diff --git a/.changelog/1429.txt b/.changelog/1429.txt new file mode 100644 index 000000000..f526139bb --- /dev/null +++ b/.changelog/1429.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Add BYO-DNS Azure tests +``` \ No newline at end of file diff --git a/go.mod b/go.mod index b0d668bab..99e1e6cb8 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/hashicorp/go-cty v1.5.0 github.com/hashicorp/go-uuid v1.0.3 github.com/hashicorp/go-version v1.7.0 - github.com/hashicorp/hcp-sdk-go v0.161.0 + github.com/hashicorp/hcp-sdk-go v0.163.0 github.com/hashicorp/terraform-plugin-docs v0.20.1 github.com/hashicorp/terraform-plugin-framework v1.15.0 github.com/hashicorp/terraform-plugin-framework-validators v0.18.0 diff --git a/go.sum b/go.sum index d8c3f09a2..fdb2666d2 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/hashicorp/hc-install v0.9.2 h1:v80EtNX4fCVHqzL9Lg/2xkp62bbvQMnvPQ0G+O github.com/hashicorp/hc-install v0.9.2/go.mod h1:XUqBQNnuT4RsxoxiM9ZaUk0NX8hi2h+Lb6/c0OZnC/I= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hashicorp/hcp-sdk-go v0.161.0 h1:7DOMGou/w9bd9TgsgiCKZPQwY57Dq+hG+tKEGqbIQ4M= -github.com/hashicorp/hcp-sdk-go v0.161.0/go.mod h1:v2vbpNIrmgUTelW4Z+ur+aQuSPxeaVK3xytFdpEXvSg= +github.com/hashicorp/hcp-sdk-go v0.163.0 h1:d4X18HoVKui7u58qd55riJCKzdAGpGmx75uR7aRT1bE= +github.com/hashicorp/hcp-sdk-go v0.163.0/go.mod h1:v2vbpNIrmgUTelW4Z+ur+aQuSPxeaVK3xytFdpEXvSg= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-exec v0.23.0 h1:MUiBM1s0CNlRFsCLJuM5wXZrzA3MnPYEsiXmzATMW/I= diff --git a/internal/providersdkv2/data_source_dns_forwarding_rule_test.go b/internal/providersdkv2/data_source_dns_forwarding_rule_test.go index 25e6ebcb5..9170e1e93 100644 --- a/internal/providersdkv2/data_source_dns_forwarding_rule_test.go +++ b/internal/providersdkv2/data_source_dns_forwarding_rule_test.go @@ -7,8 +7,8 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) -// TestAcc_Platform_DNSForwardingDataSource tests the DNS forwarding data source. -func TestAcc_Platform_DNSForwardingRuleDataSource(t *testing.T) { +// TestAcc_Platform_DNSForwardingDataSource_AWS tests the DNS forwarding data source. +func TestAcc_Platform_DNSForwardingRuleDataSource_AWS(t *testing.T) { uniqueName := testAccUniqueNameWithPrefix("dns-r") resource.Test(t, resource.TestCase{ @@ -22,7 +22,7 @@ func TestAcc_Platform_DNSForwardingRuleDataSource(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccDNSForwardingRuleDataSourceConfig(uniqueName), + Config: testAccDNSForwardingRuleDataSourceConfigAWS(uniqueName), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "id"), resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "created_at"), @@ -39,7 +39,7 @@ func TestAcc_Platform_DNSForwardingRuleDataSource(t *testing.T) { }) } -func testAccDNSForwardingRuleDataSourceConfig(uniqueName string) string { +func testAccDNSForwardingRuleDataSourceConfigAWS(uniqueName string) string { return fmt.Sprintf(` provider "aws" { region = "us-east-1" @@ -134,3 +134,135 @@ data "hcp_dns_forwarding_rule" "test" { } `, uniqueName) } + +// TestAcc_Platform_DNSForwardingRuleDataSource_Azure tests the DNS forwarding rule data source with Azure hvn-peering. +func TestAcc_Platform_DNSForwardingRuleDataSource_Azure(t *testing.T) { + uniqueName := testAccUniqueNameWithPrefix("dns-r-azure") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": true}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "azurerm": { + Source: "hashicorp/azurerm", + VersionConstraint: "~> 3.0", + }, + "azuread": { + Source: "hashicorp/azuread", + VersionConstraint: "~> 2.0", + }, + }, + Steps: []resource.TestStep{ + { + Config: testAccDNSForwardingRuleDataSourceConfigAzure(uniqueName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "id"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "created_at"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "state"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding_rule.test", "self_link"), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding_rule.test", "rule_id", fmt.Sprintf("%s-initial", uniqueName)), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding_rule.test", "domain_name", "azure.internal"), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.#", "2"), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.0", "10.0.1.10"), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.1", "10.0.1.11"), + ), + }, + }, + }) +} + +func testAccDNSForwardingRuleDataSourceConfigAzure(uniqueName string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +provider "azuread" {} + +resource "hcp_hvn" "test" { + hvn_id = "%[1]s" + cloud_provider = "azure" + region = "eastus" + cidr_block = "172.25.16.0/20" +} + +resource "azurerm_resource_group" "test" { + name = "%[1]s" + location = "East US" +} + +resource "azurerm_virtual_network" "test" { + name = "%[1]s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +resource "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = "%[1]s" + peer_subscription_id = "%[2]s" + peer_tenant_id = "%[3]s" + peer_vnet_name = azurerm_virtual_network.test.name + peer_resource_group_name = azurerm_resource_group.test.name + peer_vnet_region = "eastus" +} + +resource "azuread_service_principal" "test" { + application_id = hcp_azure_peering_connection.test.application_id +} + +resource "azurerm_role_definition" "test" { + name = "%[1]s" + scope = azurerm_virtual_network.test.id + + assignable_scopes = [ + azurerm_virtual_network.test.id + ] + + permissions { + actions = [ + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" + ] + } +} + +resource "azurerm_role_assignment" "test" { + principal_id = azuread_service_principal.test.id + scope = azurerm_virtual_network.test.id + role_definition_id = azurerm_role_definition.test.role_definition_resource_id +} + +data "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = hcp_azure_peering_connection.test.peering_id + wait_for_active_state = true + + depends_on = [azurerm_role_assignment.test] +} + +resource "hcp_dns_forwarding" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = "%[1]s" + peering_id = "%[1]s" + connection_type = "hvn-peering" + + # Ensure peering is in active state before creating DNS forwarding + depends_on = [data.hcp_azure_peering_connection.test] + + forwarding_rule { + rule_id = "%[1]s-initial" + domain_name = "azure.internal" + inbound_endpoint_ips = ["10.0.1.10", "10.0.1.11"] + } +} + +data "hcp_dns_forwarding_rule" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = hcp_dns_forwarding.test.dns_forwarding_id + dns_forwarding_rule_id = "%[1]s-initial" +} +`, uniqueName, subscriptionID, tenantID) +} diff --git a/internal/providersdkv2/data_source_dns_forwarding_test.go b/internal/providersdkv2/data_source_dns_forwarding_test.go index dc80d69a4..855a0efd1 100644 --- a/internal/providersdkv2/data_source_dns_forwarding_test.go +++ b/internal/providersdkv2/data_source_dns_forwarding_test.go @@ -7,9 +7,9 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) -// TestAcc_Platform_DNSForwardingDataSource tests the DNS forwarding data source. -func TestAcc_Platform_DNSForwardingDataSource(t *testing.T) { - uniqueName := testAccUniqueNameWithPrefix("dns-fwd") +// TestAcc_Platform_DNSForwardingDataSource_AWS tests the DNS forwarding data source. +func TestAcc_Platform_DNSForwardingDataSource_AWS(t *testing.T) { + uniqueName := testAccUniqueNameWithPrefix("dns-fwd-aws") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": true, "azure": false}) }, @@ -22,7 +22,7 @@ func TestAcc_Platform_DNSForwardingDataSource(t *testing.T) { }, Steps: []resource.TestStep{ { - Config: testAccDNSForwardingDataSourceConfig(uniqueName), + Config: testAccDNSForwardingDataSourceConfigAWS(uniqueName), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "id"), resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "created_at"), @@ -36,7 +36,40 @@ func TestAcc_Platform_DNSForwardingDataSource(t *testing.T) { }) } -func testAccDNSForwardingDataSourceConfig(uniqueName string) string { +// TestAcc_Platform_DNSForwardingDataSource_Azure tests the DNS forwarding data source with Azure peering. +func TestAcc_Platform_DNSForwardingDataSource_Azure(t *testing.T) { + uniqueName := testAccUniqueNameWithPrefix("dns-azure") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": true}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "azurerm": { + Source: "hashicorp/azurerm", + VersionConstraint: "~> 3.0", + }, + "azuread": { + Source: "hashicorp/azuread", + VersionConstraint: "~> 2.0", + }, + }, + Steps: []resource.TestStep{ + { + Config: testAccDNSForwardingDataSourceConfigAzure(uniqueName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "id"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "created_at"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "state"), + resource.TestCheckResourceAttrSet("data.hcp_dns_forwarding.test", "self_link"), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding.test", "dns_forwarding_id", uniqueName), + resource.TestCheckResourceAttr("data.hcp_dns_forwarding.test", "connection_type", "hvn-peering"), + ), + }, + }, + }) +} + +func testAccDNSForwardingDataSourceConfigAWS(uniqueName string) string { return fmt.Sprintf(` provider "aws" { region = "us-east-1" @@ -60,7 +93,7 @@ resource "aws_ec2_transit_gateway" "test" { resource "aws_ram_resource_share" "test" { name = "%[1]s" allow_external_principals = true - + tags = { Name = "%[1]s" } @@ -83,7 +116,7 @@ resource "hcp_aws_transit_gateway_attachment" "test" { aws_ram_principal_association.test, aws_ram_resource_association.test, ] - + hvn_id = hcp_hvn.test.hvn_id transit_gateway_attachment_id = "%[1]s" transit_gateway_id = aws_ec2_transit_gateway.test.id @@ -103,22 +136,20 @@ data "hcp_aws_transit_gateway_attachment" "test" { hvn_id = hcp_hvn.test.hvn_id transit_gateway_attachment_id = "%[1]s" wait_for_active_state = true - + # Ensure the AWS accepter runs before checking for active state depends_on = [aws_ec2_transit_gateway_vpc_attachment_accepter.test] } - - resource "hcp_dns_forwarding" "test" { hvn_id = hcp_hvn.test.hvn_id dns_forwarding_id = "%[1]s" peering_id = "%[1]s" connection_type = "tgw-attachment" - + # Ensure transit gateway attachment is active before creating DNS forwarding depends_on = [data.hcp_aws_transit_gateway_attachment.test] - + forwarding_rule { rule_id = "%[1]s-initial" domain_name = "example.internal" @@ -132,3 +163,100 @@ data "hcp_dns_forwarding" "test" { } `, uniqueName) } + +func testAccDNSForwardingDataSourceConfigAzure(uniqueName string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +provider "azuread" {} + +resource "hcp_hvn" "test" { + hvn_id = "%[1]s" + cloud_provider = "azure" + region = "eastus" + cidr_block = "172.25.16.0/20" +} + +resource "azurerm_resource_group" "test" { + name = "%[1]s" + location = "East US" +} + +resource "azurerm_virtual_network" "test" { + name = "%[1]s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +# Create Azure peering connection +resource "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = "%[1]s" + peer_subscription_id = "%[2]s" + peer_tenant_id = "%[3]s" + peer_vnet_name = azurerm_virtual_network.test.name + peer_resource_group_name = azurerm_resource_group.test.name + peer_vnet_region = "eastus" +} + +resource "azuread_service_principal" "test" { + application_id = hcp_azure_peering_connection.test.application_id +} + +resource "azurerm_role_definition" "test" { + name = "%[1]s" + scope = azurerm_virtual_network.test.id + + assignable_scopes = [ + azurerm_virtual_network.test.id + ] + + permissions { + actions = [ + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" + ] + } +} + +resource "azurerm_role_assignment" "test" { + principal_id = azuread_service_principal.test.id + scope = azurerm_virtual_network.test.id + role_definition_id = azurerm_role_definition.test.role_definition_resource_id +} + +data "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = hcp_azure_peering_connection.test.peering_id + wait_for_active_state = true + + depends_on = [azurerm_role_assignment.test] +} + +# Create DNS forwarding +resource "hcp_dns_forwarding" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = "%[1]s" + peering_id = "%[1]s" + connection_type = "hvn-peering" + + # Ensure peering is in active state before creating DNS forwarding + depends_on = [data.hcp_azure_peering_connection.test] + + forwarding_rule { + rule_id = "%[1]s-initial" + domain_name = "example.internal" + inbound_endpoint_ips = ["10.0.1.10", "10.0.1.11"] + } +} + +data "hcp_dns_forwarding" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = hcp_dns_forwarding.test.dns_forwarding_id +} +`, uniqueName, subscriptionID, tenantID) +} diff --git a/internal/providersdkv2/resource_dns_forwarding_rule_test.go b/internal/providersdkv2/resource_dns_forwarding_rule_test.go index 4a4eb898d..0c5a5715d 100644 --- a/internal/providersdkv2/resource_dns_forwarding_rule_test.go +++ b/internal/providersdkv2/resource_dns_forwarding_rule_test.go @@ -55,6 +55,53 @@ func TestAcc_Platform_DNSForwardingRuleResource(t *testing.T) { }) } +// TestAcc_Platform_DNSForwardingRuleResourceAzure tests the DNS forwarding rule resource with Azure VNet hvn-peering. +func TestAcc_Platform_DNSForwardingRuleResourceAzure(t *testing.T) { + uniqueName := testAccUniqueNameWithPrefix("dns-rr-1") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": true}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "azurerm": {VersionConstraint: "~> 3.63"}, + "azuread": {VersionConstraint: "~> 2.39"}, + }, + Steps: []resource.TestStep{ + // Create and Read testing + { + Config: testAccDNSForwardingRuleResourceConfigAzure(uniqueName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("hcp_dns_forwarding_rule.test", "domain_name", "completely-different.example.com"), + resource.TestCheckResourceAttr("hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.#", "2"), + resource.TestCheckResourceAttr("hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.0", "10.0.1.20"), + resource.TestCheckResourceAttr("hcp_dns_forwarding_rule.test", "inbound_endpoint_ips.1", "10.0.1.21"), + resource.TestCheckResourceAttr("hcp_dns_forwarding_rule.test", "rule_id", fmt.Sprintf("%s-additional", uniqueName)), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding_rule.test", "id"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding_rule.test", "created_at"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding_rule.test", "state"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding_rule.test", "self_link"), + ), + }, + // ImportState testing + { + ResourceName: "hcp_dns_forwarding_rule.test", + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources["hcp_dns_forwarding_rule.test"] + if !ok { + return "", fmt.Errorf("resource not found: hcp_dns_forwarding_rule.test") + } + hvnID := rs.Primary.Attributes["hvn_id"] + dnsForwardingID := rs.Primary.Attributes["dns_forwarding_id"] + ruleID := rs.Primary.Attributes["rule_id"] + return fmt.Sprintf("%s:%s:%s", hvnID, dnsForwardingID, ruleID), nil + }, + }, + }, + }) +} + func testAccDNSForwardingRuleResourceConfig(uniqueName string) string { return fmt.Sprintf(` provider "aws" { @@ -153,3 +200,101 @@ resource "hcp_dns_forwarding_rule" "test" { } `, uniqueName) } + +func testAccDNSForwardingRuleResourceConfigAzure(uniqueName string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "hcp_hvn" "test" { + hvn_id = "%[1]s" + cloud_provider = "azure" + region = "eastus" + cidr_block = "172.25.16.0/20" +} + +resource "azurerm_resource_group" "test" { + name = "%[1]s" + location = "East US" +} + +resource "azurerm_virtual_network" "test" { + name = "%[1]s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +// This resource initially returns in a Pending state, because its application_id is required to complete acceptance of the connection. +resource "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = "%[1]s" + peer_subscription_id = "%[2]s" + peer_tenant_id = "%[3]s" + peer_vnet_name = azurerm_virtual_network.test.name + peer_resource_group_name = azurerm_resource_group.test.name + peer_vnet_region = "eastus" +} + +resource "azuread_service_principal" "test" { + application_id = hcp_azure_peering_connection.test.application_id +} + +resource "azurerm_role_definition" "test" { + name = "%[1]s" + scope = azurerm_virtual_network.test.id + + assignable_scopes = [ + azurerm_virtual_network.test.id + ] + + permissions { + actions = [ + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" + ] + } +} + +resource "azurerm_role_assignment" "test" { + principal_id = azuread_service_principal.test.id + scope = azurerm_virtual_network.test.id + role_definition_id = azurerm_role_definition.test.role_definition_resource_id +} + +data "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = hcp_azure_peering_connection.test.peering_id + wait_for_active_state = true + + depends_on = [azurerm_role_assignment.test] +} + +resource "hcp_dns_forwarding" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = "%[1]s" + peering_id = "%[1]s" + connection_type = "hvn-peering" + + # Ensure peering connection is in active state before creating DNS forwarding + depends_on = [data.hcp_azure_peering_connection.test] + + # Required stable forwarding rule that should not conflict with the standalone rule + forwarding_rule { + rule_id = "%[1]s-stable" + domain_name = "stable.internal.com" + inbound_endpoint_ips = ["10.0.1.50", "10.0.1.51"] + } +} + +resource "hcp_dns_forwarding_rule" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = hcp_dns_forwarding.test.dns_forwarding_id + rule_id = "%[1]s-additional" + domain_name = "completely-different.example.com" # Different domain to avoid conflicts + inbound_endpoint_ips = ["10.0.1.20", "10.0.1.21"] +} +`, uniqueName, azureSubscriptionID, azureTenantID) +} diff --git a/internal/providersdkv2/resource_dns_forwarding_test.go b/internal/providersdkv2/resource_dns_forwarding_test.go index a7dc26e1f..2bdccd2b4 100644 --- a/internal/providersdkv2/resource_dns_forwarding_test.go +++ b/internal/providersdkv2/resource_dns_forwarding_test.go @@ -2,12 +2,18 @@ package providersdkv2 import ( "fmt" + "os" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" ) +var ( + azureSubscriptionID = os.Getenv("ARM_SUBSCRIPTION_ID") + azureTenantID = os.Getenv("ARM_TENANT_ID") +) + // TestAcc_Platform_DNSForwardingResource tests the DNS forwarding resource. func TestAcc_Platform_DNSForwardingResource(t *testing.T) { uniqueName := testAccUniqueNameWithPrefix("dns-fwd-res") @@ -55,6 +61,53 @@ func TestAcc_Platform_DNSForwardingResource(t *testing.T) { }) } +// TestAcc_Platform_DNSForwardingResourceAzure tests the DNS forwarding resource with Azure VNet hvn-peering. +func TestAcc_Platform_DNSForwardingResourceAzure(t *testing.T) { + uniqueName := testAccUniqueNameWithPrefix("dns-fwd-az") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t, map[string]bool{"aws": false, "azure": true}) }, + ProtoV6ProviderFactories: testProtoV6ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "azurerm": {VersionConstraint: "~> 3.63"}, + "azuread": {VersionConstraint: "~> 2.39"}, + }, + Steps: []resource.TestStep{ + // Create and Read testing + { + Config: testAccDNSForwardingResourceConfigAzure(uniqueName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet("hcp_dns_forwarding.test", "id"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding.test", "created_at"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding.test", "state"), + resource.TestCheckResourceAttrSet("hcp_dns_forwarding.test", "self_link"), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "dns_forwarding_id", uniqueName), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "connection_type", "hvn-peering"), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "forwarding_rule.#", "1"), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "forwarding_rule.0.rule_id", fmt.Sprintf("%s-initial", uniqueName)), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "forwarding_rule.0.domain_name", "example.internal"), + resource.TestCheckResourceAttr("hcp_dns_forwarding.test", "forwarding_rule.0.inbound_endpoint_ips.#", "2"), + ), + }, + // ImportState testing + { + ResourceName: "hcp_dns_forwarding.test", + ImportState: true, + ImportStateVerify: true, + ImportStateIdFunc: func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources["hcp_dns_forwarding.test"] + if !ok { + return "", fmt.Errorf("resource not found: hcp_dns_forwarding.test") + } + hvnID := rs.Primary.Attributes["hvn_id"] + dnsForwardingID := rs.Primary.Attributes["dns_forwarding_id"] + return fmt.Sprintf("%s:%s", hvnID, dnsForwardingID), nil + }, + }, + }, + }) +} + func testAccDNSForwardingResourceConfig(uniqueName string) string { return fmt.Sprintf(` provider "aws" { @@ -144,3 +197,92 @@ resource "hcp_dns_forwarding" "test" { } `, uniqueName) } + +func testAccDNSForwardingResourceConfigAzure(uniqueName string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "hcp_hvn" "test" { + hvn_id = "%[1]s" + cloud_provider = "azure" + region = "eastus" + cidr_block = "172.25.16.0/20" +} + +resource "azurerm_resource_group" "test" { + name = "%[1]s" + location = "East US" +} + +resource "azurerm_virtual_network" "test" { + name = "%[1]s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +// This resource initially returns in a Pending state, because its application_id is required to complete acceptance of the connection. +resource "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = "%[1]s" + peer_subscription_id = "%[2]s" + peer_tenant_id = "%[3]s" + peer_vnet_name = azurerm_virtual_network.test.name + peer_resource_group_name = azurerm_resource_group.test.name + peer_vnet_region = "eastus" +} + +resource "azuread_service_principal" "test" { + application_id = hcp_azure_peering_connection.test.application_id +} + +resource "azurerm_role_definition" "test" { + name = "%[1]s" + scope = azurerm_virtual_network.test.id + + assignable_scopes = [ + azurerm_virtual_network.test.id + ] + + permissions { + actions = [ + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" + ] + } +} + +resource "azurerm_role_assignment" "test" { + principal_id = azuread_service_principal.test.id + scope = azurerm_virtual_network.test.id + role_definition_id = azurerm_role_definition.test.role_definition_resource_id +} + +data "hcp_azure_peering_connection" "test" { + hvn_link = hcp_hvn.test.self_link + peering_id = hcp_azure_peering_connection.test.peering_id + wait_for_active_state = true + + depends_on = [azurerm_role_assignment.test] +} + +resource "hcp_dns_forwarding" "test" { + hvn_id = hcp_hvn.test.hvn_id + dns_forwarding_id = "%[1]s" + peering_id = "%[1]s" + connection_type = "hvn-peering" + + # Ensure peering connection is in active state before creating DNS forwarding + depends_on = [data.hcp_azure_peering_connection.test] + + forwarding_rule { + rule_id = "%[1]s-initial" + domain_name = "example.internal" + inbound_endpoint_ips = ["10.0.1.10", "10.0.1.11"] + } +} +`, uniqueName, azureSubscriptionID, azureTenantID) +}