Add http_protocol_ipv6 option, make variable not nullable, add unit tests

Author: Gryff

asg.tf

@@ -35,6 +35,7 @@ resource "aws_launch_template" "cluster" {
     http_tokens                 = lookup(var.cluster_instance_metadata_options, "http_tokens", null)
     http_put_response_hop_limit = lookup(var.cluster_instance_metadata_options, "http_put_response_hop_limit", null)
     instance_metadata_tags      = lookup(var.cluster_instance_metadata_options, "instance_metadata_tags", null)
+    http_protocol_ipv6          = lookup(var.cluster_instance_metadata_options, "http_protocol_ipv6", null)
   }
 
   user_data = base64encode(local.cluster_user_data)

spec/unit/infra/root/main.tf

@@ -29,6 +29,8 @@ module "ecs_cluster" {
   cluster_instance_enable_ebs_volume_encryption = var.cluster_instance_enable_ebs_volume_encryption
   cluster_instance_ebs_volume_kms_key_id = var.cluster_instance_ebs_volume_kms_key_id
 
+  cluster_instance_metadata_options = var.cluster_instance_metadata_options
+
   cluster_minimum_size     = var.cluster_minimum_size
   cluster_maximum_size     = var.cluster_maximum_size
   cluster_desired_capacity = var.cluster_desired_capacity

spec/unit/infra/root/variables.tf

@@ -28,6 +28,11 @@ variable "cluster_instance_root_block_device_path" {
   default = null
 }
 
+variable "cluster_instance_metadata_options" {
+  type = map
+  default = null
+}
+
 variable "cluster_minimum_size" {
   default = null
 }

spec/unit/launch_template_spec.rb

@@ -236,4 +236,62 @@
               ))
     end
   end
+
+  describe 'metadata options' do
+    it 'requires http_tokens (IMDSv2) by default' do
+      expect(@plan)
+        .to(include_resource_creation(type: 'aws_launch_template')
+              .with_attribute_value(
+                :metadata_options,
+                including(
+                  including({
+                              http_tokens: 'required'
+                            })
+                )
+              ))
+    end
+
+    it 'http_protocol_ipv6 and instance_metadata_tags disabled by default' do
+      expect(@plan)
+        .to(include_resource_creation(type: 'aws_launch_template')
+              .with_attribute_value(
+                :metadata_options,
+                including(
+                  including({
+                              http_protocol_ipv6: 'disabled',
+                              instance_metadata_tags: 'disabled'
+                            })
+                )
+              ))
+    end
+
+    context 'when cluster_instance_metadata_options is provided' do
+      before(:context) do
+        @plan = plan(role: :root) do |vars|
+          vars.cluster_instance_metadata_options = {
+            http_endpoint: 'enabled',
+            http_tokens: 'optional',
+            http_protocol_ipv6: 'enabled',
+            instance_metadata_tags: 'enabled',
+            http_put_response_hop_limit: 15
+          }
+        end
+      end
+
+      it 'uses provided metadata options' do
+        expect(@plan)
+          .to(include_resource_creation(type: 'aws_launch_template')
+                .with_attribute_value(
+                  :metadata_options,
+                  including(including({
+                                        http_endpoint: 'enabled',
+                                        http_tokens: 'optional',
+                                        http_protocol_ipv6: 'enabled',
+                                        instance_metadata_tags: 'enabled',
+                                        http_put_response_hop_limit: 15
+                                      }))
+                ))
+      end
+    end
+  end
 end

variables.tf

@@ -83,6 +83,7 @@ variable "cluster_instance_metadata_options" {
   default     = {
     http_tokens = "required"      # AWS Recommended default: IMDSv2 required
   }
+  nullable    = false
 }
 variable "cluster_service_iam_policy_contents" {
   description = "The contents of the cluster service IAM policy."