New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All tests should use TestCheckFunc
helpers
#195
Conversation
0631798
to
0bd7209
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah looks so much better, left a few small things to consider, but otherwise looks good to me. 🚀
r.TestCheckResourceAttrWith("tls_cert_request.test1", "cert_request_pem", func(value string) error { | ||
block, _ := pem.Decode([]byte(value)) | ||
csr, err := x509.ParseCertificateRequest(block.Bytes) | ||
if err != nil { | ||
return fmt.Errorf("error parsing CSR: %s", err) | ||
} | ||
if expected, got := "2", csr.Subject.SerialNumber; got != expected { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Since there are repeating checks for *x509.CertificateRequest
contents, would it be easier to introduce a helper function in this provider codebase? e.g.
func testCheckPEMCertificateRequest(expected *x509.CertificateRequest) resource.TestCheckResourceAttrWithFunc {
return func(value string) error {
// decode and parse
// equality logic (bummer there's not an Equal() method on it)
}
}
Then the test can remain declarative:
r.TestCheckResourceAttrWith("tls_cert_request.test1", "cert_request_pem", testCheckPEMCertificateRequest(&x509.CertificateRequest{
Subject: x509.Subject{
CommonName: "example.com",
SerialNumber: 2,
// ... etc
},
// ... etc
}),
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(or the test helper can wrap away the TestCheckResourceAttrWith()
completely, e.g.)
func testCheckPEMCertificateRequest(name string, key string, expected *x509.CertificateRequest) resource.TestCheckFunc {
return func(s *terraform.State) error {
return resource.TestCheckResourceAttrWith(name, key, func(value string) error {
// decode and parse
// equality logic (bummer there's not an Equal() method on it)
})(s)
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will give this a go.
r.TestCheckResourceAttrWith("tls_locally_signed_cert.test", "cert_pem", func(value string) error { | ||
block, _ := pem.Decode([]byte(value)) | ||
cert, err := x509.ParseCertificate(block.Bytes) | ||
if err != nil { | ||
return fmt.Errorf("error parsing cert: %s", err) | ||
} | ||
if expected, got := "2", cert.Subject.SerialNumber; got != expected { | ||
return fmt.Errorf("incorrect subject serial number: expected %v, got %v", expected, got) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Similar question for creating a provider codebase test helper for x509.Certificate
@@ -18,119 +17,38 @@ func TestPrivateKeyRSA(t *testing.T) { | |||
resource "tls_private_key" "test" { | |||
algorithm = "RSA" | |||
} | |||
output "private_key_pem" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😍
return nil | ||
}, | ||
Check: r.ComposeAggregateTestCheckFunc( | ||
r.TestMatchResourceAttr("tls_private_key.test", "private_key_pem", regexp.MustCompile(`^-----BEGIN EC PRIVATE KEY----(.|\s)+-----END EC PRIVATE KEY-----`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Given #197, should these regular expressions explicitly check the end of the strings as well for newlines, etc. to prevent regressions?
…dev_overrides` in `.terraformrc`
…h a regexp that considers both beginning and end of the string
200d16b
to
d4bca12
Compare
…testing of PEM certificates more declarative This is still a work in progress: in this first iteration we have moved `tls_cert_request` resouce to use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking real nice with that TestCheckResourceAttrWith()
-- just some small things for consideration, otherwise looks good to me 🚀
) | ||
|
||
func testCheckPEMCertificateFormat(name, key string, expected PEMPreamble) r.TestCheckFunc { | ||
return r.TestMatchResourceAttr(name, key, regexp.MustCompile(fmt.Sprintf(`^-----BEGIN %[1]s----(.|\s)+-----END %[1]s-----\n$`, expected))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two questions for you:
- Is this missing a 5th dash after the opening preamble?
- Should it check explicitly for a newline after the opening preamble and before the closing preamble?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catches: I have in the end come up with a dedicated PEM format checker
and will make sure it cover those.
👍
} | ||
Config: locallySignedCertConfig(1, 0), | ||
Check: r.ComposeAggregateTestCheckFunc( | ||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be using testCheckPEMCertificateFormat()
?
} | ||
Config: locallySignedCertConfigWithDeprecatedKeyAlgorithm(1, 0), | ||
Check: r.ComposeAggregateTestCheckFunc( | ||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly regarding testCheckPEMCertificateFormat()
@@ -509,7 +454,7 @@ func TestAccResourceLocallySignedCert_FromED25519PrivateKeyResource(t *testing.T | |||
`, | |||
Check: r.ComposeTestCheckFunc( | |||
r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "ED25519"), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😉
@@ -561,7 +504,7 @@ func TestAccResourceLocallySignedCert_FromECDSAPrivateKeyResource(t *testing.T) | |||
`, | |||
Check: r.ComposeTestCheckFunc( | |||
r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "ECDSA"), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😉
@@ -613,7 +554,7 @@ func TestAccResourceLocallySignedCert_FromRSAPrivateKeyResource(t *testing.T) { | |||
`, | |||
Check: r.ComposeTestCheckFunc( | |||
r.TestCheckResourceAttr("tls_locally_signed_cert.test", "ca_key_algorithm", "RSA"), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`-----BEGIN CERTIFICATE-----((.|\n)+?)-----END CERTIFICATE-----`)), | |||
r.TestMatchResourceAttr("tls_locally_signed_cert.test", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😉
return nil | ||
}, | ||
Check: r.ComposeAggregateTestCheckFunc( | ||
r.TestMatchResourceAttr("tls_private_key.test", "private_key_pem", regexp.MustCompile(`^-----BEGIN RSA PRIVATE KEY----(.|\s)+-----END RSA PRIVATE KEY-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll just 😉 once for this file. 😄
} | ||
Config: selfSignedCertConfig(1, 0), | ||
Check: r.ComposeAggregateTestCheckFunc( | ||
r.TestMatchResourceAttr("tls_self_signed_cert.test1", "cert_pem", regexp.MustCompile(`^-----BEGIN CERTIFICATE----(.|\s)+-----END CERTIFICATE-----\n$`)), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly for this file regarding testCheckPEMCertificateFormat()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
* Revamp all tests to use TestCheckFunc helpers * .go-version: 1.17.8 -> 1.17.9 * Updating doc to refer to the official page that explains how to use `dev_overrides` in `.terraformrc` * lint * Altering tests that check format of PEM (keys and certs) to match with a regexp that considers both beginning and end of the string * Adding utilities built on top of `TestCheckResourceAttrWith` to make testing of PEM certificates more declarative This is still a work in progress: in this first iteration we have moved `tls_cert_request` resouce to use it. * Turn PEM validation declarative for all types of PEM we produce * Appease linter (unparam) for implementations of `TestCheckFunc` * Use `//nolint:unparam` instead of `exclude-rules:` for very specific linter false alerts
Context: https://github.com/hashicorp/terraform-providers-devex-internal/issues/94
Related RFC: https://docs.google.com/document/d/1_zUbW-PYvsr0IKoO22GhANcmiaL9OxAwYCLkHomL2-0/edit#
PLEASE NOTE: This will fail testing until hashicorp/terraform-plugin-sdk#950 is merged and a new release (v2.15.0) ofterraform-plugin-sdk
is cut.