/* Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ package cloudcmd import ( "bytes" "context" "errors" "testing" "github.com/edgelesssys/constellation/v2/cli/internal/iamid" "github.com/edgelesssys/constellation/v2/cli/internal/terraform" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/stretchr/testify/assert" ) func TestIAMCreator(t *testing.T) { someErr := errors.New("failed") validGCPIAMConfig := GCPIAMConfig{ Region: "europe-west1", Zone: "europe-west1-a", ProjectID: "project-1234", ServiceAccountID: "const-test", } validGCPIAMOutput := terraform.IAMOutput{ GCP: terraform.GCPIAMOutput{ SaKey: "not_a_secret", }, } validGCPIAMIDFile := iamid.File{ CloudProvider: cloudprovider.GCP, GCPOutput: iamid.GCPFile{ ServiceAccountKey: "not_a_secret", }, } validAzureIAMConfig := AzureIAMConfig{ Region: "westus", ServicePrincipal: "constell-test", ResourceGroup: "constell-test", } validAzureIAMOutput := terraform.IAMOutput{ Azure: terraform.AzureIAMOutput{ SubscriptionID: "test_subscription_id", TenantID: "test_tenant_id", ApplicationID: "test_application_id", ApplicationClientSecretValue: "test_application_client_secret_value", UAMIID: "test_uami_id", }, } validAzureIAMIDFile := iamid.File{ CloudProvider: cloudprovider.Azure, AzureOutput: iamid.AzureFile{ SubscriptionID: "test_subscription_id", TenantID: "test_tenant_id", ApplicationID: "test_application_id", ApplicationClientSecretValue: "test_application_client_secret_value", UAMIID: "test_uami_id", }, } validAWSIAMConfig := AWSIAMConfig{ Region: "us-east-2", Prefix: "test", } validAWSIAMOutput := terraform.IAMOutput{ AWS: terraform.AWSIAMOutput{ WorkerNodeInstanceProfile: "test_worker_node_instance_profile", ControlPlaneInstanceProfile: "test_control_plane_instance_profile", }, } validAWSIAMIDFile := iamid.File{ CloudProvider: cloudprovider.AWS, AWSOutput: iamid.AWSFile{ ControlPlaneInstanceProfile: "test_control_plane_instance_profile", WorkerNodeInstanceProfile: "test_worker_node_instance_profile", }, } testCases := map[string]struct { tfClient terraformClient newTfClientErr error config *IAMConfig provider cloudprovider.Provider wantIAMIDFile iamid.File wantErr bool }{ "new terraform client err": { tfClient: &stubTerraformClient{}, newTfClientErr: someErr, wantErr: true, }, "create iam config err": { tfClient: &stubTerraformClient{iamOutputErr: someErr}, wantErr: true, }, "gcp": { tfClient: &stubTerraformClient{iamOutput: validGCPIAMOutput}, wantIAMIDFile: validGCPIAMIDFile, provider: cloudprovider.GCP, config: &IAMConfig{GCP: validGCPIAMConfig}, }, "azure": { tfClient: &stubTerraformClient{iamOutput: validAzureIAMOutput}, wantIAMIDFile: validAzureIAMIDFile, provider: cloudprovider.Azure, config: &IAMConfig{Azure: validAzureIAMConfig}, }, "aws": { tfClient: &stubTerraformClient{iamOutput: validAWSIAMOutput}, wantIAMIDFile: validAWSIAMIDFile, provider: cloudprovider.AWS, config: &IAMConfig{AWS: validAWSIAMConfig}, }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) creator := &IAMCreator{ out: &bytes.Buffer{}, newTerraformClient: func(ctx context.Context) (terraformClient, error) { return tc.tfClient, tc.newTfClientErr }, } idFile, err := creator.Create(context.Background(), tc.provider, tc.config) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.provider, idFile.CloudProvider) switch tc.provider { case cloudprovider.GCP: assert.Equal(tc.wantIAMIDFile.GCPOutput, idFile.GCPOutput) case cloudprovider.Azure: assert.Equal(tc.wantIAMIDFile.AzureOutput, idFile.AzureOutput) case cloudprovider.AWS: assert.Equal(tc.wantIAMIDFile.AWSOutput, idFile.AWSOutput) } } }) } }