From 60e09eaea366e06809b805cb22dcaa523d8e9d88 Mon Sep 17 00:00:00 2001 From: oycyc Date: Sun, 1 Dec 2024 16:24:10 -0500 Subject: [PATCH] feat: clean up test and test actual logic --- tests/main.tftest.hcl | 96 ---------------------------------- tests/setup/main.tf | 18 ------- tests/test-harness/main.tf | 25 --------- tests/test-harness/variable.tf | 11 ---- tests/unit.tftest.hcl | 75 ++------------------------ 5 files changed, 5 insertions(+), 220 deletions(-) delete mode 100644 tests/main.tftest.hcl delete mode 100644 tests/setup/main.tf delete mode 100644 tests/test-harness/main.tf delete mode 100644 tests/test-harness/variable.tf diff --git a/tests/main.tftest.hcl b/tests/main.tftest.hcl deleted file mode 100644 index 3906ce4..0000000 --- a/tests/main.tftest.hcl +++ /dev/null @@ -1,96 +0,0 @@ -### Integration Tests for the SSM Agent Module -### This test suite will create the SSM Agent module -### and validate the resources created by the module, -### then destroy it. - -### `/test-harness/` module is used as a helper to validate resources that aren't in the Terraform state, for example the EC2 instances created from the ASG. - -run "setup" { - module { - source = "./tests/setup" - } -} - -run "create_ssm_agent" { - command = apply - - variables { - namespace = "mp" - stage = "terraform-test${run.setup.random_number}" - } - - module { - source = "./examples/complete" - } - - assert { - condition = module.ssm_agent.security_group_id != "" - error_message = "The ID of the SSM Agent Security Group is empty, possibly not created." - } - - assert { - condition = module.ssm_agent.launch_template_id != "" - error_message = "The ID of the SSM Agent Launch Template is empty, possibly not created." - } - - assert { - condition = module.ssm_agent.autoscaling_group_id != "" - error_message = "The ID of the SSM Agent Autoscaling Group is empty, possibly not created." - } - - assert { - condition = module.ssm_agent.role_id != "" - error_message = "The ID of the SSM Agent Role is empty, possibly not created." - } - - -} - -run "validate_ssm_agent_data" { - module { - source = "./tests/test-harness" - } - - variables { - # These variables are based on using the values from `./examples/complete` module since we are using that for the integration tests. - instance_name = "mp-terraform-test${run.setup.random_number}" - ssm_document_name_from_test = "SSM-SessionManagerRunShell" - iam_role_name_from_test = run.create_ssm_agent.role_id - } - - # The EC2 Instance is not directly created since it is managed by the ASG + Launch Template. - # Check that the EC2 instance is actually spun up after this integration test. - assert { - condition = data.aws_instance.from_test.arn != "" - error_message = "The SSM Agent EC2 instance does not exist." - } - assert { - condition = contains(["running", "pending"], data.aws_instance.from_test.instance_state) - error_message = "The SSM Agent EC2 instance is not running or pending." - } - - assert { - condition = tolist(data.aws_instance.from_test.root_block_device)[0].encrypted == true - error_message = "The root block device of the SSM Agent EC2 instance is not encrypted." - } - - assert { - condition = data.aws_ssm_document.from_test.content != "" - error_message = "The created SSM document content is empty." - } - - assert { - condition = can(regex("\"Effect\"\\s*:\\s*\"Allow\"", data.aws_iam_role.from_test.assume_role_policy)) - error_message = "The created IAM role policy must contain Effect: Allow" - } - - assert { - condition = can(regex("\"Service\"\\s*:\\s*\"ec2\\.amazonaws\\.com\"", data.aws_iam_role.from_test.assume_role_policy)) - error_message = "The created IAM role policy must contain Service: ec2.amazonaws.com" - } - - assert { - condition = can(regex("\"Action\"\\s*:\\s*\"sts:AssumeRole\"", data.aws_iam_role.from_test.assume_role_policy)) - error_message = "The created IAM role policy must contain Action: sts:AssumeRole" - } -} diff --git a/tests/setup/main.tf b/tests/setup/main.tf deleted file mode 100644 index 4858a00..0000000 --- a/tests/setup/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -terraform { - required_providers { - random = { - source = "hashicorp/random" - version = "~> 3.0" - } - } -} - -resource "random_integer" "random_number" { - min = 1 - max = 9999 -} - -output "random_number" { - value = random_integer.random_number.result - description = "Random number between 1 and 9999" -} diff --git a/tests/test-harness/main.tf b/tests/test-harness/main.tf deleted file mode 100644 index 5db6c1f..0000000 --- a/tests/test-harness/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.0" - } - } -} - -data "aws_ssm_document" "from_test" { - name = var.ssm_document_name_from_test -} - -data "aws_iam_role" "from_test" { - name = var.iam_role_name_from_test -} - -data "aws_instance" "from_test" { - filter { - name = "tag:Name" - values = [var.instance_name] - } -} diff --git a/tests/test-harness/variable.tf b/tests/test-harness/variable.tf deleted file mode 100644 index efcf538..0000000 --- a/tests/test-harness/variable.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "ssm_document_name_from_test" { - type = string -} - -variable "iam_role_name_from_test" { - type = string -} - -variable "instance_name" { - type = string -} diff --git a/tests/unit.tftest.hcl b/tests/unit.tftest.hcl index a1cdb39..b81b3c2 100644 --- a/tests/unit.tftest.hcl +++ b/tests/unit.tftest.hcl @@ -31,81 +31,16 @@ run "verify_session_logging" { } } -run "verify_launch_template" { +run "verify_session_logging_bucket_logic" { command = plan variables { - instance_type = "c6g.nano" - monitoring_enabled = true - associate_public_ip_address = false - metadata_imdsv2_enabled = true - namespace = "mp" - stage = "test" - name = "ssm-agent" + session_logging_enabled = true + session_logging_bucket_name = "" # Empty name should trigger bucket creation } assert { - condition = aws_launch_template.default.instance_type == "c6g.nano" - error_message = "Launch template instance type does not match" - } - - assert { - condition = aws_launch_template.default.monitoring[0].enabled == true - error_message = "Instance monitoring not enabled" - } - - assert { - condition = aws_launch_template.default.metadata_options[0].http_tokens == "required" - error_message = "IMDSv2 not enforced in launch template" - } - - assert { - condition = aws_launch_template.default.iam_instance_profile[0].name == "mp-test-ssm-agent-role" - error_message = "IAM instance profile name does not match expected value" - } - - assert { - condition = aws_launch_template.default.iam_instance_profile[0].name == aws_iam_instance_profile.default.name - error_message = "Launch template IAM instance profile name does not match the created instance profile" - } -} - -run "verify_autoscaling_group" { - command = plan - - variables { - max_size = 2 - min_size = 1 - desired_capacity = 1 - subnet_ids = ["subnet-12345678"] - } - - assert { - condition = aws_autoscaling_group.default.max_size == 2 - error_message = "ASG max size not set correctly" - } - - assert { - condition = aws_autoscaling_group.default.min_size == 1 - error_message = "ASG min size not set correctly" - } - - assert { - condition = aws_autoscaling_group.default.desired_capacity == 1 - error_message = "ASG desired capacity not set correctly" - } -} - - -run "verify_s3_bucket_configuration" { - command = plan - - variables { - session_logging_enabled = true - } - - assert { - condition = module.logs_bucket.enabled == true - error_message = "S3 bucket session logging bucket isn't enabled when set to enabled." + condition = local.logs_bucket_enabled == true + error_message = "Logs bucket should be enabled when session logging is enabled and no bucket name is provided" } }