From 35537337c8a0f680b201f7fe42f7cdecd97dfe59 Mon Sep 17 00:00:00 2001 From: IA Automator Date: Wed, 10 Apr 2024 00:37:12 +0000 Subject: [PATCH] (automated) Updates from project type --- .../launch_configuration_imdsv2_tfchecks.json | 0 .../launch_template_imdsv2_tfchecks.json | 0 .../.tfsec}/no_launch_config_tfchecks.json | 0 .../sg_no_embedded_egress_rules_tfchecks.json | 0 ...sg_no_embedded_ingress_rules_tfchecks.json | 0 .../post-entrypoint-helpers.sh | 6 ++ .../pre-entrypoint-helpers.sh | 6 ++ .../static_tests/post-entrypoint-helpers.sh | 6 ++ .../static_tests/pre-entrypoint-helpers.sh | 6 ++ .copier-answers.yml | 4 +- .../functional_tests/Dockerfile | 11 +- .../functional_tests/entrypoint.sh | 53 +++++++--- .../functional_tests/functional_tests.sh | 32 ++++++ .project_automation/static_tests/Dockerfile | 2 +- .../static_tests/entrypoint.sh | 100 +++++++----------- .../static_tests/static_tests.sh | 86 +++++++++++++++ test/examples_basic_test.go | 21 ---- tests/01_mandatory.tftest.hcl | 18 ++++ 18 files changed, 243 insertions(+), 108 deletions(-) rename {.tfsec => .config/.tfsec}/launch_configuration_imdsv2_tfchecks.json (100%) rename {.tfsec => .config/.tfsec}/launch_template_imdsv2_tfchecks.json (100%) rename {.tfsec => .config/.tfsec}/no_launch_config_tfchecks.json (100%) rename {.tfsec => .config/.tfsec}/sg_no_embedded_egress_rules_tfchecks.json (100%) rename {.tfsec => .config/.tfsec}/sg_no_embedded_ingress_rules_tfchecks.json (100%) create mode 100644 .config/functional_tests/post-entrypoint-helpers.sh create mode 100644 .config/functional_tests/pre-entrypoint-helpers.sh create mode 100644 .config/static_tests/post-entrypoint-helpers.sh create mode 100644 .config/static_tests/pre-entrypoint-helpers.sh create mode 100644 .project_automation/functional_tests/functional_tests.sh create mode 100644 .project_automation/static_tests/static_tests.sh delete mode 100644 test/examples_basic_test.go create mode 100644 tests/01_mandatory.tftest.hcl diff --git a/.tfsec/launch_configuration_imdsv2_tfchecks.json b/.config/.tfsec/launch_configuration_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_configuration_imdsv2_tfchecks.json rename to .config/.tfsec/launch_configuration_imdsv2_tfchecks.json diff --git a/.tfsec/launch_template_imdsv2_tfchecks.json b/.config/.tfsec/launch_template_imdsv2_tfchecks.json similarity index 100% rename from .tfsec/launch_template_imdsv2_tfchecks.json rename to .config/.tfsec/launch_template_imdsv2_tfchecks.json diff --git a/.tfsec/no_launch_config_tfchecks.json b/.config/.tfsec/no_launch_config_tfchecks.json similarity index 100% rename from .tfsec/no_launch_config_tfchecks.json rename to .config/.tfsec/no_launch_config_tfchecks.json diff --git a/.tfsec/sg_no_embedded_egress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_egress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_egress_rules_tfchecks.json diff --git a/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json b/.config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json similarity index 100% rename from .tfsec/sg_no_embedded_ingress_rules_tfchecks.json rename to .config/.tfsec/sg_no_embedded_ingress_rules_tfchecks.json diff --git a/.config/functional_tests/post-entrypoint-helpers.sh b/.config/functional_tests/post-entrypoint-helpers.sh new file mode 100644 index 0000000..9ed42cd --- /dev/null +++ b/.config/functional_tests/post-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the end of functional test +## Use this to load any configurations after the functional test +## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Post-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/functional_tests/pre-entrypoint-helpers.sh b/.config/functional_tests/pre-entrypoint-helpers.sh new file mode 100644 index 0000000..a1bc78c --- /dev/null +++ b/.config/functional_tests/pre-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the start of functional test +## use this to load any configuration before the functional test +## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/static_tests/post-entrypoint-helpers.sh b/.config/static_tests/post-entrypoint-helpers.sh new file mode 100644 index 0000000..25fbae1 --- /dev/null +++ b/.config/static_tests/post-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the end of static test +## Use this to load any configurations after the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Post-Entrypoint Helpers" \ No newline at end of file diff --git a/.config/static_tests/pre-entrypoint-helpers.sh b/.config/static_tests/pre-entrypoint-helpers.sh new file mode 100644 index 0000000..d24d7a6 --- /dev/null +++ b/.config/static_tests/pre-entrypoint-helpers.sh @@ -0,0 +1,6 @@ +#!/bin/bash +## NOTE: this script runs at the start of static test +## use this to load any configuration before the static test +## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh +## migrate any customization you did on entrypoint.sh to this helper script +echo "Executing Pre-Entrypoint Helpers" \ No newline at end of file diff --git a/.copier-answers.yml b/.copier-answers.yml index 90a8117..eae4e7a 100644 --- a/.copier-answers.yml +++ b/.copier-answers.yml @@ -1,6 +1,6 @@ # This file is auto-generated, changes will be overwritten -_commit: v0.1.2 -_src_path: /task/ce524240-d748-11ee-a77c-fafd94ad0946/projecttype +_commit: v0.1.4 +_src_path: /task/2ac79095-f6d2-11ee-a5ac-ce83ad8231f1/projecttype starting_version: v0.0.0 version_file: VERSION diff --git a/.project_automation/functional_tests/Dockerfile b/.project_automation/functional_tests/Dockerfile index ab852a2..f3d5a48 100644 --- a/.project_automation/functional_tests/Dockerfile +++ b/.project_automation/functional_tests/Dockerfile @@ -1,12 +1,5 @@ FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 -ENV TERRAFORM_VERSION=1.4.2 -ENV GO_VERSION=1.20.2 +ENV TERRAFORM_VERSION=1.7.4 RUN cd /tmp && \ wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ - unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform - -RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash - -RUN cd /tmp && \ - wget https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz && \ - tar -C /usr/local/bin -xzf go${GO_VERSION}.linux-amd64.tar.gz && chmod 755 /usr/local/bin/go + unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform \ No newline at end of file diff --git a/.project_automation/functional_tests/entrypoint.sh b/.project_automation/functional_tests/entrypoint.sh index 7a27670..f6de09f 100755 --- a/.project_automation/functional_tests/entrypoint.sh +++ b/.project_automation/functional_tests/entrypoint.sh @@ -1,21 +1,50 @@ -#!/bin/bash -e +#!/bin/bash + +## WARNING: DO NOT modify the content of entrypoint.sh +# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh +# to load any customizations or additional configurations ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between # managed and local tasks always use these variables for the project and project type path PROJECT_PATH=${BASE_PATH}/project PROJECT_TYPE_PATH=${BASE_PATH}/projecttype -echo "Starting Functional Tests" +#********** helper functions ************* +pre_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/functional_tests/pre-entrypoint-helpers.sh ]; then + echo "Pre-entrypoint helper found" + source ${PROJECT_PATH}/.config/functional_tests/pre-entrypoint-helpers.sh + echo "Pre-entrypoint helper loaded" + else + echo "Pre-entrypoint helper not found - skipped" + fi +} +post_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh ]; then + echo "Post-entrypoint helper found" + source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh + echo "Post-entrypoint helper loaded" + else + echo "Post-entrypoint helper not found - skipped" + fi +} + +#********** Pre-entrypoint helper ************* +pre_entrypoint -cd ${PROJECT_PATH} +#********** Functional Test ************* +/bin/bash ${PROJECT_PATH}/.project_automation/functional_tests/functional_tests.sh +if [ $? -eq 0 ] +then + echo "Functional test completed" + EXIT_CODE=0 +else + echo "Functional test failed" + EXIT_CODE=1 +fi -#********** Terratest execution ********** -echo "Running Terratest" -cd test -rm -f go.mod -go mod init github.com/aws-ia/terraform-project-ephemeral -go mod tidy -go install github.com/gruntwork-io/terratest/modules/terraform -go test -timeout 45m +#********** Post-entrypoint helper ************* +post_entrypoint -echo "End of Functional Tests" \ No newline at end of file +#********** Exit Code ************* +exit $EXIT_CODE \ No newline at end of file diff --git a/.project_automation/functional_tests/functional_tests.sh b/.project_automation/functional_tests/functional_tests.sh new file mode 100644 index 0000000..f18c8ac --- /dev/null +++ b/.project_automation/functional_tests/functional_tests.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +echo "Starting Functional Tests" +cd ${PROJECT_PATH} + +#********** Terraform Test ********** + +# Look up the mandatory test file +MANDATORY_TEST_PATH="./tests/01_mandatory.tftest.hcl" +if test -f ${MANDATORY_TEST_PATH}; then + echo "File ${MANDATORY_TEST_PATH} is found, resuming test" + # Run Terraform test + terraform init + terraform test +else + echo "File ${MANDATORY_TEST_PATH} not found. You must include at least one test run in file ${MANDATORY_TEST_PATH}" + (exit 1) +fi + +if [ $? -eq 0 ]; then + echo "Terraform Test Successfull" +else + echo "Terraform Test Failed" + exit 1 +fi + +echo "End of Functional Tests" \ No newline at end of file diff --git a/.project_automation/static_tests/Dockerfile b/.project_automation/static_tests/Dockerfile index ac13377..11e2da9 100644 --- a/.project_automation/static_tests/Dockerfile +++ b/.project_automation/static_tests/Dockerfile @@ -1,5 +1,5 @@ FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 -ENV TERRAFORM_VERSION=1.4.2 +ENV TERRAFORM_VERSION=1.7.4 RUN cd /tmp && \ wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh index 0e127d8..fe97343 100755 --- a/.project_automation/static_tests/entrypoint.sh +++ b/.project_automation/static_tests/entrypoint.sh @@ -1,76 +1,50 @@ -#!/bin/bash -e +#!/bin/bash + +## WARNING: DO NOT modify the content of entrypoint.sh +# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh +# to load any customizations or additional configurations ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between # managed and local tasks always use these variables for the project and project type path PROJECT_PATH=${BASE_PATH}/project PROJECT_TYPE_PATH=${BASE_PATH}/projecttype -echo "Starting Static Tests" +#********** helper functions ************* +pre_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh ]; then + echo "Pre-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/pre-entrypoint-helpers.sh + echo "Pre-entrypoint helper loaded" + else + echo "Pre-entrypoint helper not found - skipped" + fi +} +post_entrypoint() { + if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then + echo "Post-entrypoint helper found" + source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh + echo "Post-entrypoint helper loaded" + else + echo "Post-entrypoint helper not found - skipped" + fi +} -cd ${PROJECT_PATH} -terraform init -terraform validate +#********** Pre-entrypoint helper ************* +pre_entrypoint -#********** tflint ******************** -echo 'Starting tflint' -tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl -MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) -if [ -z "$MYLINT" ] -then - echo "Success - tflint found no linting issues!" -else - echo "Failure - tflint found linting issues!" - echo "$MYLINT" - exit 1 -fi -#********** tfsec ********************* -echo 'Starting tfsec' -MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/.tfsec.yml || true) -if [[ $MYTFSEC == *"No problems detected!"* ]]; +#********** Static Test ************* +/bin/bash ${PROJECT_PATH}/.project_automation/static_tests/static_tests.sh +if [ $? -eq 0 ] then - echo "Success - tfsec found no security issues!" - echo "$MYTFSEC" + echo "Static test completed" + EXIT_CODE=0 else - echo "Failure - tfsec found security issues!" - echo "$MYTFSEC" - exit 1 + echo "Static test failed" + EXIT_CODE=1 fi -#********** Checkov Analysis ************* -echo "Running Checkov Analysis" -MYCHECKOV=$(checkov --config-file ${PROJECT_PATH}/.config/.checkov.yml || true) -if [- z "$MYCHECKOV" ] -then - echo "Success - checkov found no security issues!" - echo "$MYCHECKOV" -else - echo "Failure - checkov found security issues!" - echo "$MYCHECKOV" - exit 1 -fi +#********** Post-entrypoint helper ************* +post_entrypoint -#********** Markdown Lint ************** -echo 'Starting markdown lint' -MYMDL=$(mdl --config ${PROJECT_PATH}/.config/.mdlrc .header.md examples/*/.header.md || true) -if [ -z "$MYMDL" ] -then - echo "Success - markdown lint found no linting issues!" -else - echo "Failure - markdown lint found linting issues!" - echo "$MYMDL" - exit 1 -fi -#********** Terraform Docs ************* -echo 'Starting terraform-docs' -TDOCS="$(terraform-docs --config ${PROJECT_PATH}/.config/.terraform-docs.yaml --lockfile=false ./)" -git add -N README.md -GDIFF="$(git diff --compact-summary)" -if [ -z "$GDIFF" ] -then - echo "Success - Terraform Docs creation verified!" -else - echo "Failure - Terraform Docs creation failed, ensure you have precommit installed and running before submitting the Pull Request" - exit 1 -fi -#*************************************** -echo "End of Static Tests" +#********** Exit Code ************* +exit $EXIT_CODE \ No newline at end of file diff --git a/.project_automation/static_tests/static_tests.sh b/.project_automation/static_tests/static_tests.sh new file mode 100644 index 0000000..fe41048 --- /dev/null +++ b/.project_automation/static_tests/static_tests.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +echo "Starting Static Tests" + +#********** Terraform Validate ************* +cd ${PROJECT_PATH} +terraform init +terraform validate +if [ $? -eq 0 ] +then + echo "Success - Terraform validate" +else + echo "Failure - Terraform validate" + exit 1 +fi + +#********** tflint ******************** +echo 'Starting tflint' +tflint --init --config ${PROJECT_PATH}/.config/.tflint.hcl +MYLINT=$(tflint --force --config ${PROJECT_PATH}/.config/.tflint.hcl) +if [ -z "$MYLINT" ] +then + echo "Success - tflint found no linting issues!" +else + echo "Failure - tflint found linting issues!" + echo "$MYLINT" + exit 1 +fi + +#********** tfsec ********************* +echo 'Starting tfsec' +MYTFSEC=$(tfsec . --config-file ${PROJECT_PATH}/.config/.tfsec.yml --custom-check-dir ${PROJECT_PATH}/.config/.tfsec) +if [[ $MYTFSEC == *"No problems detected!"* ]]; +then + echo "Success - tfsec found no security issues!" + echo "$MYTFSEC" +else + echo "Failure - tfsec found security issues!" + echo "$MYTFSEC" + exit 1 +fi + +#********** Checkov Analysis ************* +echo "Running Checkov Analysis" +checkov --config-file ${PROJECT_PATH}/.config/.checkov.yml +if [ $? -eq 0 ] +then + echo "Success - Checkov found no issues!" +else + echo "Failure - Checkov found issues!" + exit 1 +fi + +#********** Markdown Lint ************** +echo 'Starting markdown lint' +MYMDL=$(mdl --config ${PROJECT_PATH}/.config/.mdlrc .header.md examples/*/.header.md) +if [ -z "$MYMDL" ] +then + echo "Success - markdown lint found no linting issues!" +else + echo "Failure - markdown lint found linting issues!" + echo "$MYMDL" + exit 1 +fi + +#********** Terraform Docs ************* +echo 'Starting terraform-docs' +TDOCS="$(terraform-docs --config ${PROJECT_PATH}/.config/.terraform-docs.yaml --lockfile=false ./)" +git add -N README.md +GDIFF="$(git diff --compact-summary)" +if [ -z "$GDIFF" ] +then + echo "Success - Terraform Docs creation verified!" +else + echo "Failure - Terraform Docs creation failed, ensure you have precommit installed and running before submitting the Pull Request. TIPS: false error may occur if you have unstaged files in your repo" + echo "$GDIFF" + exit 1 +fi + +#*************************************** +echo "End of Static Tests" \ No newline at end of file diff --git a/test/examples_basic_test.go b/test/examples_basic_test.go deleted file mode 100644 index ea44232..0000000 --- a/test/examples_basic_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package test - -import ( - "testing" - - "github.com/gruntwork-io/terratest/modules/terraform" -) - -func TestExamplesBasic(t *testing.T) { - - terraformOptions := &terraform.Options{ - TerraformDir: "../examples/basic", - // Vars: map[string]interface{}{ - // "myvar": "test", - // "mylistvar": []string{"list_item_1"}, - // }, - } - - defer terraform.Destroy(t, terraformOptions) - terraform.InitAndApply(t, terraformOptions) -} diff --git a/tests/01_mandatory.tftest.hcl b/tests/01_mandatory.tftest.hcl new file mode 100644 index 0000000..efbda7b --- /dev/null +++ b/tests/01_mandatory.tftest.hcl @@ -0,0 +1,18 @@ +## NOTE: This is the minimum mandatory test +# run at least one test using the ./examples directory as your module source +# create additional *.tftest.hcl for your own unit / integration tests +# use tests/*.auto.tfvars to add non-default variables + +run "mandatory_plan_basic" { + command = plan + module { + source = "./examples/basic" + } +} + +run "mandatory_apply_basic" { + command = apply + module { + source = "./examples/basic" + } +}