From 0fac41b265685b225604f2240b644ffd6c572424 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Tue, 12 Oct 2021 14:33:23 +0200 Subject: [PATCH] Extra tests (mssql) and minor refactor --- README.md | 2 +- acceptance/cleanup.go | 21 +++ acceptance/keyvault/keyvault_test.go | 2 + acceptance/mssql/main.tf | 230 +++++++++++++++++++++++++++ acceptance/mssql/mssql_test.go | 49 ++++++ acceptance/storage/storage_test.go | 2 + acceptance/vnet/vnet_test.go | 2 + 7 files changed, 307 insertions(+), 1 deletion(-) create mode 100644 acceptance/cleanup.go create mode 100644 acceptance/mssql/main.tf create mode 100644 acceptance/mssql/mssql_test.go diff --git a/README.md b/README.md index 7770aa6..b43ea2b 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ Congratulations! Resources are moved in Azure and corrected in Terraform. ## ToDo -- [ ] Use [terraform-exec](github.com/hashicorp/terraform-exec) instead of wrapping `terraform` +- [ ] Use [terraform-exec](https://github.com/hashicorp/terraform-exec) instead of wrapping `terraform` - [ ] Multiple authentication options (ideally all options supported in the provider) ## Licence diff --git a/acceptance/cleanup.go b/acceptance/cleanup.go new file mode 100644 index 0000000..956107b --- /dev/null +++ b/acceptance/cleanup.go @@ -0,0 +1,21 @@ +package acceptance + +import ( + "os" + "path/filepath" + "testing" +) + +func Cleanup(t *testing.T) { + files, err := filepath.Glob("./terraform.tfstate.*") + if err != nil { + t.Fatalf("File search failed due to: %v", err) + } + for _, f := range files { + if err := os.Remove(f); err != nil { + t.Fatalf("Removal failed due to: %v", err) + } + } + + t.Log("Cleanup succeeded") +} diff --git a/acceptance/keyvault/keyvault_test.go b/acceptance/keyvault/keyvault_test.go index e7bb886..7c61af9 100644 --- a/acceptance/keyvault/keyvault_test.go +++ b/acceptance/keyvault/keyvault_test.go @@ -46,6 +46,8 @@ func TestKeyVault_Basic(t *testing.T) { if exitCode != 0 { t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0) } + + acceptance.Cleanup(t) } func ipCIDR() string { diff --git a/acceptance/mssql/main.tf b/acceptance/mssql/main.tf new file mode 100644 index 0000000..718b2ad --- /dev/null +++ b/acceptance/mssql/main.tf @@ -0,0 +1,230 @@ +provider "azurerm" { + features {} +} + +variable "location" { + default = "westeurope" + description = "Locatie for all resources, standard is westeurope or \"West Europe\"." + validation { + condition = can(regex("^westeurope|northeurope$", var.location)) + error_message = "We only use region West Europe and North Europe for now." + } +} + +variable "tags" { + description = "Tags for all resources" + type = object({ + Customer = string + Team = string + Environment = string + }) + default = { + Customer = "test" + Team = "aristosvo" + Environment = "acceptance" + } + validation { + condition = contains(["test", "staging", "development", "acceptance", "production"], lookup(var.tags, "Environment", "wrong")) + error_message = "Environment should be one of the values \"test\", \"staging\", \"development\", \"acceptance\" or \"production\"." + } +} + +resource "azurerm_resource_group" "input_rg" { + name = "input-sa-rg" + location = var.location + tags = var.tags +} + +resource "azurerm_resource_group" "output_rg" { + name = "output-sa-rg" + location = var.location + tags = var.tags +} + +resource "random_password" "mssql_postfix" { + length = 8 + special = false +} + +resource "azurerm_mssql_server" "mssql_server" { + name = "sqlsrvr-move-${lower(nonsensitive(random_password.mssql_postfix.result))}" + resource_group_name = azurerm_resource_group.input_rg.name + location = azurerm_resource_group.input_rg.location + version = "12.0" + administrator_login = "aztfmoveadmin" + administrator_login_password = "Id0n7kn0wwha$$od0h3re" + minimum_tls_version = "1.2" + tags = var.tags +} + +resource "azurerm_mssql_database" "mssql_db" { + name = "sqldb-move-${lower(nonsensitive(random_password.mssql_postfix.result))}" + server_id = azurerm_mssql_server.mssql_server.id + tags = var.tags + max_size_gb = 5 + sku_name = "S3" +} + +resource "azurerm_mssql_database_extended_auditing_policy" "mssql_database_extended_auditing_policy" { + database_id = azurerm_mssql_database.mssql_db.id + log_monitoring_enabled = true +} + +resource "azurerm_sql_firewall_rule" "rule1" { + name = "one" + resource_group_name = azurerm_resource_group.input_rg.name + server_name = azurerm_mssql_server.mssql_server.name + start_ip_address = "8.8.8.8" + end_ip_address = "8.8.8.8" +} + +resource "azurerm_sql_firewall_rule" "rule2" { + name = "two" + resource_group_name = azurerm_resource_group.input_rg.name + server_name = azurerm_mssql_server.mssql_server.name + start_ip_address = "9.9.9.9" + end_ip_address = "9.9.9.9" +} + +resource "azurerm_log_analytics_workspace" "log_analytics_workspace" { + name = "law-move-${lower(nonsensitive(random_password.mssql_postfix.result))}" + resource_group_name = azurerm_resource_group.input_rg.name + location = azurerm_resource_group.input_rg.location + sku = "PerGB2018" + tags = var.tags + retention_in_days = 30 +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id + name = "diagnostic-setting-move" + target_resource_id = azurerm_mssql_database.mssql_db.id + + log { + category = "AutomaticTuning" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "Blocks" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "DatabaseWaitStatistics" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "Deadlocks" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "Errors" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "QueryStoreRuntimeStatistics" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "QueryStoreWaitStatistics" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "SQLInsights" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "SQLSecurityAuditEvents" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "Timeouts" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + log { + category = "DevOpsOperationsAudit" + enabled = false + + retention_policy { + days = 0 + enabled = false + } + } + + metric { + category = "Basic" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + metric { + category = "InstanceAndAppAdvanced" + enabled = true + + retention_policy { + days = 0 + enabled = false + } + } + metric { + category = "WorkloadManagement" + enabled = false + + retention_policy { + days = 0 + enabled = false + } + } +} diff --git a/acceptance/mssql/mssql_test.go b/acceptance/mssql/mssql_test.go new file mode 100644 index 0000000..2dfc642 --- /dev/null +++ b/acceptance/mssql/mssql_test.go @@ -0,0 +1,49 @@ +// +build acctest +// NOTE: We use build tags to differentiate acceptance testing + +package test + +import ( + "testing" + + "github.com/aristosvo/aztfmove/acceptance" + "github.com/gruntwork-io/terratest/modules/terraform" +) + +func TestMsSql_Basic(t *testing.T) { + t.Parallel() + + terraformOptions := &terraform.Options{ + TerraformDir: "./", + } + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + + moveMsSql := []string{"-resource-group=input-sa-rg", "-target-resource-group=output-sa-rg"} + acceptance.Step(moveMsSql, t) + + moveMsSqlBack := []string{"-target-resource-group=input-sa-rg"} + acceptance.Step(moveMsSqlBack, t) + + + terraformOptions = &terraform.Options{ + TerraformDir: "./", + // `azurerm_mssql_server.mssql_server` is excluded in the plan, as `administrator_login_password` would be updated. Resolution would be to make use of AAD login without normal administrator enabled + Targets: []string{ + "azurerm_resource_group.input_rg", + "azurerm_resource_group.output_rg", + "azurerm_mssql_database.mssql_db", + "azurerm_sql_firewall_rule.rule1", + "azurerm_sql_firewall_rule.rule2", + "azurerm_mssql_database_extended_auditing_policy.mssql_database_extended_auditing_policy", + "azurerm_log_analytics_workspace.log_analytics_workspace", + "azurerm_monitor_diagnostic_setting.diagnostic_setting", + } + } + exitCode := terraform.InitAndPlanWithExitCode(t, terraformOptions) + if exitCode != 0 { + t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0) + } + + acceptance.Cleanup(t) +} diff --git a/acceptance/storage/storage_test.go b/acceptance/storage/storage_test.go index 865c4aa..93a651e 100644 --- a/acceptance/storage/storage_test.go +++ b/acceptance/storage/storage_test.go @@ -29,4 +29,6 @@ func TestStorage_Basic(t *testing.T) { if exitCode != 0 { t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0) } + + acceptance.Cleanup(t) } diff --git a/acceptance/vnet/vnet_test.go b/acceptance/vnet/vnet_test.go index 0bece2c..bd3e707 100644 --- a/acceptance/vnet/vnet_test.go +++ b/acceptance/vnet/vnet_test.go @@ -29,4 +29,6 @@ func TestVNet_Basic(t *testing.T) { if exitCode != 0 { t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0) } + + acceptance.Cleanup(t) }