github.com/hugorut/terraform@v1.1.3/src/backend/remote-state/azure/backend_test.go (about) 1 package azure 2 3 import ( 4 "context" 5 "os" 6 "testing" 7 8 "github.com/hugorut/terraform/src/backend" 9 "github.com/hugorut/terraform/src/legacy/helper/acctest" 10 ) 11 12 func TestBackend_impl(t *testing.T) { 13 var _ backend.Backend = new(Backend) 14 } 15 16 func TestBackendConfig(t *testing.T) { 17 // This test just instantiates the client. Shouldn't make any actual 18 // requests nor incur any costs. 19 20 config := map[string]interface{}{ 21 "storage_account_name": "tfaccount", 22 "container_name": "tfcontainer", 23 "key": "state", 24 "snapshot": false, 25 // Access Key must be Base64 26 "access_key": "QUNDRVNTX0tFWQ0K", 27 } 28 29 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(config)).(*Backend) 30 31 if b.containerName != "tfcontainer" { 32 t.Fatalf("Incorrect bucketName was populated") 33 } 34 if b.keyName != "state" { 35 t.Fatalf("Incorrect keyName was populated") 36 } 37 if b.snapshot != false { 38 t.Fatalf("Incorrect snapshot was populated") 39 } 40 } 41 42 func TestBackendAccessKeyBasic(t *testing.T) { 43 testAccAzureBackend(t) 44 rs := acctest.RandString(4) 45 res := testResourceNames(rs, "testState") 46 armClient := buildTestClient(t, res) 47 48 ctx := context.TODO() 49 err := armClient.buildTestResources(ctx, &res) 50 defer armClient.destroyTestResources(ctx, res) 51 if err != nil { 52 armClient.destroyTestResources(ctx, res) 53 t.Fatalf("Error creating Test Resources: %q", err) 54 } 55 56 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 57 "storage_account_name": res.storageAccountName, 58 "container_name": res.storageContainerName, 59 "key": res.storageKeyName, 60 "access_key": res.storageAccountAccessKey, 61 "environment": os.Getenv("ARM_ENVIRONMENT"), 62 "endpoint": os.Getenv("ARM_ENDPOINT"), 63 })).(*Backend) 64 65 backend.TestBackendStates(t, b) 66 } 67 68 func TestBackendSASTokenBasic(t *testing.T) { 69 testAccAzureBackend(t) 70 rs := acctest.RandString(4) 71 res := testResourceNames(rs, "testState") 72 armClient := buildTestClient(t, res) 73 74 ctx := context.TODO() 75 err := armClient.buildTestResources(ctx, &res) 76 defer armClient.destroyTestResources(ctx, res) 77 if err != nil { 78 t.Fatalf("Error creating Test Resources: %q", err) 79 } 80 81 sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) 82 if err != nil { 83 t.Fatalf("Error building SAS Token: %+v", err) 84 } 85 86 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 87 "storage_account_name": res.storageAccountName, 88 "container_name": res.storageContainerName, 89 "key": res.storageKeyName, 90 "sas_token": *sasToken, 91 "environment": os.Getenv("ARM_ENVIRONMENT"), 92 "endpoint": os.Getenv("ARM_ENDPOINT"), 93 })).(*Backend) 94 95 backend.TestBackendStates(t, b) 96 } 97 98 func TestBackendADALAzureADAuthBasic(t *testing.T) { 99 testAccAzureBackend(t) 100 rs := acctest.RandString(4) 101 res := testResourceNames(rs, "testState") 102 res.useAzureADAuth = true 103 armClient := buildTestClient(t, res) 104 105 ctx := context.TODO() 106 err := armClient.buildTestResources(ctx, &res) 107 defer armClient.destroyTestResources(ctx, res) 108 if err != nil { 109 armClient.destroyTestResources(ctx, res) 110 t.Fatalf("Error creating Test Resources: %q", err) 111 } 112 113 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 114 "storage_account_name": res.storageAccountName, 115 "container_name": res.storageContainerName, 116 "key": res.storageKeyName, 117 "access_key": res.storageAccountAccessKey, 118 "environment": os.Getenv("ARM_ENVIRONMENT"), 119 "endpoint": os.Getenv("ARM_ENDPOINT"), 120 "use_azuread_auth": true, 121 })).(*Backend) 122 123 backend.TestBackendStates(t, b) 124 } 125 126 func TestBackendADALManagedServiceIdentityBasic(t *testing.T) { 127 testAccAzureBackendRunningInAzure(t) 128 rs := acctest.RandString(4) 129 res := testResourceNames(rs, "testState") 130 armClient := buildTestClient(t, res) 131 132 ctx := context.TODO() 133 err := armClient.buildTestResources(ctx, &res) 134 defer armClient.destroyTestResources(ctx, res) 135 if err != nil { 136 t.Fatalf("Error creating Test Resources: %q", err) 137 } 138 139 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 140 "storage_account_name": res.storageAccountName, 141 "container_name": res.storageContainerName, 142 "key": res.storageKeyName, 143 "resource_group_name": res.resourceGroup, 144 "use_msi": true, 145 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 146 "tenant_id": os.Getenv("ARM_TENANT_ID"), 147 "environment": os.Getenv("ARM_ENVIRONMENT"), 148 "endpoint": os.Getenv("ARM_ENDPOINT"), 149 })).(*Backend) 150 151 backend.TestBackendStates(t, b) 152 } 153 154 func TestBackendADALServicePrincipalClientCertificateBasic(t *testing.T) { 155 testAccAzureBackend(t) 156 157 clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") 158 clientCertPath := os.Getenv("ARM_CLIENT_CERTIFICATE_PATH") 159 if clientCertPath == "" { 160 t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") 161 } 162 163 rs := acctest.RandString(4) 164 res := testResourceNames(rs, "testState") 165 armClient := buildTestClient(t, res) 166 167 ctx := context.TODO() 168 err := armClient.buildTestResources(ctx, &res) 169 defer armClient.destroyTestResources(ctx, res) 170 if err != nil { 171 t.Fatalf("Error creating Test Resources: %q", err) 172 } 173 174 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 175 "storage_account_name": res.storageAccountName, 176 "container_name": res.storageContainerName, 177 "key": res.storageKeyName, 178 "resource_group_name": res.resourceGroup, 179 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 180 "tenant_id": os.Getenv("ARM_TENANT_ID"), 181 "client_id": os.Getenv("ARM_CLIENT_ID"), 182 "client_certificate_password": clientCertPassword, 183 "client_certificate_path": clientCertPath, 184 "environment": os.Getenv("ARM_ENVIRONMENT"), 185 "endpoint": os.Getenv("ARM_ENDPOINT"), 186 })).(*Backend) 187 188 backend.TestBackendStates(t, b) 189 } 190 191 func TestBackendADALServicePrincipalClientSecretBasic(t *testing.T) { 192 testAccAzureBackend(t) 193 rs := acctest.RandString(4) 194 res := testResourceNames(rs, "testState") 195 armClient := buildTestClient(t, res) 196 197 ctx := context.TODO() 198 err := armClient.buildTestResources(ctx, &res) 199 defer armClient.destroyTestResources(ctx, res) 200 if err != nil { 201 t.Fatalf("Error creating Test Resources: %q", err) 202 } 203 204 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 205 "storage_account_name": res.storageAccountName, 206 "container_name": res.storageContainerName, 207 "key": res.storageKeyName, 208 "resource_group_name": res.resourceGroup, 209 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 210 "tenant_id": os.Getenv("ARM_TENANT_ID"), 211 "client_id": os.Getenv("ARM_CLIENT_ID"), 212 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 213 "environment": os.Getenv("ARM_ENVIRONMENT"), 214 "endpoint": os.Getenv("ARM_ENDPOINT"), 215 })).(*Backend) 216 217 backend.TestBackendStates(t, b) 218 } 219 220 func TestBackendADALServicePrincipalClientSecretCustomEndpoint(t *testing.T) { 221 testAccAzureBackend(t) 222 223 // this is only applicable for Azure Stack. 224 endpoint := os.Getenv("ARM_ENDPOINT") 225 if endpoint == "" { 226 t.Skip("Skipping as ARM_ENDPOINT isn't configured") 227 } 228 229 rs := acctest.RandString(4) 230 res := testResourceNames(rs, "testState") 231 armClient := buildTestClient(t, res) 232 233 ctx := context.TODO() 234 err := armClient.buildTestResources(ctx, &res) 235 defer armClient.destroyTestResources(ctx, res) 236 if err != nil { 237 t.Fatalf("Error creating Test Resources: %q", err) 238 } 239 240 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 241 "storage_account_name": res.storageAccountName, 242 "container_name": res.storageContainerName, 243 "key": res.storageKeyName, 244 "resource_group_name": res.resourceGroup, 245 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 246 "tenant_id": os.Getenv("ARM_TENANT_ID"), 247 "client_id": os.Getenv("ARM_CLIENT_ID"), 248 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 249 "environment": os.Getenv("ARM_ENVIRONMENT"), 250 "endpoint": endpoint, 251 })).(*Backend) 252 253 backend.TestBackendStates(t, b) 254 } 255 256 func TestBackendMSALAzureADAuthBasic(t *testing.T) { 257 testAccAzureBackend(t) 258 rs := acctest.RandString(4) 259 res := testResourceNames(rs, "testState") 260 res.useAzureADAuth = true 261 res.useMicrosoftGraph = true 262 armClient := buildTestClient(t, res) 263 264 ctx := context.TODO() 265 err := armClient.buildTestResources(ctx, &res) 266 defer armClient.destroyTestResources(ctx, res) 267 if err != nil { 268 armClient.destroyTestResources(ctx, res) 269 t.Fatalf("Error creating Test Resources: %q", err) 270 } 271 272 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 273 "storage_account_name": res.storageAccountName, 274 "container_name": res.storageContainerName, 275 "key": res.storageKeyName, 276 "access_key": res.storageAccountAccessKey, 277 "environment": os.Getenv("ARM_ENVIRONMENT"), 278 "endpoint": os.Getenv("ARM_ENDPOINT"), 279 "use_azuread_auth": true, 280 })).(*Backend) 281 282 backend.TestBackendStates(t, b) 283 } 284 285 func TestBackendMSALManagedServiceIdentityBasic(t *testing.T) { 286 testAccAzureBackendRunningInAzure(t) 287 rs := acctest.RandString(4) 288 res := testResourceNames(rs, "testState") 289 res.useMicrosoftGraph = true 290 armClient := buildTestClient(t, res) 291 292 ctx := context.TODO() 293 err := armClient.buildTestResources(ctx, &res) 294 defer armClient.destroyTestResources(ctx, res) 295 if err != nil { 296 t.Fatalf("Error creating Test Resources: %q", err) 297 } 298 299 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 300 "storage_account_name": res.storageAccountName, 301 "container_name": res.storageContainerName, 302 "key": res.storageKeyName, 303 "resource_group_name": res.resourceGroup, 304 "use_msi": true, 305 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 306 "tenant_id": os.Getenv("ARM_TENANT_ID"), 307 "environment": os.Getenv("ARM_ENVIRONMENT"), 308 "endpoint": os.Getenv("ARM_ENDPOINT"), 309 })).(*Backend) 310 311 backend.TestBackendStates(t, b) 312 } 313 314 func TestBackendMSALServicePrincipalClientCertificateBasic(t *testing.T) { 315 testAccAzureBackend(t) 316 317 clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") 318 clientCertPath := os.Getenv("ARM_CLIENT_CERTIFICATE_PATH") 319 if clientCertPath == "" { 320 t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") 321 } 322 323 rs := acctest.RandString(4) 324 res := testResourceNames(rs, "testState") 325 res.useMicrosoftGraph = true 326 armClient := buildTestClient(t, res) 327 328 ctx := context.TODO() 329 err := armClient.buildTestResources(ctx, &res) 330 defer armClient.destroyTestResources(ctx, res) 331 if err != nil { 332 t.Fatalf("Error creating Test Resources: %q", err) 333 } 334 335 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 336 "storage_account_name": res.storageAccountName, 337 "container_name": res.storageContainerName, 338 "key": res.storageKeyName, 339 "resource_group_name": res.resourceGroup, 340 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 341 "tenant_id": os.Getenv("ARM_TENANT_ID"), 342 "client_id": os.Getenv("ARM_CLIENT_ID"), 343 "client_certificate_password": clientCertPassword, 344 "client_certificate_path": clientCertPath, 345 "environment": os.Getenv("ARM_ENVIRONMENT"), 346 "endpoint": os.Getenv("ARM_ENDPOINT"), 347 })).(*Backend) 348 349 backend.TestBackendStates(t, b) 350 } 351 352 func TestBackendMSALServicePrincipalClientSecretBasic(t *testing.T) { 353 testAccAzureBackend(t) 354 rs := acctest.RandString(4) 355 res := testResourceNames(rs, "testState") 356 res.useMicrosoftGraph = true 357 armClient := buildTestClient(t, res) 358 359 ctx := context.TODO() 360 err := armClient.buildTestResources(ctx, &res) 361 defer armClient.destroyTestResources(ctx, res) 362 if err != nil { 363 t.Fatalf("Error creating Test Resources: %q", err) 364 } 365 366 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 367 "storage_account_name": res.storageAccountName, 368 "container_name": res.storageContainerName, 369 "key": res.storageKeyName, 370 "resource_group_name": res.resourceGroup, 371 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 372 "tenant_id": os.Getenv("ARM_TENANT_ID"), 373 "client_id": os.Getenv("ARM_CLIENT_ID"), 374 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 375 "environment": os.Getenv("ARM_ENVIRONMENT"), 376 "endpoint": os.Getenv("ARM_ENDPOINT"), 377 })).(*Backend) 378 379 backend.TestBackendStates(t, b) 380 } 381 382 func TestBackendMSALServicePrincipalClientSecretCustomEndpoint(t *testing.T) { 383 testAccAzureBackend(t) 384 385 // this is only applicable for Azure Stack. 386 endpoint := os.Getenv("ARM_ENDPOINT") 387 if endpoint == "" { 388 t.Skip("Skipping as ARM_ENDPOINT isn't configured") 389 } 390 391 rs := acctest.RandString(4) 392 res := testResourceNames(rs, "testState") 393 res.useMicrosoftGraph = true 394 armClient := buildTestClient(t, res) 395 396 ctx := context.TODO() 397 err := armClient.buildTestResources(ctx, &res) 398 defer armClient.destroyTestResources(ctx, res) 399 if err != nil { 400 t.Fatalf("Error creating Test Resources: %q", err) 401 } 402 403 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 404 "storage_account_name": res.storageAccountName, 405 "container_name": res.storageContainerName, 406 "key": res.storageKeyName, 407 "resource_group_name": res.resourceGroup, 408 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 409 "tenant_id": os.Getenv("ARM_TENANT_ID"), 410 "client_id": os.Getenv("ARM_CLIENT_ID"), 411 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 412 "environment": os.Getenv("ARM_ENVIRONMENT"), 413 "endpoint": endpoint, 414 })).(*Backend) 415 416 backend.TestBackendStates(t, b) 417 } 418 419 func TestBackendAccessKeyLocked(t *testing.T) { 420 testAccAzureBackend(t) 421 rs := acctest.RandString(4) 422 res := testResourceNames(rs, "testState") 423 armClient := buildTestClient(t, res) 424 425 ctx := context.TODO() 426 err := armClient.buildTestResources(ctx, &res) 427 defer armClient.destroyTestResources(ctx, res) 428 if err != nil { 429 t.Fatalf("Error creating Test Resources: %q", err) 430 } 431 432 b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 433 "storage_account_name": res.storageAccountName, 434 "container_name": res.storageContainerName, 435 "key": res.storageKeyName, 436 "access_key": res.storageAccountAccessKey, 437 "environment": os.Getenv("ARM_ENVIRONMENT"), 438 "endpoint": os.Getenv("ARM_ENDPOINT"), 439 })).(*Backend) 440 441 b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 442 "storage_account_name": res.storageAccountName, 443 "container_name": res.storageContainerName, 444 "key": res.storageKeyName, 445 "access_key": res.storageAccountAccessKey, 446 "environment": os.Getenv("ARM_ENVIRONMENT"), 447 "endpoint": os.Getenv("ARM_ENDPOINT"), 448 })).(*Backend) 449 450 backend.TestBackendStateLocks(t, b1, b2) 451 backend.TestBackendStateForceUnlock(t, b1, b2) 452 453 backend.TestBackendStateLocksInWS(t, b1, b2, "foo") 454 backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") 455 } 456 457 func TestBackendServicePrincipalLocked(t *testing.T) { 458 testAccAzureBackend(t) 459 rs := acctest.RandString(4) 460 res := testResourceNames(rs, "testState") 461 armClient := buildTestClient(t, res) 462 463 ctx := context.TODO() 464 err := armClient.buildTestResources(ctx, &res) 465 defer armClient.destroyTestResources(ctx, res) 466 if err != nil { 467 t.Fatalf("Error creating Test Resources: %q", err) 468 } 469 470 b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 471 "storage_account_name": res.storageAccountName, 472 "container_name": res.storageContainerName, 473 "key": res.storageKeyName, 474 "access_key": res.storageAccountAccessKey, 475 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 476 "tenant_id": os.Getenv("ARM_TENANT_ID"), 477 "client_id": os.Getenv("ARM_CLIENT_ID"), 478 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 479 "environment": os.Getenv("ARM_ENVIRONMENT"), 480 "endpoint": os.Getenv("ARM_ENDPOINT"), 481 })).(*Backend) 482 483 b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 484 "storage_account_name": res.storageAccountName, 485 "container_name": res.storageContainerName, 486 "key": res.storageKeyName, 487 "access_key": res.storageAccountAccessKey, 488 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 489 "tenant_id": os.Getenv("ARM_TENANT_ID"), 490 "client_id": os.Getenv("ARM_CLIENT_ID"), 491 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 492 "environment": os.Getenv("ARM_ENVIRONMENT"), 493 "endpoint": os.Getenv("ARM_ENDPOINT"), 494 })).(*Backend) 495 496 backend.TestBackendStateLocks(t, b1, b2) 497 backend.TestBackendStateForceUnlock(t, b1, b2) 498 499 backend.TestBackendStateLocksInWS(t, b1, b2, "foo") 500 backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") 501 }