From e99420de7ec02b133fd2468ea8fafdfca897ca03 Mon Sep 17 00:00:00 2001 From: Aayush-Abhyarthi <122350533+Aayush-Abhyarthi@users.noreply.github.com> Date: Wed, 18 Dec 2024 18:31:08 +0530 Subject: [PATCH] fix: added extra KMS validation logic (#223) --- common-dev-assets | 2 +- main.tf | 2 + tests/pr_test.go | 97 ++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 95 insertions(+), 6 deletions(-) diff --git a/common-dev-assets b/common-dev-assets index 5f5fd35..4cda4ee 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 5f5fd3547299157221d8e11a32ee821bfc59e459 +Subproject commit 4cda4eeaaf59c970b973f2a7cf7e08a612a9f88d diff --git a/main.tf b/main.tf index 1d0719b..21120bb 100644 --- a/main.tf +++ b/main.tf @@ -62,6 +62,8 @@ locals { # tflint-ignore: terraform_unused_declarations validate_encryption_inputs = var.enable_cos_kms_encryption && (var.cos_kms_crn == null || var.cos_kms_crn == "") ? tobool("A value must be passed for 'cos_kms_crn' when 'enable_cos_kms_encryption' is set to true") : true + # tflint-ignore: terraform_unused_declarations + validate_enable_cos_kms_encryption = (var.cos_kms_crn != null || var.cos_kms_key_crn != null) && var.enable_cos_kms_encryption == false ? tobool("If a value for 'cos_kms_crn' or 'cos_kms_key_crn' is passed then 'enable_cos_kms_encryption' must be set to true") : true } data "ibm_iam_auth_token" "restapi" { diff --git a/tests/pr_test.go b/tests/pr_test.go index edf128c..f1b096a 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -152,11 +152,12 @@ func TestWithExistingKP(t *testing.T) { }, }, TerraformVars: map[string]interface{}{ - "location": validRegions[rand.Intn(len(validRegions))], - "resource_group_name": prefix, - "provider_visibility": "public", - "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"), - "cos_kms_key_crn": terraform.Output(t, existingTerraformOptions, "kms_key_crn"), + "location": validRegions[rand.Intn(len(validRegions))], + "resource_group_name": prefix, + "provider_visibility": "public", + "enable_cos_kms_encryption": true, + "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"), + "cos_kms_key_crn": terraform.Output(t, existingTerraformOptions, "kms_key_crn"), }, }) @@ -178,3 +179,89 @@ func TestWithExistingKP(t *testing.T) { } } + +func TestRunUpgradeExistingKP(t *testing.T) { + t.Parallel() + + // ------------------------------------------------------------------------------------ + // Provision KP first + // ------------------------------------------------------------------------------------ + + prefix := fmt.Sprintf("kp-ut-%s", strings.ToLower(random.UniqueId())) + realTerraformDir := "./resources/kp-instance" + tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) + region := "us-south" + + // Verify ibmcloud_api_key variable is set + checkVariable := "TF_VAR_ibmcloud_api_key" + val, present := os.LookupEnv(checkVariable) + require.True(t, present, checkVariable+" environment variable not set") + require.NotEqual(t, "", val, checkVariable+" environment variable is empty") + + logger.Log(t, "Tempdir: ", tempTerraformDir) + existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: tempTerraformDir, + Vars: map[string]interface{}{ + "prefix": prefix, + "region": region, + }, + // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. + // This is the same as setting the -upgrade=true flag with terraform. + Upgrade: true, + }) + + terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) + _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) + if existErr != nil { + assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed") + } else { + + // ------------------------------------------------------------------------------------ + // Upgrade test for watsonx DA passing in existing KP details + // ------------------------------------------------------------------------------------ + + options := testhelper.TestOptionsDefault(&testhelper.TestOptions{ + Testing: t, + TerraformDir: rootDaDir, + Prefix: "existing-kp-upg", + IgnoreDestroys: testhelper.Exemptions{ // Ignore for consistency check + List: []string{ + "module.configure_user.null_resource.configure_user", + "module.configure_user.null_resource.restrict_access", + }, + }, + IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check + List: []string{ + "module.configure_user.null_resource.configure_user", + "module.configure_user.null_resource.restrict_access", + }, + }, + TerraformVars: map[string]interface{}{ + "location": validRegions[rand.Intn(len(validRegions))], + "resource_group_name": prefix, + "provider_visibility": "public", + "enable_cos_kms_encryption": true, + "cos_kms_crn": terraform.Output(t, existingTerraformOptions, "key_protect_crn"), + }, + }) + + output, err := options.RunTestUpgrade() + if !options.UpgradeTestSkipped { + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") + } + } + + // Check if "DO_NOT_DESTROY_ON_FAILURE" is set + envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") + // Destroy the temporary existing resources if required + if t.Failed() && strings.ToLower(envVal) == "true" { + fmt.Println("Terratest failed. Debug the test and delete resources manually.") + } else { + logger.Log(t, "START: Destroy (existing resources)") + terraform.Destroy(t, existingTerraformOptions) + terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) + logger.Log(t, "END: Destroy (existing resources)") + } + +}