From 812845f7b1ffccf07d7692dceb1faccda9a3f123 Mon Sep 17 00:00:00 2001 From: Richard Quadling Date: Fri, 24 Nov 2023 21:13:25 +0000 Subject: [PATCH] Upgrades of various sorts 1. Added pre-commit gitleaks 2. Lock versions for testing 3. Added var.profile and var.region to allow greater control at runtime 4. Renamed script to aws_cli_runner.sh 5. Refactored variable processing and usage within output filename and passing to aws_cli_runner.sh 6. Updated all tests for latest version of Terraform (not idea I guess, but the main users are upgraded) 7. Replaced Travis CI with GitHub Actions --- .github/workflows/build.yml | 20 ++++++++++ .pre-commit-config.yaml | 5 +++ .terraform.lock.hcl | 30 +++++++------- .travis.yml | 12 ------ README.md | 40 ++++++++++++++++++- main.tf | 35 ++++++++-------- ...awsWithAssumeRole.sh => aws_cli_runner.sh} | 25 +++++++++--- tests/bad_arn/test.sh | 12 +----- .../expected_variables.json | 32 +++++++++++++++ .../terraform.tfvars | 6 +++ tests/invalid_profile_with_debug/test.sh | 20 ++++++++++ .../expected_variables.json | 32 +++++++++++++++ .../terraform.tfvars | 5 +++ tests/invalid_profile_without_debug/test.sh | 20 ++++++++++ .../test.sh | 12 +----- .../expected_variables.json | 9 +++++ .../terraform.tfvars | 1 + .../terraform.tfvars | 1 + tests/role_session_name_too_long/test.sh | 12 +----- tests/test_with_debug/expected_variables.json | 9 +++++ tests/test_with_debug/terraform.tfvars | 1 + .../expected_variables.json | 9 +++++ tests/test_without_debug/terraform.tfvars | 1 + tests/tests.sh | 3 +- variables.tf | 13 +++++- 25 files changed, 278 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/build.yml delete mode 100644 .travis.yml rename scripts/{awsWithAssumeRole.sh => aws_cli_runner.sh} (67%) create mode 100644 tests/invalid_profile_with_debug/expected_variables.json create mode 100644 tests/invalid_profile_with_debug/terraform.tfvars create mode 100755 tests/invalid_profile_with_debug/test.sh create mode 100644 tests/invalid_profile_without_debug/expected_variables.json create mode 100644 tests/invalid_profile_without_debug/terraform.tfvars create mode 100755 tests/invalid_profile_without_debug/test.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..ec6d731 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,20 @@ +name: Build + +on: + push: + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - run: jq --version; aws --version; terraform --version + - run: git clone https://github.com/tfutils/tfenv.git ~/.tfenv + - run: ~/.tfenv/bin/tfenv install + - uses: actions/checkout@v4 + - run: tests/tests.sh + - uses: actions/upload-artifact@v2 + if: always() + with: + name: logs + path: test-reports/**/* diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b34992a..b50acc1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,3 +43,8 @@ repos: - --offset=2 - --sequence=4 - --width=300 + + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.1 + hooks: + - id: gitleaks diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 9990507..f7de574 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,24 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/external" { - version = "2.3.1" + version = "2.3.2" constraints = "~> 2.0" hashes = [ - "h1:9rJggijNdRdFk//ViQPGZdK0xu9XU/9qBDijNsZJMg0=", - "h1:bROCw6g5D/3fFnWeJ01L4IrdnJl1ILU8DGDgXCtYzaY=", - "h1:gznGscVJ0USxy4CdihpjRKPsKvyGr/zqPvBoFLJTQDc=", - "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54", - "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee", - "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd", - "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2", - "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9", + "h1:7F6FVQh7OcCgIH3YEJg1SJDSb1CU4qrCtGuI2EBHnL8=", + "h1:cy50n4q+Ir4GYppAfuYhQbBJVxMZbJUlIvM6FVK2axs=", + "h1:o3YpEB5BjeHiVi/1W0QDYhMUFmNsUZ7/3UombYD75e0=", + "zh:020bf652739ecd841d696e6c1b85ce7dd803e9177136df8fb03aa08b87365389", + "zh:0c7ea5a1cbf2e01a8627b8a84df69c93683f39fe947b288e958e72b9d12a827f", + "zh:25a68604c7d6aa736d6e99225051279eaac3a7cf4cab33b00ff7eae7096166f6", + "zh:34f46d82ca34604f6522de3b36eda19b7ad3be1e38947afc6ac31656eab58c8a", + "zh:6959f8f2f3de93e61e0abb90dbec41e28a66daec1607c46f43976bd6da50bcfd", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df", - "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e", - "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326", - "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05", - "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8", - "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417", + "zh:a81e5d65a343da9caa6f1d17ae0aced9faecb36b4f8554bd445dbd4f8be21ab6", + "zh:b1d3f1557214d652c9120862ce27e9a7b61cb5aec5537a28240a5a37bf0b1413", + "zh:b71588d006471ae2d4a7eca2c51d69fd7c5dec9b088315599b794e2ad0cc5e90", + "zh:cfdaae4028b644dff3530c77b49d31f7e6f4c4e2a9e5c8ac6a88e383c80c9e9c", + "zh:dbde15154c2eb38a5f54d0e7646bc67510004179696f3cc2bc1d877cecacf83b", + "zh:fb681b363f83fb5f64dfa6afbf32d100d0facd2a766cf3493b8ddb0398e1b0f7", ] } diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 505891c..0000000 --- a/.travis.yml +++ /dev/null @@ -1,12 +0,0 @@ -install: - - sudo apt-get -y install jq - - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - - unzip awscliv2.zip - - sudo ./aws/install - - git clone https://github.com/tfutils/tfenv.git ~/.tfenv - - sudo ln -s ~/.tfenv/bin/* /usr/local/bin - - tfenv install - -script: - - terraform init - - tests/tests.sh diff --git a/README.md b/README.md index 922f529..60415a1 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,40 @@ module "current_desired_capacity" { } ``` +## 3. Adding your own profile. + +Extending the example above, you can supply your own profile by adding a `profile` to the module: + +```hcl-terraform +module "current_desired_capacity" { + source = "digitickets/cli/aws" + assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole" + role_session_name = "GettingDesiredCapacityFor${var.environment}" + aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"] + aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity" + profile = "your-own-profile" +} +``` + +## 4. Adding your external ID. + +Extending the example above, you can supply your own external ID by adding an `external_id` to the module: + +```hcl-terraform +module "current_desired_capacity" { + source = "digitickets/cli/aws" + assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole" + role_session_name = "GettingDesiredCapacityFor${var.environment}" + aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"] + aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity" + profile = "your-own-profile" + external_id = "your-external-id" +} +``` + +Further information regarding the use of external IDs can be found [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). + + ## Requirements @@ -65,7 +99,7 @@ module "current_desired_capacity" { | Name | Version | |------|---------| -| [external](#provider\_external) | 2.3.1 | +| [external](#provider\_external) | 2.3.2 | | [local](#provider\_local) | 2.4.0 | ## Modules @@ -84,10 +118,12 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [assume\_role\_arn](#input\_assume\_role\_arn) | The ARN of the role being assumed (optional) | `string` | `""` | no | -| [external\_id](#input\_external\_id) | The external ID for assuming the role (optional) | `string` | `""` | no | | [aws\_cli\_commands](#input\_aws\_cli\_commands) | The AWS CLI command and subcommands | `list(string)` | n/a | yes | | [aws\_cli\_query](#input\_aws\_cli\_query) | The --query value | `string` | `""` | no | | [debug\_log\_filename](#input\_debug\_log\_filename) | Generate a debug log if a `debug_log_filename` is supplied | `string` | `""` | no | +| [external\_id](#input\_external\_id) | External id for assuming the role (optional) | `string` | `""` | no | +| [profile](#input\_profile) | The specific AWS profile to use (must be configured appropriately) | `string` | `""` | no | +| [region](#input\_region) | The specific AWS region to use | `string` | `""` | no | | [role\_session\_name](#input\_role\_session\_name) | The role session name | `string` | `""` | no | ## Outputs diff --git a/main.tf b/main.tf index 0118cce..2e60a0a 100644 --- a/main.tf +++ b/main.tf @@ -1,34 +1,35 @@ locals { joined_aws_cli_command = join(" ", var.aws_cli_commands) + external_program_query = { + assume_role_arn = var.assume_role_arn + role_session_name = var.role_session_name + aws_cli_commands = local.joined_aws_cli_command + aws_cli_query = var.aws_cli_query + debug_log_filename = var.debug_log_filename + external_id = var.external_id + profile = var.profile + region = var.region + } output_file = format( "%s/temp/results-%s.json", path.module, md5( join( "-", - [ - var.assume_role_arn, - var.role_session_name, - local.joined_aws_cli_command, - var.aws_cli_query, - var.debug_log_filename - ] + values(local.external_program_query) ) ) ) } data "external" "awscli_program" { - program = [format("%s/scripts/awsWithAssumeRole.sh", path.module)] - query = { - assume_role_arn = var.assume_role_arn - role_session_name = var.role_session_name - aws_cli_commands = local.joined_aws_cli_command - aws_cli_query = var.aws_cli_query - output_file = local.output_file - debug_log_filename = var.debug_log_filename - external_id = var.external_id - } + program = [format("%s/scripts/aws_cli_runner.sh", path.module)] + query = merge( + local.external_program_query, + { + output_file = local.output_file + } + ) } data "local_file" "awscli_results_file" { diff --git a/scripts/awsWithAssumeRole.sh b/scripts/aws_cli_runner.sh similarity index 67% rename from scripts/awsWithAssumeRole.sh rename to scripts/aws_cli_runner.sh index 5cbad2f..8861152 100755 --- a/scripts/awsWithAssumeRole.sh +++ b/scripts/aws_cli_runner.sh @@ -21,14 +21,28 @@ ASSUME_ROLE_ARN=$(echo "${TERRAFORM_QUERY}" | jq -r '.assume_role_arn') ROLE_SESSION_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.role_session_name') DEBUG_LOG_FILENAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.debug_log_filename') EXTERNAL_ID=$(echo "${TERRAFORM_QUERY}" | jq -r '.external_id') +PROFILE_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.profile') +REGION_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.region') + +# Do we have a profile? +if [ -n "${PROFILE_NAME}" ]; then + AWS_CLI_PROFILE_PARAM="--profile '${PROFILE_NAME}'" +fi + +# Do we have a region? +if [ -n "${REGION_NAME}" ]; then + AWS_CLI_REGION_PARAM="--region '${REGION_NAME}'" +fi # Do we need to assume a role? if [ -n "${ASSUME_ROLE_ARN}" ]; then - if [-n "${EXTERNAL_ID}"]; then - TEMP_ROLE=$(aws sts assume-role --output json --role-arn "${ASSUME_ROLE_ARN}" --external-id "${EXTERNAL_ID}" --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}") - else - TEMP_ROLE=$(aws sts assume-role --output json --role-arn "${ASSUME_ROLE_ARN}" --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}") + + # Do we have an external ID? + if [ -n "${EXTERNAL_ID}" ]; then + AWS_CLI_EXTERNAL_ID_PARAM="--external-id '${EXTERNAL_ID}'" fi + + TEMP_ROLE=$(aws sts assume-role ${AWS_CLI_PROFILE_PARAM:-} ${AWS_CLI_REGION_PARAM:-} --output json --role-arn "${ASSUME_ROLE_ARN}" ${AWS_CLI_EXTERNAL_ID_PARAM:-} --role-session-name "${ROLE_SESSION_NAME:-AssumingRole}") export AWS_ACCESS_KEY_ID=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.AccessKeyId') export AWS_SECRET_ACCESS_KEY=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SecretAccessKey') export AWS_SESSION_TOKEN=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SessionToken') @@ -40,7 +54,6 @@ if [ -n "${AWS_CLI_QUERY}" ]; then fi # Do we want to be debug? -export AWS_DEBUG_OPTION="" if [ -n "${DEBUG_LOG_FILENAME}" ]; then AWS_DEBUG_OPTION="--debug 2>${DEBUG_LOG_FILENAME}" mkdir -p "$(dirname ${DEBUG_LOG_FILENAME})" @@ -59,7 +72,7 @@ export AWS_PAGER="" export AWS_RETRY_MODE=adaptive # Run the AWS_CLI command, exiting with a non zero exit code if required. -if ! eval "aws ${AWS_CLI_COMMANDS} ${AWS_CLI_QUERY_PARAM:-} --output json ${AWS_DEBUG_OPTION}" >"${OUTPUT_FILE}" ; then +if ! eval "aws ${AWS_CLI_COMMANDS} ${AWS_CLI_PROFILE_PARAM:-} ${AWS_CLI_REGION_PARAM:-} ${AWS_CLI_QUERY_PARAM:-} --output json ${AWS_DEBUG_OPTION:-}" >"${OUTPUT_FILE}" ; then echo "Error: aws failed." exit 1 fi diff --git a/tests/bad_arn/test.sh b/tests/bad_arn/test.sh index a71977f..1bdd347 100755 --- a/tests/bad_arn/test.sh +++ b/tests/bad_arn/test.sh @@ -1,19 +1,9 @@ #!/usr/bin/env bash function run_test() { -if [[ -f $PLAN_FILE ]]; then - echo "Incorrectly generated a plan - $PLAN_FILE"; - exit 1; -fi - -if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then - echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE"; - exit 2; -fi - if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The optional ARN must match the format documented in'* ]]; then echo 'Failed to detect invalid ARN.'; - exit 3; + exit 1; fi } diff --git a/tests/invalid_profile_with_debug/expected_variables.json b/tests/invalid_profile_with_debug/expected_variables.json new file mode 100644 index 0000000..56c013b --- /dev/null +++ b/tests/invalid_profile_with_debug/expected_variables.json @@ -0,0 +1,32 @@ +{ + "assume_role_arn": { + "value": "" + }, + "aws_cli_commands": { + "value": [ + "s3api", + "list-objects", + "--bucket", + "ryft-public-sample-data", + "--no-sign-request" + ] + }, + "aws_cli_query": { + "value": "max_by(Contents, &Size)" + }, + "debug_log_filename": { + "value": "test-reports/invalid_profile_with_debug/debug.log" + }, + "external_id": { + "value": "" + }, + "profile": { + "value": "this_profile_does_not_exist" + }, + "region": { + "value": "" + }, + "role_session_name": { + "value": "invalid_profile_with_debug" + } +} diff --git a/tests/invalid_profile_with_debug/terraform.tfvars b/tests/invalid_profile_with_debug/terraform.tfvars new file mode 100644 index 0000000..dd5e6a8 --- /dev/null +++ b/tests/invalid_profile_with_debug/terraform.tfvars @@ -0,0 +1,6 @@ +// ryft-public-sample-data is a publicly accessible S3 bucket. +aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"] +aws_cli_query = "max_by(Contents, &Size)" +role_session_name = "invalid_profile_with_debug" +profile = "this_profile_does_not_exist" +debug_log_filename = "test-reports/invalid_profile_with_debug/debug.log" diff --git a/tests/invalid_profile_with_debug/test.sh b/tests/invalid_profile_with_debug/test.sh new file mode 100755 index 0000000..2bd3002 --- /dev/null +++ b/tests/invalid_profile_with_debug/test.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +function run_test() { +if [[ ! -f $PLAN_FILE ]]; then + echo "Failed to generate a plan - $PLAN_FILE"; + exit 1; +fi + +if [[ ! "$(terraform show -json $PLAN_FILE | jq -MSr .variables)" == "$(cat $EXPECTED_VARIABLES)" ]]; then + echo 'Failed to incorporate expected variable values into plan.'; + exit 2; +fi + +if [[ ! "$(cat $DEBUG_LOG_FILE)" == *'The config profile (this_profile_does_not_exist) could not be found'* ]]; then + echo 'Failed to generate error from bad profile name.'; + exit 3; +fi +} + +. tests/common.sh $0 diff --git a/tests/invalid_profile_without_debug/expected_variables.json b/tests/invalid_profile_without_debug/expected_variables.json new file mode 100644 index 0000000..8aa9202 --- /dev/null +++ b/tests/invalid_profile_without_debug/expected_variables.json @@ -0,0 +1,32 @@ +{ + "assume_role_arn": { + "value": "" + }, + "aws_cli_commands": { + "value": [ + "s3api", + "list-objects", + "--bucket", + "ryft-public-sample-data", + "--no-sign-request" + ] + }, + "aws_cli_query": { + "value": "max_by(Contents, &Size)" + }, + "debug_log_filename": { + "value": "" + }, + "external_id": { + "value": "" + }, + "profile": { + "value": "this_profile_does_not_exist" + }, + "region": { + "value": "" + }, + "role_session_name": { + "value": "invalid_profile_without_debug" + } +} diff --git a/tests/invalid_profile_without_debug/terraform.tfvars b/tests/invalid_profile_without_debug/terraform.tfvars new file mode 100644 index 0000000..596cb51 --- /dev/null +++ b/tests/invalid_profile_without_debug/terraform.tfvars @@ -0,0 +1,5 @@ +// ryft-public-sample-data is a publicly accessible S3 bucket. +aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"] +aws_cli_query = "max_by(Contents, &Size)" +role_session_name = "invalid_profile_without_debug" +profile = "this_profile_does_not_exist" diff --git a/tests/invalid_profile_without_debug/test.sh b/tests/invalid_profile_without_debug/test.sh new file mode 100755 index 0000000..7641e42 --- /dev/null +++ b/tests/invalid_profile_without_debug/test.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +function run_test() { +if [[ ! -f $PLAN_FILE ]]; then + echo "Failed to generate a plan - $PLAN_FILE"; + exit 1; +fi + +if [[ ! "$(terraform show -json $PLAN_FILE | jq -MSr .variables)" == "$(cat $EXPECTED_VARIABLES)" ]]; then + echo 'Failed to incorporate expected variable values into plan.'; + exit 2; +fi + +if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The config profile (this_profile_does_not_exist) could not be found'* ]]; then + echo 'Failed to generate error from bad profile name during planning.'; + exit 3; +fi +} + +. tests/common.sh $0 diff --git a/tests/role_session_name_invalid_characters/test.sh b/tests/role_session_name_invalid_characters/test.sh index e7a93c5..4e0dc69 100755 --- a/tests/role_session_name_invalid_characters/test.sh +++ b/tests/role_session_name_invalid_characters/test.sh @@ -1,19 +1,9 @@ #!/usr/bin/env bash function run_test() { -if [[ -f $PLAN_FILE ]]; then - echo "Incorrectly generated a plan - $PLAN_FILE"; - exit 1; -fi - -if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then - echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE"; - exit 2; -fi - if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The role session name match the regular expression'* ]]; then echo 'Failed to detect invalid characters in role_session_name.'; - exit 3; + exit 1; fi } diff --git a/tests/role_session_name_optional/expected_variables.json b/tests/role_session_name_optional/expected_variables.json index aff5d95..cb2002a 100644 --- a/tests/role_session_name_optional/expected_variables.json +++ b/tests/role_session_name_optional/expected_variables.json @@ -17,6 +17,15 @@ "debug_log_filename": { "value": "" }, + "external_id": { + "value": "" + }, + "profile": { + "value": "" + }, + "region": { + "value": "eu-west-1" + }, "role_session_name": { "value": "" } diff --git a/tests/role_session_name_optional/terraform.tfvars b/tests/role_session_name_optional/terraform.tfvars index c50a0a0..f3ef2de 100644 --- a/tests/role_session_name_optional/terraform.tfvars +++ b/tests/role_session_name_optional/terraform.tfvars @@ -1,3 +1,4 @@ // ryft-public-sample-data is a publicly accessible S3 bucket. aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"] aws_cli_query = "max_by(Contents, &Size)" +region = "eu-west-1" diff --git a/tests/role_session_name_too_long/terraform.tfvars b/tests/role_session_name_too_long/terraform.tfvars index 3e0e2b3..3c1304a 100644 --- a/tests/role_session_name_too_long/terraform.tfvars +++ b/tests/role_session_name_too_long/terraform.tfvars @@ -2,3 +2,4 @@ role_session_name = "12345678901234567890123456789012345678901234567890123456789012345" aws_cli_commands = ["version"] debug_log_filename = "test-reports/role_session_name_too_long/debug.log" +region = "eu-west-1" diff --git a/tests/role_session_name_too_long/test.sh b/tests/role_session_name_too_long/test.sh index f755c29..8603f4b 100755 --- a/tests/role_session_name_too_long/test.sh +++ b/tests/role_session_name_too_long/test.sh @@ -1,19 +1,9 @@ #!/usr/bin/env bash function run_test() { -if [[ -f $PLAN_FILE ]]; then - echo "Incorrectly generated a plan - $PLAN_FILE"; - exit 1; -fi - -if [[ ! -z "$(cat $PLAN_LOG_FILE)" ]]; then - echo "Incorrectly generated content in the plan log file - $PLAN_LOG_FILE"; - exit 2; -fi - if [[ ! "$(cat $PLAN_ERROR_FILE)" == *'The role session name must be less than or equal to 64 characters'* ]]; then echo 'Failed to detect too long role_session_name.'; - exit 3; + exit 1; fi } diff --git a/tests/test_with_debug/expected_variables.json b/tests/test_with_debug/expected_variables.json index 62a36aa..cc41370 100644 --- a/tests/test_with_debug/expected_variables.json +++ b/tests/test_with_debug/expected_variables.json @@ -17,6 +17,15 @@ "debug_log_filename": { "value": "test-reports/test_with_debug/debug.log" }, + "external_id": { + "value": "" + }, + "profile": { + "value": "" + }, + "region": { + "value": "eu-west-1" + }, "role_session_name": { "value": "test_with_debug" } diff --git a/tests/test_with_debug/terraform.tfvars b/tests/test_with_debug/terraform.tfvars index 6292ed1..27fd3c9 100644 --- a/tests/test_with_debug/terraform.tfvars +++ b/tests/test_with_debug/terraform.tfvars @@ -3,3 +3,4 @@ aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-d aws_cli_query = "max_by(Contents, &Size)" debug_log_filename = "test-reports/test_with_debug/debug.log" role_session_name = "test_with_debug" +region = "eu-west-1" diff --git a/tests/test_without_debug/expected_variables.json b/tests/test_without_debug/expected_variables.json index 984aa62..29f3475 100644 --- a/tests/test_without_debug/expected_variables.json +++ b/tests/test_without_debug/expected_variables.json @@ -17,6 +17,15 @@ "debug_log_filename": { "value": "" }, + "external_id": { + "value": "" + }, + "profile": { + "value": "" + }, + "region": { + "value": "eu-west-1" + }, "role_session_name": { "value": "test_without_debug" } diff --git a/tests/test_without_debug/terraform.tfvars b/tests/test_without_debug/terraform.tfvars index f7f2c31..d23b9dc 100644 --- a/tests/test_without_debug/terraform.tfvars +++ b/tests/test_without_debug/terraform.tfvars @@ -2,3 +2,4 @@ aws_cli_commands = ["s3api", "list-objects", "--bucket", "ryft-public-sample-data", "--no-sign-request"] aws_cli_query = "max_by(Contents, &Size)" role_session_name = "test_without_debug" +region = "eu-west-1" diff --git a/tests/tests.sh b/tests/tests.sh index a315cd0..52eaca6 100755 --- a/tests/tests.sh +++ b/tests/tests.sh @@ -1,4 +1,5 @@ -#!/usr/bin/env bash -e +#!/usr/bin/env bash +set -e rm -rf temp rm -rf test-reports find . -type f -name test.sh | sort | xargs -L 1 bash diff --git a/variables.tf b/variables.tf index 3e2b940..06dd297 100644 --- a/variables.tf +++ b/variables.tf @@ -9,6 +9,18 @@ variable "assume_role_arn" { } } +variable "profile" { + description = "The specific AWS profile to use (must be configured appropriately)" + type = string + default = "" +} + +variable "region" { + description = "The specific AWS region to use" + type = string + default = "" +} + variable "external_id" { description = "External id for assuming the role (optional)" type = string @@ -47,4 +59,3 @@ variable "debug_log_filename" { type = string default = "" } -