Skip to content

Commit

Permalink
Merge pull request #15733 from terraform-providers/t-gov-hardarn-db
Browse files Browse the repository at this point in the history 
tests/provider: Fix hardcoded ARN (DB*)
  • Loading branch information
@YakDriver
YakDriver authored Oct 28, 2020
2 parents 90be116 + 1dd2138 commit 6df9963
Show file tree
Hide file tree
Showing 6 changed files with 69 additions and 49 deletions.
2 changes: 1 addition & 1 deletion aws/resource_aws_db_instance.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func resourceAwsDbInstance() *schema.Resource {
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(40 * time.Minute),
Update: schema.DefaultTimeout(80 * time.Minute),
Delete: schema.DefaultTimeout(40 * time.Minute),
Delete: schema.DefaultTimeout(60 * time.Minute),
},

Schema: map[string]*schema.Schema{
Expand Down
78 changes: 45 additions & 33 deletions aws/resource_aws_db_instance_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1110,23 +1110,23 @@ func TestAccAWSDBInstance_ReplicateSourceDb_CACertificateIdentifier(t *testing.T
var dbInstance, sourceDbInstance rds.DBInstance

rName := acctest.RandomWithPrefix("tf-acc-test")
caName := "rds-ca-2019"
sourceResourceName := "aws_db_instance.source"
resourceName := "aws_db_instance.test"
dataSourceName := "data.aws_rds_certificate.latest"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSDBInstanceDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName, caName),
Config: testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDBInstanceExists(sourceResourceName, &sourceDbInstance),
testAccCheckAWSDBInstanceExists(resourceName, &dbInstance),
testAccCheckAWSDBInstanceReplicaAttributes(&sourceDbInstance, &dbInstance),
resource.TestCheckResourceAttr(sourceResourceName, "ca_cert_identifier", caName),
resource.TestCheckResourceAttr(resourceName, "ca_cert_identifier", caName),
resource.TestCheckResourceAttrPair(sourceResourceName, "ca_cert_identifier", dataSourceName, "id"),
resource.TestCheckResourceAttrPair(resourceName, "ca_cert_identifier", dataSourceName, "id"),
),
},
},
Expand Down Expand Up @@ -2975,18 +2975,18 @@ func TestAccAWSDBInstance_CACertificateIdentifier(t *testing.T) {
var dbInstance rds.DBInstance

resourceName := "aws_db_instance.bar"
cacID := "rds-ca-2019"
dataSourceName := "data.aws_rds_certificate.latest"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSDBInstanceDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDBInstanceConfig_WithCACertificateIdentifier(cacID),
Config: testAccAWSDBInstanceConfig_WithCACertificateIdentifier(),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDBInstanceExists(resourceName, &dbInstance),
resource.TestCheckResourceAttr(resourceName, "ca_cert_identifier", cacID),
resource.TestCheckResourceAttrPair(resourceName, "ca_cert_identifier", dataSourceName, "id"),
),
},
},
Expand Down Expand Up @@ -3129,20 +3129,24 @@ resource "aws_db_instance" "bar" {
`, rInt)
}

func testAccAWSDBInstanceConfig_WithCACertificateIdentifier(cacID string) string {
func testAccAWSDBInstanceConfig_WithCACertificateIdentifier() string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(`
data "aws_rds_certificate" "latest" {
latest_valid_till = true
}
resource "aws_db_instance" "bar" {
allocated_storage = 10
apply_immediately = true
ca_cert_identifier = %q
ca_cert_identifier = data.aws_rds_certificate.latest.id
engine = data.aws_rds_orderable_db_instance.test.engine
instance_class = data.aws_rds_orderable_db_instance.test.instance_class
name = "baz"
password = "barbarbarbar"
skip_final_snapshot = true
username = "foo"
}
`, cacID))
`))
}

func testAccAWSDBInstanceConfig_WithOptionGroup(rName string) string {
Expand Down Expand Up @@ -3239,6 +3243,8 @@ resource "aws_s3_bucket_object" "xtrabackup_db" {
etag = filemd5("./testdata/mysql-5-6-xtrabackup.tar.gz")
}
data "aws_partition" "current" {}
resource "aws_iam_role" "rds_s3_access_role" {
name = "%[3]s-role"
Expand All @@ -3250,7 +3256,7 @@ resource "aws_iam_role" "rds_s3_access_role" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -3399,8 +3405,7 @@ resource "aws_db_instance" "snapshot" {

func testAccAWSDbInstanceConfig_MonitoringInterval(rName string, monitoringInterval int) string {
return fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -3413,7 +3418,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -3491,8 +3496,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDbInstanceConfig_MonitoringRoleArn(rName string) string {
return fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -3505,7 +3509,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -4047,6 +4051,8 @@ resource "aws_directory_service_directory" "bar" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4057,7 +4063,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4069,7 +4075,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -4176,6 +4182,8 @@ resource "aws_directory_service_directory" "bar" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4186,7 +4194,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4198,7 +4206,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -4309,6 +4317,8 @@ resource "aws_directory_service_directory" "foo" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4319,7 +4329,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4331,7 +4341,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -5673,8 +5683,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDBInstanceConfig_ReplicateSourceDb_Monitoring(rName string, monitoringInterval int) string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -5687,7 +5696,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -5835,8 +5844,12 @@ resource "aws_db_instance" "test" {
`, rName))
}

func testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName string, caName string) string {
func testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName string) string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(`
data "aws_rds_certificate" "latest" {
latest_valid_till = true
}
resource "aws_db_instance" "source" {
allocated_storage = 5
backup_retention_period = 1
Expand All @@ -5845,18 +5858,18 @@ resource "aws_db_instance" "source" {
instance_class = data.aws_rds_orderable_db_instance.test.instance_class
password = "avoid-plaintext-passwords"
username = "tfacctest"
ca_cert_identifier = %[2]q
ca_cert_identifier = data.aws_rds_certificate.latest.id
skip_final_snapshot = true
}
resource "aws_db_instance" "test" {
identifier = %[1]q
instance_class = aws_db_instance.source.instance_class
replicate_source_db = aws_db_instance.source.id
ca_cert_identifier = %[2]q
ca_cert_identifier = data.aws_rds_certificate.latest.id
skip_final_snapshot = true
}
`, rName, caName))
`, rName))
}

func testAccAWSDBInstanceConfig_SnapshotIdentifier(rName string) string {
Expand Down Expand Up @@ -6472,8 +6485,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDBInstanceConfig_SnapshotIdentifier_Monitoring(rName string, monitoringInterval int) string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMariadb(), fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -6486,7 +6498,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down
20 changes: 11 additions & 9 deletions aws/resource_aws_db_option_group_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,14 +360,14 @@ func TestAccAWSDBOptionGroup_OracleOptionsUpdate(t *testing.T) {
CheckDestroy: testAccCheckAWSDBOptionGroupDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "12.1.0.4.v1"),
Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "13.2.0.0.v2"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDBOptionGroupExists("aws_db_option_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_db_option_group.bar", "name", rName),
resource.TestCheckResourceAttr(
"aws_db_option_group.bar", "option.#", "1"),
testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "12.1.0.4.v1"),
testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "13.2.0.0.v2"),
),
},
{
Expand All @@ -378,14 +378,14 @@ func TestAccAWSDBOptionGroup_OracleOptionsUpdate(t *testing.T) {
ImportStateVerifyIgnore: []string{"name_prefix", "option"},
},
{
Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "12.1.0.5.v1"),
Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "13.3.0.0.v2"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDBOptionGroupExists("aws_db_option_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_db_option_group.bar", "name", rName),
resource.TestCheckResourceAttr(
"aws_db_option_group.bar", "option.#", "1"),
testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "12.1.0.5.v1"),
testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "13.3.0.0.v2"),
),
},
},
Expand Down Expand Up @@ -568,7 +568,7 @@ func testAccCheckAWSDBOptionGroupOptionSettingsIAMRole(optionGroup *rds.OptionGr
}

settingValue := aws.StringValue(optionGroup.Options[0].OptionSettings[0].Value)
iamArnRegExp := regexp.MustCompile(`^arn:aws:iam::\d{12}:role/.+`)
iamArnRegExp := regexp.MustCompile(fmt.Sprintf(`^arn:%s:iam::\d{12}:role/.+`, testAccGetPartition()))
if !iamArnRegExp.MatchString(settingValue) {
return fmt.Errorf("Expected option setting to be a valid IAM role but received %s", settingValue)
}
Expand Down Expand Up @@ -733,24 +733,26 @@ resource "aws_db_option_group" "bar" {

func testAccAWSDBOptionGroupOptionSettingsIAMRole(r string) string {
return fmt.Sprintf(`
data "aws_partition" "current" {}
data "aws_iam_policy_document" "rds_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["rds.amazonaws.com"]
identifiers = ["rds.${data.aws_partition.current.dns_suffix}"]
}
}
}
resource "aws_iam_role" "sql_server_backup" {
name = "rds-backup-%s"
name = "rds-backup-%[1]s"
assume_role_policy = data.aws_iam_policy_document.rds_assume_role.json
}
resource "aws_db_option_group" "bar" {
name = "%s"
name = "%[1]s"
option_group_description = "Test option group for terraform"
engine_name = "sqlserver-ex"
major_engine_version = "14.00"
Expand All @@ -764,7 +766,7 @@ resource "aws_db_option_group" "bar" {
}
}
}
`, r, r)
`, r)
}

func testAccAWSDBOptionGroupOptionSettings_update(r string) string {
Expand Down
1 change: 1 addition & 0 deletions aws/resource_aws_db_security_group_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ func TestAccAWSDBSecurityGroup_basic(t *testing.T) {
oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

resourceName := "aws_db_security_group.test"
rName := fmt.Sprintf("tf-acc-%s", acctest.RandString(5))

Expand Down
Loading

0 comments on commit 6df9963

Please sign in to comment.