chore: run AKS tests in the new subscription (#624)

* chore: run aks tests in the new subscription

* update sdk

---------

Co-authored-by: Furkhat Kasymov Genii Uulu <furkhat@cast.ai>

Author: furkhat

.github/workflows/acceptance-tests.yml

@@ -56,10 +56,10 @@ jobs:
           CASTAI_API_TOKEN: ${{ secrets.CASTAI_DEV_MASTER_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_TF_ACCEPTANCE_TEST_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_TF_ACCEPTANCE_TEST_SECRET_KEY_ID }}
-          ARM_CLIENT_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_CLIENT_ID }}
-          ARM_CLIENT_SECRET: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_CLIENT_SECRET }}
-          ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_SUBSCRIPTION_ID }}
-          ARM_TENANT_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_TENANT_ID }}
+          ARM_CLIENT_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_CLIENT_ID_V2 }}
+          ARM_CLIENT_SECRET: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_CLIENT_SECRET_V2 }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_SUBSCRIPTION_ID_V2 }}
+          ARM_TENANT_ID: ${{ secrets.AZURE_TF_ACCEPTANCE_TEST_ARM_TENANT_ID_V2 }}
           GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_TF_ACCEPTANCE_TEST_CREDENTIALS }}
           GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_TF_ACCEPTANCE_PROJECT_ID }}
           SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}

castai/resource_aks_cluster_test.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"os"
 	"testing"
 
 	"github.com/golang/mock/gomock"
@@ -415,12 +416,13 @@ func TestAKSClusterResourceUpdateContext(t *testing.T) {
 }
 
 func TestAccAKS_ResourceAKSCluster(t *testing.T) {
-	rName := fmt.Sprintf("%v-aks-%v", ResourcePrefix, acctest.RandString(8))
-	clusterResourceName := "castai_aks_cluster.test"
-	resourceName := "castai_node_configuration.test"
-	clusterName := "core-tf-acc"
-	resourceGroupName := "core-tf-acc"
-	nodeResourceGroupName := "core-tf-acc-ng"
+	rName := fmt.Sprintf("%v-node-cfg-aks-%v", ResourcePrefix, acctest.RandString(8))
+	const (
+		clusterResourceName  = "castai_aks_cluster.test"
+		clusterName          = "terraform-tests-december-2025"
+		resourceGroupName    = "terraform-tests-december-2025"
+		nodeConfResourceName = "castai_node_configuration.test"
+	)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:          func() { testAccPreCheck(t) },
@@ -430,7 +432,7 @@ func TestAccAKS_ResourceAKSCluster(t *testing.T) {
 		//CheckDestroy:      testAccCheckAKSClusterDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAKSClusterConfig(rName, clusterName, resourceGroupName, nodeResourceGroupName),
+				Config: testAccAKSWithClientSecretConfig(clusterName),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(clusterResourceName, "name", clusterName),
 					resource.TestCheckResourceAttrSet(clusterResourceName, "credentials_id"),
@@ -439,39 +441,39 @@ func TestAccAKS_ResourceAKSCluster(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccAKSNodeConfigurationConfig(rName, clusterName, resourceGroupName, nodeResourceGroupName),
+				Config: testAccAKSNodeConfigurationConfig(rName, clusterName, resourceGroupName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "name", rName),
-					resource.TestCheckResourceAttr(resourceName, "disk_cpu_ratio", "35"),
-					resource.TestCheckResourceAttr(resourceName, "min_disk_size", "122"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.max_pods_per_node", "31"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.aks_image_family", "ubuntu"),
-					resource.TestCheckResourceAttr(resourceName, "eks.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "kops.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "gke.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "name", rName),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "disk_cpu_ratio", "35"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "min_disk_size", "122"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.max_pods_per_node", "31"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.aks_image_family", "ubuntu"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "eks.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "kops.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "gke.#", "0"),
 				),
 			},
 			{
-				Config: testAccAKSNodeConfigurationUpdated(rName, clusterName, resourceGroupName, nodeResourceGroupName),
+				Config: testAccAKSNodeConfigurationUpdated(rName, clusterName, resourceGroupName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(resourceName, "name", rName),
-					resource.TestCheckResourceAttr(resourceName, "disk_cpu_ratio", "0"),
-					resource.TestCheckResourceAttr(resourceName, "min_disk_size", "121"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.max_pods_per_node", "32"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.aks_image_family", "azure-linux"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.ephemeral_os_disk.0.placement", "cacheDisk"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.ephemeral_os_disk.0.cache", "ReadOnly"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.loadbalancers.0.name", "test-lb"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.loadbalancers.0.ip_based_backend_pools.0.name", "test"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.network_security_group", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/networkSecurityGroups/test-nsg"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.application_security_groups.0", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/applicationSecurityGroups/test-asg"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.public_ip.0.public_ip_prefix", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/publicIPAddresses/test-ip"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.public_ip.0.tags.FirstPartyUsage", "something"),
-					resource.TestCheckResourceAttr(resourceName, "aks.0.public_ip.0.idle_timeout_in_minutes", "10"),
-					resource.TestCheckResourceAttrSet(resourceName, "aks.0.pod_subnet_id"),
-					resource.TestCheckResourceAttr(resourceName, "eks.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "kops.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "gke.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "name", rName),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "disk_cpu_ratio", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "min_disk_size", "121"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.max_pods_per_node", "32"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.aks_image_family", "azure-linux"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.ephemeral_os_disk.0.placement", "cacheDisk"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.ephemeral_os_disk.0.cache", "ReadOnly"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.loadbalancers.0.name", "test-lb"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.loadbalancers.0.ip_based_backend_pools.0.name", "test"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.network_security_group", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/networkSecurityGroups/test-nsg"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.application_security_groups.0", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/applicationSecurityGroups/test-asg"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.public_ip.0.public_ip_prefix", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Network/publicIPAddresses/test-ip"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.public_ip.0.tags.FirstPartyUsage", "something"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "aks.0.public_ip.0.idle_timeout_in_minutes", "10"),
+					resource.TestCheckResourceAttrSet(nodeConfResourceName, "aks.0.pod_subnet_id"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "eks.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "kops.#", "0"),
+					resource.TestCheckResourceAttr(nodeConfResourceName, "gke.#", "0"),
 				),
 			},
 		},
@@ -488,130 +490,23 @@ func TestAccAKS_ResourceAKSCluster(t *testing.T) {
 	})
 }
 
-func testAccAKSClusterConfig(rName string, clusterName string, resourceGroupName, nodeResourceGroup string) string {
-	return ConfigCompose(testAccAzureConfig(rName, resourceGroupName, nodeResourceGroup), fmt.Sprintf(`
+func testAccAKSWithClientSecretConfig(clusterName string) string {
+	subscriptionID := os.Getenv("ARM_SUBSCRIPTION_ID")
+	tenantID := os.Getenv("ARM_TENANT_ID")
+	clientID := os.Getenv("ARM_CLIENT_ID")
+	clientSecret := os.Getenv("ARM_CLIENT_SECRET")
+	return fmt.Sprintf(`
 resource "castai_aks_cluster" "test" {
   name            = %[1]q
 
   region          = "westeurope"
-  subscription_id = data.azurerm_subscription.current.subscription_id 
-  tenant_id       = data.azurerm_subscription.current.tenant_id
-  client_id       = azuread_application.castai.application_id
-  client_secret   = azuread_application_password.castai.value
-  node_resource_group        = %[2]q
-
-}
-
-`, clusterName, nodeResourceGroup))
-}
-
-func testAccAzureConfig(rName, rgName, ngName string) string {
-	return fmt.Sprintf(`
-provider "azurerm" {
-  features {}
-}
-
-data "azurerm_subscription" "current" {}
-
-data "azurerm_subnet" "internal" {
-  name                 =  "internal"
-  virtual_network_name = "%[2]s-network"
-  resource_group_name  = %[2]q 
-}
-
-provider "azuread" {}
-
-// Azure RM
-resource "azurerm_role_definition" "castai" {
-  name            = %[1]q
-  description = "Role used by CAST AI"
-
-  scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/%[2]s"
-
-  permissions {
-    actions = [
-      "Microsoft.Compute/*/read",
-      "Microsoft.Compute/virtualMachines/*",
-      "Microsoft.Compute/virtualMachineScaleSets/*",
-      "Microsoft.Compute/disks/write",
-      "Microsoft.Compute/disks/delete",
-      "Microsoft.Compute/disks/beginGetAccess/action",
-      "Microsoft.Compute/galleries/write",
-      "Microsoft.Compute/galleries/delete",
-      "Microsoft.Compute/galleries/images/write",
-      "Microsoft.Compute/galleries/images/delete",
-      "Microsoft.Compute/galleries/images/versions/write",
-      "Microsoft.Compute/galleries/images/versions/delete",
-      "Microsoft.Compute/snapshots/write",
-      "Microsoft.Compute/snapshots/delete",
-      "Microsoft.Network/*/read",
-      "Microsoft.Network/networkInterfaces/write",
-      "Microsoft.Network/networkInterfaces/delete",
-      "Microsoft.Network/networkInterfaces/join/action",
-      "Microsoft.Network/networkSecurityGroups/join/action",
-      "Microsoft.Network/publicIPAddresses/write",
-      "Microsoft.Network/publicIPAddresses/delete",
-      "Microsoft.Network/publicIPAddresses/join/action",
-      "Microsoft.Network/virtualNetworks/subnets/join/action",
-      "Microsoft.Network/virtualNetworks/subnets/write",
-      "Microsoft.Network/applicationGateways/backendhealth/action",
-      "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
-      "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action",
-      "Microsoft.Network/loadBalancers/backendAddressPools/write",
-      "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
-      "Microsoft.ContainerService/*/read",
-      "Microsoft.ContainerService/managedClusters/start/action",
-      "Microsoft.ContainerService/managedClusters/stop/action",
-      "Microsoft.ContainerService/managedClusters/runCommand/action",
-      "Microsoft.ContainerService/managedClusters/agentPools/*",
-      "Microsoft.Resources/*/read",
-      "Microsoft.Resources/tags/write",
-      "Microsoft.Authorization/locks/read",
-      "Microsoft.Authorization/roleAssignments/read",
-      "Microsoft.Authorization/roleDefinitions/read",
-      "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
-    ]
-    not_actions = []
-  }
-
-  assignable_scopes = [
-    "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/%[2]s",
-    "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/%[3]s"
-  ]
-}
-
-
-resource "azurerm_role_assignment" "castai_resource_group" {
-  principal_id       = azuread_service_principal.castai.id
-  role_definition_id = azurerm_role_definition.castai.role_definition_resource_id
-
-  scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/%[2]s"
-}
-
-resource "azurerm_role_assignment" "castai_node_resource_group" {
-  principal_id       = azuread_service_principal.castai.id
-  role_definition_id = azurerm_role_definition.castai.role_definition_resource_id
-
-  scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/%[3]s"
-}
-
-// Azure AD
-
-data "azuread_client_config" "current" {}
-
-resource "azuread_application" "castai" {
-  display_name = %[1]q
-}
-
-resource "azuread_application_password" "castai" {
-  application_object_id = azuread_application.castai.object_id
-}
+  subscription_id = %[2]q
+  tenant_id       = %[3]q
+  client_id       = %[4]q
+  client_secret   = %[5]q
+  node_resource_group = "%[1]s-ng"
 
-resource "azuread_service_principal" "castai" {
-  application_id               = azuread_application.castai.application_id
-  app_role_assignment_required = false
-  owners                       = [data.azuread_client_config.current.object_id]
 }
 
-`, rName, rgName, ngName)
+`, clusterName, subscriptionID, tenantID, clientID, clientSecret)
 }

castai/resource_node_configuration_aks_test.go

@@ -4,8 +4,17 @@ import (
 	"fmt"
 )
 
-func testAccAKSNodeConfigurationConfig(rName, clusterName, rgName, ngName string) string {
-	return ConfigCompose(testAccAKSClusterConfig(rName, clusterName, rgName, ngName), fmt.Sprintf(`
+func testAccAKSNodeConfigurationConfig(rName, clusterName, resourceGroupName string) string {
+	return ConfigCompose(testAccAKSWithClientSecretConfig(clusterName), fmt.Sprintf(`
+provider "azurerm" {
+	features {}		
+}
+data "azurerm_subnet" "internal" {
+  name                 =  "internal"
+  virtual_network_name = "%[2]s-network"
+  resource_group_name  = %[2]q 
+}
+
 resource "castai_node_configuration" "test" {
   name   		    = %[1]q
   cluster_id        = castai_aks_cluster.test.id
@@ -25,13 +34,22 @@ resource "castai_node_configuration_default" "test" {
   cluster_id       = castai_aks_cluster.test.id
   configuration_id = castai_node_configuration.test.id
 }
-`, rName))
+`, rName, resourceGroupName))
+}
+
+func testAccAKSNodeConfigurationUpdated(rName, clusterName, resourceGroupName string) string {
+	return ConfigCompose(testAccAKSWithClientSecretConfig(clusterName), fmt.Sprintf(`
+provider "azurerm" {
+	features {}		
+}
+data "azurerm_subnet" "internal" {
+  name                 =  "internal"
+  virtual_network_name = "%[2]s-network"
+  resource_group_name  = %[2]q 
 }
 
-func testAccAKSNodeConfigurationUpdated(rName, clusterName, rgName, ngName string) string {
-	return ConfigCompose(testAccAKSClusterConfig(rName, clusterName, rgName, ngName), fmt.Sprintf(`
 resource "castai_node_configuration" "test" {
-  name   		    = %[2]q
+  name   		    = %[1]q
   cluster_id        = castai_aks_cluster.test.id
   disk_cpu_ratio    = 0
   min_disk_size     = 121
@@ -64,5 +82,5 @@ resource "castai_node_configuration" "test" {
    pod_subnet_id = data.azurerm_subnet.internal.id
   }
 }
-`, rgName, rName))
+`, rName, resourceGroupName))
 }