Extra tests (mssql) and minor refactor

aristosvo · Oct 12, 2021 · 0fac41b · 0fac41b
1 parent 3c7ba72
commit 0fac41b
Show file tree

Hide file tree

Showing 7 changed files with 307 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -106,7 +106,7 @@ Congratulations! Resources are moved in Azure and corrected in Terraform.
 
 
 ## ToDo
-- [ ] Use [terraform-exec](github.com/hashicorp/terraform-exec) instead of wrapping `terraform`
+- [ ] Use [terraform-exec](https://github.com/hashicorp/terraform-exec) instead of wrapping `terraform`
 - [ ] Multiple authentication options (ideally all options supported in the provider)
 
 ## Licence

diff --git a/acceptance/cleanup.go b/acceptance/cleanup.go
@@ -0,0 +1,21 @@
+package acceptance
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func Cleanup(t *testing.T) {
+	files, err := filepath.Glob("./terraform.tfstate.*")
+	if err != nil {
+		t.Fatalf("File search failed due to: %v", err)
+	}
+	for _, f := range files {
+		if err := os.Remove(f); err != nil {
+			t.Fatalf("Removal failed due to: %v", err)
+		}
+	}
+
+	t.Log("Cleanup succeeded")
+}
diff --git a/acceptance/keyvault/keyvault_test.go b/acceptance/keyvault/keyvault_test.go
@@ -46,6 +46,8 @@ func TestKeyVault_Basic(t *testing.T) {
 	if exitCode != 0 {
 		t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0)
 	}
+
+	acceptance.Cleanup(t)
 }
 
 func ipCIDR() string {

diff --git a/acceptance/mssql/main.tf b/acceptance/mssql/main.tf
@@ -0,0 +1,230 @@
+provider "azurerm" {
+  features {}
+}
+
+variable "location" {
+  default     = "westeurope"
+  description = "Locatie for all resources, standard is westeurope or \"West Europe\"."
+  validation {
+    condition     = can(regex("^westeurope|northeurope$", var.location))
+    error_message = "We only use region West Europe and North Europe for now."
+  }
+}
+
+variable "tags" {
+  description = "Tags for all resources"
+  type = object({
+    Customer    = string
+    Team        = string
+    Environment = string
+  })
+  default = {
+    Customer    = "test"
+    Team        = "aristosvo"
+    Environment = "acceptance"
+  }
+  validation {
+    condition     = contains(["test", "staging", "development", "acceptance", "production"], lookup(var.tags, "Environment", "wrong"))
+    error_message = "Environment should be one of the values \"test\", \"staging\", \"development\", \"acceptance\" or \"production\"."
+  }
+}
+
+resource "azurerm_resource_group" "input_rg" {
+  name     = "input-sa-rg"
+  location = var.location
+  tags     = var.tags
+}
+
+resource "azurerm_resource_group" "output_rg" {
+  name     = "output-sa-rg"
+  location = var.location
+  tags     = var.tags
+}
+
+resource "random_password" "mssql_postfix" {
+  length  = 8
+  special = false
+}
+
+resource "azurerm_mssql_server" "mssql_server" {
+  name                         = "sqlsrvr-move-${lower(nonsensitive(random_password.mssql_postfix.result))}"
+  resource_group_name          = azurerm_resource_group.input_rg.name
+  location                     = azurerm_resource_group.input_rg.location
+  version                      = "12.0"
+  administrator_login          = "aztfmoveadmin"
+  administrator_login_password = "Id0n7kn0wwha$$od0h3re"
+  minimum_tls_version          = "1.2"
+  tags                         = var.tags
+}
+
+resource "azurerm_mssql_database" "mssql_db" {
+  name        = "sqldb-move-${lower(nonsensitive(random_password.mssql_postfix.result))}"
+  server_id   = azurerm_mssql_server.mssql_server.id
+  tags        = var.tags
+  max_size_gb = 5
+  sku_name    = "S3"
+}
+
+resource "azurerm_mssql_database_extended_auditing_policy" "mssql_database_extended_auditing_policy" {
+  database_id            = azurerm_mssql_database.mssql_db.id
+  log_monitoring_enabled = true
+}
+
+resource "azurerm_sql_firewall_rule" "rule1" {
+  name                = "one"
+  resource_group_name = azurerm_resource_group.input_rg.name
+  server_name         = azurerm_mssql_server.mssql_server.name
+  start_ip_address    = "8.8.8.8"
+  end_ip_address      = "8.8.8.8"
+}
+
+resource "azurerm_sql_firewall_rule" "rule2" {
+  name                = "two"
+  resource_group_name = azurerm_resource_group.input_rg.name
+  server_name         = azurerm_mssql_server.mssql_server.name
+  start_ip_address    = "9.9.9.9"
+  end_ip_address      = "9.9.9.9"
+}
+
+resource "azurerm_log_analytics_workspace" "log_analytics_workspace" {
+  name                = "law-move-${lower(nonsensitive(random_password.mssql_postfix.result))}"
+  resource_group_name = azurerm_resource_group.input_rg.name
+  location            = azurerm_resource_group.input_rg.location
+  sku                 = "PerGB2018"
+  tags                = var.tags
+  retention_in_days   = 30
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
+  name                       = "diagnostic-setting-move"
+  target_resource_id         = azurerm_mssql_database.mssql_db.id
+
+  log {
+    category = "AutomaticTuning"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "Blocks"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "DatabaseWaitStatistics"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "Deadlocks"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "Errors"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "QueryStoreRuntimeStatistics"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "QueryStoreWaitStatistics"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "SQLInsights"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "SQLSecurityAuditEvents"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "Timeouts"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  log {
+    category = "DevOpsOperationsAudit"
+    enabled  = false
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+
+  metric {
+    category = "Basic"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  metric {
+    category = "InstanceAndAppAdvanced"
+    enabled  = true
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+  metric {
+    category = "WorkloadManagement"
+    enabled  = false
+
+    retention_policy {
+      days    = 0
+      enabled = false
+    }
+  }
+}
diff --git a/acceptance/mssql/mssql_test.go b/acceptance/mssql/mssql_test.go
@@ -0,0 +1,49 @@
+// +build acctest
+// NOTE: We use build tags to differentiate acceptance testing
+
+package test
+
+import (
+	"testing"
+
+	"github.com/aristosvo/aztfmove/acceptance"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func TestMsSql_Basic(t *testing.T) {
+	t.Parallel()
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: "./",
+	}
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+
+	moveMsSql := []string{"-resource-group=input-sa-rg", "-target-resource-group=output-sa-rg"}
+	acceptance.Step(moveMsSql, t)
+
+	moveMsSqlBack := []string{"-target-resource-group=input-sa-rg"}
+	acceptance.Step(moveMsSqlBack, t)
+
+
+	terraformOptions = &terraform.Options{
+		TerraformDir: "./",
+		// `azurerm_mssql_server.mssql_server` is excluded in the plan, as `administrator_login_password` would be updated. Resolution would be to make use of AAD login without normal administrator enabled
+		Targets: []string{
+			"azurerm_resource_group.input_rg",
+			"azurerm_resource_group.output_rg",
+			"azurerm_mssql_database.mssql_db",
+			"azurerm_sql_firewall_rule.rule1",
+			"azurerm_sql_firewall_rule.rule2",
+			"azurerm_mssql_database_extended_auditing_policy.mssql_database_extended_auditing_policy",
+			"azurerm_log_analytics_workspace.log_analytics_workspace",
+			"azurerm_monitor_diagnostic_setting.diagnostic_setting",
+		}
+	}
+	exitCode := terraform.InitAndPlanWithExitCode(t, terraformOptions)
+	if exitCode != 0 {
+		t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0)
+	}
+
+	acceptance.Cleanup(t)
+}
diff --git a/acceptance/storage/storage_test.go b/acceptance/storage/storage_test.go
@@ -29,4 +29,6 @@ func TestStorage_Basic(t *testing.T) {
 	if exitCode != 0 {
 		t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0)
 	}
+
+	acceptance.Cleanup(t)
 }
diff --git a/acceptance/vnet/vnet_test.go b/acceptance/vnet/vnet_test.go
@@ -29,4 +29,6 @@ func TestVNet_Basic(t *testing.T) {
 	if exitCode != 0 {
 		t.Fatalf("terraform plan exitcode %d, not %d", exitCode, 0)
 	}
+
+	acceptance.Cleanup(t)
 }