Subject: [PATCH 8/9] SCALRCORE-21901 fix provider configurations data source tests --- ...urce_scalr_provider_configurations_test.go | 137 +++++++----------- 1 file changed, 56 insertions(+), 81 deletions(-) diff --git a/scalr/data_source_scalr_provider_configurations_test.go b/scalr/data_source_scalr_provider_configurations_test.go index df622d95..51552d75 100644 --- a/scalr/data_source_scalr_provider_configurations_test.go +++ b/scalr/data_source_scalr_provider_configurations_test.go @@ -8,50 +8,32 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/terraform" ) -func TestAccScalrProviderConfigurationsDataSource_name(t *testing.T) { +func TestAccScalrProviderConfigurationsDataSource(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ { - Config: testAccScalrProviderConfigurationsAwsDataSourceInitConfig, // depends_on works improperly with data sources + Config: testAccScalrProviderConfigurationsDataSourceInitConfig, // depends_on works improperly with data sources }, { - Config: testAccScalrProviderConfigurationsAwsDataSourceConfig, + Config: testAccScalrProviderConfigurationsDataSourceConfig, Check: resource.ComposeAggregateTestCheckFunc( testAccCheckProviderConfigurationsDataSourceNameFilter(), - ), - }, - { - Config: testAccScalrProviderConfigurationsAwsDataSourceInitConfig, // depends_on works improperly with data sources - }, - }, - }) -} -func TestAccScalrProviderConfigurationsDataSource_provider_name(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccScalrProviderConfigurationsGoogleDataSourceInitConfig, - }, - { - Config: testAccScalrProviderConfigurationsGoogleDataSourceConfig, - Check: resource.ComposeAggregateTestCheckFunc( testAccCheckProviderConfigurationsDataSourceTypeFilter(), ), }, { - Config: testAccScalrProviderConfigurationsGoogleDataSourceInitConfig, + Config: testAccScalrProviderConfigurationsDataSourceInitConfig, // depends_on works improperly with data sources }, }, }) } + func testAccCheckProviderConfigurationsDataSourceNameFilter() resource.TestCheckFunc { return func(s *terraform.State) error { var expectedIds []string - resourceNames := []string{"aws", "aws2"} + resourceNames := []string{"kubernetes2", "consul"} for _, name := range resourceNames { rsName := "scalr_provider_configuration." + name rs, ok := s.RootModule().Resources[rsName] @@ -61,9 +43,9 @@ func testAccCheckProviderConfigurationsDataSourceNameFilter() resource.TestCheck expectedIds = append(expectedIds, rs.Primary.ID) } - dataSource, ok := s.RootModule().Resources["data.scalr_provider_configurations.aws"] + dataSource, ok := s.RootModule().Resources["data.scalr_provider_configurations.kubernetes2consul"] if !ok { - return fmt.Errorf("Not found: data.scalr_provider_configurations.aws") + return fmt.Errorf("Not found: data.scalr_provider_configurations.kubernetes2consul") } if dataSource.Primary.Attributes["ids.#"] != "2" { return fmt.Errorf("Bad provider configuration ids, expected: %#v, got: %#v", expectedIds, dataSource.Primary.Attributes["ids"]) @@ -90,7 +72,7 @@ func testAccCheckProviderConfigurationsDataSourceNameFilter() resource.TestCheck func testAccCheckProviderConfigurationsDataSourceTypeFilter() resource.TestCheckFunc { return func(s *terraform.State) error { var expectedIds []string - resourceNames := []string{"google", "google2"} + resourceNames := []string{"kubernetes1", "kubernetes2"} for _, name := range resourceNames { rsName := "scalr_provider_configuration." + name rs, ok := s.RootModule().Resources[rsName] @@ -100,9 +82,9 @@ func testAccCheckProviderConfigurationsDataSourceTypeFilter() resource.TestCheck expectedIds = append(expectedIds, rs.Primary.ID) } - dataSource, ok := s.RootModule().Resources["data.scalr_provider_configurations.google"] + dataSource, ok := s.RootModule().Resources["data.scalr_provider_configurations.kubernetes"] if !ok { - return fmt.Errorf("Not found: data.scalr_provider_configurations.google") + return fmt.Errorf("Not found: data.scalr_provider_configurations.kubernetes") } if dataSource.Primary.Attributes["ids.#"] != "2" { return fmt.Errorf("Bad provider configuration ids, expected: %#v, got: %#v", expectedIds, dataSource.Primary.Attributes["ids"]) @@ -121,69 +103,62 @@ func testAccCheckProviderConfigurationsDataSourceTypeFilter() resource.TestCheck return fmt.Errorf("Bad provider configuration ids, expected: %#v, got: %#v", expectedIds, resultIds) } } - return nil } } -var testAccScalrProviderConfigurationsAwsDataSourceInitConfig = fmt.Sprintf(` -resource "scalr_provider_configuration" "google" { - name = "google_pcfg" +var testAccScalrProviderConfigurationsDataSourceInitConfig = fmt.Sprintf(` +resource "scalr_provider_configuration" "kubernetes1" { + name = "kubernetes1" account_id = "%[1]s" - google { - project = "my-new-project" - credentials = "my-new-credentials" - } -} -resource "scalr_provider_configuration" "aws" { - name = "aws_pcfg" - account_id = "%[1]s" - aws { - secret_key = "my-new-secret-key" - access_key = "my-new-access-key" - } -} -resource "scalr_provider_configuration" "aws2" { - name = "aws2_pcfg" - account_id = "%[1]s" - aws { - secret_key = "my-new-secret-key" - access_key = "my-new-access-key" + custom { + provider_name = "kubernetes" + argument { + name = "host" + value = "my-host" + } + argument { + name = "username" + value = "my-username" + } } -}`, defaultAccount) -var testAccScalrProviderConfigurationsAwsDataSourceConfig = testAccScalrProviderConfigurationsAwsDataSourceInitConfig + ` -data "scalr_provider_configurations" "aws" { - name = "in:aws_pcfg,aws2_pcfg" } -` - -var testAccScalrProviderConfigurationsGoogleDataSourceInitConfig = fmt.Sprintf(` -resource "scalr_provider_configuration" "google" { - name = "google_pcfg" +resource "scalr_provider_configuration" "kubernetes2" { + name = "kubernetes2" account_id = "%[1]s" - google { - project = "my-new-project" - credentials = "my-new-credentials" + custom { + provider_name = "kubernetes" + argument { + name = "host" + value = "my-host2" + } + argument { + name = "username" + value = "my-username2" + } } } -resource "scalr_provider_configuration" "google2" { - name = "google2_pcfg" +resource "scalr_provider_configuration" "consul" { + name = "consul" account_id = "%[1]s" - google { - project = "my-new-project" - credentials = "my-new-credentials" - } -} -resource "scalr_provider_configuration" "aws" { - name = "aws_pcfg" - account_id = "%[1]s" - aws { - secret_key = "my-new-secret-key" - access_key = "my-new-access-key" + custom { + provider_name = "consul" + argument { + name = "address" + value = "demo.consul.io:80" + } + argument { + name = "datacenter" + value = "nyc1" + } } }`, defaultAccount) -var testAccScalrProviderConfigurationsGoogleDataSourceConfig = testAccScalrProviderConfigurationsGoogleDataSourceInitConfig + ` -data "scalr_provider_configurations" "google" { - provider_name = "google" -}` +var testAccScalrProviderConfigurationsDataSourceConfig = testAccScalrProviderConfigurationsDataSourceInitConfig + ` +data "scalr_provider_configurations" "kubernetes2consul" { + name = "in:kubernetes2,consul" +} +data "scalr_provider_configurations" "kubernetes" { + provider_name = "kubernetes" +} +` From f1df2d2957a08b0458715a81c264592714374b54 Mon Sep 17 00:00:00 2001 From: Vladyslav Mihun Date: Wed, 8 Jun 2022 18:05:38 +0300 Subject: [PATCH 9/9] SCALRCORE-21901 fix lint --- scalr/resource_scalr_provider_configuration_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scalr/resource_scalr_provider_configuration_test.go b/scalr/resource_scalr_provider_configuration_test.go index 307b30a2..f3c28b1b 100644 --- a/scalr/resource_scalr_provider_configuration_test.go +++ b/scalr/resource_scalr_provider_configuration_test.go @@ -177,7 +177,9 @@ func TestAccProviderConfiguration_google(t *testing.T) { } func TestAccProviderConfiguration_azurerm(t *testing.T) { - t.Skip("TODO: add a valid credentials for azurerm testing.") + if true { + t.Skip("TODO: add a valid credentials for azurerm testing.") + } var providerConfiguration scalr.ProviderConfiguration rName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) rNewName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)