Merge pull request #19 from trussworks/mk-012-tests

Terratest Plumbing
trussworks · Oct 30, 2019 · 4644e73 · 4644e73
2 parents 0295e61 + fabfa34
commit 4644e73
Show file tree

Hide file tree

Showing 11 changed files with 329 additions and 3 deletions.
diff --git a/.dependabot/config.yml b/.dependabot/config.yml
@@ -0,0 +1,12 @@
+version: 1
+update_configs:
+  # Keep go modules up to date, batching pull requests weekly
+  - package_manager: "go:modules"
+    directory: "/"
+    update_schedule: "weekly"
+    # Apply default reviewer @trussworks/waddlers group to PRs
+    default_reviewers:
+      - "trussworks/waddlers"
+    # Apply dependencies label to PRs
+    default_labels:
+      - "dependencies"
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+.terraform
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfstate.*.backup
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,6 @@
+linters:
+  enable:
+     - gosec
+     - golint
+     - gofmt
+     - goimports
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v2.2.3
+    rev: v2.4.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -12,12 +12,19 @@ repos:
       - id: trailing-whitespace
 
   - repo: git://github.com/igorshubovych/markdownlint-cli
-    rev: v0.17.0
+    rev: v0.19.0
     hooks:
       - id: markdownlint
 
   - repo: git://github.com/antonbabenko/pre-commit-terraform
     rev: v1.19.0
     hooks:
       - id: terraform_docs
-      - id: terraform_fmt
+      - id: terraform_fmt
+
+  - repo: git://github.com/golangci/golangci-lint
+    rev: v1.21.0
+    hooks:
+      - id: golangci-lint
+        entry: golangci-lint run --verbose
+        verbose: true
diff --git a/Makefile b/Makefile
@@ -0,0 +1,17 @@
+.PHONY: ensure_pre_commit
+ensure_pre_commit: .git/hooks/pre-commit ## Ensure pre-commit is installed
+.git/hooks/pre-commit: /usr/local/bin/pre-commit
+	pre-commit install
+	pre-commit install-hooks
+
+.PHONY: pre_commit_tests
+pre_commit_tests: ensure_pre_commit ## Run pre-commit tests
+	pre-commit run --all-files
+
+.PHONY: test
+test: pre_commit_tests
+	go test -v -timeout 90m ./test/...
+
+.PHONY: clean
+clean:
+	rm -f .*.stamp
diff --git a/README.md b/README.md
@@ -13,6 +13,12 @@ The following AWS Config Rules are supported:
 * rds-storage-encrypted: Checks whether storage encryption is enabled for your RDS DB instances.
 * s3-bucket-public-write-prohibited: Checks that your S3 buckets do not allow public write access.
 
+## Terraform Versions
+
+Terraform 0.12. Pin module version to ~> 2.x Submit pull-requests to master branch.
+
+Terraform 0.11. Pin module version to ~> 1.5.1. Submit pull-requests to terraform011 branch.
+
 ## Usage
 
 ```hcl
@@ -49,3 +55,27 @@ module "aws_config" {
 | password\_reuse\_prevention | Number of passwords before allowing reuse. | string | `"24"` | no |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Developer Setup
+
+Install dependencies (macOS)
+
+```shell
+brew install pre-commit go terraform terraform-docs
+```
+
+### Testing
+
+[Terratest](https://github.com/gruntwork-io/terratest) is being used for
+automated testing with this module. Tests in the `test` folder can be run
+locally by running the following command:
+
+```text
+make test
+```
+
+Or with aws-vault:
+
+```text
+AWS_VAULT_KEYCHAIN_NAME=<NAME> aws-vault exec <PROFILE> -- make test
+```
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -0,0 +1,20 @@
+#
+# AWS Config Logs Bucket
+#
+
+module "config_logs" {
+  source  = "trussworks/logs/aws"
+  version = "~> 3"
+
+  s3_bucket_name     = "${var.config_logs_bucket}"
+  region             = "${var.region}"
+  allow_config       = "true"
+  config_logs_prefix = "config"
+}
+
+module "config" {
+  source = "../../"
+
+  config_logs_bucket = "${module.config_logs.aws_logs_bucket}"
+  config_logs_prefix = "config"
+}
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -0,0 +1,7 @@
+variable "config_logs_bucket" {
+  type = "string"
+}
+
+variable "region" {
+  type = "string"
+}
diff --git a/go.mod b/go.mod
@@ -0,0 +1,5 @@
+module github.com/trussworks/terraform-aws-config
+
+go 1.13
+
+require github.com/gruntwork-io/terratest v0.22.2
diff --git a/go.sum b/go.sum
diff --git a/test/terraform_aws_config_test.go b/test/terraform_aws_config_test.go
@@ -0,0 +1,35 @@
+package test
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func TestTerraformAwsConfig(t *testing.T) {
+	t.Parallel()
+
+	expectedConfigLogsBucket := fmt.Sprintf("terratest-aws-config-%s", strings.ToLower(random.UniqueId()))
+	awsRegion := aws.GetRandomStableRegion(t, nil, nil)
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: "../examples/simple/",
+		Vars: map[string]interface{}{
+			"region":             awsRegion,
+			"config_logs_bucket": expectedConfigLogsBucket,
+		},
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": awsRegion,
+		},
+	}
+
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+
+	// Empty config_logs_bucket before terraform destroy
+	aws.EmptyS3Bucket(t, awsRegion, expectedConfigLogsBucket)
+}