From 7304d614d526c903c9913269c559ab7be94d5ba0 Mon Sep 17 00:00:00 2001
From: Espen Albert <EspenAlbert@users.noreply.github.com>
Date: Mon, 27 May 2024 09:29:47 +0100
Subject: [PATCH] chore: Supports running cloud gov tests in CI (#2302)

---
 .github/workflows/acceptance-tests-runner.yml | 15 ++++++++++++
 .github/workflows/acceptance-tests.yml        |  4 ++++
 contributing/testing-best-practices.md        | 10 ++++++++
 internal/testutil/acc/factory.go              | 10 ++++++++
 internal/testutil/acc/pre_check.go            | 17 ++++----------
 internal/testutil/acc/provider.go             | 23 +++++++++++++++++++
 6 files changed, 67 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml
index 8049b0d70c..5e1330d9bb 100644
--- a/.github/workflows/acceptance-tests-runner.yml
+++ b/.github/workflows/acceptance-tests-runner.yml
@@ -73,6 +73,12 @@ on:
       mongodb_atlas_federated_org_id:
         type: string
         required: true
+      mongodb_atlas_gov_org_id:
+        type: string
+        required: true
+      mongodb_atlas_gov_base_url:
+        type: string
+        required: true
       mongodb_atlas_federated_settings_associated_domain:
         type: string
         required: true
@@ -107,6 +113,10 @@ on:
         required: true
       mongodb_atlas_private_endpoint_dns_name:
         required: true
+      mongodb_atlas_gov_private_key:
+        required: true
+      mongodb_atlas_gov_public_key:
+        required: true
       azure_directory_id:
         required: true
       azure_resource_group_name:
@@ -128,6 +138,11 @@ env:
   MONGODB_ATLAS_ORG_ID: ${{ inputs.mongodb_atlas_org_id }}
   MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.mongodb_atlas_public_key }}
   MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.mongodb_atlas_private_key }}
+  MONGODB_ATLAS_GOV_PUBLIC_KEY: ${{ secrets.mongodb_atlas_gov_public_key }}
+  MONGODB_ATLAS_GOV_PRIVATE_KEY: ${{ secrets.mongodb_atlas_gov_private_key }}
+  MONGODB_ATLAS_GOV_BASE_URL:  ${{ inputs.mongodb_atlas_gov_base_url }}
+  MONGODB_ATLAS_GOV_ORG_ID:  ${{ inputs.mongodb_atlas_gov_org_id }}
+
 
 jobs:  
 
diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
index 5f67899b0d..d0b75c9746 100644
--- a/.github/workflows/acceptance-tests.yml
+++ b/.github/workflows/acceptance-tests.yml
@@ -51,6 +51,8 @@ jobs:
     secrets:
       mongodb_atlas_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PUBLIC_KEY_CLOUD_QA || secrets.MONGODB_ATLAS_PUBLIC_KEY_CLOUD_DEV }}
       mongodb_atlas_private_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PRIVATE_KEY_CLOUD_QA || secrets.MONGODB_ATLAS_PRIVATE_KEY_CLOUD_DEV }}
+      mongodb_atlas_gov_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_QA || secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_DEV }}
+      mongodb_atlas_gov_private_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_GOV_PRIVATE_KEY_QA || secrets.MONGODB_ATLAS_GOV_PRIVATE_KEY_DEV }}
       ca_cert: ${{ secrets.CA_CERT }}
       aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
       aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -92,4 +94,6 @@ jobs:
       mongodb_atlas_federated_sso_url: ${{  vars.MONGODB_ATLAS_FEDERATED_SSO_URL }}
       mongodb_atlas_federated_issuer_uri: ${{ vars.MONGODB_ATLAS_FEDERATED_ISSUER_URI }}
       mongodb_atlas_federated_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_ORG_ID_QA || vars.MONGODB_ATLAS_FEDERATED_ORG_ID }}
+      mongodb_atlas_gov_base_url: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_BASE_URL_QA || vars.MONGODB_ATLAS_GOV_BASE_URL_DEV }}
+      mongodb_atlas_gov_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_ORG_ID_QA || vars.MONGODB_ATLAS_GOV_ORG_ID_DEV }}
       mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }}
diff --git a/contributing/testing-best-practices.md b/contributing/testing-best-practices.md
index fdd2140381..13f84a88cf 100644
--- a/contributing/testing-best-practices.md
+++ b/contributing/testing-best-practices.md
@@ -32,6 +32,16 @@
 - Data sources are tested in the same tests as the resources, e.g. [commonChecks](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/66c44e62c9afe04ffe8be0dbccaec682bab830e6/internal/service/searchindex/resource_search_index_test.go#L262-L263).
 - Helper functions such as `resource.TestCheckTypeSetElemNestedAttrs` or `resource.TestCheckTypeSetElemAttr` can be used to check resource and data source attributes more easily, e.g. [resource_serverless_instance_test.go](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/66c44e62c9afe04ffe8be0dbccaec682bab830e6/internal/service/serverlessinstance/resource_serverless_instance_test.go#L61).
 
+### Cloud Gov tests
+
+1. Use [`PreCheck: PreCheckGovBasic`](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/CLOUDP-250271_cloud_gov/internal/testutil/acc/pre_check.go#L98)
+2. Use the [`acc.ConfigGovProvider`](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/CLOUDP-250271_cloud_gov/internal/testutil/acc/provider.go#L61) together with your normal terraform config
+3. Modify the `checkExist` and `CheckDestroy` to use `acc.ConnV2UsingGov`
+4. Follow naming convention:
+   1. `TestAccGovProject_withProjectOwner`, note prefix: `TestAccGov`
+   2. `TestMigGovProject_regionUsageRestrictionsDefault`, note prefix: `TestMigGov`
+   3. Although `Gov` tests can be run together with other acceptance tests, using the `Test(Acc|Mig)Gov` makes it easier to run *only* gov tests or find similar gov tests
+
 ## Migration tests
 
 - There must be at least one `basic migration test` for each resource that leverages on the `basic acceptance tests` using helper test functions such as `CreateAndRunTest`, e.g. [TestMigServerlessInstance_basic](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/66c44e62c9afe04ffe8be0dbccaec682bab830e6/internal/service/serverlessinstance/resource_serverless_instance_migration_test.go#L10).
diff --git a/internal/testutil/acc/factory.go b/internal/testutil/acc/factory.go
index 5b78bec254..b2d6cc3b3f 100644
--- a/internal/testutil/acc/factory.go
+++ b/internal/testutil/acc/factory.go
@@ -51,6 +51,16 @@ func ConnV2UsingProxy(proxyPort *int) *admin.APIClient {
 	return client.(*config.MongoDBClient).AtlasV2
 }
 
+func ConnV2UsingGov() *admin.APIClient {
+	cfg := config.Config{
+		PublicKey:  os.Getenv("MONGODB_ATLAS_GOV_PUBLIC_KEY"),
+		PrivateKey: os.Getenv("MONGODB_ATLAS_GOV_PRIVATE_KEY"),
+		BaseURL:    os.Getenv("MONGODB_ATLAS_GOV_BASE_URL"),
+	}
+	client, _ := cfg.NewClient(context.Background())
+	return client.(*config.MongoDBClient).AtlasV2
+}
+
 func init() {
 	TestAccProviderV6Factories = map[string]func() (tfprotov6.ProviderServer, error){
 		ProviderNameMongoDBAtlas: func() (tfprotov6.ProviderServer, error) {
diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go
index 481eff67b9..8eb1cd07a0 100644
--- a/internal/testutil/acc/pre_check.go
+++ b/internal/testutil/acc/pre_check.go
@@ -97,19 +97,12 @@ func GetProjectTeamsIDsWithPos(pos int) string {
 
 func PreCheckGovBasic(tb testing.TB) {
 	tb.Helper()
-	if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") == "" ||
-		os.Getenv("MONGODB_ATLAS_PRIVATE_KEY") == "" ||
-		os.Getenv("MONGODB_ATLAS_ORG_ID_GOV") == "" {
-		tb.Fatal("`MONGODB_ATLAS_PUBLIC_KEY`, `MONGODB_ATLAS_PRIVATE_KEY`and `MONGODB_ATLAS_ORG_ID_GOV` must be set for acceptance testing")
-	}
-}
-
-func PreCheckGov(tb testing.TB) {
-	tb.Helper()
-	if os.Getenv("MONGODB_ATLAS_PROJECT_ID_GOV") == "" {
-		tb.Fatal("`MONGODB_ATLAS_PROJECT_ID_GOV` must be set for acceptance testing")
+	if os.Getenv("MONGODB_ATLAS_GOV_PUBLIC_KEY") == "" ||
+		os.Getenv("MONGODB_ATLAS_GOV_PRIVATE_KEY") == "" ||
+		os.Getenv("MONGODB_ATLAS_GOV_BASE_URL") == "" ||
+		os.Getenv("MONGODB_ATLAS_GOV_ORG_ID") == "" {
+		tb.Fatal("`MONGODB_ATLAS_GOV_BASE_URL`, `MONGODB_ATLAS_GOV_PUBLIC_KEY`, `MONGODB_ATLAS_GOV_PRIVATE_KEY`and `MONGODB_ATLAS_GOV_ORG_ID` must be set for acceptance testing")
 	}
-	PreCheckGovBasic(tb)
 }
 
 func PreCheckGPCEnv(tb testing.TB) {
diff --git a/internal/testutil/acc/provider.go b/internal/testutil/acc/provider.go
index 948b913e77..3c57702afd 100644
--- a/internal/testutil/acc/provider.go
+++ b/internal/testutil/acc/provider.go
@@ -1,6 +1,9 @@
 package acc
 
 import (
+	"fmt"
+	"os"
+
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
@@ -38,3 +41,23 @@ func providerAWS() *resource.ExternalProvider {
 		Source:            "hashicorp/aws",
 	}
 }
+
+// configProvider creates a new provider with credentials explicit in config.
+//
+// This can be used when you want credentials different from the default env-vars.
+func configProvider(publicKey, privateKey, baseURL string) string {
+	return fmt.Sprintf(`
+provider %[1]q {
+	public_key = %[2]q
+	private_key = %[3]q
+	base_url = %[4]q
+}
+`, ProviderNameMongoDBAtlas, publicKey, privateKey, baseURL)
+}
+
+// ConfigGovProvider creates provider using MONGODB_ATLAS_GOV_* env vars.
+//
+// Remember to use PreCheckGovBasic when using this.
+func ConfigGovProvider() string {
+	return configProvider(os.Getenv("MONGODB_ATLAS_GOV_PUBLIC_KEY"), os.Getenv("MONGODB_ATLAS_GOV_PRIVATE_KEY"), os.Getenv("MONGODB_ATLAS_GOV_BASE_URL"))
+}