Merge pull request #153 from Mongey/cm-run-testacc-in-ci

Run testacc in CI, fix broken tests.

.travis.yml

@@ -1,29 +1,34 @@
 dist: trusty
 sudo: required
 services:
-- docker
+  - docker
+go_import_path: github.com/terraform-providers/terraform-provider-vault
 language: go
 go:
-- 1.11
+  - 1.11
 
 install:
-# This script is used by the Travis build to install a cookie for
-# go.googlesource.com so rate limits are higher when using `go get` to fetch
-# packages that live there.
-# See: https://github.com/golang/go/issues/12933
-- bash scripts/gogetcookie.sh
-- go get github.com/kardianos/govendor
+  # This script is used by the Travis build to install a cookie for
+  # go.googlesource.com so rate limits are higher when using `go get` to fetch
+  # packages that live there.
+  # See: https://github.com/golang/go/issues/12933
+  - bash scripts/gogetcookie.sh
+  - go get github.com/kardianos/govendor
 
 script:
-- make test
-- make vendor-status
-- make vet
-- make website-test
+  - docker run -d -e VAULT_DEV_ROOT_TOKEN_ID=TEST -p 8200:8200 --name vault vault:0.11.1
+  - sleep 10
+  - docker exec -e VAULT_TOKEN=TEST -e VAULT_ADDR="http://localhost:8200" vault vault secrets enable --version=1 -path=secretsv1 kv
+  - make test
+  - VAULT_ADDR=http://localhost:8200 VAULT_TOKEN=TEST make testacc
+  - make vendor-status
+  - make vet
+  - make website-test
 
 branches:
   only:
-  - master
-matrix:
-  fast_finish: true
-  allow_failures:
-  - go: tip
+    - master
+  matrix:
+    fast_finish: true
+    allow_failures:
+      - go: tip

vault/data_source_generic_secret_test.go

@@ -24,7 +24,7 @@ func TestDataSourceGenericSecret(t *testing.T) {
 var testDataSourceGenericSecret_config = `
 
 resource "vault_generic_secret" "test" {
-    path = "secret/foo"
+    path = "secretsv1/foo"
     data_json = <<EOT
 {
     "zip": "zap"

vault/import_generic_secret_test.go

@@ -8,7 +8,7 @@ import (
 )
 
 func TestAccGenericSecret_importBasic(t *testing.T) {
-	path := acctest.RandomWithPrefix("secret/test-")
+	path := acctest.RandomWithPrefix("secretsv1/test-")
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testProviders,

vault/migrate_aws_auth_backend_role.go

@@ -0,0 +1,45 @@
+package vault
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func awsAuthBackendRoleResourceMigrateState(v int, is *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) {
+	switch v {
+	case 0:
+		log.Println("[INFO] Found AWS Auth Backend Role State v0; migrating to v1")
+		return migrateawsAuthBackendRoleResourceStateV0toV1(is)
+	default:
+		return is, fmt.Errorf("Unexpected schema version: %d", v)
+	}
+}
+
+func migrateawsAuthBackendRoleResourceStateV0toV1(is *terraform.InstanceState) (*terraform.InstanceState, error) {
+	if is.Empty() {
+		log.Println("[DEBUG] Empty InstanceState; nothing to migrate.")
+		return is, nil
+	}
+	log.Printf("[DEBUG] AWS Auth Backend Role Attributes before migration: %#v", is.Attributes)
+
+	convertSingleAttributeToList(is, "bound_account_id")
+	convertSingleAttributeToList(is, "bound_ami_id")
+	convertSingleAttributeToList(is, "bound_iam_instance_profile_arn")
+	convertSingleAttributeToList(is, "bound_iam_principal_arn")
+	convertSingleAttributeToList(is, "bound_iam_role_arn")
+	convertSingleAttributeToList(is, "bound_region")
+	convertSingleAttributeToList(is, "bound_subnet_id")
+	convertSingleAttributeToList(is, "bound_vpc_id")
+
+	return is, nil
+}
+
+func convertSingleAttributeToList(is *terraform.InstanceState, attr string) {
+	if v, ok := is.Attributes[attr]; ok {
+		is.Attributes[attr+".#"] = "1"
+		is.Attributes[attr+".0"] = v
+		delete(is.Attributes, attr)
+	}
+}

vault/migrate_aws_auth_backend_role_test.go

@@ -0,0 +1,52 @@
+package vault
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestMigrateawsAuthBackendRoleResourceStateV0toV1(t *testing.T) {
+	oldAttributes := map[string]string{
+		"bound_ami_id":                   "ami-1234",
+		"bound_account_id":               "account-123",
+		"bound_iam_instance_profile_arn": "arn::123",
+		"bound_iam_principal_arn":        "arn::234",
+		"bound_iam_role_arn":             "arn::456",
+		"bound_region":                   "us-west-1",
+		"bound_subnet_id":                "sub-abc",
+		"bound_vpc_id":                   "vpc-1234",
+	}
+
+	newState, err := migrateawsAuthBackendRoleResourceStateV0toV1(&terraform.InstanceState{
+		ID:         "nonempty",
+		Attributes: oldAttributes,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedAttributes := map[string]string{
+		"bound_ami_id.#":                   "1",
+		"bound_ami_id.0":                   "ami-1234",
+		"bound_account_id.#":               "1",
+		"bound_account_id.0":               "account-123",
+		"bound_iam_instance_profile_arn.#": "1",
+		"bound_iam_instance_profile_arn.0": "arn::123",
+		"bound_iam_principal_arn.#":        "1",
+		"bound_iam_principal_arn.0":        "arn::234",
+		"bound_iam_role_arn.#":             "1",
+		"bound_iam_role_arn.0":             "arn::456",
+		"bound_region.#":                   "1",
+		"bound_region.0":                   "us-west-1",
+		"bound_subnet_id.#":                "1",
+		"bound_subnet_id.0":                "sub-abc",
+		"bound_vpc_id.#":                   "1",
+		"bound_vpc_id.0":                   "vpc-1234",
+	}
+
+	if !reflect.DeepEqual(newState.Attributes, expectedAttributes) {
+		t.Fatalf("Expected attributes:%#v Given:%#v", expectedAttributes, newState.Attributes)
+	}
+}

vault/resource_auth_backend_test.go

@@ -45,7 +45,7 @@ func testAccCheckAuthBackendDestroy(s *terraform.State) error {
 		}
 
 		if _, ok := auths[instanceState.ID]; ok {
-			return fmt.Errorf("Auth backend still exists.")
+			return fmt.Errorf("Auth backend still exists")
 		}
 	}
 	return nil

vault/resource_aws_auth_backend_client.go

@@ -125,7 +125,6 @@ func awsAuthBackendRead(d *schema.ResourceData, meta interface{}) error {
 	}
 	d.Set("backend", idPieces[1])
 	d.Set("access_key", secret.Data["access_key"])
-	d.Set("secret_key", secret.Data["secret_key"])
 	d.Set("ec2_endpoint", secret.Data["endpoint"])
 	d.Set("iam_endpoint", secret.Data["iam_endpoint"])
 	d.Set("sts_endpoint", secret.Data["sts_endpoint"])

vault/resource_aws_auth_backend_client_test.go

@@ -22,9 +22,10 @@ func TestAccAWSAuthBackendClient_import(t *testing.T) {
 				Check:  testAccAWSAuthBackendClientCheck_attrs(backend),
 			},
 			{
-				ResourceName:      "vault_aws_auth_backend_client.client",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "vault_aws_auth_backend_client.client",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"secret_key"},
 			},
 		},
 	})
@@ -114,8 +115,8 @@ func testAccAWSAuthBackendClientCheck_attrs(backend string) resource.TestCheckFu
 			return fmt.Errorf("AWS auth client not configured at %q", endpoint)
 		}
 		attrs := map[string]string{
-			"access_key":                 "access_key",
-			"secret_key":                 "secret_key",
+			"access_key": "access_key",
+			//"secret_key":                 "secret_key",
 			"ec2_endpoint":               "endpoint",
 			"iam_endpoint":               "iam_endpoint",
 			"sts_endpoint":               "sts_endpoint",