All tests should use TestCheckFunc helpers
#195
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
detro
force-pushed
the
detro/all_tests_should_TestCheckFunc
branch
from
0631798
to
0bd7209
Compare
bflad
approved these changes
May 5, 2022
Comment on lines
54
to
60
| r.TestCheckResourceAttrWith("tls_cert_request.test1", "cert_request_pem", func(value string) error { | ||
| block, _ := pem.Decode([]byte(value)) | ||
| csr, err := x509.ParseCertificateRequest(block.Bytes) | ||
| if err != nil { | ||
| return fmt.Errorf("error parsing CSR: %s", err) | ||
| } | ||
| if expected, got := "2", csr.Subject.SerialNumber; got != expected { |
There was a problem hiding this comment.
Nit: Since there are repeating checks for *x509.CertificateRequest contents, would it be easier to introduce a helper function in this provider codebase? e.g.
func testCheckPEMCertificateRequest(expected *x509.CertificateRequest) resource.TestCheckResourceAttrWithFunc {
return func(value string) error {
// decode and parse
// equality logic (bummer there's not an Equal() method on it)
}
}Then the test can remain declarative:
r.TestCheckResourceAttrWith("tls_cert_request.test1", "cert_request_pem", testCheckPEMCertificateRequest(&x509.CertificateRequest{
Subject: x509.Subject{
CommonName: "example.com",
SerialNumber: 2,
// ... etc
},
// ... etc
}),There was a problem hiding this comment.
(or the test helper can wrap away the TestCheckResourceAttrWith() completely, e.g.)
func testCheckPEMCertificateRequest(name string, key string, expected *x509.CertificateRequest) resource.TestCheckFunc {
return func(s *terraform.State) error {
return resource.TestCheckResourceAttrWith(name, key, func(value string) error {
// decode and parse
// equality logic (bummer there's not an Equal() method on it)
})(s)
}
}
Comment on lines
22
to
30
| r.TestCheckResourceAttrWith("tls_locally_signed_cert.test", "cert_pem", func(value string) error { | ||
| block, _ := pem.Decode([]byte(value)) | ||
| cert, err := x509.ParseCertificate(block.Bytes) | ||
| if err != nil { | ||
| return fmt.Errorf("error parsing cert: %s", err) | ||
| } | ||
| if expected, got := "2", cert.Subject.SerialNumber; got != expected { | ||
| return fmt.Errorf("incorrect subject serial number: expected %v, got %v", expected, got) | ||
| } |
There was a problem hiding this comment.
Nit: Similar question for creating a provider codebase test helper for x509.Certificate
| @@ -18,119 +17,38 @@ func TestPrivateKeyRSA(t *testing.T) { | |||
| resource "tls_private_key" "test" { | |||
| algorithm = "RSA" | |||
| } | |||
| output "private_key_pem" { | |||
| return nil | ||
| }, | ||
| Check: r.ComposeAggregateTestCheckFunc( | ||
| r.TestMatchResourceAttr("tls_private_key.test", "private_key_pem", regexp.MustCompile(`^-----BEGIN EC PRIVATE KEY----(.|\s)+-----END EC PRIVATE KEY-----`)), |
There was a problem hiding this comment.
Nit: Given #197, should these regular expressions explicitly check the end of the strings as well for newlines, etc. to prevent regressions?
added 5 commits
May 5, 2022 17:08
…dev_overrides` in `.terraformrc`
…h a regexp that considers both beginning and end of the string
detro
force-pushed
the
detro/all_tests_should_TestCheckFunc
branch
from
200d16b
to
d4bca12
Compare
…testing of PEM certificates more declarative This is still a work in progress: in this first iteration we have moved `tls_cert_request` resouce to use it.
bflad
approved these changes
May 9, 2022
| ) | ||
|
|
||
| func testCheckPEMCertificateFormat(name, key string, expected PEMPreamble) r.TestCheckFunc { | ||
| return r.TestMatchResourceAttr(name, key, regexp.MustCompile(fmt.Sprintf(`^-----BEGIN %[1]s----(.|\s)+-----END %[1]s-----\n$`, expected))) |
There was a problem hiding this comment.
Two questions for you:
- Is this missing a 5th dash after the opening preamble?
- Should it check explicitly for a newline after the opening preamble and before the closing preamble?
There was a problem hiding this comment.
good catches: I have in the end come up with a dedicated PEM format checker and will make sure it cover those.
👍
| } | ||
| Config: locallySignedCertConfig(1, 0), | ||
| Check: r.ComposeAggregateTestCheckFunc( | ||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Should this be using testCheckPEMCertificateFormat()?
| } | ||
| Config: locallySignedCertConfigWithDeprecatedKeyAlgorithm(1, 0), | ||
| Check: r.ComposeAggregateTestCheckFunc( | ||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Similarly regarding testCheckPEMCertificateFormat()
| @@ -509,7 +454,7 @@ func TestAccResourceLocallySignedCert_FromED25519PrivateKeyResource(t *testing.T | |||
| `, | |||
| Check: r.ComposeTestCheckFunc( | |||
| r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "ED25519"), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----(.|\s)+-----END CERTIFICATE-----\n$`)), | |||
| @@ -561,7 +504,7 @@ func TestAccResourceLocallySignedCert_FromECDSAPrivateKeyResource(t *testing.T) | |||
| `, | |||
| Check: r.ComposeTestCheckFunc( | |||
| r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "ECDSA"), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), | |||
| @@ -613,7 +554,7 @@ func TestAccResourceLocallySignedCert_FromRSAPrivateKeyResource(t *testing.T) { | |||
| `, | |||
| Check: r.ComposeTestCheckFunc( | |||
| r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "RSA"), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
| r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), | |||
| return nil | ||
| }, | ||
| Check: r.ComposeAggregateTestCheckFunc( | ||
| r.TestMatchResourceAttr("tls_private_key.test", "private_key_pem", regexp.MustCompile(`^-----BEGIN RSA PRIVATE KEY----(.|\s)+-----END RSA PRIVATE KEY-----\n$`)), |
| } | ||
| Config: selfSignedCertConfig(1, 0), | ||
| Check: r.ComposeAggregateTestCheckFunc( | ||
| r.TestMatchResourceAttr("tls_self_signed_cert.test1", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Similarly for this file regarding testCheckPEMCertificateFormat()
jackivanov
pushed a commit
to jackivanov/terraform-provider-tls
that referenced
this pull request
Aug 4, 2022
* Revamp all tests to use TestCheckFunc helpers * .go-version: 1.17.8 -> 1.17.9 * Updating doc to refer to the official page that explains how to use `dev_overrides` in `.terraformrc` * lint * Altering tests that check format of PEM (keys and certs) to match with a regexp that considers both beginning and end of the string * Adding utilities built on top of `TestCheckResourceAttrWith` to make testing of PEM certificates more declarative This is still a work in progress: in this first iteration we have moved `tls_cert_request` resouce to use it. * Turn PEM validation declarative for all types of PEM we produce * Appease linter (unparam) for implementations of `TestCheckFunc` * Use `//nolint:unparam` instead of `exclude-rules:` for very specific linter false alerts
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context: https://github.com/hashicorp/terraform-providers-devex-internal/issues/94
Related RFC: https://docs.google.com/document/d/1_zUbW-PYvsr0IKoO22GhANcmiaL9OxAwYCLkHomL2-0/edit#
PLEASE NOTE: This will fail testing until hashicorp/terraform-plugin-sdk#950 is merged and a new release (v2.15.0) ofterraform-plugin-sdkis cut.