diff --git a/.config/tfsec.yml b/.config/.tfsec.yml similarity index 100% rename from .config/tfsec.yml rename to .config/.tfsec.yml diff --git a/.tfsec/launch_configuration_imdsv2_tfchecks.json b/.config/.tfsec/launch_configuration_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_configuration_imdsv2_tfchecks.json rename to .config/.tfsec/launch_configuration_imdsv2_tfchecks.json diff --git a/.tfsec/launch_template_imdsv2_tfchecks.json b/.config/.tfsec/launch_template_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_template_imdsv2_tfchecks.json rename to .config/.tfsec/launch_template_imdsv2_tfchecks.json diff --git a/.tfsec/no_launch_config_tfchecks.json b/.config/.tfsec/no_launch_config_tfchecks.json similarity index 100% rename from .tfsec/no_launch_config_tfchecks.json rename to .config/.tfsec/no_launch_config_tfchecks.json diff --git a/.tfsec/sg_no_embedded_egress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_egress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json diff --git a/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_ingress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json diff --git a/.config/functional_tests/post-entrypoint-helpers.sh b/.config/functional_tests/post-entrypoint-helpers.sh new file mode 100644 index 0000000..9ed42cd --- /dev/null +++ b/.config/functional_tests/post-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the end of functional test +## Use this to load any configurations after the functional test +## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Post-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/functional_tests/pre-entrypoint-helpers.sh b/.config/functional_tests/pre-entrypoint-helpers.sh new file mode 100644 index 0000000..a1bc78c --- /dev/null +++ b/.config/functional_tests/pre-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the start of functional test +## use this to load any configuration before the functional test +## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/static_tests/post-entrypoint-helpers.sh b/.config/static_tests/post-entrypoint-helpers.sh new file mode 100644 index 0000000..25fbae1 --- /dev/null +++ b/.config/static_tests/post-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the end of static test +## Use this to load any configurations after the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Post-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/static_tests/pre-entrypoint-helpers.sh b/.config/static_tests/pre-entrypoint-helpers.sh new file mode 100644 index 0000000..d24d7a6 --- /dev/null +++ b/.config/static_tests/pre-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the start of static test +## use this to load any configuration before the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file diff --git a/.copier-answers.yml b/.copier-answers.yml index 7bd0d4a..c36d5be 100644 --- a/.copier-answers.yml +++ b/.copier-answers.yml @@ -1,6 +1,6 @@ # This file is auto-generated, changes will be overwritten -_commit: v0.1.1 -_src_path: /task/82768a66-0bb3-11ee-b3d9-ea95b5266d4b/projecttype +_commit: v0.1.4 +_src_path: /task/98ff57b9-0834-11f0-8c70-dab41d8ecd20/projecttype starting_version: v0.0.0 version_file: VERSION diff --git a/.project_automation/functional_tests/Dockerfile b/.project_automation/functional_tests/Dockerfile index 1273798..ffadd4f 100644 --- a/.project_automation/functional_tests/Dockerfile +++ b/.project_automation/functional_tests/Dockerfile @@ -1,4 +1,5 @@ FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 +<<<<<<< before updating ENV TERRAFORM_VERSION=1.4.2 ENV GO_VERSION=1.20.2 ENV YQ_VERSION=v4.34.1 @@ -15,4 +16,10 @@ RUN cd /tmp && \ RUN pip3 install checkov RUN wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq && \ - chmod +x /usr/bin/yq \ No newline at end of file + chmod +x /usr/bin/yq +======= +ENV TERRAFORM_VERSION=1.7.4 +RUN cd /tmp && \ + wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform +>>>>>>> after updating diff --git a/.project_automation/functional_tests/entrypoint.sh b/.project_automation/functional_tests/entrypoint.sh index dccccb8..c9c77ec 100755 --- a/.project_automation/functional_tests/entrypoint.sh +++ b/.project_automation/functional_tests/entrypoint.sh @@ -1,14 +1,38 @@ -#!/bin/bash -e +#!/bin/bash + +## WARNING: DO NOT modify the content of entrypoint.sh +# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh +# to load any customizations or additional configurations ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between # managed and local tasks always use these variables for the project and project type path PROJECT_PATH=${BASE_PATH}/project PROJECT_TYPE_PATH=${BASE_PATH}/projecttype -echo "Starting Functional Tests" +#********** helper functions ************* +pre_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/functional_tests/pre-entrypoint-helpers.sh ]; then + echo "Pre-entrypoint helper found" + source ${PROJECT_PATH}/.config/functional_tests/pre-entrypoint-helpers.sh + echo "Pre-entrypoint helper loaded" + else + echo "Pre-entrypoint helper not found - skipped" + fi +} +post_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh ]; then + echo "Post-entrypoint helper found" + source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh + echo "Post-entrypoint helper loaded" + else + echo "Post-entrypoint helper not found - skipped" + fi +} -cd ${PROJECT_PATH} +#********** Pre-entrypoint helper ************* +pre_entrypoint +<<<<<<< before updating #********** Environment Setup ************* FUNCTIONAL_TEST_PATH=${PROJECT_PATH}/.project_automation/functional_tests CHECKOV_TEST_SCRIPT_PATH=${PROJECT_PATH}/.project_automation/functional_tests/checkov_test.sh @@ -38,3 +62,21 @@ cd ${PROJECT_PATH} git clean -ffxd echo "End of Functional Tests" +======= +#********** Functional Test ************* +/bin/bash ${PROJECT_PATH}/.project_automation/functional_tests/functional_tests.sh +if [ $? -eq 0 ] +then + echo "Functional test completed" + EXIT_CODE=0 +else + echo "Functional test failed" + EXIT_CODE=1 +fi + +#********** Post-entrypoint helper ************* +post_entrypoint + +#********** Exit Code ************* +exit $EXIT_CODE +>>>>>>> after updating diff --git a/.project_automation/functional_tests/functional_tests.sh b/.project_automation/functional_tests/functional_tests.sh new file mode 100644 index 0000000..f18c8ac --- /dev/null +++ b/.project_automation/functional_tests/functional_tests.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +echo "Starting Functional Tests" +cd ${PROJECT_PATH} + +#********** Terraform Test ********** + +# Look up the mandatory test file +MANDATORY_TEST_PATH="./tests/01_mandatory.tftest.hcl" +if test -f ${MANDATORY_TEST_PATH}; then + echo "File ${MANDATORY_TEST_PATH} is found, resuming test" + # Run Terraform test + terraform init + terraform test +else + echo "File ${MANDATORY_TEST_PATH} not found. You must include at least one test run in file ${MANDATORY_TEST_PATH}" + (exit 1) +fi + +if [ $? -eq 0 ]; then + echo "Terraform Test Successfull" +else + echo "Terraform Test Failed" + exit 1 +fi + +echo "End of Functional Tests" \ No newline at end of file diff --git a/.project_automation/static_tests/Dockerfile b/.project_automation/static_tests/Dockerfile index dee8968..11e2da9 100644 --- a/.project_automation/static_tests/Dockerfile +++ b/.project_automation/static_tests/Dockerfile @@ -1,5 +1,5 @@ FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 -ENV TERRAFORM_VERSION=1.4.2 +ENV TERRAFORM_VERSION=1.7.4 RUN cd /tmp && \ wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform @@ -20,6 +20,8 @@ RUN wget -O /tmp/tflint-ruleset-aws.zip https://github.com/terraform-linters/tfl RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash +RUN pip3 install checkov + RUN gem install mdl ENV TERRAFORM_DOCS_VERSION=v0.16.0 diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh index be1966f..fe97343 100755 --- a/.project_automation/static_tests/entrypoint.sh +++ b/.project_automation/static_tests/entrypoint.sh @@ -1,63 +1,50 @@ -#!/bin/bash -e +#!/bin/bash + +## WARNING: DO NOT modify the content of entrypoint.sh +# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh +# to load any customizations or additional configurations ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between # managed and local tasks always use these variables for the project and project type path PROJECT_PATH=${BASE_PATH}/project PROJECT_TYPE_PATH=${BASE_PATH}/projecttype -echo "Starting Static Tests" +#********** helper functions ************* +pre_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh ]; then + echo "Pre-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh + echo "Pre-entrypoint helper loaded" + else + echo "Pre-entrypoint helper not found - skipped" + fi +} +post_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then + echo "Post-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh + echo "Post-entrypoint helper loaded" + else + echo "Post-entrypoint helper not found - skipped" + fi +} -cd ${PROJECT_PATH} -terraform init -terraform validate +#********** Pre-entrypoint helper ************* +pre_entrypoint -#********** tflint ******************** -echo 'Starting tflint' -tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl -MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) -if [ -z "$MYLINT" ] -then - echo "Success - tflint found no linting issues!" -else - echo "Failure - tflint found linting issues!" - echo "$MYLINT" - exit 1 -fi -#********** tfsec ********************* -echo 'Starting tfsec' -MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/tfsec.yml || true) -if [[ $MYTFSEC == *"No problems detected!"* ]]; +#********** Static Test ************* +/bin/bash ${PROJECT_PATH}/.project_automation/static_tests/static_tests.sh +if [ $? -eq 0 ] then - echo "Success - tfsec found no security issues!" - echo "$MYTFSEC" + echo "Static test completed" + EXIT_CODE=0 else - echo "Failure - tfsec found security issues!" - echo "$MYTFSEC" - exit 1 + echo "Static test failed" + EXIT_CODE=1 fi -#********** Markdown Lint ************** -echo 'Starting markdown lint' -MYMDL=$(mdl --config ${PROJECT_PATH}/.config/.mdlrc .header.md || true) -if [ -z "$MYMDL" ] -then - echo "Success - markdown lint found no linting issues!" -else - echo "Failure - markdown lint found linting issues!" - echo "$MYMDL" - exit 1 -fi -#********** Terraform Docs ************* -echo 'Starting terraform-docs' -TDOCS="$(terraform-docs --config ${PROJECT_PATH}/.config/.terraform-docs.yaml --lockfile=false ./)" -git add -N README.md -GDIFF="$(git diff --compact-summary)" -if [ -z "$GDIFF" ] -then - echo "Success - Terraform Docs creation verified!" -else - echo "Failure - Terraform Docs creation failed, ensure you have precommit installed and running before submitting the Pull Request" - exit 1 -fi -#*************************************** -echo "End of Static Tests" +#********** Post-entrypoint helper ************* +post_entrypoint + +#********** Exit Code ************* +exit $EXIT_CODE \ No newline at end of file diff --git a/.project_automation/static_tests/static_tests.sh b/.project_automation/static_tests/static_tests.sh new file mode 100644 index 0000000..fe41048 --- /dev/null +++ b/.project_automation/static_tests/static_tests.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +echo "Starting Static Tests" + +#********** Terraform Validate ************* +cd ${PROJECT_PATH} +terraform init +terraform validate +if [ $? -eq 0 ] +then + echo "Success - Terraform validate" +else + echo "Failure - Terraform validate" + exit 1 +fi + +#********** tflint ******************** +echo 'Starting tflint' +tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl +MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) +if [ -z "$MYLINT" ] +then + echo "Success - tflint found no linting issues!" +else + echo "Failure - tflint found linting issues!" + echo "$MYLINT" + exit 1 +fi + +#********** tfsec ********************* +echo 'Starting tfsec' +MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/.tfsec.yml --custom-check-dir ${PROJECT_PATH}/.config/.tfsec) +if [[ $MYTFSEC == *"No problems detected!"* ]]; +then + echo "Success - tfsec found no security issues!" + echo "$MYTFSEC" +else + echo "Failure - tfsec found security issues!" + echo "$MYTFSEC" + exit 1 +fi + +#********** Checkov Analysis ************* +echo "Running Checkov Analysis" +checkov --config-file ${PROJECT_PATH}/.config/.checkov.yml +if [ $? -eq 0 ] +then + echo "Success - Checkov found no issues!" +else + echo "Failure - Checkov found issues!" + exit 1 +fi + +#********** Markdown Lint ************** +echo 'Starting markdown lint' +MYMDL=$(mdl --config ${PROJECT_PATH}/.config/.mdlrc .header.md examples/*/.header.md) +if [ -z "$MYMDL" ] +then + echo "Success - markdown lint found no linting issues!" +else + echo "Failure - markdown lint found linting issues!" + echo "$MYMDL" + exit 1 +fi + +#********** Terraform Docs ************* +echo 'Starting terraform-docs' +TDOCS="$(terraform-docs --config ${PROJECT_PATH}/.config/.terraform-docs.yaml --lockfile=false ./)" +git add -N README.md +GDIFF="$(git diff --compact-summary)" +if [ -z "$GDIFF" ] +then + echo "Success - Terraform Docs creation verified!" +else + echo "Failure - Terraform Docs creation failed, ensure you have precommit installed and running before submitting the Pull Request. TIPS: false error may occur if you have unstaged files in your repo" + echo "$GDIFF" + exit 1 +fi + +#*************************************** +echo "End of Static Tests" \ No newline at end of file diff --git a/test/examples_basic_test.go b/test/examples_basic_test.go deleted file mode 100644 index ea44232..0000000 --- a/test/examples_basic_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func TestExamplesBasic(t *testing.T) { - - terraformOptions := &terraform.Options{ - TerraformDir: "../examples/basic", - // Vars: map[string]interface{}{ - // "myvar": "test", - // "mylistvar": []string{"list_item_1"}, - // }, - } - - defer terraform.Destroy(t, terraformOptions) - terraform.InitAndApply(t, terraformOptions) -} diff --git a/tests/01_mandatory.tftest.hcl b/tests/01_mandatory.tftest.hcl new file mode 100644 index 0000000..efbda7b --- /dev/null +++ b/tests/01_mandatory.tftest.hcl @@ -0,0 +1,18 @@ +## NOTE: This is the minimum mandatory test +# run at least one test using the ./examples directory as your module source +# create additional *.tftest.hcl for your own unit / integration tests +# use tests/*.auto.tfvars to add non-default variables + +run "mandatory_plan_basic" { + command = plan + module { + source = "./examples/basic" + } +} + +run "mandatory_apply_basic" { + command = apply + module { + source = "./examples/basic" + } +}