Skip to content

Commit

Permalink
Merge pull request #518 from MusicDin/fix/provider-config
Browse files Browse the repository at this point in the history
Refactor provider config and test trust token/password
  • Loading branch information
simondeziel authored Aug 30, 2024
2 parents 043648f + e47669b commit 0e9bea0
Show file tree
Hide file tree
Showing 10 changed files with 1,070 additions and 428 deletions.
10 changes: 3 additions & 7 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,6 @@ jobs:
env:
TF_ACC: "1"
GO111MODULE: "on"
LXD_REMOTE: localhost
LXD_SCHEME: https
LXD_ADDR: localhost
LXD_PORT: 8443
LXD_GENERATE_CLIENT_CERTS: "true"
LXD_ACCEPT_SERVER_CERTIFICATE: "true"

Expand All @@ -51,7 +47,7 @@ jobs:
run: |
sudo snap refresh lxd --channel=${{ matrix.channel }}
sudo lxd waitready --timeout 60
sudo lxd init --auto --network-port="$LXD_PORT" --network-address="$LXD_ADDR"
sudo lxd init --auto --network-port=8443 --network-address=localhost
sudo chmod 777 /var/snap/lxd/common/lxd/unix.socket
# 5.0/* currently use core20 which ships with a buggy lvm2 package so
Expand All @@ -64,8 +60,8 @@ jobs:
sudo snap restart --reload lxd
fi
# Generate trust token.
echo "LXD_TOKEN=$(lxc config trust add --name lxd-terraform-provider --quiet)" >> $GITHUB_ENV
# Add HTTPS remote.
lxc remote add localhost "$(lxc config trust add --name lxd-terraform-provider --quiet)"
- name: Configure OVN
run: |
Expand Down
26 changes: 10 additions & 16 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,16 +39,14 @@ provider "lxd" {
remote {
name = "lxd-server-1"
scheme = "https"
address = "10.1.1.8"
address = "https://10.1.1.8:8443"
password = "password"
default = true
}
remote {
name = "lxd-server-2"
scheme = "https"
address = "10.1.2.8"
address = "https://10.1.2.8"
token = "token"
}
}
Expand Down Expand Up @@ -77,7 +75,13 @@ The following arguments are supported:

The `remote` block supports:

* `address` - *Optional* - The address of the remote.
* `name` - *Optional* - The name of the remote.

* `protocol` - *Optional* - The protocol of remote server (`lxd` or `simplestreams`).

* `address` - *Optional* - The remote address in format `[<scheme>://]<host>[:<port>]`.
Scheme can be set to either `unix` or `https`. If scheme is not set, it will default to `unix` if first character is `/`, otherwise to `https`.
Port can be set only for remote HTTPS servers. Port value defaults to `8443` for `lxd` protocol, and to `443` for `simplestreams` protocol.

* `default` - *Optional* - Whether this should be the default remote.
This remote will then be used when one is not specified in a resource.
Expand All @@ -88,22 +92,13 @@ The `remote` block supports:
for more information.
The default can also be set with the `LXD_REMOTE` Environment variable.

* `name` - *Optional* - The name of the remote.

* `password` - *Optional* - The [trust password](https://documentation.ubuntu.com/lxd/en/latest/authentication/#adding-client-certificates-using-a-trust-password)
used for initial authentication with the LXD remote. This method is **not recommended** and has
been removed in LXD 6.1. Please, use `token` instead.

* `token` - *Optional* - The one-time trust [token](https://documentation.ubuntu.com/lxd/en/latest/authentication/#adding-client-certificates-using-tokens)
used for initial authentication with the LXD remote.

* `port` - *Optional* - The port of the remote.

* `protocol` - *Optional* - The protocol of remote server (`lxd` or `simplestreams`).

* `scheme` - *Optional* Whether to connect to the remote via `https` or
`unix` (UNIX socket). Defaults to `unix` for LXD remote and `https` for simplestreams remote.

## Undefined Remote

If you choose to _not_ define a `remote`, this provider will attempt
Expand All @@ -117,9 +112,8 @@ The required variables are:

* `LXD_REMOTE` - The name of the remote.
* `LXD_ADDR` - The address of the LXD remote.
* `LXD_PORT` - The port of the LXD remote.
* `LXD_PASSWORD` - The password of the LXD remote.
* `LXD_SCHEME` - The scheme to use (`unix` or `https`).
* `LXD_TOKEN` - The trust token of the LXD remote.

## PKI Support

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ require (
github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0
github.com/hashicorp/terraform-plugin-go v0.23.0
github.com/hashicorp/terraform-plugin-log v0.9.0
github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
github.com/hashicorp/terraform-plugin-testing v1.10.0
github.com/mitchellh/go-homedir v1.1.0
Expand Down Expand Up @@ -46,7 +47,6 @@ require (
github.com/hashicorp/logutils v1.0.0 // indirect
github.com/hashicorp/terraform-exec v0.21.0 // indirect
github.com/hashicorp/terraform-json v0.22.1 // indirect
github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
github.com/hashicorp/terraform-svchost v0.1.1 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect
Expand Down
73 changes: 72 additions & 1 deletion internal/acctest/checks.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,13 @@ package acctest

import (
"fmt"
"net"
"os/exec"
"strings"
"testing"
"time"

"github.com/canonical/lxd/shared/api"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/terraform"
"github.com/terraform-lxd/terraform-provider-lxd/internal/utils"
Expand Down Expand Up @@ -37,7 +40,7 @@ func PreCheckLxdVersion(t *testing.T, versionConstraint string) {
serverVersion := apiServer.Environment.ServerVersion
ok, err := utils.CheckVersion(serverVersion, versionConstraint)
if err != nil {
t.Fatal(err)
t.Fatalf("Failed to check LXD server version: %v", err)
}

if !ok {
Expand Down Expand Up @@ -110,6 +113,74 @@ func PreCheckRoot(t *testing.T) {
}
}

// PreCheckServerExposed skips the test if the server is not exposed on the localhost
// over port 8443. This is required for remote provider tests.
func PreCheckLocalServerHTTPS(t *testing.T) {
conn, err := net.DialTimeout("tcp", "127.0.0.1:8443", 1*time.Second)
if err != nil {
t.Skip(`Skipping remote provider test. LXD is not available on "https://127.0.0.1:8443"`)
}

conn.Close()
}

// ConfigureTrustPassword sets and returns the trust password. If the server
// does not support trust password, the test is skipped.
func ConfigureTrustPassword(t *testing.T) string {
password := "test-pass"

// Only servers with LXD version < 6.0.0 support trust password.
PreCheckLxdVersion(t, "< 6.0.0")

server, err := testProvider().InstanceServer("", "", "")
if err != nil {
t.Fatal(err)
}

apiServer, etag, err := server.GetServer()
if err != nil {
t.Fatal(err)
}

apiServer.Config["core.trust_password"] = password

err = server.UpdateServer(apiServer.Writable(), etag)
if err != nil {
t.Fatal(err)
}

return password
}

// ConfigureTrustToken ensures the trust token is set to "test-pass". If the server
// does not support trust password, the test is skipped.
func ConfigureTrustToken(t *testing.T) string {
server, err := testProvider().InstanceServer("", "", "")
if err != nil {
t.Fatal(err)
}

// Create new token.
tokenPost := api.CertificatesPost{
Name: "tf-test-token",
Type: "client",
Token: true,
}

op, err := server.CreateCertificateToken(tokenPost)
if err != nil {
t.Fatal(err)
}

opAPI := op.Get()
token, err := opAPI.ToCertificateAddToken()
if err != nil {
t.Fatal(err)
}

return token.String()
}

// PrintResourceState is a test check function that prints the entire state
// of a resource with the given name. This check should be used only for
// debuging purposes.
Expand Down
15 changes: 11 additions & 4 deletions internal/acctest/provider_factory.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package acctest

import (
"fmt"
"strings"
"sync"

lxd_config "github.com/canonical/lxd/lxc/config"
"github.com/hashicorp/terraform-plugin-framework/providerserver"
"github.com/hashicorp/terraform-plugin-go/tfprotov6"
"github.com/terraform-lxd/terraform-provider-lxd/internal/provider"
Expand Down Expand Up @@ -35,9 +35,16 @@ func testProvider() *provider_config.LxdProviderConfig {
defer testProviderMutex.Unlock()

if testProviderConfig == nil {
config := lxd_config.DefaultConfig()
acceptClientCert := true
testProviderConfig = provider_config.NewLxdProvider(config, acceptClientCert)
var err error

options := provider_config.Options{
AcceptServerCertificate: true,
}

testProviderConfig, err = provider_config.NewLxdProviderConfig("test", nil, options)
if err != nil {
panic(fmt.Sprintf("Failed to initialize provider: %v", err))
}
}

return testProviderConfig
Expand Down
Loading

0 comments on commit 0e9bea0

Please sign in to comment.