diff --git a/.gitignore b/.gitignore index 10db001..fd71656 100755 --- a/.gitignore +++ b/.gitignore @@ -5,9 +5,6 @@ *.tfstate *.tfstate.* -# .tfvars files -*.tfvars - **/.idea **/*.iml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 0bca29a..0000000 --- a/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -addons: - apt: - packages: - - git - - make - - curl - -install: - - make init - -script: - - make terraform:install - - make terraform:get-plugins - - make terraform:get-modules - - make terraform:lint - - make terraform:validate diff --git a/LICENSE b/LICENSE index 808ecf3..a6e3b3e 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2017-2018 Cloud Posse, LLC + Copyright 2017-2019 Cloud Posse, LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 34773be..71510f6 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![Cloud Posse][logo]](https://cpco.io/homepage) -# terraform-aws-ecr [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-ecr.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-ecr) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-ecr [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecr?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d182cb1ac440444a6c0082b) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) Terraform module to provision an [`AWS ECR Docker Container registry`](https://aws.amazon.com/ecr/). diff --git a/README.yaml b/README.yaml index ec5bcb9..841bdda 100644 --- a/README.yaml +++ b/README.yaml @@ -32,9 +32,9 @@ github_repo: cloudposse/terraform-aws-ecr # Badges to display badges: - - name: "Build Status" - image: "https://travis-ci.org/cloudposse/terraform-aws-ecr.svg?branch=master" - url: "https://travis-ci.org/cloudposse/terraform-aws-ecr" + - name: "Codefresh Build Status" + image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecr?type=cf-1" + url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d182cb1ac440444a6c0082b" - name: "Latest Release" image: "https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg" url: "https://github.com/cloudposse/terraform-aws-ecr/releases/latest" diff --git a/codefresh/test.yml b/codefresh/test.yml new file mode 100644 index 0000000..f5e571f --- /dev/null +++ b/codefresh/test.yml @@ -0,0 +1,68 @@ +version: '1.0' + +stages: + - Prepare + - Test + +steps: + wait: + title: Wait + stage: Prepare + image: codefresh/cli:latest + commands: + - codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id' + retry: + maxAttempts: 10 + delay: 20 + exponentialFactor: 1.1 + + main_clone: + title: "Clone repository" + type: git-clone + stage: Prepare + description: "Initialize" + repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}} + git: CF-default + revision: ${{CF_REVISION}} + + clean_init: + title: Prepare build-harness and test-harness + image: ${{TEST_IMAGE}} + stage: Prepare + commands: + - cf_export PATH="/usr/local/terraform/0.11/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + - which terraform + - terraform version + - make init + - git -C build-harness checkout master + - make -C test/ clean init TEST_HARNESS_BRANCH=master + - find . -type d -name '.terraform' | xargs rm -rf + - find . -type f -name 'terraform.tfstate*' -exec rm -f {} \; + + test: + type: "parallel" + title: "Run tests" + description: "Run all tests in parallel" + stage: Test + steps: + test_readme_lint: + title: "Test README.md updated" + stage: "Test" + image: ${{TEST_IMAGE}} + description: Test "readme/lint" + commands: + - make readme/lint + + test_module: + title: Test module with bats + image: ${{TEST_IMAGE}} + stage: Test + commands: + - make -C test/ module + + test_examples_complete: + title: Test "examples/complete" with bats + image: ${{TEST_IMAGE}} + stage: Test + commands: + - make -C test/ examples/complete diff --git a/examples/complete/fixtures.us-west-1.tfvars b/examples/complete/fixtures.us-west-1.tfvars new file mode 100644 index 0000000..4d0d201 --- /dev/null +++ b/examples/complete/fixtures.us-west-1.tfvars @@ -0,0 +1,7 @@ +region = "us-west-1" + +namespace = "eg" + +stage = "test" + +name = "ecr-test" diff --git a/examples/complete/main.tf b/examples/complete/main.tf new file mode 100644 index 0000000..675e3a0 --- /dev/null +++ b/examples/complete/main.tf @@ -0,0 +1,10 @@ +provider "aws" { + region = "${var.region}" +} + +module "ecr" { + source = "../../" + namespace = "${var.namespace}" + stage = "${var.stage}" + name = "${var.name}" +} diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf new file mode 100644 index 0000000..3f09ee6 --- /dev/null +++ b/examples/complete/outputs.tf @@ -0,0 +1,14 @@ +output "registry_id" { + value = "${module.ecr.registry_id}" + description = "Registry ID" +} + +output "registry_url" { + value = "${module.ecr.registry_url}" + description = "Registry URL" +} + +output "repository_name" { + value = "${module.ecr.repository_name}" + description = "Registry name" +} diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf new file mode 100644 index 0000000..99d6f08 --- /dev/null +++ b/examples/complete/variables.tf @@ -0,0 +1,15 @@ +variable "region" { + type = "string" +} + +variable "namespace" { + type = "string" +} + +variable "name" { + type = "string" +} + +variable "stage" { + type = "string" +} diff --git a/main.tf b/main.tf index 39db541..c0d8777 100755 --- a/main.tf +++ b/main.tf @@ -1,7 +1,10 @@ locals { principals_readonly_access_non_empty = "${signum(length(var.principals_readonly_access))}" principals_full_access_non_empty = "${signum(length(var.principals_full_access))}" - ecr_need_policy = "${length(var.principals_full_access) + length(var.principals_readonly_access) > 0 ? "true" : "false"}" + + ## ecr_need_policy was intended to prevent creating a policy if we did not have any principals to attach it to, + ## but it does not work because Terraform does not pass the lengths of lists across modules. + # ecr_need_policy = "${length(var.principals_full_access) + length(var.principals_readonly_access) > 0 ? "true" : "false"}" } module "label" { @@ -118,11 +121,14 @@ data "aws_iam_policy_document" "resource_full_access" { data "aws_iam_policy_document" "resource" { source_json = "${local.principals_readonly_access_non_empty ? data.aws_iam_policy_document.resource_readonly_access.json : data.aws_iam_policy_document.empty.json}" override_json = "${local.principals_full_access_non_empty ? data.aws_iam_policy_document.resource_full_access.json : data.aws_iam_policy_document.empty.json}" - "statement" = [] + statement = [] } resource "aws_ecr_repository_policy" "default" { - count = "${(local.ecr_need_policy == "true" && var.enabled == "true") ? 1 : 0}" + ## Unfortunately, ecr_need_policy does not work due to Terraform limitations, so we just leave it out + # count = "${(local.ecr_need_policy == "true" && var.enabled == "true") ? 1 : 0}" + count = "${var.enabled == "true" ? 1 : 0}" + repository = "${aws_ecr_repository.default.name}" policy = "${data.aws_iam_policy_document.resource.json}" } diff --git a/test/.gitignore b/test/.gitignore new file mode 100644 index 0000000..442804a --- /dev/null +++ b/test/.gitignore @@ -0,0 +1 @@ +.test-harness diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..b750df1 --- /dev/null +++ b/test/Makefile @@ -0,0 +1,43 @@ +TEST_HARNESS ?= https://github.com/cloudposse/test-harness.git +TEST_HARNESS_BRANCH ?= master +TEST_HARNESS_PATH = $(realpath .test-harness) +BATS_ARGS ?= --tap +BATS_LOG ?= test.log + +# Define a macro to run the tests +define RUN_TESTS +@echo "Running tests in $(1)" +@cd $(1) && bats $(BATS_ARGS) $(addsuffix .bats,$(addprefix $(TEST_HARNESS_PATH)/test/terraform/,$(TESTS))) +endef + +default: all + +-include Makefile.* + +## Provision the test-harnesss +.test-harness: + [ -d $@ ] || git clone --depth=1 -b $(TEST_HARNESS_BRANCH) $(TEST_HARNESS) $@ + +## Initialize the tests +init: .test-harness + +## Install all dependencies (OS specific) +deps:: + @exit 0 + +## Clean up the test harness +clean: + [ "$(TEST_HARNESS_PATH)" == "/" ] || rm -rf $(TEST_HARNESS_PATH) + +## Run all tests +all: module examples/complete + +## Run basic sanity checks against the module itself +module: export TESTS ?= installed lint get-modules module-pinning get-plugins validate terraform-docs input-descriptions output-descriptions +module: deps + $(call RUN_TESTS, ../) + +## Run tests against example +examples/complete: export TESTS ?= installed lint get-modules get-plugins validate +examples/complete: deps + $(call RUN_TESTS, ../$@) diff --git a/test/Makefile.alpine b/test/Makefile.alpine new file mode 100644 index 0000000..7925b18 --- /dev/null +++ b/test/Makefile.alpine @@ -0,0 +1,5 @@ +ifneq (,$(wildcard /sbin/apk)) +## Install all dependencies for alpine +deps:: init + @apk add --update terraform-docs@cloudposse json2hcl@cloudposse +endif diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..2b4f2e8 --- /dev/null +++ b/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = "~> 0.11.0" +}