ci: e2e test for Terraform provider examples (#2745)

2025-07-24 15:55:17 -04:00 · 2024-01-04 10:00:21 +01:00 · 2024-01-04 10:00:21 +01:00 · 8730e72319
commit 8730e72319
parent 15cc7b919b
10 changed files with 340 additions and 38 deletions
--- a/terraform-provider-constellation/internal/provider/cluster_resource.go
+++ b/terraform-provider-constellation/internal/provider/cluster_resource.go
@ -103,10 +103,11 @@ type ClusterResourceModel struct {
 }

 // networkConfigAttribute is the network config attribute's data model.
+// needs basetypes because the struct might be used in ValidateConfig where these values might still be unknown. A go string type cannot handle unknown values.
 type networkConfigAttribute struct {
-	IPCidrNode    string `tfsdk:"ip_cidr_node"`
-	IPCidrPod     string `tfsdk:"ip_cidr_pod"`
-	IPCidrService string `tfsdk:"ip_cidr_service"`
+	IPCidrNode    basetypes.StringValue `tfsdk:"ip_cidr_node"`
+	IPCidrPod     basetypes.StringValue `tfsdk:"ip_cidr_pod"`
+	IPCidrService basetypes.StringValue `tfsdk:"ip_cidr_service"`
 }

 // gcpAttribute is the gcp attribute's data model.
@ -408,26 +409,6 @@ func (r *ClusterResource) ValidateConfig(ctx context.Context, req resource.Valid
 			"GCP configuration not allowed", "When csp is not set to 'gcp', setting the 'gcp' configuration has no effect.",
 		)
 	}
-
-	networkCfg, diags := r.getNetworkConfig(ctx, &data)
-	resp.Diagnostics.Append(diags...)
-	if resp.Diagnostics.HasError() {
-		return
-	}
-	// Pod IP CIDR is required for GCP
-	if strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) && networkCfg.IPCidrPod == "" {
-		resp.Diagnostics.AddAttributeError(
-			path.Root("network_config").AtName("ip_cidr_pod"),
-			"Pod IP CIDR missing", "When csp is set to 'gcp', 'ip_cidr_pod' must be set.",
-		)
-	}
-	// Pod IP CIDR should not be set for other CSPs
-	if !strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) && networkCfg.IPCidrPod != "" {
-		resp.Diagnostics.AddAttributeWarning(
-			path.Root("network_config").AtName("ip_cidr_pod"),
-			"Pod IP CIDR not allowed", "When csp is not set to 'gcp', setting 'ip_cidr_pod' has no effect.",
-		)
-	}
 }

 // Configure configures the resource.
@ -660,6 +641,29 @@ func (r *ClusterResource) ImportState(ctx context.Context, req resource.ImportSt
 	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("master_secret_salt"), masterSecretSalt)...)
 }

+func (r *ClusterResource) validateGCPNetworkConfig(ctx context.Context, data *ClusterResourceModel) diag.Diagnostics {
+	networkCfg, diags := r.getNetworkConfig(ctx, data)
+	if diags.HasError() {
+		return diags
+	}
+
+	// Pod IP CIDR is required for GCP
+	if strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) && networkCfg.IPCidrPod.ValueString() == "" {
+		diags.AddAttributeError(
+			path.Root("network_config").AtName("ip_cidr_pod"),
+			"Pod IP CIDR missing", "When csp is set to 'gcp', 'ip_cidr_pod' must be set.",
+		)
+	}
+	// Pod IP CIDR should not be set for other CSPs
+	if !strings.EqualFold(data.CSP.ValueString(), cloudprovider.GCP.String()) && networkCfg.IPCidrPod.ValueString() != "" {
+		diags.AddAttributeWarning(
+			path.Root("network_config").AtName("ip_cidr_pod"),
+			"Pod IP CIDR not allowed", "When csp is not set to 'gcp', setting 'ip_cidr_pod' has no effect.",
+		)
+	}
+	return diags
+}
+
 // apply applies changes to a cluster. It can be used for both creating and updating a cluster.
 // This implements the core part of the Create and Update methods.
 func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel, skipInitRPC, skipNodeUpgrade bool) diag.Diagnostics {
@ -667,6 +671,11 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,

 	// Parse and convert values from the Terraform state
 	// to formats the Constellation library can work with.
+	convertDiags := r.validateGCPNetworkConfig(ctx, data)
+	diags.Append(convertDiags...)
+	if diags.HasError() {
+		return diags
+	}

 	csp := cloudprovider.FromString(data.CSP.ValueString())

@ -809,7 +818,7 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,
 		InitSecret:        []byte(data.InitSecret.ValueString()),
 		APIServerCertSANs: apiServerCertSANs,
 		Name:              data.Name.ValueString(),
-		IPCidrNode:        networkCfg.IPCidrNode,
+		IPCidrNode:        networkCfg.IPCidrNode.ValueString(),
 	})
 	switch csp {
 	case cloudprovider.Azure:
@ -824,7 +833,7 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,
 	case cloudprovider.GCP:
 		stateFile.Infrastructure.GCP = &state.GCP{
 			ProjectID: gcpConfig.ProjectID,
-			IPCidrPod: networkCfg.IPCidrPod,
+			IPCidrPod: networkCfg.IPCidrPod.ValueString(),
 		}
 	}

@ -992,7 +1001,7 @@ func (r *ClusterResource) runInitRPC(ctx context.Context, applier *constellation
 			MeasurementSalt: payload.measurementSalt,
 			K8sVersion:      payload.k8sVersion,
 			ConformanceMode: false, // Conformance mode does't need to be configurable through the TF provider for now.
-			ServiceCIDR:     payload.networkCfg.IPCidrService,
+			ServiceCIDR:     payload.networkCfg.IPCidrService.ValueString(),
 		})
 	if err != nil {
 		var nonRetriable *constellation.NonRetriableInitError