Convert to TF 0.12. Add tests. Add Codefresh test pipeline (#16)

* [improvement] - Upgrade to 0.12 syntax, fix bool vars. Some vars used "true" instead of bool true, changed those and added type. Updated terraform-null-label from 0.3.3 to 0.16.0 (latest at time of commit). * [improvement] - Replace local.enabled with var.enabled * module converted to TF12, tests added, but not yet polished * test improved * tests fixed * assume-role made dynamic * region changed for consistency with other modules * fixtures renamed to be consistent with region * fixtures clean up * variables fix Co-authored-by: Dallas Slaughter <[email protected]>
cloudposse · May 1, 2020 · 7b3176f · 7b3176f
1 parent 3cf3f60
commit 7b3176f
Show file tree

Hide file tree

Showing 28 changed files with 786 additions and 314 deletions.
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
diff --git a/README.yaml b/README.yaml
@@ -35,9 +35,9 @@ github_repo: cloudposse/terraform-aws-vpc-peering-multi-account
 
 # Badges to display
 badges:
- - name: "Build Status"
- image: "https://travis-ci.org/cloudposse/terraform-aws-vpc-peering-multi-account.svg?branch=master"
- url: "https://travis-ci.org/cloudposse/terraform-aws-vpc-peering-multi-account"
+ - name: "Codefresh Build Status"
+ image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-vpc-peering-multi-account?type=cf-1"
+ url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5e9f4c44c2b7b0abe4c11f63"
  - name: "Latest Release"
  image: "https://img.shields.io/github/release/cloudposse/terraform-aws-vpc-peering-multi-account.svg"
  url: "https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/releases/latest"
@@ -82,12 +82,12 @@ usage: |-
  requester_aws_assume_role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test"
  requester_region = "us-west-2"
  requester_vpc_id = "vpc-xxxxxxxx"
- requester_allow_remote_vpc_dns_resolution = "true"
+ requester_allow_remote_vpc_dns_resolution = true
 
  accepter_aws_assume_role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test"
  accepter_region = "us-east-1"
  accepter_vpc_id = "vpc-yyyyyyyy"
- accepter_allow_remote_vpc_dns_resolution = "true"
+ accepter_allow_remote_vpc_dns_resolution = true
  }
  ```
 

diff --git a/accepter.tf b/accepter.tf
@@ -1,138 +1,125 @@
-variable "accepter_aws_assume_role_arn" {
- description = "Accepter AWS Assume Role ARN"
- type = "string"
-}
-
-variable "accepter_region" {
- type = "string"
- description = "Accepter AWS region"
-}
-
-variable "accepter_vpc_id" {
- type = "string"
- description = "Accepter VPC ID filter"
- default = ""
-}
-
-variable "accepter_vpc_tags" {
- type = "map"
- description = "Accepter VPC Tags filter"
- default = {}
-}
-
-variable "accepter_allow_remote_vpc_dns_resolution" {
- default = "true"
- description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC"
-}
-
 # Accepter's credentials
 provider "aws" {
- alias = "accepter"
- region = "${var.accepter_region}"
- version = ">= 1.25"
-
- assume_role {
- role_arn = "${var.accepter_aws_assume_role_arn}"
+ alias = "accepter"
+ region = var.accepter_region
+
+ dynamic "assume_role" {
+ for_each = var.accepter_aws_assume_role_arn != "" ? ["true"] : []
+ content {
+ role_arn = var.accepter_aws_assume_role_arn
+ }
  }
 }
 
 locals {
- accepter_attributes = "${concat(var.attributes, list("accepter"))}"
- accepter_tags = "${merge(var.tags, map("Side", "accepter"))}"
+ accepter_attributes = concat(var.attributes, ["accepter"])
+ accepter_tags = merge(
+ var.tags,
+ {
+ "Side" = "accepter"
+ },
+ )
 }
 
 module "accepter" {
- source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3"
- enabled = "${var.enabled}"
- namespace = "${var.namespace}"
- name = "${var.name}"
- stage = "${var.stage}"
- delimiter = "${var.delimiter}"
- attributes = "${local.accepter_attributes}"
- tags = "${local.accepter_tags}"
+ source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
+ enabled = var.enabled
+ namespace = var.namespace
+ name = var.name
+ stage = var.stage
+ delimiter = var.delimiter
+ attributes = local.accepter_attributes
+ tags = local.accepter_tags
 }
 
 data "aws_caller_identity" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
+ count = local.count
+ provider = aws.accepter
 }
 
 data "aws_region" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
+ count = local.count
+ provider = aws.accepter
 }
 
 # Lookup accepter's VPC so that we can reference the CIDR
 data "aws_vpc" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
- id = "${var.accepter_vpc_id}"
- tags = "${var.accepter_vpc_tags}"
+ count = local.count
+ provider = aws.accepter
+ id = var.accepter_vpc_id
+ tags = var.accepter_vpc_tags
 }
 
 # Lookup accepter subnets
 data "aws_subnet_ids" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
- vpc_id = "${local.accepter_vpc_id}"
+ count = local.count
+ provider = aws.accepter
+ vpc_id = local.accepter_vpc_id
 }
 
 locals {
- accepter_subnet_ids = "${distinct(sort(flatten(data.aws_subnet_ids.accepter.*.ids)))}"
- accepter_subnet_ids_count = "${length(local.accepter_subnet_ids)}"
- accepter_vpc_id = "${join("", data.aws_vpc.accepter.*.id)}"
- accepter_account_id = "${join("", data.aws_caller_identity.accepter.*.account_id)}"
- accepter_region = "${join("", data.aws_region.accepter.*.name)}"
+ accepter_subnet_ids = distinct(sort(flatten(data.aws_subnet_ids.accepter.*.ids)))
+ accepter_subnet_ids_count = length(local.accepter_subnet_ids)
+ accepter_vpc_id = join("", data.aws_vpc.accepter.*.id)
+ accepter_account_id = join("", data.aws_caller_identity.accepter.*.account_id)
+ accepter_region = join("", data.aws_region.accepter.*.name)
 }
 
 # Lookup accepter route tables
 data "aws_route_tables" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
- vpc_id = "${local.accepter_vpc_id}"
+ count = local.count
+ provider = aws.accepter
+ vpc_id = local.accepter_vpc_id
 }
 
 locals {
- accepter_aws_route_table_ids = "${distinct(sort(data.aws_route_tables.accepter.ids))}"
- accepter_aws_route_table_ids_count = "${length(local.accepter_aws_route_table_ids)}"
- accepter_cidr_block_associations = "${flatten(data.aws_vpc.accepter.*.cidr_block_associations)}"
- accepter_cidr_block_associations_count = "${length(local.accepter_cidr_block_associations)}"
+ accepter_aws_route_table_ids = distinct(sort(data.aws_route_tables.accepter[0].ids))
+ accepter_aws_route_table_ids_count = length(local.accepter_aws_route_table_ids)
+ accepter_cidr_block_associations = flatten(data.aws_vpc.accepter.*.cidr_block_associations)
+ accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations)
 }
 
 # Create routes from accepter to requester
 resource "aws_route" "accepter" {
- count = "${local.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0}"
- provider = "aws.accepter"
- route_table_id = "${element(local.accepter_aws_route_table_ids, ceil(count.index / local.requester_cidr_block_associations_count))}"
- destination_cidr_block = "${lookup(local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count], "cidr_block")}"
- vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
- depends_on = ["data.aws_route_tables.accepter", "aws_vpc_peering_connection_accepter.accepter", "aws_vpc_peering_connection.requester"]
+ count = var.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0
+ provider = aws.accepter
+ route_table_id = local.accepter_aws_route_table_ids[ceil(count.index / local.requester_cidr_block_associations_count)]
+ destination_cidr_block = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"]
+ vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
+ depends_on = [
+ data.aws_route_tables.accepter,
+ aws_vpc_peering_connection_accepter.accepter,
+ aws_vpc_peering_connection.requester,
+ ]
 }
 
 # Accepter's side of the connection.
 resource "aws_vpc_peering_connection_accepter" "accepter" {
- count = "${local.count}"
- provider = "aws.accepter"
- vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
- auto_accept = "${var.auto_accept}"
- tags = "${module.accepter.tags}"
+ count = local.count
+ provider = aws.accepter
+ vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
+ auto_accept = var.auto_accept
+ tags = module.accepter.tags
 }
 
 resource "aws_vpc_peering_connection_options" "accepter" {
- provider = "aws.accepter"
- vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
+ provider = aws.accepter
+ vpc_peering_connection_id = local.active_vpc_peering_connection_id
 
  accepter {
- allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_vpc_dns_resolution}"
+ allow_remote_vpc_dns_resolution = var.accepter_allow_remote_vpc_dns_resolution
  }
 }
 
 output "accepter_connection_id" {
- value = "${join("", aws_vpc_peering_connection_accepter.accepter.*.id)}"
+ value = join("", aws_vpc_peering_connection_accepter.accepter.*.id)
  description = "Accepter VPC peering connection ID"
 }
 
 output "accepter_accept_status" {
- value = "${join("", aws_vpc_peering_connection_accepter.accepter.*.accept_status)}"
+ value = join(
+ "",
+ aws_vpc_peering_connection_accepter.accepter.*.accept_status,
+ )
  description = "Accepter VPC peering connection request status"
-}
+}
diff --git a/codefresh/test.yml b/codefresh/test.yml
@@ -0,0 +1,73 @@
+version: '1.0'
+steps:
+ wait:
+ title: Wait
+ stage: Prepare
+ image: 'codefresh/cli:latest'
+ commands:
+ - >-
+ codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running
+ --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser
+ 'flatten|.[-1].id==$id'
+ retry:
+ maxAttempts: 10
+ delay: 20
+ exponentialFactor: 1.1
+ main_clone:
+ title: Clone repository
+ type: git-clone
+ stage: Prepare
+ description: Initialize
+ repo: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}'
+ git: CF-default
+ revision: '${{CF_REVISION}}'
+ clean_init:
+ title: Prepare build-harness and test-harness
+ image: '${{TEST_IMAGE}}'
+ stage: Prepare
+ commands:
+ - >-
+ cf_export
+ PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+ - make init
+ - git -C build-harness checkout master
+ - make -C test/ clean init TEST_HARNESS_BRANCH=master
+ - make -C test/src clean init
+ - find . -type d -name '.terraform' | xargs rm -rf
+ - 'find . -type f -name ''terraform.tfstate*'' -exec rm -f {} \;'
+ test:
+ type: parallel
+ title: Run tests
+ description: Run all tests in parallel
+ stage: Test
+ steps:
+ test_readme_lint:
+ title: Test README.md updated
+ stage: Test
+ image: '${{TEST_IMAGE}}'
+ description: Test "readme/lint"
+ commands:
+ - make readme/lint
+ test_module:
+ title: Test module with bats
+ image: '${{TEST_IMAGE}}'
+ stage: Test
+ commands:
+ - make -C test/ module
+ test_examples_complete:
+ title: Test "examples/complete" with bats
+ image: '${{TEST_IMAGE}}'
+ stage: Test
+ commands:
+ - make -C test/ examples/complete
+ test_examples_complete_terratest:
+ title: Test "examples/complete" with terratest
+ image: '${{TEST_IMAGE}}'
+ stage: Test
+ commands:
+ - make -C test/src
+stages:
+ - Prepare
+ - Test
+services: {}
+fail_fast: true
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -1,32 +0,0 @@
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| accepter_allow_remote_vpc_dns_resolution | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | string | `true` | no |
-| accepter_aws_assume_role_arn | Accepter AWS Assume Role ARN | string | - | yes |
-| accepter_region | Accepter AWS region | string | - | yes |
-| accepter_vpc_id | Accepter VPC ID filter | string | `` | no |
-| accepter_vpc_tags | Accepter VPC Tags filter | map | `<map>` | no |
-| attributes | Additional attributes (e.g. `a` or `b`) | list | `<list>` | no |
-| auto_accept | Automatically accept the peering | string | `true` | no |
-| delimiter | Delimiter to be used between `namespace`, `stage`, `name`, and `attributes` | string | `-` | no |
-| enabled | Set to false to prevent the module from creating or accessing any resources | string | `true` | no |
-| name | Name (e.g. `app` or `cluster`) | string | - | yes |
-| namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
-| requester_allow_remote_vpc_dns_resolution | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | string | `true` | no |
-| requester_aws_assume_role_arn | Requester AWS Assume Role ARN | string | - | yes |
-| requester_region | Requester AWS region | string | - | yes |
-| requester_vpc_id | Requester VPC ID filter | string | `` | no |
-| requester_vpc_tags | Requester VPC Tags filter | map | `<map>` | no |
-| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
-| tags | Additional tags (e.g. `{"BusinessUnit" = "XYZ"`) | map | `<map>` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| accepter_accept_status | Accepter VPC peering connection request status |
-| accepter_connection_id | Accepter VPC peering connection ID |
-| requester_accept_status | Requester VPC peering connection request status |
-| requester_connection_id | Requester VPC peering connection ID |
-

diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
@@ -0,0 +1,11 @@
+region = "us-east-2"
+namespace = "eg"
+stage = "test"
+name = "vpc_peering_cross_account"
+requester_aws_assume_role_arn = ""
+requester_region = "us-east-2"
+requester_allow_remote_vpc_dns_resolution = true
+accepter_aws_assume_role_arn = ""
+accepter_region = "us-east-2"
+accepter_allow_remote_vpc_dns_resolution = true
+availability_zones = ["us-east-2b"]