Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tests for AWS and AWS-gov #113

Merged
merged 6 commits into from
Jan 6, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/aws-gov-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# This workflow is used for testing the aws-gov terraform module.

name: AWS Gov Tests
on:
push:
paths:
- 'aws-gov/tf/**'
- '.github/workflows/aws-gov-test.yml'
pull_request:
paths:
- 'aws-gov/tf/**'
- '.github/workflows/aws-gov-test.yml'
jobs:
test-aws-gov:
uses: ./.github/workflows/terraform-ruw.yml
with:
working_directory: aws-gov/tf
tflint_args: "--config=$(pwd)/.tflint.hcl"
18 changes: 18 additions & 0 deletions .github/workflows/aws-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# This workflow is used for testing the aws terraform module.

name: AWS Tests
on:
push:
paths:
- 'aws/tf/**'
- '.github/workflows/aws-test.yml'
pull_request:
paths:
- 'aws/tf/**'
- '.github/workflows/aws-test.yml'
jobs:
test-aws:
uses: ./.github/workflows/terraform-ruw.yml
with:
working_directory: aws/tf
tflint_args: "--config=$(pwd)/.tflint.hcl"
14 changes: 14 additions & 0 deletions aws-gov/tf/.tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
config {
# This can be uncommented if variables should be passed to the TF configuration during TFLint commands
# variables = ["tags={\"foo\"=\"bar\"}"]
}

plugin "terraform" {
enabled = true
}

plugin "aws" {
enabled = true
version = "0.35.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
72 changes: 72 additions & 0 deletions aws-gov/tf/tests/mock_plan.tftest.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# ---------------
# Mock providers
# ---------------
mock_provider "aws" {
# This is used because the mocked data is a random string instead of JSON, causing downstream dependencies to fail.
# This block overrides the "json" output of ALL aws_iam_policy_document data blocks to use a JSON encoded string.
mock_data "aws_iam_policy_document" {
defaults = {
json = "{\"some_fake\":\"json\"}"
}
}
}

# A mocked databricks provider is added here so that the alias requirement can be met
mock_provider "databricks" {
alias = "mws"
}
# --------------

# ---------------
# Variables
# ---------------
# The variables block below provides variable values for the SRA module directly, NOT the configuration that is found in
# this directory (aws-gov/tf). This is because the module call in sra.tf contains values that must be overwritten by the
# user of SRA. Calling the module directly allows us to provide these values as variables instead.
#
# Note that the below values were generated by AI, and are not real values.

variables {
availability_zones = ["us-west-1a", "us-west-1b", "us-west-1c"]
aws_account_id = "123456789012"
client_id = "your-client-id"
client_secret = "your-client-secret"
cmk_admin_arn = "arn:aws:iam::123456789012:role/CMKAdminRole"
compliance_security_profile_egress_ports = true
custom_private_subnet_ids = ["subnet-0abcd1234efgh5678", "subnet-1abcd1234efgh5678"]
custom_relay_vpce_id = "vpce-0abcd1234efgh5678"
custom_sg_id = "sg-0abcd1234efgh5678"
custom_vpc_id = "vpc-0abcd1234efgh5678"
custom_workspace_vpce_id = "vpce-1abcd1234efgh5678"
databricks_account_id = "databricks-account-id"
enable_admin_configs_boolean = true
firewall_allow_list = ["192.168.0.1/32", "10.0.0.0/24"]
firewall_subnets_cidr = ["10.1.0.0/16", "10.2.0.0/16"]
ip_addresses = ["203.0.113.1", "198.51.100.2"]
metastore_exists = false
operation_mode = "isolated"
private_subnets_cidr = ["10.0.3.0/24", "10.0.4.0/24"]
privatelink_subnets_cidr = ["10.0.5.0/24", "10.0.6.0/24"]
public_subnets_cidr = ["10.0.7.0/24", "10.0.8.0/24"]
read_only_data_bucket = "s3://my-read-only-data-bucket"
read_only_external_location_admin = "[email protected]"
region = "us-west-2"
region_name = "US West (N. California)"
resource_prefix = "my-resource-prefix"
sg_egress_ports = ["443", "80"]
user_workspace_admin = "[email protected]"
user_workspace_catalog_admin = "[email protected]"
vpc_cidr_range = "10.0.0.0/16"
databricks_gov_shard = "civilian"
}

# -------
# Tests
# -------
# This runs a plan command on the module directly
run "plan_test" {
command = plan
module {
source = "./modules/sra"
}
}
14 changes: 14 additions & 0 deletions aws/tf/.tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
config {
# This can be uncommented if variables should be passed to the TF configuration during TFLint commands
# variables = ["tags={\"foo\"=\"bar\"}"]
}

plugin "terraform" {
enabled = true
}

plugin "aws" {
enabled = true
version = "0.35.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
50 changes: 50 additions & 0 deletions aws/tf/tests/mock_plan.tftest.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# ---------------
# Mock providers
# ---------------
mock_provider "aws" {
# This is used because the mocked data is a random string instead of JSON, causing downstream dependencies to fail.
# This block overrides the "json" output of ALL aws_iam_policy_document data blocks to use a JSON encoded string.
mock_data "aws_iam_policy_document" {
defaults = {
json = "{\"some_fake\":\"json\"}"
}
}
# This is used to return valid zone names for the us-west-2 zone instead of the random strings that Terraform will
# generate for mocked tests. Not using this will cause the data block to create an empty list of strings.
mock_data "aws_availability_zones" {
defaults = {
names = ["us-west-2a", "us-west-2b", "us-west-2c", "us-west-2d"]
}
}
}

# A mocked databricks provider is added here so that the alias requirement can be met
mock_provider "databricks" {
alias = "mws"
}
# ---------------

# ---------------
# Variables
# ---------------
# The variables block below provides variable values for the configuration in this directory (tf/aws/variables.tf).
# Note that the below values were generated by AI, and are not real values.

variables {
aws_account_id = "123456789012"
client_id = "your-client-id"
client_secret = "your-client-secret"
databricks_account_id = "databricks-account-id"
region = "us-west-2"
resource_prefix = "my-resource-prefix"
admin_user = "[email protected]"
}

# ---------------
# Tests
# ---------------
# This runs a plan command on the module directly
run "plan_test" {
command = plan
}
# ---------------
Loading