Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(tests): Add panos_url_filtering_security_profile terraform tests #418

Merged
merged 1 commit into from
Feb 7, 2025
Merged

feat(tests): Add panos_url_filtering_security_profile terraform tests #418

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
327 changes: 327 additions & 0 deletions assets/terraform/test/resource_url_filtering_security_profile_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,327 @@
package provider_test

import (
"context"
"errors"
"fmt"
"strings"
"testing"

sdkerrors "github.com/PaloAltoNetworks/pango/errors"
"github.com/PaloAltoNetworks/pango/objects/profiles/urlfiltering"

"github.com/hashicorp/terraform-plugin-testing/config"
"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/knownvalue"
"github.com/hashicorp/terraform-plugin-testing/statecheck"
"github.com/hashicorp/terraform-plugin-testing/terraform"
"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
)

func TestAccUrlFilteringSecurityProfile(t *testing.T) {
nameSuffix := acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum)
prefix := fmt.Sprintf("test-acc-%s", nameSuffix)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProtoV6ProviderFactories: testAccProviders,
CheckDestroy: testAccUrlFilteringSecurityProfileDestroy(prefix),
Steps: []resource.TestStep{
{
Config: urlFilteringSecurityProfile1Tmpl,
ConfigVariables: map[string]config.Variable{
"prefix": config.StringVariable(prefix),
},
ConfigStateChecks: []statecheck.StateCheck{
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("name"),
knownvalue.StringExact(fmt.Sprintf("%s-profile", prefix)),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("description"),
knownvalue.StringExact("description"),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("disable_override"),
knownvalue.StringExact("yes"),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("alert"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("games"),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("allow"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("music"),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("block"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("news"),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("cloud_inline_cat"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("continue"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("travel"),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("enable_container_page"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("local_inline_cat"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("log_container_page_only"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("log_http_hdr_referer"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("log_http_hdr_user_agent"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("log_http_hdr_xff"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("safe_search_enforcement"),
knownvalue.Bool(true),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("credential_enforcement"),
knownvalue.ObjectExact(map[string]knownvalue.Check{
"log_severity": knownvalue.StringExact("medium"),
"alert": knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("games"),
}),
"allow": knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("music"),
}),
"block": knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("news"),
}),
"continue": knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("travel"),
}),
"mode": knownvalue.ObjectExact(map[string]knownvalue.Check{
"disabled": knownvalue.Null(),
"domain_credentials": knownvalue.ObjectExact(nil),
"group_mapping": knownvalue.Null(),
"ip_user": knownvalue.Null(),
}),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("http_header_insertion"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.ObjectExact(map[string]knownvalue.Check{
"name": knownvalue.StringExact("header1"),
"disable_override": knownvalue.StringExact("yes"),
"type": knownvalue.ListExact([]knownvalue.Check{
knownvalue.ObjectExact(map[string]knownvalue.Check{
"name": knownvalue.StringExact("Google Apps Access Control"),
"domains": knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact("example.com"),
}),
"headers": knownvalue.ListExact([]knownvalue.Check{
knownvalue.ObjectExact(map[string]knownvalue.Check{
"name": knownvalue.StringExact("header1"),
"header": knownvalue.StringExact("header1"),
"log": knownvalue.Bool(true),
"value": knownvalue.StringExact("value1"),
}),
}),
}),
}),
}),
}),
),
statecheck.ExpectKnownValue(
"panos_url_filtering_security_profile.rules",
tfjsonpath.New("mlav_category_exception"),
knownvalue.ListExact([]knownvalue.Check{
knownvalue.StringExact(fmt.Sprintf("%s-category", prefix)),
}),
),
},
},
{
Config: urlFilteringSecurityProfileCleanupTmpl,
ConfigVariables: map[string]config.Variable{
"prefix": config.StringVariable(prefix),
},
ConfigStateChecks: []statecheck.StateCheck{
UrlFilteringSecurityProfileExpectNoEntriesInLocation(prefix),
},
},
},
})
}

const urlFilteringSecurityProfile1Tmpl = `
variable prefix { type = string }

resource "panos_device_group" "dg" {
location = { panorama = {} }

name = format("%s-dg1", var.prefix)
}

resource "panos_custom_url_category" "category" {
location = { device_group = { name = panos_device_group.dg.name } }

name = format("%s-category", var.prefix)
}

resource "panos_url_filtering_security_profile" "rules" {
location = { device_group = { name = panos_device_group.dg.name } }

name = format("%s-profile", var.prefix)
description = "description"
disable_override = "yes"

alert = ["games"]
allow = ["music"]
block = ["news"]
cloud_inline_cat = true
continue = ["travel"]
enable_container_page = true
local_inline_cat = true
log_container_page_only = true
log_http_hdr_referer = true
log_http_hdr_user_agent = true
log_http_hdr_xff = true
safe_search_enforcement = true
credential_enforcement = {
log_severity = "medium"
alert = ["games"]
allow = ["music"]
block = ["news"]
continue = ["travel"]
mode = {
domain_credentials = {}
}
}
http_header_insertion = [{
name = "header1"
disable_override = "yes"
type = [{
name = "Google Apps Access Control"
domains = ["example.com"]
headers = [{
name = "header1"
header = "header1"
log = true
value = "value1"
}]
}]
}]
mlav_category_exception = [resource.panos_custom_url_category.category.name]
}
`

const urlFilteringSecurityProfileCleanupTmpl = `
variable prefix { type = string }

resource "panos_device_group" "dg" {
location = { panorama = {} }

name = format("%s-dg1", var.prefix)
}
`

type urlFilteringSecurityProfileExpectNoEntriesInLocation struct {
prefix string
}

func UrlFilteringSecurityProfileExpectNoEntriesInLocation(prefix string) *urlFilteringSecurityProfileExpectNoEntriesInLocation {
return &urlFilteringSecurityProfileExpectNoEntriesInLocation{
prefix: prefix,
}
}

func (o *urlFilteringSecurityProfileExpectNoEntriesInLocation) CheckState(ctx context.Context, req statecheck.CheckStateRequest, resp *statecheck.CheckStateResponse) {
service := urlfiltering.NewService(sdkClient)
location := urlfiltering.NewDeviceGroupLocation()
location.DeviceGroup.DeviceGroup = fmt.Sprintf("%s-dg1", o.prefix)
objects, err := service.List(ctx, *location, "get", "", "")
if err != nil && !sdkerrors.IsObjectNotFound(err) {
resp.Error = fmt.Errorf("failed to query server for entries: %w", err)
return
}

var dangling []string
for _, elt := range objects {
if strings.HasPrefix(elt.Name, o.prefix) {
dangling = append(dangling, elt.Name)
}
}

if len(dangling) > 0 {
resp.Error = fmt.Errorf("delete of the resource didn't remove it from the server")
}
}

func testAccUrlFilteringSecurityProfileDestroy(prefix string) func(s *terraform.State) error {
return func(s *terraform.State) error {
service := urlfiltering.NewService(sdkClient)

location := urlfiltering.NewDeviceGroupLocation()
location.DeviceGroup.DeviceGroup = fmt.Sprintf("%s-dg1", prefix)

ctx := context.TODO()
entries, err := service.List(ctx, *location, "get", "", "")
if err != nil && !sdkerrors.IsObjectNotFound(err) {
return fmt.Errorf("failed to list existing entries via sdk: %w", err)
}

var leftEntries []string
for _, elt := range entries {
if strings.HasPrefix(elt.Name, prefix) {
leftEntries = append(leftEntries, elt.Name)
}
}

if len(leftEntries) > 0 {
err := fmt.Errorf("terraform failed to remove entries from the server")
delErr := service.Delete(ctx, *location, leftEntries...)
if delErr != nil {
return errors.Join(err, delErr)
}
}

return nil
}
}
Loading