Failed to verify certificate ( ./testacc )

[Jerson-Cortes]

Hello there,

I'm sorry for asking a more topic adjacent question but wanted to try and learn from the opportunity.
I'm want to start contributing and for starters I chose #2736, the change was easy I've checked the change was done correctly by running ./testacc --resource sdn and it does appear in the output as :

=== RUN   TestAccResourceSDNZoneEVPN
=== RUN   TestAccResourceSDNZoneEVPN/create_evpn_zone_with_all_values_then_minimal_then_all_values_again
resource_evpn_test.go:177: Step 1/3 error: Error running apply: exit status 1
    
    Error: Unable to Apply SDN Configuration
    
      with proxmox_sdn_applier.finalizer,
      on terraform_plugin_test.tf line 52, in resource "proxmox_sdn_applier" "finalizer":
      52: 						resource "proxmox_sdn_applier" "finalizer" {}
    
    error applying SDN configuration: failed to perform HTTP PUT request (path:
    cluster/sdn) - Reason: Put "https://x.x.x.x:8006/api2/json/cluster/sdn":
    tls: failed to verify certificate: x509: certificate signed by unknown
    authority
--- FAIL: TestAccResourceSDNZoneEVPN (6.38s)
  --- FAIL: TestAccResourceSDNZoneEVPN/create_evpn_zone_with_all_values_then_minimal_then_all_values_again (6.38s)

and go test -tags acceptance -list . ./fwprovider/... as :
TestAccDataSourceSDNZoneVXLAN TestAccDataSourceSDNZones TestAccResourceSDNZoneEVPN <-- TestAccResourceSDNZoneSimple TestAccResourceSDNZoneVLAN

While this shows it's added correctly if I think if I want to continue contributing I should set this up for the future.
The approaches I imagine possible is as per Proxmox documentation adding certificates through ACME and Let's Encrypt be it with a proxy or directly to Proxmox or creating a SSL certificate, adding it to proxmox and manually telling my PC to recognize it. Are there any other approaches I should be aware of ?

Also wanted to ask why this happens while testing and hasn't occurred to me while using the provider? Does ./testacc calls the API through a different method?

[bpg-dev]

Hey @Jerson-Cortes 👋🏼

Welcome aboard!

It looks like your PVE server is using a self-signed cert. When you're using provider you probably configured it with insecure = true, which disables TLS cert validation when the provider connects to the API.

You can do the same for the acceptance test runner as well via environment variable, just add PROXMOX_VE_INSECURE=true variable and you should be good to go

[Jerson-Cortes]

Thanks for the answer @bpg-dev !

Yup, that was it. Now I've finished the setup correctly and does run the test but generates a new error (which if I understand correctly is code related) :

=== RUN   TestAccResourceSDNZoneEVPN/create_evpn_zone_with_all_values_then_minimal_then_all_values_again
    resource_evpn_test.go:177: Step 1/3 error: Error running apply: exit status 1
        
        Error: Unable to Create SDN Zone
        
          with proxmox_sdn_zone_evpn.evpn_update_test,
          on terraform_plugin_test.tf line 25, in resource "proxmox_sdn_zone_evpn" "evpn_update_test":
          25: 						resource "proxmox_sdn_zone_evpn" "evpn_update_test" {
        
        error creating SDN zone: received an HTTP 500 response - Reason: create sdn
        zone object failed: controller evpnctl don't exist at
        /usr/share/perl5/PVE/Network/SDN/Zones/EvpnPlugin.pm line 354.
--- FAIL: TestAccResourceSDNZoneEVPN (2.28s)

If the error is indeed relevant to the code should I open a PR so the discussion can take place there?

[bpg-dev]

Well, you fixed the test invocation, and now it actually runs (it didn't before).

As you may see from the error:

Reason: create sdn zone object failed: controller evpnctl don't exist at ...

there are some prerequisites for the test to run -- a working EVPN controller to manage this zone, as per the [docs](https://pve.proxmox.com/pve-docs/chapter-pvesdn.html#pvesdn_controller_plugin_evpn). Which I believe you don't have.

Perhaps that's the reason why the original author omitted the acceptance annotation in the first place -- a very specific setup is required for the test, that is neither provided by the test harness nor documented in the test itself.

What you could do is add t.Skip(...) to the test with a message summarizing the point above on why the test should be skipped.

The test itself has value though, and we should keep it.