From 57c37de05267ba8d804c71355d221b7732d0c322 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:26:23 +0700 Subject: [PATCH 01/10] Add pull requests test --- .github/workflows/integration-test.yml | 30 +++++ tests/main.tf | 171 +++++++++++++++++++++++++ 2 files changed, 201 insertions(+) create mode 100644 .github/workflows/integration-test.yml create mode 100644 tests/main.tf diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml new file mode 100644 index 00000000..fc07f0a0 --- /dev/null +++ b/.github/workflows/integration-test.yml @@ -0,0 +1,30 @@ +name: Test Terraform Functionality +on: + pull_request: + +jobs: + test-postgres-sidecar: + name: Test Postgres Sidecar + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.19' + id: go + - name: 'Terraform Setup' + id: terraform-setup + uses: hashicorp/setup-terraform@v2 + - name: Build Terraform Provider + run: | + go build -o ${BINARY} + mkdir -p ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + mv ${BINARY} ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + env: + HOSTNAME: joinformal.com + NAMESPACE: local + NAME: formal + OS_ARCH: linux_amd64 + BINARY: terraform-provider-formal # last word comes from NAME env diff --git a/tests/main.tf b/tests/main.tf new file mode 100644 index 00000000..b2e19c0e --- /dev/null +++ b/tests/main.tf @@ -0,0 +1,171 @@ +terraform { + required_providers { + formal = { + version = "~> 1.0.0" + source = "joinformal.com/local/formal" + } + } +} + +provider "formal" {} + +# Deprecated +# resource "formal_cloud_account" "name" { +# } + +# Deprecated +# resource "formal_dataplane" "name" { +# } + +# Deprecated +# resource "formal_dataplane_routes" "name" { +# } + +resource "formal_datastore" "postgres1" { + hostname = "terraform-test-postgres1" + name = "terraform-test-postgres1" + technology = "postgres" + db_discovery_job_wait_time = "1m" + environment = "DEV" + port = 5432 + timeouts { + create = "1m" + } +} + +# Deprecated +# resource "formal_default_field_encryption" "name" { +# data_key_storage = "control_plane_only" +# encryption_alg = "aes_deterministic" +# kms_key_id = formal_encryption_key.name.id +# } + +resource "formal_encryption_key" "name" { + cloud_region = "us-west-1" + key_id = "terraform-test-encryption-key-id" + key_name = "terraform-test-encryption-key-local" +} + +resource "formal_field_encryption" "name" { + alg = "aes_deterministic" + datastore_id = formal_datastore.postgres1.id + key_id = formal_encryption_key.name.id + key_storage = "control_plane_only" + path = "postgres.public.users.id" +} + +resource "formal_group" "name" { + description = "terraform-test-group" + name = "terraform-test-group" +} + +resource "formal_group_link_role" "name" { + group_id = formal_group.name.id + role_id = formal_role.name.id +} + +resource "formal_integration_app" "name" { + name = "terraform-test-integration-app" + type = "metabase" + linked_db_user_id = "postgres" + metabase_hostname = "https://metabase.com" + metabase_password = "metabasepassword" + metabase_username = "metabaseusername" +} + +# resource "formal_integration_datahub" "name" { +# active = true +# api_key = "api_key_datahub_placeholder" +# generalized_metadata_service_url = "https://datahub.com" +# sync_direction = "bidirectional" +# synced_entities = ["tags"] +# } + +resource "formal_integration_external_api" "name" { + auth_type = "basic" + name = "terraform-test-integration-external-api" + type = "custom" + url = "https://zendesk.com" +} + +resource "formal_integration_log" "name" { + name = "terraform-test-integration-log" + type = "splunk" + splunk_api_key = "aaaaa" + splunk_url = "https://splunk.com" +} + +resource "formal_integration_log_link" "name" { + integration_id = formal_integration_log.name.id + datastore_id = formal_datastore.postgres1.id +} + +resource "formal_key" "name" { + cloud_region = "eu-west-1" + key_type = "aws_kms" + managed_by = "customer_managed" + name = "terraform-test-key-aws-kms" + key_id = formal_encryption_key.name.id +} + +resource "formal_native_role" "name" { + datastore_id = formal_datastore.postgres1.id + native_role_id = "postgres1" + native_role_secret = "postgres1" +} + +resource "formal_user" "name" { + type = "machine" + name = "terraform-test-user" +} + +resource "formal_native_role_link" "name" { + datastore_id = formal_datastore.postgres1.id + formal_identity_id = formal_user.name.id + formal_identity_type = "user" + native_role_id = formal_native_role.name.native_role_id +} + +resource "formal_policy" "name" { + active = false + description = "terraform-test-policy" + module = < Date: Sun, 29 Oct 2023 03:31:34 +0700 Subject: [PATCH 02/10] Init the terraform --- .github/workflows/integration-test.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index fc07f0a0..1d58bc9f 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -3,7 +3,7 @@ on: pull_request: jobs: - test-postgres-sidecar: + test-terraform: name: Test Postgres Sidecar runs-on: ubuntu-latest steps: @@ -28,3 +28,9 @@ jobs: NAME: formal OS_ARCH: linux_amd64 BINARY: terraform-provider-formal # last word comes from NAME env + - name: Terraform Init + run: | + cd tests + terraform init + env: + TF_LOG: DEBUG From 7fdca24fbdeabf71e93f01f224d98e6404df61f6 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:40:50 +0700 Subject: [PATCH 03/10] Change path --- .github/workflows/integration-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 1d58bc9f..b169ab8a 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -20,8 +20,8 @@ jobs: - name: Build Terraform Provider run: | go build -o ${BINARY} - mkdir -p ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} - mv ${BINARY} ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + mkdir -p /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + mv ${BINARY} /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} env: HOSTNAME: joinformal.com NAMESPACE: local From 4191caf1454cadd3a3dd6f3e20ea3ce5e532b165 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:45:58 +0700 Subject: [PATCH 04/10] Debug --- .github/workflows/integration-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index b169ab8a..6143495b 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -22,6 +22,7 @@ jobs: go build -o ${BINARY} mkdir -p /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} mv ${BINARY} /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + echo "/home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH}" env: HOSTNAME: joinformal.com NAMESPACE: local From 65252d601a762c3a1344f56155d924087f8fab3a Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:48:14 +0700 Subject: [PATCH 05/10] Add version --- .github/workflows/integration-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 6143495b..523d1c5f 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -28,6 +28,7 @@ jobs: NAMESPACE: local NAME: formal OS_ARCH: linux_amd64 + VERSION: 1.0.0 BINARY: terraform-provider-formal # last word comes from NAME env - name: Terraform Init run: | From c218104c623c93d5583594f38b4e80c23e1b4769 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:50:02 +0700 Subject: [PATCH 06/10] Cleanup --- .github/workflows/integration-test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 523d1c5f..f3ea33f1 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -20,9 +20,8 @@ jobs: - name: Build Terraform Provider run: | go build -o ${BINARY} - mkdir -p /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} - mv ${BINARY} /home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} - echo "/home/runner/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH}" + mkdir -p ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} + mv ${BINARY} ~/.terraform.d/plugins/${HOSTNAME}/${NAMESPACE}/${NAME}/${VERSION}/${OS_ARCH} env: HOSTNAME: joinformal.com NAMESPACE: local From d5083273022f879d5617f37da76f526c994dd216 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:54:37 +0700 Subject: [PATCH 07/10] Test Trigger the terraform --- .github/workflows/integration-test.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index f3ea33f1..b73ed5f6 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -34,4 +34,16 @@ jobs: cd tests terraform init env: - TF_LOG: DEBUG + FORMAL_API_KEY: ${{ secrets.TEST_DEV_API_KEY }} + - name: Terraform Apply + run: | + cd tests + terraform apply -auto-approve + env: + FORMAL_API_KEY: ${{ secrets.TEST_DEV_API_KEY }} + - name: Terraform Destroy + run: | + cd tests + terraform destroy -auto-approve + env: + FORMAL_API_KEY: ${{ secrets.TEST_DEV_API_KEY }} From 09361265193dbc7ffcdc5c342a3dd58ad64876b5 Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 03:59:16 +0700 Subject: [PATCH 08/10] Update test file --- tests/main.tf | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/main.tf b/tests/main.tf index b2e19c0e..489a8783 100644 --- a/tests/main.tf +++ b/tests/main.tf @@ -61,7 +61,7 @@ resource "formal_group" "name" { resource "formal_group_link_role" "name" { group_id = formal_group.name.id - role_id = formal_role.name.id + role_id = formal_user.name.id } resource "formal_integration_app" "name" { @@ -138,7 +138,7 @@ pre_request := { "action": "block", "type": "block_with_formal_message" } if { - input.datastore.id == ${formal_datastore.postgres1.id} + input.datastore.id == "${formal_datastore.postgres1.id}" } EOT name = "terraform-test-policy" @@ -147,11 +147,6 @@ EOT status = "draft" } -resource "formal_role" "name" { - type = "machine" - name = "terraform-test-role" -} - resource "formal_satellite" "name" { name = "terraform-test-satellite" } From 2c6c8d41db32a3a0a5cac2e7a8a62ec14733106f Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 04:29:57 +0700 Subject: [PATCH 09/10] Remove key related resource --- tests/main.tf | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/main.tf b/tests/main.tf index 489a8783..2678c517 100644 --- a/tests/main.tf +++ b/tests/main.tf @@ -40,19 +40,19 @@ resource "formal_datastore" "postgres1" { # kms_key_id = formal_encryption_key.name.id # } -resource "formal_encryption_key" "name" { - cloud_region = "us-west-1" - key_id = "terraform-test-encryption-key-id" - key_name = "terraform-test-encryption-key-local" -} +# resource "formal_encryption_key" "name" { +# cloud_region = "us-west-1" +# key_id = "terraform-test-encryption-key-id" +# key_name = "terraform-test-encryption-key-local" +# } -resource "formal_field_encryption" "name" { - alg = "aes_deterministic" - datastore_id = formal_datastore.postgres1.id - key_id = formal_encryption_key.name.id - key_storage = "control_plane_only" - path = "postgres.public.users.id" -} +# resource "formal_field_encryption" "name" { +# alg = "aes_deterministic" +# datastore_id = formal_datastore.postgres1.id +# key_id = formal_encryption_key.name.id +# key_storage = "control_plane_only" +# path = "postgres.public.users.id" +# } resource "formal_group" "name" { description = "terraform-test-group" @@ -100,13 +100,13 @@ resource "formal_integration_log_link" "name" { datastore_id = formal_datastore.postgres1.id } -resource "formal_key" "name" { - cloud_region = "eu-west-1" - key_type = "aws_kms" - managed_by = "customer_managed" - name = "terraform-test-key-aws-kms" - key_id = formal_encryption_key.name.id -} +# resource "formal_key" "name" { +# cloud_region = "eu-west-1" +# key_type = "aws_kms" +# managed_by = "customer_managed" +# name = "terraform-test-key-aws-kms" +# key_id = formal_encryption_key.name.id +# } resource "formal_native_role" "name" { datastore_id = formal_datastore.postgres1.id From b097806e5c5a47f5d36d543e3fd6d11a8932e7ba Mon Sep 17 00:00:00 2001 From: Farid Date: Sun, 29 Oct 2023 04:40:29 +0700 Subject: [PATCH 10/10] Let destroy keep running eventhough apply failing --- .github/workflows/integration-test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index b73ed5f6..8326e48a 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -36,12 +36,14 @@ jobs: env: FORMAL_API_KEY: ${{ secrets.TEST_DEV_API_KEY }} - name: Terraform Apply + id: terraform-apply run: | cd tests terraform apply -auto-approve env: FORMAL_API_KEY: ${{ secrets.TEST_DEV_API_KEY }} - name: Terraform Destroy + if: ${{ !cancelled() && (steps.terraform-apply.outcome == 'success' || steps.terraform-apply.outcome == 'failure') }} run: | cd tests terraform destroy -auto-approve