diff --git a/environment-pipelines/buildspec-apply.yml b/environment-pipelines/buildspec-apply.yml index 23eb345e9..c61cb7019 100644 --- a/environment-pipelines/buildspec-apply.yml +++ b/environment-pipelines/buildspec-apply.yml @@ -13,13 +13,18 @@ phases: build: commands: - set -e - - echo "Terraform Apply Phase" + - echo -e "\nTerraform Apply Phase" - platform-helper notify add-comment "${SLACK_CHANNEL_ID}" "${SLACK_TOKEN}" "${SLACK_REF}" "Starting terraform apply phase for the ${ENVIRONMENT} environment." - - echo "Working on environment ${ENVIRONMENT}" - - cd terraform/environments/${ENVIRONMENT} + - echo -e "\nWorking on environment ${ENVIRONMENT}" + - cd "terraform/environments/${ENVIRONMENT}" - terraform init - - terraform apply $PLAN_TF_DIR/terraform/environments/${ENVIRONMENT}/plan.tfplan - - copilot env deploy --name ${ENVIRONMENT} + - terraform apply "${PLAN_TF_DIR}/terraform/environments/${ENVIRONMENT}/plan.tfplan" + - echo -e "\nGenerating manifests and deploying AWS Copilot environment resources" + - cd "${CODEBUILD_SRC_DIR}" + - platform-helper environment generate --name "${ENVIRONMENT}" + - copilot env init --name "${ENVIRONMENT}" --profile "${COPILOT_PROFILE}" --default-config + - platform-helper copilot make-addons + - copilot env deploy --name "${ENVIRONMENT}" post_build: commands: - | diff --git a/environment-pipelines/buildspec-plan.yml b/environment-pipelines/buildspec-plan.yml index f420c8ef1..9372854ea 100644 --- a/environment-pipelines/buildspec-plan.yml +++ b/environment-pipelines/buildspec-plan.yml @@ -17,9 +17,7 @@ phases: - echo "Terraform Plan Phase" - platform-helper notify add-comment "${SLACK_CHANNEL_ID}" "${SLACK_TOKEN}" "${SLACK_REF}" "Starting terraform plan phase for the ${ENVIRONMENT} environment." - echo "Working on environment ${ENVIRONMENT}" - - echo "Generating manifests" - - copilot env init --name ${ENVIRONMENT} --profile ${COPILOT_PROFILE} --default-config - - platform-helper copilot make-addons + - platform-helper environment generate-terraform --name "${ENVIRONMENT}" - cd terraform/environments/${ENVIRONMENT} - terraform init - terraform plan -out=plan.tfplan @@ -40,3 +38,4 @@ phases: artifacts: files: - terraform/environments/${ENVIRONMENT}/plan.tfplan + - copilot/environments/${ENVIRONMENT}/manifest.yml diff --git a/environment-pipelines/codebuild.tf b/environment-pipelines/codebuild.tf index 794ab0b5f..7aeed2ae2 100644 --- a/environment-pipelines/codebuild.tf +++ b/environment-pipelines/codebuild.tf @@ -1,5 +1,5 @@ resource "aws_codebuild_project" "environment_pipeline_build" { - name = "${var.application}-environment-pipeline-build" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-build" description = "Provisions the ${var.application} application's extensions." build_timeout = 5 service_role = aws_iam_role.environment_pipeline_codebuild.arn @@ -37,19 +37,19 @@ resource "aws_codebuild_project" "environment_pipeline_build" { } resource "aws_cloudwatch_log_group" "environment_pipeline_codebuild" { - name = "codebuild/${var.application}-environment-terraform/log-group" + name = "codebuild/${var.application}-${var.pipeline_name}-environment-terraform/log-group" # checkov:skip=CKV_AWS_338:Retains logs for 3 months instead of 1 year retention_in_days = 90 } resource "aws_cloudwatch_log_stream" "environment_pipeline_codebuild" { - name = "codebuild/${var.application}-environment-terraform/log-stream" + name = "codebuild/${var.application}-${var.pipeline_name}-environment-terraform/log-stream" log_group_name = aws_cloudwatch_log_group.environment_pipeline_codebuild.name } # Terraform plan resource "aws_codebuild_project" "environment_pipeline_plan" { - name = "${var.application}-environment-pipeline-plan" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-plan" description = "Provisions the ${var.application} application's extensions." build_timeout = 5 service_role = aws_iam_role.environment_pipeline_codebuild.arn @@ -88,9 +88,9 @@ resource "aws_codebuild_project" "environment_pipeline_plan" { # Terraform apply resource "aws_codebuild_project" "environment_pipeline_apply" { - name = "${var.application}-environment-pipeline-apply" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-apply" description = "Provisions the ${var.application} application's extensions." - build_timeout = 60 + build_timeout = 120 service_role = aws_iam_role.environment_pipeline_codebuild.arn encryption_key = module.artifact_store.kms_key_arn diff --git a/environment-pipelines/codepipeline.tf b/environment-pipelines/codepipeline.tf index 8064d76c9..14e0bca79 100644 --- a/environment-pipelines/codepipeline.tf +++ b/environment-pipelines/codepipeline.tf @@ -3,9 +3,10 @@ data "aws_codestarconnections_connection" "github_codestar_connection" { } resource "aws_codepipeline" "environment_pipeline" { - name = "${var.application}-environment-pipeline" - role_arn = aws_iam_role.environment_pipeline_codepipeline.arn - depends_on = [aws_iam_role_policy.artifact_store_access_for_environment_codebuild] + name = "${var.application}-${var.pipeline_name}-environment-pipeline" + role_arn = aws_iam_role.environment_pipeline_codepipeline.arn + depends_on = [aws_iam_role_policy.artifact_store_access_for_environment_codebuild] + pipeline_type = "V2" artifact_store { location = module.artifact_store.bucket_name @@ -32,6 +33,7 @@ resource "aws_codepipeline" "environment_pipeline" { ConnectionArn = data.aws_codestarconnections_connection.github_codestar_connection.arn FullRepositoryId = var.repository BranchName = var.branch + DetectChanges = var.trigger_on_push } } } @@ -50,7 +52,7 @@ resource "aws_codepipeline" "environment_pipeline" { namespace = "slack" configuration = { - ProjectName = "${var.application}-environment-pipeline-build" + ProjectName = "${var.application}-${var.pipeline_name}-environment-pipeline-build" PrimarySource = "project_deployment_source" EnvironmentVariables : jsonencode([ { name : "APPLICATION", value : var.application }, @@ -88,9 +90,9 @@ module "artifact_store" { application = var.application environment = "not-applicable" - name = "${var.application}-environment-pipeline-artifact-store" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-artifact-store" config = { - bucket_name = "${var.application}-environment-pipeline-artifact-store" + bucket_name = "${var.application}-${var.pipeline_name}-environment-pipeline-artifact-store" } } diff --git a/environment-pipelines/iam.tf b/environment-pipelines/iam.tf index b39b21c6f..04aa2915e 100644 --- a/environment-pipelines/iam.tf +++ b/environment-pipelines/iam.tf @@ -210,7 +210,7 @@ data "aws_iam_policy_document" "load_balancer" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "elasticloadbalancing:CreateTargetGroup", @@ -225,7 +225,7 @@ data "aws_iam_policy_document" "load_balancer" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "elasticloadbalancing:CreateLoadBalancer", @@ -241,7 +241,7 @@ data "aws_iam_policy_document" "load_balancer" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "elasticloadbalancing:AddTags" @@ -254,7 +254,7 @@ data "aws_iam_policy_document" "load_balancer" { } resource "aws_iam_policy" "load_balancer" { - name = "load-balancer-access" + name = "${var.application}-${var.pipeline_name}-pipeline-load-balancer-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access load-balancer resources" policy = data.aws_iam_policy_document.load_balancer.json @@ -321,7 +321,7 @@ data "aws_iam_policy_document" "ssm_parameter" { data "aws_iam_policy_document" "cloudwatch" { dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "cloudwatch:GetDashboard", @@ -335,7 +335,7 @@ data "aws_iam_policy_document" "cloudwatch" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "resource-groups:GetGroup", @@ -353,7 +353,7 @@ data "aws_iam_policy_document" "cloudwatch" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "applicationinsights:CreateApplication", @@ -395,6 +395,7 @@ data "aws_iam_policy_document" "logs" { actions = [ "logs:PutRetentionPolicy", "logs:ListTagsLogGroup", + "logs:ListTagsForResource", "logs:DeleteLogGroup", "logs:CreateLogGroup", "logs:PutSubscriptionFilter", @@ -431,7 +432,7 @@ data "aws_iam_policy_document" "kms_key" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "kms:CreateAlias", @@ -484,7 +485,7 @@ data "aws_iam_policy_document" "redis" { } resource "aws_iam_policy" "redis" { - name = "redis-access" + name = "${var.application}-${var.pipeline_name}-pipeline-redis-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access redis resources" policy = data.aws_iam_policy_document.redis.json @@ -500,7 +501,7 @@ data "aws_iam_policy_document" "postgres" { ] } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "iam:CreateRole", @@ -522,7 +523,7 @@ data "aws_iam_policy_document" "postgres" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "lambda:GetFunction", @@ -537,7 +538,7 @@ data "aws_iam_policy_document" "postgres" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "rds:CreateDBParameterGroup", @@ -555,7 +556,7 @@ data "aws_iam_policy_document" "postgres" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "rds:CreateDBSubnetGroup", @@ -581,7 +582,7 @@ data "aws_iam_policy_document" "postgres" { } dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "rds:CreateDBInstance", @@ -606,7 +607,7 @@ data "aws_iam_policy_document" "postgres" { } resource "aws_iam_policy" "postgres" { - name = "postgres-access" + name = "${var.application}-${var.pipeline_name}-pipeline-postgres-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access postgres resources" policy = data.aws_iam_policy_document.postgres.json @@ -633,7 +634,7 @@ data "aws_iam_policy_document" "s3" { } resource "aws_iam_policy" "s3" { - name = "s3-access" + name = "${var.application}-${var.pipeline_name}-pipeline-s3-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access s3 resources" policy = data.aws_iam_policy_document.s3.json @@ -657,7 +658,7 @@ data "aws_iam_policy_document" "opensearch" { } resource "aws_iam_policy" "opensearch" { - name = "opensearch-access" + name = "${var.application}-${var.pipeline_name}-pipeline-opensearch-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access opensearch resources" policy = data.aws_iam_policy_document.opensearch.json @@ -666,7 +667,7 @@ resource "aws_iam_policy" "opensearch" { # Policies for AWS Copilot data "aws_iam_policy_document" "copilot_assume_role" { dynamic "statement" { - for_each = var.environments + for_each = local.environment_config content { actions = [ "sts:AssumeRole" @@ -681,12 +682,16 @@ data "aws_iam_policy_document" "copilot_assume_role" { data "aws_iam_policy_document" "cloudformation" { statement { actions = [ + "cloudformation:GetTemplate", "cloudformation:GetTemplateSummary", "cloudformation:DescribeStackSet", "cloudformation:UpdateStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:DescribeStacks", + "cloudformation:DescribeChangeSet", + "cloudformation:CreateChangeSet", + "cloudformation:ExecuteChangeSet", ] resources = [ "arn:aws:cloudformation:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stack/${var.application}-*", @@ -697,7 +702,7 @@ data "aws_iam_policy_document" "cloudformation" { } resource "aws_iam_policy" "cloudformation" { - name = "cloudformation-access" + name = "${var.application}-${var.pipeline_name}-pipeline-cloudformation-access" path = "/${var.application}/codebuild/" description = "Allow ${var.application} codebuild job to access cloudformation resources" policy = data.aws_iam_policy_document.cloudformation.json @@ -705,13 +710,13 @@ resource "aws_iam_policy" "cloudformation" { # Roles resource "aws_iam_role" "environment_pipeline_codepipeline" { - name = "${var.application}-environment-pipeline-codepipeline" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-codepipeline" assume_role_policy = data.aws_iam_policy_document.assume_codepipeline_role.json tags = local.tags } resource "aws_iam_role" "environment_pipeline_codebuild" { - name = "${var.application}-environment-pipeline-codebuild" + name = "${var.application}-${var.pipeline_name}-environment-pipeline-codebuild" assume_role_policy = data.aws_iam_policy_document.assume_codebuild_role.json managed_policy_arns = [ aws_iam_policy.cloudformation.arn, @@ -726,100 +731,100 @@ resource "aws_iam_role" "environment_pipeline_codebuild" { # Inline policies resource "aws_iam_role_policy" "artifact_store_access_for_environment_codepipeline" { - name = "${var.application}-artifact-store-access-for-environment-codepipeline" + name = "${var.application}-${var.pipeline_name}-artifact-store-access-for-environment-codepipeline" role = aws_iam_role.environment_pipeline_codepipeline.name policy = data.aws_iam_policy_document.access_artifact_store.json } resource "aws_iam_role_policy" "artifact_store_access_for_environment_codebuild" { - name = "${var.application}-artifact-store-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-artifact-store-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.access_artifact_store.json } resource "aws_iam_role_policy" "log_access_for_environment_codebuild" { - name = "${var.application}-log-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-log-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.write_environment_pipeline_codebuild_logs.json } # Terraform state access resource "aws_iam_role_policy" "state_bucket_access_for_environment_codebuild" { - name = "${var.application}-state-bucket-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-state-bucket-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.state_bucket_access.json } resource "aws_iam_role_policy" "state_kms_key_access_for_environment_codebuild" { - name = "${var.application}-state-kms-key-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-state-kms-key-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.state_kms_key_access.json } resource "aws_iam_role_policy" "state_dynamo_db_access_for_environment_codebuild" { - name = "${var.application}-state-dynamo-db-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-state-dynamo-db-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.state_dynamo_db_access.json } # VPC and Subnets resource "aws_iam_role_policy" "ec2_read_access_for_environment_codebuild" { - name = "${var.application}-ec2-read-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-ec2-read-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.ec2_read_access.json } resource "aws_iam_role_policy" "ssm_read_access_for_environment_codebuild" { - name = "${var.application}-ssm-read-access-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-ssm-read-access-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.ssm_read_access.json } # Assume DNS account role resource "aws_iam_role_policy" "dns_account_assume_role_for_environment_codebuild" { - name = "${var.application}-dns-account-assume-role-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-dns-account-assume-role-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.dns_account_assume_role.json } resource "aws_iam_role_policy" "certificate_for_environment_codebuild" { - name = "${var.application}-certificate-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-certificate-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.certificate.json } resource "aws_iam_role_policy" "security_group_for_environment_codebuild" { - name = "${var.application}-security-group-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-security-group-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.security_group.json } resource "aws_iam_role_policy" "ssm_parameter_for_environment_codebuild" { - name = "${var.application}-ssm-parameter-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-ssm-parameter-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.ssm_parameter.json } resource "aws_iam_role_policy" "cloudwatch_for_environment_codebuild" { - name = "${var.application}-cloudwatch-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-cloudwatch-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.cloudwatch.json } resource "aws_iam_role_policy" "logs_for_environment_codebuild" { - name = "${var.application}-logs-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-logs-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.logs.json } resource "aws_iam_role_policy" "kms_key_for_environment_codebuild" { - name = "${var.application}-kms-key-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-kms-key-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.kms_key.json } resource "aws_iam_role_policy" "copilot_assume_role_for_environment_codebuild" { - name = "${var.application}-copilot-assume-role-for-environment-codebuild" + name = "${var.application}-${var.pipeline_name}-copilot-assume-role-for-environment-codebuild" role = aws_iam_role.environment_pipeline_codebuild.name policy = data.aws_iam_policy_document.copilot_assume_role.json } diff --git a/environment-pipelines/locals.tf b/environment-pipelines/locals.tf index 723d1fa51..8ab6ddfbc 100644 --- a/environment-pipelines/locals.tf +++ b/environment-pipelines/locals.tf @@ -7,9 +7,13 @@ locals { stage_config = yamldecode(file("${path.module}/stage_config.yml")) + base_env_config = { for name, config in var.environment_config : name => merge(lookup(var.environment_config, "*", {}), config) } + # Convert the env config into a list and add env name and vpc / requires_approval from the environments config. + environment_config = [for name, env in var.environments : merge(lookup(local.base_env_config, name, {}), env, { "name" = name })] + # We flatten a list of lists for each env: initial_stages = flatten( - [for env in var.environments : [ + [for env in local.environment_config : [ # The first element of the inner list for an env is the Plan stage. { type : "plan", @@ -19,20 +23,20 @@ locals { input_artifacts : ["build_output"], output_artifacts : ["${env.name}_terraform_plan"], configuration : { - ProjectName : "${var.application}-environment-pipeline-plan" + ProjectName : "${var.application}-${var.pipeline_name}-environment-pipeline-plan" PrimarySource : "build_output" EnvironmentVariables : jsonencode([ { name : "ENVIRONMENT", value : env.name }, { name : "COPILOT_PROFILE", value : env.accounts.deploy.name }, { name : "SLACK_CHANNEL_ID", value : var.slack_channel, type : "PARAMETER_STORE" }, { name : "SLACK_REF", value : "#{slack.SLACK_REF}" }, - { name : "NEEDS_APPROVAL", value : coalesce(env.requires_approval, false) ? "yes" : "no" } + { name : "NEEDS_APPROVAL", value : lookup(env, "requires_approval", false) ? "yes" : "no" } ]) } namespace : "${env.name}-plan" }, # The second element of the inner list for an env is the Approval stage if required, or the empty list otherwise. - coalesce(env.requires_approval, false) ? [{ + lookup(env, "requires_approval", false) ? [{ type : "approve", stage_name : "Approve-${env.name}", env : "", @@ -40,7 +44,7 @@ locals { output_artifacts : [], configuration : { CustomData : "Review Terraform Plan" - ExternalEntityLink : "https://${data.aws_region.current.name}.console.aws.amazon.com/codesuite/codebuild/${data.aws_caller_identity.current.account_id}/projects/${var.application}-environment-pipeline-plan/build/#{${env.name}-plan.BUILD_ID}" + ExternalEntityLink : "https://${data.aws_region.current.name}.console.aws.amazon.com/codesuite/codebuild/${data.aws_caller_identity.current.account_id}/projects/${var.application}-${var.pipeline_name}-environment-pipeline-plan/build/#{${env.name}-plan.BUILD_ID}" }, namespace : null }] : [], @@ -53,12 +57,13 @@ locals { input_artifacts : ["build_output", "${env.name}_terraform_plan"], output_artifacts : [], configuration : { - ProjectName : "${var.application}-environment-pipeline-apply" + ProjectName : "${var.application}-${var.pipeline_name}-environment-pipeline-apply" PrimarySource : "build_output" EnvironmentVariables : jsonencode([ { name : "ENVIRONMENT", value : env.name }, { name : "SLACK_CHANNEL_ID", value : var.slack_channel, type : "PARAMETER_STORE" }, { name : "SLACK_REF", value : "#{slack.SLACK_REF}" }, + { name : "VPC", value : local.base_env_config[env.name].vpc } ]) }, namespace : null diff --git a/environment-pipelines/outputs.tf b/environment-pipelines/outputs.tf new file mode 100644 index 000000000..a20d95551 --- /dev/null +++ b/environment-pipelines/outputs.tf @@ -0,0 +1,3 @@ +output "environment_config" { + value = local.environment_config +} diff --git a/environment-pipelines/tests/unit.tftest.hcl b/environment-pipelines/tests/unit.tftest.hcl index 433f59965..c0c3f8e27 100644 --- a/environment-pipelines/tests/unit.tftest.hcl +++ b/environment-pipelines/tests/unit.tftest.hcl @@ -148,17 +148,17 @@ override_data { } variables { - application = "my-app" - repository = "my-repository" + application = "my-app" + repository = "my-repository" + pipeline_name = "my-pipeline" expected_tags = { application = "my-app" copilot-application = "my-app" managed-by = "DBT Platform - Terraform" } - environments = [ - { - name = "dev", + environment_config = { + "*" = { accounts = { deploy = { name = "sandbox" @@ -169,9 +169,11 @@ variables { id = "000987654321" } } + requires_approval : false + vpc : "platform-sandbox-dev" }, - { - name = "prod", + "dev" = null, + "prod" = { accounts = { deploy = { name = "prod" @@ -183,21 +185,27 @@ variables { } } requires_approval = true + vpc : "platform-sandbox-prod" } - ] + } + + environments = { + "dev" : null + "prod" : null + } } run "test_code_pipeline" { command = plan assert { - condition = aws_codepipeline.environment_pipeline.name == "my-app-environment-pipeline" - error_message = "Should be: my-app-environment-pipeline" + condition = aws_codepipeline.environment_pipeline.name == "my-app-my-pipeline-environment-pipeline" + error_message = "Should be: my-app-my-pipeline-environment-pipeline" } # aws_codepipeline.environment_pipeline.role_arn cannot be tested on a plan assert { - condition = tolist(aws_codepipeline.environment_pipeline.artifact_store)[0].location == "my-app-environment-pipeline-artifact-store" - error_message = "Should be: my-app-environment-pipeline-artifact-store" + condition = tolist(aws_codepipeline.environment_pipeline.artifact_store)[0].location == "my-app-my-pipeline-environment-pipeline-artifact-store" + error_message = "Should be: my-app-my-pipeline-environment-pipeline-artifact-store" } assert { condition = tolist(aws_codepipeline.environment_pipeline.artifact_store)[0].type == "S3" @@ -282,8 +290,8 @@ run "test_code_pipeline" { error_message = "Should be: build_output" } assert { - condition = aws_codepipeline.environment_pipeline.stage[1].action[0].configuration.ProjectName == "my-app-environment-pipeline-build" - error_message = "Should be: my-app-environment-pipeline-build" + condition = aws_codepipeline.environment_pipeline.stage[1].action[0].configuration.ProjectName == "my-app-my-pipeline-environment-pipeline-build" + error_message = "Should be: my-app-my-pipeline-environment-pipeline-build" } assert { condition = aws_codepipeline.environment_pipeline.stage[1].action[0].configuration.PrimarySource == "project_deployment_source" @@ -301,8 +309,8 @@ run "test_codebuild" { command = plan assert { - condition = aws_codebuild_project.environment_pipeline_build.name == "my-app-environment-pipeline-build" - error_message = "Should be: my-app-environment-pipeline-build" + condition = aws_codebuild_project.environment_pipeline_build.name == "my-app-my-pipeline-environment-pipeline-build" + error_message = "Should be: my-app-my-pipeline-environment-pipeline-build" } assert { condition = aws_codebuild_project.environment_pipeline_build.description == "Provisions the my-app application's extensions." @@ -321,8 +329,8 @@ run "test_codebuild" { error_message = "Should be: 'S3'" } assert { - condition = one(aws_codebuild_project.environment_pipeline_build.cache).location == "my-app-environment-pipeline-artifact-store" - error_message = "Should be: 'my-app-environment-pipeline-artifact-store'" + condition = one(aws_codebuild_project.environment_pipeline_build.cache).location == "my-app-my-pipeline-environment-pipeline-artifact-store" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-artifact-store'" } assert { condition = one(aws_codebuild_project.environment_pipeline_build.environment).compute_type == "BUILD_GENERAL1_SMALL" @@ -342,12 +350,12 @@ run "test_codebuild" { error_message = "Should be: 'CODEBUILD'" } assert { - condition = aws_codebuild_project.environment_pipeline_build.logs_config[0].cloudwatch_logs[0].group_name == "codebuild/my-app-environment-terraform/log-group" - error_message = "Should be: 'codebuild/my-app-environment-terraform/log-group'" + condition = aws_codebuild_project.environment_pipeline_build.logs_config[0].cloudwatch_logs[0].group_name == "codebuild/my-app-my-pipeline-environment-terraform/log-group" + error_message = "Should be: 'codebuild/my-app-my-pipeline-environment-terraform/log-group'" } assert { - condition = aws_codebuild_project.environment_pipeline_build.logs_config[0].cloudwatch_logs[0].stream_name == "codebuild/my-app-environment-terraform/log-stream" - error_message = "Should be: 'codebuild/my-app-environment-terraform/log-group'" + condition = aws_codebuild_project.environment_pipeline_build.logs_config[0].cloudwatch_logs[0].stream_name == "codebuild/my-app-my-pipeline-environment-terraform/log-stream" + error_message = "Should be: 'codebuild/my-app-my-pipeline-environment-terraform/log-group'" } assert { condition = one(aws_codebuild_project.environment_pipeline_build.source).type == "CODEPIPELINE" @@ -364,20 +372,20 @@ run "test_codebuild" { # Cloudwatch config: assert { - condition = aws_cloudwatch_log_group.environment_pipeline_codebuild.name == "codebuild/my-app-environment-terraform/log-group" - error_message = "Should be: 'codebuild/my-app-environment-terraform/log-group'" + condition = aws_cloudwatch_log_group.environment_pipeline_codebuild.name == "codebuild/my-app-my-pipeline-environment-terraform/log-group" + error_message = "Should be: 'codebuild/my-app-my-pipeline-environment-terraform/log-group'" } assert { condition = aws_cloudwatch_log_group.environment_pipeline_codebuild.retention_in_days == 90 error_message = "Should be: 90" } assert { - condition = aws_cloudwatch_log_stream.environment_pipeline_codebuild.name == "codebuild/my-app-environment-terraform/log-stream" - error_message = "Should be: 'codebuild/my-app-environment-terraform/log-stream'" + condition = aws_cloudwatch_log_stream.environment_pipeline_codebuild.name == "codebuild/my-app-my-pipeline-environment-terraform/log-stream" + error_message = "Should be: 'codebuild/my-app-my-pipeline-environment-terraform/log-stream'" } assert { - condition = aws_cloudwatch_log_stream.environment_pipeline_codebuild.log_group_name == "codebuild/my-app-environment-terraform/log-group" - error_message = "Should be: 'codebuild/my-app-environment-terraform/log-group'" + condition = aws_cloudwatch_log_stream.environment_pipeline_codebuild.log_group_name == "codebuild/my-app-my-pipeline-environment-terraform/log-group" + error_message = "Should be: 'codebuild/my-app-my-pipeline-environment-terraform/log-group'" } } @@ -386,8 +394,8 @@ run "test_iam" { # IAM Role for the pipeline. assert { - condition = aws_iam_role.environment_pipeline_codepipeline.name == "my-app-environment-pipeline-codepipeline" - error_message = "Should be: 'my-app-environment-pipeline-codepipeline'" + condition = aws_iam_role.environment_pipeline_codepipeline.name == "my-app-my-pipeline-environment-pipeline-codepipeline" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codepipeline'" } assert { condition = aws_iam_role.environment_pipeline_codepipeline.assume_role_policy == "{\"Sid\": \"AssumePipelineRole\"}" @@ -400,8 +408,8 @@ run "test_iam" { # IAM Role for the codebuild assert { - condition = aws_iam_role.environment_pipeline_codebuild.name == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role.environment_pipeline_codebuild.name == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } assert { condition = aws_iam_role.environment_pipeline_codebuild.assume_role_policy == "{\"Sid\": \"AssumeCodebuildRole\"}" @@ -415,88 +423,88 @@ run "test_iam" { # Policy links assert { - condition = aws_iam_role_policy.artifact_store_access_for_environment_codepipeline.name == "my-app-artifact-store-access-for-environment-codepipeline" + condition = aws_iam_role_policy.artifact_store_access_for_environment_codepipeline.name == "my-app-my-pipeline-artifact-store-access-for-environment-codepipeline" error_message = "Should be: 'my-app-artifact-store-access-for-environment-codepipeline'" } assert { - condition = aws_iam_role_policy.artifact_store_access_for_environment_codepipeline.role == "my-app-environment-pipeline-codepipeline" - error_message = "Should be: 'my-app-environment-pipeline-codepipeline'" + condition = aws_iam_role_policy.artifact_store_access_for_environment_codepipeline.role == "my-app-my-pipeline-environment-pipeline-codepipeline" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codepipeline'" } # aws_iam_role_policy.artifact_store_access_for_environment_codepipeline.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.artifact_store_access_for_environment_codebuild.name == "my-app-artifact-store-access-for-environment-codebuild" + condition = aws_iam_role_policy.artifact_store_access_for_environment_codebuild.name == "my-app-my-pipeline-artifact-store-access-for-environment-codebuild" error_message = "Should be: 'my-app-artifact-store-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.artifact_store_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.artifact_store_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.artifact_store_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.log_access_for_environment_codebuild.name == "my-app-log-access-for-environment-codebuild" + condition = aws_iam_role_policy.log_access_for_environment_codebuild.name == "my-app-my-pipeline-log-access-for-environment-codebuild" error_message = "Should be: 'my-app-log-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.log_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.log_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.log_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.state_bucket_access_for_environment_codebuild.name == "my-app-state-bucket-access-for-environment-codebuild" + condition = aws_iam_role_policy.state_bucket_access_for_environment_codebuild.name == "my-app-my-pipeline-state-bucket-access-for-environment-codebuild" error_message = "Should be: 'my-app-state-bucket-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.state_bucket_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.state_bucket_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.state_bucket_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.state_kms_key_access_for_environment_codebuild.name == "my-app-state-kms-key-access-for-environment-codebuild" + condition = aws_iam_role_policy.state_kms_key_access_for_environment_codebuild.name == "my-app-my-pipeline-state-kms-key-access-for-environment-codebuild" error_message = "Should be: 'my-app-state-kms-key-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.state_kms_key_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.state_kms_key_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.state_kms_key_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.state_dynamo_db_access_for_environment_codebuild.name == "my-app-state-dynamo-db-access-for-environment-codebuild" + condition = aws_iam_role_policy.state_dynamo_db_access_for_environment_codebuild.name == "my-app-my-pipeline-state-dynamo-db-access-for-environment-codebuild" error_message = "Should be: 'my-app-state-dynamo-db-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.state_dynamo_db_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.state_dynamo_db_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.state_dynamo_db_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.ec2_read_access_for_environment_codebuild.name == "my-app-ec2-read-access-for-environment-codebuild" + condition = aws_iam_role_policy.ec2_read_access_for_environment_codebuild.name == "my-app-my-pipeline-ec2-read-access-for-environment-codebuild" error_message = "Should be: 'my-app-ec2-read-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.ec2_read_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.ec2_read_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.ec2_read_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.ssm_read_access_for_environment_codebuild.name == "my-app-ssm-read-access-for-environment-codebuild" + condition = aws_iam_role_policy.ssm_read_access_for_environment_codebuild.name == "my-app-my-pipeline-ssm-read-access-for-environment-codebuild" error_message = "Should be: 'my-app-ssm-read-access-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.ssm_read_access_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.ssm_read_access_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.ssm_read_access_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.dns_account_assume_role_for_environment_codebuild.name == "my-app-dns-account-assume-role-for-environment-codebuild" + condition = aws_iam_role_policy.dns_account_assume_role_for_environment_codebuild.name == "my-app-my-pipeline-dns-account-assume-role-for-environment-codebuild" error_message = "Should be: 'my-app-dns-account-assume-role-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.dns_account_assume_role_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.dns_account_assume_role_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.dns_account_assume_role_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_policy.load_balancer.name == "load-balancer-access" + condition = aws_iam_policy.load_balancer.name == "my-app-my-pipeline-pipeline-load-balancer-access" error_message = "Unexpected name" } assert { @@ -512,62 +520,62 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_role_policy.certificate_for_environment_codebuild.name == "my-app-certificate-for-environment-codebuild" + condition = aws_iam_role_policy.certificate_for_environment_codebuild.name == "my-app-my-pipeline-certificate-for-environment-codebuild" error_message = "Should be: 'my-app-certificate-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.certificate_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.certificate_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.certificate_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.security_group_for_environment_codebuild.name == "my-app-security-group-for-environment-codebuild" + condition = aws_iam_role_policy.security_group_for_environment_codebuild.name == "my-app-my-pipeline-security-group-for-environment-codebuild" error_message = "Should be: 'my-app-security-group-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.security_group_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.security_group_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.security_group_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.ssm_parameter_for_environment_codebuild.name == "my-app-ssm-parameter-for-environment-codebuild" + condition = aws_iam_role_policy.ssm_parameter_for_environment_codebuild.name == "my-app-my-pipeline-ssm-parameter-for-environment-codebuild" error_message = "Should be: 'my-app-ssm-parameter-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.ssm_parameter_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.ssm_parameter_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.ssm_parameter_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.cloudwatch_for_environment_codebuild.name == "my-app-cloudwatch-for-environment-codebuild" + condition = aws_iam_role_policy.cloudwatch_for_environment_codebuild.name == "my-app-my-pipeline-cloudwatch-for-environment-codebuild" error_message = "Should be: 'my-app-cloudwatch-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.cloudwatch_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.cloudwatch_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.cloudwatch_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.logs_for_environment_codebuild.name == "my-app-logs-for-environment-codebuild" + condition = aws_iam_role_policy.logs_for_environment_codebuild.name == "my-app-my-pipeline-logs-for-environment-codebuild" error_message = "Should be: 'my-app-logs-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.logs_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.logs_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.logs_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_role_policy.kms_key_for_environment_codebuild.name == "my-app-kms-key-for-environment-codebuild" + condition = aws_iam_role_policy.kms_key_for_environment_codebuild.name == "my-app-my-pipeline-kms-key-for-environment-codebuild" error_message = "Should be: 'my-app-kms-key-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.kms_key_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.kms_key_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.kms_key_for_environment_codebuild.policy cannot be tested on a plan assert { - condition = aws_iam_policy.redis.name == "redis-access" + condition = aws_iam_policy.redis.name == "my-app-my-pipeline-pipeline-redis-access" error_message = "Unexpected name" } assert { @@ -583,7 +591,7 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_policy.postgres.name == "postgres-access" + condition = aws_iam_policy.postgres.name == "my-app-my-pipeline-pipeline-postgres-access" error_message = "Unexpected name" } assert { @@ -599,7 +607,7 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_policy.s3.name == "s3-access" + condition = aws_iam_policy.s3.name == "my-app-my-pipeline-pipeline-s3-access" error_message = "Unexpected name" } assert { @@ -615,7 +623,7 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_policy.opensearch.name == "opensearch-access" + condition = aws_iam_policy.opensearch.name == "my-app-my-pipeline-pipeline-opensearch-access" error_message = "Unexpected name" } assert { @@ -631,7 +639,7 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_policy.cloudformation.name == "cloudformation-access" + condition = aws_iam_policy.cloudformation.name == "my-app-my-pipeline-pipeline-cloudformation-access" error_message = "Unexpected name" } assert { @@ -647,12 +655,12 @@ run "test_iam" { error_message = "Unexpected policy" } assert { - condition = aws_iam_role_policy.copilot_assume_role_for_environment_codebuild.name == "my-app-copilot-assume-role-for-environment-codebuild" + condition = aws_iam_role_policy.copilot_assume_role_for_environment_codebuild.name == "my-app-my-pipeline-copilot-assume-role-for-environment-codebuild" error_message = "Should be: 'my-app-copilot-assume-role-for-environment-codebuild'" } assert { - condition = aws_iam_role_policy.copilot_assume_role_for_environment_codebuild.role == "my-app-environment-pipeline-codebuild" - error_message = "Should be: 'my-app-environment-pipeline-codebuild'" + condition = aws_iam_role_policy.copilot_assume_role_for_environment_codebuild.role == "my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-my-pipeline-environment-pipeline-codebuild'" } # aws_iam_role_policy.copilot_assume_role_for_environment_codebuild.policy cannot be tested on a plan } @@ -662,8 +670,8 @@ run "test_artifact_store" { # artifact-store S3 bucket. assert { - condition = module.artifact_store.bucket_name == "my-app-environment-pipeline-artifact-store" - error_message = "Should be: my-app-environment-pipeline-artifact-store" + condition = module.artifact_store.bucket_name == "my-app-my-pipeline-environment-pipeline-artifact-store" + error_message = "Should be: my-app-my-pipeline-environment-pipeline-artifact-store" } } @@ -725,7 +733,7 @@ run "test_stages" { error_message = "Action Version incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[2].action[0].configuration.ProjectName == "my-app-environment-pipeline-plan" + condition = aws_codepipeline.environment_pipeline.stage[2].action[0].configuration.ProjectName == "my-app-my-pipeline-environment-pipeline-plan" error_message = "Configuration ProjectName incorrect" } assert { @@ -783,7 +791,7 @@ run "test_stages" { error_message = "Action Version incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.ProjectName == "my-app-environment-pipeline-apply" + condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.ProjectName == "my-app-my-pipeline-environment-pipeline-apply" error_message = "Configuration ProjectName incorrect" } assert { @@ -791,7 +799,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"VPC\",\"value\":\"platform-sandbox-dev\"}]" error_message = "Configuration Env Vars incorrect" } @@ -837,7 +845,7 @@ run "test_stages" { error_message = "Action Version incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[4].action[0].configuration.ProjectName == "my-app-environment-pipeline-plan" + condition = aws_codepipeline.environment_pipeline.stage[4].action[0].configuration.ProjectName == "my-app-my-pipeline-environment-pipeline-plan" error_message = "Configuration ProjectName incorrect" } assert { @@ -891,7 +899,7 @@ run "test_stages" { error_message = "Configuration CustomData incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[5].action[0].configuration.ExternalEntityLink == "https://${data.aws_region.current.name}.console.aws.amazon.com/codesuite/codebuild/${data.aws_caller_identity.current.account_id}/projects/my-app-environment-pipeline-plan/build/#{prod-plan.BUILD_ID}" + condition = aws_codepipeline.environment_pipeline.stage[5].action[0].configuration.ExternalEntityLink == "https://${data.aws_region.current.name}.console.aws.amazon.com/codesuite/codebuild/${data.aws_caller_identity.current.account_id}/projects/my-app-my-pipeline-environment-pipeline-plan/build/#{prod-plan.BUILD_ID}" error_message = "Configuration ExternalEntityLink incorrect" } @@ -937,7 +945,7 @@ run "test_stages" { error_message = "Action Version incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.ProjectName == "my-app-environment-pipeline-apply" + condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.ProjectName == "my-app-my-pipeline-environment-pipeline-apply" error_message = "Configuration ProjectName incorrect" } assert { @@ -945,7 +953,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"VPC\",\"value\":\"platform-sandbox-prod\"}]" error_message = "Configuration Env Vars incorrect" } } diff --git a/environment-pipelines/variables.tf b/environment-pipelines/variables.tf index 9f0b3e13b..cc151751f 100644 --- a/environment-pipelines/variables.tf +++ b/environment-pipelines/variables.tf @@ -6,27 +6,25 @@ variable "repository" { type = string } +variable "pipeline_name" { + type = string +} + variable "environments" { - type = list( + type = map( object( { - name = string, - accounts = object({ - deploy = object({ - name = string - id = string - }), - dns = object({ - name = string - id = string - }) - }) + vpc = optional(string) requires_approval = optional(bool) } ) ) } +variable "environment_config" { + type = any +} + variable "branch" { type = string default = "main" @@ -36,3 +34,8 @@ variable "slack_channel" { type = string default = "/codebuild/slack_pipeline_notifications_channel" } + +variable "trigger_on_push" { + type = bool + default = true +}