diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf index 51789ba6..689b5dca 100644 --- a/solutions/standard/main.tf +++ b/solutions/standard/main.tf @@ -234,10 +234,7 @@ locals { # if - replace first char with J # elseif _ replace first char with K # else use asis - generated_admin_password = startswith(random_password.admin_password[0].result, "-") ? "J${substr(random_password.admin_password[0].result, 1, -1)}" : startswith(random_password.admin_password[0].result, "_") ? "K${substr(random_password.admin_password[0].result, 1, -1)}" : random_password.admin_password[0].result - - #admin password to use - admin_pass = var.admin_pass == null ? local.generated_admin_password : var.admin_pass + admin_pass = var.admin_pass == null ? (startswith(random_password.admin_password[0].result, "-") ? "J${substr(random_password.admin_password[0].result, 1, -1)}" : startswith(random_password.admin_password[0].result, "_") ? "K${substr(random_password.admin_password[0].result, 1, -1)}" : random_password.admin_password[0].result) : var.admin_pass } ####################################################################################################################### diff --git a/tests/pr_test.go b/tests/pr_test.go index 681d6af6..cb3c3612 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -2,10 +2,12 @@ package test import ( + "crypto/rand" + "encoding/base64" "encoding/json" "fmt" "log" - "math/rand" + "math/big" "os" "strings" "testing" @@ -35,7 +37,7 @@ const regionSelectionPath = "../common-dev-assets/common-go-assets/icd-region-pr // Define a struct with fields that match the structure of the YAML data const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml" -var permanentResources map[string]interface{} +var permanentResources map[string]any var sharedInfoSvc *cloudinfo.CloudInfoService var validICDRegions = []string{ @@ -76,7 +78,7 @@ func TestRunStandardSolutionSchematics(t *testing.T) { WaitJobCompleteMinutes: 60, }) - serviceCredentialSecrets := []map[string]interface{}{ + serviceCredentialSecrets := []map[string]any{ { "secret_group_name": fmt.Sprintf("%s-secret-group", options.Prefix), "service_credentials": []map[string]string{ @@ -114,6 +116,7 @@ func TestRunStandardSolutionSchematics(t *testing.T) { {Name: "service_credential_names", Value: string(serviceCredentialNamesJSON), DataType: "map(string)"}, {Name: "existing_secrets_manager_instance_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"}, {Name: "service_credential_secrets", Value: serviceCredentialSecrets, DataType: "list(object)"}, + {Name: "admin_pass", Value: GetRandomAdminPassword(t), DataType: "string"}, {Name: "admin_pass_secrets_manager_secret_group", Value: options.Prefix, DataType: "string"}, {Name: "admin_pass_secrets_manager_secret_name", Value: options.Prefix, DataType: "string"}, } @@ -132,7 +135,7 @@ func TestRunStandardUpgradeSolution(t *testing.T) { ResourceGroup: resourceGroup, }) - options.TerraformVars = map[string]interface{}{ + options.TerraformVars = map[string]any{ "access_tags": permanentResources["accessTags"], "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], "kms_endpoint_type": "public", @@ -158,7 +161,7 @@ func TestPlanValidation(t *testing.T) { options.TestSetup() options.TerraformOptions.NoColor = true options.TerraformOptions.Logger = logger.Discard - options.TerraformOptions.Vars = map[string]interface{}{ + options.TerraformOptions.Vars = map[string]any{ "prefix": options.Prefix, "region": "us-south", "rabbitmq_version": "3.13", @@ -167,18 +170,18 @@ func TestPlanValidation(t *testing.T) { } // Test the DA when using an existing KMS instance - var standardSolutionWithExistingKms = map[string]interface{}{ + var standardSolutionWithExistingKms = map[string]any{ "access_tags": permanentResources["accessTags"], "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], } // Test the DA when using IBM owned encryption key - var standardSolutionWithUseIbmOwnedEncKey = map[string]interface{}{ + var standardSolutionWithUseIbmOwnedEncKey = map[string]any{ "use_ibm_owned_encryption_key": true, } // Create a map of the variables - tfVarsMap := map[string]map[string]interface{}{ + tfVarsMap := map[string]map[string]any{ "standardSolutionWithExistingKms": standardSolutionWithExistingKms, "standardSolutionWithUseIbmOwnedEncKey": standardSolutionWithUseIbmOwnedEncKey, } @@ -209,7 +212,12 @@ func TestRunExistingInstance(t *testing.T) { prefix := fmt.Sprintf("rabbitmq-t-%s", strings.ToLower(random.UniqueId())) realTerraformDir := ".." tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId()))) - region := validICDRegions[rand.Intn(len(validICDRegions))] + + index, err := rand.Int(rand.Reader, big.NewInt(int64(len(validICDRegions)))) + if err != nil { + log.Fatalf("Failed to generate a secure random index: %v", err) + } + region := validICDRegions[index.Int64()] // Verify ibmcloud_api_key variable is set checkVariable := "TF_VAR_ibmcloud_api_key" @@ -220,7 +228,7 @@ func TestRunExistingInstance(t *testing.T) { logger.Log(t, "Tempdir: ", tempTerraformDir) existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ TerraformDir: tempTerraformDir + "/examples/basic", - Vars: map[string]interface{}{ + Vars: map[string]any{ "prefix": prefix, "region": region, "rabbitmq_version": latestVersion, @@ -276,5 +284,13 @@ func TestRunExistingInstance(t *testing.T) { terraform.WorkspaceDelete(t, existingTerraformOptions, prefix) logger.Log(t, "END: Destroy (existing resources)") } +} +func GetRandomAdminPassword(t *testing.T) string { + // Generate a 15 char long random string for the admin_pass + randomBytes := make([]byte, 13) + _, randErr := rand.Read(randomBytes) + require.Nil(t, randErr) // do not proceed if we can't gen a random password + randomPass := "A1" + base64.URLEncoding.EncodeToString(randomBytes)[:13] + return randomPass }