Added - startCredentialRotation, completeCredentialRotation, getCredentialRotationStatus terraform implementation tests and examples

Author: Xinhao Zhou

examples/container_engine/credential_rotation/main.tf

@@ -0,0 +1,139 @@
+// Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "region" {
+  default = "us-ashburn-1"
+}
+variable "compartment_ocid" {}
+
+variable "cluster_start_credential_rotation_management_auto_completion_delay_duration" {
+  default = "P5D"
+}
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}
+
+data "oci_identity_availability_domain" "ad1" {
+  compartment_id = var.tenancy_ocid
+  ad_number      = 1
+}
+
+data "oci_identity_availability_domain" "ad2" {
+  compartment_id = var.tenancy_ocid
+  ad_number      = 2
+}
+
+data "oci_containerengine_cluster_option" "test_cluster_option" {
+  cluster_option_id = "all"
+}
+
+resource "oci_core_vcn" "test_vcn" {
+  cidr_block     = "10.0.0.0/16"
+  compartment_id = var.compartment_ocid
+  display_name   = "tfVcnForClusters"
+}
+
+resource "oci_core_internet_gateway" "test_ig" {
+  compartment_id = var.compartment_ocid
+  display_name   = "tfClusterInternetGateway"
+  vcn_id         = oci_core_vcn.test_vcn.id
+}
+
+resource "oci_core_route_table" "test_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.test_vcn.id
+  display_name   = "tfClustersRouteTable"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.test_ig.id
+  }
+}
+
+resource "oci_core_subnet" "clusterSubnet_1" {
+  #Required
+  availability_domain = data.oci_identity_availability_domain.ad1.name
+  cidr_block          = "10.0.20.0/24"
+  compartment_id      = var.compartment_ocid
+  vcn_id              = oci_core_vcn.test_vcn.id
+
+  # Provider code tries to maintain compatibility with old versions.
+  security_list_ids = [oci_core_vcn.test_vcn.default_security_list_id]
+  display_name      = "tfSubNet1ForClusters"
+  route_table_id    = oci_core_route_table.test_route_table.id
+}
+
+resource "oci_core_subnet" "clusterSubnet_2" {
+  #Required
+  availability_domain = data.oci_identity_availability_domain.ad2.name
+  cidr_block          = "10.0.21.0/24"
+  compartment_id      = var.compartment_ocid
+  vcn_id              = oci_core_vcn.test_vcn.id
+  display_name        = "tfSubNet1ForClusters"
+
+  # Provider code tries to maintain compatibility with old versions.
+  security_list_ids = [oci_core_vcn.test_vcn.default_security_list_id]
+  route_table_id    = oci_core_route_table.test_route_table.id
+}
+
+resource "oci_containerengine_cluster" "test_cluster" {
+  #Required
+  compartment_id     = var.compartment_ocid
+  kubernetes_version = reverse(data.oci_containerengine_cluster_option.test_cluster_option.kubernetes_versions)[0]
+  name               = "tfTestCluster"
+  vcn_id             = oci_core_vcn.test_vcn.id
+
+  #Optional
+  options {
+    service_lb_subnet_ids = [oci_core_subnet.clusterSubnet_1.id, oci_core_subnet.clusterSubnet_2.id]
+
+    #Optional
+    add_ons {
+      #Optional
+      is_kubernetes_dashboard_enabled = "true"
+      is_tiller_enabled               = "true"
+    }
+
+    admission_controller_options {
+      #Optional
+      is_pod_security_policy_enabled = false
+    }
+
+    kubernetes_network_config {
+      #Optional
+      pods_cidr     = "10.1.0.0/16"
+      services_cidr = "10.2.0.0/16"
+    }
+  }
+}
+
+// start credential rotation on a cluster
+resource "oci_containerengine_cluster_start_credential_rotation_management" "test_cluster_start_credential_rotation_management" {
+  #Required
+  auto_completion_delay_duration = var.cluster_start_credential_rotation_management_auto_completion_delay_duration
+  cluster_id                     = oci_containerengine_cluster.test_cluster.id
+}
+
+// get credential rotation status
+data "oci_containerengine_cluster_credential_rotation_status" "test_cluster_credential_rotation_status" {
+  #Required
+  cluster_id = oci_containerengine_cluster.test_cluster.id
+}
+
+// complete credential rotation on a cluster
+resource "oci_containerengine_cluster_complete_credential_rotation_management" "test_cluster_complete_credential_rotation_management" {
+  #Required
+  cluster_id = oci_containerengine_cluster.test_cluster.id
+  depends_on = [oci_containerengine_cluster_start_credential_rotation_management.test_cluster_start_credential_rotation_management]
+}
+

examples/container_engine/main.tf

@@ -289,7 +289,7 @@ resource "oci_containerengine_node_pool" "test_flex_shape_node_pool" {
 
   node_source_details {
     #Required
-    image_id    = local.oracle_linux_images.0
+    image_id    = local.image_id
     source_type = "IMAGE"
   }
 

internal/integrationtest/containerengine_cluster_complete_credential_rotation_management_test.go

@@ -0,0 +1,111 @@
+// Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package integrationtest
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/oracle/terraform-provider-oci/httpreplay"
+	"github.com/oracle/terraform-provider-oci/internal/acctest"
+
+	"github.com/oracle/terraform-provider-oci/internal/utils"
+)
+
+var (
+	ContainerengineClusterCompleteCredentialRotationManagementRepresentation = map[string]interface{}{
+		"cluster_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_containerengine_cluster.test_cluster.id}`},
+	}
+)
+
+// issue-routing-tag: containerengine/default
+func TestContainerengineClusterCompleteCredentialRotationManagementResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestContainerengineClusterCompleteCredentialRotationManagementResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_containerengine_cluster.test_cluster"
+	singularDatasourceName := "data.oci_containerengine_cluster_credential_rotation_status.test_cluster_credential_rotation_status"
+
+	// Save TF content to Create resource with only required properties. This has to be exactly the same as the config part in the create step in the test.
+	acctest.SaveConfigContent(config+compartmentIdVariableStr+ContainerengineClusterResourceDependencies+
+		acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_complete_credential_rotation_management", "test_cluster_complete_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterCompleteCredentialRotationManagementRepresentation), "containerengine", "clusterCompleteCredentialRotationManagement", t)
+
+	acctest.ResourceTest(t, nil, []resource.TestStep{
+		// create cluster
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies,
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttrSet(resourceName, "kubernetes_version"),
+				resource.TestCheckResourceAttr(resourceName, "name", "name"),
+				resource.TestCheckResourceAttrSet(resourceName, "vcn_id"),
+				resource.TestCheckResourceAttrSet(resourceName, "metadata.0.time_credential_expiration"),
+
+				func(s *terraform.State) (err error) {
+					_, err = acctest.FromInstanceState(s, resourceName, "id")
+					return err
+				},
+			),
+		},
+
+		// start rotation
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_start_credential_rotation_management", "test_cluster_start_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterStartCredentialRotationManagementRepresentation),
+		},
+
+		// verify rotation status
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_start_credential_rotation_management", "test_cluster_start_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterStartCredentialRotationManagementRepresentation) +
+				acctest.GenerateDataSourceFromRepresentationMap("oci_containerengine_cluster_credential_rotation_status", "test_cluster_credential_rotation_status",
+					acctest.Optional, acctest.Create, ContainerengineClusterCredentialRotationStatusSingularDataSourceRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "cluster_id"),
+
+				resource.TestCheckResourceAttr(singularDatasourceName, "status", "WAITING"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "status_details", "NEW_CREDENTIALS_ISSUED"),
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_auto_completion_scheduled"),
+			),
+		},
+		// complete rotation
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_complete_credential_rotation_management", "test_cluster_complete_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterCompleteCredentialRotationManagementRepresentation),
+		},
+		// verify complete rotation status
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_complete_credential_rotation_management", "test_cluster_complete_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterCompleteCredentialRotationManagementRepresentation) +
+				acctest.GenerateDataSourceFromRepresentationMap("oci_containerengine_cluster_credential_rotation_status", "test_cluster_credential_rotation_status",
+					acctest.Optional, acctest.Create, ContainerengineClusterCredentialRotationStatusSingularDataSourceRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "cluster_id"),
+
+				resource.TestCheckResourceAttr(singularDatasourceName, "status", "COMPLETED"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "status_details", "COMPLETED"),
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_auto_completion_scheduled"),
+			),
+		},
+	})
+}

internal/integrationtest/containerengine_cluster_credential_rotation_status_test.go

@@ -0,0 +1,83 @@
+// Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package integrationtest
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/oracle/terraform-provider-oci/httpreplay"
+	"github.com/oracle/terraform-provider-oci/internal/acctest"
+	"github.com/oracle/terraform-provider-oci/internal/utils"
+)
+
+var (
+	ContainerengineClusterCredentialRotationStatusSingularDataSourceRepresentation = map[string]interface{}{
+		"cluster_id": acctest.Representation{RepType: acctest.Required, Create: `${oci_containerengine_cluster.test_cluster.id}`},
+	}
+)
+
+// issue-routing-tag: containerengine/default
+func TestContainerengineClusterCredentialRotationStatusResource_basic(t *testing.T) {
+	httpreplay.SetScenario("TestContainerengineClusterCredentialRotationStatusResource_basic")
+	defer httpreplay.SaveScenario()
+
+	config := acctest.ProviderTestConfig()
+
+	compartmentId := utils.GetEnvSettingWithBlankDefault("compartment_ocid")
+	compartmentIdVariableStr := fmt.Sprintf("variable \"compartment_id\" { default = \"%s\" }\n", compartmentId)
+
+	resourceName := "oci_containerengine_cluster.test_cluster"
+	singularDatasourceName := "data.oci_containerengine_cluster_credential_rotation_status.test_cluster_credential_rotation_status"
+
+	acctest.SaveConfigContent("", "", "", t)
+
+	acctest.ResourceTest(t, nil, []resource.TestStep{
+		// create cluster
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies,
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttr(resourceName, "compartment_id", compartmentId),
+				resource.TestCheckResourceAttrSet(resourceName, "kubernetes_version"),
+				resource.TestCheckResourceAttr(resourceName, "name", "name"),
+				resource.TestCheckResourceAttrSet(resourceName, "vcn_id"),
+				resource.TestCheckResourceAttrSet(resourceName, "metadata.0.time_credential_expiration"),
+
+				func(s *terraform.State) (err error) {
+					_, err = acctest.FromInstanceState(s, resourceName, "id")
+					return err
+				},
+			),
+		},
+
+		// start rotation
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_start_credential_rotation_management", "test_cluster_start_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterStartCredentialRotationManagementRepresentation),
+		},
+
+		// verify rotation status
+		{
+			Config: config +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster", "test_cluster", acctest.Optional, acctest.Create, ContainerengineClusterRepresentationForCredentialRotation) +
+				compartmentIdVariableStr + ContainerengineClusterResourceDependencies +
+				acctest.GenerateResourceFromRepresentationMap("oci_containerengine_cluster_start_credential_rotation_management", "test_cluster_start_credential_rotation_management", acctest.Required, acctest.Create, ContainerengineClusterStartCredentialRotationManagementRepresentation) +
+				acctest.GenerateDataSourceFromRepresentationMap("oci_containerengine_cluster_credential_rotation_status", "test_cluster_credential_rotation_status",
+					acctest.Optional, acctest.Create, ContainerengineClusterCredentialRotationStatusSingularDataSourceRepresentation),
+			Check: acctest.ComposeAggregateTestCheckFuncWrapper(
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "cluster_id"),
+
+				resource.TestCheckResourceAttr(singularDatasourceName, "status", "WAITING"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "status_details", "NEW_CREDENTIALS_ISSUED"),
+				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_auto_completion_scheduled"),
+			),
+		},
+	})
+}