chore: adding a description to the secruity group rule

gambol99 · gambol99 · commit 39c59d14f5ec · 2024-07-11T13:15:02.000+01:00
diff --git a/main.tf b/main.tf
@@ -25,8 +25,8 @@ module "dns_security_group" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "5.1.2"
 
-  name = local.security_group_name
-  #description         = ""
+  name                = local.security_group_name
+  description         = "Used by the Route53 Resolver to allow DNS traffic to the internal dns solution"
   ingress_cidr_blocks = ["10.0.0.0/8"]
   ingress_rules       = ["dns-tcp", "dns-udp"]
   egress_rules        = ["dns-tcp", "dns-udp"]
diff --git a/tests/basic.tftest.hcl b/tests/basic.tftest.hcl
diff --git a/tests/plan.tftest.hcl b/tests/plan.tftest.hcl
@@ -0,0 +1,30 @@
+
+mock_provider "aws" {
+  mock_data "aws_availability_zones" {
+    defaults = {
+      group_names = []
+      names       = ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
+    }
+  }
+}
+
+# Ensure the plan runs successfully
+run "plan" {
+  command = plan
+
+  variables {
+    resolver_name = "test"
+    tags = {
+      Environment = "Test"
+    }
+
+    resolver_rule_groups = []
+
+    network = {
+      availability_zones = 2
+      vpc_cidr           = "10.90.0.0/21"
+      transit_gateway_id = "tgw-12222222"
+    }
+  }
+}
+
diff --git a/tests/resolver.tftest.hcl b/tests/resolver.tftest.hcl
@@ -0,0 +1,104 @@
+
+mock_provider "aws" {
+  mock_data "aws_availability_zones" {
+    defaults = {
+      group_names = []
+      names       = ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
+    }
+  }
+}
+
+run "resolver_sharing" {
+  command = plan
+
+  variables {
+    resolver_name = "test"
+    tags = {
+      Environment = "Test"
+    }
+
+    resolver_rule_groups = [
+      {
+        ram_share_name = "internal"
+        ram_principals = {
+          "Deployments" = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-mq4w830q"
+          "Workloads"   = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-lk6g79d4"
+        }
+        rules = [
+          {
+            name   = "aws-appvia-local"
+            domain = "aws.appvia.local"
+          }
+        ]
+      }
+    ]
+
+    network = {
+      name               = "test"
+      availability_zones = 2
+      vpc_cidr           = "10.90.0.0/21"
+      transit_gateway_id = "tgw-12222222"
+    }
+  }
+
+  assert {
+    condition     = length(aws_ram_principal_association.this) == length(var.resolver_rule_groups[0].ram_principals)
+    error_message = "Expected the correct number of RAM principal associations"
+  }
+}
+
+run "resolver_creation" {
+  command = plan
+
+  variables {
+    resolver_name = "test"
+    tags = {
+      Environment = "Test"
+    }
+
+    resolver_rule_groups = [
+      {
+        ram_share_name = "internal"
+        ram_principals = {}
+        rules = [
+          {
+            name   = "aws-appvia-local"
+            domain = "aws.appvia.local"
+          }
+        ]
+      }
+    ]
+
+    network = {
+      name               = "test"
+      availability_zones = 2
+      vpc_cidr           = "10.90.0.0/21"
+      transit_gateway_id = "tgw-12222222"
+    }
+  }
+
+  assert {
+    condition     = aws_route53_resolver_endpoint.this.name == var.resolver_name
+    error_message = "Name of the resolver is incorrect"
+  }
+
+  assert {
+    condition     = length(aws_route53_resolver_endpoint.this.protocols) == length(var.resolver_protocols)
+    error_message = "Expected protocols to be set"
+  }
+
+  assert {
+    condition     = aws_route53_resolver_endpoint.this.resolver_endpoint_type == var.resolver_endpoint_type
+    error_message = "Expected resolver endpoint type to be set"
+  }
+
+  assert {
+    condition     = aws_route53_resolver_endpoint.this.direction == "OUTBOUND"
+    error_message = "Expected an outbound resolver"
+  }
+
+  assert {
+    condition     = module.dns_security_group.aws_security_group.this_name_prefix[0].name_prefix == "dns-resolvers-test"
+    error_message = "Expected security group to be created"
+  }
+}
