Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Enables mongodbatlas_encryption_at_rest (Azure) tests to run in CI #2551

Merged
merged 27 commits into from
Sep 5, 2024
Merged

chore: Enables mongodbatlas_encryption_at_rest (Azure) tests to run in CI #2551

Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
fd8ba27
add error message handling & unit test
maastha Sep 2, 2024
fab4d75
Merge branch 'CLOUDP-246459-ear-kms-dev' into CLOUDP-270958-handle-er…
maastha Sep 2, 2024
4bd71a8
minor
maastha Sep 2, 2024
4687f74
lint fix
maastha Sep 2, 2024
e525d5a
update logic
maastha Sep 2, 2024
b601396
minor
maastha Sep 2, 2024
8eadad1
enable ear tests
maastha Sep 3, 2024
87f4d81
Merge branch 'CLOUDP-246459-ear-kms-dev' into CLOUDP-267663-enable-ea…
maastha Sep 3, 2024
9a61029
minor
maastha Sep 3, 2024
dbe74c8
update workflow
maastha Sep 3, 2024
12c7243
minor
maastha Sep 3, 2024
7750fa0
minor
maastha Sep 3, 2024
241088a
fix
maastha Sep 3, 2024
d1d95cd
minor
maastha Sep 3, 2024
3e5c7ab
add preview
maastha Sep 3, 2024
442d4b3
tmp
maastha Sep 3, 2024
76ca07b
enable EAR azure mig tests
maastha Sep 4, 2024
a9fa82b
Merge branch 'CLOUDP-246459-ear-kms-dev' into CLOUDP-267663-enable-ea…
maastha Sep 4, 2024
dc561f9
enable pe tests
maastha Sep 4, 2024
175984e
minor
maastha Sep 4, 2024
3d30f00
minor
maastha Sep 4, 2024
88331ec
ear pe
maastha Sep 4, 2024
ffcde2a
minor
maastha Sep 4, 2024
0b41905
tmp
maastha Sep 4, 2024
cbb97a1
move ear test
maastha Sep 4, 2024
db06804
lint fix
maastha Sep 4, 2024
1e75193
update QA var
maastha Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 38 additions & 2 deletions .github/workflows/acceptance-tests-runner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,15 @@ on:
mongodb_atlas_federated_settings_associated_domain:
type: string
required: true
mongodb_atlas_project_ear_pe_id:
type: string
required: true
mongodb_atlas_enable_preview:
type: string
required: true
azure_private_endpoint_region:
type: string
required: true
secrets: # all secrets are passed explicitly in this workflow
mongodb_atlas_public_key:
required: true
Expand Down Expand Up @@ -135,6 +144,18 @@ on:
required: true
azure_vnet_name_updated:
required: true
azure_client_id:
required: true
azure_key_vault_name:
required: true
azure_key_identifier:
required: true
azure_key_vault_name_updated:
required: true
azure_key_identifier_updated:
required: true
azure_app_secret:
required: true

env:
TF_ACC: 1
Expand Down Expand Up @@ -238,7 +259,8 @@ jobs:
data_lake:
- 'internal/service/datalakepipeline/*.go'
encryption:
- 'internal/service/encryptionatrest/*.go'
- 'internal/service/encryptionatrest/*.go'
- 'internal/service/encryptionatrestprivateendpoint/*.go'
event_trigger:
- 'internal/service/eventtrigger/*.go'
federated:
Expand Down Expand Up @@ -514,7 +536,21 @@ jobs:
- name: Acceptance Tests
env:
MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
ACCTEST_PACKAGES: ./internal/service/encryptionatrest
ACCTEST_PACKAGES: |
./internal/service/encryptionatrest
./internal/service/encryptionatrestprivateendpoint
MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_project_ear_pe_id }}
AZURE_PRIVATE_ENDPOINT_REGION: ${{ inputs.azure_private_endpoint_region }}
AZURE_CLIENT_ID: ${{ secrets.azure_client_id }}
AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }}
AZURE_TENANT_ID: ${{ vars.azure_tenant_id }}
AZURE_APP_SECRET: ${{ secrets.azure_app_secret }}
AZURE_KEY_VAULT_NAME: ${{ secrets.azure_key_vault_name }}
AZURE_KEY_IDENTIFIER: ${{ secrets.azure_key_identifier }}
AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }}
AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }}
MONGODB_ATLAS_ENABLE_PREVIEW: ${{ inputs.mongodb_atlas_enable_preview }}
run: make testacc

event_trigger:
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/acceptance-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ jobs:
azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azure_vnet_name: ${{ secrets.AZURE_VNET_NAME }}
azure_vnet_name_updated: ${{ secrets.AZURE_VNET_NAME_UPDATED }}
azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
azure_key_vault_name: ${{ secrets.AZURE_KEY_VAULT_NAME }}
azure_key_identifier: ${{ secrets.AZURE_KEY_IDENTIFIER }}
azure_key_vault_name_updated: ${{ secrets.AZURE_KEY_VAULT_NAME_UPDATED }}
azure_key_identifier_updated: ${{ secrets.AZURE_KEY_IDENTIFIER_UPDATED }}
azure_app_secret: ${{ secrets.AZURE_APP_SECRET }}

with:
terraform_version: ${{ inputs.terraform_version || vars.TF_VERSION_LATEST }}
Expand Down Expand Up @@ -104,3 +110,6 @@ jobs:
mongodb_atlas_gov_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_ORG_ID_QA || vars.MONGODB_ATLAS_GOV_ORG_ID_DEV }}
mongodb_atlas_gov_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_DEV }}
mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }}
mongodb_atlas_project_ear_pe_id: ${{ vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will likely need to create another project in QA with the FF enabled, after this adjustment we can to a run of the test group in QA to make sure we already support this correctly.

mongodb_atlas_enable_preview: ${{ vars.MONGODB_ATLAS_ENABLE_PREVIEW }}
azure_private_endpoint_region: ${{ vars.AZURE_PRIVATE_ENDPOINT_REGION }}
5 changes: 1 addition & 4 deletions contributing/development-setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,15 +218,12 @@ You must also configure the following environment variables before running the t
export AZURE_CLIENT_ID=<YOUR_CLIENT_ID>
export AZURE_SUBSCRIPTION_ID=<YOUR_SUBSCRIPTION_ID>
export AZURE_RESOURCE_GROUP_NAME=<YOUR_RESOURCE_GROUP_NAME>
export AZURE_SECRET=<YOUR_SECRET>
export AZURE_APP_SECRET=<YOUR_SECRET>
export AZURE_KEY_VAULT_NAME=<YOUR_KEY_VAULT_NAME>
export AZURE_KEY_IDENTIFIER=<YOUR_KEY_IDENTIFIER>
export AZURE_TENANT_ID=<YOUR_TENANT_ID>
export AZURE_DIRECTORY_ID=<YOUR_DIRECTORY_ID>

export AZURE_CLIENT_ID_UPDATED=<YOUR_CLIENT_ID_UPDATED>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no longer being used

export AZURE_RESOURCE_GROUP_NAME_UPDATED=<YOUR_RESOURCE_GROUP_NAME_UPDATED>
export AZURE_SECRET_UPDATED=<YOUR_SECRET_UPDATED>
export AZURE_KEY_VAULT_NAME_UPDATED=<YOUR_KEY_VAULT_NAME_UPDATED>
export AZURE_KEY_IDENTIFIER_UPDATED=<YOUR_KEY_IDENTIFIER_UPDATED>
```
Expand Down
45 changes: 27 additions & 18 deletions internal/service/encryptionatrest/resource_migration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,17 @@ package encryptionatrest_test
import (
"fmt"
"os"
"strconv"
"testing"

"go.mongodb.org/atlas-sdk/v20240805003/admin"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/plancheck"

"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
"github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc"
"github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig"
"go.mongodb.org/atlas-sdk/v20240805003/admin"
)

func TestMigEncryptionAtRest_basicAWS(t *testing.T) {
Expand All @@ -35,7 +37,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) {
Steps: []resource.TestStep{
{
ExternalProviders: mig.ExternalProviders(),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
Expand All @@ -46,7 +48,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) {
},
{
ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false),
ConfigPlanChecks: resource.ConfigPlanChecks{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we better use mig.TestStepCheckEmptyPlan ?

PreApply: []plancheck.PlanCheck{
acc.DebugPlan(),
Expand Down Expand Up @@ -106,11 +108,9 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) {
}

func TestMigEncryptionAtRest_basicAzure(t *testing.T) {
acc.SkipTestForCI(t) // needs Azure configuration

var (
resourceName = "mongodbatlas_encryption_at_rest.test"
projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID")
projectID = acc.ProjectIDExecution(t)

azureKeyVault = admin.AzureKeyVault{
Enabled: conversion.Pointer(true),
Expand All @@ -120,30 +120,38 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) {
ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")),
KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")),
KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")),
Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")),
Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")),
TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")),
}

attrMap = map[string]string{
"enabled": strconv.FormatBool(azureKeyVault.GetEnabled()),
"azure_environment": azureKeyVault.GetAzureEnvironment(),
"resource_group_name": azureKeyVault.GetResourceGroupName(),
"key_vault_name": azureKeyVault.GetKeyVaultName(),
"client_id": azureKeyVault.GetClientID(),
"key_identifier": azureKeyVault.GetKeyIdentifier(),
"subscription_id": azureKeyVault.GetSubscriptionID(),
"tenant_id": azureKeyVault.GetTenantID(),
}
)

resource.Test(t, resource.TestCase{
PreCheck: func() { mig.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t) },
PreCheck: func() { mig.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) },
CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy,
Steps: []resource.TestStep{
{
ExternalProviders: mig.ExternalProviders(),
Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false),
Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), // not using data source as it was introduced in 1.19.0
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chose to not use data source for migration tests instead of skipping the tests for lower versions

Copy link
Member

@lantoli lantoli Sep 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mig.IsProviderVersionAtLeast can be used instead of directly false, you can look for some examples in the code

Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"),
resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVault.GetAzureEnvironment()),
resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVault.GetResourceGroupName()),
resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVault.GetKeyVaultName()),
testCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap),
),
},
{
ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false),
Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false),
ConfigPlanChecks: resource.ConfigPlanChecks{
PreApply: []plancheck.PlanCheck{
acc.DebugPlan(),
Expand Down Expand Up @@ -175,16 +183,17 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) {
Steps: []resource.TestStep{
{
ExternalProviders: mig.ExternalProviders(),
Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), // not using data source as it was introduced in 1.19.0
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"),
resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"),
),
},
{
ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false),
ConfigPlanChecks: resource.ConfigPlanChecks{
PreApply: []plancheck.PlanCheck{
acc.DebugPlan(),
Expand Down Expand Up @@ -219,7 +228,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) {
Steps: []resource.TestStep{
{
ExternalProviders: acc.ExternalProvidersWithAWS("1.11.0"),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
Expand All @@ -230,7 +239,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) {
},
{
ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms),
Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false),
ConfigPlanChecks: resource.ConfigPlanChecks{
PreApply: []plancheck.PlanCheck{
acc.DebugPlan(),
Expand Down
Loading
Loading