misc: update tests to pass against omicron dev.

Update tests and docs such that the entire acceptance test suite runs
against the simulated omicron environment. We either document and script
all resources that the tests depend on, or teach the tests to create the
dependencies themselves. We'll look into running the acceptance suite
against simulated omicron in a separate patch.

Author: jmcarp

CONTRIBUTING.md

@@ -65,6 +65,8 @@ Until all resources have been added you'll need to make sure your testing enviro
 - A project named "tf-acc-test".
 - At least one image.
 
+To run tests against an empty simulated omicron environment, first provision test-related resources with `./scripts/acc-test-setup.sh`.
+
 Tests that exercise the `oxide_silo` resource need a tls cert that's
 valid for the domain of the Oxide server used for acceptance tests. The
 tests will generate a self-signed cert, but need to know which DNS name

internal/provider/data_source_silo_test.go

@@ -6,18 +6,78 @@ package provider
 
 import (
 	"fmt"
+	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
 type dataSourceSiloConfig struct {
-	BlockName string
+	BlockName   string
+	SiloDNSName string
 }
 
 var dataSourceSiloConfigTpl = `
+resource "tls_private_key" "self-signed" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+resource "tls_self_signed_cert" "self-signed" {
+  private_key_pem       = tls_private_key.self-signed.private_key_pem
+  validity_period_hours = 8760
+
+  subject {
+    common_name  = "{{.SiloDNSName}}"
+    organization = "Oxide Computer Company"
+  }
+
+  dns_names = ["{{.SiloDNSName}}"]
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "oxide_silo" "{{.BlockName}}" {
+  name          = "tf-acc-test"
+  description   = "Managed by Terraform."
+  discoverable  = true
+  identity_mode = "local_only"
+
+  quotas = {
+    cpus    = 2
+    memory  = 8589934592
+    storage = 8589934592
+  }
+
+  mapped_fleet_roles = {
+    admin  = ["admin", "collaborator"]
+    viewer = ["viewer"]
+  }
+
+  tls_certificates = [
+    {
+      name        = "self-signed-wildcard"
+      description = "Self-signed wildcard certificate for *.sys.r3.oxide-preview.com."
+      cert        = tls_self_signed_cert.self-signed.cert_pem
+			key         = tls_private_key.self-signed.private_key_pem
+      service     = "external_api"
+    },
+  ]
+
+  timeouts = {
+    create = "1m"
+    read   = "2m"
+    update = "3m"
+    delete = "4m"
+  }
+}
+
 data "oxide_silo" "{{.BlockName}}" {
-  name = "default"
+  name = oxide_silo.{{.BlockName}}.name
   timeouts = {
     read = "1m"
   }
@@ -26,9 +86,16 @@ data "oxide_silo" "{{.BlockName}}" {
 
 func TestAccSiloDataSourceSilo_full(t *testing.T) {
 	blockName := newBlockName("datasource-silo")
+
+	dnsName := os.Getenv("OXIDE_SILO_DNS_NAME")
+	if dnsName == "" {
+		t.Skip("Skipping test. Export OXIDE_SILO_DNS_NAME to run.")
+	}
+
 	config, err := parsedAccConfig(
 		dataSourceSiloConfig{
-			BlockName: blockName,
+			BlockName:   blockName,
+			SiloDNSName: dnsName,
 		},
 		dataSourceSiloConfigTpl,
 	)
@@ -39,6 +106,11 @@ func TestAccSiloDataSourceSilo_full(t *testing.T) {
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { testAccPreCheck(t) },
 		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories(),
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"tls": {
+				Source: "hashicorp/tls",
+			},
+		},
 		Steps: []resource.TestStep{
 			{
 				Config: config,
@@ -53,6 +125,7 @@ func TestAccSiloDataSourceSilo_full(t *testing.T) {
 func checkDataSourceSilo(dataName string) resource.TestCheckFunc {
 	return resource.ComposeAggregateTestCheckFunc([]resource.TestCheckFunc{
 		resource.TestCheckResourceAttrSet(dataName, "name"),
+		resource.TestCheckResourceAttr(dataName, "name", "tf-acc-test"),
 		resource.TestCheckResourceAttr(dataName, "timeouts.read", "1m"),
 		resource.TestCheckResourceAttrSet(dataName, "id"),
 		resource.TestCheckResourceAttrSet(dataName, "discoverable"),

internal/provider/data_source_vpc_internet_gateway_test.go

@@ -17,10 +17,21 @@ type dataSourceVPCInternetGatewayConfig struct {
 }
 
 var dataSourceVPCInternetGatewayConfigTpl = `
+data "oxide_vpc" "test" {
+  project_name = "tf-acc-test"
+  name         = "default"
+}
+
+resource "oxide_vpc_internet_gateway" "{{.BlockName}}" {
+	vpc_id      = data.oxide_vpc.test.id
+  name        = "test"
+	description = "test description"
+}
+
 data "oxide_vpc_internet_gateway" "{{.BlockName}}" {
   project_name = "tf-acc-test"
   vpc_name     = "default"
-  name         = "default"
+  name         = oxide_vpc_internet_gateway.{{.BlockName}}.name
   timeouts = {
     read = "1m"
   }
@@ -57,8 +68,8 @@ func TestAccCloudDataSourceVPCInternetGateway_full(t *testing.T) {
 func checkDataSourceVPCInternetGateway(dataName string) resource.TestCheckFunc {
 	return resource.ComposeAggregateTestCheckFunc([]resource.TestCheckFunc{
 		resource.TestCheckResourceAttrSet(dataName, "id"),
-		resource.TestCheckResourceAttr(dataName, "description", "Default VPC gateway"),
-		resource.TestCheckResourceAttr(dataName, "name", "default"),
+		resource.TestCheckResourceAttr(dataName, "description", "test description"),
+		resource.TestCheckResourceAttr(dataName, "name", "test"),
 		resource.TestCheckResourceAttrSet(dataName, "vpc_id"),
 		resource.TestCheckResourceAttrSet(dataName, "time_created"),
 		resource.TestCheckResourceAttrSet(dataName, "time_modified"),

internal/provider/data_source_vpc_router_test.go

@@ -18,10 +18,21 @@ type dataSourceVPCRouterConfig struct {
 }
 
 var dataSourceVPCRouterConfigTpl = `
+data "oxide_vpc" "test" {
+  project_name = "tf-acc-test"
+  name         = "default"
+}
+
+resource "oxide_vpc_router" "{{.BlockName}}" {
+	vpc_id      = data.oxide_vpc.test.id
+  name        = "test"
+	description = "test router"
+}
+
 data "oxide_vpc_router" "{{.BlockName}}" {
   project_name = "tf-acc-test"
   vpc_name     = "default"
-  name         = "system"
+  name         = oxide_vpc_router.{{.BlockName}}.name
   timeouts = {
     read = "1m"
   }
@@ -61,10 +72,10 @@ func checkDataSourceVPCRouter(dataName string) resource.TestCheckFunc {
 		resource.TestCheckResourceAttr(
 			dataName,
 			"description",
-			"Routes are automatically added to this router as vpc subnets are created",
+			"test router",
 		),
-		resource.TestCheckResourceAttr(dataName, "name", "system"),
-		resource.TestCheckResourceAttr(dataName, "kind", string(oxide.VpcRouterKindSystem)),
+		resource.TestCheckResourceAttr(dataName, "name", "test"),
+		resource.TestCheckResourceAttr(dataName, "kind", string(oxide.VpcRouterKindCustom)),
 		resource.TestCheckResourceAttrSet(dataName, "vpc_id"),
 		resource.TestCheckResourceAttrSet(dataName, "time_created"),
 		resource.TestCheckResourceAttrSet(dataName, "time_modified"),

scripts/acc-test-setup.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Set up dependencies for the acceptance test suite. The tests expect various
+# resources to be configured.
+
+set -euo pipefail
+
+PROJECT_NAME=${OXIDE_PROJECT:-tf-acc-test}
+
+# Default to test-suite-silo, the silo used by omicron-dev.
+SILO_NAME=${OXIDE_SILO:-test-suite-silo}
+
+# Point to a .raw file, defaulting to a local alpine image. To build an image,
+# run:
+#
+# wget https://dl-cdn.alpinelinux.org/alpine/v3.22/releases/cloud/generic_alpine-3.22.1-x86_64-bios-tiny-r0.qcow2
+# qemu-img convert -f qcow2 -O raw generic_alpine-3.22.1-x86_64-bios-tiny-r0.qcow2 alpine.raw
+IMAGE_PATH=${OXIDE_IMAGE_PATH:-alpine.raw}
+
+# oxide project create --name $PROJECT_NAME --description $PROJECT_NAME
+
+# # We need to create disks, images, etc., so override the default empty quota.
+# oxide silo quotas update --silo $SILO_NAME --cpus 100 --memory $((2 ** 40)) --storage $((2 ** 40))
+
+# # Set up the default IP pool, and add a range.
+# oxide ip-pool create --name default --description default
+# oxide ip-pool silo link --pool default --silo $SILO_NAME --is-default true
+# oxide ip-pool range add --first 10.0.1.0 --last 10.0.1.255 --pool default
+
+# The acceptance tests expect both at least a single project-scoped image and a
+# silo-scoped image. Import the same image twice, then promote one copy to the
+# silo. Use alpine because it's small.
+oxide disk import \
+    --project $PROJECT_NAME \
+    --path $IMAGE_PATH \
+    --disk alpine-project \
+    --description "alpine image" \
+    --snapshot alpine-snapshot-project \
+    --image alpine-project \
+    --image-description "alpine image" \
+    --image-os alpine \
+    --image-version "3.22.1"
+
+oxide image promote --image alpine-project --project $PROJECT_NAME
+
+oxide disk import \
+    --project $PROJECT_NAME \
+    --path $IMAGE_PATH \
+    --disk alpine-silo \
+    --description "alpine image" \
+    --snapshot alpine-snapshot-silo \
+    --image alpine-silo \
+    --image-description "alpine image" \
+    --image-os alpine \
+    --image-version "3.22.1"