Updates Teleport binary used in tests to 15.2.0

This new version of teleport has the following relevant changes: * Teleport process logging uses `log/slog` For terraform tests we start a teleport binary and parse its output to understand when the Auth/Proxy service started and what ports are they listening on. We used a regex for that, but teleport migrated to `log/slog` and the regex no longer works. Migration PR: gravitational/teleport#38551 We had to fix the regex for integration tests in teleport: gravitational/teleport#39315 Terraform Tests also use that library, so after the regex changed, we must upgrade Teleport CI version to get the new log format. * Teleport API: `GetClusterNetworkingConfig` and `GetSessionRecordingConfig` never return a nil When developing the `ClusterMaitenanceConfig` we had to include a nil check, because if it was never configured, `GetClusterMaintenanceConfig` would return a nil object. This nil check was added to all SingleResource resources. For `ClusterNetworkingConfig` and `SessionRecordingConfig`, the `Get` operation never returns a nil resource and `staticcheck` linter was yelling about it. So, we had to create a new flag to ensure we only nil-checked the resources that can actually return a nil value. * Teleport Resource Metadata It is no longer recommended to use the `<Resource>.Metadata.ID` to check for cached responses. We are now using the revision field. During this change we also detected a miss-usage of an `error` variable and fixed that (could lead to a panic). LoginRules didn't have the `Revision` field, so we added it here: gravitational/teleport.e#3821 Unfortunately, that PR didn't merge in time for 15.2.0. However, that's ok because LoginRules are not cached. So, instead of waiting for a new release (15.2.1), we just removed the cache check.
gravitational · Apr 2, 2024 · 0d0a5ac · 0d0a5ac
1 parent 2956c8b
commit 0d0a5ac
Show file tree

Hide file tree

Showing 26 changed files with 94 additions and 113 deletions.
diff --git a/.github/workflows/terraform-tests.yaml b/.github/workflows/terraform-tests.yaml
@@ -30,13 +30,13 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: '1.5.6'
+          terraform_version: '1.7.5'
           terraform_wrapper: false
 
       - name: Install Teleport
         uses: teleport-actions/setup@v1
         with:
-          version: 15.0.0-alpha.5
+          version: 15.2.0
           enterprise: true
 
       - name: make test-terraform

diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml
@@ -30,7 +30,7 @@ jobs:
       - name: Install Teleport
         uses: teleport-actions/setup@v1
         with:
-          version: 15.0.0-alpha.5
+          version: 15.2.0
           enterprise: true
 
       - name: Run unit tests

diff --git a/go.mod b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/peterbourgon/diskv/v3 v3.0.1
 	github.com/sethvargo/go-limiter v0.7.2
 	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/gjson v1.14.4
 	golang.org/x/exp v0.0.0-20231108232855-2478ac86f678
 	golang.org/x/net v0.21.0
@@ -287,7 +287,7 @@ require (
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
@@ -364,8 +364,8 @@ replace (
 	github.com/alecthomas/kingpin/v2 => github.com/gravitational/kingpin/v2 v2.1.11-0.20230515143221-4ec6b70ecd33
 	github.com/coreos/go-oidc => github.com/gravitational/go-oidc v0.1.1
 	github.com/gogo/protobuf => github.com/gravitational/protobuf v1.3.2-0.20201123192827-2b9fcfaffcbf
-	github.com/gravitational/teleport => github.com/gravitational/teleport v0.0.0-20240327020503-fc3b2b31dec6 // ref: tags/v15.1.10
-	github.com/gravitational/teleport/api => github.com/gravitational/teleport/api v0.0.0-20240327020503-fc3b2b31dec6 // ref: tags/v15.1.10
+	github.com/gravitational/teleport => github.com/gravitational/teleport v0.0.0-20240329210410-bb8bd77625f4 // ref: tags/v15.2.0
+	github.com/gravitational/teleport/api => github.com/gravitational/teleport/api v0.0.0-20240329210410-bb8bd77625f4 // ref: tags/v15.2.0
 	github.com/julienschmidt/httprouter => github.com/gravitational/httprouter v1.3.1-0.20220408074523-c876c5e705a5
 	github.com/microsoft/go-mssqldb => github.com/gravitational/go-mssqldb v0.11.1-0.20230331180905-0f76f1751cd3
 	github.com/vulcand/predicate => github.com/gravitational/predicate v1.3.1

diff --git a/go.sum b/go.sum
@@ -609,10 +609,10 @@ github.com/gravitational/protobuf v1.3.2-0.20201123192827-2b9fcfaffcbf h1:MQ4e8X
 github.com/gravitational/protobuf v1.3.2-0.20201123192827-2b9fcfaffcbf/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gravitational/roundtrip v1.0.2 h1:eOCY0NEKKaB0ksJmvhO6lPMFz1pIIef+vyPBTBROQ5c=
 github.com/gravitational/roundtrip v1.0.2/go.mod h1:fuI1booM2hLRA/B/m5MRAPOU6mBZNYcNycono2UuTw0=
-github.com/gravitational/teleport v0.0.0-20240327020503-fc3b2b31dec6 h1:3nHYZlcljAYrvQVbBYTjtltJQDn7y3cF2/khrw2XM9I=
-github.com/gravitational/teleport v0.0.0-20240327020503-fc3b2b31dec6/go.mod h1:jzLyYVmL2JU/8fJUJmhyzqYeCQgmz6Ypq8mP2BgC4fU=
-github.com/gravitational/teleport/api v0.0.0-20240327020503-fc3b2b31dec6 h1:p3oWqebbUx0nx+tEzfswKqkIbH3XVL5dFUJhdmRgIoo=
-github.com/gravitational/teleport/api v0.0.0-20240327020503-fc3b2b31dec6/go.mod h1:TbJnZvy5Q8Ye692yRVQzW5KfnkFRlh3qMd922HAtQ8Q=
+github.com/gravitational/teleport v0.0.0-20240329210410-bb8bd77625f4 h1:g4UswicmiUseh/1mdtTXnSMj1YtoYR+aLvKJNKm4HAk=
+github.com/gravitational/teleport v0.0.0-20240329210410-bb8bd77625f4/go.mod h1:JoZGqhngHo100AlR67nhDRSQhcmrI7XhCLdqDKtTa/4=
+github.com/gravitational/teleport/api v0.0.0-20240329210410-bb8bd77625f4 h1:FGwnoGbq9JDilDU0YHdsUBepOCas4DG2THnbrsMMpmc=
+github.com/gravitational/teleport/api v0.0.0-20240329210410-bb8bd77625f4/go.mod h1:TbJnZvy5Q8Ye692yRVQzW5KfnkFRlh3qMd922HAtQ8Q=
 github.com/gravitational/trace v1.3.1 h1:jwZEuRtCYpLhUtqHo+JH+lu2qM0LB98UagqHtvdKuLI=
 github.com/gravitational/trace v1.3.1/go.mod h1:E61mn73aro7Zg9gZheZaeUsK6gjUMbCLazY76xuYAVA=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
@@ -1098,8 +1098,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1110,8 +1111,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg=
 github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
 github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=

diff --git a/terraform/Makefile b/terraform/Makefile
@@ -103,7 +103,7 @@ release: build
 endif
 	tar -C $(BUILDDIR) -czf $(RELEASE).tar.gz .
 
-TERRAFORM_EXISTS := $(shell terraform -version 2>/dev/null | grep 'Terraform v1.5')
+TERRAFORM_EXISTS := $(shell terraform -version 2>/dev/null | grep 'Terraform v1.')
 CURRENT_ULIMIT := $(shell ulimit -n)
 
 .PHONY: test

diff --git a/terraform/gen/main.go b/terraform/gen/main.go
@@ -115,6 +115,8 @@ type payload struct {
 	// This is required for some special resources (ServerV2) that support multiple kinds.
 	// For those resources, we must set the kind, and don't want to have the user do it.
 	ForceSetKind string
+	// GetCanReturnNil is used to check for nil returned value when doing a Get<Resource>.
+	GetCanReturnNil bool
 }
 
 func (p *payload) CheckAndSetDefaults() error {
@@ -189,6 +191,7 @@ var (
 		HasStaticID:            true,
 		TerraformResourceType:  "teleport_cluster_maintenance_config",
 		WithNonce:              true,
+		GetCanReturnNil:        true,
 		HasCheckAndSetDefaults: true,
 	}
 
@@ -365,7 +368,7 @@ var (
 		DeleteMethod:          "DeleteLoginRule",
 		ID:                    "loginRule.Metadata.Name",
 		Kind:                  "login_rule",
-		HasStaticID:           false,
+		HasStaticID:           true,
 		ProtoPackage:          "loginrulev1",
 		ProtoPackagePath:      "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1",
 		SchemaPackage:         "schemav1",

diff --git a/terraform/gen/plural_resource.go.tpl b/terraform/gen/plural_resource.go.tpl
@@ -170,13 +170,12 @@ func (r resourceTeleport{{.Name}}) Create(ctx context.Context, req tfsdk.CreateR
 		{{.VarName}}I, err = r.p.Client.{{.GetMethod}}(ctx, {{if .Namespaced}}defaults.Namespace, {{end}}id{{if ne .WithSecrets ""}}, {{.WithSecrets}}{{end}})
 		if trace.IsNotFound(err) {
 			if bErr := backoff.Do(ctx); bErr != nil {
-				resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(err), "{{.Kind}}"))
+				resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(bErr), "{{.Kind}}"))
 				return
 			}
 			if tries >= r.p.RetryConfig.MaxTries {
 				diagMessage := fmt.Sprintf("Error reading {{.Name}} (tried %d times) - state outdated, please import resource", tries)
-				resp.Diagnostics.Append(diagFromWrappedErr(diagMessage, trace.Wrap(err), "{{.Kind}}"))
-				return
+				resp.Diagnostics.AddError(diagMessage, "{{.Kind}}")
 			}
 			continue
 		}
@@ -344,7 +343,7 @@ func (r resourceTeleport{{.Name}}) Update(ctx context.Context, req tfsdk.UpdateR
 			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", err, "{{.Kind}}"))
 			return
 		}
-		if {{.VarName}}Before.GetMetadata().ID != {{.VarName}}I.GetMetadata().ID || {{.HasStaticID}} {
+		if {{.VarName}}Before.GetMetadata().Revision != {{.VarName}}I.GetMetadata().Revision || {{.HasStaticID}} {
 			break
 		}
 

diff --git a/terraform/gen/singular_resource.go.tpl b/terraform/gen/singular_resource.go.tpl
@@ -93,10 +93,14 @@ func (r resourceTeleport{{.Name}}) Create(ctx context.Context, req tfsdk.CreateR
 		return
 	}
 
+	{{- if .GetCanReturnNil }}
+
 	if {{.VarName}}Before == nil {
 		{{.VarName}}Before = &{{.ProtoPackage}}.{{.TypeName}}{}
 	}
 
+	{{- end}}
+
 	{{- if .WithNonce}}
 	{{.VarName}} = {{.VarName}}.WithNonce(math.MaxUint64).(*{{.ProtoPackage}}.{{.TypeName}})
 	{{- end}}
@@ -123,16 +127,16 @@ func (r resourceTeleport{{.Name}}) Create(ctx context.Context, req tfsdk.CreateR
 			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(err), "{{.Kind}}"))
 			return
 		}
-		if {{.VarName}}Before.GetMetadata().ID != {{.VarName}}I.GetMetadata().ID || {{.HasStaticID}} {
+		if {{.VarName}}Before.GetMetadata().Revision != {{.VarName}}I.GetMetadata().Revision || {{.HasStaticID}} {
 			break
 		}
 		if bErr := backoff.Do(ctx); bErr != nil {
-			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(err), "{{.Kind}}"))
+			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(bErr), "{{.Kind}}"))
 			return
 		}
 		if tries >= r.p.RetryConfig.MaxTries {
 			diagMessage := fmt.Sprintf("Error reading {{.Name}} (tried %d times) - state outdated, please import resource", tries)
-			resp.Diagnostics.Append(diagFromWrappedErr(diagMessage, trace.Wrap(err), "{{.Kind}}"))
+			resp.Diagnostics.AddError(diagMessage, "{{.Kind}}")
 			return
 		}
 	}
@@ -255,11 +259,11 @@ func (r resourceTeleport{{.Name}}) Update(ctx context.Context, req tfsdk.UpdateR
 			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(err), "{{.Kind}}"))
 			return
 		}
-		if {{.VarName}}Before.GetMetadata().ID != {{.VarName}}I.GetMetadata().ID || {{.HasStaticID}} {
+		if {{.VarName}}Before.GetMetadata().Revision != {{.VarName}}I.GetMetadata().Revision || {{.HasStaticID}} {
 			break
 		}
 		if bErr := backoff.Do(ctx); bErr != nil {
-			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(err), "{{.Kind}}"))
+			resp.Diagnostics.Append(diagFromWrappedErr("Error reading {{.Name}}", trace.Wrap(bErr), "{{.Kind}}"))
 			return
 		}
 		if tries >= r.p.RetryConfig.MaxTries {

diff --git a/terraform/provider/resource_teleport_access_list.go b/terraform/provider/resource_teleport_access_list.go
diff --git a/terraform/provider/resource_teleport_app.go b/terraform/provider/resource_teleport_app.go
diff --git a/terraform/provider/resource_teleport_auth_preference.go b/terraform/provider/resource_teleport_auth_preference.go
diff --git a/terraform/provider/resource_teleport_cluster_maintenance_config.go b/terraform/provider/resource_teleport_cluster_maintenance_config.go