diff --git a/.github/workflows/go-terratest.yml b/.github/workflows/go-terratest.yml index 0b8ce4b..5f272b5 100644 --- a/.github/workflows/go-terratest.yml +++ b/.github/workflows/go-terratest.yml @@ -17,7 +17,8 @@ jobs: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: 1.18 + go-version: 1.23 + cache-dependency-path: "**/go.sum" - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: ~1.3 @@ -31,4 +32,3 @@ jobs: chmod 700 ../scripts/redact-output.sh go test -v | ../scripts/redact-output.sh exit ${PIPESTATUS[0]} - diff --git a/main.tf b/main.tf index 8dea372..67462aa 100644 --- a/main.tf +++ b/main.tf @@ -56,7 +56,8 @@ resource "aws_iam_role_policy_attachment" "policy_arns" { policy_arn = var.policy_arns[count.index] } -resource "aws_lambda_function" "this" { #tfsec:ignore:aws-lambda-enable-tracing +resource "aws_lambda_function" "this" { + #checkov:skip=CKV_AWS_50: "X-ray tracing is not required" #checkov:skip=CKV_AWS_116 #checkov:skip=CKV_AWS_117 #checkov:skip=CKV_AWS_272 "Code signing not required" diff --git a/test/go.mod b/test/go.mod index 8de9cd7..6b44e01 100644 --- a/test/go.mod +++ b/test/go.mod @@ -1,6 +1,6 @@ module github.com/ministryofjustice/modernisation-platform-terraform-lambda-function -go 1.19 +go 1.23 require ( github.com/gruntwork-io/terratest v0.47.2 diff --git a/test/go.sum b/test/go.sum index bb1940f..cc2bf74 100644 --- a/test/go.sum +++ b/test/go.sum @@ -116,6 +116,7 @@ cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQn cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= +cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= @@ -300,6 +301,7 @@ github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= +github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -653,6 +655,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -954,6 +957,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/test/unit-test/main.tf b/test/unit-test/main.tf index 5796635..4f1929b 100644 --- a/test/unit-test/main.tf +++ b/test/unit-test/main.tf @@ -144,7 +144,7 @@ data "aws_iam_policy_document" "instance-scheduler-lambda-function-policy" { ] resources = [ "${module.s3-bucket.bucket.arn}/*", - "${module.s3-bucket.bucket.arn}" + module.s3-bucket.bucket.arn ] } } @@ -170,7 +170,7 @@ module "lambda_function_in_vpc" { filename = data.archive_file.lambda-zip.output_path source_code_hash = data.archive_file.lambda-zip.output_base64sha256 handler = "test.lambda_handler" - runtime = "python3.8" + runtime = "python3.12" vpc_subnet_ids = [data.aws_subnet.private-2a.id] vpc_security_group_ids = [aws_security_group.lambda_security_group_test.id] diff --git a/test/unit-test/s3.tf b/test/unit-test/s3.tf index 4843c30..f4163ed 100644 --- a/test/unit-test/s3.tf +++ b/test/unit-test/s3.tf @@ -1,5 +1,5 @@ -module "s3-bucket" { #tfsec:ignore:aws-s3-enable-versioning - source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc1" # Hash for v7.0.0 +module "s3-bucket" { + source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=52a40b0dd18aaef0d7c5565d93cc8997aad79636" # v8.2.0 bucket_prefix = "data-platform-products-${local.environment}" versioning_enabled = false diff --git a/test/unit-test/versions.tf b/test/unit-test/versions.tf index bb58a2b..f8b9d31 100644 --- a/test/unit-test/versions.tf +++ b/test/unit-test/versions.tf @@ -6,7 +6,15 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.5" + version = "~> 3.6" + } + http = { + source = "hashicorp/http" + version = "~> 3.4" + } + archive = { + source = "hashicorp/archive" + version = "~> 2.6" } } required_version = ">= 1.0.1"