Added tests (#16)

* Added tests * Added tests helpers * Added tests helpers * Pin version * Update test/component_test.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update test/component_test.go --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
cloudposse-terraform-components · Feb 19, 2025 · d1d877e · d1d877e
1 parent 2580402
commit d1d877e
Show file tree

Hide file tree

Showing 15 changed files with 811 additions and 5 deletions.
diff --git a/src/remote-state.tf b/src/remote-state.tf
@@ -1,6 +1,6 @@
 module "cloudtrail_bucket" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component   = var.cloudtrail_bucket_component_name
   environment = var.cloudtrail_bucket_environment_name
@@ -11,7 +11,7 @@ module "cloudtrail_bucket" {
 
 module "account_map" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component   = "account-map"
   tenant      = module.iam_roles.global_tenant_name

diff --git a/test/.gitignore b/test/.gitignore
@@ -0,0 +1,5 @@
+state/
+.cache
+test/test-suite.json
+.atmos
+test_suite.yaml
diff --git a/test/component_test.go b/test/component_test.go
@@ -0,0 +1,125 @@
+package test
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
+	"github.com/cloudposse/test-helpers/pkg/atmos"
+	helper "github.com/cloudposse/test-helpers/pkg/atmos/component-helper"
+	awshelper "github.com/cloudposse/test-helpers/pkg/aws"
+	"github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/stretchr/testify/assert"
+)
+
+type ComponentSuite struct {
+	helper.TestSuite
+}
+
+func (s *ComponentSuite) TestBasic() {
+	const component = "cloudtrail/basic"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	defer s.DestroyAtmosComponent(s.T(), component, stack, nil)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, nil)
+	assert.NotNil(s.T(), options)
+
+	cloudtrailBucketOptions := s.GetAtmosOptions("cloudtrail-bucket", stack, nil)
+	bucketName := atmos.Output(s.T(), cloudtrailBucketOptions, "cloudtrail_bucket_id")
+	defer aws.EmptyS3Bucket(s.T(), awsRegion, bucketName)
+
+	cloudtrailID := atmos.Output(s.T(), options, "cloudtrail_id")
+
+	client := awshelper.NewCloudTrailClient(s.T(), awsRegion)
+	trails, err := client.DescribeTrails(context.Background(), &cloudtrail.DescribeTrailsInput{
+		TrailNameList: []string{cloudtrailID},
+	})
+	assert.NoError(s.T(), err)
+	trail := trails.TrailList[0]
+
+	cloudtrailArn := atmos.Output(s.T(), options, "cloudtrail_arn")
+	assert.Equal(s.T(), cloudtrailArn, *trail.TrailARN)
+
+	cloudtrailLogsLogGroupArn := atmos.Output(s.T(), options, "cloudtrail_logs_log_group_arn")
+	assert.True(s.T(), strings.HasPrefix(*trail.CloudWatchLogsLogGroupArn, cloudtrailLogsLogGroupArn))
+
+	cloudtrailLogsLogGroupName := atmos.Output(s.T(), options, "cloudtrail_logs_log_group_name")
+	assert.True(s.T(), strings.HasSuffix(cloudtrailLogsLogGroupArn, cloudtrailLogsLogGroupName))
+
+	cloudtrailLogsRoleArn := atmos.Output(s.T(), options, "cloudtrail_logs_role_arn")
+	assert.Equal(s.T(), cloudtrailLogsRoleArn, *trail.CloudWatchLogsRoleArn)
+
+	cloudtrailLogsRoleName := atmos.Output(s.T(), options, "cloudtrail_logs_role_name")
+	assert.True(s.T(), strings.HasSuffix(cloudtrailLogsRoleArn, cloudtrailLogsRoleName))
+
+	cloudtrailHomeRegion := atmos.Output(s.T(), options, "cloudtrail_home_region")
+	assert.Equal(s.T(), "us-east-2", cloudtrailHomeRegion)
+	assert.Equal(s.T(), *trail.HomeRegion, cloudtrailHomeRegion)
+
+	assert.False(s.T(), *trail.IsOrganizationTrail)
+
+	s.DriftTest(component, stack, nil)
+}
+
+func (s *ComponentSuite) TestOrgLevel() {
+	const component = "cloudtrail/org-level"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	s.T().Skip("Skipping org-level test because it's not supported due to Service Policy limitations")
+	defer s.DestroyAtmosComponent(s.T(), component, stack, nil)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, nil)
+	assert.NotNil(s.T(), options)
+
+	cloudtrailBucketOptions := s.GetAtmosOptions("cloudtrail-bucket", stack, nil)
+	bucketName := atmos.Output(s.T(), cloudtrailBucketOptions, "cloudtrail_bucket_id")
+	defer aws.EmptyS3Bucket(s.T(), awsRegion, bucketName)
+
+	cloudtrailID := atmos.Output(s.T(), options, "cloudtrail_id")
+
+	client := awshelper.NewCloudTrailClient(s.T(), awsRegion)
+	trails, err := client.DescribeTrails(context.Background(), &cloudtrail.DescribeTrailsInput{
+		TrailNameList: []string{cloudtrailID},
+	})
+	assert.NoError(s.T(), err)
+	trail := trails.TrailList[0]
+
+	cloudtrailArn := atmos.Output(s.T(), options, "cloudtrail_arn")
+	assert.Equal(s.T(), cloudtrailArn, *trail.TrailARN)
+
+	cloudtrailLogsLogGroupArn := atmos.Output(s.T(), options, "cloudtrail_logs_log_group_arn")
+	assert.True(s.T(), strings.HasPrefix(*trail.CloudWatchLogsLogGroupArn, cloudtrailLogsLogGroupArn))
+
+	cloudtrailLogsLogGroupName := atmos.Output(s.T(), options, "cloudtrail_logs_log_group_name")
+	assert.True(s.T(), strings.HasSuffix(cloudtrailLogsLogGroupArn, cloudtrailLogsLogGroupName))
+
+	cloudtrailLogsRoleArn := atmos.Output(s.T(), options, "cloudtrail_logs_role_arn")
+	assert.Equal(s.T(), cloudtrailLogsRoleArn, *trail.CloudWatchLogsRoleArn)
+
+	cloudtrailLogsRoleName := atmos.Output(s.T(), options, "cloudtrail_logs_role_name")
+	assert.True(s.T(), strings.HasSuffix(cloudtrailLogsRoleArn, cloudtrailLogsRoleName))
+
+	cloudtrailHomeRegion := atmos.Output(s.T(), options, "cloudtrail_home_region")
+	assert.Equal(s.T(), "us-east-2", cloudtrailHomeRegion)
+	assert.Equal(s.T(), *trail.HomeRegion, cloudtrailHomeRegion)
+
+	assert.True(s.T(), *trail.IsOrganizationTrail)
+
+	s.DriftTest(component, stack, nil)
+}
+
+func (s *ComponentSuite) TestEnabledFlag() {
+	const component = "cloudtrail/disabled"
+	const stack = "default-test"
+
+	s.VerifyEnabledFlag(component, stack, nil)
+}
+
+func TestRunSuite(t *testing.T) {
+	suite := new(ComponentSuite)
+
+	suite.AddDependency(t, "cloudtrail-bucket", "default-test", nil)
+	helper.Run(t, suite)
+}
diff --git a/test/fixtures/atmos.yaml b/test/fixtures/atmos.yaml
@@ -0,0 +1,77 @@
+# CLI config is loaded from the following locations (from lowest to highest priority):
+# system dir (`/usr/local/etc/atmos` on Linux, `%LOCALAPPDATA%/atmos` on Windows)
+# home dir (~/.atmos)
+# current directory
+# ENV vars
+# Command-line arguments
+#
+# It supports POSIX-style Globs for file names/paths (double-star `**` is supported)
+# https://en.wikipedia.org/wiki/Glob_(programming)
+
+# Base path for components, stacks and workflows configurations.
+# Can also be set using `ATMOS_BASE_PATH` ENV var, or `--base-path` command-line argument.
+# Supports both absolute and relative paths.
+# If not provided or is an empty string, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are independent settings (supporting both absolute and relative paths).
+# If `base_path` is provided, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are considered paths relative to `base_path`.
+base_path: ""
+
+components:
+  terraform:
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_BASE_PATH` ENV var, or `--terraform-dir` command-line argument
+    # Supports both absolute and relative paths
+    base_path: "components/terraform"
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE` ENV var
+    apply_auto_approve: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT` ENV var, or `--deploy-run-init` command-line argument
+    deploy_run_init: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE` ENV var, or `--init-run-reconfigure` command-line argument
+    init_run_reconfigure: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE` ENV var, or `--auto-generate-backend-file` command-line argument
+    auto_generate_backend_file: true
+
+stacks:
+  # Can also be set using `ATMOS_STACKS_BASE_PATH` ENV var, or `--config-dir` and `--stacks-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks"
+  # Can also be set using `ATMOS_STACKS_INCLUDED_PATHS` ENV var (comma-separated values string)
+  # Since we are distinguishing stacks based on namespace, and namespace is not part
+  # of the stack name, we have to set `included_paths` via the ENV var in the Dockerfile
+  included_paths:
+    - "orgs/**/*"
+
+  # Can also be set using `ATMOS_STACKS_EXCLUDED_PATHS` ENV var (comma-separated values string)
+  excluded_paths:
+    - "**/_defaults.yaml"
+
+  # Can also be set using `ATMOS_STACKS_NAME_PATTERN` ENV var
+  name_pattern: "{tenant}-{stage}"
+
+workflows:
+  # Can also be set using `ATMOS_WORKFLOWS_BASE_PATH` ENV var, or `--workflows-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks/workflows"
+
+# https://github.com/cloudposse/atmos/releases/tag/v1.33.0
+logs:
+  file: "/dev/stdout"
+  # Supported log levels: Trace, Debug, Info, Warning, Off
+  level: Info
+
+settings:
+  # Can also be set using 'ATMOS_SETTINGS_LIST_MERGE_STRATEGY' environment variable, or '--settings-list-merge-strategy' command-line argument
+  list_merge_strategy: replace
+
+# `Go` templates in Atmos manifests
+# https://atmos.tools/core-concepts/stacks/templating
+# https://pkg.go.dev/text/template
+templates:
+  settings:
+    enabled: true
+    # https://masterminds.github.io/sprig
+    sprig:
+      enabled: true
+    # https://docs.gomplate.ca
+    gomplate:
+      enabled: true
diff --git a/test/fixtures/stacks/catalog/account-map.yaml b/test/fixtures/stacks/catalog/account-map.yaml
@@ -0,0 +1,46 @@
+components:
+  terraform:
+    account-map:
+      metadata:
+        terraform_workspace: core-gbl-root
+      vars:
+        tenant: core
+        environment: gbl
+        stage: root
+
+#      This remote state is only for Cloud Posse internal use.
+#      It references the Cloud Posse test organizations actual infrastructure.
+#      remote_state_backend:
+#        s3:
+#          bucket: cptest-core-ue2-root-tfstate-core
+#          dynamodb_table: cptest-core-ue2-root-tfstate-core-lock
+#          role_arn: arn:aws:iam::822777368227:role/cptest-core-gbl-root-tfstate-core-ro
+#          encrypt: true
+#          key: terraform.tfstate
+#          acl: bucket-owner-full-control
+#          region: us-east-2
+
+      remote_state_backend_type: static
+      remote_state_backend:
+        # This static backend is used for tests that only need to use the account map iam-roles module
+        # to find the role to assume for Terraform operations. It is configured to use whatever
+        # the current user's role is, but the environment variable `TEST_ACCOUNT_ID` must be set to
+        # the account ID of the account that the user is currently assuming a role in.
+        #
+        # For some components, this backend is missing important data, and those components
+        # will need that data added to the backend configuration in order to work properly.
+        static:
+          account_info_map: {}
+          all_accounts: []
+          aws_partition: aws
+          full_account_map: {}
+          iam_role_arn_templates: {}
+          non_eks_accounts: []
+          profiles_enabled: false
+          root_account_aws_name: root
+          terraform_access_map: {}
+          terraform_dynamic_role_enabled: false
+          terraform_role_name_map:
+            apply: terraform
+            plan: planner
+          terraform_roles: {}
diff --git a/test/fixtures/stacks/catalog/cloudtrail-bucket.yaml b/test/fixtures/stacks/catalog/cloudtrail-bucket.yaml
@@ -0,0 +1,5 @@
+components:
+  terraform:
+    cloudtrail-bucket:
+      metadata:
+        component: cloudtrail-bucket
diff --git a/test/fixtures/stacks/catalog/usecase/basic.yaml b/test/fixtures/stacks/catalog/usecase/basic.yaml
@@ -0,0 +1,11 @@
+components:
+  terraform:
+    cloudtrail/basic:
+      metadata:
+        component: target
+      vars:
+        enabled: true
+        cloudtrail_bucket_environment_name: "ue2"
+        cloudtrail_bucket_stage_name: "test"
+        cloudwatch_logs_retention_in_days: 1
+        is_organization_trail: false
diff --git a/test/fixtures/stacks/catalog/usecase/disabled.yaml b/test/fixtures/stacks/catalog/usecase/disabled.yaml
@@ -0,0 +1,11 @@
+components:
+  terraform:
+    cloudtrail/disabled:
+      metadata:
+        component: target
+      vars:
+        enabled: false
+        cloudtrail_bucket_environment_name: "ue2"
+        cloudtrail_bucket_stage_name: "test"
+        cloudwatch_logs_retention_in_days: 1
+        is_organization_trail: false
diff --git a/test/fixtures/stacks/catalog/usecase/org-level.yaml b/test/fixtures/stacks/catalog/usecase/org-level.yaml
@@ -0,0 +1,11 @@
+components:
+  terraform:
+    cloudtrail/org-level:
+      metadata:
+        component: target
+      vars:
+        enabled: true
+        cloudtrail_bucket_environment_name: "ue2"
+        cloudtrail_bucket_stage_name: "test"
+        cloudwatch_logs_retention_in_days: 1
+        is_organization_trail: true
diff --git a/test/fixtures/stacks/orgs/default/test/_defaults.yaml b/test/fixtures/stacks/orgs/default/test/_defaults.yaml
@@ -0,0 +1,66 @@
+import:
+  - catalog/account-map
+
+terraform:
+  backend_type: local
+  backend:
+    local:
+      path: '{{ getenv "COMPONENT_HELPER_STATE_DIR" | default "../../../state" }}/{{ .component }}/terraform.tfstate'
+      workspace_dir: '{{ getenv "COMPONENT_HELPER_STATE_DIR" | default "../../../state" }}/{{ .component }}/'
+  vars:
+    namespace: eg
+    tenant: default
+    environment: ue2
+    region: us-east-2
+    stage: test
+    label_order:
+      - namespace
+      - tenant
+      - environment
+      - stage
+      - name
+      - attributes
+    descriptor_formats:
+      account_name:
+        format: "%v-%v"
+        labels:
+          - tenant
+          - stage
+      stack:
+        format: "%v-%v-%v"
+        labels:
+          - tenant
+          - environment
+          - stage
+
+components:
+  terraform:
+    account-map:
+      remote_state_backend:
+        static:
+          account_info_map:
+            default-test:
+              account_email_format: aws+cptest-%[email protected]
+              eks: true
+              id: '{{ getenv "TEST_ACCOUNT_ID" | default "<TEST_ACCOUNT_ID>" }}'
+              ou: default
+              parent_ou: none
+              stage: test
+              tags:
+                eks: false
+              tenant: default
+          all_accounts:
+            - default-test
+          artifacts_account_account_name: default-test
+          audit_account_account_name: default-test
+          dns_account_account_name: default-test
+          eks_accounts:
+            - default-test
+          full_account_map:
+            default-test: '{{ getenv "TEST_ACCOUNT_ID" | default "<TEST_ACCOUNT_ID>" }}'
+          iam_role_arn_templates:
+            default-test: 'arn:aws:iam::{{ getenv "TEST_ACCOUNT_ID" | default "<TEST_ACCOUNT_ID>" }}:role/tester-%s'
+          identity_account_account_name: default-test
+          root_account_account_name: default-test
+          terraform_roles:
+            default-test: ''
diff --git a/test/fixtures/stacks/orgs/default/test/tests.yaml b/test/fixtures/stacks/orgs/default/test/tests.yaml
@@ -0,0 +1,6 @@
+import:
+  - orgs/default/test/_defaults
+  - catalog/cloudtrail-bucket
+  - catalog/usecase/basic
+  - catalog/usecase/org-level
+  - catalog/usecase/disabled