diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..ec6d731
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,20 @@
+name: Build
+
+on:
+ push:
+ pull_request:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - run: jq --version; aws --version; terraform --version
+ - run: git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+ - run: ~/.tfenv/bin/tfenv install
+ - uses: actions/checkout@v4
+ - run: tests/tests.sh
+ - uses: actions/upload-artifact@v2
+ if: always()
+ with:
+ name: logs
+ path: test-reports/**/*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b34992a..b50acc1 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -43,3 +43,8 @@ repos:
- --offset=2
- --sequence=4
- --width=300
+
+ - repo: https://github.com/gitleaks/gitleaks
+ rev: v8.18.1
+ hooks:
+ - id: gitleaks
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 9990507..f7de574 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,24 +2,24 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/external" {
- version = "2.3.1"
+ version = "2.3.2"
constraints = "~> 2.0"
hashes = [
- "h1:9rJggijNdRdFk//ViQPGZdK0xu9XU/9qBDijNsZJMg0=",
- "h1:bROCw6g5D/3fFnWeJ01L4IrdnJl1ILU8DGDgXCtYzaY=",
- "h1:gznGscVJ0USxy4CdihpjRKPsKvyGr/zqPvBoFLJTQDc=",
- "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54",
- "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee",
- "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd",
- "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2",
- "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9",
+ "h1:7F6FVQh7OcCgIH3YEJg1SJDSb1CU4qrCtGuI2EBHnL8=",
+ "h1:cy50n4q+Ir4GYppAfuYhQbBJVxMZbJUlIvM6FVK2axs=",
+ "h1:o3YpEB5BjeHiVi/1W0QDYhMUFmNsUZ7/3UombYD75e0=",
+ "zh:020bf652739ecd841d696e6c1b85ce7dd803e9177136df8fb03aa08b87365389",
+ "zh:0c7ea5a1cbf2e01a8627b8a84df69c93683f39fe947b288e958e72b9d12a827f",
+ "zh:25a68604c7d6aa736d6e99225051279eaac3a7cf4cab33b00ff7eae7096166f6",
+ "zh:34f46d82ca34604f6522de3b36eda19b7ad3be1e38947afc6ac31656eab58c8a",
+ "zh:6959f8f2f3de93e61e0abb90dbec41e28a66daec1607c46f43976bd6da50bcfd",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df",
- "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e",
- "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326",
- "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05",
- "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8",
- "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417",
+ "zh:a81e5d65a343da9caa6f1d17ae0aced9faecb36b4f8554bd445dbd4f8be21ab6",
+ "zh:b1d3f1557214d652c9120862ce27e9a7b61cb5aec5537a28240a5a37bf0b1413",
+ "zh:b71588d006471ae2d4a7eca2c51d69fd7c5dec9b088315599b794e2ad0cc5e90",
+ "zh:cfdaae4028b644dff3530c77b49d31f7e6f4c4e2a9e5c8ac6a88e383c80c9e9c",
+ "zh:dbde15154c2eb38a5f54d0e7646bc67510004179696f3cc2bc1d877cecacf83b",
+ "zh:fb681b363f83fb5f64dfa6afbf32d100d0facd2a766cf3493b8ddb0398e1b0f7",
]
}
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 505891c..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-install:
- - sudo apt-get -y install jq
- - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
- - unzip awscliv2.zip
- - sudo ./aws/install
- - git clone https://github.com/tfutils/tfenv.git ~/.tfenv
- - sudo ln -s ~/.tfenv/bin/* /usr/local/bin
- - tfenv install
-
-script:
- - terraform init
- - tests/tests.sh
diff --git a/README.md b/README.md
index 922f529..60415a1 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,40 @@ module "current_desired_capacity" {
}
```
+## 3. Adding your own profile.
+
+Extending the example above, you can supply your own profile by adding a `profile` to the module:
+
+```hcl-terraform
+module "current_desired_capacity" {
+ source = "digitickets/cli/aws"
+ assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole"
+ role_session_name = "GettingDesiredCapacityFor${var.environment}"
+ aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
+ aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
+ profile = "your-own-profile"
+}
+```
+
+## 4. Adding your external ID.
+
+Extending the example above, you can supply your own external ID by adding an `external_id` to the module:
+
+```hcl-terraform
+module "current_desired_capacity" {
+ source = "digitickets/cli/aws"
+ assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole"
+ role_session_name = "GettingDesiredCapacityFor${var.environment}"
+ aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
+ aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
+ profile = "your-own-profile"
+ external_id = "your-external-id"
+}
+```
+
+Further information regarding the use of external IDs can be found [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
+
+
## Requirements
@@ -65,7 +99,7 @@ module "current_desired_capacity" {
| Name | Version |
|------|---------|
-| [external](#provider\_external) | 2.3.1 |
+| [external](#provider\_external) | 2.3.2 |
| [local](#provider\_local) | 2.4.0 |
## Modules
@@ -84,10 +118,12 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [assume\_role\_arn](#input\_assume\_role\_arn) | The ARN of the role being assumed (optional) | `string` | `""` | no |
-| [external\_id](#input\_external\_id) | The external ID for assuming the role (optional) | `string` | `""` | no |
| [aws\_cli\_commands](#input\_aws\_cli\_commands) | The AWS CLI command and subcommands | `list(string)` | n/a | yes |
| [aws\_cli\_query](#input\_aws\_cli\_query) | The --query value | `string` | `""` | no |
| [debug\_log\_filename](#input\_debug\_log\_filename) | Generate a debug log if a `debug_log_filename` is supplied | `string` | `""` | no |
+| [external\_id](#input\_external\_id) | External id for assuming the role (optional) | `string` | `""` | no |
+| [profile](#input\_profile) | The specific AWS profile to use (must be configured appropriately) | `string` | `""` | no |
+| [region](#input\_region) | The specific AWS region to use | `string` | `""` | no |
| [role\_session\_name](#input\_role\_session\_name) | The role session name | `string` | `""` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 0118cce..2e60a0a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,34 +1,35 @@
locals {
joined_aws_cli_command = join(" ", var.aws_cli_commands)
+ external_program_query = {
+ assume_role_arn = var.assume_role_arn
+ role_session_name = var.role_session_name
+ aws_cli_commands = local.joined_aws_cli_command
+ aws_cli_query = var.aws_cli_query
+ debug_log_filename = var.debug_log_filename
+ external_id = var.external_id
+ profile = var.profile
+ region = var.region
+ }
output_file = format(
"%s/temp/results-%s.json",
path.module,
md5(
join(
"-",
- [
- var.assume_role_arn,
- var.role_session_name,
- local.joined_aws_cli_command,
- var.aws_cli_query,
- var.debug_log_filename
- ]
+ values(local.external_program_query)
)
)
)
}
data "external" "awscli_program" {
- program = [format("%s/scripts/awsWithAssumeRole.sh", path.module)]
- query = {
- assume_role_arn = var.assume_role_arn
- role_session_name = var.role_session_name
- aws_cli_commands = local.joined_aws_cli_command
- aws_cli_query = var.aws_cli_query
- output_file = local.output_file
- debug_log_filename = var.debug_log_filename
- external_id = var.external_id
- }
+ program = [format("%s/scripts/aws_cli_runner.sh", path.module)]
+ query = merge(
+ local.external_program_query,
+ {
+ output_file = local.output_file
+ }
+ )
}
data "local_file" "awscli_results_file" {
diff --git a/scripts/awsWithAssumeRole.sh b/scripts/aws_cli_runner.sh
similarity index 67%
rename from scripts/awsWithAssumeRole.sh
rename to scripts/aws_cli_runner.sh
index 5cbad2f..8861152 100755
--- a/scripts/awsWithAssumeRole.sh
+++ b/scripts/aws_cli_runner.sh
@@ -21,14 +21,28 @@ ASSUME_ROLE_ARN=$(echo "${TERRAFORM_QUERY}" | jq -r '.assume_role_arn')
ROLE_SESSION_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.role_session_name')
DEBUG_LOG_FILENAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.debug_log_filename')
EXTERNAL_ID=$(echo "${TERRAFORM_QUERY}" | jq -r '.external_id')
+PROFILE_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.profile')
+REGION_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.region')
+
+# Do we have a profile?
+if [ -n "${PROFILE_NAME}" ]; then
+ AWS_CLI_PROFILE_PARAM="--profile '${PROFILE_NAME}'"
+fi
+
+# Do we have a region?
+if [ -n "${REGION_NAME}" ]; then
+ AWS_CLI_REGION_PARAM="--region '${REGION_NAME}'"
+fi
# Do we need to assume a role?
if [ -n "${ASSUME_ROLE_ARN}" ]; then
- if [-n "${EXTERNAL_ID}"]; then
- TEMP_ROLE=$(aws sts assume-role --output json --role-arn "${ASSUME_ROLE_ARN}" --external-id "${EXTERNAL_ID}" --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}")
- else
- TEMP_ROLE=$(aws sts assume-role --output json --role-arn "${ASSUME_ROLE_ARN}" --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}")
+
+ # Do we have an external ID?
+ if [ -n "${EXTERNAL_ID}" ]; then
+ AWS_CLI_EXTERNAL_ID_PARAM="--external-id '${EXTERNAL_ID}'"
fi
+
+ TEMP_ROLE=$(aws sts assume-role ${AWS_CLI_PROFILE_PARAM:-} ${AWS_CLI_REGION_PARAM:-} --output json --role-arn "${ASSUME_ROLE_ARN}" ${AWS_CLI_EXTERNAL_ID_PARAM:-} --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}")
export AWS_ACCESS_KEY_ID=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SessionToken')
@@ -40,7 +54,6 @@ if [ -n "${AWS_CLI_QUERY}" ]; then
fi
# Do we want to be debug?
-export AWS_DEBUG_OPTION=""
if [ -n "${DEBUG_LOG_FILENAME}" ]; then
AWS_DEBUG_OPTION="--debug 2>${DEBUG_LOG_FILENAME}"
mkdir -p "$(dirname ${DEBUG_LOG_FILENAME})"
@@ -59,7 +72,7 @@ export AWS_PAGER=""
export AWS_RETRY_MODE=adaptive
# Run the AWS_CLI command, exiting with a non zero exit code if required.
-if ! eval "aws ${AWS_CLI_COMMANDS} ${AWS_CLI_QUERY_PARAM:-} --output json ${AWS_DEBUG_OPTION}" >"${OUTPUT_FILE}" ; then
+if ! eval "aws ${AWS_CLI_COMMANDS} ${AWS_CLI_PROFILE_PARAM:-} ${AWS_CLI_REGION_PARAM:-} ${AWS_CLI_QUERY_PARAM:-} --output json ${AWS_DEBUG_OPTION:-}" >"${OUTPUT_FILE}" ; then
echo "Error: aws failed."
exit 1
fi
diff --git a/tests/bad_arn/test.sh b/tests/bad_arn/test.sh
index a71977f..1bdd347 100755
--- a/tests/bad_arn/test.sh
+++ b/tests/bad_arn/test.sh
@@ -1,19 +1,9 @@
#!/usr/bin/env bash
function run_test() {
-if [[ -f $PLAN_FILE ]]; then
- echo "Incorrectly generated a plan - $PLAN_FILE";
- exit 1;
-fi
-
-if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then
- echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE";
- exit 2;
-fi
-
if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The optional ARN must match the format documented in'* ]]; then
echo 'Failed to detect invalid ARN.';
- exit 3;
+ exit 1;
fi
}
diff --git a/tests/invalid_profile_with_debug/expected_variables.json b/tests/invalid_profile_with_debug/expected_variables.json
new file mode 100644
index 0000000..56c013b
--- /dev/null
+++ b/tests/invalid_profile_with_debug/expected_variables.json
@@ -0,0 +1,32 @@
+{
+ "assume_role_arn": {
+ "value": ""
+ },
+ "aws_cli_commands": {
+ "value": [
+ "s3api",
+ "list-objects",
+ "--bucket",
+ "ryft-public-sample-data",
+ "--no-sign-request"
+ ]
+ },
+ "aws_cli_query": {
+ "value": "max_by(Contents, &Size)"
+ },
+ "debug_log_filename": {
+ "value": "test-reports/invalid_profile_with_debug/debug.log"
+ },
+ "external_id": {
+ "value": ""
+ },
+ "profile": {
+ "value": "this_profile_does_not_exist"
+ },
+ "region": {
+ "value": ""
+ },
+ "role_session_name": {
+ "value": "invalid_profile_with_debug"
+ }
+}
diff --git a/tests/invalid_profile_with_debug/terraform.tfvars b/tests/invalid_profile_with_debug/terraform.tfvars
new file mode 100644
index 0000000..dd5e6a8
--- /dev/null
+++ b/tests/invalid_profile_with_debug/terraform.tfvars
@@ -0,0 +1,6 @@
+// ryft-public-sample-data is a publicly accessible S3 bucket.
+aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"]
+aws_cli_query = "max_by(Contents, &Size)"
+role_session_name = "invalid_profile_with_debug"
+profile = "this_profile_does_not_exist"
+debug_log_filename = "test-reports/invalid_profile_with_debug/debug.log"
diff --git a/tests/invalid_profile_with_debug/test.sh b/tests/invalid_profile_with_debug/test.sh
new file mode 100755
index 0000000..2bd3002
--- /dev/null
+++ b/tests/invalid_profile_with_debug/test.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+function run_test() {
+if [[ ! -f $PLAN_FILE ]]; then
+ echo "Failed to generate a plan - $PLAN_FILE";
+ exit 1;
+fi
+
+if [[ ! "$(terraform show -json $PLAN_FILE | jq -MSr .variables)" == "$(cat $EXPECTED_VARIABLES)" ]]; then
+ echo 'Failed to incorporate expected variable values into plan.';
+ exit 2;
+fi
+
+if [[ ! "$(cat $DEBUG_LOG_FILE)" == *'The config profile (this_profile_does_not_exist) could not be found'* ]]; then
+ echo 'Failed to generate error from bad profile name.';
+ exit 3;
+fi
+}
+
+. tests/common.sh $0
diff --git a/tests/invalid_profile_without_debug/expected_variables.json b/tests/invalid_profile_without_debug/expected_variables.json
new file mode 100644
index 0000000..8aa9202
--- /dev/null
+++ b/tests/invalid_profile_without_debug/expected_variables.json
@@ -0,0 +1,32 @@
+{
+ "assume_role_arn": {
+ "value": ""
+ },
+ "aws_cli_commands": {
+ "value": [
+ "s3api",
+ "list-objects",
+ "--bucket",
+ "ryft-public-sample-data",
+ "--no-sign-request"
+ ]
+ },
+ "aws_cli_query": {
+ "value": "max_by(Contents, &Size)"
+ },
+ "debug_log_filename": {
+ "value": ""
+ },
+ "external_id": {
+ "value": ""
+ },
+ "profile": {
+ "value": "this_profile_does_not_exist"
+ },
+ "region": {
+ "value": ""
+ },
+ "role_session_name": {
+ "value": "invalid_profile_without_debug"
+ }
+}
diff --git a/tests/invalid_profile_without_debug/terraform.tfvars b/tests/invalid_profile_without_debug/terraform.tfvars
new file mode 100644
index 0000000..596cb51
--- /dev/null
+++ b/tests/invalid_profile_without_debug/terraform.tfvars
@@ -0,0 +1,5 @@
+// ryft-public-sample-data is a publicly accessible S3 bucket.
+aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"]
+aws_cli_query = "max_by(Contents, &Size)"
+role_session_name = "invalid_profile_without_debug"
+profile = "this_profile_does_not_exist"
diff --git a/tests/invalid_profile_without_debug/test.sh b/tests/invalid_profile_without_debug/test.sh
new file mode 100755
index 0000000..7641e42
--- /dev/null
+++ b/tests/invalid_profile_without_debug/test.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+function run_test() {
+if [[ ! -f $PLAN_FILE ]]; then
+ echo "Failed to generate a plan - $PLAN_FILE";
+ exit 1;
+fi
+
+if [[ ! "$(terraform show -json $PLAN_FILE | jq -MSr .variables)" == "$(cat $EXPECTED_VARIABLES)" ]]; then
+ echo 'Failed to incorporate expected variable values into plan.';
+ exit 2;
+fi
+
+if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The config profile (this_profile_does_not_exist) could not be found'* ]]; then
+ echo 'Failed to generate error from bad profile name during planning.';
+ exit 3;
+fi
+}
+
+. tests/common.sh $0
diff --git a/tests/role_session_name_invalid_characters/test.sh b/tests/role_session_name_invalid_characters/test.sh
index e7a93c5..4e0dc69 100755
--- a/tests/role_session_name_invalid_characters/test.sh
+++ b/tests/role_session_name_invalid_characters/test.sh
@@ -1,19 +1,9 @@
#!/usr/bin/env bash
function run_test() {
-if [[ -f $PLAN_FILE ]]; then
- echo "Incorrectly generated a plan - $PLAN_FILE";
- exit 1;
-fi
-
-if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then
- echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE";
- exit 2;
-fi
-
if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The role session name match the regular expression'* ]]; then
echo 'Failed to detect invalid characters in role_session_name.';
- exit 3;
+ exit 1;
fi
}
diff --git a/tests/role_session_name_optional/expected_variables.json b/tests/role_session_name_optional/expected_variables.json
index aff5d95..cb2002a 100644
--- a/tests/role_session_name_optional/expected_variables.json
+++ b/tests/role_session_name_optional/expected_variables.json
@@ -17,6 +17,15 @@
"debug_log_filename": {
"value": ""
},
+ "external_id": {
+ "value": ""
+ },
+ "profile": {
+ "value": ""
+ },
+ "region": {
+ "value": "eu-west-1"
+ },
"role_session_name": {
"value": ""
}
diff --git a/tests/role_session_name_optional/terraform.tfvars b/tests/role_session_name_optional/terraform.tfvars
index c50a0a0..f3ef2de 100644
--- a/tests/role_session_name_optional/terraform.tfvars
+++ b/tests/role_session_name_optional/terraform.tfvars
@@ -1,3 +1,4 @@
// ryft-public-sample-data is a publicly accessible S3 bucket.
aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"]
aws_cli_query = "max_by(Contents, &Size)"
+region = "eu-west-1"
diff --git a/tests/role_session_name_too_long/terraform.tfvars b/tests/role_session_name_too_long/terraform.tfvars
index 3e0e2b3..3c1304a 100644
--- a/tests/role_session_name_too_long/terraform.tfvars
+++ b/tests/role_session_name_too_long/terraform.tfvars
@@ -2,3 +2,4 @@
role_session_name = "12345678901234567890123456789012345678901234567890123456789012345"
aws_cli_commands = ["version"]
debug_log_filename = "test-reports/role_session_name_too_long/debug.log"
+region = "eu-west-1"
diff --git a/tests/role_session_name_too_long/test.sh b/tests/role_session_name_too_long/test.sh
index f755c29..8603f4b 100755
--- a/tests/role_session_name_too_long/test.sh
+++ b/tests/role_session_name_too_long/test.sh
@@ -1,19 +1,9 @@
#!/usr/bin/env bash
function run_test() {
-if [[ -f $PLAN_FILE ]]; then
- echo "Incorrectly generated a plan - $PLAN_FILE";
- exit 1;
-fi
-
-if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then
- echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE";
- exit 2;
-fi
-
if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The role session name must be less than or equal to 64 characters'* ]]; then
echo 'Failed to detect too long role_session_name.';
- exit 3;
+ exit 1;
fi
}
diff --git a/tests/test_with_debug/expected_variables.json b/tests/test_with_debug/expected_variables.json
index 62a36aa..cc41370 100644
--- a/tests/test_with_debug/expected_variables.json
+++ b/tests/test_with_debug/expected_variables.json
@@ -17,6 +17,15 @@
"debug_log_filename": {
"value": "test-reports/test_with_debug/debug.log"
},
+ "external_id": {
+ "value": ""
+ },
+ "profile": {
+ "value": ""
+ },
+ "region": {
+ "value": "eu-west-1"
+ },
"role_session_name": {
"value": "test_with_debug"
}
diff --git a/tests/test_with_debug/terraform.tfvars b/tests/test_with_debug/terraform.tfvars
index 6292ed1..27fd3c9 100644
--- a/tests/test_with_debug/terraform.tfvars
+++ b/tests/test_with_debug/terraform.tfvars
@@ -3,3 +3,4 @@ aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-d
aws_cli_query = "max_by(Contents, &Size)"
debug_log_filename = "test-reports/test_with_debug/debug.log"
role_session_name = "test_with_debug"
+region = "eu-west-1"
diff --git a/tests/test_without_debug/expected_variables.json b/tests/test_without_debug/expected_variables.json
index 984aa62..29f3475 100644
--- a/tests/test_without_debug/expected_variables.json
+++ b/tests/test_without_debug/expected_variables.json
@@ -17,6 +17,15 @@
"debug_log_filename": {
"value": ""
},
+ "external_id": {
+ "value": ""
+ },
+ "profile": {
+ "value": ""
+ },
+ "region": {
+ "value": "eu-west-1"
+ },
"role_session_name": {
"value": "test_without_debug"
}
diff --git a/tests/test_without_debug/terraform.tfvars b/tests/test_without_debug/terraform.tfvars
index f7f2c31..d23b9dc 100644
--- a/tests/test_without_debug/terraform.tfvars
+++ b/tests/test_without_debug/terraform.tfvars
@@ -2,3 +2,4 @@
aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"]
aws_cli_query = "max_by(Contents, &Size)"
role_session_name = "test_without_debug"
+region = "eu-west-1"
diff --git a/tests/tests.sh b/tests/tests.sh
index a315cd0..52eaca6 100755
--- a/tests/tests.sh
+++ b/tests/tests.sh
@@ -1,4 +1,5 @@
-#!/usr/bin/env bash -e
+#!/usr/bin/env bash
+set -e
rm -rf temp
rm -rf test-reports
find . -type f -name test.sh | sort | xargs -L 1 bash
diff --git a/variables.tf b/variables.tf
index 3e2b940..06dd297 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,6 +9,18 @@ variable "assume_role_arn" {
}
}
+variable "profile" {
+ description = "The specific AWS profile to use (must be configured appropriately)"
+ type = string
+ default = ""
+}
+
+variable "region" {
+ description = "The specific AWS region to use"
+ type = string
+ default = ""
+}
+
variable "external_id" {
description = "External id for assuming the role (optional)"
type = string
@@ -47,4 +59,3 @@ variable "debug_log_filename" {
type = string
default = ""
}
-