From 72ba6d74cfb94b7963fae5c77205b7c95451a349 Mon Sep 17 00:00:00 2001
From: David Bloss <david@opslevel.com>
Date: Thu, 17 Oct 2024 15:29:37 -0500
Subject: [PATCH] update secret testing

---
 submodules/opslevel-go           |   2 +-
 tests/opslevel_modules           |   2 +-
 tests/remote/secret.tftest.hcl   | 114 --------------------
 tests/remote/secret/main.tf      |   5 -
 tests/remote/secret/variables.tf |  15 ---
 tests/secret.tftest.hcl          | 173 +++++++++++++++++++++++++++++++
 6 files changed, 175 insertions(+), 136 deletions(-)
 delete mode 100644 tests/remote/secret.tftest.hcl
 delete mode 100644 tests/remote/secret/main.tf
 delete mode 100644 tests/remote/secret/variables.tf
 create mode 100644 tests/secret.tftest.hcl

diff --git a/submodules/opslevel-go b/submodules/opslevel-go
index 40c286d6..50cce36d 160000
--- a/submodules/opslevel-go
+++ b/submodules/opslevel-go
@@ -1 +1 @@
-Subproject commit 40c286d6426381d5020b7fd752ac1878fd2f9996
+Subproject commit 50cce36d03289c505b519553391d710662a3d0c2
diff --git a/tests/opslevel_modules b/tests/opslevel_modules
index 00d9d278..892ecb74 160000
--- a/tests/opslevel_modules
+++ b/tests/opslevel_modules
@@ -1 +1 @@
-Subproject commit 00d9d278a38387ed526536617626291d1849a714
+Subproject commit 892ecb744822854759714205ef679067529fd095
diff --git a/tests/remote/secret.tftest.hcl b/tests/remote/secret.tftest.hcl
deleted file mode 100644
index 14e778a2..00000000
--- a/tests/remote/secret.tftest.hcl
+++ /dev/null
@@ -1,114 +0,0 @@
-variables {
-  resource_name = "opslevel_secret"
-
-  # required fields
-  alias = "tf_test_secret"
-  owner = null
-  value = "TFTestSecretValue"
-
-  # optional fields - none
-}
-
-
-run "from_team_module" {
-  command = plan
-
-  variables {
-    aliases          = null
-    name             = ""
-    parent           = null
-    responsibilities = null
-  }
-
-  module {
-    source = "./team"
-  }
-}
-
-run "resource_secret_create" {
-
-  variables {
-    alias = var.alias
-    owner = run.from_team_module.first_team.id
-    value = var.value
-  }
-
-  module {
-    source = "./secret"
-  }
-
-  assert {
-    condition = alltrue([
-      can(opslevel_secret.test.alias),
-      can(opslevel_secret.test.created_at),
-      can(opslevel_secret.test.id),
-      can(opslevel_secret.test.owner),
-      can(opslevel_secret.test.updated_at),
-      can(opslevel_secret.test.value),
-    ])
-    error_message = replace(var.error_unexpected_resource_fields, "TYPE", var.resource_name)
-  }
-
-  assert {
-    condition = opslevel_secret.test.alias == var.alias
-    error_message = format(
-      "expected '%v' but got '%v'",
-      var.alias,
-      opslevel_secret.test.alias,
-    )
-  }
-
-  assert {
-    condition     = opslevel_secret.test.created_at != null && opslevel_secret.test.updated_at != null
-    error_message = "expected 'created_at' to be set"
-  }
-
-  assert {
-    condition     = opslevel_secret.test.created_at == opslevel_secret.test.updated_at
-    error_message = var.error_expected_null_field
-  }
-
-  assert {
-    condition     = startswith(opslevel_secret.test.id, var.id_prefix)
-    error_message = replace(var.error_wrong_id, "TYPE", var.resource_name)
-  }
-
-  assert {
-    condition = opslevel_secret.test.owner == var.owner
-    error_message = format(
-      "expected '%v' but got '%v'",
-      var.owner,
-      opslevel_secret.test.owner,
-    )
-  }
-
-  assert {
-    condition     = opslevel_secret.test.value == var.value
-    error_message = "expected different secret value, not printing sensitive value"
-  }
-
-}
-
-run "resource_secret_update" {
-
-  variables {
-    alias = var.alias
-    owner = run.from_team_module.first_team.id
-    value = upper(var.value)
-  }
-
-  module {
-    source = "./secret"
-  }
-
-  assert {
-    condition     = opslevel_secret.test.created_at != opslevel_secret.test.updated_at
-    error_message = "expected 'created_at' and 'updated_at' to be different"
-  }
-
-  assert {
-    condition     = opslevel_secret.test.value == upper(var.value)
-    error_message = "expected different secret value, not printing sensitive value"
-  }
-
-}
diff --git a/tests/remote/secret/main.tf b/tests/remote/secret/main.tf
deleted file mode 100644
index 13b8e2df..00000000
--- a/tests/remote/secret/main.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-resource "opslevel_secret" "test" {
-  alias = var.alias
-  owner = var.owner
-  value = var.value
-}
diff --git a/tests/remote/secret/variables.tf b/tests/remote/secret/variables.tf
deleted file mode 100644
index c38ea4b1..00000000
--- a/tests/remote/secret/variables.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-variable "alias" {
-  type        = string
-  description = "The alias for this secret. Can only be set at create time."
-}
-
-variable "owner" {
-  type        = string
-  description = "The owner of this secret."
-}
-
-variable "value" {
-  type        = string
-  description = "A sensitive value"
-  sensitive   = true
-}
diff --git a/tests/secret.tftest.hcl b/tests/secret.tftest.hcl
new file mode 100644
index 00000000..c7b4c2f1
--- /dev/null
+++ b/tests/secret.tftest.hcl
@@ -0,0 +1,173 @@
+variables {
+  resource_name = "opslevel_secret"
+
+  # required fields
+  alias = "tf_test_secret"
+  owner = null # sourced from module
+  value = "TFTestSecretValue"
+
+  # optional fields - none
+}
+
+run "from_data_module" {
+  command = plan
+  plan_options {
+    target = [
+      data.opslevel_teams.all
+    ]
+  }
+
+  module {
+    source = "./data"
+  }
+}
+
+run "resource_secret_create_with_all_fields" {
+
+  variables {
+    # other fields from file scoped variables block
+    owner = run.from_data_module.first_team.id
+  }
+
+  module {
+    source = "./opslevel_modules/modules/secret"
+  }
+
+  assert {
+    condition = alltrue([
+      can(opslevel_secret.this.alias),
+      can(opslevel_secret.this.created_at),
+      can(opslevel_secret.this.id),
+      can(opslevel_secret.this.owner),
+      can(opslevel_secret.this.updated_at),
+      can(opslevel_secret.this.value),
+    ])
+    error_message = replace(var.error_unexpected_resource_fields, "TYPE", var.resource_name)
+  }
+
+  assert {
+    condition = opslevel_secret.this.alias == var.alias
+    error_message = format(
+      "expected '%v' but got '%v'",
+      var.alias,
+      opslevel_secret.this.alias,
+    )
+  }
+
+  assert {
+    condition     = opslevel_secret.this.created_at != null && opslevel_secret.this.updated_at != null
+    error_message = format(
+      "expected '%v' but to match '%v'",
+      opslevel_secret.this.created_at,
+      opslevel_secret.this.updated_at
+    )
+  }
+
+  assert {
+    condition     = opslevel_secret.this.created_at == opslevel_secret.this.updated_at
+    error_message = format(
+      "expected '%v' but to match '%v'",
+      opslevel_secret.this.created_at,
+      opslevel_secret.this.updated_at
+    )
+  }
+
+  assert {
+    condition     = startswith(opslevel_secret.this.id, var.id_prefix)
+    error_message = replace(var.error_wrong_id, "TYPE", var.resource_name)
+  }
+
+  assert {
+    condition = opslevel_secret.this.owner == var.owner
+    error_message = format(
+      "expected '%v' but got '%v'",
+      var.owner,
+      opslevel_secret.this.owner,
+    )
+  }
+
+  assert {
+    condition     = opslevel_secret.this.value == var.value
+    error_message = "expected different secret value, not printing sensitive value"
+  }
+
+}
+
+run "resource_secret_replaced_by_alias_update" {
+
+  variables {
+    # other fields from file scoped variables block
+    alias = "tf_test_secret_updated"
+    owner = run.from_data_module.first_team.id
+  }
+
+  module {
+    source = "./opslevel_modules/modules/secret"
+  }
+
+  assert {
+    condition = opslevel_secret.this.alias == var.alias
+    error_message = format(
+      "expected '%v' but got '%v'",
+      var.alias,
+      opslevel_secret.this.alias,
+    )
+  }
+
+  assert {
+    condition = run.resource_secret_create_with_all_fields.this.id != opslevel_secret.this.id
+    error_message = format(
+      "expected old id '%v' to be different from new id '%v'",
+      run.resource_secret_create_with_all_fields.this.id,
+      opslevel_secret.this.id,
+    )
+  }
+}
+
+run "delete_secret_outside_of_terraform" {
+
+  variables {
+    resource_id   = run.resource_secret_replaced_by_alias_update.this.id
+    resource_type = "secret"
+  }
+
+  module {
+    source = "./provisioner"
+  }
+
+}
+
+run "resource_secret_recreated_with_original_data" {
+
+  variables {
+    owner = run.from_data_module.first_team.id
+  }
+
+  module {
+    source = "./opslevel_modules/modules/secret"
+  }
+
+  assert {
+    condition = opslevel_secret.this.alias == run.resource_secret_create_with_all_fields.this.alias
+    error_message = format(
+      "expected '%v' but got '%v'",
+      run.resource_secret_create_with_all_fields.this.alias,
+      opslevel_secret.this.alias,
+    )
+  }
+
+  assert {
+    condition = opslevel_secret.this.owner == run.resource_secret_create_with_all_fields.this.owner
+    error_message = format(
+      "expected '%v' but got '%v'",
+      run.resource_secret_create_with_all_fields.this.owner,
+      opslevel_secret.this.owner,
+    )
+  }
+
+  assert {
+    condition     = opslevel_secret.this.value == run.resource_secret_create_with_all_fields.this.value
+    error_message = "expected different secret value, not printing sensitive value"
+  }
+
+}