From 1927b138d6df390b017124ee6328527713967097 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Fri, 14 Apr 2023 17:08:01 +0200 Subject: [PATCH] Migrate secret-manager tests --- modules/secret-manager/README.md | 4 +- .../modules/secret_manager/examples/iam.yaml | 46 +++++++++++++++++++ .../{__init__.py => examples/versions.yaml} | 17 ++++++- tests/modules/secret_manager/fixture/main.tf | 42 ----------------- .../secret_manager/fixture/variables.tf | 20 -------- tests/modules/secret_manager/test_plan.py | 36 --------------- 6 files changed, 64 insertions(+), 101 deletions(-) create mode 100644 tests/modules/secret_manager/examples/iam.yaml rename tests/modules/secret_manager/{__init__.py => examples/versions.yaml} (50%) delete mode 100644 tests/modules/secret_manager/fixture/main.tf delete mode 100644 tests/modules/secret_manager/fixture/variables.tf delete mode 100644 tests/modules/secret_manager/test_plan.py diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md index 6816db4d..acdfa02d 100644 --- a/modules/secret-manager/README.md +++ b/modules/secret-manager/README.md @@ -45,7 +45,7 @@ module "secret-manager" { } } } -# tftest modules=1 resources=4 +# tftest modules=1 resources=4 inventory=iam.yaml ``` ### Secret versions @@ -70,7 +70,7 @@ module "secret-manager" { } } } -# tftest modules=1 resources=5 +# tftest modules=1 resources=5 inventory=versions.yaml ``` diff --git a/tests/modules/secret_manager/examples/iam.yaml b/tests/modules/secret_manager/examples/iam.yaml new file mode 100644 index 00000000..98fae344 --- /dev/null +++ b/tests/modules/secret_manager/examples/iam.yaml @@ -0,0 +1,46 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.secret-manager.google_secret_manager_secret.default["test-auto"]: + project: my-project + replication: + - automatic: true + user_managed: [] + secret_id: test-auto + module.secret-manager.google_secret_manager_secret.default["test-manual"]: + project: my-project + replication: + - automatic: null + user_managed: + - replicas: + - customer_managed_encryption: [] + location: europe-west1 + - customer_managed_encryption: [] + location: europe-west4 + secret_id: test-manual + module.secret-manager.google_secret_manager_secret_iam_binding.default["test-auto.roles/secretmanager.secretAccessor"]: + condition: [] + members: + - group:auto-readers@example.com + role: roles/secretmanager.secretAccessor + module.secret-manager.google_secret_manager_secret_iam_binding.default["test-manual.roles/secretmanager.secretAccessor"]: + condition: [] + members: + - group:manual-readers@example.com + role: roles/secretmanager.secretAccessor + +counts: + google_secret_manager_secret: 2 + google_secret_manager_secret_iam_binding: 2 diff --git a/tests/modules/secret_manager/__init__.py b/tests/modules/secret_manager/examples/versions.yaml similarity index 50% rename from tests/modules/secret_manager/__init__.py rename to tests/modules/secret_manager/examples/versions.yaml index 6d6d1266..6fbf6ad3 100644 --- a/tests/modules/secret_manager/__init__.py +++ b/tests/modules/secret_manager/examples/versions.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,3 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +values: + module.secret-manager.google_secret_manager_secret_version.default["test-auto:v1"]: + enabled: false + secret_data: auto foo bar baz + module.secret-manager.google_secret_manager_secret_version.default["test-auto:v2"]: + enabled: true + secret_data: auto foo bar spam + module.secret-manager.google_secret_manager_secret_version.default["test-manual:v1"]: + enabled: true + secret_data: manual foo bar spam + +counts: + google_secret_manager_secret: 2 + google_secret_manager_secret_version: 3 diff --git a/tests/modules/secret_manager/fixture/main.tf b/tests/modules/secret_manager/fixture/main.tf deleted file mode 100644 index 294504c7..00000000 --- a/tests/modules/secret_manager/fixture/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -module "test" { - source = "../../../../modules/secret-manager" - project_id = "my-project" - iam = { - secret-1 = { - "roles/secretmanager.secretAccessor" = [ - "serviceAccount:service-account.example.com" - ] - } - secret-2 = { - "roles/secretmanager.viewer" = [ - "serviceAccount:service-account.example.com" - ] - } - } - secrets = { - secret-1 = ["europe-west1"], - secret-2 = null - } - versions = { - secret-1 = { - foobar = { enabled = true, data = "foobar" } - } - } - labels = var.labels -} diff --git a/tests/modules/secret_manager/fixture/variables.tf b/tests/modules/secret_manager/fixture/variables.tf deleted file mode 100644 index ce6f5559..00000000 --- a/tests/modules/secret_manager/fixture/variables.tf +++ /dev/null @@ -1,20 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "labels" { - type = map(map(string)) - default = {} -} diff --git a/tests/modules/secret_manager/test_plan.py b/tests/modules/secret_manager/test_plan.py deleted file mode 100644 index c7d5e4d9..00000000 --- a/tests/modules/secret_manager/test_plan.py +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import pytest - - -@pytest.fixture -def resources(plan_runner): - _, resources = plan_runner() - return resources - - -def test_resource_count(resources): - "Test number of resources created." - assert len(resources) == 5 - - -def test_secret_iam(resources): - "Test secret IAM binding resources." - bindings = [r['values'] for r in resources if r['type'] - == 'google_secret_manager_secret_iam_binding'] - assert len(bindings) == 2 - assert set(b['role'] for b in bindings) == set([ - 'roles/secretmanager.secretAccessor', 'roles/secretmanager.viewer' - ])