terraform-ibm-modules · Aashiq-J · Apr 22, 2025 · Apr 21, 2025 · Apr 21, 2025 · Apr 21, 2025
@@ -0,0 +1 @@
+# Existing Resource Group For use in tests
@@ -0,0 +1,26 @@
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+##############################################################################
+# Secrets Manager
+##############################################################################
+
+module "secrets_manager" {
+  count                         = var.provision_secrets_manager == true ? 1 : 0
+  source                        = "terraform-ibm-modules/secrets-manager/ibm"
+  version                       = "2.1.1" # Replace "X.X.X" with a release version to lock into a specific release
+  resource_group_id             = module.resource_group.resource_group_id
+  region                        = var.region
+  secrets_manager_name          = "${var.prefix}-tsm"
+  sm_service_plan               = "trial"
+  skip_iam_authorization_policy = true
+}
@@ -0,0 +1,14 @@
+output "resource_group_name" {
+  value       = module.resource_group.resource_group_name
+  description = "Resource group name"
+}
+
+output "resource_group_id" {
+  value       = module.resource_group.resource_group_id
+  description = "Resource group ID"
+}
+
+output "secrets_manager_crn" {
+  value       = var.provision_secrets_manager == true ? module.secrets_manager[0].secrets_manager_crn : null
+  description = "CRN of the secrets manager instance"
+}
@@ -0,0 +1,3 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
@@ -0,0 +1,27 @@
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud API Key"
+  sensitive   = true
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix to append to all resources"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable"
+  default     = null
+}
+
+variable "region" {
+  type        = string
+  description = "Region"
+}
+
+variable "provision_secrets_manager" {
+  type        = bool
+  description = "Set it to true to provision a secrets manager"
+  default     = false
+}
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = ">= 1.76.0"
+    }
+  }
+}
@@ -202,104 +202,236 @@ func TestRunExistingResourcesInstancesFullyConfigurable(t *testing.T) {
 func TestRunExistingSMInstanceFullyConfigurable(t *testing.T) {
 	t.Parallel()
 
-	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
-		Testing: t,
-		TarIncludePatterns: []string{
-			"*.tf",
-			fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
-			fmt.Sprintf("%s/*.tf", "modules/secrets"),
-			fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+	// ------------------------------------------------------------------------------------
+	// Provision new RG
+	// ------------------------------------------------------------------------------------
+	region := validRegions[rand.Intn(len(validRegions))]
+	prefix := fmt.Sprintf("ex-scm-%s", strings.ToLower(random.UniqueId()))
+	realTerraformDir := ".."
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: tempTerraformDir + "/tests/new-resources",
+		Vars: map[string]interface{}{
+			"prefix":                    prefix,
+			"region":                    region,
+			"provision_secrets_manager": true,
 		},
-		TemplateFolder:         fullyConfigurableTerraformDir,
-		ResourceGroup:          resourceGroup,
-		Prefix:                 "ex-scm",
-		Tags:                   []string{"test-schematic"},
-		DeleteWorkspaceOnFail:  false,
-		WaitJobCompleteMinutes: 60,
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
 	})
 
-	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
-		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
-		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
-		{Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"},
-		{Name: "existing_secrets_manager_crn", Value: permanentResources["secretsManagerCRN"], DataType: "string"},
-		{Name: "service_plan", Value: "trial", DataType: "string"},
-		{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of new resources failed failed")
+	} else {
+		options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+			Testing: t,
+			TarIncludePatterns: []string{
+				"*.tf",
+				fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
+				fmt.Sprintf("%s/*.tf", "modules/secrets"),
+				fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+			},
+			TemplateFolder:         fullyConfigurableTerraformDir,
+			ResourceGroup:          resourceGroup,
+			Prefix:                 "ex-scm",
+			Tags:                   []string{"test-schematic"},
+			DeleteWorkspaceOnFail:  false,
+			WaitJobCompleteMinutes: 60,
+		})
+
+		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+			{Name: "prefix", Value: options.Prefix, DataType: "string"},
+			{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
+			{Name: "existing_resource_group_name", Value: terraform.Output(t, existingTerraformOptions, "resource_group_name"), DataType: "string"},
+			{Name: "existing_secrets_manager_crn", Value: terraform.Output(t, existingTerraformOptions, "secrets_manager_crn"), DataType: "string"},
+			{Name: "service_plan", Value: "trial", DataType: "string"},
+			{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+		}
+
+		err := options.RunSchematicTest()
+		assert.NoError(t, err, "Schematic Test had unexpected error")
 	}
 
-	err := options.RunSchematicTest()
-	assert.NoError(t, err, "Schematic Test had unexpected error")
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
+	}
 }
 
 func TestRunSecurityEnforcedSchematics(t *testing.T) {
 	t.Parallel()
 
-	// Set up a schematics test
-	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
-		Testing: t,
-		TarIncludePatterns: []string{
-			"*.tf",
-			fmt.Sprintf("%s/*.tf", securityEnforcedTerraformDir),
-			fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
-			fmt.Sprintf("%s/*.tf", fscloudExampleTerraformDir),
-			fmt.Sprintf("%s/*.tf", "modules/secrets"),
-			fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+	// ------------------------------------------------------------------------------------
+	// Provision new RG
+	// ------------------------------------------------------------------------------------
+	region := validRegions[rand.Intn(len(validRegions))]
+	prefix := fmt.Sprintf("sm-se-%s", strings.ToLower(random.UniqueId()))
+	realTerraformDir := ".."
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: tempTerraformDir + "/tests/new-resources",
+		Vars: map[string]interface{}{
+			"prefix": prefix,
+			"region": region,
 		},
-		TemplateFolder:         securityEnforcedTerraformDir,
-		ResourceGroup:          resourceGroup,
-		Prefix:                 "sm-se",
-		Tags:                   []string{"test-schematic"},
-		DeleteWorkspaceOnFail:  false,
-		WaitJobCompleteMinutes: 60,
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
 	})
 
-	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
-		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
-		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
-		{Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"},
-		{Name: "service_plan", Value: "trial", DataType: "string"},
-		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
-		{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of new resources failed")
+	} else {
+
+		// Set up a schematics test
+		options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+			Testing: t,
+			TarIncludePatterns: []string{
+				"*.tf",
+				fmt.Sprintf("%s/*.tf", securityEnforcedTerraformDir),
+				fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
+				fmt.Sprintf("%s/*.tf", fscloudExampleTerraformDir),
+				fmt.Sprintf("%s/*.tf", "modules/secrets"),
+				fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+			},
+			TemplateFolder:         securityEnforcedTerraformDir,
+			ResourceGroup:          resourceGroup,
+			Prefix:                 "sm-se",
+			Tags:                   []string{"test-schematic"},
+			DeleteWorkspaceOnFail:  false,
+			WaitJobCompleteMinutes: 60,
+		})
+
+		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+			{Name: "prefix", Value: options.Prefix, DataType: "string"},
+			{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
+			{Name: "existing_resource_group_name", Value: terraform.Output(t, existingTerraformOptions, "resource_group_name"), DataType: "string"},
+			{Name: "service_plan", Value: "trial", DataType: "string"},
+			{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
+			{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+		}
+		err := options.RunSchematicTest()
+		assert.NoError(t, err, "Schematic Test had unexpected error")
+	}
+
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
 	}
-	err := options.RunSchematicTest()
-	assert.NoError(t, err, "Schematic Test had unexpected error")
 }
 
 func TestRunSecretsManagerSecurityEnforcedUpgradeSchematic(t *testing.T) {
 	t.Parallel()
 
-	// Set up a schematics test
-	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
-		Testing: t,
-		TarIncludePatterns: []string{
-			"*.tf",
-			fmt.Sprintf("%s/*.tf", securityEnforcedTerraformDir),
-			fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
-			fmt.Sprintf("%s/*.tf", "modules/secrets"),
-			fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+	// ------------------------------------------------------------------------------------
+	// Provision new RG
+	// ------------------------------------------------------------------------------------
+	region := validRegions[rand.Intn(len(validRegions))]
+	prefix := fmt.Sprintf("sm-se-ug-%s", strings.ToLower(random.UniqueId()))
+	realTerraformDir := ".."
+	tempTerraformDir, _ := files.CopyTerraformFolderToTemp(realTerraformDir, fmt.Sprintf(prefix+"-%s", strings.ToLower(random.UniqueId())))
+
+	// Verify ibmcloud_api_key variable is set
+	checkVariable := "TF_VAR_ibmcloud_api_key"
+	val, present := os.LookupEnv(checkVariable)
+	require.True(t, present, checkVariable+" environment variable not set")
+	require.NotEqual(t, "", val, checkVariable+" environment variable is empty")
+	logger.Log(t, "Tempdir: ", tempTerraformDir)
+	existingTerraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: tempTerraformDir + "/tests/new-resources",
+		Vars: map[string]interface{}{
+			"prefix": prefix,
+			"region": region,
 		},
-		TemplateFolder:         securityEnforcedTerraformDir,
-		ResourceGroup:          resourceGroup,
-		Prefix:                 "sm-se-ug",
-		Tags:                   []string{"test-schematic"},
-		DeleteWorkspaceOnFail:  false,
-		WaitJobCompleteMinutes: 60,
+		// Set Upgrade to true to ensure latest version of providers and modules are used by terratest.
+		// This is the same as setting the -upgrade=true flag with terraform.
+		Upgrade: true,
 	})
 
-	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
-		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
-		{Name: "prefix", Value: options.Prefix, DataType: "string"},
-		{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
-		{Name: "existing_resource_group_name", Value: "geretain-test-secrets-manager", DataType: "string"},
-		{Name: "service_plan", Value: "trial", DataType: "string"},
-		{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
-		{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+	terraform.WorkspaceSelectOrNew(t, existingTerraformOptions, prefix)
+	_, existErr := terraform.InitAndApplyE(t, existingTerraformOptions)
+	if existErr != nil {
+		assert.True(t, existErr == nil, "Init and Apply of new resources failed")
+	} else {
+		// Set up a schematics test
+		options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
+			Testing: t,
+			TarIncludePatterns: []string{
+				"*.tf",
+				fmt.Sprintf("%s/*.tf", securityEnforcedTerraformDir),
+				fmt.Sprintf("%s/*.tf", fullyConfigurableTerraformDir),
+				fmt.Sprintf("%s/*.tf", "modules/secrets"),
+				fmt.Sprintf("%s/*.tf", "modules/fscloud"),
+			},
+			TemplateFolder:         securityEnforcedTerraformDir,
+			ResourceGroup:          resourceGroup,
+			Prefix:                 "sm-se-ug",
+			Tags:                   []string{"test-schematic"},
+			DeleteWorkspaceOnFail:  false,
+			WaitJobCompleteMinutes: 60,
+		})
+
+		options.TerraformVars = []testschematic.TestSchematicTerraformVar{
+			{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
+			{Name: "prefix", Value: options.Prefix, DataType: "string"},
+			{Name: "region", Value: validRegions[rand.Intn(len(validRegions))], DataType: "string"},
+			{Name: "existing_resource_group_name", Value: terraform.Output(t, existingTerraformOptions, "resource_group_name"), DataType: "string"},
+			{Name: "service_plan", Value: "trial", DataType: "string"},
+			{Name: "existing_kms_instance_crn", Value: permanentResources["hpcs_south_crn"], DataType: "string"},
+			{Name: "secret_groups", Value: _secret_group_config(options.Prefix), DataType: "list(object)"},
+		}
+
+		err := options.RunSchematicUpgradeTest()
+		if !options.UpgradeTestSkipped {
+			assert.Nil(t, err, "This should not have errored")
+		}
 	}
 
-	err := options.RunSchematicUpgradeTest()
-	if !options.UpgradeTestSkipped {
-		assert.Nil(t, err, "This should not have errored")
+	// Check if "DO_NOT_DESTROY_ON_FAILURE" is set
+	envVal, _ := os.LookupEnv("DO_NOT_DESTROY_ON_FAILURE")
+	// Destroy the temporary existing resources if required
+	if t.Failed() && strings.ToLower(envVal) == "true" {
+		fmt.Println("Terratest failed. Debug the test and delete resources manually.")
+	} else {
+		logger.Log(t, "START: Destroy (existing resources)")
+		terraform.Destroy(t, existingTerraformOptions)
+		terraform.WorkspaceDelete(t, existingTerraformOptions, prefix)
+		logger.Log(t, "END: Destroy (existing resources)")
 	}
+
 }