Convert to TF 0.12. Add tests. Add Codefresh test pipeline (#16)

* [improvement] - Upgrade to 0.12 syntax, fix bool vars. Some vars used "true" instead of bool true, changed those and added type. Updated terraform-null-label from 0.3.3 to 0.16.0 (latest at time of commit). * [improvement] - Replace local.enabled with var.enabled * module converted to TF12, tests added, but not yet polished * test improved * tests fixed * assume-role made dynamic * region changed for consistency with other modules * fixtures renamed to be consistent with region * fixtures clean up * variables fix Co-authored-by: Dallas Slaughter <[email protected]>
cloudposse · May 1, 2020 · 7b3176f · 7b3176f
1 parent 3cf3f60
commit 7b3176f
Show file tree

Hide file tree

Showing 28 changed files with 786 additions and 314 deletions.
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
diff --git a/README.yaml b/README.yaml
@@ -35,9 +35,9 @@ github_repo: cloudposse/terraform-aws-vpc-peering-multi-account
 
 # Badges to display
 badges:
-  - name: "Build Status"
-    image: "https://travis-ci.org/cloudposse/terraform-aws-vpc-peering-multi-account.svg?branch=master"
-    url: "https://travis-ci.org/cloudposse/terraform-aws-vpc-peering-multi-account"
+  - name: "Codefresh Build Status"
+    image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-vpc-peering-multi-account?type=cf-1"
+    url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5e9f4c44c2b7b0abe4c11f63"
   - name: "Latest Release"
     image: "https://img.shields.io/github/release/cloudposse/terraform-aws-vpc-peering-multi-account.svg"
     url: "https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/releases/latest"
@@ -82,12 +82,12 @@ usage: |-
     requester_aws_assume_role_arn             = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test"
     requester_region                          = "us-west-2"
     requester_vpc_id                          = "vpc-xxxxxxxx"
-    requester_allow_remote_vpc_dns_resolution = "true"
+    requester_allow_remote_vpc_dns_resolution = true
 
     accepter_aws_assume_role_arn             = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test"
     accepter_region                          = "us-east-1"
     accepter_vpc_id                          = "vpc-yyyyyyyy"
-    accepter_allow_remote_vpc_dns_resolution = "true"
+    accepter_allow_remote_vpc_dns_resolution = true
   }
   ```
 

diff --git a/accepter.tf b/accepter.tf
@@ -1,138 +1,125 @@
-variable "accepter_aws_assume_role_arn" {
-  description = "Accepter AWS Assume Role ARN"
-  type        = "string"
-}
-
-variable "accepter_region" {
-  type        = "string"
-  description = "Accepter AWS region"
-}
-
-variable "accepter_vpc_id" {
-  type        = "string"
-  description = "Accepter VPC ID filter"
-  default     = ""
-}
-
-variable "accepter_vpc_tags" {
-  type        = "map"
-  description = "Accepter VPC Tags filter"
-  default     = {}
-}
-
-variable "accepter_allow_remote_vpc_dns_resolution" {
-  default     = "true"
-  description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC"
-}
-
 # Accepter's credentials
 provider "aws" {
-  alias   = "accepter"
-  region  = "${var.accepter_region}"
-  version = ">= 1.25"
-
-  assume_role {
-    role_arn = "${var.accepter_aws_assume_role_arn}"
+  alias  = "accepter"
+  region = var.accepter_region
+
+  dynamic "assume_role" {
+    for_each = var.accepter_aws_assume_role_arn != "" ? ["true"] : []
+    content {
+      role_arn = var.accepter_aws_assume_role_arn
+    }
   }
 }
 
 locals {
-  accepter_attributes = "${concat(var.attributes, list("accepter"))}"
-  accepter_tags       = "${merge(var.tags, map("Side", "accepter"))}"
+  accepter_attributes = concat(var.attributes, ["accepter"])
+  accepter_tags = merge(
+    var.tags,
+    {
+      "Side" = "accepter"
+    },
+  )
 }
 
 module "accepter" {
-  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3"
-  enabled    = "${var.enabled}"
-  namespace  = "${var.namespace}"
-  name       = "${var.name}"
-  stage      = "${var.stage}"
-  delimiter  = "${var.delimiter}"
-  attributes = "${local.accepter_attributes}"
-  tags       = "${local.accepter_tags}"
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
+  enabled    = var.enabled
+  namespace  = var.namespace
+  name       = var.name
+  stage      = var.stage
+  delimiter  = var.delimiter
+  attributes = local.accepter_attributes
+  tags       = local.accepter_tags
 }
 
 data "aws_caller_identity" "accepter" {
-  count    = "${local.count}"
-  provider = "aws.accepter"
+  count    = local.count
+  provider = aws.accepter
 }
 
 data "aws_region" "accepter" {
-  count    = "${local.count}"
-  provider = "aws.accepter"
+  count    = local.count
+  provider = aws.accepter
 }
 
 # Lookup accepter's VPC so that we can reference the CIDR
 data "aws_vpc" "accepter" {
-  count    = "${local.count}"
-  provider = "aws.accepter"
-  id       = "${var.accepter_vpc_id}"
-  tags     = "${var.accepter_vpc_tags}"
+  count    = local.count
+  provider = aws.accepter
+  id       = var.accepter_vpc_id
+  tags     = var.accepter_vpc_tags
 }
 
 # Lookup accepter subnets
 data "aws_subnet_ids" "accepter" {
-  count    = "${local.count}"
-  provider = "aws.accepter"
-  vpc_id   = "${local.accepter_vpc_id}"
+  count    = local.count
+  provider = aws.accepter
+  vpc_id   = local.accepter_vpc_id
 }
 
 locals {
-  accepter_subnet_ids       = "${distinct(sort(flatten(data.aws_subnet_ids.accepter.*.ids)))}"
-  accepter_subnet_ids_count = "${length(local.accepter_subnet_ids)}"
-  accepter_vpc_id           = "${join("", data.aws_vpc.accepter.*.id)}"
-  accepter_account_id       = "${join("", data.aws_caller_identity.accepter.*.account_id)}"
-  accepter_region           = "${join("", data.aws_region.accepter.*.name)}"
+  accepter_subnet_ids       = distinct(sort(flatten(data.aws_subnet_ids.accepter.*.ids)))
+  accepter_subnet_ids_count = length(local.accepter_subnet_ids)
+  accepter_vpc_id           = join("", data.aws_vpc.accepter.*.id)
+  accepter_account_id       = join("", data.aws_caller_identity.accepter.*.account_id)
+  accepter_region           = join("", data.aws_region.accepter.*.name)
 }
 
 # Lookup accepter route tables
 data "aws_route_tables" "accepter" {
-  count    = "${local.count}"
-  provider = "aws.accepter"
-  vpc_id   = "${local.accepter_vpc_id}"
+  count    = local.count
+  provider = aws.accepter
+  vpc_id   = local.accepter_vpc_id
 }
 
 locals {
-  accepter_aws_route_table_ids           = "${distinct(sort(data.aws_route_tables.accepter.ids))}"
-  accepter_aws_route_table_ids_count     = "${length(local.accepter_aws_route_table_ids)}"
-  accepter_cidr_block_associations       = "${flatten(data.aws_vpc.accepter.*.cidr_block_associations)}"
-  accepter_cidr_block_associations_count = "${length(local.accepter_cidr_block_associations)}"
+  accepter_aws_route_table_ids           = distinct(sort(data.aws_route_tables.accepter[0].ids))
+  accepter_aws_route_table_ids_count     = length(local.accepter_aws_route_table_ids)
+  accepter_cidr_block_associations       = flatten(data.aws_vpc.accepter.*.cidr_block_associations)
+  accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations)
 }
 
 # Create routes from accepter to requester
 resource "aws_route" "accepter" {
-  count                     = "${local.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0}"
-  provider                  = "aws.accepter"
-  route_table_id            = "${element(local.accepter_aws_route_table_ids, ceil(count.index / local.requester_cidr_block_associations_count))}"
-  destination_cidr_block    = "${lookup(local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count], "cidr_block")}"
-  vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
-  depends_on                = ["data.aws_route_tables.accepter", "aws_vpc_peering_connection_accepter.accepter", "aws_vpc_peering_connection.requester"]
+  count                     = var.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0
+  provider                  = aws.accepter
+  route_table_id            = local.accepter_aws_route_table_ids[ceil(count.index / local.requester_cidr_block_associations_count)]
+  destination_cidr_block    = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"]
+  vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
+  depends_on = [
+    data.aws_route_tables.accepter,
+    aws_vpc_peering_connection_accepter.accepter,
+    aws_vpc_peering_connection.requester,
+  ]
 }
 
 # Accepter's side of the connection.
 resource "aws_vpc_peering_connection_accepter" "accepter" {
-  count                     = "${local.count}"
-  provider                  = "aws.accepter"
-  vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
-  auto_accept               = "${var.auto_accept}"
-  tags                      = "${module.accepter.tags}"
+  count                     = local.count
+  provider                  = aws.accepter
+  vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
+  auto_accept               = var.auto_accept
+  tags                      = module.accepter.tags
 }
 
 resource "aws_vpc_peering_connection_options" "accepter" {
-  provider                  = "aws.accepter"
-  vpc_peering_connection_id = "${join("", aws_vpc_peering_connection.requester.*.id)}"
+  provider                  = aws.accepter
+  vpc_peering_connection_id = local.active_vpc_peering_connection_id
 
   accepter {
-    allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_vpc_dns_resolution}"
+    allow_remote_vpc_dns_resolution = var.accepter_allow_remote_vpc_dns_resolution
   }
 }
 
 output "accepter_connection_id" {
-  value       = "${join("", aws_vpc_peering_connection_accepter.accepter.*.id)}"
+  value       = join("", aws_vpc_peering_connection_accepter.accepter.*.id)
   description = "Accepter VPC peering connection ID"
 }
 
 output "accepter_accept_status" {
-  value       = "${join("", aws_vpc_peering_connection_accepter.accepter.*.accept_status)}"
+  value = join(
+    "",
+    aws_vpc_peering_connection_accepter.accepter.*.accept_status,
+  )
   description = "Accepter VPC peering connection request status"
-}
+}
diff --git a/codefresh/test.yml b/codefresh/test.yml
@@ -0,0 +1,73 @@
+version: '1.0'
+steps:
+  wait:
+    title: Wait
+    stage: Prepare
+    image: 'codefresh/cli:latest'
+    commands:
+      - >-
+        codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running
+        --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser
+        'flatten|.[-1].id==$id'
+    retry:
+      maxAttempts: 10
+      delay: 20
+      exponentialFactor: 1.1
+  main_clone:
+    title: Clone repository
+    type: git-clone
+    stage: Prepare
+    description: Initialize
+    repo: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}'
+    git: CF-default
+    revision: '${{CF_REVISION}}'
+  clean_init:
+    title: Prepare build-harness and test-harness
+    image: '${{TEST_IMAGE}}'
+    stage: Prepare
+    commands:
+      - >-
+        cf_export
+        PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      - make init
+      - git -C build-harness checkout master
+      - make -C test/ clean init TEST_HARNESS_BRANCH=master
+      - make -C test/src clean init
+      - find . -type d -name '.terraform' | xargs rm -rf
+      - 'find . -type f -name ''terraform.tfstate*'' -exec rm -f {} \;'
+  test:
+    type: parallel
+    title: Run tests
+    description: Run all tests in parallel
+    stage: Test
+    steps:
+      test_readme_lint:
+        title: Test README.md updated
+        stage: Test
+        image: '${{TEST_IMAGE}}'
+        description: Test "readme/lint"
+        commands:
+          - make readme/lint
+      test_module:
+        title: Test module with bats
+        image: '${{TEST_IMAGE}}'
+        stage: Test
+        commands:
+          - make -C test/ module
+      test_examples_complete:
+        title: Test "examples/complete" with bats
+        image: '${{TEST_IMAGE}}'
+        stage: Test
+        commands:
+          - make -C test/ examples/complete
+  test_examples_complete_terratest:
+    title: Test "examples/complete" with terratest
+    image: '${{TEST_IMAGE}}'
+    stage: Test
+    commands:
+      - make -C test/src
+stages:
+  - Prepare
+  - Test
+services: {}
+fail_fast: true
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -1,32 +0,0 @@
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| accepter_allow_remote_vpc_dns_resolution | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | string | `true` | no |
-| accepter_aws_assume_role_arn | Accepter AWS Assume Role ARN | string | - | yes |
-| accepter_region | Accepter AWS region | string | - | yes |
-| accepter_vpc_id | Accepter VPC ID filter | string | `` | no |
-| accepter_vpc_tags | Accepter VPC Tags filter | map | `<map>` | no |
-| attributes | Additional attributes (e.g. `a` or `b`) | list | `<list>` | no |
-| auto_accept | Automatically accept the peering | string | `true` | no |
-| delimiter | Delimiter to be used between `namespace`, `stage`, `name`, and `attributes` | string | `-` | no |
-| enabled | Set to false to prevent the module from creating or accessing any resources | string | `true` | no |
-| name | Name  (e.g. `app` or `cluster`) | string | - | yes |
-| namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
-| requester_allow_remote_vpc_dns_resolution | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | string | `true` | no |
-| requester_aws_assume_role_arn | Requester AWS Assume Role ARN | string | - | yes |
-| requester_region | Requester AWS region | string | - | yes |
-| requester_vpc_id | Requester VPC ID filter | string | `` | no |
-| requester_vpc_tags | Requester VPC Tags filter | map | `<map>` | no |
-| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
-| tags | Additional tags (e.g. `{"BusinessUnit" = "XYZ"`) | map | `<map>` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| accepter_accept_status | Accepter VPC peering connection request status |
-| accepter_connection_id | Accepter VPC peering connection ID |
-| requester_accept_status | Requester VPC peering connection request status |
-| requester_connection_id | Requester VPC peering connection ID |
-

diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
@@ -0,0 +1,11 @@
+region                                    = "us-east-2"
+namespace                                 = "eg"
+stage                                     = "test"
+name                                      = "vpc_peering_cross_account"
+requester_aws_assume_role_arn             = ""
+requester_region                          = "us-east-2"
+requester_allow_remote_vpc_dns_resolution = true
+accepter_aws_assume_role_arn              = ""
+accepter_region                           = "us-east-2"
+accepter_allow_remote_vpc_dns_resolution  = true
+availability_zones                        = ["us-east-2b"]