Merge pull request #12 from mineiros-io/add-unit-tests

Add unit tests
mineiros-io · Jun 18, 2020 · 5879a1e · 5879a1e
2 parents 41aaf35 + 5be413b
commit 5879a1e
Show file tree

Hide file tree

Showing 11 changed files with 678 additions and 14 deletions.
diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
@@ -6,14 +6,11 @@ agent:
     os_image: ubuntu1804
 
 global_job_config:
-  # secrets:
-  #   - name: TERRAFORM_AWS_TESTACCOUNT_CREDENTIALS
-  #   - name: private-ssh-key-with-iac-library-access
+  secrets:
+    - name: TERRAFORM_AWS_TESTACCOUNT_CREDENTIALS
   prologue:
     commands:
       - checkout --use-cache
-      # - chmod 400 ~/.ssh/id_rsa_iac_library
-      # - ssh-add ~/.ssh/id_rsa_iac_library
 
 blocks:
   - name: "Tests"

diff --git a/Makefile b/Makefile
@@ -57,9 +57,8 @@ test/pre-commit:
 test/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
 test/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS}
 test/unit-tests:
-	@echo "${YELLOW}No tests defined.${RESET}"
-#	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
-#	$(call go-test,./test/...)
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
+	$(call go-test,./test/...)
 
 ## Clean up cache and temporary files
 .PHONY: clean

diff --git a/examples/simple-users/main.tf b/examples/simple-users/main.tf
@@ -1,14 +1,17 @@
-# ------------------------------------------------------------------------------
-# Example Setup
-# ------------------------------------------------------------------------------
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# CREATE MULTIPLE IAM USERS AT ONCE
+# This example shows how to create multiple users at once by passing a list
+# of desired usernames to the module. We also attach some default IAM Policies
+# to the created users.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 provider "aws" {
   version = "~> 2.0"
   region  = "eu-west-1"
 }
 
 # ------------------------------------------------------------------------------
-# Example Usage
+# CREATE THE IAM USERS AND ATTACH DEFAULT IAM POLICIES
 # ------------------------------------------------------------------------------
 
 module "iam-users" {

diff --git a/go.mod b/go.mod
@@ -0,0 +1,8 @@
+module github.com/mineiros-io/terraform-aws-iam-user
+
+go 1.14
+
+require (
+	github.com/gruntwork-io/terratest v0.28.5
+	github.com/stretchr/testify v1.4.0
+)
diff --git a/go.sum b/go.sum
diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------------
 # AWS IAM USER
-# This module creates a single AWS IAM USER
+# This module creates a single or multiple AWS IAM USER
 # You can attach an inline policy and/or custom/managed policies through their ARNs
 # You can add the user to a list of groups (use module_depends_on to depend on group resources)
 # ------------------------------------------------------------------------------
@@ -93,7 +93,7 @@ resource "aws_iam_user_policy_attachment" "policy" {
   ]
 }
 
-# add the user to a list of groups if groups are defined
+# Add the user to a list of groups if groups are defined
 resource "aws_iam_user_group_membership" "group" {
   for_each = var.module_enabled && length(var.groups) > 0 ? var.names : []
 

diff --git a/outputs.tf b/outputs.tf
@@ -16,6 +16,11 @@ output "user_policy" {
   value       = try(aws_iam_user_policy.policy, null)
 }
 
+output "user_policy_attachment" {
+  description = "The IAM User Policy Attachment objects."
+  value       = try(aws_iam_user_policy_attachment.policy, null)
+}
+
 # ------------------------------------------------------------------------------
 # OUTPUT ALL INPUT VARIABLES
 # ------------------------------------------------------------------------------

diff --git a/test/basic_iam_users_test.go b/test/basic_iam_users_test.go
@@ -0,0 +1,64 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/random"
+
+	"github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestCreateBasicIamUsers
+// tests the creation of a list of IAM Users with some attached default IAM Policies
+func TestCreateBasicIamUsers(t *testing.T) {
+	t.Parallel()
+
+	randomAwsRegion := aws.GetRandomRegion(t, nil, nil)
+
+	expectedUserNames := []string{
+		fmt.Sprintf("first.testuser-%s", random.UniqueId()),
+		fmt.Sprintf("second.testuser-%s", random.UniqueId()),
+	}
+
+	exptectedIamPolicyARNs := []string{
+		"arn:aws:iam::aws:policy/ReadOnlyAccess",
+		"arn:aws:iam::aws:policy/job-function/Billing",
+	}
+
+	terraformOptions := &terraform.Options{
+		// The path to where your Terraform code is located
+		TerraformDir: "./create-basic-iam-users",
+		Vars: map[string]interface{}{
+			"aws_region":  randomAwsRegion,
+			"names":       expectedUserNames,
+			"policy_arns": exptectedIamPolicyARNs,
+		},
+		Upgrade: true,
+	}
+
+	// At the end of the test, run `terraform destroy` to clean up any resources that were created
+	defer terraform.Destroy(t, terraformOptions)
+
+	// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
+	terraform.InitAndApply(t, terraformOptions)
+
+	outputs := terraform.OutputAll(t, terraformOptions)
+	createdUsers, _ := outputs["all"].(map[string]interface{})["users"].(map[string]interface{})
+
+	// Validate that the qty of creates users matches the desired qty
+	assert.Equal(t, len(expectedUserNames), len(createdUsers), "Expected %d users to be created. Got %d instead.", len(expectedUserNames), len(createdUsers))
+
+	// Validate that the users with the expected usernames exist
+	for _, name := range expectedUserNames {
+		assert.Contains(t, createdUsers, name, "Expected username %s not found.", name)
+	}
+
+	// Validate that quantity of user_policy_attachment's located in the outputs
+	userPolicyAttachments := outputs["all"].(map[string]interface{})["user_policy_attachment"].([]interface{})
+
+	// If we attach two policies to two users, we should be able to locate four attachments in the outputs
+	assert.Equal(t, (len(exptectedIamPolicyARNs) * len(expectedUserNames)), len(userPolicyAttachments), "Exptected %s user policy attachment. Found %d instead", len(expectedUserNames), len(userPolicyAttachments))
+}
diff --git a/test/create-basic-iam-users/main.tf b/test/create-basic-iam-users/main.tf
@@ -0,0 +1,15 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# TEST MODULE THAT IS USED BY THE UNIT TESTS
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+provider "aws" {
+  version = "~> 2.0"
+  region  = "eu-west-1"
+}
+
+module "iam-users" {
+  source = "../.."
+
+  names       = var.names
+  policy_arns = var.policy_arns
+}
diff --git a/test/create-basic-iam-users/outputs.tf b/test/create-basic-iam-users/outputs.tf
@@ -0,0 +1,20 @@
+# ------------------------------------------------------------------------------
+# OUTPUT CALCULATED VARIABLES (prefer full objects)
+# ------------------------------------------------------------------------------
+
+# ------------------------------------------------------------------------------
+# OUTPUT ALL RESOURCES AS FULL OBJECTS
+# ------------------------------------------------------------------------------
+
+output "all" {
+  description = "All outputs exposed by the module."
+  value       = module.iam-users
+}
+
+# ------------------------------------------------------------------------------
+# OUTPUT ALL INPUT VARIABLES
+# ------------------------------------------------------------------------------
+
+# ------------------------------------------------------------------------------
+# OUTPUT MODULE CONFIGURATION
+# ------------------------------------------------------------------------------
diff --git a/test/create-basic-iam-users/variables.tf b/test/create-basic-iam-users/variables.tf
@@ -0,0 +1,27 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# TEST MODULE THAT IS USED BY THE UNIT TESTS
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+variable "aws_region" {
+  description = "The AWS region to deploy the example in."
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "names" {
+  description = "A list of names of IAM Users to create."
+  type        = set(string)
+  default = [
+    "testuser",
+    "another.testuser"
+  ]
+}
+
+variable "policy_arns" {
+  description = "A list of IAM Policy ARNs that will be attached to the created IAM Users."
+  type        = set(string)
+  default = [
+    "arn:aws:iam::aws:policy/ReadOnlyAccess",
+    "arn:aws:iam::aws:policy/job-function/Billing",
+  ]
+}