diff --git a/.claude/guidelines/testing_for_tfvars_changes.md b/.claude/guidelines/testing_for_tfvars_changes.md new file mode 100644 index 0000000..0648973 --- /dev/null +++ b/.claude/guidelines/testing_for_tfvars_changes.md @@ -0,0 +1,63 @@ +# Testing for `terraform.tfvars` Variable Changes + +## Scope + +Applies when a PR adds, modifies, or removes a top-level `terraform.tfvars` variable that drives any generated artefact under [`assets/src/`](../../assets/src/) — `tower.yml`, `tower.env`, `docker-compose.yml`, `tower.sql`, Ansible files, Wave-Lite config, etc. + +The framework only catches drift on assertions that exist. Hardcoded values in templates are silent test gaps until they become parameters; this protocol forces the gap to be filled at PR time. Background on the framework: [`testcase_architecture.md`](../../tests/testcase_architecture.md). + +## Required steps + +### 1. Update both baseline assertions + +In [`tests/datafiles/expected_results/expected_results.py`](../../tests/datafiles/expected_results/expected_results.py), add the resulting key/value to BOTH `generate__entries_all_active` AND `generate__entries_all_disabled` for every artefact the variable affects. + +Use the file-type-appropriate key syntax: + +| File type | Key syntax | Example | +| --------- | ---------- | ------- | +| `*.yml` | YAMLPath (dot-separated) | `tower.participant.auto-create-user` | +| `*.env` | Plain key | `TOWER_DB_URL` | +| `*.sql` | Full-page compare via `tests/datafiles/expected_results/expected_sql/.sql` | n/a | + +For a binary feature flag, the two baselines should typically assert opposite values (`_all_active` = on, `_all_disabled` = off). For non-flag variables, both baselines may assert the same default. + +### 2. Set the `_all_active`-side default in `base-overrides.auto.tfvars` + +This is the project's preferred pattern: every test inherits the "all enabled" value by default, and `_all_disabled` tests list the explicit inverse overrides (step 3). The result is that `_all_active`-flavoured tests need minimal `tf_modifiers`, and the inversion is concentrated in `_all_disabled` tests where it's already idiomatic. + +Edit the heredoc in [`tests/datafiles/generate_core_data.sh`](../../tests/datafiles/generate_core_data.sh) — add the variable to the appropriate section with its `_all_active` value. The next test run regenerates `tests/datafiles/base-overrides.auto.tfvars`, which is auto-loaded by `terraform plan` for every test. + +**Don't conflate test convenience with deployment policy**: this does NOT change [`templates/TEMPLATE_terraform.tfvars`](../../templates/TEMPLATE_terraform.tfvars). The shipped default for new deployers stays untouched. Flipping the TEMPLATE default is a separate decision requiring CHANGELOG amendment per [`changelog_protocol.md`](changelog_protocol.md). + +**Cache invalidation note**: changing `base-overrides.auto.tfvars` invalidates all cached terraform plans. The rebuild is automatic but takes minutes on first re-run. + +**Exception — when NOT to use this approach**: if the variable is only relevant to one specific scenario (e.g., a private-CA test) rather than the general "all enabled" baseline, set it via per-test `tf_modifiers` in [`test_config_file_content.py`](../../tests/unit/config_files/test_config_file_content.py) instead. Default to base-overrides; fall back to per-test only when the variable is genuinely scenario-local. + +### 3. Add inverse overrides to every `_all_disabled`-style test + +Every test that calls `generate_assertions_all_disabled` must explicitly override the new flag(s) to the `_all_disabled` value in its `tf_modifiers`. Without this, those tests silently pass in default mode (the new key isn't in their narrow `desired_files`) but **fail under `TEST_FULL=true`**. + +Find them with: + +```bash +grep -n "generate_assertions_all_disabled" tests/unit/config_files/test_config_file_content.py +``` + +**Don't rely on test naming alone** — some tests like `test_seqera_hosted_wave_active` call `generate_assertions_all_disabled` despite an "active"-flavoured suffix. + +### 4. Verify with `TEST_FULL=true` (required before merge) + +Default `make run_tests` only validates files listed in each test's `desired_files`. A test can pass while leaving the new key entirely unvalidated, because the file containing it was never generated. **The PR is not solid until `TEST_FULL=true` passes.** + +```bash +TEST_FULL=true pytest tests/unit/config_files +``` + +If `TEST_FULL` surfaces failures unrelated to your change, surface them to the user — don't silently chase them as part of this PR. + +## Don't + +- **Don't add a new testcase without explicit user authorization.** The two baselines (`_all_active` and `_all_disabled`) are usually sufficient for boolean flags. If you believe a new scenario test is needed, propose it to the user with justification — explain why the existing baselines can't cover the case (e.g., the flag interacts non-obviously with another flag, or it changes resource topology in a way that needs targeted assertion). Wait for sign-off before writing the test. +- **Don't change `templates/TEMPLATE_terraform.tfvars` defaults to simplify tests.** That's a deployment-policy change requiring CHANGELOG amendment and stakeholder review per [`changelog_protocol.md`](changelog_protocol.md). +- **Don't trust default-mode passing tests as proof of correctness** for assertions on files not in `desired_files`. Confirm with `TEST_FULL=true`. diff --git a/009_define_file_templates.tf b/009_define_file_templates.tf index 999ada3..e934dae 100644 --- a/009_define_file_templates.tf +++ b/009_define_file_templates.tf @@ -86,6 +86,9 @@ locals { tower_audit_retention_days = var.tower_audit_retention_days, + flag_tower_enable_participant_auto_create_user = var.flag_tower_enable_participant_auto_create_user, + flag_tower_enable_member_auto_create_user = var.flag_tower_enable_member_auto_create_user, + flag_using_micronaut_4 = local.flag_using_micronaut_4, } diff --git a/CHANGELOG.md b/CHANGELOG.md index 11029a5..8bcc3a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ $ git log origin/master..origin/gwright99/25_2_0_update --oneline - Documentation - Added Studios SSH design decision to `design_decisions.md`. [`#313`](https://github.com/seqeralabs/cx-field-tools-installer/issues/313) - Updated `TEMPLATE_terraform.tfvars` with Studios SSH variables and configuration guidance. [`#313`](https://github.com/seqeralabs/cx-field-tools-installer/issues/313) + - Added explicit Tower user auto-creation flags (`flag_tower_enable_participant_auto_create_user`, `flag_tower_enable_member_auto_create_user`) to `TEMPLATE_terraform.tfvars`. [`#312`](https://github.com/seqeralabs/cx-field-tools-installer/issues/312) - TBD

@@ -47,6 +48,9 @@ $ git log origin/master..origin/gwright99/25_2_0_update --oneline | New | Studios SSH | `flag_limit_data_studio_ssh_to_some_workspaces` | When `true`, restricts SSH access to the workspace IDs listed in `data_studio_ssh_eligible_workspaces`. When `false`, SSH is available to all workspaces. | | New | Studios SSH | `data_studio_ssh_eligible_workspaces` | Comma-separated list of numeric workspace IDs that are permitted to use Studios SSH. Only evaluated when `flag_limit_data_studio_ssh_to_some_workspaces = true`. | |||| +| New | Tower Auth | `flag_tower_enable_participant_auto_create_user` | Controls Tower's `tower.participant.auto-create-user`. When `true`, allows a workspace participant to be auto-created when added by email. Defaults to `false`. [`#312`](https://github.com/seqeralabs/cx-field-tools-installer/issues/312) | +| New | Tower Auth | `flag_tower_enable_member_auto_create_user` | Controls Tower's `tower.member.auto-create-user`. When `true`, allows the underlying User entity to be auto-created when an email is added as an Org Member. Defaults to `false`. [`#312`](https://github.com/seqeralabs/cx-field-tools-installer/issues/312) | +|||| | Modified | Studios | `data_studio_container_version` | Updated from 0.9.0 to 0.11.0. Note: Studios SSH requires connect-proxy >= 0.10.0. | | Modified | Studios | `data_studio_options` | Removed 0.9.0 images and added 0.11.0 images. | |||| diff --git a/CLAUDE.md b/CLAUDE.md index 3632b60..ffa8e80 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -17,6 +17,7 @@ References in the table below use these prefixes: | Writing or editing Terraform (`*.tf`, `terraform.tfvars`) | `proj:terraform_conventions.md`, `proj:terraform_style_guide.md` | | Writing or editing Python | `proj:python_standards.md` | | Running, writing, or analysing tests | `proj:testing_strategy.md`, `proj:testing_commands.md` | +| Adding/modifying a `terraform.tfvars` variable that drives a generated artefact (`tower.yml`, `tower.env`, etc.) | `proj:testing_for_tfvars_changes.md` | | Working on security-sensitive code (secrets, IAM, SSM, certificates) | `proj:security_considerations.md` | ## Project Overview diff --git a/assets/src/tower_config/tower.yml.tpl b/assets/src/tower_config/tower.yml.tpl index 4810fc0..c88d8c6 100644 --- a/assets/src/tower_config/tower.yml.tpl +++ b/assets/src/tower_config/tower.yml.tpl @@ -148,12 +148,19 @@ tower: - label: "Docs" url: "https://docs.seqera.io" - # Controls whether an individual must have a registered account with Seqera Platform before they can be + # Controls whether an individual must have a registered account with Seqera Platform before they can be # added directly to a Workspace as a collaborator. - # - If `true`: The user does not need a pre-existing Platform account before they can be added. - # - If `false`: The user must have a pre-existing Platform account before they can be added. + # - If `true`: The user does not need a pre-existing Platform account before they can be added. + # - If `false`: The user must have a pre-existing Platform account before they can be added. participant: - auto-create-user: false + auto-create-user: ${flag_tower_enable_participant_auto_create_user} + + # Controls whether an individual must have a registered account with Seqera Platform before they can be + # added directly to an Organization as a member. + # - If `true`: The user does not need a pre-existing Platform account before they can be added. + # - If `false`: The user must have a pre-existing Platform account before they can be added. + member: + auto-create-user: ${flag_tower_enable_member_auto_create_user} # By default, if an update is not received for 180 seconds, Seqera Platform marks the pipeline status as UNKNOWN. # Making this setting explicit in case some sites need to customize due to local conditions. diff --git a/templates/TEMPLATE_terraform.tfvars b/templates/TEMPLATE_terraform.tfvars index 4594778..9c456ae 100644 --- a/templates/TEMPLATE_terraform.tfvars +++ b/templates/TEMPLATE_terraform.tfvars @@ -782,6 +782,20 @@ tower_root_users = "REPLACE_ME" tower_email_trusted_orgs = "REPLACE_ME" tower_email_trusted_users = "REPLACE_ME" +# Controls whether Seqera Platform will auto-create an underlying User entity when an +# unknown email is added directly to a resource. +# +# - `flag_tower_enable_participant_auto_create_user` governs Workspace **collaborators** +# (`tower.participant.auto-create-user`). If `true`, the email does not need a +# pre-existing Platform account; if `false`, the User must already exist. +# +# - `flag_tower_enable_member_auto_create_user` governs Organization **members** +# (`tower.member.auto-create-user`). If `true`, adding an unknown email as an +# Organization User auto-generates the underlying Platform User; if `false`, the +# User must already exist. +flag_tower_enable_participant_auto_create_user = false +flag_tower_enable_member_auto_create_user = false + tower_audit_retention_days = 1095 # 3 years (value in days) tower_enable_openapi = true diff --git a/tests/datafiles/012_testing_outputs.tf b/tests/datafiles/012_testing_outputs.tf index a36d596..e9fdcd2 100644 --- a/tests/datafiles/012_testing_outputs.tf +++ b/tests/datafiles/012_testing_outputs.tf @@ -4,4 +4,4 @@ ## ------------------------------------------------------------------------------------ output local_wave_enabled { value = local.wave_enabled -} +} diff --git a/tests/datafiles/expected_results/expected_results.py b/tests/datafiles/expected_results/expected_results.py index acc6e23..fe12203 100644 --- a/tests/datafiles/expected_results/expected_results.py +++ b/tests/datafiles/expected_results/expected_results.py @@ -1,6 +1,7 @@ from tests.utils.config import all_template_files, expected_sql_dir from tests.utils.filehandling import FileHelper + """ Generate two sets of baseline value sets. 1. Settings when all features / assets activated. @@ -133,6 +134,8 @@ def generate_tower_yml_entries_all_active(overrides={}): "micronaut.application.name": "tower-testing", "tower.cron.audit-log.clean-up.time-offset": "1095d", "tower.data-studio.allowed-workspaces": None, + "tower.member.auto-create-user": True, + "tower.participant.auto-create-user": True, "tower.trustedEmails[0]": "'graham.wright@seqera.io,gwright99@hotmail.com'", "tower.trustedEmails[1]": "'*@abc.com,*@def.com'", "tower.trustedEmails[2]": "'123@abc.com,456@def.com'", @@ -244,12 +247,22 @@ def generate_assertions_all_active(template_files, overrides): entries = { "tower_env": generate_tower_env_entries_all_active(overrides["tower_env"]), "tower_yml": generate_tower_yml_entries_all_active(overrides["tower_yml"]), - "data_studios_env": generate_data_studios_env_entries_all_active(overrides["data_studios_env"]), + "data_studios_env": generate_data_studios_env_entries_all_active( + overrides["data_studios_env"] + ), "tower_sql": generate_tower_sql_entries_all_active(overrides["tower_sql"]), - "docker_compose": generate_docker_compose_yml_entries_all_active(overrides["docker_compose"]), - "wave_lite_yml": generate_wave_lite_yml_entries_all_active(overrides["wave_lite_yml"]), - "wave_lite_rds": generate_wave_lite_rds_entries_all_active(overrides["wave_lite_rds"]), - "groundswell_env": generate_groundswell_env_entries_all_active(overrides["groundswell_env"]), + "docker_compose": generate_docker_compose_yml_entries_all_active( + overrides["docker_compose"] + ), + "wave_lite_yml": generate_wave_lite_yml_entries_all_active( + overrides["wave_lite_yml"] + ), + "wave_lite_rds": generate_wave_lite_rds_entries_all_active( + overrides["wave_lite_rds"] + ), + "groundswell_env": generate_groundswell_env_entries_all_active( + overrides["groundswell_env"] + ), # TODO: Build out stubs OR identify as not-in-scope due to other testing method (e.g. .sql) "groundswell_sql": {"present": {}, "omitted": {}}, "seqerakit_yml": {"present": {}, "omitted": {}}, @@ -391,6 +404,8 @@ def generate_tower_yml_entries_all_disabled(overrides={}): "mail.smtp.ssl.protocols": "TLSv1.2", "micronaut.application.name": "tower-testing", "tower.cron.audit-log.clean-up.time-offset": "1095d", + "tower.member.auto-create-user": False, + "tower.participant.auto-create-user": False, "tower.trustedEmails[0]": "'graham.wright@seqera.io,gwright99@hotmail.com'", "tower.trustedEmails[1]": "'*@abc.com,*@def.com'", "tower.trustedEmails[2]": "'123@abc.com,456@def.com'", @@ -499,12 +514,22 @@ def generate_assertions_all_disabled(template_files, overrides): entries = { "tower_env": generate_tower_env_entries_all_disabled(overrides["tower_env"]), "tower_yml": generate_tower_yml_entries_all_disabled(overrides["tower_yml"]), - "data_studios_env": generate_data_studios_env_entries_all_disabled(overrides["data_studios_env"]), + "data_studios_env": generate_data_studios_env_entries_all_disabled( + overrides["data_studios_env"] + ), "tower_sql": generate_tower_sql_entries_all_disabled(overrides["tower_sql"]), - "docker_compose": generate_docker_compose_yml_entries_all_disabled(overrides["docker_compose"]), - "wave_lite_yml": generate_wave_lite_yml_entries_all_disabled(overrides["wave_lite_yml"]), - "wave_lite_rds": generate_wave_lite_rds_entries_all_disabled(overrides["wave_lite_rds"]), - "groundswell_env": generate_groundswell_env_entries_all_disabled(overrides["groundswell_env"]), + "docker_compose": generate_docker_compose_yml_entries_all_disabled( + overrides["docker_compose"] + ), + "wave_lite_yml": generate_wave_lite_yml_entries_all_disabled( + overrides["wave_lite_yml"] + ), + "wave_lite_rds": generate_wave_lite_rds_entries_all_disabled( + overrides["wave_lite_rds"] + ), + "groundswell_env": generate_groundswell_env_entries_all_disabled( + overrides["groundswell_env"] + ), # TODO: Build out stubs OR identify as not-in-scope due to other testing method (e.g. .sql) "groundswell_sql": {"present": {}, "omitted": {}}, "seqerakit_yml": {"present": {}, "omitted": {}}, @@ -542,8 +567,7 @@ def purge_baseline_of_specified_overrides(baseline, overrides): def assertion_modifiers_template(): - """ - Generate a blank dict for each testcase file to attach test-specific assertion modifiers to. + """Generate a blank dict for each testcase file to attach test-specific assertion modifiers to. These are then reconciled with the core set of assertions in `expected_results.py` (via `generate_assertions_xxx`). """ return {k: {} for k in all_template_files} diff --git a/tests/datafiles/generate_core_data.sh b/tests/datafiles/generate_core_data.sh index ffdd43e..f1555b8 100755 --- a/tests/datafiles/generate_core_data.sh +++ b/tests/datafiles/generate_core_data.sh @@ -183,6 +183,9 @@ tower_root_users = "graham.wright@seqera.io,gwright99@hotmail.com" tower_email_trusted_orgs = "*@abc.com, *@def.com" tower_email_trusted_users = "123@abc.com, 456@def.com" +flag_tower_enable_participant_auto_create_user = true +flag_tower_enable_member_auto_create_user = true + tower_enable_openapi = true tower_enable_pipeline_versioning = true @@ -266,22 +269,22 @@ python3 generate_testing_secrets.py update_ssm_parameter() { local param_name="$1" local local_file="$2" - + echo "Processing parameter: $param_name" - + # Try to get current value (single call) current_value=$(aws ssm get-parameter --name "$param_name" --with-decryption --query 'Parameter.Value' --output text 2>/dev/null) - + if [ $? -eq 0 ]; then echo "Parameter $param_name exists, checking if update is needed..." - + # Hash the current value current_hash=$(echo -n "$current_value" | sha256sum | cut -d' ' -f1) - + # Get local file content and hash it local_content=$(cat "$local_file") local_hash=$(echo -n "$local_content" | sha256sum | cut -d' ' -f1) - + # Compare hashes if [ "$current_hash" = "$local_hash" ]; then echo "Parameter $param_name is up to date (hash match)" @@ -292,14 +295,14 @@ update_ssm_parameter() { else echo "Parameter $param_name does not exist, creating..." fi - + # Create or update parameter aws ssm put-parameter \ --name "$param_name" \ --value "$(cat "$local_file")" \ --type "SecureString" \ --overwrite - + echo "Parameter $param_name updated successfully" } @@ -331,5 +334,5 @@ cat << 'EOF' > 012_testing_outputs.tf ## ------------------------------------------------------------------------------------ output local_wave_enabled { value = local.wave_enabled -} +} EOF diff --git a/tests/unit/config_files/test_config_file_content.py b/tests/unit/config_files/test_config_file_content.py index fbd6140..551b588 100644 --- a/tests/unit/config_files/test_config_file_content.py +++ b/tests/unit/config_files/test_config_file_content.py @@ -1,7 +1,6 @@ import sys import pytest - from tests.datafiles.expected_results.expected_results import ( assertion_modifiers_template, generate_assertions_all_active, @@ -13,6 +12,7 @@ from tests.utils.terraform.executor import prepare_plan from tests.utils.terraform.template_generator import generate_tc_files + ## ------------------------------------------------------------------------------------ ## MARK: Baseline ON/OFF ## ------------------------------------------------------------------------------------ @@ -25,7 +25,6 @@ @pytest.mark.local def test_baseline_alb_all_enabled(session_setup): """Conduct baseline assertions when all SP services turned on.""" - tf_modifiers = """#NONE""" plan = prepare_plan(tf_modifiers) @@ -42,7 +41,6 @@ def test_baseline_alb_all_enabled(session_setup): @pytest.mark.local def test_baseline_alb_all_disabled(session_setup): """Conduct baseline assertions when all SP services turned off.""" - # TODO: Get rid of email disabling. This should be a discrete check. tf_modifiers = """ flag_use_aws_ses_iam_integration = false @@ -54,7 +52,9 @@ def test_baseline_alb_all_disabled(session_setup): flag_use_wave_lite = false flag_allow_aws_instance_credentials = false tower_enable_openapi = false - tower_enable_pipeline_versioning = false + tower_enable_pipeline_versioning = false + flag_tower_enable_participant_auto_create_user = false + flag_tower_enable_member_auto_create_user = false """ plan = prepare_plan(tf_modifiers) @@ -73,12 +73,10 @@ def test_baseline_alb_all_disabled(session_setup): @pytest.mark.local @pytest.mark.private_ca def test_private_ca_reverse_proxy_active(session_setup): + """Scenario: + - Baseline all enabled. + - Reverseproxy with self-signed private CA active. """ - Scenario: - - Baseline all enabled. - - Reverseproxy with self-signed private CA active. - """ - tf_modifiers = """ flag_create_load_balancer = false flag_use_private_cacert = true @@ -105,12 +103,10 @@ def test_private_ca_reverse_proxy_active(session_setup): @pytest.mark.local @pytest.mark.studios def test_studio_path_routing_enabled(session_setup): + """Scenario: + - Baseline all enabled. + - Studios path-routing enabled. """ - Scenario: - - Baseline all enabled. - - Studios path-routing enabled. - """ - tf_modifiers = """ flag_enable_data_studio = true flag_studio_enable_path_routing = true @@ -145,12 +141,10 @@ def test_studio_path_routing_enabled(session_setup): @pytest.mark.local @pytest.mark.studios def test_studio_ssh_enabled(session_setup): + """Scenario: + - Baseline all enabled. + - Studios SSH enabled. """ - Scenario: - - Baseline all enabled. - - Studios SSH enabled. - """ - tf_modifiers = """ flag_enable_data_studio_ssh = true flag_limit_data_studio_ssh_to_some_workspaces = false @@ -191,13 +185,11 @@ def test_studio_ssh_enabled(session_setup): @pytest.mark.local @pytest.mark.studios def test_studio_ssh_enabled_workspace_restriction(session_setup): + """Scenario: + - Baseline all enabled. + - Studios SSH enabled. + - SSH restricted to specific workspaces. """ - Scenario: - - Baseline all enabled. - - Studios SSH enabled. - - SSH restricted to specific workspaces. - """ - tf_modifiers = """ flag_enable_data_studio_ssh = true flag_limit_data_studio_ssh_to_some_workspaces = true @@ -226,12 +218,10 @@ def test_studio_ssh_enabled_workspace_restriction(session_setup): @pytest.mark.local @pytest.mark.studios def test_studio_ssh_disabled(session_setup): + """Scenario: + - Baseline all enabled. + - Studios on, SSH explicitly disabled. """ - Scenario: - - Baseline all enabled. - - Studios on, SSH explicitly disabled. - """ - tf_modifiers = """ flag_enable_data_studio_ssh = false """ @@ -269,12 +259,10 @@ def test_studio_ssh_disabled(session_setup): @pytest.mark.local @pytest.mark.db_new def test_new_db_all_enabled(session_setup): + """Scenario: + - Baseline all enabled. + - New RDS active. """ - Scenario: - - Baseline all enabled. - - New RDS active. - """ - tf_modifiers = """ flag_create_external_db = true flag_use_existing_external_db = false @@ -328,12 +316,10 @@ def test_new_db_all_enabled(session_setup): @pytest.mark.local @pytest.mark.db_new def test_new_db_all_disabled(session_setup): + """Scenario: + - Baseline all disabled. + - New RDS active. """ - Scenario: - - Baseline all disabled. - - New RDS active. - """ - tf_modifiers = """ flag_use_aws_ses_iam_integration = false flag_use_existing_smtp = true @@ -347,6 +333,8 @@ def test_new_db_all_disabled(session_setup): flag_use_existing_external_db = false flag_use_container_db = false flag_allow_aws_instance_credentials = false + flag_tower_enable_participant_auto_create_user = false + flag_tower_enable_member_auto_create_user = false """ plan = prepare_plan(tf_modifiers) @@ -377,12 +365,10 @@ def test_new_db_all_disabled(session_setup): @pytest.mark.local @pytest.mark.db_existing def test_existing_db_all_enabled(session_setup): + """Scenario: + - Baseline all enabled. + - Existing RDS active. """ - Scenario: - - Baseline all enabled. - - Existing RDS active. - """ - tf_modifiers = """ flag_create_external_db = false flag_use_existing_external_db = true @@ -428,12 +414,10 @@ def test_existing_db_all_enabled(session_setup): @pytest.mark.local @pytest.mark.db_existing def test_existing_db_all_disabled(session_setup): + """Scenario: + - Baseline all disabled. + - Existing RDS active. """ - Scenario: - - Baseline all disabled. - - Existing RDS active. - """ - tf_modifiers = """ flag_use_aws_ses_iam_integration = false flag_use_existing_smtp = true @@ -450,6 +434,8 @@ def test_existing_db_all_disabled(session_setup): flag_allow_aws_instance_credentials = false tower_enable_openapi = false tower_enable_pipeline_versioning = false + flag_tower_enable_participant_auto_create_user = false + flag_tower_enable_member_auto_create_user = false """ plan = prepare_plan(tf_modifiers) @@ -480,12 +466,10 @@ def test_existing_db_all_disabled(session_setup): @pytest.mark.local @pytest.mark.redis_external def test_new_redis_all_enabled(session_setup): + """Scenario: + - Baseline all enabled. + - Elasticache Redis active. """ - Scenario: - - Baseline all enabled. - - Elasticache Redis active. - """ - tf_modifiers = """ flag_create_external_redis = true flag_use_container_redis = false @@ -538,12 +522,10 @@ def test_new_redis_all_enabled(session_setup): @pytest.mark.local @pytest.mark.redis_external def test_new_redis_all_disabled(session_setup): + """Scenario: + - Baseline all disabled. + - Elasticache Redis active. """ - Scenario: - - Baseline all disabled. - - Elasticache Redis active. - """ - tf_modifiers = """ flag_use_aws_ses_iam_integration = false flag_use_existing_smtp = true @@ -558,6 +540,8 @@ def test_new_redis_all_disabled(session_setup): flag_allow_aws_instance_credentials = false tower_enable_openapi = false tower_enable_pipeline_versioning = false + flag_tower_enable_participant_auto_create_user = false + flag_tower_enable_member_auto_create_user = false """ plan = prepare_plan(tf_modifiers) @@ -598,12 +582,10 @@ def test_new_redis_all_disabled(session_setup): @pytest.mark.local @pytest.mark.wave def test_seqera_hosted_wave_active(session_setup): + """Scenario: + - Baseline all disabled. + - Seqera-hosted Wave active. """ - Scenario: - - Baseline all disabled. - - Seqera-hosted Wave active. - """ - tf_modifiers = """ flag_use_aws_ses_iam_integration = false flag_use_existing_smtp = true @@ -615,6 +597,8 @@ def test_seqera_hosted_wave_active(session_setup): flag_use_wave = true wave_server_url = "wave.seqera.io" + flag_tower_enable_participant_auto_create_user = false + flag_tower_enable_member_auto_create_user = false """ plan = prepare_plan(tf_modifiers) @@ -646,12 +630,10 @@ def test_seqera_hosted_wave_active(session_setup): @pytest.mark.local @pytest.mark.wave def test_wave_sql_file_content(session_setup): + """Scenario: + - Use the SQL files generated by the baseline testcase. + - Compare against pre-generated result files in `tests/datafiles/expected_results/expected_sql`. """ - Scenario: - - Use the SQL files generated by the baseline testcase. - - Compare against pre-generated result files in `tests/datafiles/expected_results/expected_sql`. - """ - tf_modifiers = """#NONE""" ## SETUP ## ======================================================================================== diff --git a/variables.tf b/variables.tf index e5b3dfd..26b8477 100644 --- a/variables.tf +++ b/variables.tf @@ -402,6 +402,9 @@ variable "tower_root_users" { type = string } variable "tower_email_trusted_orgs" { type = string } variable "tower_email_trusted_users" { type = string } +variable "flag_tower_enable_participant_auto_create_user" { type = bool } +variable "flag_tower_enable_member_auto_create_user" { type = bool } + variable "tower_audit_retention_days" { type = number } variable "tower_enable_openapi" { type = bool }