From cf9702987aeb7a42a033f90adf3f871249c4044e Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 16:27:49 +0530 Subject: [PATCH 01/24] enable vault acceptance tests --- .../resource_vault_cluster_perf_replication_test.go | 2 +- internal/providersdkv2/resource_vault_cluster_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 6829abb78..082d13096 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -50,7 +50,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT } func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { - t.Skip("Error:http is not enabled as an observability provider") + // t.Skip("Error:http is not enabled as an observability provider") t.Parallel() awsPerfReplicationTestInput := &inputT{ diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 68b2f3531..59d8c4d28 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -73,7 +73,7 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { - t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") + // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") awsTestInput := inputT{ VaultClusterName: addTimestampSuffix("test-vault-aws-"), From 29d0569f5f4a8e95620caea5518f5a64636c17ce Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 18:02:48 +0530 Subject: [PATCH 02/24] . --- .../resource_vault_cluster_perf_replication_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 082d13096..1ab3d36dd 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -51,6 +51,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") + // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int t.Parallel() awsPerfReplicationTestInput := &inputT{ From 22d1e81998ca6bfb990a0d2308846cb9875ff28e Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 19:49:05 +0530 Subject: [PATCH 03/24] . --- .../resource_vault_cluster_perf_replication_test.go | 2 +- internal/providersdkv2/resource_vault_cluster_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 1ab3d36dd..296f13681 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -217,7 +217,7 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), --chirag resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 59d8c4d28..26ae1a8c8 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -168,7 +168,7 @@ func awsTestSteps(t *testing.T, inp inputT) []resource.TestStep { tfApply(t, in), testTFDataSources(t, in), updateClusterTier(t, in), - updateNetworkObservabilityAndMVU(t, in), + // updateNetworkObservabilityAndMVU(t, in), //--chirag updateTierNetworkAndRemoveObservability(t, in), } } @@ -315,7 +315,7 @@ func updateNetworkObservabilityAndMVU(t *testing.T, in *inputT) resource.TestSte Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier1)), Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "ENABLED"), resource.TestCheckTypeSetElemNestedAttrs(in.VaultClusterResourceName, "ip_allowlist.*", map[string]string{ "address": "172.25.14.0/24", From a793cb4c667d95f4cf476a13de7975be05c54b39 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 21:44:29 +0530 Subject: [PATCH 04/24] . --- .../resource_vault_cluster_perf_replication_test.go | 4 ++-- internal/providersdkv2/resource_vault_cluster_test.go | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 296f13681..9e115a0cb 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -218,8 +218,8 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), --chirag - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), }, { diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 26ae1a8c8..d779f5827 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -73,6 +73,7 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { + t.Parallel() // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") awsTestInput := inputT{ @@ -168,7 +169,7 @@ func awsTestSteps(t *testing.T, inp inputT) []resource.TestStep { tfApply(t, in), testTFDataSources(t, in), updateClusterTier(t, in), - // updateNetworkObservabilityAndMVU(t, in), //--chirag + updateNetworkObservabilityAndMVU(t, in), updateTierNetworkAndRemoveObservability(t, in), } } @@ -346,7 +347,7 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "TRUE"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), From d7af2341c87f24d2fa72aa7a1531f8c27f3325fb Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 22:34:09 +0530 Subject: [PATCH 05/24] . --- .../resource_vault_cluster_perf_replication_test.go | 2 +- internal/providersdkv2/resource_vault_cluster_test.go | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 9e115a0cb..e4af94403 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -52,7 +52,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int - t.Parallel() + // t.Parallel() awsPerfReplicationTestInput := &inputT{ HvnName: addTimestampSuffix("test-perf-hvn-1-"), diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index d779f5827..375bf45a3 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -73,7 +73,6 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { - t.Parallel() // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") awsTestInput := inputT{ @@ -316,7 +315,7 @@ func updateNetworkObservabilityAndMVU(t *testing.T, in *inputT) resource.TestSte Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier1)), Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "ENABLED"), resource.TestCheckTypeSetElemNestedAttrs(in.VaultClusterResourceName, "ip_allowlist.*", map[string]string{ "address": "172.25.14.0/24", @@ -347,7 +346,7 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "TRUE"), + // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), From 46118e62a2a745fa4c224ee05d58fcf83e114fc4 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Mon, 17 Feb 2025 23:28:46 +0530 Subject: [PATCH 06/24] . --- .../resource_vault_cluster_perf_replication_test.go | 6 +++--- internal/providersdkv2/resource_vault_cluster_test.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index e4af94403..279f0ca61 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -217,9 +217,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), --chirag - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), }, { diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 375bf45a3..97db4ae92 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -74,7 +74,7 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") - + t.Parallel() awsTestInput := inputT{ VaultClusterName: addTimestampSuffix("test-vault-aws-"), HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), From 4aaf4f62122de9b558bf1c1d9c4895e3d561dafe Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 00:03:43 +0530 Subject: [PATCH 07/24] . --- .../resource_vault_cluster_perf_replication_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 279f0ca61..b192c8706 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -217,9 +217,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), }, { From 991b1270111f08aafe3181737767bd0d20193f71 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 00:39:23 +0530 Subject: [PATCH 08/24] . --- .../resource_vault_cluster_perf_replication_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index b192c8706..d942ba1c8 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -52,7 +52,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int - // t.Parallel() + t.Parallel() awsPerfReplicationTestInput := &inputT{ HvnName: addTimestampSuffix("test-perf-hvn-1-"), From 1d034c7f0ded3563de87af99515cb0d06025be3d Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 10:41:56 +0530 Subject: [PATCH 09/24] . --- internal/providersdkv2/resource_vault_cluster_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 97db4ae92..2c7c3a99b 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -74,7 +74,6 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") - t.Parallel() awsTestInput := inputT{ VaultClusterName: addTimestampSuffix("test-vault-aws-"), HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), @@ -93,7 +92,7 @@ func TestAcc_Vault_ClusterAWS(t *testing.T) { tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) // save so e don't have to generate this again and again awsTestInput.tf = tf - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, ProtoV6ProviderFactories: testProtoV6ProviderFactories, CheckDestroy: testAccCheckVaultClusterDestroy, From 656d9773b42fd4bbcde24955a49157e6594abc3f Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 13:02:36 +0530 Subject: [PATCH 10/24] . --- .../resource_vault_cluster_perf_replication_test.go | 3 ++- internal/providersdkv2/resource_vault_cluster_test.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index d942ba1c8..8f90f7dfd 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -49,9 +49,10 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT return tfResources.String() } -func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { +func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int + return t.Parallel() awsPerfReplicationTestInput := &inputT{ diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 2c7c3a99b..c1ce830ac 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -345,7 +345,7 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), - // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), + // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), From 6ec17cacce1875a322806cbe3c1148d705ef5c83 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 14:00:41 +0530 Subject: [PATCH 11/24] . --- .../resource_vault_cluster_perf_replication_test.go | 3 +-- internal/providersdkv2/resource_vault_cluster_test.go | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 8f90f7dfd..685c2cb52 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -52,8 +52,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int - return - t.Parallel() + // t.Parallel() awsPerfReplicationTestInput := &inputT{ HvnName: addTimestampSuffix("test-perf-hvn-1-"), diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index c1ce830ac..2ac73c020 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -346,7 +346,7 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), + // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_private_endpoint_url"), From ab0169dabae739d1ed51b2f57477bdce1df32925 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 15:24:35 +0530 Subject: [PATCH 12/24] . --- .../resource_vault_cluster_perf_replication_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 685c2cb52..0173e3fb7 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -221,6 +221,7 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), + ExpectNonEmptyPlan: true, }, { // secondary cluster creation failed as tier doesn't match the tier of primary From b256c4189d2249809987cb5f44f69bb22c98b1af Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 17:29:13 +0530 Subject: [PATCH 13/24] . --- .../resource_vault_cluster_perf_replication_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 0173e3fb7..2414d1ec5 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -63,7 +63,7 @@ func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { Region: awsRegion, Tier: "PLUS_SMALL", UpdateTier1: "PLUS_MEDIUM", - UpdateTier2: "DEV", + UpdateTier2: "STANDARD_SMALL", Secondary: &inputT{ HvnName: addTimestampSuffix("test-perf-hvn-2-"), HvnCidr: "172.24.16.0/20", From d95df8ace1603a79a3b61cb5fe23120f3485d3a9 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 19:59:44 +0530 Subject: [PATCH 14/24] . --- ...rce_vault_cluster_perf_replication_test.go | 8 +- .../resource_vault_cluster_test.go | 2 +- .../resource_vault_plugin_test.go | 189 ------------------ 3 files changed, 5 insertions(+), 194 deletions(-) delete mode 100644 internal/providersdkv2/resource_vault_plugin_test.go diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 2414d1ec5..e9d9dbc79 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -52,7 +52,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { // t.Skip("Error:http is not enabled as an observability provider") // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int - // t.Parallel() + t.Parallel() awsPerfReplicationTestInput := &inputT{ HvnName: addTimestampSuffix("test-perf-hvn-1-"), @@ -217,9 +217,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), ExpectNonEmptyPlan: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 2ac73c020..f89a5f417 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -347,7 +347,7 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), - resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), + // resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_private_endpoint_url", "8200"), diff --git a/internal/providersdkv2/resource_vault_plugin_test.go b/internal/providersdkv2/resource_vault_plugin_test.go deleted file mode 100644 index 76724bea8..000000000 --- a/internal/providersdkv2/resource_vault_plugin_test.go +++ /dev/null @@ -1,189 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package providersdkv2 - -import ( - "context" - "fmt" - "strings" - "testing" - - sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" - vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" - "github.com/hashicorp/terraform-provider-hcp/internal/clients" - grpcstatus "google.golang.org/grpc/status" -) - -var ( - testAccVaultPluginConfig = fmt.Sprintf(` -resource "hcp_hvn" "test" { - hvn_id = "%s" - cloud_provider = "aws" - region = "us-west-2" -} - -resource "hcp_vault_cluster" "test" { - cluster_id = "%s" - hvn_id = hcp_hvn.test.hvn_id - tier = "DEV" -} - -resource "hcp_vault_plugin" "venafi_plugin" { - cluster_id = hcp_vault_cluster.test.cluster_id - plugin_name = "venafi-pki-backend" - plugin_type = "SECRET" -} -`, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) - - testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s - data "hcp_vault_plugin" "test" { - cluster_id = hcp_vault_cluster.test.cluster_id - plugin_name = "venafi-pki-backend" - plugin_type = "SECRET" - } -`, testAccVaultPluginConfig) -) - -func TestAcc_Vault_Plugin(t *testing.T) { - t.Parallel() - - resourceName := "hcp_vault_plugin.venafi_plugin" - dataSourceName := "data.hcp_vault_plugin.test" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, - ProtoV6ProviderFactories: testProtoV6ProviderFactories, - CheckDestroy: testAccCheckVaultPluginDestroy, - - Steps: []resource.TestStep{ - // Testing Create - { - Config: testConfig(testAccVaultPluginConfig), - Check: resource.ComposeTestCheckFunc( - testAccChecVaultPluginExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), - resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), - ), - }, - // Testing that we can import Vault plugin created in the previous step and that the - // resource terraform state will be exactly the same - { - ResourceName: resourceName, - ImportState: true, - ImportStateIdFunc: func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("not found: %s", resourceName) - } - - return fmt.Sprintf("%s:%s:%s:%s", - rs.Primary.Attributes["project_id"], - rs.Primary.Attributes["cluster_id"], - rs.Primary.Attributes["plugin_type"], - rs.Primary.Attributes["plugin_name"]), nil - }, - ImportStateVerify: true, - }, - // Testing Read - { - Config: testConfig(testAccVaultPluginConfig), - Check: resource.ComposeTestCheckFunc( - testAccChecVaultPluginExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), - resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), - ), - }, - // Tests datasource - { - Config: testConfig(testAccVaultPluginDataSourceConfig), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), - resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), - resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), - resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), - ), - }, - }, - }) -} - -func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[name] - if !ok { - return fmt.Errorf("not found: %s", name) - } - - id := rs.Primary.ID - if id == "" { - return fmt.Errorf("no ID is set") - } - - client := testAccProvider.Meta().(*clients.Client) - - isRegistered, err := isPluginRegistered(client, id) - if err != nil { - return err - } - - if !isRegistered { - return fmt.Errorf("unable to find plugin: %q", id) - } - - return nil - } -} - -func testAccCheckVaultPluginDestroy(s *terraform.State) error { - client := testAccProvider.Meta().(*clients.Client) - - for _, rs := range s.RootModule().Resources { - switch rs.Type { - case "hcp_vault_plugin": - id := rs.Primary.ID - isRegistered, err := isPluginRegistered(client, id) - if err != nil { - return err - } - if isRegistered { - return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) - } - default: - continue - } - } - return nil -} - -func isPluginRegistered(client *clients.Client, id string) (bool, error) { - idParts := strings.SplitN(id, "/", 8) - - clusterID := idParts[4] - pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) - pluginName := idParts[7] - - loc := &sharedmodels.HashicorpCloudLocationLocation{ - OrganizationID: client.Config.OrganizationID, - ProjectID: client.Config.ProjectID, - } - - pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) - if err != nil { - // if cluster is deleted, plugin doesn't exist - if clients.IsResponseCodeNotFound(err) { - return false, nil - } - return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) - } - - for _, plugin := range pluginsResp.Plugins { - if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { - return true, nil - } - } - - return false, nil -} From a81332f13f6d788df9782acdf4315ec8c9d53eec Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 23:21:37 +0530 Subject: [PATCH 15/24] . --- .../resource_vault_cluster_perf_replication_test.go | 3 +-- internal/providersdkv2/resource_vault_cluster_test.go | 11 +++++------ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index e9d9dbc79..5e24618b7 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -50,8 +50,6 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT } func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { - // t.Skip("Error:http is not enabled as an observability provider") - // enabled LD flag https://app.launchdarkly.com/projects/cloud-services/flags/hcpv-observability-http/targeting?env=dev&env=int&env=production&selected-env=int t.Parallel() awsPerfReplicationTestInput := &inputT{ @@ -187,6 +185,7 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { }, { // add an http audit log provider + // enabled LD flag hcpv-observability-http for int env Config: testConfig(setTestAccPerformanceReplicationE2E(t, ` resource "hcp_vault_cluster" "c1" { cluster_id = "{{ .VaultClusterName }}" diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index f89a5f417..0239fe536 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -73,7 +73,6 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. func TestAcc_Vault_ClusterAWS(t *testing.T) { - // t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'") awsTestInput := inputT{ VaultClusterName: addTimestampSuffix("test-vault-aws-"), HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), @@ -92,7 +91,7 @@ func TestAcc_Vault_ClusterAWS(t *testing.T) { tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) // save so e don't have to generate this again and again awsTestInput.tf = tf - resource.Test(t, resource.TestCase{ + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, ProtoV6ProviderFactories: testProtoV6ProviderFactories, CheckDestroy: testAccCheckVaultClusterDestroy, @@ -311,7 +310,7 @@ func updateNetworkObservabilityAndMVU(t *testing.T, in *inputT) resource.TestSte }, } return resource.TestStep{ - Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier1)), + Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier2)), Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), @@ -345,9 +344,9 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), - // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), - // resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), - // resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), + resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_public_endpoint_url", "8200"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(in.VaultClusterResourceName, "vault_private_endpoint_url", "8200"), From 7d85b20eef70aae283b1766b0ddfa91242b49b2e Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 23:24:53 +0530 Subject: [PATCH 16/24] . --- .../resource_vault_plugin_test.go | 189 ++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 internal/providersdkv2/resource_vault_plugin_test.go diff --git a/internal/providersdkv2/resource_vault_plugin_test.go b/internal/providersdkv2/resource_vault_plugin_test.go new file mode 100644 index 000000000..76724bea8 --- /dev/null +++ b/internal/providersdkv2/resource_vault_plugin_test.go @@ -0,0 +1,189 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package providersdkv2 + +import ( + "context" + "fmt" + "strings" + "testing" + + sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" + vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/hashicorp/terraform-provider-hcp/internal/clients" + grpcstatus "google.golang.org/grpc/status" +) + +var ( + testAccVaultPluginConfig = fmt.Sprintf(` +resource "hcp_hvn" "test" { + hvn_id = "%s" + cloud_provider = "aws" + region = "us-west-2" +} + +resource "hcp_vault_cluster" "test" { + cluster_id = "%s" + hvn_id = hcp_hvn.test.hvn_id + tier = "DEV" +} + +resource "hcp_vault_plugin" "venafi_plugin" { + cluster_id = hcp_vault_cluster.test.cluster_id + plugin_name = "venafi-pki-backend" + plugin_type = "SECRET" +} +`, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) + + testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s + data "hcp_vault_plugin" "test" { + cluster_id = hcp_vault_cluster.test.cluster_id + plugin_name = "venafi-pki-backend" + plugin_type = "SECRET" + } +`, testAccVaultPluginConfig) +) + +func TestAcc_Vault_Plugin(t *testing.T) { + t.Parallel() + + resourceName := "hcp_vault_plugin.venafi_plugin" + dataSourceName := "data.hcp_vault_plugin.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + CheckDestroy: testAccCheckVaultPluginDestroy, + + Steps: []resource.TestStep{ + // Testing Create + { + Config: testConfig(testAccVaultPluginConfig), + Check: resource.ComposeTestCheckFunc( + testAccChecVaultPluginExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), + resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), + ), + }, + // Testing that we can import Vault plugin created in the previous step and that the + // resource terraform state will be exactly the same + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("not found: %s", resourceName) + } + + return fmt.Sprintf("%s:%s:%s:%s", + rs.Primary.Attributes["project_id"], + rs.Primary.Attributes["cluster_id"], + rs.Primary.Attributes["plugin_type"], + rs.Primary.Attributes["plugin_name"]), nil + }, + ImportStateVerify: true, + }, + // Testing Read + { + Config: testConfig(testAccVaultPluginConfig), + Check: resource.ComposeTestCheckFunc( + testAccChecVaultPluginExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), + resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), + ), + }, + // Tests datasource + { + Config: testConfig(testAccVaultPluginDataSourceConfig), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), + resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), + resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), + resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), + ), + }, + }, + }) +} + +func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("not found: %s", name) + } + + id := rs.Primary.ID + if id == "" { + return fmt.Errorf("no ID is set") + } + + client := testAccProvider.Meta().(*clients.Client) + + isRegistered, err := isPluginRegistered(client, id) + if err != nil { + return err + } + + if !isRegistered { + return fmt.Errorf("unable to find plugin: %q", id) + } + + return nil + } +} + +func testAccCheckVaultPluginDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*clients.Client) + + for _, rs := range s.RootModule().Resources { + switch rs.Type { + case "hcp_vault_plugin": + id := rs.Primary.ID + isRegistered, err := isPluginRegistered(client, id) + if err != nil { + return err + } + if isRegistered { + return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) + } + default: + continue + } + } + return nil +} + +func isPluginRegistered(client *clients.Client, id string) (bool, error) { + idParts := strings.SplitN(id, "/", 8) + + clusterID := idParts[4] + pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) + pluginName := idParts[7] + + loc := &sharedmodels.HashicorpCloudLocationLocation{ + OrganizationID: client.Config.OrganizationID, + ProjectID: client.Config.ProjectID, + } + + pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) + if err != nil { + // if cluster is deleted, plugin doesn't exist + if clients.IsResponseCodeNotFound(err) { + return false, nil + } + return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) + } + + for _, plugin := range pluginsResp.Plugins { + if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { + return true, nil + } + } + + return false, nil +} From d3b76a664cc4223b07dd8114a6b71999b67983c3 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Tue, 18 Feb 2025 23:25:59 +0530 Subject: [PATCH 17/24] . --- .../resource_vault_cluster_perf_replication_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 5e24618b7..48a63b18d 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -49,7 +49,7 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT return tfResources.String() } -func TestAcc_Vault_PerformanceReplicatiosn_ValidationsAws(t *testing.T) { +func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) { t.Parallel() awsPerfReplicationTestInput := &inputT{ From d82592f05936dc2fa46a24162f132dda9393fd70 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 01:27:34 +0530 Subject: [PATCH 18/24] . --- .../resource_vault_cluster_perf_replication_test.go | 6 +++--- internal/providersdkv2/resource_vault_cluster_test.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 48a63b18d..1fc9f6e62 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -216,9 +216,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), ExpectNonEmptyPlan: true, }, diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index 0239fe536..d18d159fe 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -310,7 +310,7 @@ func updateNetworkObservabilityAndMVU(t *testing.T, in *inputT) resource.TestSte }, } return resource.TestStep{ - Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier2)), + Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterPublicProxyObservabilityAndMVU, newIn, newIn.UpdateTier1)), Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "true"), @@ -340,10 +340,10 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource. newIn.PublicEndpoint = "false" newIn.ProxyEndpoint = "DISABLED" return resource.TestStep{ - Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterTierPublicProxyAndMVU, newIn, newIn.UpdateTier2)), + Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterTierPublicProxyAndMVU, newIn, newIn.UpdateTier1)), Check: resource.ComposeTestCheckFunc( testAccCheckVaultClusterExists(in.VaultClusterResourceName), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier1), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"), resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"), resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"), From 125de524b28bfc211490472c5de309931ff1a29e Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 09:31:04 +0530 Subject: [PATCH 19/24] change audit log config --- .../resource_vault_cluster_perf_replication_test.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 1fc9f6e62..099331999 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -192,10 +192,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { hvn_id = hcp_hvn.hvn1.hvn_id tier = "{{ .Tier }}" public_endpoint = true - audit_log_config { - http_uri = "https://http-input-splunkcloud.com" - http_codec = "JSON" - http_method = "POST" + audit_log_config { + datadog_api_key = "test_datadog" + datadog_region = "us1" } } `, in)), @@ -216,6 +215,9 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), + resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "audit_log_config.0.datadog_api_key"), + resource.TestCheckResourceAttr(in.VaultClusterResourceName, "audit_log_config.0.datadog_region", "us1"), + // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), From 51dafd643e2f48431946843ee474a15eb58675e5 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 09:33:31 +0530 Subject: [PATCH 20/24] change audit log config --- .../resource_vault_cluster_test.go | 102 ++--- .../resource_vault_plugin_test.go | 372 +++++++++--------- 2 files changed, 237 insertions(+), 237 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index d18d159fe..bb6981083 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -44,60 +44,60 @@ func (in *inputT) GetHvnCidr() string { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. -func TestAcc_Vault_ClusterAzure(t *testing.T) { - azureTestInput := inputT{ - VaultClusterName: addTimestampSuffix("test-vault-azure-"), - HvnName: testAccUniqueNameWithPrefix("vault-hvn-azure"), - VaultClusterResourceName: vaultClusterResourceName, - VaultClusterDataSourceName: vaultClusterDataSourceName, - AdminTokenResourceName: adminTokenResourceName, - CloudProvider: cloudProviderAzure, - Region: azureRegion, - Tier: "DEV", - UpdateTier1: "STANDARD_SMALL", - UpdateTier2: "STANDARD_MEDIUM", - PublicEndpoint: "false", - ProxyEndpoint: "DISABLED", - } - tf := setTestAccVaultClusterConfig(t, vaultCluster, azureTestInput, azureTestInput.Tier) - // save so e don't have to generate this again and again - azureTestInput.tf = tf - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, - ProtoV6ProviderFactories: testProtoV6ProviderFactories, - CheckDestroy: testAccCheckVaultClusterDestroy, - Steps: azureTestSteps(t, azureTestInput), - }) -} +// func TestAcc_Vault_ClusterAzure(t *testing.T) { +// azureTestInput := inputT{ +// VaultClusterName: addTimestampSuffix("test-vault-azure-"), +// HvnName: testAccUniqueNameWithPrefix("vault-hvn-azure"), +// VaultClusterResourceName: vaultClusterResourceName, +// VaultClusterDataSourceName: vaultClusterDataSourceName, +// AdminTokenResourceName: adminTokenResourceName, +// CloudProvider: cloudProviderAzure, +// Region: azureRegion, +// Tier: "DEV", +// UpdateTier1: "STANDARD_SMALL", +// UpdateTier2: "STANDARD_MEDIUM", +// PublicEndpoint: "false", +// ProxyEndpoint: "DISABLED", +// } +// tf := setTestAccVaultClusterConfig(t, vaultCluster, azureTestInput, azureTestInput.Tier) +// // save so e don't have to generate this again and again +// azureTestInput.tf = tf +// resource.ParallelTest(t, resource.TestCase{ +// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, +// ProtoV6ProviderFactories: testProtoV6ProviderFactories, +// CheckDestroy: testAccCheckVaultClusterDestroy, +// Steps: azureTestSteps(t, azureTestInput), +// }) +// } // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. -func TestAcc_Vault_ClusterAWS(t *testing.T) { - awsTestInput := inputT{ - VaultClusterName: addTimestampSuffix("test-vault-aws-"), - HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), - VaultClusterResourceName: vaultClusterResourceName, - VaultClusterDataSourceName: vaultClusterDataSourceName, - AdminTokenResourceName: adminTokenResourceName, - CloudProvider: cloudProviderAWS, - Region: awsRegion, - Tier: "DEV", - UpdateTier1: "STANDARD_SMALL", - UpdateTier2: "STANDARD_MEDIUM", - PublicEndpoint: "false", - ProxyEndpoint: "DISABLED", - } - - tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) - // save so e don't have to generate this again and again - awsTestInput.tf = tf - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, - ProtoV6ProviderFactories: testProtoV6ProviderFactories, - CheckDestroy: testAccCheckVaultClusterDestroy, - Steps: awsTestSteps(t, awsTestInput), - }) -} +// func TestAcc_Vault_ClusterAWS(t *testing.T) { +// awsTestInput := inputT{ +// VaultClusterName: addTimestampSuffix("test-vault-aws-"), +// HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), +// VaultClusterResourceName: vaultClusterResourceName, +// VaultClusterDataSourceName: vaultClusterDataSourceName, +// AdminTokenResourceName: adminTokenResourceName, +// CloudProvider: cloudProviderAWS, +// Region: awsRegion, +// Tier: "DEV", +// UpdateTier1: "STANDARD_SMALL", +// UpdateTier2: "STANDARD_MEDIUM", +// PublicEndpoint: "false", +// ProxyEndpoint: "DISABLED", +// } + +// tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) +// // save so e don't have to generate this again and again +// awsTestInput.tf = tf +// resource.ParallelTest(t, resource.TestCase{ +// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, +// ProtoV6ProviderFactories: testProtoV6ProviderFactories, +// CheckDestroy: testAccCheckVaultClusterDestroy, +// Steps: awsTestSteps(t, awsTestInput), +// }) +// } func testAccCheckVaultClusterExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { diff --git a/internal/providersdkv2/resource_vault_plugin_test.go b/internal/providersdkv2/resource_vault_plugin_test.go index 76724bea8..b86996fda 100644 --- a/internal/providersdkv2/resource_vault_plugin_test.go +++ b/internal/providersdkv2/resource_vault_plugin_test.go @@ -1,189 +1,189 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 +// // Copyright (c) HashiCorp, Inc. +// // SPDX-License-Identifier: MPL-2.0 package providersdkv2 -import ( - "context" - "fmt" - "strings" - "testing" - - sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" - vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" - "github.com/hashicorp/terraform-provider-hcp/internal/clients" - grpcstatus "google.golang.org/grpc/status" -) - -var ( - testAccVaultPluginConfig = fmt.Sprintf(` -resource "hcp_hvn" "test" { - hvn_id = "%s" - cloud_provider = "aws" - region = "us-west-2" -} - -resource "hcp_vault_cluster" "test" { - cluster_id = "%s" - hvn_id = hcp_hvn.test.hvn_id - tier = "DEV" -} - -resource "hcp_vault_plugin" "venafi_plugin" { - cluster_id = hcp_vault_cluster.test.cluster_id - plugin_name = "venafi-pki-backend" - plugin_type = "SECRET" -} -`, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) - - testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s - data "hcp_vault_plugin" "test" { - cluster_id = hcp_vault_cluster.test.cluster_id - plugin_name = "venafi-pki-backend" - plugin_type = "SECRET" - } -`, testAccVaultPluginConfig) -) - -func TestAcc_Vault_Plugin(t *testing.T) { - t.Parallel() - - resourceName := "hcp_vault_plugin.venafi_plugin" - dataSourceName := "data.hcp_vault_plugin.test" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, - ProtoV6ProviderFactories: testProtoV6ProviderFactories, - CheckDestroy: testAccCheckVaultPluginDestroy, - - Steps: []resource.TestStep{ - // Testing Create - { - Config: testConfig(testAccVaultPluginConfig), - Check: resource.ComposeTestCheckFunc( - testAccChecVaultPluginExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), - resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), - ), - }, - // Testing that we can import Vault plugin created in the previous step and that the - // resource terraform state will be exactly the same - { - ResourceName: resourceName, - ImportState: true, - ImportStateIdFunc: func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("not found: %s", resourceName) - } - - return fmt.Sprintf("%s:%s:%s:%s", - rs.Primary.Attributes["project_id"], - rs.Primary.Attributes["cluster_id"], - rs.Primary.Attributes["plugin_type"], - rs.Primary.Attributes["plugin_name"]), nil - }, - ImportStateVerify: true, - }, - // Testing Read - { - Config: testConfig(testAccVaultPluginConfig), - Check: resource.ComposeTestCheckFunc( - testAccChecVaultPluginExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), - resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), - ), - }, - // Tests datasource - { - Config: testConfig(testAccVaultPluginDataSourceConfig), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), - resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), - resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), - resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), - ), - }, - }, - }) -} - -func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[name] - if !ok { - return fmt.Errorf("not found: %s", name) - } - - id := rs.Primary.ID - if id == "" { - return fmt.Errorf("no ID is set") - } - - client := testAccProvider.Meta().(*clients.Client) - - isRegistered, err := isPluginRegistered(client, id) - if err != nil { - return err - } - - if !isRegistered { - return fmt.Errorf("unable to find plugin: %q", id) - } - - return nil - } -} - -func testAccCheckVaultPluginDestroy(s *terraform.State) error { - client := testAccProvider.Meta().(*clients.Client) - - for _, rs := range s.RootModule().Resources { - switch rs.Type { - case "hcp_vault_plugin": - id := rs.Primary.ID - isRegistered, err := isPluginRegistered(client, id) - if err != nil { - return err - } - if isRegistered { - return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) - } - default: - continue - } - } - return nil -} - -func isPluginRegistered(client *clients.Client, id string) (bool, error) { - idParts := strings.SplitN(id, "/", 8) - - clusterID := idParts[4] - pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) - pluginName := idParts[7] - - loc := &sharedmodels.HashicorpCloudLocationLocation{ - OrganizationID: client.Config.OrganizationID, - ProjectID: client.Config.ProjectID, - } - - pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) - if err != nil { - // if cluster is deleted, plugin doesn't exist - if clients.IsResponseCodeNotFound(err) { - return false, nil - } - return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) - } - - for _, plugin := range pluginsResp.Plugins { - if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { - return true, nil - } - } - - return false, nil -} +// import ( +// "context" +// "fmt" +// "strings" +// "testing" + +// sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" +// vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" +// "github.com/hashicorp/terraform-plugin-testing/helper/resource" +// "github.com/hashicorp/terraform-plugin-testing/terraform" +// "github.com/hashicorp/terraform-provider-hcp/internal/clients" +// grpcstatus "google.golang.org/grpc/status" +// ) + +// var ( +// testAccVaultPluginConfig = fmt.Sprintf(` +// resource "hcp_hvn" "test" { +// hvn_id = "%s" +// cloud_provider = "aws" +// region = "us-west-2" +// } + +// resource "hcp_vault_cluster" "test" { +// cluster_id = "%s" +// hvn_id = hcp_hvn.test.hvn_id +// tier = "DEV" +// } + +// resource "hcp_vault_plugin" "venafi_plugin" { +// cluster_id = hcp_vault_cluster.test.cluster_id +// plugin_name = "venafi-pki-backend" +// plugin_type = "SECRET" +// } +// `, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) + +// testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s +// data "hcp_vault_plugin" "test" { +// cluster_id = hcp_vault_cluster.test.cluster_id +// plugin_name = "venafi-pki-backend" +// plugin_type = "SECRET" +// } +// `, testAccVaultPluginConfig) +// ) + +// func TestAcc_Vault_Plugin(t *testing.T) { +// t.Parallel() + +// resourceName := "hcp_vault_plugin.venafi_plugin" +// dataSourceName := "data.hcp_vault_plugin.test" + +// resource.Test(t, resource.TestCase{ +// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, +// ProtoV6ProviderFactories: testProtoV6ProviderFactories, +// CheckDestroy: testAccCheckVaultPluginDestroy, + +// Steps: []resource.TestStep{ +// // Testing Create +// { +// Config: testConfig(testAccVaultPluginConfig), +// Check: resource.ComposeTestCheckFunc( +// testAccChecVaultPluginExists(resourceName), +// resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), +// resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), +// ), +// }, +// // Testing that we can import Vault plugin created in the previous step and that the +// // resource terraform state will be exactly the same +// { +// ResourceName: resourceName, +// ImportState: true, +// ImportStateIdFunc: func(s *terraform.State) (string, error) { +// rs, ok := s.RootModule().Resources[resourceName] +// if !ok { +// return "", fmt.Errorf("not found: %s", resourceName) +// } + +// return fmt.Sprintf("%s:%s:%s:%s", +// rs.Primary.Attributes["project_id"], +// rs.Primary.Attributes["cluster_id"], +// rs.Primary.Attributes["plugin_type"], +// rs.Primary.Attributes["plugin_name"]), nil +// }, +// ImportStateVerify: true, +// }, +// // Testing Read +// { +// Config: testConfig(testAccVaultPluginConfig), +// Check: resource.ComposeTestCheckFunc( +// testAccChecVaultPluginExists(resourceName), +// resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), +// resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), +// ), +// }, +// // Tests datasource +// { +// Config: testConfig(testAccVaultPluginDataSourceConfig), +// Check: resource.ComposeTestCheckFunc( +// resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), +// resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), +// resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), +// resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), +// ), +// }, +// }, +// }) +// } + +// func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { +// return func(s *terraform.State) error { +// rs, ok := s.RootModule().Resources[name] +// if !ok { +// return fmt.Errorf("not found: %s", name) +// } + +// id := rs.Primary.ID +// if id == "" { +// return fmt.Errorf("no ID is set") +// } + +// client := testAccProvider.Meta().(*clients.Client) + +// isRegistered, err := isPluginRegistered(client, id) +// if err != nil { +// return err +// } + +// if !isRegistered { +// return fmt.Errorf("unable to find plugin: %q", id) +// } + +// return nil +// } +// } + +// func testAccCheckVaultPluginDestroy(s *terraform.State) error { +// client := testAccProvider.Meta().(*clients.Client) + +// for _, rs := range s.RootModule().Resources { +// switch rs.Type { +// case "hcp_vault_plugin": +// id := rs.Primary.ID +// isRegistered, err := isPluginRegistered(client, id) +// if err != nil { +// return err +// } +// if isRegistered { +// return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) +// } +// default: +// continue +// } +// } +// return nil +// } + +// func isPluginRegistered(client *clients.Client, id string) (bool, error) { +// idParts := strings.SplitN(id, "/", 8) + +// clusterID := idParts[4] +// pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) +// pluginName := idParts[7] + +// loc := &sharedmodels.HashicorpCloudLocationLocation{ +// OrganizationID: client.Config.OrganizationID, +// ProjectID: client.Config.ProjectID, +// } + +// pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) +// if err != nil { +// // if cluster is deleted, plugin doesn't exist +// if clients.IsResponseCodeNotFound(err) { +// return false, nil +// } +// return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) +// } + +// for _, plugin := range pluginsResp.Plugins { +// if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { +// return true, nil +// } +// } + +// return false, nil +// } From 22f86e1540edee24599740cfaadf7936c554e9d3 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 10:21:05 +0530 Subject: [PATCH 21/24] removed empty plan --- .../resource_vault_cluster_perf_replication_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 099331999..d68d5a198 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -222,7 +222,7 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), - ExpectNonEmptyPlan: true, + // ExpectNonEmptyPlan: true, }, { // secondary cluster creation failed as tier doesn't match the tier of primary From 5ff122ee3b44a373abff26fa3116dfa86ba3d9d7 Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 12:54:15 +0530 Subject: [PATCH 22/24] bug fix for check audit https resrource attr --- .../providersdkv2/resource_vault_cluster.go | 78 +++++++++---------- ...rce_vault_cluster_perf_replication_test.go | 18 ++--- 2 files changed, 47 insertions(+), 49 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster.go b/internal/providersdkv2/resource_vault_cluster.go index b328024a7..c8bcfcd9d 100644 --- a/internal/providersdkv2/resource_vault_cluster.go +++ b/internal/providersdkv2/resource_vault_cluster.go @@ -1336,55 +1336,55 @@ func flattenObservabilityConfig(config *vaultmodels.HashicorpCloudVault20201125O configMap["cloudwatch_secret_access_key"] = config["cloudwatch_secret_access_key"].(string) } } + } + + if elasticsearch := config.Elasticsearch; elasticsearch != nil { + configMap["elasticsearch_endpoint"] = elasticsearch.Endpoint + configMap["elasticsearch_dataset"] = elasticsearch.Dataset + configMap["elasticsearch_user"] = elasticsearch.User + + // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations + if elasticsearch.Password != "redacted" { + configMap["elasticsearch_password"] = elasticsearch.Password + } else { + if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { + config := configParam.([]interface{})[0].(map[string]interface{}) + configMap["elasticsearch_password"] = config["elasticsearch_password"].(string) + } + } + } - if elasticsearch := config.Elasticsearch; elasticsearch != nil { - configMap["elasticsearch_endpoint"] = elasticsearch.Endpoint - configMap["elasticsearch_dataset"] = elasticsearch.Dataset - configMap["elasticsearch_user"] = elasticsearch.User + if http := config.HTTP; http != nil { + configMap["http_headers"] = http.Headers + configMap["http_codec"] = http.Codec + configMap["http_compression"] = http.Compression + configMap["http_method"] = http.Method + configMap["http_payload_prefix"] = http.PayloadPrefix + configMap["http_payload_suffix"] = http.PayloadSuffix + configMap["http_uri"] = http.URI + + if http.Basic != nil { + configMap["http_basic_user"] = http.Basic.User // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations - if elasticsearch.Password != "redacted" { - configMap["elasticsearch_password"] = elasticsearch.Password + if http.Basic.Password != "redacted" { + configMap["http_basic_password"] = http.Basic.Password } else { if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { config := configParam.([]interface{})[0].(map[string]interface{}) - configMap["elasticsearch_password"] = config["elasticsearch_password"].(string) + configMap["http_basic_password"] = config["http_basic_password"].(string) } } } - if http := config.HTTP; http != nil { - configMap["http_headers"] = http.Headers - configMap["http_codec"] = http.Codec - configMap["http_compression"] = http.Compression - configMap["http_method"] = http.Method - configMap["http_payload_prefix"] = http.PayloadPrefix - configMap["http_payload_suffix"] = http.PayloadSuffix - configMap["http_uri"] = http.URI - - if http.Basic != nil { - configMap["http_basic_user"] = http.Basic.User - - // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations - if http.Basic.Password != "redacted" { - configMap["http_basic_password"] = http.Basic.Password - } else { - if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { - config := configParam.([]interface{})[0].(map[string]interface{}) - configMap["http_basic_password"] = config["http_basic_password"].(string) - } - } - } - - if http.Bearer != nil { - // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations - if http.Bearer.Token != "redacted" { - configMap["http_bearer_token"] = http.Bearer.Token - } else { - if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { - config := configParam.([]interface{})[0].(map[string]interface{}) - configMap["http_bearer_token"] = config["http_bearer_token"].(string) - } + if http.Bearer != nil { + // Since the API return this sensitive fields as redacted, we don't update it on the config in this situations + if http.Bearer.Token != "redacted" { + configMap["http_bearer_token"] = http.Bearer.Token + } else { + if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 { + config := configParam.([]interface{})[0].(map[string]interface{}) + configMap["http_bearer_token"] = config["http_bearer_token"].(string) } } } diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index d68d5a198..48a63b18d 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -192,9 +192,10 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { hvn_id = hcp_hvn.hvn1.hvn_id tier = "{{ .Tier }}" public_endpoint = true - audit_log_config { - datadog_api_key = "test_datadog" - datadog_region = "us1" + audit_log_config { + http_uri = "https://http-input-splunkcloud.com" + http_codec = "JSON" + http_method = "POST" } } `, in)), @@ -215,14 +216,11 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttrSet(primaryVaultResourceName, "vault_private_endpoint_url"), testAccCheckFullURL(primaryVaultResourceName, "vault_private_endpoint_url", ""), resource.TestCheckResourceAttrSet(primaryVaultResourceName, "created_at"), - resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "audit_log_config.0.datadog_api_key"), - resource.TestCheckResourceAttr(in.VaultClusterResourceName, "audit_log_config.0.datadog_region", "us1"), - - // resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), - // resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), + resource.TestCheckResourceAttrSet(primaryVaultResourceName, "audit_log_config.0.http_uri"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), + resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), - // ExpectNonEmptyPlan: true, + ExpectNonEmptyPlan: true, }, { // secondary cluster creation failed as tier doesn't match the tier of primary From 1cae72491fc34cb20e3c61a050ac87961c6f0b9b Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 14:21:03 +0530 Subject: [PATCH 23/24] . --- ...rce_vault_cluster_perf_replication_test.go | 1 - .../resource_vault_cluster_test.go | 102 ++--- .../resource_vault_plugin_test.go | 372 +++++++++--------- 3 files changed, 237 insertions(+), 238 deletions(-) diff --git a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go index 48a63b18d..e9c541432 100644 --- a/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go +++ b/internal/providersdkv2/resource_vault_cluster_perf_replication_test.go @@ -220,7 +220,6 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep { resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_codec", "JSON"), resource.TestCheckResourceAttr(primaryVaultResourceName, "audit_log_config.0.http_method", "POST"), ), - ExpectNonEmptyPlan: true, }, { // secondary cluster creation failed as tier doesn't match the tier of primary diff --git a/internal/providersdkv2/resource_vault_cluster_test.go b/internal/providersdkv2/resource_vault_cluster_test.go index bb6981083..d18d159fe 100644 --- a/internal/providersdkv2/resource_vault_cluster_test.go +++ b/internal/providersdkv2/resource_vault_cluster_test.go @@ -44,60 +44,60 @@ func (in *inputT) GetHvnCidr() string { // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. -// func TestAcc_Vault_ClusterAzure(t *testing.T) { -// azureTestInput := inputT{ -// VaultClusterName: addTimestampSuffix("test-vault-azure-"), -// HvnName: testAccUniqueNameWithPrefix("vault-hvn-azure"), -// VaultClusterResourceName: vaultClusterResourceName, -// VaultClusterDataSourceName: vaultClusterDataSourceName, -// AdminTokenResourceName: adminTokenResourceName, -// CloudProvider: cloudProviderAzure, -// Region: azureRegion, -// Tier: "DEV", -// UpdateTier1: "STANDARD_SMALL", -// UpdateTier2: "STANDARD_MEDIUM", -// PublicEndpoint: "false", -// ProxyEndpoint: "DISABLED", -// } -// tf := setTestAccVaultClusterConfig(t, vaultCluster, azureTestInput, azureTestInput.Tier) -// // save so e don't have to generate this again and again -// azureTestInput.tf = tf -// resource.ParallelTest(t, resource.TestCase{ -// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, -// ProtoV6ProviderFactories: testProtoV6ProviderFactories, -// CheckDestroy: testAccCheckVaultClusterDestroy, -// Steps: azureTestSteps(t, azureTestInput), -// }) -// } +func TestAcc_Vault_ClusterAzure(t *testing.T) { + azureTestInput := inputT{ + VaultClusterName: addTimestampSuffix("test-vault-azure-"), + HvnName: testAccUniqueNameWithPrefix("vault-hvn-azure"), + VaultClusterResourceName: vaultClusterResourceName, + VaultClusterDataSourceName: vaultClusterDataSourceName, + AdminTokenResourceName: adminTokenResourceName, + CloudProvider: cloudProviderAzure, + Region: azureRegion, + Tier: "DEV", + UpdateTier1: "STANDARD_SMALL", + UpdateTier2: "STANDARD_MEDIUM", + PublicEndpoint: "false", + ProxyEndpoint: "DISABLED", + } + tf := setTestAccVaultClusterConfig(t, vaultCluster, azureTestInput, azureTestInput.Tier) + // save so e don't have to generate this again and again + azureTestInput.tf = tf + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + CheckDestroy: testAccCheckVaultClusterDestroy, + Steps: azureTestSteps(t, azureTestInput), + }) +} // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource // to shorten testing time. -// func TestAcc_Vault_ClusterAWS(t *testing.T) { -// awsTestInput := inputT{ -// VaultClusterName: addTimestampSuffix("test-vault-aws-"), -// HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), -// VaultClusterResourceName: vaultClusterResourceName, -// VaultClusterDataSourceName: vaultClusterDataSourceName, -// AdminTokenResourceName: adminTokenResourceName, -// CloudProvider: cloudProviderAWS, -// Region: awsRegion, -// Tier: "DEV", -// UpdateTier1: "STANDARD_SMALL", -// UpdateTier2: "STANDARD_MEDIUM", -// PublicEndpoint: "false", -// ProxyEndpoint: "DISABLED", -// } - -// tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) -// // save so e don't have to generate this again and again -// awsTestInput.tf = tf -// resource.ParallelTest(t, resource.TestCase{ -// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, -// ProtoV6ProviderFactories: testProtoV6ProviderFactories, -// CheckDestroy: testAccCheckVaultClusterDestroy, -// Steps: awsTestSteps(t, awsTestInput), -// }) -// } +func TestAcc_Vault_ClusterAWS(t *testing.T) { + awsTestInput := inputT{ + VaultClusterName: addTimestampSuffix("test-vault-aws-"), + HvnName: testAccUniqueNameWithPrefix("vault-hvn-aws"), + VaultClusterResourceName: vaultClusterResourceName, + VaultClusterDataSourceName: vaultClusterDataSourceName, + AdminTokenResourceName: adminTokenResourceName, + CloudProvider: cloudProviderAWS, + Region: awsRegion, + Tier: "DEV", + UpdateTier1: "STANDARD_SMALL", + UpdateTier2: "STANDARD_MEDIUM", + PublicEndpoint: "false", + ProxyEndpoint: "DISABLED", + } + + tf := setTestAccVaultClusterConfig(t, vaultCluster, awsTestInput, awsTestInput.Tier) + // save so e don't have to generate this again and again + awsTestInput.tf = tf + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + CheckDestroy: testAccCheckVaultClusterDestroy, + Steps: awsTestSteps(t, awsTestInput), + }) +} func testAccCheckVaultClusterExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { diff --git a/internal/providersdkv2/resource_vault_plugin_test.go b/internal/providersdkv2/resource_vault_plugin_test.go index b86996fda..76724bea8 100644 --- a/internal/providersdkv2/resource_vault_plugin_test.go +++ b/internal/providersdkv2/resource_vault_plugin_test.go @@ -1,189 +1,189 @@ -// // Copyright (c) HashiCorp, Inc. -// // SPDX-License-Identifier: MPL-2.0 +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 package providersdkv2 -// import ( -// "context" -// "fmt" -// "strings" -// "testing" - -// sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" -// vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" -// "github.com/hashicorp/terraform-plugin-testing/helper/resource" -// "github.com/hashicorp/terraform-plugin-testing/terraform" -// "github.com/hashicorp/terraform-provider-hcp/internal/clients" -// grpcstatus "google.golang.org/grpc/status" -// ) - -// var ( -// testAccVaultPluginConfig = fmt.Sprintf(` -// resource "hcp_hvn" "test" { -// hvn_id = "%s" -// cloud_provider = "aws" -// region = "us-west-2" -// } - -// resource "hcp_vault_cluster" "test" { -// cluster_id = "%s" -// hvn_id = hcp_hvn.test.hvn_id -// tier = "DEV" -// } - -// resource "hcp_vault_plugin" "venafi_plugin" { -// cluster_id = hcp_vault_cluster.test.cluster_id -// plugin_name = "venafi-pki-backend" -// plugin_type = "SECRET" -// } -// `, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) - -// testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s -// data "hcp_vault_plugin" "test" { -// cluster_id = hcp_vault_cluster.test.cluster_id -// plugin_name = "venafi-pki-backend" -// plugin_type = "SECRET" -// } -// `, testAccVaultPluginConfig) -// ) - -// func TestAcc_Vault_Plugin(t *testing.T) { -// t.Parallel() - -// resourceName := "hcp_vault_plugin.venafi_plugin" -// dataSourceName := "data.hcp_vault_plugin.test" - -// resource.Test(t, resource.TestCase{ -// PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, -// ProtoV6ProviderFactories: testProtoV6ProviderFactories, -// CheckDestroy: testAccCheckVaultPluginDestroy, - -// Steps: []resource.TestStep{ -// // Testing Create -// { -// Config: testConfig(testAccVaultPluginConfig), -// Check: resource.ComposeTestCheckFunc( -// testAccChecVaultPluginExists(resourceName), -// resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), -// resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), -// ), -// }, -// // Testing that we can import Vault plugin created in the previous step and that the -// // resource terraform state will be exactly the same -// { -// ResourceName: resourceName, -// ImportState: true, -// ImportStateIdFunc: func(s *terraform.State) (string, error) { -// rs, ok := s.RootModule().Resources[resourceName] -// if !ok { -// return "", fmt.Errorf("not found: %s", resourceName) -// } - -// return fmt.Sprintf("%s:%s:%s:%s", -// rs.Primary.Attributes["project_id"], -// rs.Primary.Attributes["cluster_id"], -// rs.Primary.Attributes["plugin_type"], -// rs.Primary.Attributes["plugin_name"]), nil -// }, -// ImportStateVerify: true, -// }, -// // Testing Read -// { -// Config: testConfig(testAccVaultPluginConfig), -// Check: resource.ComposeTestCheckFunc( -// testAccChecVaultPluginExists(resourceName), -// resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), -// resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), -// ), -// }, -// // Tests datasource -// { -// Config: testConfig(testAccVaultPluginDataSourceConfig), -// Check: resource.ComposeTestCheckFunc( -// resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), -// resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), -// resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), -// resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), -// ), -// }, -// }, -// }) -// } - -// func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { -// return func(s *terraform.State) error { -// rs, ok := s.RootModule().Resources[name] -// if !ok { -// return fmt.Errorf("not found: %s", name) -// } - -// id := rs.Primary.ID -// if id == "" { -// return fmt.Errorf("no ID is set") -// } - -// client := testAccProvider.Meta().(*clients.Client) - -// isRegistered, err := isPluginRegistered(client, id) -// if err != nil { -// return err -// } - -// if !isRegistered { -// return fmt.Errorf("unable to find plugin: %q", id) -// } - -// return nil -// } -// } - -// func testAccCheckVaultPluginDestroy(s *terraform.State) error { -// client := testAccProvider.Meta().(*clients.Client) - -// for _, rs := range s.RootModule().Resources { -// switch rs.Type { -// case "hcp_vault_plugin": -// id := rs.Primary.ID -// isRegistered, err := isPluginRegistered(client, id) -// if err != nil { -// return err -// } -// if isRegistered { -// return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) -// } -// default: -// continue -// } -// } -// return nil -// } - -// func isPluginRegistered(client *clients.Client, id string) (bool, error) { -// idParts := strings.SplitN(id, "/", 8) - -// clusterID := idParts[4] -// pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) -// pluginName := idParts[7] - -// loc := &sharedmodels.HashicorpCloudLocationLocation{ -// OrganizationID: client.Config.OrganizationID, -// ProjectID: client.Config.ProjectID, -// } - -// pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) -// if err != nil { -// // if cluster is deleted, plugin doesn't exist -// if clients.IsResponseCodeNotFound(err) { -// return false, nil -// } -// return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) -// } - -// for _, plugin := range pluginsResp.Plugins { -// if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { -// return true, nil -// } -// } - -// return false, nil -// } +import ( + "context" + "fmt" + "strings" + "testing" + + sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" + vaultmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/models" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/hashicorp/terraform-provider-hcp/internal/clients" + grpcstatus "google.golang.org/grpc/status" +) + +var ( + testAccVaultPluginConfig = fmt.Sprintf(` +resource "hcp_hvn" "test" { + hvn_id = "%s" + cloud_provider = "aws" + region = "us-west-2" +} + +resource "hcp_vault_cluster" "test" { + cluster_id = "%s" + hvn_id = hcp_hvn.test.hvn_id + tier = "DEV" +} + +resource "hcp_vault_plugin" "venafi_plugin" { + cluster_id = hcp_vault_cluster.test.cluster_id + plugin_name = "venafi-pki-backend" + plugin_type = "SECRET" +} +`, testAccUniqueNameWithPrefix("vault-hvn-aws-"), addTimestampSuffix("test-cluster-")) + + testAccVaultPluginDataSourceConfig = fmt.Sprintf(`%s + data "hcp_vault_plugin" "test" { + cluster_id = hcp_vault_cluster.test.cluster_id + plugin_name = "venafi-pki-backend" + plugin_type = "SECRET" + } +`, testAccVaultPluginConfig) +) + +func TestAcc_Vault_Plugin(t *testing.T) { + t.Parallel() + + resourceName := "hcp_vault_plugin.venafi_plugin" + dataSourceName := "data.hcp_vault_plugin.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": false}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + CheckDestroy: testAccCheckVaultPluginDestroy, + + Steps: []resource.TestStep{ + // Testing Create + { + Config: testConfig(testAccVaultPluginConfig), + Check: resource.ComposeTestCheckFunc( + testAccChecVaultPluginExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), + resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), + ), + }, + // Testing that we can import Vault plugin created in the previous step and that the + // resource terraform state will be exactly the same + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("not found: %s", resourceName) + } + + return fmt.Sprintf("%s:%s:%s:%s", + rs.Primary.Attributes["project_id"], + rs.Primary.Attributes["cluster_id"], + rs.Primary.Attributes["plugin_type"], + rs.Primary.Attributes["plugin_name"]), nil + }, + ImportStateVerify: true, + }, + // Testing Read + { + Config: testConfig(testAccVaultPluginConfig), + Check: resource.ComposeTestCheckFunc( + testAccChecVaultPluginExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "plugin_name", "venafi-pki-backend"), + resource.TestCheckResourceAttr(resourceName, "plugin_type", "SECRET"), + ), + }, + // Tests datasource + { + Config: testConfig(testAccVaultPluginDataSourceConfig), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(resourceName, "plugin_type", dataSourceName, "plugin_type"), + resource.TestCheckResourceAttrPair(resourceName, "plugin_name", dataSourceName, "plugin_name"), + resource.TestCheckResourceAttrPair(resourceName, "cluster_id", dataSourceName, "cluster_id"), + resource.TestCheckResourceAttrPair(resourceName, "project_id", dataSourceName, "project_id"), + ), + }, + }, + }) +} + +func testAccChecVaultPluginExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("not found: %s", name) + } + + id := rs.Primary.ID + if id == "" { + return fmt.Errorf("no ID is set") + } + + client := testAccProvider.Meta().(*clients.Client) + + isRegistered, err := isPluginRegistered(client, id) + if err != nil { + return err + } + + if !isRegistered { + return fmt.Errorf("unable to find plugin: %q", id) + } + + return nil + } +} + +func testAccCheckVaultPluginDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*clients.Client) + + for _, rs := range s.RootModule().Resources { + switch rs.Type { + case "hcp_vault_plugin": + id := rs.Primary.ID + isRegistered, err := isPluginRegistered(client, id) + if err != nil { + return err + } + if isRegistered { + return fmt.Errorf("plugin status is still reporting that plugin is registered: %s", id) + } + default: + continue + } + } + return nil +} + +func isPluginRegistered(client *clients.Client, id string) (bool, error) { + idParts := strings.SplitN(id, "/", 8) + + clusterID := idParts[4] + pluginType := vaultmodels.HashicorpCloudVault20201125PluginType(idParts[6]) + pluginName := idParts[7] + + loc := &sharedmodels.HashicorpCloudLocationLocation{ + OrganizationID: client.Config.OrganizationID, + ProjectID: client.Config.ProjectID, + } + + pluginsResp, err := clients.ListPlugins(context.Background(), client, loc, clusterID) + if err != nil { + // if cluster is deleted, plugin doesn't exist + if clients.IsResponseCodeNotFound(err) { + return false, nil + } + return false, fmt.Errorf("unable to list plugins %q: %v. code: %d", id, err, grpcstatus.Code(err)) + } + + for _, plugin := range pluginsResp.Plugins { + if strings.EqualFold(pluginName, plugin.PluginName) && pluginType == *plugin.PluginType && plugin.IsRegistered { + return true, nil + } + } + + return false, nil +} From 98e9a1c8eb46029d53224bad7b28c56878dc188d Mon Sep 17 00:00:00 2001 From: "chirag.soni" Date: Wed, 19 Feb 2025 16:56:55 +0530 Subject: [PATCH 24/24] adding changelog --- .changelog/1218.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/1218.txt diff --git a/.changelog/1218.txt b/.changelog/1218.txt new file mode 100644 index 000000000..9deeea8b2 --- /dev/null +++ b/.changelog/1218.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Enabling failing HCP Vault Dedicates GHA pipeline tests with fix. +``` \ No newline at end of file