add resource update tests, force-new on sign, use OCI validators (#17)

- add force-new semantics to sign so you can update the `image` of a
`cosign_sign` resource
- test that resources can be updated and still work (by creating a new
thing)
- have tests use the in-process test registry
- use validators from tf-oci
- test using Go 1.20
- rename `{attest,sign}_resource{_test}.go` ->
`resource_{attest,sign}{_test}.go` to match convention

---------

Signed-off-by: Jason Hall <jason@chainguard.dev>

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
         ref: refs/pull/${{ github.event.pull_request.number }}/merge
     - uses: actions/setup-go@v4
       with:
-        go-version: '1.18'
+        go-version: 1.20.x
     - run: go generate ./...
     - name: git diff
       run: |
@@ -43,22 +43,11 @@ jobs:
         ref: refs/pull/${{ github.event.pull_request.number }}/merge
     - uses: actions/setup-go@v4
       with:
-        go-version: '1.18'
-
-    - uses: imjasonh/setup-crane@v0.3
-    - uses: chainguard-dev/actions/setup-registry@main
-      with:
-        port: 5000
-
+        go-version: 1.20.x
     - uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: ${{ matrix.terraform }}
         terraform_wrapper: false
-
     - run: go mod download
     - run: go build -v .
-    - run: |
-        crane copy --insecure cgr.dev/chainguard/static:latest-glibc localhost:5000/cosign-testing
-        export TEST_IMAGE=localhost:5000/cosign-testing@$(crane digest --insecure localhost:5000/cosign-testing)
-
-        TF_ACC=1 go test -v -cover ./internal/provider/
+    - run: TF_ACC=1 go test -v -cover ./internal/provider/

go.mod

@@ -3,6 +3,7 @@ module github.com/chainguard-dev/terraform-provider-cosign
 go 1.19
 
 require (
+	github.com/chainguard-dev/terraform-provider-oci v0.0.0-20230426201150-f82273dff08e
 	github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/terraform-plugin-docs v0.14.1

go.sum

@@ -248,6 +248,8 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chainguard-dev/terraform-provider-oci v0.0.0-20230426201150-f82273dff08e h1:9FgJN0uYkNRTKa9b4ds8yKWD0ic5ETUlP5mmAZfYmOc=
+github.com/chainguard-dev/terraform-provider-oci v0.0.0-20230426201150-f82273dff08e/go.mod h1:c0UCXzRaVhzUcS1raw1wrDsXJpOkwWvyv5RcnvAmX7U=
 github.com/chrismellard/docker-credential-acr-env v0.0.0-20221002210726-e883f69e0206 h1:lG6Usi/kX/JBZzGz1H+nV+KwM97vThQeKunCbS6PutU=
 github.com/chrismellard/docker-credential-acr-env v0.0.0-20221002210726-e883f69e0206/go.mod h1:1UmFRnmMnVsHwD+ZntmLkoVBB1ZLa6V+XXEbF6hZCxU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=

internal/provider/verify_data_source.go → internal/provider/data_source_verify.go

@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 
+	"github.com/chainguard-dev/terraform-provider-oci/pkg/validators"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
@@ -43,7 +44,7 @@ func (d *VerifyDataSource) Schema(ctx context.Context, req datasource.SchemaRequ
 			"image": schema.StringAttribute{
 				MarkdownDescription: "The image tag or digest of the container image to verify.",
 				Required:            true,
-				Validators:          []validator.String{refValidator{}},
+				Validators:          []validator.String{validators.RefValidator{}},
 			},
 			"policy": schema.StringAttribute{
 				MarkdownDescription: "The sigstore policy-controller policy to verify the image against.",

internal/provider/attest_resource.go → internal/provider/resource_attest.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/chainguard-dev/terraform-provider-oci/pkg/validators"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
@@ -57,7 +58,7 @@ func (r *AttestResource) Schema(ctx context.Context, req resource.SchemaRequest,
 				MarkdownDescription: "The digest of the container image to attest.",
 				Optional:            false,
 				Required:            true,
-				Validators:          []validator.String{digestValidator{}},
+				Validators:          []validator.String{validators.DigestValidator{}},
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
 				},
@@ -66,7 +67,7 @@ func (r *AttestResource) Schema(ctx context.Context, req resource.SchemaRequest,
 				MarkdownDescription: "The in-toto predicate type of the claim being attested.",
 				Optional:            false,
 				Required:            true,
-				Validators:          []validator.String{urlValidator{}},
+				Validators:          []validator.String{validators.URLValidator{}},
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
 				},
@@ -75,7 +76,7 @@ func (r *AttestResource) Schema(ctx context.Context, req resource.SchemaRequest,
 				MarkdownDescription: "The JSON body of the in-toto predicate's claim.",
 				Optional:            false,
 				Required:            true,
-				Validators:          []validator.String{jsonValidator{}},
+				Validators:          []validator.String{validators.JSONValidator{}},
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
 				},