Skip to content

Commit c9c8328

Browse files
manupedrozomanupedrozo
authored
test: Remove usage of MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID (#3722)
1 parent 05ed805 commit c9c8328

File tree

3 files changed

+66
-44
lines changed

3 files changed

+66
-44
lines changed

.github/workflows/acceptance-tests-runner.yml

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -106,12 +106,6 @@ on:
106106
confluent_cloud_privatelink_access_id:
107107
type: string
108108
required: true
109-
mongodb_atlas_asp_project_ear_pe_id:
110-
type: string
111-
required: true
112-
mongodb_atlas_asp_project_aws_role_arn:
113-
type: string
114-
required: true
115109
mongodb_atlas_last_1x_version:
116110
type: string
117111
required: true
@@ -769,8 +763,6 @@ jobs:
769763
AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
770764
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
771765
AWS_CUSTOMER_MASTER_KEY_ID: ${{ secrets.aws_customer_master_key_id }}
772-
MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_asp_project_ear_pe_id }}
773-
MONGODB_ATLAS_ASP_PROJECT_AWS_ROLE_ARN: ${{ inputs.mongodb_atlas_asp_project_aws_role_arn }}
774766
run: make testacc
775767

776768
event_trigger:
@@ -1185,11 +1177,11 @@ jobs:
11851177
CONFLUENT_CLOUD_API_SECRET: ${{ secrets.confluent_cloud_api_secret }}
11861178
CONFLUENT_CLOUD_NETWORK_ID: ${{ inputs.confluent_cloud_network_id }}
11871179
CONFLUENT_CLOUD_PRIVATELINK_ACCESS_ID: ${{ inputs.confluent_cloud_privatelink_access_id }}
1188-
AWS_REGION: ${{ vars.AWS_REGION }}
1180+
AWS_REGION: ${{ vars.AWS_REGION_LOWERCASE }}
1181+
AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
1182+
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
11891183
AWS_VPC_CIDR_BLOCK: ${{ vars.AWS_VPC_CIDR_BLOCK }}
11901184
AWS_VPC_ID: ${{ vars.AWS_VPC_ID }}
1191-
MONGODB_ATLAS_ASP_PROJECT_AWS_ROLE_ARN: ${{ inputs.mongodb_atlas_asp_project_aws_role_arn }}
1192-
MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_asp_project_ear_pe_id }}
11931185
ACCTEST_PACKAGES: |
11941186
./internal/service/streamaccountdetails
11951187
./internal/service/streamconnection

.github/workflows/acceptance-tests.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,4 @@ jobs:
128128
mongodb_atlas_rp_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_RP_ORG_ID_QA || vars.MONGODB_ATLAS_RP_ORG_ID_DEV }}
129129
confluent_cloud_network_id: ${{ vars.CONFLUENT_CLOUD_NETWORK_ID }}
130130
confluent_cloud_privatelink_access_id: ${{ vars.CONFLUENT_CLOUD_PRIVATELINK_ACCESS_ID }}
131-
mongodb_atlas_asp_project_ear_pe_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID_QA || vars.MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID_DEV }}
132-
mongodb_atlas_asp_project_aws_role_arn: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_ASP_PROJECT_AWS_ROLE_ARN_QA || vars.MONGODB_ATLAS_ASP_PROJECT_AWS_ROLE_ARN_DEV }}
133131
mongodb_atlas_last_1x_version: ${{ vars.MONGODB_ATLAS_LAST_1X_VERSION }}

internal/service/streamconnection/resource_stream_connection_test.go

Lines changed: 63 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -81,15 +81,15 @@ func testCaseKafkaPlaintext(t *testing.T, nameSuffix string) *resource.TestCase
8181
CheckDestroy: CheckDestroyStreamConnection,
8282
Steps: []resource.TestStep{
8383
{
84-
Config: dataSourcesConfig + configureKafka(projectID, instanceName, connectionName, "user", "rawpassword", "localhost:9092,localhost:9092", "earliest", "", false),
84+
Config: dataSourcesConfig + configureKafka(fmt.Sprintf("%q", projectID), instanceName, connectionName, "user", "rawpassword", "localhost:9092,localhost:9092", "earliest", "", false),
8585
Check: resource.ComposeAggregateTestCheckFunc(
8686
checkKafkaAttributes(resourceName, instanceName, connectionName, "user", "rawpassword", "localhost:9092,localhost:9092", "earliest", networkingTypePublic, false, true),
8787
checkKafkaAttributes(dataSourceName, instanceName, connectionName, "user", "rawpassword", "localhost:9092,localhost:9092", "earliest", networkingTypePublic, false, false),
8888
streamConnectionsAttributeChecks(pluralDataSourceName, nil, nil),
8989
),
9090
},
9191
{
92-
Config: dataSourcesWithPagination + configureKafka(projectID, instanceName, connectionName, "user2", "otherpassword", "localhost:9093", "latest", kafkaNetworkingPublic, false),
92+
Config: dataSourcesWithPagination + configureKafka(fmt.Sprintf("%q", projectID), instanceName, connectionName, "user2", "otherpassword", "localhost:9093", "latest", kafkaNetworkingPublic, false),
9393
Check: resource.ComposeAggregateTestCheckFunc(
9494
checkKafkaAttributes(resourceName, instanceName, connectionName, "user2", "otherpassword", "localhost:9093", "latest", networkingTypePublic, false, true),
9595
checkKafkaAttributes(dataSourceName, instanceName, connectionName, "user2", "otherpassword", "localhost:9093", "latest", networkingTypePublic, false, false),
@@ -113,8 +113,8 @@ func TestAccStreamRSStreamConnection_kafkaNetworkingVPC(t *testing.T) {
113113
vpcID = os.Getenv("AWS_VPC_ID")
114114
vpcCIDRBlock = os.Getenv("AWS_VPC_CIDR_BLOCK")
115115
awsAccountID = os.Getenv("AWS_ACCOUNT_ID")
116-
containerRegion = os.Getenv("AWS_REGION")
117-
peerRegion = conversion.MongoDBRegionToAWSRegion(containerRegion)
116+
peerRegion = os.Getenv("AWS_REGION")
117+
containerRegion = conversion.AWSRegionToMongoDBRegion(peerRegion)
118118
providerName = "AWS"
119119
networkPeeringConfig = configNetworkPeeringAWS(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, containerRegion, peerRegion)
120120
)
@@ -125,7 +125,7 @@ func TestAccStreamRSStreamConnection_kafkaNetworkingVPC(t *testing.T) {
125125
CheckDestroy: CheckDestroyStreamConnection,
126126
Steps: []resource.TestStep{
127127
{
128-
Config: networkPeeringConfig + configureKafka(projectID, instanceName, "kafka-conn-vpc", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingVPC, true),
128+
Config: networkPeeringConfig + configureKafka("mongodbatlas_network_peering.test.project_id", instanceName, "kafka-conn-vpc", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingVPC, true),
129129
Check: checkKafkaAttributes(resourceName, instanceName, "kafka-conn-vpc", "user", "rawpassword", "localhost:9092", "earliest", networkingTypeVPC, true, true),
130130
},
131131
{
@@ -145,8 +145,8 @@ func TestAccStreamRSStreamConnection_kafkaSSL(t *testing.T) {
145145
vpcID = os.Getenv("AWS_VPC_ID")
146146
vpcCIDRBlock = os.Getenv("AWS_VPC_CIDR_BLOCK")
147147
awsAccountID = os.Getenv("AWS_ACCOUNT_ID")
148-
containerRegion = os.Getenv("AWS_REGION")
149-
peerRegion = conversion.MongoDBRegionToAWSRegion(containerRegion)
148+
peerRegion = os.Getenv("AWS_REGION")
149+
containerRegion = conversion.AWSRegionToMongoDBRegion(peerRegion)
150150
providerName = "AWS"
151151
networkPeeringConfig = configNetworkPeeringAWS(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, containerRegion, peerRegion)
152152
)
@@ -156,15 +156,15 @@ func TestAccStreamRSStreamConnection_kafkaSSL(t *testing.T) {
156156
CheckDestroy: CheckDestroyStreamConnection,
157157
Steps: []resource.TestStep{
158158
{
159-
Config: fmt.Sprintf("%s\n%s", configureKafka(projectID, instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingPublic, true), dataSourceConfig),
159+
Config: fmt.Sprintf("%s\n%s", configureKafka(fmt.Sprintf("%q", projectID), instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingPublic, true), dataSourceConfig),
160160
Check: resource.ComposeAggregateTestCheckFunc(
161161
checkKafkaAttributes(resourceName, instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", networkingTypePublic, true, true),
162162
checkKafkaAttributes(dataSourceName, instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", networkingTypePublic, true, false),
163163
),
164164
},
165165
// cannot change networking access type once set
166166
{
167-
Config: networkPeeringConfig + configureKafka(projectID, instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingVPC, true),
167+
Config: networkPeeringConfig + configureKafka("mongodbatlas_network_peering.test.project_id", instanceName, "kafka-conn-ssl", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingVPC, true),
168168
ExpectError: regexp.MustCompile("STREAM_NETWORKING_ACCESS_TYPE_CANNOT_BE_MODIFIED"),
169169
},
170170
{
@@ -321,7 +321,7 @@ func TestAccStreamPrivatelinkEndpoint_streamConnection(t *testing.T) {
321321
Config: fmt.Sprintf(`
322322
%[1]s
323323
%[2]s
324-
`, privatelinkConfig, configureKafka(projectID, instanceName, "kafka-conn-privatelink", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingPrivatelink, true)),
324+
`, privatelinkConfig, configureKafka(fmt.Sprintf("%q", projectID), instanceName, "kafka-conn-privatelink", "user", "rawpassword", "localhost:9092", "earliest", kafkaNetworkingPrivatelink, true)),
325325
Check: checkKafkaAttributes(resourceName, instanceName, "kafka-conn-privatelink", "user", "rawpassword", "localhost:9092", "earliest", networkingTypePrivatelink, true, true),
326326
},
327327
{
@@ -337,19 +337,19 @@ func TestAccStreamPrivatelinkEndpoint_streamConnection(t *testing.T) {
337337

338338
func TestAccStreamRSStreamConnection_AWSLambda(t *testing.T) {
339339
var (
340-
projectID = os.Getenv("MONGODB_ATLAS_ASP_PROJECT_EAR_PE_ID")
341-
instanceName = acc.RandomStreamInstanceName() // Using the ASP projectID, so must create its own stream instance
342-
connectionName = acc.RandomName()
343-
roleArn = os.Getenv("MONGODB_ATLAS_ASP_PROJECT_AWS_ROLE_ARN")
340+
projectID, instanceName = acc.ProjectIDExecutionWithStreamInstance(t)
341+
awsIAMRoleName = acc.RandomIAMRole()
342+
connectionName = acc.RandomName()
344343
)
345344
resource.ParallelTest(t, resource.TestCase{
346345
PreCheck: func() { acc.PreCheckBasic(t) },
346+
ExternalProviders: acc.ExternalProvidersOnlyAWS(),
347347
ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
348348
CheckDestroy: CheckDestroyStreamConnection,
349349
Steps: []resource.TestStep{
350350
{
351-
Config: configureAWSLambda(projectID, instanceName, connectionName, roleArn),
352-
Check: checkAWSLambdaAttributes(resourceName, instanceName, connectionName, roleArn),
351+
Config: configureAWSLambda(projectID, instanceName, connectionName, awsIAMRoleName),
352+
Check: checkAWSLambdaAttributes(resourceName, instanceName, connectionName),
353353
},
354354
{
355355
ResourceName: resourceName,
@@ -361,7 +361,7 @@ func TestAccStreamRSStreamConnection_AWSLambda(t *testing.T) {
361361
})
362362
}
363363

364-
func configureKafka(projectID, instanceName, connectionName, username, password, bootstrapServers, configValue, networkingConfig string, useSSL bool) string {
364+
func configureKafka(projectRef, instanceName, connectionName, username, password, bootstrapServers, configValue, networkingConfig string, useSSL bool) string {
365365
securityConfig := `
366366
security = {
367367
protocol = "SASL_PLAINTEXT"
@@ -376,7 +376,7 @@ func configureKafka(projectID, instanceName, connectionName, username, password,
376376
}
377377
return fmt.Sprintf(`
378378
resource "mongodbatlas_stream_connection" "test" {
379-
project_id = %[1]q
379+
project_id = %[1]s
380380
instance_name = %[2]q
381381
connection_name = %[3]q
382382
type = "Kafka"
@@ -392,7 +392,7 @@ func configureKafka(projectID, instanceName, connectionName, username, password,
392392
%[8]s
393393
%[9]s
394394
}
395-
`, projectID, instanceName, connectionName, username, password, bootstrapServers, configValue, networkingConfig, securityConfig)
395+
`, projectRef, instanceName, connectionName, username, password, bootstrapServers, configValue, networkingConfig, securityConfig)
396396
}
397397

398398
func configureSampleStream(projectID, instanceName, sampleName string) string {
@@ -581,33 +581,65 @@ func configNetworkPeeringAWS(projectID, providerName, vpcID, awsAccountID, vpcCI
581581
`, projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegionContainer, awsRegionPeer)
582582
}
583583

584-
func configureAWSLambda(projectID, instanceName, connectionName, roleArn string) string {
585-
streamInstanceConfig := acc.StreamInstanceConfig(projectID, instanceName, "VIRGINIA_USA", "AWS")
584+
func configureAWSLambda(projectID, instanceName, connectionName, awsIamRoleName string) string {
585+
config := fmt.Sprintf(`
586+
resource "aws_iam_role" "test_role" {
587+
name = %[4]q
588+
589+
assume_role_policy = jsonencode({
590+
"Version" : "2012-10-17",
591+
"Statement" : [
592+
{
593+
"Effect" : "Allow",
594+
"Principal" : {
595+
"AWS" : "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_aws_account_arn}"
596+
},
597+
"Action" : "sts:AssumeRole",
598+
"Condition" : {
599+
"StringEquals" : {
600+
"sts:ExternalId" : "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_assumed_role_external_id}"
601+
}
602+
}
603+
}
604+
]
605+
})
606+
}
586607
587-
return fmt.Sprintf(`
588-
%[1]s
608+
resource "mongodbatlas_cloud_provider_access_setup" "setup_only" {
609+
project_id = %[1]q
610+
provider_name = "AWS"
611+
}
612+
613+
resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" {
614+
project_id = %[1]q
615+
role_id = mongodbatlas_cloud_provider_access_setup.setup_only.role_id
616+
617+
aws {
618+
iam_assumed_role_arn = aws_iam_role.test_role.arn
619+
}
620+
}
589621
590622
resource "mongodbatlas_stream_connection" "test" {
591-
project_id = mongodbatlas_stream_instance.test.project_id
592-
instance_name = mongodbatlas_stream_instance.test.instance_name
593-
connection_name = %[2]q
623+
project_id = %[1]q
624+
instance_name = %[2]q
625+
connection_name = %[3]q
594626
type = "AWSLambda"
595627
aws = {
596-
role_arn = %[3]q
628+
role_arn = mongodbatlas_cloud_provider_access_authorization.auth_role.aws[0].iam_assumed_role_arn
597629
}
598630
}
599-
`, streamInstanceConfig, connectionName, roleArn)
631+
`, projectID, instanceName, connectionName, awsIamRoleName)
632+
return config
600633
}
601634

602-
func checkAWSLambdaAttributes(
603-
resourceName, instanceName, connectionName, roleArn string) resource.TestCheckFunc {
635+
func checkAWSLambdaAttributes(resourceName, instanceName, connectionName string) resource.TestCheckFunc {
604636
resourceChecks := []resource.TestCheckFunc{
605637
checkStreamConnectionExists(),
606638
resource.TestCheckResourceAttrSet(resourceName, "project_id"),
607639
resource.TestCheckResourceAttr(resourceName, "instance_name", instanceName),
608640
resource.TestCheckResourceAttr(resourceName, "connection_name", connectionName),
609641
resource.TestCheckResourceAttr(resourceName, "type", "AWSLambda"),
610-
resource.TestCheckResourceAttr(resourceName, "aws.role_arn", roleArn),
642+
resource.TestCheckResourceAttrSet(resourceName, "aws.role_arn"),
611643
}
612644
return resource.ComposeAggregateTestCheckFunc(resourceChecks...)
613645
}

0 commit comments

Comments
 (0)