// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 package azure import ( "context" "os" "testing" "github.com/placeholderplaceholderplaceholder/opentf/internal/backend" "github.com/placeholderplaceholderplaceholder/opentf/internal/legacy/helper/acctest" ) func TestBackend_impl(t *testing.T) { var _ backend.Backend = new(Backend) } func TestBackendConfig(t *testing.T) { // This test just instantiates the client. Shouldn't make any actual // requests nor incur any costs. config := map[string]interface{}{ "storage_account_name": "tfaccount", "container_name": "tfcontainer", "key": "state", "snapshot": false, // Access Key must be Base64 "access_key": "QUNDRVNTX0tFWQ0K", } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(config)).(*Backend) if b.containerName != "tfcontainer" { t.Fatalf("Incorrect bucketName was populated") } if b.keyName != "state" { t.Fatalf("Incorrect keyName was populated") } if b.snapshot != false { t.Fatalf("Incorrect snapshot was populated") } } func TestAccBackendAccessKeyBasic(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { armClient.destroyTestResources(ctx, res) t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendSASTokenBasic(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) if err != nil { t.Fatalf("Error building SAS Token: %+v", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "sas_token": *sasToken, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendOIDCBasic(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "resource_group_name": res.resourceGroup, "use_oidc": true, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendAzureADAuthBasic(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") res.useAzureADAuth = true armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { armClient.destroyTestResources(ctx, res) t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), "use_azuread_auth": true, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendManagedServiceIdentityBasic(t *testing.T) { testAccAzureBackendRunningInAzure(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "resource_group_name": res.resourceGroup, "use_msi": true, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendServicePrincipalClientCertificateBasic(t *testing.T) { testAccAzureBackend(t) clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") clientCertPath := os.Getenv("ARM_CLIENT_CERTIFICATE_PATH") if clientCertPath == "" { t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") } rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "resource_group_name": res.resourceGroup, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "client_id": os.Getenv("ARM_CLIENT_ID"), "client_certificate_password": clientCertPassword, "client_certificate_path": clientCertPath, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendServicePrincipalClientSecretBasic(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "resource_group_name": res.resourceGroup, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "client_id": os.Getenv("ARM_CLIENT_ID"), "client_secret": os.Getenv("ARM_CLIENT_SECRET"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendServicePrincipalClientSecretCustomEndpoint(t *testing.T) { testAccAzureBackend(t) // this is only applicable for Azure Stack. endpoint := os.Getenv("ARM_ENDPOINT") if endpoint == "" { t.Skip("Skipping as ARM_ENDPOINT isn't configured") } rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "resource_group_name": res.resourceGroup, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "client_id": os.Getenv("ARM_CLIENT_ID"), "client_secret": os.Getenv("ARM_CLIENT_SECRET"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": endpoint, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendAccessKeyLocked(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStateLocks(t, b1, b2) backend.TestBackendStateForceUnlock(t, b1, b2) backend.TestBackendStateLocksInWS(t, b1, b2, "foo") backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") } func TestAccBackendServicePrincipalLocked(t *testing.T) { testAccAzureBackend(t) rs := acctest.RandString(4) res := testResourceNames(rs, "testState") armClient := buildTestClient(t, res) ctx := context.TODO() err := armClient.buildTestResources(ctx, &res) defer armClient.destroyTestResources(ctx, res) if err != nil { t.Fatalf("Error creating Test Resources: %q", err) } b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "client_id": os.Getenv("ARM_CLIENT_ID"), "client_secret": os.Getenv("ARM_CLIENT_SECRET"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ "storage_account_name": res.storageAccountName, "container_name": res.storageContainerName, "key": res.storageKeyName, "access_key": res.storageAccountAccessKey, "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), "tenant_id": os.Getenv("ARM_TENANT_ID"), "client_id": os.Getenv("ARM_CLIENT_ID"), "client_secret": os.Getenv("ARM_CLIENT_SECRET"), "environment": os.Getenv("ARM_ENVIRONMENT"), "endpoint": os.Getenv("ARM_ENDPOINT"), })).(*Backend) backend.TestBackendStateLocks(t, b1, b2) backend.TestBackendStateForceUnlock(t, b1, b2) backend.TestBackendStateLocksInWS(t, b1, b2, "foo") backend.TestBackendStateForceUnlockInWS(t, b1, b2, "foo") }