From fd8ba270a167ba1772aaef0ad630ec4ee6cb34c0 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 2 Sep 2024 11:17:08 +0100 Subject: [PATCH 01/24] add error message handling & unit test --- .../resource.go | 41 ++++++--- .../resource_test.go | 85 ++++++++++++++++++- 2 files changed, 112 insertions(+), 14 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 48a928d7b1..ac50c60cc0 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -3,21 +3,23 @@ package encryptionatrestprivateendpoint import ( "context" "errors" - "fmt" "net/http" "regexp" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( encryptionAtRestPrivateEndpointName = "encryption_at_rest_private_endpoint" warnUnsupportedOperation = "Operation not supported" failedStatusErrorMessage = "Private endpoint is in a failed status" + nonEmptyErrorMessageField = "Something went wrong. Please review the `Status` field of this resource" ) var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} @@ -64,8 +66,11 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso privateEndpointModel := NewTFEarPrivateEndpoint(finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) - if err := getErrorMsgForFailedStatus(finalResp); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + if shouldError, errMsg := CheckErrorMessageAndStatus(finalResp); errMsg != nil || shouldError { + if shouldError { + resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + } + resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) } } @@ -92,8 +97,11 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour } resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(endpointModel, projectID))...) - if err := getErrorMsgForFailedStatus(endpointModel); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + if shouldError, errMsg := CheckErrorMessageAndStatus(endpointModel); errMsg != nil || shouldError { + if shouldError { + resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + } + resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) } } @@ -122,8 +130,12 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso resp.Diagnostics.AddError("error when waiting for status transition in delete", err.Error()) return } - if err := getErrorMsgForFailedStatus(model); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + + if shouldError, errMsg := CheckErrorMessageAndStatus(model); errMsg != nil || shouldError { + if shouldError { + resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + } + resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) } } @@ -154,10 +166,13 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func getErrorMsgForFailedStatus(model *admin.EARPrivateEndpoint) error { - if model.GetStatus() != retrystrategy.RetryStrategyFailedState { - return nil +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, errMsg *string) { + if model.GetStatus() == retrystrategy.RetryStrategyFailedState { + return true, model.ErrorMessage + } + + if model.GetErrorMessage() != "" { + return false, model.ErrorMessage } - msg := model.GetErrorMessage() - return fmt.Errorf("detail of error message: %s", msg) + return false, nil } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 1c573467e4..81312134f3 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -6,12 +6,16 @@ import ( "os" "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/stretchr/testify/assert" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( @@ -107,6 +111,85 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * }) } +type errMsgTestCase struct { + SDKResp *admin.EARPrivateEndpoint + expectedErrMsg *string + expectedShouldErr bool +} + +func TestCheckErrorMessageAndStatus(t *testing.T) { + testCases := map[string]errMsgTestCase{ + "FAILED status with no error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: nil, + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedShouldErr: true, + expectedErrMsg: nil, + }, + "FAILED status with error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString("test err message"), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedShouldErr: true, + expectedErrMsg: conversion.StringPtr("test err message"), + }, + "non-empty error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString("private endpoint was rejected"), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedShouldErr: false, + expectedErrMsg: conversion.StringPtr("private endpoint was rejected"), + }, + "nil error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: nil, + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedShouldErr: false, + expectedErrMsg: nil, + }, + "empty error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(""), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedShouldErr: false, + expectedErrMsg: nil, + }, + } + + for testName, tc := range testCases { + t.Run(testName, func(t *testing.T) { + shouldError, errMsg := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) + assert.Equal(t, tc.expectedShouldErr, shouldError, "shouldError did not match expected output") + assert.Equal(t, tc.expectedErrMsg, errMsg, "errMsg did not match expected output") + }) + } +} + func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { return func(s *terraform.State) (string, error) { rs, ok := s.RootModule().Resources[resourceName] From 4bd71a8e7c5274a592b367de08d70a4df9a1fc1e Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 2 Sep 2024 12:27:52 +0100 Subject: [PATCH 02/24] minor --- .../resource.go | 55 ++++++++++++++----- .../resource_test.go | 35 +++++++----- 2 files changed, 61 insertions(+), 29 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index a2c4350ff5..b6f91f5934 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" ) @@ -18,8 +19,10 @@ import ( const ( encryptionAtRestPrivateEndpointName = "encryption_at_rest_private_endpoint" warnUnsupportedOperation = "Operation not supported" - failedStatusErrorMessage = "Private endpoint is in a failed status" - nonEmptyErrorMessageField = "Something went wrong. Please review the `Status` field of this resource" + FailedStatusErrorMessageSummary = "Private endpoint is in a failed status" + NonEmptyErrorMessageFieldSummary = "Something went wrong. Please review the `Status` field of this resource" + pendingAcceptanceWarnMsgSummary = "Private endpoint is in PENDING_ACCEPTANCE status" + pendingAcceptanceWarnMsg = "Please ensure to approve the private endpoint connection. If recently approved, please ignore this warning & wait for a few minutes for the status to update." ) var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} @@ -66,11 +69,17 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso privateEndpointModel := NewTFEarPrivateEndpoint(*finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) - if shouldError, errMsg := CheckErrorMessageAndStatus(finalResp); errMsg != nil || shouldError { + + if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(finalResp); errMsg != nil || shouldError { if shouldError { - resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + resp.Diagnostics.AddError(*msgSummary, *errMsg) + return } - resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) + resp.Diagnostics.AddWarning(*msgSummary, *errMsg) + return + } + if isStatusPendingAcceptance(finalResp) { + resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) } } @@ -97,11 +106,17 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour } resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) - if shouldError, errMsg := CheckErrorMessageAndStatus(endpointModel); errMsg != nil || shouldError { + + if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(endpointModel); errMsg != nil || shouldError { if shouldError { - resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + resp.Diagnostics.AddError(*msgSummary, *errMsg) + return } - resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) + resp.Diagnostics.AddWarning(*msgSummary, *errMsg) + return + } + if isStatusPendingAcceptance(endpointModel) { + resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) } } @@ -131,11 +146,16 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso return } - if shouldError, errMsg := CheckErrorMessageAndStatus(model); errMsg != nil || shouldError { + if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(model); errMsg != nil || shouldError { if shouldError { - resp.Diagnostics.AddError(failedStatusErrorMessage, *errMsg) + resp.Diagnostics.AddError(*msgSummary, *errMsg) + return } - resp.Diagnostics.AddWarning(nonEmptyErrorMessageField, *errMsg) + resp.Diagnostics.AddWarning(*msgSummary, *errMsg) + return + } + if isStatusPendingAcceptance(model) { + resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) } } @@ -166,13 +186,18 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, errMsg *string) { +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, msgSummary *string, errMsg *string) { if model.GetStatus() == retrystrategy.RetryStrategyFailedState { - return true, model.ErrorMessage + return true, conversion.StringPtr(FailedStatusErrorMessageSummary), model.ErrorMessage } if model.GetErrorMessage() != "" { - return false, model.ErrorMessage + return false, conversion.StringPtr(NonEmptyErrorMessageFieldSummary), model.ErrorMessage } - return false, nil + + return false, nil, nil +} + +func isStatusPendingAcceptance(model *admin.EARPrivateEndpoint) bool { + return model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 6d833f557c..fd1f2351b5 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -113,9 +113,10 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * } type errMsgTestCase struct { - SDKResp *admin.EARPrivateEndpoint - expectedErrMsg *string - expectedShouldErr bool + SDKResp *admin.EARPrivateEndpoint + expectedErrMsg *string + expectedErrMsgSummary *string + expectedShouldErr bool } func TestCheckErrorMessageAndStatus(t *testing.T) { @@ -129,8 +130,9 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedShouldErr: true, - expectedErrMsg: nil, + expectedShouldErr: true, + expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary), + expectedErrMsg: nil, }, "FAILED status with error_message": { SDKResp: &admin.EARPrivateEndpoint{ @@ -141,8 +143,9 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedShouldErr: true, - expectedErrMsg: conversion.StringPtr("test err message"), + expectedShouldErr: true, + expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary), + expectedErrMsg: conversion.StringPtr("test err message"), }, "non-empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ @@ -153,8 +156,9 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedShouldErr: false, - expectedErrMsg: conversion.StringPtr("private endpoint was rejected"), + expectedShouldErr: false, + expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary), + expectedErrMsg: conversion.StringPtr("private endpoint was rejected"), }, "nil error_message": { SDKResp: &admin.EARPrivateEndpoint{ @@ -165,8 +169,9 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedShouldErr: false, - expectedErrMsg: nil, + expectedShouldErr: false, + expectedErrMsgSummary: nil, + expectedErrMsg: nil, }, "empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ @@ -177,16 +182,18 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedShouldErr: false, - expectedErrMsg: nil, + expectedShouldErr: false, + expectedErrMsgSummary: nil, + expectedErrMsg: nil, }, } for testName, tc := range testCases { t.Run(testName, func(t *testing.T) { - shouldError, errMsg := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) + shouldError, expectedErrMsgSummary, errMsg := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) assert.Equal(t, tc.expectedShouldErr, shouldError, "shouldError did not match expected output") assert.Equal(t, tc.expectedErrMsg, errMsg, "errMsg did not match expected output") + assert.Equal(t, tc.expectedErrMsgSummary, expectedErrMsgSummary, "errMsgSummary did not match expected output") }) } } From 4687f7419de85842eb656723da0f3495514dba29 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 2 Sep 2024 12:34:08 +0100 Subject: [PATCH 03/24] lint fix --- internal/service/encryptionatrestprivateendpoint/resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index b6f91f5934..36c78372cf 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -186,7 +186,7 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, msgSummary *string, errMsg *string) { +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, msgSummary, errMsg *string) { if model.GetStatus() == retrystrategy.RetryStrategyFailedState { return true, conversion.StringPtr(FailedStatusErrorMessageSummary), model.ErrorMessage } From e525d5a36f60ac2068d0435de211ea4d9defb35b Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 2 Sep 2024 15:56:32 +0100 Subject: [PATCH 04/24] update logic --- .../resource.go | 66 ++++--------- .../resource_test.go | 97 +++++++++---------- 2 files changed, 63 insertions(+), 100 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 36c78372cf..4dc57de85f 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -8,10 +8,10 @@ import ( "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" ) @@ -21,8 +21,8 @@ const ( warnUnsupportedOperation = "Operation not supported" FailedStatusErrorMessageSummary = "Private endpoint is in a failed status" NonEmptyErrorMessageFieldSummary = "Something went wrong. Please review the `Status` field of this resource" - pendingAcceptanceWarnMsgSummary = "Private endpoint is in PENDING_ACCEPTANCE status" - pendingAcceptanceWarnMsg = "Please ensure to approve the private endpoint connection. If recently approved, please ignore this warning & wait for a few minutes for the status to update." + PendingAcceptanceWarnMsgSummary = "Private endpoint may be in PENDING_ACCEPTANCE status" + PendingAcceptanceWarnMsg = "Please ensure to approve the private endpoint connection. If recently approved or deleted the endpoint, please ignore this warning & wait for a few minutes for the status to update." ) var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} @@ -70,17 +70,8 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso privateEndpointModel := NewTFEarPrivateEndpoint(*finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) - if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(finalResp); errMsg != nil || shouldError { - if shouldError { - resp.Diagnostics.AddError(*msgSummary, *errMsg) - return - } - resp.Diagnostics.AddWarning(*msgSummary, *errMsg) - return - } - if isStatusPendingAcceptance(finalResp) { - resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) - } + diags := CheckErrorMessageAndStatus(finalResp, false) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { @@ -107,17 +98,8 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) - if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(endpointModel); errMsg != nil || shouldError { - if shouldError { - resp.Diagnostics.AddError(*msgSummary, *errMsg) - return - } - resp.Diagnostics.AddWarning(*msgSummary, *errMsg) - return - } - if isStatusPendingAcceptance(endpointModel) { - resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) - } + diags := CheckErrorMessageAndStatus(endpointModel, false) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { @@ -146,17 +128,8 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso return } - if shouldError, msgSummary, errMsg := CheckErrorMessageAndStatus(model); errMsg != nil || shouldError { - if shouldError { - resp.Diagnostics.AddError(*msgSummary, *errMsg) - return - } - resp.Diagnostics.AddWarning(*msgSummary, *errMsg) - return - } - if isStatusPendingAcceptance(model) { - resp.Diagnostics.AddWarning(pendingAcceptanceWarnMsgSummary, pendingAcceptanceWarnMsg) - } + diags := CheckErrorMessageAndStatus(model, true) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { @@ -186,18 +159,17 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) (shouldError bool, msgSummary, errMsg *string) { - if model.GetStatus() == retrystrategy.RetryStrategyFailedState { - return true, conversion.StringPtr(FailedStatusErrorMessageSummary), model.ErrorMessage - } +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint, isDelete bool) diag.Diagnostics { + var diags diag.Diagnostics - if model.GetErrorMessage() != "" { - return false, conversion.StringPtr(NonEmptyErrorMessageFieldSummary), model.ErrorMessage + switch { + case model.GetStatus() == retrystrategy.RetryStrategyFailedState: + diags = append(diags, diag.NewErrorDiagnostic(FailedStatusErrorMessageSummary, model.GetErrorMessage())) + case model.GetErrorMessage() != "": + diags = append(diags, diag.NewWarningDiagnostic(NonEmptyErrorMessageFieldSummary, model.GetErrorMessage())) + case model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState && !isDelete: + diags = append(diags, diag.NewWarningDiagnostic(PendingAcceptanceWarnMsgSummary, PendingAcceptanceWarnMsg)) } - return false, nil, nil -} - -func isStatusPendingAcceptance(model *admin.EARPrivateEndpoint) bool { - return model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState + return diags } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index fd1f2351b5..5ae8d5a410 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -8,6 +8,7 @@ import ( "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/stretchr/testify/assert" @@ -113,87 +114,77 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * } type errMsgTestCase struct { - SDKResp *admin.EARPrivateEndpoint - expectedErrMsg *string - expectedErrMsgSummary *string - expectedShouldErr bool + SDKResp *admin.EARPrivateEndpoint + diags diag.Diagnostics + isDelete bool } func TestCheckErrorMessageAndStatus(t *testing.T) { + var defaultDiags diag.Diagnostics + testCases := map[string]errMsgTestCase{ "FAILED status with no error_message": { SDKResp: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: nil, - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + ErrorMessage: nil, + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), + }, + isDelete: false, + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), + }, + "FAILED status with no error_message during delete": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: nil, + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), }, - expectedShouldErr: true, - expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary), - expectedErrMsg: nil, + isDelete: true, + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), }, "FAILED status with error_message": { SDKResp: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: admin.PtrString("test err message"), - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + ErrorMessage: admin.PtrString("test err message"), + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), }, - expectedShouldErr: true, - expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary), - expectedErrMsg: conversion.StringPtr("test err message"), + isDelete: false, + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "test err message")), }, "non-empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: admin.PtrString("private endpoint was rejected"), - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + ErrorMessage: admin.PtrString("private endpoint was rejected"), + Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), }, - expectedShouldErr: false, - expectedErrMsgSummary: conversion.StringPtr(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary), - expectedErrMsg: conversion.StringPtr("private endpoint was rejected"), + isDelete: false, + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary, "private endpoint was rejected")), }, "nil error_message": { SDKResp: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: nil, - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + ErrorMessage: nil, + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), }, - expectedShouldErr: false, - expectedErrMsgSummary: nil, - expectedErrMsg: nil, + isDelete: false, + diags: defaultDiags, }, "empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: admin.PtrString(""), - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + ErrorMessage: admin.PtrString(""), + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), + }, + isDelete: false, + diags: defaultDiags, + }, + "pending acceptance status": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: admin.PtrString(""), + Status: admin.PtrString(retrystrategy.RetryStrategyPendingAcceptanceState), }, - expectedShouldErr: false, - expectedErrMsgSummary: nil, - expectedErrMsg: nil, + isDelete: false, + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.PendingAcceptanceWarnMsgSummary, encryptionatrestprivateendpoint.PendingAcceptanceWarnMsg)), }, } for testName, tc := range testCases { t.Run(testName, func(t *testing.T) { - shouldError, expectedErrMsgSummary, errMsg := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) - assert.Equal(t, tc.expectedShouldErr, shouldError, "shouldError did not match expected output") - assert.Equal(t, tc.expectedErrMsg, errMsg, "errMsg did not match expected output") - assert.Equal(t, tc.expectedErrMsgSummary, expectedErrMsgSummary, "errMsgSummary did not match expected output") + diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp, tc.isDelete) + assert.Equal(t, tc.diags, diags, "diagnostics did not match expected output") }) } } From b601396df0eaac874ea29a549c15bad2f1c4ffaf Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 2 Sep 2024 17:13:31 +0100 Subject: [PATCH 05/24] minor --- .../resource.go | 10 +++--- .../resource_test.go | 33 +++++-------------- 2 files changed, 14 insertions(+), 29 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 4dc57de85f..97af39acec 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -70,7 +70,7 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso privateEndpointModel := NewTFEarPrivateEndpoint(*finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) - diags := CheckErrorMessageAndStatus(finalResp, false) + diags := CheckErrorMessageAndStatus(finalResp) resp.Diagnostics.Append(diags...) } @@ -98,7 +98,7 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) - diags := CheckErrorMessageAndStatus(endpointModel, false) + diags := CheckErrorMessageAndStatus(endpointModel) resp.Diagnostics.Append(diags...) } @@ -128,7 +128,7 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso return } - diags := CheckErrorMessageAndStatus(model, true) + diags := CheckErrorMessageAndStatus(model) resp.Diagnostics.Append(diags...) } @@ -159,7 +159,7 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint, isDelete bool) diag.Diagnostics { +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) diag.Diagnostics { var diags diag.Diagnostics switch { @@ -167,7 +167,7 @@ func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint, isDelete bool) diags = append(diags, diag.NewErrorDiagnostic(FailedStatusErrorMessageSummary, model.GetErrorMessage())) case model.GetErrorMessage() != "": diags = append(diags, diag.NewWarningDiagnostic(NonEmptyErrorMessageFieldSummary, model.GetErrorMessage())) - case model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState && !isDelete: + case model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState: diags = append(diags, diag.NewWarningDiagnostic(PendingAcceptanceWarnMsgSummary, PendingAcceptanceWarnMsg)) } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 5ae8d5a410..91636e2f24 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -114,9 +114,8 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * } type errMsgTestCase struct { - SDKResp *admin.EARPrivateEndpoint - diags diag.Diagnostics - isDelete bool + SDKResp *admin.EARPrivateEndpoint + diags diag.Diagnostics } func TestCheckErrorMessageAndStatus(t *testing.T) { @@ -128,62 +127,48 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { ErrorMessage: nil, Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), }, - isDelete: false, - diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), - }, - "FAILED status with no error_message during delete": { - SDKResp: &admin.EARPrivateEndpoint{ - ErrorMessage: nil, - Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), - }, - isDelete: true, - diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), }, "FAILED status with error_message": { SDKResp: &admin.EARPrivateEndpoint{ ErrorMessage: admin.PtrString("test err message"), Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), }, - isDelete: false, - diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "test err message")), + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "test err message")), }, "non-empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ ErrorMessage: admin.PtrString("private endpoint was rejected"), Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), }, - isDelete: false, - diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary, "private endpoint was rejected")), + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary, "private endpoint was rejected")), }, "nil error_message": { SDKResp: &admin.EARPrivateEndpoint{ ErrorMessage: nil, Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), }, - isDelete: false, - diags: defaultDiags, + diags: defaultDiags, }, "empty error_message": { SDKResp: &admin.EARPrivateEndpoint{ ErrorMessage: admin.PtrString(""), Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), }, - isDelete: false, - diags: defaultDiags, + diags: defaultDiags, }, "pending acceptance status": { SDKResp: &admin.EARPrivateEndpoint{ ErrorMessage: admin.PtrString(""), Status: admin.PtrString(retrystrategy.RetryStrategyPendingAcceptanceState), }, - isDelete: false, - diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.PendingAcceptanceWarnMsgSummary, encryptionatrestprivateendpoint.PendingAcceptanceWarnMsg)), + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.PendingAcceptanceWarnMsgSummary, encryptionatrestprivateendpoint.PendingAcceptanceWarnMsg)), }, } for testName, tc := range testCases { t.Run(testName, func(t *testing.T) { - diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp, tc.isDelete) + diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) assert.Equal(t, tc.diags, diags, "diagnostics did not match expected output") }) } From 8eadad136cef3ed9a857a84a7f1a821535aa8275 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 20:59:08 +0100 Subject: [PATCH 06/24] enable ear tests --- .github/workflows/acceptance-tests-runner.yml | 3 +- contributing/development-setup.md | 5 +- .../resource_migration_test.go | 2 +- .../service/encryptionatrest/resource_test.go | 50 +++++++++++-------- .../resource_test.go | 4 +- internal/testutil/acc/pre_check.go | 16 +++--- 6 files changed, 42 insertions(+), 38 deletions(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 136c693902..20d55e0af1 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -238,7 +238,8 @@ jobs: data_lake: - 'internal/service/datalakepipeline/*.go' encryption: - - 'internal/service/encryptionatrest/*.go' + - 'internal/service/encryptionatrest/*.go' + - 'internal/service/encryptionatrestprivateendpoint/*.go' event_trigger: - 'internal/service/eventtrigger/*.go' federated: diff --git a/contributing/development-setup.md b/contributing/development-setup.md index e01ca8a79d..9c323eee01 100644 --- a/contributing/development-setup.md +++ b/contributing/development-setup.md @@ -218,15 +218,12 @@ You must also configure the following environment variables before running the t export AZURE_CLIENT_ID= export AZURE_SUBSCRIPTION_ID= export AZURE_RESOURCE_GROUP_NAME= - export AZURE_SECRET= + export AZURE_APP_SECRET= export AZURE_KEY_VAULT_NAME= export AZURE_KEY_IDENTIFIER= export AZURE_TENANT_ID= export AZURE_DIRECTORY_ID= - export AZURE_CLIENT_ID_UPDATED= - export AZURE_RESOURCE_GROUP_NAME_UPDATED= - export AZURE_SECRET_UPDATED= export AZURE_KEY_VAULT_NAME_UPDATED= export AZURE_KEY_IDENTIFIER_UPDATED= ``` diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index 671cc702a9..df396b551c 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -121,7 +121,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } ) diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 6483155ab3..41e762edda 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -121,10 +121,10 @@ func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { } func TestAccEncryptionAtRest_basicAzure(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration + // acc.SkipTestForCI(t) // needs Azure configuration var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = acc.ProjectIDExecution(t) azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -134,7 +134,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } @@ -142,14 +142,17 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), + Enabled: conversion.Pointer(true), + // ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + // ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), + // Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } @@ -201,10 +204,11 @@ func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]stri } func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration + // acc.SkipTestForCI(t) // needs Azure configuration + // TODO: this test requires a project that has the flag enabled MONGODB_ATLAS_PROJECT_EAR_PE_ENABLED_ID var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -214,7 +218,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(true), } @@ -222,14 +226,16 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + // ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), + // Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 91636e2f24..40fb51c995 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -44,7 +44,7 @@ func basicTestCase(tb testing.TB) *resource.TestCase { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") @@ -83,7 +83,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index 92ab1e5978..15f3be18f1 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -138,12 +138,12 @@ func PreCheckEncryptionAtRestEnvAzure(tb testing.TB) { if os.Getenv("AZURE_CLIENT_ID") == "" || os.Getenv("AZURE_SUBSCRIPTION_ID") == "" || os.Getenv("AZURE_RESOURCE_GROUP_NAME") == "" || - os.Getenv("AZURE_SECRET") == "" || + os.Getenv("AZURE_APP_SECRET") == "" || os.Getenv("AZURE_KEY_VAULT_NAME") == "" || os.Getenv("AZURE_KEY_IDENTIFIER") == "" || os.Getenv("AZURE_TENANT_ID") == "" { tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', - 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_SECRET', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) + 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_APP_SECRET', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) } } @@ -151,13 +151,13 @@ func PreCheckEncryptionAtRestEnvAzureWithUpdate(tb testing.TB) { tb.Helper() PreCheckEncryptionAtRestEnvAzure(tb) - if os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || - os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || - os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || + // if os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || + // os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || + if os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED") == "" { - tb.Fatal(`'AZURE_CLIENT_ID','AZURE_CLIENT_ID_UPDATED', 'AZURE_SUBSCRIPTION_ID', - 'AZURE_RESOURCE_GROUP_NAME','AZURE_RESOURCE_GROUP_NAME_UPDATED', 'AZURE_SECRET', - 'AZURE_SECRET_UPDATED', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', 'AZURE_KEY_VAULT_NAME_UPDATED', + tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', + 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_APP_SECRET', + , 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', 'AZURE_KEY_VAULT_NAME_UPDATED', 'AZURE_KEY_IDENTIFIER_UPDATED', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) } } From 9a6102990b35f7bcc5b73f0a7141ae74e504c323 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:03:55 +0100 Subject: [PATCH 07/24] minor --- .../service/encryptionatrest/resource_test.go | 37 +++++++------------ 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 41e762edda..4b4a3e8937 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -121,8 +121,6 @@ func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { } func TestAccEncryptionAtRest_basicAzure(t *testing.T) { - // acc.SkipTestForCI(t) // needs Azure configuration - var ( projectID = acc.ProjectIDExecution(t) @@ -142,16 +140,13 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - // ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - // ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - // Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET_UPDATED")), + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), @@ -204,8 +199,6 @@ func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]stri } func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { - // acc.SkipTestForCI(t) // needs Azure configuration - // TODO: this test requires a project that has the flag enabled MONGODB_ATLAS_PROJECT_EAR_PE_ENABLED_ID var ( projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") @@ -226,15 +219,13 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - // ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - // Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET_UPDATED")), + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), From dbe74c8b0cd8f618e2b6c21ab4cf2cfd04b7dda3 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:27:58 +0100 Subject: [PATCH 08/24] update workflow --- .github/workflows/acceptance-tests-runner.yml | 23 +++++++++++++++++++ .github/workflows/acceptance-tests.yml | 7 ++++++ internal/testutil/acc/pre_check.go | 2 -- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 20d55e0af1..188a51c152 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -135,6 +135,18 @@ on: required: true azure_vnet_name_updated: required: true + azure_client_id: + required: true + azure_key_vault_name: + required: true + azure_key_identifier: + required: true + azure_key_vault_name_updated: + required: true + azure_key_identifier_updated: + required: true + azure_app_secret: + required: true env: TF_ACC: 1 @@ -516,6 +528,17 @@ jobs: env: MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} ACCTEST_PACKAGES: ./internal/service/encryptionatrest + MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ vars.mongodb_atlas_project_ear_pe_id }} + AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} + AZURE_TENANT_ID: ${{ vars.azure_tenant_id }} + AZURE_APP_SECRET: ${{ secrets.azure_app_secret }} + AZURE_KEY_VAULT_NAME: ${{ secrets.azure_key_vault_name }} + AZURE_KEY_IDENTIFIER: ${{ secrets.azure_key_identifier }} + AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }} + AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }} run: make testacc event_trigger: diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index e02fd08675..34f970f69f 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -77,6 +77,12 @@ jobs: azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azure_vnet_name: ${{ secrets.AZURE_VNET_NAME }} azure_vnet_name_updated: ${{ secrets.AZURE_VNET_NAME_UPDATED }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_key_vault_name: ${{ secrets.AZURE_KEY_VAULT_NAME }} + azure_key_identifier: ${{ secrets.AZURE_KEY_IDENTIFIER }} + azure_key_vault_name_updated: ${{ secrets.AZURE_KEY_VAULT_NAME_UPDATED }} + azure_key_identifier_updated: ${{ secrets.AZURE_KEY_IDENTIFIER_UPDATED }} + azure_app_secret: ${{ secrets.AZURE_APP_SECRET }} with: terraform_version: ${{ inputs.terraform_version || vars.TF_VERSION_LATEST }} @@ -104,3 +110,4 @@ jobs: mongodb_atlas_gov_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_ORG_ID_QA || vars.MONGODB_ATLAS_GOV_ORG_ID_DEV }} mongodb_atlas_gov_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_DEV }} mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} + mongodb_atlas_project_ear_pe_id: ${{ vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID }} diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index 15f3be18f1..1ad33e58c2 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -151,8 +151,6 @@ func PreCheckEncryptionAtRestEnvAzureWithUpdate(tb testing.TB) { tb.Helper() PreCheckEncryptionAtRestEnvAzure(tb) - // if os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || - // os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || if os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED") == "" { tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', From 12c7243af1cc76a85ab762c0f17f462de3ab73f9 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:34:33 +0100 Subject: [PATCH 09/24] minor --- internal/testutil/acc/pre_check.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index 1ad33e58c2..74e9dedff2 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -28,6 +28,16 @@ func PreCheck(tb testing.TB) { } } +func PreCheckEncryptionAtRestPrivateEndpoint(tb testing.TB) { + tb.Helper() + if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") == "" || + os.Getenv("MONGODB_ATLAS_PRIVATE_KEY") == "" || + os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") == "" || + os.Getenv("MONGODB_ATLAS_ORG_ID") == "" { + tb.Fatal("`MONGODB_ATLAS_PUBLIC_KEY`, `MONGODB_ATLAS_PRIVATE_KEY`, `MONGODB_ATLAS_PROJECT_EAR_PE_ID` and `MONGODB_ATLAS_ORG_ID` must be set for acceptance testing") + } +} + func PreCheckCert(tb testing.TB) { tb.Helper() if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") == "" || From 7750fa0ed2cbd5c5c587de6a4e5b3e7069a4be3a Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:34:47 +0100 Subject: [PATCH 10/24] minor --- internal/service/encryptionatrest/resource_test.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 4b4a3e8937..a2759e9d79 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -235,7 +235,11 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t); acc.PreCheckPreviewFlag(t) }, + PreCheck: func() { + acc.PreCheckEncryptionAtRestPrivateEndpoint(t) + acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) + acc.PreCheckPreviewFlag(t) + }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ From 241088a071e2f6dab217b9716d6a14d7dc8a6c05 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:46:16 +0100 Subject: [PATCH 11/24] fix --- .github/workflows/acceptance-tests-runner.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 188a51c152..98df3d1f24 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -530,7 +530,6 @@ jobs: ACCTEST_PACKAGES: ./internal/service/encryptionatrest MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ vars.mongodb_atlas_project_ear_pe_id }} AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} - AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }} AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} AZURE_TENANT_ID: ${{ vars.azure_tenant_id }} From d1d95cdeb81b4acf57718b562466f106600c9470 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 21:52:18 +0100 Subject: [PATCH 12/24] minor --- .github/workflows/acceptance-tests-runner.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 98df3d1f24..92b407f59b 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -86,6 +86,9 @@ on: mongodb_atlas_federated_settings_associated_domain: type: string required: true + mongodb_atlas_project_ear_pe_id: + type: string + required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: required: true @@ -528,7 +531,7 @@ jobs: env: MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} ACCTEST_PACKAGES: ./internal/service/encryptionatrest - MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ vars.mongodb_atlas_project_ear_pe_id }} + MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_project_ear_pe_id }} AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }} AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} From 3e5c7ab749c341905ebcc0b8645b1b077370bf77 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 22:05:41 +0100 Subject: [PATCH 13/24] add preview --- .github/workflows/acceptance-tests-runner.yml | 4 ++++ .github/workflows/acceptance-tests.yml | 1 + internal/service/encryptionatrest/resource_test.go | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 92b407f59b..d5337dd9a4 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -89,6 +89,9 @@ on: mongodb_atlas_project_ear_pe_id: type: string required: true + mongodb_atlas_enable_preview: + type: boolean + required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: required: true @@ -541,6 +544,7 @@ jobs: AZURE_KEY_IDENTIFIER: ${{ secrets.azure_key_identifier }} AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }} AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }} + MONGODB_ATLAS_ENABLE_PREVIEW: ${{ inputs.mongodb_atlas_enable_preview }} run: make testacc event_trigger: diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index 34f970f69f..b09280cc46 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -111,3 +111,4 @@ jobs: mongodb_atlas_gov_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_DEV }} mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} mongodb_atlas_project_ear_pe_id: ${{ vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID }} + mongodb_atlas_enable_preview: ${{ vars.MONGODB_ATLAS_ENABLE_PREVIEW }} diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index a2759e9d79..16a1e0d0dc 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -156,7 +156,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, + PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ From 442d4b323946433beea09953b50d0fd6abf8e853 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 3 Sep 2024 22:13:46 +0100 Subject: [PATCH 14/24] tmp --- .github/workflows/acceptance-tests-runner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index d5337dd9a4..d232f31143 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -90,7 +90,7 @@ on: type: string required: true mongodb_atlas_enable_preview: - type: boolean + type: string required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: From 76ca07bdd811773cb6c1372a0ffda49b56c24470 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 11:37:14 +0100 Subject: [PATCH 15/24] enable EAR azure mig tests --- .../resource_migration_test.go | 38 +++++---- .../service/encryptionatrest/resource_test.go | 79 ++++++++++++------- .../resource_test.go | 4 +- internal/testutil/acc/encryption_at_rest.go | 13 +-- 4 files changed, 83 insertions(+), 51 deletions(-) diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index df396b551c..827c4bb7a4 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -3,6 +3,7 @@ package encryptionatrest_test import ( "fmt" "os" + "strconv" "testing" "go.mongodb.org/atlas-sdk/v20240805001/admin" @@ -36,7 +37,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -47,7 +48,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -107,11 +108,9 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { } func TestMigEncryptionAtRest_basicAzure(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration - var ( resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = acc.ProjectIDExecution(t) azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -124,6 +123,17 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } + + attrMap = map[string]string{ + "enabled": strconv.FormatBool(azureKeyVault.GetEnabled()), + "azure_environment": azureKeyVault.GetAzureEnvironment(), + "resource_group_name": azureKeyVault.GetResourceGroupName(), + "key_vault_name": azureKeyVault.GetKeyVaultName(), + "client_id": azureKeyVault.GetClientID(), + "key_identifier": azureKeyVault.GetKeyIdentifier(), + "subscription_id": azureKeyVault.GetSubscriptionID(), + "tenant_id": azureKeyVault.GetTenantID(), + } ) resource.Test(t, resource.TestCase{ @@ -132,19 +142,16 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVault.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVault.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVault.GetKeyVaultName()), + testCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), ), }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -176,16 +183,17 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), ), }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -220,7 +228,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: acc.ExternalProvidersWithAWS("1.11.0"), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -231,7 +239,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 16a1e0d0dc..c07efdd159 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -69,7 +69,7 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -83,7 +83,7 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -106,20 +106,6 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { }) } -func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { - return map[string]string{ - "enabled": strconv.FormatBool(az.GetEnabled()), - "azure_environment": az.GetAzureEnvironment(), - "resource_group_name": az.GetResourceGroupName(), - "key_vault_name": az.GetKeyVaultName(), - "client_id": az.GetClientID(), - "key_identifier": az.GetKeyIdentifier(), - "subscription_id": az.GetSubscriptionID(), - "tenant_id": az.GetTenantID(), - "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), - } -} - func TestAccEncryptionAtRest_basicAzure(t *testing.T) { var ( projectID = acc.ProjectIDExecution(t) @@ -161,7 +147,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -171,7 +157,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ), }, { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -192,6 +178,20 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { }) } +func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { + return map[string]string{ + "enabled": strconv.FormatBool(az.GetEnabled()), + "azure_environment": az.GetAzureEnvironment(), + "resource_group_name": az.GetResourceGroupName(), + "key_vault_name": az.GetKeyVaultName(), + "client_id": az.GetClientID(), + "key_identifier": az.GetKeyIdentifier(), + "subscription_id": az.GetSubscriptionID(), + "tenant_id": az.GetTenantID(), + "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), + } +} + func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) @@ -199,7 +199,6 @@ func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]stri } func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { - // TODO: this test requires a project that has the flag enabled MONGODB_ATLAS_PROJECT_EAR_PE_ENABLED_ID var ( projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") @@ -244,7 +243,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -255,7 +254,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T ), }, { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -302,19 +301,33 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.enabled", "true"), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.valid", "true"), + resource.TestCheckResourceAttrSet(datasourceName, "google_cloud_kms_config.key_version_resource_id"), ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.enabled", "true"), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.valid", "true"), + resource.TestCheckResourceAttrSet(datasourceName, "google_cloud_kms_config.key_version_resource_id"), ), }, { @@ -630,8 +643,8 @@ func testAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { return nil } -func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration) string { - return fmt.Sprintf(` +func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration, useDatasource bool) string { + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = %[1]q @@ -642,13 +655,16 @@ func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admi role_id = %[5]q } } + `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId()) - %[6]s - `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId(), acc.TestAccDatasourceConfig()) + if useDatasource { + return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + } + return config } -func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS) string { - return fmt.Sprintf(` +func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS, useDatasource bool) string { + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = "%s" @@ -659,6 +675,11 @@ func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, g } } `, projectID, *google.Enabled, google.GetServiceAccountKey(), google.GetKeyVersionResourceID()) + + if useDatasource { + return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + } + return config } func testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName string, awsEar *admin.AWSKMSConfiguration) string { diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 40fb51c995..a52ad4e514 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -95,7 +95,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * CheckDestroy: checkDestroy, Steps: []resource.TestStep{ { - Config: acc.ConfigEARAzureKeyVault(projectID, azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.enabled", "true"), resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.require_private_networking", "false"), @@ -185,7 +185,7 @@ func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { } func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) string { - encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true) + encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true, true) return fmt.Sprintf(` %[1]s diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index 579ba98418..cb9b6b6e96 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -6,13 +6,13 @@ import ( "go.mongodb.org/atlas-sdk/v20240805001/admin" ) -func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking bool) string { +func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking, useDatasource bool) string { var requirePrivateNetworkingAttr string if useRequirePrivateNetworking { requirePrivateNetworkingAttr = fmt.Sprintf("require_private_networking = %t", azure.GetRequirePrivateNetworking()) } - return fmt.Sprintf(` + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = "%s" @@ -29,10 +29,13 @@ func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useReq %s } } - - %s `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), - azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr, TestAccDatasourceConfig()) + azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr) + + if useDatasource { + return fmt.Sprintf(`%s %s`, config, TestAccDatasourceConfig()) + } + return config } func TestAccDatasourceConfig() string { From dc561f9bcce525548d51220b97e5fcc67a50d687 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 11:46:01 +0100 Subject: [PATCH 16/24] enable pe tests --- .github/workflows/acceptance-tests-runner.yml | 4 ++ .github/workflows/acceptance-tests.yml | 1 + .../service/encryptionatrest/resource_test.go | 49 ++++++++++--------- .../resource_test.go | 10 ++-- 4 files changed, 34 insertions(+), 30 deletions(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 5b7fcd7da3..377f92fde6 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -92,6 +92,9 @@ on: mongodb_atlas_enable_preview: type: string required: true + azure_private_endpoint_region: + type: string + required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: required: true @@ -535,6 +538,7 @@ jobs: MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} ACCTEST_PACKAGES: ./internal/service/encryptionatrest MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_project_ear_pe_id }} + AZURE_PRIVATE_ENDPOINT_REGION: ${{ inputs.azure_private_endpoint_region }} AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }} AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index b09280cc46..cea0b12b67 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -112,3 +112,4 @@ jobs: mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} mongodb_atlas_project_ear_pe_id: ${{ vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID }} mongodb_atlas_enable_preview: ${{ vars.MONGODB_ATLAS_ENABLE_PREVIEW }} + azure_private_endpoint_region: ${{ vars.AZURE_PRIVATE_ENDPOINT_REGION }} diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index b11d3fca95..589b0fd5e3 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -8,18 +8,19 @@ import ( "strconv" "testing" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" + "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "go.mongodb.org/atlas-sdk/v20240805003/admin" - "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" ) const ( @@ -177,26 +178,6 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { }) } -func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { - return map[string]string{ - "enabled": strconv.FormatBool(az.GetEnabled()), - "azure_environment": az.GetAzureEnvironment(), - "resource_group_name": az.GetResourceGroupName(), - "key_vault_name": az.GetKeyVaultName(), - "client_id": az.GetClientID(), - "key_identifier": az.GetKeyIdentifier(), - "subscription_id": az.GetSubscriptionID(), - "tenant_id": az.GetTenantID(), - "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), - } -} - -func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { - checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) - - return resource.ComposeAggregateTestCheckFunc(checks...) -} - func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { var ( projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") @@ -275,6 +256,26 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T }) } +func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { + return map[string]string{ + "enabled": strconv.FormatBool(az.GetEnabled()), + "azure_environment": az.GetAzureEnvironment(), + "resource_group_name": az.GetResourceGroupName(), + "key_vault_name": az.GetKeyVaultName(), + "client_id": az.GetClientID(), + "key_identifier": az.GetKeyIdentifier(), + "subscription_id": az.GetSubscriptionID(), + "tenant_id": az.GetTenantID(), + "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), + } +} + +func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { + checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) + + return resource.ComposeAggregateTestCheckFunc(checks...) +} + func TestAccEncryptionAtRest_basicGCP(t *testing.T) { acc.SkipTestForCI(t) // needs GCP configuration diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index f9dee7ac37..cfda1e155f 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -27,14 +27,13 @@ const ( ) func TestAccEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { - resource.ParallelTest(t, *basicTestCase(t)) + resource.Test(t, *basicTestCase(t)) } func basicTestCase(tb testing.TB) *resource.TestCase { tb.Helper() - acc.SkipTestForCI(tb) // needs Azure configuration var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") azureKeyVault = &admin.AzureKeyVault{ Enabled: conversion.Pointer(true), RequirePrivateNetworking: conversion.Pointer(true), @@ -71,9 +70,8 @@ func basicTestCase(tb testing.TB) *resource.TestCase { } func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") azureKeyVault = &admin.AzureKeyVault{ Enabled: conversion.Pointer(true), RequirePrivateNetworking: conversion.Pointer(true), @@ -89,7 +87,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") ) - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: checkDestroy, From 175984ee0b5c2a7359854a66dfe5866a81dbc73f Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 11:56:13 +0100 Subject: [PATCH 17/24] minor --- internal/service/encryptionatrest/resource_migration_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index fec896d9b7..7033dfb468 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -6,13 +6,14 @@ import ( "strconv" "testing" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" - "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestMigEncryptionAtRest_basicAWS(t *testing.T) { @@ -136,7 +137,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { ) resource.Test(t, resource.TestCase{ - PreCheck: func() { mig.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, + PreCheck: func() { mig.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { From 3d30f0004bf6fee0d8391e506b88e53883a74e64 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 12:12:10 +0100 Subject: [PATCH 18/24] minor --- .github/workflows/acceptance-tests-runner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 377f92fde6..32e76b2683 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -260,7 +260,7 @@ jobs: - 'internal/service/datalakepipeline/*.go' encryption: - 'internal/service/encryptionatrest/*.go' - - 'internal/service/encryptionatrestprivateendpoint/*.go' + - 'internal/service/encryptionatrestprivateendpoint/*.go' event_trigger: - 'internal/service/eventtrigger/*.go' federated: From 88331ec748b4060b3ea79861fe5ffcebd05d7c1c Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 12:15:10 +0100 Subject: [PATCH 19/24] ear pe --- .github/workflows/acceptance-tests-runner.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 32e76b2683..72a5f7bffa 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -536,7 +536,9 @@ jobs: - name: Acceptance Tests env: MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} - ACCTEST_PACKAGES: ./internal/service/encryptionatrest + ACCTEST_PACKAGES: | + ./internal/service/encryptionatrest + ./internal/service/encryptionatrestprivateendpoint MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_project_ear_pe_id }} AZURE_PRIVATE_ENDPOINT_REGION: ${{ inputs.azure_private_endpoint_region }} AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} From ffcde2a39d711afd15c6a7a3118a5d27ce244710 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 12:22:43 +0100 Subject: [PATCH 20/24] minor --- .../service/encryptionatrestprivateendpoint/resource_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index cfda1e155f..dddecbc440 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -50,7 +50,7 @@ func basicTestCase(tb testing.TB) *resource.TestCase { ) return &resource.TestCase{ - PreCheck: func() { acc.PreCheck(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) }, + PreCheck: func() { acc.PreCheckBasic(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: checkDestroy, Steps: []resource.TestStep{ @@ -88,7 +88,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, + PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: checkDestroy, Steps: []resource.TestStep{ From 0b419052a2220687319fc96cf77d3eb9069a7cba Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 14:51:53 +0100 Subject: [PATCH 21/24] tmp --- .github/workflows/acceptance-tests-runner.yml | 2 +- GNUmakefile | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 72a5f7bffa..2546073510 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -551,7 +551,7 @@ jobs: AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }} AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }} MONGODB_ATLAS_ENABLE_PREVIEW: ${{ inputs.mongodb_atlas_enable_preview }} - run: make testacc + run: make testaccsequential event_trigger: needs: [ change-detection, get-provider-version ] diff --git a/GNUmakefile b/GNUmakefile index d8739af884..882a0a64f6 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -46,6 +46,11 @@ testacc: fmtcheck @$(eval VERSION=acc) TF_ACC=1 go test $(ACCTEST_PACKAGES) -run '$(ACCTEST_REGEX_RUN)' -v -parallel $(PARALLEL_GO_TEST) $(TESTARGS) -timeout $(ACCTEST_TIMEOUT) -ldflags="$(LINKER_FLAGS)" +.PHONY: testaccsequential +testacc: fmtcheck + @$(eval VERSION=acc) + TF_ACC=1 go test $(ACCTEST_PACKAGES) -run '$(ACCTEST_REGEX_RUN)' -v -parallel 1 $(TESTARGS) -timeout $(ACCTEST_TIMEOUT) -ldflags="$(LINKER_FLAGS)" + .PHONY: testaccgov testaccgov: fmtcheck @$(eval VERSION=acc) From cbb97a171ab7983c5eca3d0b6913c7b886f00ca9 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 15:13:30 +0100 Subject: [PATCH 22/24] move ear test --- .github/workflows/acceptance-tests-runner.yml | 2 +- GNUmakefile | 5 - .../resource_migration_test.go | 22 +- .../service/encryptionatrest/resource_test.go | 192 +++--------------- .../resource_test.go | 79 +++++++ internal/testutil/acc/encryption_at_rest.go | 69 +++++++ 6 files changed, 184 insertions(+), 185 deletions(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 2546073510..72a5f7bffa 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -551,7 +551,7 @@ jobs: AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }} AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }} MONGODB_ATLAS_ENABLE_PREVIEW: ${{ inputs.mongodb_atlas_enable_preview }} - run: make testaccsequential + run: make testacc event_trigger: needs: [ change-detection, get-provider-version ] diff --git a/GNUmakefile b/GNUmakefile index 882a0a64f6..d8739af884 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -46,11 +46,6 @@ testacc: fmtcheck @$(eval VERSION=acc) TF_ACC=1 go test $(ACCTEST_PACKAGES) -run '$(ACCTEST_REGEX_RUN)' -v -parallel $(PARALLEL_GO_TEST) $(TESTARGS) -timeout $(ACCTEST_TIMEOUT) -ldflags="$(LINKER_FLAGS)" -.PHONY: testaccsequential -testacc: fmtcheck - @$(eval VERSION=acc) - TF_ACC=1 go test $(ACCTEST_PACKAGES) -run '$(ACCTEST_REGEX_RUN)' -v -parallel 1 $(TESTARGS) -timeout $(ACCTEST_TIMEOUT) -ldflags="$(LINKER_FLAGS)" - .PHONY: testaccgov testaccgov: fmtcheck @$(eval VERSION=acc) diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index 7033dfb468..befa429c35 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -33,13 +33,13 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -80,7 +80,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProvidersWithAWS(), @@ -91,7 +91,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -138,15 +138,15 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), ), }, { @@ -179,13 +179,13 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckGPCEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), @@ -224,13 +224,13 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: acc.ExternalProvidersWithAWS("1.11.0"), Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 589b0fd5e3..1510a0a424 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "os" - "strconv" "testing" "go.mongodb.org/atlas-sdk/v20240805003/admin" @@ -13,7 +12,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -66,39 +64,39 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), ), }, { Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -123,7 +121,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -138,37 +136,37 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API @@ -178,104 +176,6 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { }) } -func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { - var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") - - azureKeyVault = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), - RequirePrivateNetworking: conversion.Pointer(true), - } - - azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) - - azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), - RequirePrivateNetworking: conversion.Pointer(false), - } - - azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) - ) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { - acc.PreCheckEncryptionAtRestPrivateEndpoint(t) - acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) - acc.PreCheckPreviewFlag(t) - }, - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, - Steps: []resource.TestStep{ - { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true, true), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), - - resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), - ), - }, - { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true, true), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), - - resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), - ), - }, - { - ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), - ImportState: true, - ImportStateVerify: true, - // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API - ImportStateVerifyIgnore: []string{"azure_key_vault_config.0.secret"}, - }, - }, - }) -} - -func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { - return map[string]string{ - "enabled": strconv.FormatBool(az.GetEnabled()), - "azure_environment": az.GetAzureEnvironment(), - "resource_group_name": az.GetResourceGroupName(), - "key_vault_name": az.GetKeyVaultName(), - "client_id": az.GetClientID(), - "key_identifier": az.GetKeyIdentifier(), - "subscription_id": az.GetSubscriptionID(), - "tenant_id": az.GetTenantID(), - "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), - } -} - -func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { - checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) - - return resource.ComposeAggregateTestCheckFunc(checks...) -} - func TestAccEncryptionAtRest_basicGCP(t *testing.T) { acc.SkipTestForCI(t) // needs GCP configuration @@ -298,12 +198,12 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckGPCEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), @@ -318,7 +218,7 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { { Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), @@ -332,7 +232,7 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "google_cloud_kms_config.0.service_account_key" is a sensitive value not returned by the API @@ -360,14 +260,14 @@ func TestAccEncryptionAtRestWithRole_basicAWS(t *testing.T) { PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ExternalProviders: acc.ExternalProvidersOnlyAWS(), ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -610,39 +510,6 @@ func TestResourceMongoDBAtlasEncryptionAtRestCreateRefreshFunc(t *testing.T) { } } -func testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("not found: %s", resourceName) - } - if rs.Primary.ID == "" { - return fmt.Errorf("no ID is set") - } - if _, _, err := acc.ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute(); err == nil { - return nil - } - return fmt.Errorf("encryptionAtRest (%s) does not exist", rs.Primary.ID) - } -} - -func testAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { - for _, rs := range s.RootModule().Resources { - if rs.Type != "mongodbatlas_encryption_at_rest" { - continue - } - res, _, err := acc.ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute() - if err != nil || - (*res.AwsKms.Enabled != false && - *res.AzureKeyVault.Enabled != false && - *res.GoogleCloudKms.Enabled != false) { - return fmt.Errorf("encryptionAtRest (%s) still exists: err: %s", rs.Primary.ID, err) - } - } - - return nil -} - func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration, useDatasource bool) string { config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { @@ -768,14 +635,3 @@ resource "mongodbatlas_encryption_at_rest" "test" { } `, awsEar.GetEnabled(), awsEar.GetRegion(), awsEar.GetCustomerMasterKeyID()) } - -func testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { - return func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("not found: %s", resourceName) - } - - return rs.Primary.ID, nil - } -} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index dddecbc440..b379839f75 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -24,6 +24,7 @@ const ( dataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoint.test" pluralDataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoints.test" earResourceName = "mongodbatlas_encryption_at_rest.test" + earDatasourceName = "data.mongodbatlas_encryption_at_rest.test" ) func TestAccEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { @@ -111,6 +112,84 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * }) } +func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { + var ( + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") + + azureKeyVault = admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(true), + } + + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) + + azureKeyVaultUpdated = admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(false), + } + + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + acc.PreCheckEncryptionAtRestPrivateEndpoint(t) + acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) + acc.PreCheckPreviewFlag(t) + }, + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + Steps: []resource.TestStep{ + { + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true, true), + Check: resource.ComposeAggregateTestCheckFunc( + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + + resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + ), + }, + { + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true, true), + Check: resource.ComposeAggregateTestCheckFunc( + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + + resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), + ), + }, + { + ResourceName: earResourceName, + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(earResourceName), + ImportState: true, + ImportStateVerify: true, + // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API + ImportStateVerifyIgnore: []string{"azure_key_vault_config.0.secret"}, + }, + }, + }) +} + type errMsgTestCase struct { SDKResp *admin.EARPrivateEndpoint diags diag.Diagnostics diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index 46a2f70177..7ae6a712e2 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -1,9 +1,14 @@ package acc import ( + "context" "fmt" + "strconv" "go.mongodb.org/atlas-sdk/v20240805003/admin" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/terraform" ) func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking, useDatasource bool) string { @@ -43,3 +48,67 @@ func TestAccDatasourceConfig() string { project_id = mongodbatlas_encryption_at_rest.test.project_id }` } + +func TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("not found: %s", resourceName) + } + if rs.Primary.ID == "" { + return fmt.Errorf("no ID is set") + } + if _, _, err := ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute(); err == nil { + return nil + } + return fmt.Errorf("encryptionAtRest (%s) does not exist", rs.Primary.ID) + } +} + +func ConvertToAzureKeyVaultEncryptionAtRestAttrMap(az *admin.AzureKeyVault) map[string]string { + return map[string]string{ + "enabled": strconv.FormatBool(az.GetEnabled()), + "azure_environment": az.GetAzureEnvironment(), + "resource_group_name": az.GetResourceGroupName(), + "key_vault_name": az.GetKeyVaultName(), + "client_id": az.GetClientID(), + "key_identifier": az.GetKeyIdentifier(), + "subscription_id": az.GetSubscriptionID(), + "tenant_id": az.GetTenantID(), + "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), + } +} + +func TestEncryptionAtRestCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { + checks := AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) + + return resource.ComposeAggregateTestCheckFunc(checks...) +} + +func TestAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "mongodbatlas_encryption_at_rest" { + continue + } + res, _, err := ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute() + if err != nil || + (*res.AwsKms.Enabled != false && + *res.AzureKeyVault.Enabled != false && + *res.GoogleCloudKms.Enabled != false) { + return fmt.Errorf("encryptionAtRest (%s) still exists: err: %s", rs.Primary.ID, err) + } + } + + return nil +} + +func TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("not found: %s", resourceName) + } + + return rs.Primary.ID, nil + } +} From db06804e2797ff728327db956f71f236c5df446e Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Wed, 4 Sep 2024 15:20:51 +0100 Subject: [PATCH 23/24] lint fix --- internal/testutil/acc/encryption_at_rest.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index 7ae6a712e2..ae0aa1e400 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -92,9 +92,9 @@ func TestAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { } res, _, err := ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute() if err != nil || - (*res.AwsKms.Enabled != false && - *res.AzureKeyVault.Enabled != false && - *res.GoogleCloudKms.Enabled != false) { + (res.AwsKms.GetEnabled() || + res.AzureKeyVault.GetEnabled() || + res.GoogleCloudKms.GetEnabled()) { return fmt.Errorf("encryptionAtRest (%s) still exists: err: %s", rs.Primary.ID, err) } } From 1e75193eba69927e40559153bf68925956d5db63 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Thu, 5 Sep 2024 09:37:03 +0100 Subject: [PATCH 24/24] update QA var --- .github/workflows/acceptance-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index cea0b12b67..e15be2a2c4 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -110,6 +110,6 @@ jobs: mongodb_atlas_gov_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_ORG_ID_QA || vars.MONGODB_ATLAS_GOV_ORG_ID_DEV }} mongodb_atlas_gov_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_DEV }} mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} - mongodb_atlas_project_ear_pe_id: ${{ vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID }} + mongodb_atlas_project_ear_pe_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID_QA || vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID_DEV }} mongodb_atlas_enable_preview: ${{ vars.MONGODB_ATLAS_ENABLE_PREVIEW }} azure_private_endpoint_region: ${{ vars.AZURE_PRIVATE_ENDPOINT_REGION }}