From 243a9ae897b64a3d1dc517d2b5434aee2ea1f9f6 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Fri, 27 Dec 2024 11:16:37 +0530
Subject: [PATCH 1/2] test: add test for existing ES

---
 solutions/standard/main.tf   |  2 +-
 tests/pr_test.go             | 83 ++++++++++++++++++++++++++++++++++++
 tests/resources/README.md    |  1 +
 tests/resources/main.tf      | 31 ++++++++++++++
 tests/resources/outputs.tf   | 33 ++++++++++++++
 tests/resources/provider.tf  | 11 +++++
 tests/resources/variables.tf | 41 ++++++++++++++++++
 tests/resources/version.tf   | 21 +++++++++
 8 files changed, 222 insertions(+), 1 deletion(-)
 create mode 100644 tests/resources/README.md
 create mode 100644 tests/resources/main.tf
 create mode 100644 tests/resources/outputs.tf
 create mode 100644 tests/resources/provider.tf
 create mode 100644 tests/resources/variables.tf
 create mode 100644 tests/resources/version.tf

diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
index 3d3a77e8..d21a4925 100644
--- a/solutions/standard/main.tf
+++ b/solutions/standard/main.tf
@@ -254,7 +254,7 @@ module "es_instance_crn_parser" {
 
 # Existing instance local vars
 locals {
-  existing_elasticsearch_guid   = var.existing_db_instance_crn != null ? module.es_instance_crn_parser[0].guid : null
+  existing_elasticsearch_guid   = var.existing_db_instance_crn != null ? module.es_instance_crn_parser[0].service_instance : null
   existing_elasticsearch_region = var.existing_db_instance_crn != null ? module.es_instance_crn_parser[0].region : null
 
   # Validate the region input matches region detected in existing instance CRN (approach based on https://github.com/hashicorp/terraform/issues/25609#issuecomment-1057614400)
diff --git a/tests/pr_test.go b/tests/pr_test.go
index c30f39f3..0478d005 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -5,10 +5,15 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"testing"
 
+	"github.com/gruntwork-io/terratest/modules/files"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/cloudinfo"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common"
 	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper"
@@ -211,3 +216,81 @@ func TestRunStandardSolutionIBMKeys(t *testing.T) {
 	assert.Nil(t, err, "This should not have errored")
 	assert.NotNil(t, output, "Expected some output")
 }
+
+func TestRunExistingESSolution(t *testing.T) {
+	t.Parallel()
+
+	prefix := fmt.Sprintf("existing-es-%s", strings.ToLower(random.UniqueId()))
+	// realTerraformDir := "./resources"
+	realTerraformDir := ".."
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+	resourcesDir := tempTerraformDir + "/tests/resources"
+	tags := common.GetTagsFromTravis()
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+
+	// Programmatically determine region to use based on availability
+	region, _ := testhelper.GetBestVpcRegion(val, "../common-dev-assets/common-go-assets/cloudinfo-region-vpc-gen2-prefs.yaml", "eu-de")
+
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: resourcesDir,
+		Vars: map[string]interface{}{
+			"prefix":        prefix,
+			"region":        region,
+			"resource_tags": tags,
+		},
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
+	})
+
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of temp existing resource failed")
+	} else {
+		options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+			Testing: t,
+			TarIncludePatterns: []string{
+				"*.tf",
+				fmt.Sprintf("%s/*.tf", standardSolutionTerraformDir),
+				fmt.Sprintf("%s/*.tf", fscloudExampleTerraformDir),
+				fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+				fmt.Sprintf("%s/*.sh", "scripts"),
+			},
+			TemplateFolder:         standardSolutionTerraformDir,
+			BestRegionYAMLPath:     regionSelectionPath,
+			Prefix:                 "els-upg-da",
+			ResourceGroup:          resourceGroup,
+			DeleteWorkspaceOnFail:  false,
+			WaitJobCompleteMinutes: 60,
+		})
+
+		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+			{Name: "existing_db_instance_crn", Value: terraform.Output(t, existingTerraformOptions, "id"), DataType: "string"},
+			{Name: "resource_group_name", Value: fmt.Sprintf("%s-resource-group", prefix), DataType: "string"},
+			{Name: "region", Value: region, DataType: "string"},
+			{Name: "use_existing_resource_group", Value: true, DataType: "bool"},
+		}
+		err := options.RunSchematicTest()
+		assert.Nil(t, err, "This should not have errored")
+	}
+
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
+	}
+}
diff --git a/tests/resources/README.md b/tests/resources/README.md
new file mode 100644
index 00000000..b5d8a7ec
--- /dev/null
+++ b/tests/resources/README.md
@@ -0,0 +1 @@
+The terraform code in this directory is used by the tests to provision a Elasticsearch which is required to test the DA.
\ No newline at end of file
diff --git a/tests/resources/main.tf b/tests/resources/main.tf
new file mode 100644
index 00000000..79422253
--- /dev/null
+++ b/tests/resources/main.tf
@@ -0,0 +1,31 @@
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# Elasticsearch Instance
+##############################################################################
+
+module "icd_elasticsearch" {
+  source                = "../../"
+  resource_group_id     = module.resource_group.resource_group_id
+  name                  = "${var.prefix}-elasticsearch"
+  region                = var.region
+  elasticsearch_version = var.elasticsearch_version
+  tags                  = var.resource_tags
+  access_tags           = var.access_tags
+  service_endpoints     = "private"
+  service_credential_names = {
+    "elasticsearch_admin" : "Administrator",
+    "elasticsearch_operator" : "Operator",
+    "elasticsearch_viewer" : "Viewer",
+    "elasticsearch_editor" : "Editor",
+  }
+}
diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf
new file mode 100644
index 00000000..7da7161d
--- /dev/null
+++ b/tests/resources/outputs.tf
@@ -0,0 +1,33 @@
+##############################################################################
+# Outputs
+##############################################################################
+output "id" {
+  description = "Elasticsearch id"
+  value       = module.icd_elasticsearch.id
+}
+
+output "version" {
+  description = "Enterprise DB instance version"
+  value       = module.icd_elasticsearch.version
+}
+
+output "adminuser" {
+  description = "Database admin user name"
+  value       = module.icd_elasticsearch.adminuser
+}
+
+output "hostname" {
+  description = "Database connection hostname"
+  value       = module.icd_elasticsearch.hostname
+}
+
+output "port" {
+  description = "Database connection port"
+  value       = module.icd_elasticsearch.port
+}
+
+output "certificate_base64" {
+  description = "Database connection certificate"
+  value       = module.icd_elasticsearch.certificate_base64
+  sensitive   = true
+}
diff --git a/tests/resources/provider.tf b/tests/resources/provider.tf
new file mode 100644
index 00000000..354c7637
--- /dev/null
+++ b/tests/resources/provider.tf
@@ -0,0 +1,11 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}
+
+provider "elasticsearch" {
+  username    = module.icd_elasticsearch.service_credentials_object.credentials["elasticsearch_admin"].username
+  password    = module.icd_elasticsearch.service_credentials_object.credentials["elasticsearch_admin"].password
+  url         = "https://${module.icd_elasticsearch.service_credentials_object.hostname}:${module.icd_elasticsearch.service_credentials_object.port}"
+  cacert_file = base64decode(module.icd_elasticsearch.service_credentials_object.certificate)
+}
diff --git a/tests/resources/variables.tf b/tests/resources/variables.tf
new file mode 100644
index 00000000..dd829012
--- /dev/null
+++ b/tests/resources/variables.tf
@@ -0,0 +1,41 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "region" {
+  type        = string
+  description = "Region to provision all resources created by this example"
+  default     = "us-south"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources created by this example"
+  default     = "elastic"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "elasticsearch_version" {
+  type        = string
+  description = "Version of elasticsearch to deploy"
+  default     = null
+}
+
+variable "access_tags" {
+  type        = list(string)
+  description = "A list of access tags to apply to the Elasticsearch instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details"
+  default     = []
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}
diff --git a/tests/resources/version.tf b/tests/resources/version.tf
new file mode 100644
index 00000000..77ab8c9f
--- /dev/null
+++ b/tests/resources/version.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = "1.70.0"
+    }
+    # The elasticsearch provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version
+    elasticsearch = {
+      source  = "phillbaker/elasticsearch"
+      version = ">= 2.0.7"
+    }
+
+    # The time provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.9.1"
+    }
+  }
+}

From c652c00e51f183daaa4325433c3fd0f2931c7d47 Mon Sep 17 00:00:00 2001
From: "aashiq.jacob@ibm.com" <aashiq.jacob@ibm.com>
Date: Fri, 27 Dec 2024 16:22:32 +0530
Subject: [PATCH 2/2] update

---
 README.md                     | 2 +-
 examples/basic/version.tf     | 2 +-
 examples/complete/version.tf  | 2 +-
 examples/fscloud/version.tf   | 2 +-
 modules/fscloud/README.md     | 2 +-
 modules/fscloud/version.tf    | 2 +-
 solutions/standard/version.tf | 2 +-
 tests/pr_test.go              | 1 +
 tests/resources/README.md     | 2 +-
 tests/resources/version.tf    | 8 +-------
 version.tf                    | 2 +-
 11 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index b396e37d..1b157f1e 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ You need the following permissions to run this module.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1, < 4.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1 |
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
index 77ab8c9f..509f9700 100644
--- a/examples/basic/version.tf
+++ b/examples/basic/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
     ibm = {
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
index 27a03563..c07b9389 100644
--- a/examples/complete/version.tf
+++ b/examples/complete/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
   required_providers {
     ibm = {
diff --git a/examples/fscloud/version.tf b/examples/fscloud/version.tf
index 56d317dc..cdc76d38 100644
--- a/examples/fscloud/version.tf
+++ b/examples/fscloud/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Use latest version of provider in non-basic examples to verify latest version works with module
     ibm = {
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index d3128ce7..7e5d95b2 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -13,7 +13,7 @@ The IBM Cloud Framework for Financial Services mandates the application of an in
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |
 
 ### Modules
diff --git a/modules/fscloud/version.tf b/modules/fscloud/version.tf
index ffce2a6e..bf6a3a62 100644
--- a/modules/fscloud/version.tf
+++ b/modules/fscloud/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # The below tflint-ignore is required because although the below provider is not directly required by this submodule,
     # it is required by consuming modules, and if not set here, the top level module calling this module will not be
diff --git a/solutions/standard/version.tf b/solutions/standard/version.tf
index a4f7e4ac..24649bf8 100644
--- a/solutions/standard/version.tf
+++ b/solutions/standard/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   # Lock DA into an exact provider version - renovate automation will keep it updated
   required_providers {
diff --git a/tests/pr_test.go b/tests/pr_test.go
index 0478d005..fbc23769 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -277,6 +277,7 @@ func TestRunExistingESSolution(t *testing.T) {
 			{Name: "resource_group_name", Value: fmt.Sprintf("%s-resource-group", prefix), DataType: "string"},
 			{Name: "region", Value: region, DataType: "string"},
 			{Name: "use_existing_resource_group", Value: true, DataType: "bool"},
+			{Name: "provider_visibility", Value: "public", DataType: "string"},
 		}
 		err := options.RunSchematicTest()
 		assert.Nil(t, err, "This should not have errored")
diff --git a/tests/resources/README.md b/tests/resources/README.md
index b5d8a7ec..f3536c4a 100644
--- a/tests/resources/README.md
+++ b/tests/resources/README.md
@@ -1 +1 @@
-The terraform code in this directory is used by the tests to provision a Elasticsearch which is required to test the DA.
\ No newline at end of file
+The terraform code in this directory is used by the tests to provision a Elasticsearch which is required to test the DA.
diff --git a/tests/resources/version.tf b/tests/resources/version.tf
index 77ab8c9f..00f5884e 100644
--- a/tests/resources/version.tf
+++ b/tests/resources/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
     ibm = {
@@ -11,11 +11,5 @@ terraform {
       source  = "phillbaker/elasticsearch"
       version = ">= 2.0.7"
     }
-
-    # The time provider is not actually required by the module itself, just this example, so OK to use ">=" here instead of locking into a version
-    time = {
-      source  = "hashicorp/time"
-      version = ">= 0.9.1"
-    }
   }
 }
diff --git a/version.tf b/version.tf
index cfc75949..0f6877bf 100644
--- a/version.tf
+++ b/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   # Use "greater than or equal to" range in modules
   required_providers {
     ibm = {