mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-15 07:27:15 +00:00
97 lines
2.9 KiB
Go
97 lines
2.9 KiB
Go
|
package google
|
||
|
|
||
|
import (
|
||
|
"encoding/base64"
|
||
|
"fmt"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/hashicorp/terraform/helper/acctest"
|
||
|
"github.com/hashicorp/terraform/helper/resource"
|
||
|
"github.com/hashicorp/terraform/terraform"
|
||
|
"google.golang.org/api/cloudkms/v1"
|
||
|
"log"
|
||
|
)
|
||
|
|
||
|
func TestAccGoogleKmsSecret_basic(t *testing.T) {
|
||
|
t.Parallel()
|
||
|
|
||
|
projectOrg := getTestOrgFromEnv(t)
|
||
|
projectBillingAccount := getTestBillingAccountFromEnv(t)
|
||
|
|
||
|
projectId := "terraform-" + acctest.RandString(10)
|
||
|
keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||
|
cryptoKeyName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||
|
|
||
|
plaintext := fmt.Sprintf("secret-%s", acctest.RandString(10))
|
||
|
|
||
|
// The first test creates resources needed to encrypt plaintext and produce ciphertext
|
||
|
resource.Test(t, resource.TestCase{
|
||
|
PreCheck: func() { testAccPreCheck(t) },
|
||
|
Providers: testAccProviders,
|
||
|
Steps: []resource.TestStep{
|
||
|
resource.TestStep{
|
||
|
Config: testGoogleKmsCryptoKey_basic(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName),
|
||
|
Check: func(s *terraform.State) error {
|
||
|
ciphertext, cryptoKeyId, err := testAccEncryptSecretDataWithCryptoKey(s, "google_kms_crypto_key.crypto_key", plaintext)
|
||
|
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
// The second test asserts that the data source has the correct plaintext, given the created ciphertext
|
||
|
resource.Test(t, resource.TestCase{
|
||
|
PreCheck: func() { testAccPreCheck(t) },
|
||
|
Providers: testAccProviders,
|
||
|
Steps: []resource.TestStep{
|
||
|
resource.TestStep{
|
||
|
Config: testGoogleKmsSecret_datasource(cryptoKeyId.terraformId(), ciphertext),
|
||
|
Check: resource.TestCheckResourceAttr("data.google_kms_secret.acceptance", "plaintext", plaintext),
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
|
||
|
return nil
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func testAccEncryptSecretDataWithCryptoKey(s *terraform.State, cryptoKeyResourceName, plaintext string) (string, *kmsCryptoKeyId, error) {
|
||
|
config := testAccProvider.Meta().(*Config)
|
||
|
|
||
|
rs, ok := s.RootModule().Resources[cryptoKeyResourceName]
|
||
|
if !ok {
|
||
|
return "", nil, fmt.Errorf("Resource not found: %s", cryptoKeyResourceName)
|
||
|
}
|
||
|
|
||
|
cryptoKeyId, err := parseKmsCryptoKeyId(rs.Primary.Attributes["id"], config)
|
||
|
|
||
|
if err != nil {
|
||
|
return "", nil, err
|
||
|
}
|
||
|
|
||
|
kmsEncryptRequest := &cloudkms.EncryptRequest{
|
||
|
Plaintext: base64.StdEncoding.EncodeToString([]byte(plaintext)),
|
||
|
}
|
||
|
|
||
|
encryptResponse, err := config.clientKms.Projects.Locations.KeyRings.CryptoKeys.Encrypt(cryptoKeyId.cryptoKeyId(), kmsEncryptRequest).Do()
|
||
|
|
||
|
if err != nil {
|
||
|
return "", nil, fmt.Errorf("Error encrypting plaintext: %s", err)
|
||
|
}
|
||
|
|
||
|
log.Printf("[INFO] Successfully encrypted plaintext and got ciphertext: %s", encryptResponse.Ciphertext)
|
||
|
|
||
|
return encryptResponse.Ciphertext, cryptoKeyId, nil
|
||
|
}
|
||
|
|
||
|
func testGoogleKmsSecret_datasource(cryptoKeyTerraformId, ciphertext string) string {
|
||
|
return fmt.Sprintf(`
|
||
|
data "google_kms_secret" "acceptance" {
|
||
|
crypto_key = "%s"
|
||
|
ciphertext = "%s"
|
||
|
}
|
||
|
`, cryptoKeyTerraformId, ciphertext)
|
||
|
}
|