| package azure |
| |
| import ( |
| "context" |
| "os" |
| "testing" |
| |
| "github.com/hashicorp/terraform/internal/backend" |
| "github.com/hashicorp/terraform/internal/legacy/helper/acctest" |
| ) |
| |
| func TestBackend_impl(t *testing.T) { |
| var _ backend.Backend = new(Backend) |
| } |
| |
| func TestBackendConfig(t *testing.T) { |
| // This test just instantiates the client. Shouldn't make any actual |
| // requests nor incur any costs. |
| |
| config := map[string]interface{}{ |
| "storage_account_name": "tfaccount", |
| "container_name": "tfcontainer", |
| "key": "state", |
| "snapshot": false, |
| // Access Key must be Base64 |
| "access_key": "QUNDRVNTX0tFWQ0K", |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(config)).(*Backend) |
| |
| if b.containerName != "tfcontainer" { |
| t.Fatalf("Incorrect bucketName was populated") |
| } |
| if b.keyName != "state" { |
| t.Fatalf("Incorrect keyName was populated") |
| } |
| if b.snapshot != false { |
| t.Fatalf("Incorrect snapshot was populated") |
| } |
| } |
| |
| func TestAccBackendAccessKeyBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| armClient.destroyTestResources(ctx, res) |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendSASTokenBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) |
| if err != nil { |
| t.Fatalf("Error building SAS Token: %+v", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "sas_token": *sasToken, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendOIDCBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "resource_group_name": res.resourceGroup, |
| "use_oidc": true, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendAzureADAuthBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| res.useAzureADAuth = true |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| armClient.destroyTestResources(ctx, res) |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| "use_azuread_auth": true, |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendManagedServiceIdentityBasic(t *testing.T) { |
| testAccAzureBackendRunningInAzure(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "resource_group_name": res.resourceGroup, |
| "use_msi": true, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendServicePrincipalClientCertificateBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| |
| clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") |
| clientCertPath := os.Getenv("ARM_CLIENT_CERTIFICATE_PATH") |
| if clientCertPath == "" { |
| t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") |
| } |
| |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "resource_group_name": res.resourceGroup, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "client_id": os.Getenv("ARM_CLIENT_ID"), |
| "client_certificate_password": clientCertPassword, |
| "client_certificate_path": clientCertPath, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendServicePrincipalClientSecretBasic(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "resource_group_name": res.resourceGroup, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "client_id": os.Getenv("ARM_CLIENT_ID"), |
| "client_secret": os.Getenv("ARM_CLIENT_SECRET"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendServicePrincipalClientSecretCustomEndpoint(t *testing.T) { |
| testAccAzureBackend(t) |
| |
| // this is only applicable for Azure Stack. |
| endpoint := os.Getenv("ARM_ENDPOINT") |
| if endpoint == "" { |
| t.Skip("Skipping as ARM_ENDPOINT isn't configured") |
| } |
| |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "resource_group_name": res.resourceGroup, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "client_id": os.Getenv("ARM_CLIENT_ID"), |
| "client_secret": os.Getenv("ARM_CLIENT_SECRET"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": endpoint, |
| })).(*Backend) |
| |
| backend.TestBackendStates(t, b) |
| } |
| |
| func TestAccBackendAccessKeyLocked(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStateLocks(t, b1, b2) |
| backend.TestBackendStateForceUnlock(t, b1, b2) |
| |
| backend.TestBackendStateLocksInWS(t, b1, b2, "foo") |
| backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") |
| } |
| |
| func TestAccBackendServicePrincipalLocked(t *testing.T) { |
| testAccAzureBackend(t) |
| rs := acctest.RandString(4) |
| res := testResourceNames(rs, "testState") |
| armClient := buildTestClient(t, res) |
| |
| ctx := context.TODO() |
| err := armClient.buildTestResources(ctx, &res) |
| defer armClient.destroyTestResources(ctx, res) |
| if err != nil { |
| t.Fatalf("Error creating Test Resources: %q", err) |
| } |
| |
| b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "client_id": os.Getenv("ARM_CLIENT_ID"), |
| "client_secret": os.Getenv("ARM_CLIENT_SECRET"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ |
| "storage_account_name": res.storageAccountName, |
| "container_name": res.storageContainerName, |
| "key": res.storageKeyName, |
| "access_key": res.storageAccountAccessKey, |
| "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), |
| "tenant_id": os.Getenv("ARM_TENANT_ID"), |
| "client_id": os.Getenv("ARM_CLIENT_ID"), |
| "client_secret": os.Getenv("ARM_CLIENT_SECRET"), |
| "environment": os.Getenv("ARM_ENVIRONMENT"), |
| "endpoint": os.Getenv("ARM_ENDPOINT"), |
| })).(*Backend) |
| |
| backend.TestBackendStateLocks(t, b1, b2) |
| backend.TestBackendStateForceUnlock(t, b1, b2) |
| |
| backend.TestBackendStateLocksInWS(t, b1, b2, "foo") |
| backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") |
| } |