github.com/terramate-io/tf@v0.0.0-20230830114523-fce866b4dfcd/backend/remote-state/azure/backend_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package azure 5 6 import ( 7 "context" 8 "os" 9 "testing" 10 11 "github.com/terramate-io/tf/backend" 12 "github.com/terramate-io/tf/legacy/helper/acctest" 13 ) 14 15 func TestBackend_impl(t *testing.T) { 16 var _ backend.Backend = new(Backend) 17 } 18 19 func TestBackendConfig(t *testing.T) { 20 // This test just instantiates the client. Shouldn't make any actual 21 // requests nor incur any costs. 22 23 config := map[string]interface{}{ 24 "storage_account_name": "tfaccount", 25 "container_name": "tfcontainer", 26 "key": "state", 27 "snapshot": false, 28 // Access Key must be Base64 29 "access_key": "QUNDRVNTX0tFWQ0K", 30 } 31 32 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(config)).(*Backend) 33 34 if b.containerName != "tfcontainer" { 35 t.Fatalf("Incorrect bucketName was populated") 36 } 37 if b.keyName != "state" { 38 t.Fatalf("Incorrect keyName was populated") 39 } 40 if b.snapshot != false { 41 t.Fatalf("Incorrect snapshot was populated") 42 } 43 } 44 45 func TestAccBackendAccessKeyBasic(t *testing.T) { 46 testAccAzureBackend(t) 47 rs := acctest.RandString(4) 48 res := testResourceNames(rs, "testState") 49 armClient := buildTestClient(t, res) 50 51 ctx := context.TODO() 52 err := armClient.buildTestResources(ctx, &res) 53 defer armClient.destroyTestResources(ctx, res) 54 if err != nil { 55 armClient.destroyTestResources(ctx, res) 56 t.Fatalf("Error creating Test Resources: %q", err) 57 } 58 59 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 60 "storage_account_name": res.storageAccountName, 61 "container_name": res.storageContainerName, 62 "key": res.storageKeyName, 63 "access_key": res.storageAccountAccessKey, 64 "environment": os.Getenv("ARM_ENVIRONMENT"), 65 "endpoint": os.Getenv("ARM_ENDPOINT"), 66 })).(*Backend) 67 68 backend.TestBackendStates(t, b) 69 } 70 71 func TestAccBackendSASTokenBasic(t *testing.T) { 72 testAccAzureBackend(t) 73 rs := acctest.RandString(4) 74 res := testResourceNames(rs, "testState") 75 armClient := buildTestClient(t, res) 76 77 ctx := context.TODO() 78 err := armClient.buildTestResources(ctx, &res) 79 defer armClient.destroyTestResources(ctx, res) 80 if err != nil { 81 t.Fatalf("Error creating Test Resources: %q", err) 82 } 83 84 sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) 85 if err != nil { 86 t.Fatalf("Error building SAS Token: %+v", err) 87 } 88 89 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 90 "storage_account_name": res.storageAccountName, 91 "container_name": res.storageContainerName, 92 "key": res.storageKeyName, 93 "sas_token": *sasToken, 94 "environment": os.Getenv("ARM_ENVIRONMENT"), 95 "endpoint": os.Getenv("ARM_ENDPOINT"), 96 })).(*Backend) 97 98 backend.TestBackendStates(t, b) 99 } 100 101 func TestAccBackendOIDCBasic(t *testing.T) { 102 testAccAzureBackend(t) 103 rs := acctest.RandString(4) 104 res := testResourceNames(rs, "testState") 105 armClient := buildTestClient(t, res) 106 107 ctx := context.TODO() 108 err := armClient.buildTestResources(ctx, &res) 109 defer armClient.destroyTestResources(ctx, res) 110 if err != nil { 111 t.Fatalf("Error creating Test Resources: %q", err) 112 } 113 114 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 115 "storage_account_name": res.storageAccountName, 116 "container_name": res.storageContainerName, 117 "key": res.storageKeyName, 118 "resource_group_name": res.resourceGroup, 119 "use_oidc": true, 120 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 121 "tenant_id": os.Getenv("ARM_TENANT_ID"), 122 "environment": os.Getenv("ARM_ENVIRONMENT"), 123 "endpoint": os.Getenv("ARM_ENDPOINT"), 124 })).(*Backend) 125 126 backend.TestBackendStates(t, b) 127 } 128 129 func TestAccBackendAzureADAuthBasic(t *testing.T) { 130 testAccAzureBackend(t) 131 rs := acctest.RandString(4) 132 res := testResourceNames(rs, "testState") 133 res.useAzureADAuth = true 134 armClient := buildTestClient(t, res) 135 136 ctx := context.TODO() 137 err := armClient.buildTestResources(ctx, &res) 138 defer armClient.destroyTestResources(ctx, res) 139 if err != nil { 140 armClient.destroyTestResources(ctx, res) 141 t.Fatalf("Error creating Test Resources: %q", err) 142 } 143 144 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 145 "storage_account_name": res.storageAccountName, 146 "container_name": res.storageContainerName, 147 "key": res.storageKeyName, 148 "access_key": res.storageAccountAccessKey, 149 "environment": os.Getenv("ARM_ENVIRONMENT"), 150 "endpoint": os.Getenv("ARM_ENDPOINT"), 151 "use_azuread_auth": true, 152 })).(*Backend) 153 154 backend.TestBackendStates(t, b) 155 } 156 157 func TestAccBackendManagedServiceIdentityBasic(t *testing.T) { 158 testAccAzureBackendRunningInAzure(t) 159 rs := acctest.RandString(4) 160 res := testResourceNames(rs, "testState") 161 armClient := buildTestClient(t, res) 162 163 ctx := context.TODO() 164 err := armClient.buildTestResources(ctx, &res) 165 defer armClient.destroyTestResources(ctx, res) 166 if err != nil { 167 t.Fatalf("Error creating Test Resources: %q", err) 168 } 169 170 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 171 "storage_account_name": res.storageAccountName, 172 "container_name": res.storageContainerName, 173 "key": res.storageKeyName, 174 "resource_group_name": res.resourceGroup, 175 "use_msi": true, 176 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 177 "tenant_id": os.Getenv("ARM_TENANT_ID"), 178 "environment": os.Getenv("ARM_ENVIRONMENT"), 179 "endpoint": os.Getenv("ARM_ENDPOINT"), 180 })).(*Backend) 181 182 backend.TestBackendStates(t, b) 183 } 184 185 func TestAccBackendServicePrincipalClientCertificateBasic(t *testing.T) { 186 testAccAzureBackend(t) 187 188 clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") 189 clientCertPath := os.Getenv("ARM_CLIENT_CERTIFICATE_PATH") 190 if clientCertPath == "" { 191 t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") 192 } 193 194 rs := acctest.RandString(4) 195 res := testResourceNames(rs, "testState") 196 armClient := buildTestClient(t, res) 197 198 ctx := context.TODO() 199 err := armClient.buildTestResources(ctx, &res) 200 defer armClient.destroyTestResources(ctx, res) 201 if err != nil { 202 t.Fatalf("Error creating Test Resources: %q", err) 203 } 204 205 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 206 "storage_account_name": res.storageAccountName, 207 "container_name": res.storageContainerName, 208 "key": res.storageKeyName, 209 "resource_group_name": res.resourceGroup, 210 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 211 "tenant_id": os.Getenv("ARM_TENANT_ID"), 212 "client_id": os.Getenv("ARM_CLIENT_ID"), 213 "client_certificate_password": clientCertPassword, 214 "client_certificate_path": clientCertPath, 215 "environment": os.Getenv("ARM_ENVIRONMENT"), 216 "endpoint": os.Getenv("ARM_ENDPOINT"), 217 })).(*Backend) 218 219 backend.TestBackendStates(t, b) 220 } 221 222 func TestAccBackendServicePrincipalClientSecretBasic(t *testing.T) { 223 testAccAzureBackend(t) 224 rs := acctest.RandString(4) 225 res := testResourceNames(rs, "testState") 226 armClient := buildTestClient(t, res) 227 228 ctx := context.TODO() 229 err := armClient.buildTestResources(ctx, &res) 230 defer armClient.destroyTestResources(ctx, res) 231 if err != nil { 232 t.Fatalf("Error creating Test Resources: %q", err) 233 } 234 235 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 236 "storage_account_name": res.storageAccountName, 237 "container_name": res.storageContainerName, 238 "key": res.storageKeyName, 239 "resource_group_name": res.resourceGroup, 240 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 241 "tenant_id": os.Getenv("ARM_TENANT_ID"), 242 "client_id": os.Getenv("ARM_CLIENT_ID"), 243 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 244 "environment": os.Getenv("ARM_ENVIRONMENT"), 245 "endpoint": os.Getenv("ARM_ENDPOINT"), 246 })).(*Backend) 247 248 backend.TestBackendStates(t, b) 249 } 250 251 func TestAccBackendServicePrincipalClientSecretCustomEndpoint(t *testing.T) { 252 testAccAzureBackend(t) 253 254 // this is only applicable for Azure Stack. 255 endpoint := os.Getenv("ARM_ENDPOINT") 256 if endpoint == "" { 257 t.Skip("Skipping as ARM_ENDPOINT isn't configured") 258 } 259 260 rs := acctest.RandString(4) 261 res := testResourceNames(rs, "testState") 262 armClient := buildTestClient(t, res) 263 264 ctx := context.TODO() 265 err := armClient.buildTestResources(ctx, &res) 266 defer armClient.destroyTestResources(ctx, res) 267 if err != nil { 268 t.Fatalf("Error creating Test Resources: %q", err) 269 } 270 271 b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 272 "storage_account_name": res.storageAccountName, 273 "container_name": res.storageContainerName, 274 "key": res.storageKeyName, 275 "resource_group_name": res.resourceGroup, 276 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 277 "tenant_id": os.Getenv("ARM_TENANT_ID"), 278 "client_id": os.Getenv("ARM_CLIENT_ID"), 279 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 280 "environment": os.Getenv("ARM_ENVIRONMENT"), 281 "endpoint": endpoint, 282 })).(*Backend) 283 284 backend.TestBackendStates(t, b) 285 } 286 287 func TestAccBackendAccessKeyLocked(t *testing.T) { 288 testAccAzureBackend(t) 289 rs := acctest.RandString(4) 290 res := testResourceNames(rs, "testState") 291 armClient := buildTestClient(t, res) 292 293 ctx := context.TODO() 294 err := armClient.buildTestResources(ctx, &res) 295 defer armClient.destroyTestResources(ctx, res) 296 if err != nil { 297 t.Fatalf("Error creating Test Resources: %q", err) 298 } 299 300 b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 301 "storage_account_name": res.storageAccountName, 302 "container_name": res.storageContainerName, 303 "key": res.storageKeyName, 304 "access_key": res.storageAccountAccessKey, 305 "environment": os.Getenv("ARM_ENVIRONMENT"), 306 "endpoint": os.Getenv("ARM_ENDPOINT"), 307 })).(*Backend) 308 309 b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 310 "storage_account_name": res.storageAccountName, 311 "container_name": res.storageContainerName, 312 "key": res.storageKeyName, 313 "access_key": res.storageAccountAccessKey, 314 "environment": os.Getenv("ARM_ENVIRONMENT"), 315 "endpoint": os.Getenv("ARM_ENDPOINT"), 316 })).(*Backend) 317 318 backend.TestBackendStateLocks(t, b1, b2) 319 backend.TestBackendStateForceUnlock(t, b1, b2) 320 321 backend.TestBackendStateLocksInWS(t, b1, b2, "foo") 322 backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") 323 } 324 325 func TestAccBackendServicePrincipalLocked(t *testing.T) { 326 testAccAzureBackend(t) 327 rs := acctest.RandString(4) 328 res := testResourceNames(rs, "testState") 329 armClient := buildTestClient(t, res) 330 331 ctx := context.TODO() 332 err := armClient.buildTestResources(ctx, &res) 333 defer armClient.destroyTestResources(ctx, res) 334 if err != nil { 335 t.Fatalf("Error creating Test Resources: %q", err) 336 } 337 338 b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 339 "storage_account_name": res.storageAccountName, 340 "container_name": res.storageContainerName, 341 "key": res.storageKeyName, 342 "access_key": res.storageAccountAccessKey, 343 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 344 "tenant_id": os.Getenv("ARM_TENANT_ID"), 345 "client_id": os.Getenv("ARM_CLIENT_ID"), 346 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 347 "environment": os.Getenv("ARM_ENVIRONMENT"), 348 "endpoint": os.Getenv("ARM_ENDPOINT"), 349 })).(*Backend) 350 351 b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ 352 "storage_account_name": res.storageAccountName, 353 "container_name": res.storageContainerName, 354 "key": res.storageKeyName, 355 "access_key": res.storageAccountAccessKey, 356 "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), 357 "tenant_id": os.Getenv("ARM_TENANT_ID"), 358 "client_id": os.Getenv("ARM_CLIENT_ID"), 359 "client_secret": os.Getenv("ARM_CLIENT_SECRET"), 360 "environment": os.Getenv("ARM_ENVIRONMENT"), 361 "endpoint": os.Getenv("ARM_ENDPOINT"), 362 })).(*Backend) 363 364 backend.TestBackendStateLocks(t, b1, b2) 365 backend.TestBackendStateForceUnlock(t, b1, b2) 366 367 backend.TestBackendStateLocksInWS(t, b1, b2, "foo") 368 backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") 369 }