diff --git a/cra-config.yaml b/cra-config.yaml index 0af2d0b..bd9439b 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -7,11 +7,11 @@ version: "v1" CRA_TARGETS: - - CRA_TARGET: "examples/advanced" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. + - CRA_TARGET: "solutions/fully-configurable" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile). # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used. # SCC_REGION: "" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used. CRA_ENVIRONMENT_VARIABLES: # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs. TF_VAR_prefix: "monitoring" - TF_VAR_region: "us-south" + TF_VAR_provider_visibility: "public" diff --git a/examples/advanced/README.md b/examples/advanced/README.md index ae1de80..3721fdd 100644 --- a/examples/advanced/README.md +++ b/examples/advanced/README.md @@ -2,6 +2,8 @@ Example that configures: -- IBM Cloud Monitoring instance -- IBM Cloud Metrics Routing -- A context-based restriction (CBR) rule to only allow cloud monitoring to be accessible from schematics +- A new resource group if one is not passed in. +- A context-based restriction (CBR) zone for the IBM Cloud Schematics service. +- An IBM Cloud Monitoring instance. +- A context-based restriction (CBR) rule to only allow the Cloud Monitoring to be accessible from the Schematics zone. +- A Metrics Routing target for the new IBM Cloud Monitoring instance and a route to send metrics to it. diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf index 2872e62..fb774ca 100644 --- a/examples/advanced/main.tf +++ b/examples/advanced/main.tf @@ -10,6 +10,25 @@ module "resource_group" { existing_resource_group_name = var.resource_group } +############################################################################## +# CBR zone +############################################################################## + +module "cbr_schematics_zone" { + source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module" + version = "1.33.2" + name = "${var.prefix}-schematics-network-zone" + zone_description = "CBR Network zone containing Schematics" + account_id = module.cloud_monitoring.account_id + addresses = [{ + type = "serviceRef" + ref = { + account_id = module.cloud_monitoring.account_id + service_name = "schematics" + } + }] +} + ############################################################################## # Cloud Monitoring ############################################################################## @@ -28,7 +47,7 @@ module "cloud_monitoring" { plan = "graduated-tier" instance_name = local.cloud_monitoring_instance_name cbr_rules = [{ - description = "${var.prefix}-cloud-monitoring access from vpc and schematics" + description = "${var.prefix}-cloud-monitoring access from schematics zone" account_id = module.cloud_monitoring.account_id enforcement_mode = "report" rule_contexts = [{ @@ -46,25 +65,6 @@ module "cloud_monitoring" { }] } -############################################################################## -# CBR -############################################################################## - -module "cbr_schematics_zone" { - source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module" - version = "1.33.2" - name = "${var.prefix}-schematics-network-zone" - zone_description = "CBR Network zone containing Schematics" - account_id = module.cloud_monitoring.account_id - addresses = [{ - type = "serviceRef" - ref = { - account_id = module.cloud_monitoring.account_id - service_name = "schematics" - } - }] -} - ############################################################################## # IBM Cloud Metrics Routing # - Cloud Monitoring target diff --git a/examples/basic/main.tf b/examples/basic/main.tf index a430101..981a600 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -14,15 +14,11 @@ module "resource_group" { # Cloud Monitoring ############################################################################## -locals { - cloud_monitoring_instance_name = "${var.prefix}-cloud-monitoring" -} - module "cloud_monitoring" { source = "../../" resource_group_id = module.resource_group.resource_group_id region = var.region resource_tags = var.resource_tags - instance_name = local.cloud_monitoring_instance_name + instance_name = "${var.prefix}-cloud-monitoring" plan = "graduated-tier" } diff --git a/ibm_catalog.json b/ibm_catalog.json index c62446a..084cdde 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -266,7 +266,7 @@ "name": "deploy-arch-ibm-account-infra-base", "description": "Organize your IBM Cloud account with preconfigured resource groups. If not selected, the default resource group is used. Optionally, expand to apply recommended security controls via \"with Account Settings\" variation.", "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", - "version": "v3.0.7", + "version": "v3.0.23", "flavors": [ "resource-group-only", "resource-groups-with-account-settings" diff --git a/tests/other_test.go b/tests/other_test.go index 1c3bf6f..5fd6fb4 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -14,17 +14,15 @@ import ( const advancedExampleDir = "examples/advanced" const basicExampleDir = "examples/basic" -func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions { +func setupExamplesOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions { options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ Testing: t, TerraformDir: dir, Prefix: prefix, ResourceGroup: resourceGroup, Region: validRegions[rand.Intn(len(validRegions))], - IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check - List: IgnoreUpdates, - }, }) + return options } @@ -32,21 +30,22 @@ func setupOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptio func TestRunBasicExample(t *testing.T) { t.Parallel() - options := setupOptions(t, "icm-basic", basicExampleDir) + options := setupExamplesOptions(t, "icm-basic", basicExampleDir) output, err := options.RunTestConsistency() assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } +// Consistency test for the advanced example +// NOTE: It is run in Schematics because the example configures a CBR rule to only allow traffic from schematics zone func TestRunAdvancedExampleInSchematics(t *testing.T) { t.Parallel() - var region = validRegions[rand.Intn(len(validRegions))] - options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, Prefix: "icm-adv", + Region: validRegions[rand.Intn(len(validRegions))], TarIncludePatterns: []string{ "*.tf", "modules/metrics_routing" + "/*.tf", @@ -54,18 +53,15 @@ func TestRunAdvancedExampleInSchematics(t *testing.T) { }, ResourceGroup: resourceGroup, TemplateFolder: advancedExampleDir, - Tags: []string{"test-schematic"}, + Tags: tags, DeleteWorkspaceOnFail: false, WaitJobCompleteMinutes: 60, - IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check - List: IgnoreUpdates, - }, }) options.TerraformVars = []testschematic.TestSchematicTerraformVar{ {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, {Name: "prefix", Value: options.Prefix, DataType: "string"}, - {Name: "region", Value: region, DataType: "string"}, + {Name: "region", Value: options.Region, DataType: "string"}, } err := options.RunSchematicTest() diff --git a/tests/pr_test.go b/tests/pr_test.go index 1bf7292..a2f46df 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -2,38 +2,26 @@ package test import ( - "fmt" "math/rand" - "os" - "strings" "testing" - "github.com/gruntwork-io/terratest/modules/files" - "github.com/gruntwork-io/terratest/modules/logger" - "github.com/gruntwork-io/terratest/modules/random" - "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo" - "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testaddons" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) -// Use existing resource group +/* +Global variables +*/ const resourceGroup = "geretain-test-resources" +const terraformVersion = "terraform_v1.10" // This should match the version in the ibm_catalog.json +const fullyConfigurableDADir = "solutions/fully-configurable" +const accountSettingsDADir = "solutions/metrics-routing-account-settings" -const fullyconfigurableDADir = "solutions/fully-configurable" -const AccountSettingsDADir = "solutions/metrics-routing-account-settings" - -var IgnoreUpdates = []string{ - "module.metrics_routing[0].ibm_metrics_router_settings.metrics_router_settings[0]", -} -var IgnoreUpdatesAccountSettings = []string{ - "module.metrics_router_account_settings.ibm_metrics_router_settings.metrics_router_settings[0]", -} - +var tags = []string{"test-schematic", "cloud-monitoring"} var validRegions = []string{ "au-syd", "br-sao", @@ -47,11 +35,12 @@ var validRegions = []string{ "us-east", } -func TestRunFullyConfigurable(t *testing.T) { - t.Parallel() +/* +Common setup options for fully configurable DA variation +*/ +func setupOptions(t *testing.T, prefix string) *testschematic.TestSchematicOptions { region := validRegions[rand.Intn(len(validRegions))] - prefix := "icm-da" plan := "graduated-tier" // when region is 'eu-fr2' take opportunity to test 'graduated-tier-sysdig-secure-plus-monitor' plan @@ -59,29 +48,26 @@ func TestRunFullyConfigurable(t *testing.T) { plan = "graduated-tier-sysdig-secure-plus-monitor" } - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, - Region: region, - Prefix: prefix, TarIncludePatterns: []string{ "*.tf", "modules/metrics_routing" + "/*.tf", - fullyconfigurableDADir + "/*.tf", + fullyConfigurableDADir + "/*.tf", }, - - TemplateFolder: fullyconfigurableDADir, - Tags: []string{"icm-da-test"}, + TemplateFolder: fullyConfigurableDADir, + Prefix: prefix, + Tags: tags, DeleteWorkspaceOnFail: false, WaitJobCompleteMinutes: 60, IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check - List: IgnoreUpdates, + List: []string{ + // Have to ignore account settings as other tests may be updating them concurrently + // which can cause consistency test to fail if not ignored. + "module.metrics_routing[0].ibm_metrics_router_settings.metrics_router_settings[0]", + }, }, + TerraformVersion: terraformVersion, }) options.TerraformVars = []testschematic.TestSchematicTerraformVar{ @@ -93,124 +79,52 @@ func TestRunFullyConfigurable(t *testing.T) { {Name: "cloud_monitoring_plan", Value: plan, DataType: "string"}, } - err := options.RunSchematicTest() - assert.Nil(t, err, "This should not have errored") + return options } -func TestRunUpgradeFullyConfigurable(t *testing.T) { +// Test "Fully configurable" DA variation in schematics +func TestRunFullyConfigurable(t *testing.T) { t.Parallel() - var region = validRegions[rand.Intn(len(validRegions))] - prefix := fmt.Sprintf("icm-da-up-%s", strings.ToLower(random.UniqueId())) - - // ------------------------------------------------------------------------------------ - // Provision Cloud Monitoring - // ------------------------------------------------------------------------------------ - - var preReqDir = "./existing-resources" - realTerraformDir := preReqDir - tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, prefix) - tags := common.GetTagsFromTravis() + options := setupOptions(t, "icm-da") - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - - logger.Log(t, "Tempdir: ", tempTerraformDir) - existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ - TerraformDir: tempTerraformDir, - Vars: map[string]interface{}{ - "prefix": prefix, - "region": region, - "resource_tags": tags, - }, - // Set Upgrade to true to ensure latest version of providers and modules are used by terratest. - // This is the same as setting the -upgrade=true flag with terraform. - Upgrade: true, - }) - terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix) - _, existErr := terraform.InitAndApplyE(t, existingTerraformOptions) - if existErr != nil { - assert.True(t, existErr == nil, "Init and Apply of pre-req resources failed in TestRunFullyConfigurable test") - } else { - // ------------------------------------------------------------------------------------ - // Deploy DA - // ------------------------------------------------------------------------------------ + err := options.RunSchematicTest() + assert.Nil(t, err, "This should not have errored") +} - options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ - Testing: t, - Region: region, - Prefix: prefix, - TarIncludePatterns: []string{ - "*.tf", - "modules/metrics_routing" + "/*.tf", - fullyconfigurableDADir + "/*.tf", - }, - ResourceGroup: resourceGroup, - TemplateFolder: fullyconfigurableDADir, - Tags: []string{"test-schematic"}, - DeleteWorkspaceOnFail: false, - WaitJobCompleteMinutes: 60, - IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check - List: IgnoreUpdates, - }, - }) +// Upgrade test for "Fully configurable" DA variation in schematics +func TestRunFullyConfigurableUpgrade(t *testing.T) { + t.Parallel() - options.TerraformVars = []testschematic.TestSchematicTerraformVar{ - {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, - {Name: "existing_resource_group_name", Value: terraform.Output(t, existingTerraformOptions, "resource_group_name"), DataType: "string"}, - {Name: "existing_cloud_monitoring_crn", Value: terraform.Output(t, existingTerraformOptions, "cloud_monitoring_crn"), DataType: "string"}, - {Name: "region", Value: region, DataType: "string"}, - {Name: "cloud_monitoring_resource_tags", Value: options.Tags, DataType: "list(string)"}, - {Name: "prefix", Value: prefix, DataType: "string"}, - } + options := setupOptions(t, "icm-da-upg") - err := options.RunSchematicUpgradeTest() + err := options.RunSchematicUpgradeTest() + if !options.UpgradeTestSkipped { assert.Nil(t, err, "This should not have errored") - - } - - // Check if "DO_NOT_DESTROY_ON_FAILURE" is set - envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE") - // Destroy the temporary existing resources if required - if t.Failed() && strings.ToLower(envVal) == "true" { - fmt.Println("Terratest failed. Debug the test and delete resources manually.") - } else { - logger.Log(t, "START: Destroy (prereq resources)") - terraform.Destroy(t, existingTerraformOptions) - terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) - logger.Log(t, "END: Destroy (prereq resources)") } } -func TestRunAccountSettings(t *testing.T) { +// Test "Metrics Routing account settings" DA variation +// NOTE: No need for upgrade on account settings variation as it doesn't deploy any resources - just metrics account settings +func TestRunAccountSettingsDA(t *testing.T) { t.Parallel() - prefix := "mr" - - // Verify ibmcloud_api_key variable is set - checkVariable := "TF_VAR_ibmcloud_api_key" - val, present := os.LookupEnv(checkVariable) - require.True(t, present, checkVariable+" environment variable not set") - require.NotEqual(t, "", val, checkVariable+" environment variable is empty") - options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, - Prefix: prefix, TarIncludePatterns: []string{ - "*.tf", "modules/metrics_routing" + "/*.tf", - AccountSettingsDADir + "/*.tf", + accountSettingsDADir + "/*.tf", }, - TemplateFolder: AccountSettingsDADir, - Tags: []string{"mr-da-test"}, + TemplateFolder: accountSettingsDADir, + Tags: tags, DeleteWorkspaceOnFail: false, - WaitJobCompleteMinutes: 60, + WaitJobCompleteMinutes: 30, IgnoreUpdates: testhelper.Exemptions{ // Ignore for consistency check - List: IgnoreUpdatesAccountSettings, + List: []string{ + "module.metrics_router_account_settings.ibm_metrics_router_settings.metrics_router_settings[0]", + }, }, + TerraformVersion: terraformVersion, }) options.TerraformVars = []testschematic.TestSchematicTerraformVar{ @@ -222,12 +136,13 @@ func TestRunAccountSettings(t *testing.T) { assert.Nil(t, err, "This should not have errored") } +// Test deployment with all "on-by-default" dependant DAs func TestAddonDefaultConfiguration(t *testing.T) { t.Parallel() options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ Testing: t, - Prefix: "icm-def", + Prefix: "icm-addon", ResourceGroup: resourceGroup, QuietMode: true, // Suppress logs except on failure }) @@ -245,24 +160,3 @@ func TestAddonDefaultConfiguration(t *testing.T) { err := options.RunAddonTest() require.NoError(t, err) } - -// TestDependencyPermutations runs dependency permutations for Cloud Monitoring and all its dependencies -func TestDependencyPermutations(t *testing.T) { - t.Parallel() - - options := testaddons.TestAddonsOptionsDefault(&testaddons.TestAddonOptions{ - Testing: t, - Prefix: "icm-per", - AddonConfig: cloudinfo.AddonConfig{ - OfferingName: "deploy-arch-ibm-cloud-monitoring", - OfferingFlavor: "fully-configurable", - Inputs: map[string]interface{}{ - "prefix": "icm-per", - "region": validRegions[rand.Intn(len(validRegions))], - }, - }, - }) - - err := options.RunAddonPermutationTest() - assert.NoError(t, err, "Dependency permutation test should not fail") -}