Skip to content

Commit b3f7f58

Browse files
dbonfdbonf
committed
fix tests
1 parent 333a4e2 commit b3f7f58

4 files changed

Lines changed: 618 additions & 2 deletions

sysdig/resource_sysdig_sso_openid_onprem_test.go

Lines changed: 319 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,319 @@
1+
//go:build tf_acc_onprem_monitor || tf_acc_onprem_secure
2+
3+
package sysdig_test
4+
5+
import (
6+
"fmt"
7+
"os"
8+
"testing"
9+
10+
"github.com/draios/terraform-provider-sysdig/sysdig"
11+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
12+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
13+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
14+
)
15+
16+
func TestAccSSOOpenIDOnprem_Basic(t *testing.T) {
17+
integrationName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
18+
19+
resource.ParallelTest(t, resource.TestCase{
20+
PreCheck: func() {
21+
monitor := os.Getenv("SYSDIG_MONITOR_API_TOKEN")
22+
secure := os.Getenv("SYSDIG_SECURE_API_TOKEN")
23+
if monitor == "" && secure == "" {
24+
t.Fatal("SYSDIG_MONITOR_API_TOKEN or SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
25+
}
26+
},
27+
ProviderFactories: map[string]func() (*schema.Provider, error){
28+
"sysdig": func() (*schema.Provider, error) {
29+
return sysdig.Provider(), nil
30+
},
31+
},
32+
Steps: []resource.TestStep{
33+
{
34+
Config: ssoOpenIDOnpremBasicConfig(integrationName),
35+
Check: resource.ComposeTestCheckFunc(
36+
resource.TestCheckResourceAttr(
37+
"sysdig_sso_openid.test",
38+
"is_system",
39+
"true",
40+
),
41+
resource.TestCheckResourceAttr(
42+
"sysdig_sso_openid.test",
43+
"issuer_url",
44+
"https://accounts.google.com",
45+
),
46+
resource.TestCheckResourceAttr(
47+
"sysdig_sso_openid.test",
48+
"client_id",
49+
"test-client-id",
50+
),
51+
resource.TestCheckResourceAttr(
52+
"sysdig_sso_openid.test",
53+
"integration_name",
54+
integrationName,
55+
),
56+
resource.TestCheckResourceAttr(
57+
"sysdig_sso_openid.test",
58+
"is_active",
59+
"true",
60+
),
61+
resource.TestCheckResourceAttr(
62+
"sysdig_sso_openid.test",
63+
"is_metadata_discovery_enabled",
64+
"true",
65+
),
66+
resource.TestCheckResourceAttrSet(
67+
"sysdig_sso_openid.test",
68+
"version",
69+
),
70+
),
71+
},
72+
{
73+
ResourceName: "sysdig_sso_openid.test",
74+
ImportState: true,
75+
ImportStateVerify: true,
76+
ImportStateVerifyIgnore: []string{"client_secret"},
77+
},
78+
},
79+
})
80+
}
81+
82+
func TestAccSSOOpenIDOnprem_WithMetadata(t *testing.T) {
83+
integrationName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
84+
85+
resource.ParallelTest(t, resource.TestCase{
86+
PreCheck: func() {
87+
monitor := os.Getenv("SYSDIG_MONITOR_API_TOKEN")
88+
secure := os.Getenv("SYSDIG_SECURE_API_TOKEN")
89+
if monitor == "" && secure == "" {
90+
t.Fatal("SYSDIG_MONITOR_API_TOKEN or SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
91+
}
92+
},
93+
ProviderFactories: map[string]func() (*schema.Provider, error){
94+
"sysdig": func() (*schema.Provider, error) {
95+
return sysdig.Provider(), nil
96+
},
97+
},
98+
Steps: []resource.TestStep{
99+
{
100+
Config: ssoOpenIDOnpremWithMetadataConfig(integrationName),
101+
Check: resource.ComposeTestCheckFunc(
102+
resource.TestCheckResourceAttr(
103+
"sysdig_sso_openid.test_metadata",
104+
"is_system",
105+
"true",
106+
),
107+
resource.TestCheckResourceAttr(
108+
"sysdig_sso_openid.test_metadata",
109+
"is_metadata_discovery_enabled",
110+
"false",
111+
),
112+
resource.TestCheckResourceAttr(
113+
"sysdig_sso_openid.test_metadata",
114+
"metadata.0.issuer",
115+
"https://idp.example.com",
116+
),
117+
resource.TestCheckResourceAttr(
118+
"sysdig_sso_openid.test_metadata",
119+
"metadata.0.authorization_endpoint",
120+
"https://idp.example.com/oauth2/authorize",
121+
),
122+
resource.TestCheckResourceAttr(
123+
"sysdig_sso_openid.test_metadata",
124+
"metadata.0.token_endpoint",
125+
"https://idp.example.com/oauth2/token",
126+
),
127+
resource.TestCheckResourceAttr(
128+
"sysdig_sso_openid.test_metadata",
129+
"metadata.0.jwks_uri",
130+
"https://idp.example.com/.well-known/jwks.json",
131+
),
132+
resource.TestCheckResourceAttr(
133+
"sysdig_sso_openid.test_metadata",
134+
"metadata.0.token_auth_method",
135+
"CLIENT_SECRET_BASIC",
136+
),
137+
),
138+
},
139+
{
140+
ResourceName: "sysdig_sso_openid.test_metadata",
141+
ImportState: true,
142+
ImportStateVerify: true,
143+
ImportStateVerifyIgnore: []string{"client_secret"},
144+
},
145+
},
146+
})
147+
}
148+
149+
func TestAccSSOOpenIDOnprem_Update(t *testing.T) {
150+
integrationName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
151+
152+
resource.ParallelTest(t, resource.TestCase{
153+
PreCheck: func() {
154+
monitor := os.Getenv("SYSDIG_MONITOR_API_TOKEN")
155+
secure := os.Getenv("SYSDIG_SECURE_API_TOKEN")
156+
if monitor == "" && secure == "" {
157+
t.Fatal("SYSDIG_MONITOR_API_TOKEN or SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
158+
}
159+
},
160+
ProviderFactories: map[string]func() (*schema.Provider, error){
161+
"sysdig": func() (*schema.Provider, error) {
162+
return sysdig.Provider(), nil
163+
},
164+
},
165+
Steps: []resource.TestStep{
166+
{
167+
Config: ssoOpenIDOnpremBasicConfig(integrationName),
168+
Check: resource.ComposeTestCheckFunc(
169+
resource.TestCheckResourceAttr(
170+
"sysdig_sso_openid.test",
171+
"integration_name",
172+
integrationName,
173+
),
174+
resource.TestCheckResourceAttr(
175+
"sysdig_sso_openid.test",
176+
"is_group_mapping_enabled",
177+
"false",
178+
),
179+
),
180+
},
181+
{
182+
Config: ssoOpenIDOnpremUpdatedConfig(integrationName),
183+
Check: resource.ComposeTestCheckFunc(
184+
resource.TestCheckResourceAttr(
185+
"sysdig_sso_openid.test",
186+
"integration_name",
187+
integrationName, // integration_name cannot be updated (ForceNew)
188+
),
189+
resource.TestCheckResourceAttr(
190+
"sysdig_sso_openid.test",
191+
"is_group_mapping_enabled",
192+
"true",
193+
),
194+
resource.TestCheckResourceAttr(
195+
"sysdig_sso_openid.test",
196+
"group_mapping_attribute_name",
197+
"custom_groups",
198+
),
199+
),
200+
},
201+
},
202+
})
203+
}
204+
205+
func TestAccSSOOpenIDOnprem_WithAdditionalScopes(t *testing.T) {
206+
integrationName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
207+
208+
resource.ParallelTest(t, resource.TestCase{
209+
PreCheck: func() {
210+
monitor := os.Getenv("SYSDIG_MONITOR_API_TOKEN")
211+
secure := os.Getenv("SYSDIG_SECURE_API_TOKEN")
212+
if monitor == "" && secure == "" {
213+
t.Fatal("SYSDIG_MONITOR_API_TOKEN or SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
214+
}
215+
},
216+
ProviderFactories: map[string]func() (*schema.Provider, error){
217+
"sysdig": func() (*schema.Provider, error) {
218+
return sysdig.Provider(), nil
219+
},
220+
},
221+
Steps: []resource.TestStep{
222+
{
223+
Config: ssoOpenIDOnpremWithAdditionalScopesConfig(integrationName),
224+
Check: resource.ComposeTestCheckFunc(
225+
resource.TestCheckResourceAttr(
226+
"sysdig_sso_openid.test_scopes",
227+
"is_system",
228+
"true",
229+
),
230+
resource.TestCheckResourceAttr(
231+
"sysdig_sso_openid.test_scopes",
232+
"is_additional_scopes_check_enabled",
233+
"true",
234+
),
235+
resource.TestCheckResourceAttr(
236+
"sysdig_sso_openid.test_scopes",
237+
"additional_scopes.#",
238+
"2",
239+
),
240+
resource.TestCheckResourceAttr(
241+
"sysdig_sso_openid.test_scopes",
242+
"additional_scopes.0",
243+
"groups",
244+
),
245+
resource.TestCheckResourceAttr(
246+
"sysdig_sso_openid.test_scopes",
247+
"additional_scopes.1",
248+
"roles",
249+
),
250+
),
251+
},
252+
},
253+
})
254+
}
255+
256+
func ssoOpenIDOnpremBasicConfig(integrationName string) string {
257+
return fmt.Sprintf(`
258+
resource "sysdig_sso_openid" "test" {
259+
is_system = true
260+
issuer_url = "https://accounts.google.com"
261+
client_id = "test-client-id"
262+
client_secret = "test-client-secret"
263+
integration_name = "%s"
264+
is_active = true
265+
}
266+
`, integrationName)
267+
}
268+
269+
func ssoOpenIDOnpremUpdatedConfig(integrationName string) string {
270+
return fmt.Sprintf(`
271+
resource "sysdig_sso_openid" "test" {
272+
is_system = true
273+
issuer_url = "https://accounts.google.com"
274+
client_id = "test-client-id"
275+
client_secret = "test-client-secret"
276+
integration_name = "%s"
277+
is_active = true
278+
is_group_mapping_enabled = true
279+
group_mapping_attribute_name = "custom_groups"
280+
}
281+
`, integrationName)
282+
}
283+
284+
func ssoOpenIDOnpremWithMetadataConfig(integrationName string) string {
285+
return fmt.Sprintf(`
286+
resource "sysdig_sso_openid" "test_metadata" {
287+
is_system = true
288+
issuer_url = "https://idp.example.com"
289+
client_id = "test-client-id"
290+
client_secret = "test-client-secret"
291+
integration_name = "%s"
292+
is_metadata_discovery_enabled = false
293+
294+
metadata {
295+
issuer = "https://idp.example.com"
296+
authorization_endpoint = "https://idp.example.com/oauth2/authorize"
297+
token_endpoint = "https://idp.example.com/oauth2/token"
298+
jwks_uri = "https://idp.example.com/.well-known/jwks.json"
299+
token_auth_method = "CLIENT_SECRET_BASIC"
300+
end_session_endpoint = "https://idp.example.com/oauth2/logout"
301+
user_info_endpoint = "https://idp.example.com/userinfo"
302+
}
303+
}
304+
`, integrationName)
305+
}
306+
307+
func ssoOpenIDOnpremWithAdditionalScopesConfig(integrationName string) string {
308+
return fmt.Sprintf(`
309+
resource "sysdig_sso_openid" "test_scopes" {
310+
is_system = true
311+
issuer_url = "https://accounts.google.com"
312+
client_id = "test-client-id"
313+
client_secret = "test-client-secret"
314+
integration_name = "%s"
315+
is_additional_scopes_check_enabled = true
316+
additional_scopes = ["groups", "roles"]
317+
}
318+
`, integrationName)
319+
}

sysdig/resource_sysdig_sso_openid_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_secure || tf_acc_onprem_monitor || tf_acc_onprem_secure
1+
//go:build tf_acc_sysdig_monitor || tf_acc_sysdig_secure
22

33
package sysdig_test
44

0 commit comments

Comments
 (0)