Upgrade Terraform to 0.13 and introduce Travis CI with some simple tests

.gitignore

@@ -1,2 +1,3 @@
 /.terraform/
 /temp/
+/tests/*.plan

.pre-commit-config.yaml

@@ -1,12 +1,12 @@
 repos:
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.31.0
+  rev: v1.32.0
   hooks:
     - id: terraform_tflint
     - id: terraform_fmt
     - id: terraform_validate
     - id: terraform_docs
 - repo: git://github.com/pre-commit/pre-commit-hooks
-  rev: v2.5.0
+  rev: v3.2.0
   hooks:
     - id: check-merge-conflict

.terraform-version

@@ -1 +1 @@
-0.12.29
+0.13.0

.travis.yml

@@ -0,0 +1,18 @@
+script:
+    - git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+    - sudo ln -s ~/.tfenv/bin/* /usr/local/bin
+    - tfenv install
+    - terraform init
+
+    # Test the variable values are tested and passed to the plan appropriately.
+    - terraform plan -var-file='tests/test.tfvars' -out='tests/test.plan'
+    - if [[ ! "$(terraform show -json tests/test.plan | jq -cMSr .variables)" == '{"assume_role_arn":{"value":"arn:aws:iam::000000000000:root"},"aws_cli_commands":{"value":["version"]},"aws_cli_query":{"value":""},"role_session_name":{"value":"terraform-aws-cli"}}' ]]; then
+        echo 'Failed to incorporate expected variable values into plan.';
+        exit -1;
+      fi
+
+    # Test an invalid ARN reports appropriately.
+    - if [[ ! "$(terraform plan -var-file='tests/bad_arn.tfvars' -no-color 2>&1)" == *'variable "assume_role_arn"'* ]]; then
+        echo 'Failed to detect invalid ARN.';
+        exit -1;
+      fi

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+# v2.0.0 - 2020/09/17
+
+- Set minimum terraform version to 0.13.0
+- Added variable validation to optional `assume_role_arn` to match syntax described in 
+  [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html).
+
 # v1.3.0 - 2020/08/03
 
 - Set minimum version of random provider to 2.3.0

README.md

@@ -1,3 +1,6 @@
+[![Build Status](https://img.shields.io/travis/digitickets/terraform-aws-cli.svg?style=for-the-badge&logo=travis)](https://travis-ci.org/digitickets/terraform-aws-cli)
+[![GitHub issues](https://img.shields.io/github/issues/digitickets/terraform-aws-cli.svg?style=for-the-badge&logo=github)](https://github.com/digitickets/terraform-aws-cli/issues)
+
 # terraform-aws-cli
 
 Run the AWS CLI, with the ability to run under an assumed role, to access resources and properties missing from the
@@ -54,7 +57,7 @@ module "current_desired_capacity" {
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.24 |
+| terraform | ~> 0.13.0 |
 | external | ~> 1.2.0 |
 | local | ~> 1.4.0 |
 | random | ~> 2.3.0 |

tests/bad_arn.tfvars

@@ -0,0 +1,2 @@
+assume_role_arn  = "bad_arn"
+aws_cli_commands = ["version"]

tests/test.tfvars

@@ -0,0 +1,2 @@
+assume_role_arn  = "arn:aws:iam::000000000000:root"
+aws_cli_commands = ["version"]

variables.tf

@@ -2,6 +2,10 @@ variable "assume_role_arn" {
   description = "The ARN of the role being assumed (optional)"
   type        = string
   default     = ""
+  validation {
+    condition     = can(regex("^(?:arn:aws(?:-cn|-us-gov|):(?:iam|sts)::[0-9]{12}:.+|)$", var.assume_role_arn))
+    error_message = "The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html."
+  }
 }
 
 variable "aws_cli_commands" {

versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.24"
+  required_version = "~> 0.13.0"
   required_providers {
     external = "~> 1.2.0"
     local    = "~> 1.4.0"