From 05e2331208b61fc0e738f3ab695fb8acab33206d Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Wed, 26 Apr 2023 16:27:27 -0400 Subject: [PATCH] add resource update tests, force-new on sign, use OCI validators Signed-off-by: Jason Hall --- .github/workflows/test.yml | 17 +- go.mod | 3 + internal/provider/attest_resource_test.go | 89 --------- internal/provider/digest_validator.go | 27 --- internal/provider/json_validator.go | 27 --- internal/provider/ref_validator.go | 25 --- ...{attest_resource.go => resource_attest.go} | 7 +- internal/provider/resource_attest_test.go | 187 ++++++++++++++++++ .../{sign_resource.go => resource_sign.go} | 6 +- internal/provider/resource_sign_test.go | 142 +++++++++++++ internal/provider/sign_resource_test.go | 63 ------ internal/provider/url_validator.go | 25 --- internal/provider/verify_data_source.go | 3 +- 13 files changed, 346 insertions(+), 275 deletions(-) delete mode 100644 internal/provider/attest_resource_test.go delete mode 100644 internal/provider/digest_validator.go delete mode 100644 internal/provider/json_validator.go delete mode 100644 internal/provider/ref_validator.go rename internal/provider/{attest_resource.go => resource_attest.go} (95%) create mode 100644 internal/provider/resource_attest_test.go rename internal/provider/{sign_resource.go => resource_sign.go} (96%) create mode 100644 internal/provider/resource_sign_test.go delete mode 100644 internal/provider/sign_resource_test.go delete mode 100644 internal/provider/url_validator.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fd56aa5..1f21eda 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: actions/setup-go@v4 with: - go-version: '1.18' + go-version: 1.20.x - run: go generate ./... - name: git diff run: | @@ -43,22 +43,11 @@ jobs: ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: actions/setup-go@v4 with: - go-version: '1.18' - - - uses: imjasonh/setup-crane@v0.3 - - uses: chainguard-dev/actions/setup-registry@main - with: - port: 5000 - + go-version: 1.20.x - uses: hashicorp/setup-terraform@v2 with: terraform_version: ${{ matrix.terraform }} terraform_wrapper: false - - run: go mod download - run: go build -v . - - run: | - crane copy --insecure cgr.dev/chainguard/static:latest-glibc localhost:5000/cosign-testing - export TEST_IMAGE=localhost:5000/cosign-testing@$(crane digest --insecure localhost:5000/cosign-testing) - - TF_ACC=1 go test -v -cover ./internal/provider/ + - run: TF_ACC=1 go test -v -cover ./internal/provider/ diff --git a/go.mod b/go.mod index a4d028c..d80661c 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,10 @@ module github.com/chainguard-dev/terraform-provider-cosign go 1.19 +replace github.com/chainguard-dev/terraform-provider-oci => ../terraform-provider-oci + require ( + github.com/chainguard-dev/terraform-provider-oci v0.0.0-20230425204147-f48901367805 github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419 github.com/google/uuid v1.3.0 github.com/hashicorp/terraform-plugin-docs v0.14.1 diff --git a/internal/provider/attest_resource_test.go b/internal/provider/attest_resource_test.go deleted file mode 100644 index d9a0c24..0000000 --- a/internal/provider/attest_resource_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package provider - -import ( - "fmt" - "os" - "regexp" - "testing" - - "github.com/google/uuid" - "github.com/hashicorp/terraform-plugin-testing/helper/resource" -) - -func TestAccResourceCosignAttest(t *testing.T) { - digest := os.Getenv("TEST_IMAGE") - - url := "https://example.com/" + uuid.New().String() - - value := uuid.New().String() - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, - Steps: []resource.TestStep{{ - Config: fmt.Sprintf(` -resource "cosign_attest" "foo" { - image = %q - predicate_type = %q - predicate = jsonencode({ - foo = %q - }) -} - -data "cosign_verify" "bar" { - image = cosign_attest.foo.attested_ref - policy = jsonencode({ - apiVersion = "policy.sigstore.dev/v1beta1" - kind = "ClusterImagePolicy" - metadata = { - name = "attested-it" - } - spec = { - images = [{ - glob = %q - }] - authorities = [{ - keyless = { - url = "https://fulcio.sigstore.dev" - identities = [{ - issuer = "https://token.actions.githubusercontent.com" - subject = "https://github.com/imjasonh/terraform-provider-cosign/.github/workflows/test.yml@refs/heads/main" - }] - } - attestations = [{ - name = "must-have-attestation" - predicateType = %q - policy = { - type = "cue" - // When we do things in this style, we can use file("foo.cue") too! - data = <