mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-22 19:24:37 -05:00
45e3a7bcf4
When context.Context was new, APIs using it arrived sporadically and so the Go team introduced context.TODO() as an explicit way to say "I need a context but I don't yet have a useful one to provide". It took quite a while for there to be an established pattern for contexts in tests, but now there is finally testing.T.Context which returns a context that gets cancelled once the test is complete, and so that's a good parent context to use for all contexts belonging to a test case. This commit therefore mechanically replaces every use of context.TODO in our test cases throughout the codebase with a call to t.Context instead. There were a small number of tests that were using a mixture of context.TODO and context.Background as placeholders and so those are also updated to use t.Context consistently. There are probably still some remaining uses of context.Background in our tests, but we'll save those for another day. As of this commit there are still various uses of context.TODO left in _non-test_ code, but we need to take more care in how we update those so those are intentionally excluded here. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
236 lines
7.6 KiB
Go
236 lines
7.6 KiB
Go
// Copyright (c) The OpenTofu Authors
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package azure
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/resources/mgmt/resources"
|
|
armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-01-01/storage"
|
|
"github.com/Azure/go-autorest/autorest"
|
|
sasStorage "github.com/hashicorp/go-azure-helpers/storage"
|
|
"github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers"
|
|
)
|
|
|
|
const (
|
|
// required for Azure Stack
|
|
sasSignedVersion = "2015-04-05"
|
|
)
|
|
|
|
// verify that we are doing ACC tests or the Azure tests specifically
|
|
func testAccAzureBackend(t *testing.T) {
|
|
skip := os.Getenv("TF_ACC") == "" && os.Getenv("TF_AZURE_TEST") == ""
|
|
if skip {
|
|
t.Log("azure backend tests require setting TF_ACC or TF_AZURE_TEST")
|
|
t.Skip()
|
|
}
|
|
}
|
|
|
|
// these kind of tests can only run when within Azure (e.g. MSI)
|
|
func testAccAzureBackendRunningInAzure(t *testing.T) {
|
|
testAccAzureBackend(t)
|
|
|
|
if os.Getenv("TF_RUNNING_IN_AZURE") == "" {
|
|
t.Skip("Skipping test since not running in Azure")
|
|
}
|
|
}
|
|
|
|
// these kind of tests can only run when within GitHub Actions (e.g. OIDC)
|
|
func testAccAzureBackendRunningInGitHubActions(t *testing.T) {
|
|
testAccAzureBackend(t)
|
|
|
|
if os.Getenv("TF_RUNNING_IN_GITHUB_ACTIONS") == "" {
|
|
t.Skip("Skipping test since not running in GitHub Actions")
|
|
}
|
|
}
|
|
|
|
func buildTestClient(t *testing.T, res resourceNames) *ArmClient {
|
|
subscriptionID := os.Getenv("ARM_SUBSCRIPTION_ID")
|
|
tenantID := os.Getenv("ARM_TENANT_ID")
|
|
clientID := os.Getenv("ARM_CLIENT_ID")
|
|
clientSecret := os.Getenv("ARM_CLIENT_SECRET")
|
|
msiEnabled := strings.EqualFold(os.Getenv("ARM_USE_MSI"), "true")
|
|
environment := os.Getenv("ARM_ENVIRONMENT")
|
|
|
|
hasCredentials := (clientID != "" && clientSecret != "") || msiEnabled
|
|
if !hasCredentials {
|
|
t.Fatal("Azure credentials missing or incomplete")
|
|
}
|
|
|
|
if subscriptionID == "" {
|
|
t.Fatalf("Missing ARM_SUBSCRIPTION_ID")
|
|
}
|
|
|
|
if tenantID == "" {
|
|
t.Fatalf("Missing ARM_TENANT_ID")
|
|
}
|
|
|
|
if environment == "" {
|
|
t.Fatalf("Missing ARM_ENVIRONMENT")
|
|
}
|
|
|
|
// location isn't used in this method, but is in the other test methods
|
|
location := os.Getenv("ARM_LOCATION")
|
|
if location == "" {
|
|
t.Fatalf("Missing ARM_LOCATION")
|
|
}
|
|
|
|
// Endpoint is optional (only for Stack)
|
|
endpoint := os.Getenv("ARM_ENDPOINT")
|
|
|
|
armClient, err := buildArmClient(t.Context(), BackendConfig{
|
|
SubscriptionID: subscriptionID,
|
|
TenantID: tenantID,
|
|
ClientID: clientID,
|
|
ClientSecret: clientSecret,
|
|
CustomResourceManagerEndpoint: endpoint,
|
|
Environment: environment,
|
|
ResourceGroupName: res.resourceGroup,
|
|
StorageAccountName: res.storageAccountName,
|
|
UseMsi: msiEnabled,
|
|
UseAzureADAuthentication: res.useAzureADAuth,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Failed to build ArmClient: %+v", err)
|
|
}
|
|
|
|
return armClient
|
|
}
|
|
|
|
func buildSasToken(accountName, accessKey string) (*string, error) {
|
|
// grant full access to Objects in the Blob Storage Account
|
|
permissions := "rwdlacup" // full control
|
|
resourceTypes := "sco" // service, container, object
|
|
services := "b" // blob
|
|
|
|
// Details on how to do this are here:
|
|
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
|
|
signedProtocol := "https,http"
|
|
signedIp := ""
|
|
signedVersion := sasSignedVersion
|
|
|
|
utcNow := time.Now().UTC()
|
|
|
|
// account for servers being up to 5 minutes out
|
|
startDate := utcNow.Add(time.Minute * -5).Format(time.RFC3339)
|
|
endDate := utcNow.Add(time.Hour * 24).Format(time.RFC3339)
|
|
|
|
sasToken, err := sasStorage.ComputeAccountSASToken(accountName, accessKey, permissions, services, resourceTypes,
|
|
startDate, endDate, signedProtocol, signedIp, signedVersion)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error computing SAS Token: %w", err)
|
|
}
|
|
log.Printf("SAS Token should be %q", sasToken)
|
|
return &sasToken, nil
|
|
}
|
|
|
|
type resourceNames struct {
|
|
resourceGroup string
|
|
location string
|
|
storageAccountName string
|
|
storageContainerName string
|
|
storageKeyName string
|
|
storageAccountAccessKey string
|
|
useAzureADAuth bool
|
|
}
|
|
|
|
func testResourceNames(rString string, keyName string) resourceNames {
|
|
return resourceNames{
|
|
resourceGroup: fmt.Sprintf("acctestRG-backend-%s-%s", strings.Replace(time.Now().Local().Format("060102150405.00"), ".", "", 1), rString),
|
|
location: os.Getenv("ARM_LOCATION"),
|
|
storageAccountName: fmt.Sprintf("acctestsa%s", rString),
|
|
storageContainerName: "acctestcont",
|
|
storageKeyName: keyName,
|
|
useAzureADAuth: false,
|
|
}
|
|
}
|
|
|
|
func (c *ArmClient) buildTestResources(t *testing.T, ctx context.Context, names *resourceNames) error {
|
|
t.Helper()
|
|
t.Logf("Creating Resource Group %q", names.resourceGroup)
|
|
_, err := c.groupsClient.CreateOrUpdate(ctx, names.resourceGroup, resources.Group{Location: &names.location})
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create test resource group: %w", err)
|
|
}
|
|
|
|
t.Logf("Creating Storage Account %q in Resource Group %q", names.storageAccountName, names.resourceGroup)
|
|
storageProps := armStorage.AccountCreateParameters{
|
|
Sku: &armStorage.Sku{
|
|
Name: armStorage.StandardLRS,
|
|
Tier: armStorage.Standard,
|
|
},
|
|
Location: &names.location,
|
|
}
|
|
if names.useAzureADAuth {
|
|
allowSharedKeyAccess := false
|
|
storageProps.AccountPropertiesCreateParameters = &armStorage.AccountPropertiesCreateParameters{
|
|
AllowSharedKeyAccess: &allowSharedKeyAccess,
|
|
}
|
|
}
|
|
future, err := c.storageAccountsClient.Create(ctx, names.resourceGroup, names.storageAccountName, storageProps)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create test storage account: %w", err)
|
|
}
|
|
|
|
err = future.WaitForCompletionRef(ctx, c.storageAccountsClient.Client)
|
|
if err != nil {
|
|
return fmt.Errorf("failed waiting for the creation of storage account: %w", err)
|
|
}
|
|
|
|
containersClient := containers.NewWithEnvironment(c.environment)
|
|
if names.useAzureADAuth {
|
|
containersClient.Client.Authorizer = *c.azureAdStorageAuth
|
|
} else {
|
|
t.Logf("fetching access key for storage account")
|
|
resp, err := c.storageAccountsClient.ListKeys(ctx, names.resourceGroup, names.storageAccountName, "")
|
|
if err != nil {
|
|
return fmt.Errorf("failed to list storage account keys %w:", err)
|
|
}
|
|
|
|
keys := *resp.Keys
|
|
accessKey := *keys[0].Value
|
|
names.storageAccountAccessKey = accessKey
|
|
|
|
storageAuth, err := autorest.NewSharedKeyAuthorizer(names.storageAccountName, accessKey, autorest.SharedKey)
|
|
if err != nil {
|
|
return fmt.Errorf("Error building Authorizer: %w", err)
|
|
}
|
|
|
|
containersClient.Client.Authorizer = storageAuth
|
|
}
|
|
|
|
t.Logf("Creating Container %q in Storage Account %q (Resource Group %q)", names.storageContainerName, names.storageAccountName, names.resourceGroup)
|
|
_, err = containersClient.Create(ctx, names.storageAccountName, names.storageContainerName, containers.CreateInput{})
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create storage container: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c ArmClient) destroyTestResources(t *testing.T, ctx context.Context, resources resourceNames) error {
|
|
t.Helper()
|
|
t.Logf("[DEBUG] Deleting Resource Group %q..", resources.resourceGroup)
|
|
future, err := c.groupsClient.Delete(ctx, resources.resourceGroup)
|
|
if err != nil {
|
|
return fmt.Errorf("Error deleting Resource Group: %w", err)
|
|
}
|
|
|
|
t.Logf("[DEBUG] Waiting for deletion of Resource Group %q..", resources.resourceGroup)
|
|
err = future.WaitForCompletionRef(ctx, c.groupsClient.Client)
|
|
if err != nil {
|
|
return fmt.Errorf("Error waiting for the deletion of Resource Group: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|