Add terratest (#26)

* Use taskfile instead of makefile

* tidy the taskfile

* Add terratest

* build ami as part of e2e tests

* Bump ASG module version

* Fix asg tests for workers

* Use latest version of asg module

* Update expected userdata for worker cluster

* Add simple HTTP get to e2e tests

* Remove unnecessary newlines

.travis.yml

@@ -1,17 +1,20 @@
-dist: trusty
-sudo: true
+language: go
+sudo: false
+
+go:
+  - 1.12.x
 
 env:
-  - AWS_REGION=eu-west-1
+  - GO111MODULE=on AWS_REGION=eu-west-1
+
+notifications:
+  email: false
 
-before_install:
+before_script:
   - curl -fSL "https://releases.hashicorp.com/terraform/0.12.3/terraform_0.12.3_linux_amd64.zip" -o terraform.zip
   - sudo unzip terraform.zip -d /opt/terraform
   - sudo ln -s /opt/terraform/terraform /usr/bin/terraform
   - rm -f terraform.zip
 
-notifications:
-  email: false
-
 script:
-  - make
+  - go get -u -v github.com/go-task/task/v2/cmd/task && task test

Taskfile.yml

@@ -0,0 +1,90 @@
+version: '2'
+
+vars:
+  DIRECTORIES:
+    sh: find . -type f -name '*.tf' -not -path "**/.terraform/*" -exec dirname {} \; | sort -u
+  FILES:
+    sh: find . -type f -name '*.tf' -not -path "**/.terraform/*"
+  VERSION:
+    sh: git describe --tags --candidates=1 --dirty 2>/dev/null || echo "dev"
+
+tasks:
+  default:
+    cmds:
+    - task: test
+
+  test:
+    desc: Run all tests.
+    silent: true
+    cmds:
+    - task: fmt
+    - task: validate
+
+  ami:
+    desc: Build the packer template to create a Concourse AMI.
+    silent: true
+    cmds:
+    - packer validate -var="template_version={{.VERSION}}" packer/template.json
+    - packer build -var="template_version={{.VERSION}}" packer/template.json
+
+  e2e:
+    desc: Run the end 2 end test suite.
+    cmds:
+    - go test -v ./... -timeout=1h
+
+  tidy:
+    desc: Tidy all the things.
+    silent: true
+    cmds:
+    - go mod tidy
+    - |
+      for f in $(echo "{{.FILES}}"); do 
+        sed -i '' -E "s/^([ ]*required_version[ ]*=[ ]*)\"([^\"]*)\"/\\1\"{{.TERRAFORM_VERSION}}\"/g" $f
+      done
+    vars:
+      TERRAFORM_VERSION: '>= 0.12'
+
+  fmt:
+    desc: Check formatting of all terraform files.
+    silent: true
+    cmds:
+    - task: command
+      vars:
+        COMMAND: terraform fmt
+        ARGS: -check=true -write=true -list=false -recursive=false
+        PIPE:
+
+  validate:
+    desc: Validate all terraform directories.
+    silent: true
+    cmds:
+    - task: command
+      vars:
+        COMMAND: terraform init
+        ARGS: -backend=false -input=false -get=true -get-plugins=true -no-color
+        PIPE: '> /dev/null'
+    - task: command
+      vars:
+        COMMAND: terraform validate
+        ARGS: 
+        PIPE: '> /dev/null'
+
+  command:
+    desc: Run a command on the terraform directories. 
+    silent: true
+    cmds:
+    - |
+      BOLD=$(tput bold)
+      NORM=$(tput sgr0)
+      DIR=$(pwd)
+
+      echo "${BOLD} {{.COMMAND}}:${NORM}"
+      for d in $(echo "{{.DIRECTORIES}}"); do 
+        cd $d
+        if ! {{.COMMAND}} {{.ARGS}} {{.PIPE}}; then
+          echo "  ✗ $d" && exit $?
+        else
+          echo "  √ $d"
+        fi
+        cd $DIR
+      done

examples/basic/README.md

@@ -0,0 +1,3 @@
+## examples/basic
+
+An example which shows _basic_ usage of the module.

examples/default/example.tf → examples/basic/main.tf

@@ -3,7 +3,8 @@ terraform {
 }
 
 provider "aws" {
-  region = "eu-west-1"
+  version = ">= 2.17"
+  region  = "${var.region}"
 }
 
 data "aws_vpc" "main" {
@@ -14,19 +15,13 @@ data "aws_subnet_ids" "main" {
   vpc_id = data.aws_vpc.main.id
 }
 
-locals {
-  name_prefix       = "concourse-example"
-  instance_ami      = "<packer-ami>"
-  postgres_password = "dolphins"
-}
-
 module "postgres" {
   source  = "telia-oss/rds-cluster/aws"
   version = "2.0.0"
 
-  name_prefix = local.name_prefix
+  name_prefix = var.name_prefix
   username    = "superuser"
-  password    = local.postgres_password
+  password    = var.postgres_password
   engine      = "aurora-postgresql"
   port        = 5439
   vpc_id      = data.aws_vpc.main.id
@@ -41,7 +36,7 @@ module "postgres" {
 module "concourse_atc" {
   source = "../../modules/atc"
 
-  name_prefix          = local.name_prefix
+  name_prefix          = var.name_prefix
   web_protocol         = "HTTP"
   web_port             = "80"
   authorized_cidr      = ["0.0.0.0/0"]
@@ -52,10 +47,10 @@ module "concourse_atc" {
   postgres_host        = module.postgres.endpoint
   postgres_port        = module.postgres.port
   postgres_username    = module.postgres.username
-  postgres_password    = local.postgres_password
+  postgres_password    = var.postgres_password
   postgres_database    = module.postgres.database_name
   encryption_key       = ""
-  instance_ami         = local.instance_ami
+  instance_ami         = var.packer_ami
   github_client_id     = "sm:///concourse-deployment/github-oauth-client-id"
   github_client_secret = "sm:///concourse-deployment/github-oauth-client-secret"
   github_users         = ["itsdalmo"]
@@ -72,14 +67,14 @@ module "concourse_atc" {
 module "concourse_worker" {
   source = "../../modules/worker"
 
-  name_prefix        = local.name_prefix
+  name_prefix        = var.name_prefix
   concourse_keys     = "${path.root}/keys"
   vpc_id             = data.aws_vpc.main.id
   private_subnet_ids = data.aws_subnet_ids.main.ids
   atc_sg             = module.concourse_atc.security_group_id
   tsa_host           = module.concourse_atc.tsa_host
   tsa_port           = module.concourse_atc.tsa_port
-  instance_ami       = local.instance_ami
+  instance_ami       = var.packer_ami
 
   tags = {
     environment = "dev"
@@ -96,52 +91,3 @@ resource "aws_security_group_rule" "atc_ingress_postgres" {
   to_port                  = module.postgres.port
   source_security_group_id = module.concourse_atc.security_group_id
 }
-
-# Allow workers to fetch ECR images
-resource "aws_iam_role_policy" "main" {
-  name   = "${local.name_prefix}-worker-ecr-policy"
-  role   = module.concourse_worker.role_name
-  policy = data.aws_iam_policy_document.worker.json
-}
-
-data "aws_iam_policy_document" "worker" {
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "ecr:GetAuthorizationToken",
-      "ecr:BatchCheckLayerAvailability",
-      "ecr:GetDownloadUrlForLayer",
-      "ecr:GetRepositoryPolicy",
-      "ecr:DescribeRepositories",
-      "ecr:ListImages",
-      "ecr:DescribeImages",
-      "ecr:BatchGetImage",
-    ]
-
-    resources = ["*"]
-  }
-}
-
-# Add privileges for SSM agent on both clusters
-module "atc_ssm_agent" {
-  source  = "telia-oss/ssm-agent-policy/aws"
-  version = "0.1.0"
-
-  name_prefix = "${local.name_prefix}-atc"
-  role        = module.concourse_atc.role_name
-}
-
-module "worker_ssm_agent" {
-  source  = "telia-oss/ssm-agent-policy/aws"
-  version = "0.1.0"
-
-  name_prefix = "${local.name_prefix}-worker"
-  role        = module.concourse_worker.role_name
-}
-
-output "endpoint" {
-  description = "The Concourse web interface."
-  value       = module.concourse_atc.endpoint
-}
-

examples/basic/outputs.tf

@@ -0,0 +1,14 @@
+output "endpoint" {
+  description = "The Concourse web interface."
+  value       = module.concourse_atc.endpoint
+}
+
+output "atc_asg_id" {
+  description = "ID/name of the ATC autoscaling group."
+  value       = module.concourse_atc.asg_id
+}
+
+output "worker_asg_id" {
+  description = "ID/name of the worker autoscaling group."
+  value       = module.concourse_worker.asg_id
+}

examples/basic/variables.tf

@@ -0,0 +1,18 @@
+variable "name_prefix" {
+  type    = string
+  default = "concourse-basic-example"
+}
+
+variable "packer_ami" {
+  type = string
+}
+
+variable "postgres_password" {
+  type    = string
+  default = "dolphins"
+}
+
+variable "region" {
+  type    = string
+  default = "eu-west-1"
+}

go.mod

@@ -0,0 +1,13 @@
+module github.com/telia-oss/terraform-aws-concourse/v3
+
+go 1.12
+
+require (
+	github.com/go-sql-driver/mysql v1.4.1 // indirect
+	github.com/google/uuid v1.1.1 // indirect
+	github.com/gruntwork-io/terratest v0.17.6
+	github.com/pquerna/otp v1.2.0 // indirect
+	github.com/stretchr/testify v1.3.0
+	github.com/telia-oss/terraform-aws-asg/v3 v3.0.1
+	google.golang.org/appengine v1.6.1 // indirect
+)

go.sum

@@ -0,0 +1,50 @@
+github.com/aws/aws-sdk-go v1.21.2 h1:CqbWrQzi7s8J2F0TRRdLvTr0+bt5Zxo2IDoFNGsAiUg=
+github.com/aws/aws-sdk-go v1.21.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gruntwork-io/terratest v0.17.6 h1:efnWnoz3GvM6VGHvRebGaO41ne4ZTKMvMqMf8V5vY58=
+github.com/gruntwork-io/terratest v0.17.6/go.mod h1:NjUn6YXA5Skxt8Rs20t3isYx5Rl+EgvGB8/+RRXddqk=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
+github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/telia-oss/terraform-aws-asg/v3 v3.0.1 h1:kDUkqdt6o759Bb6oThyWyO0AHriktJ3rM51MIzS2TTs=
+github.com/telia-oss/terraform-aws-asg/v3 v3.0.1/go.mod h1:Cy6Ie2Y3PN0wijAjxRrH9othe6VqpPMgqCVqeiWOOk4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7 h1:rTIdg5QFRR7XCaK4LCjBiPbx8j4DQRpdYMnGn/bJUEU=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c h1:+EXw7AwNOKzPFXMZ1yNjO40aWCh3PIquJB2fYlv9wcs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=