🧪 Add module testing (#25)

Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>

.devcontainer/devcontainer.json

@@ -0,0 +1,19 @@
+{
+    "name": "terraform-aws-observability-platform-tenant",
+    "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
+    "features": {
+      "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+      "ghcr.io/ministryofjustice/devcontainer-feature/aws:0": {},
+      "ghcr.io/ministryofjustice/devcontainer-feature/terraform:0": {}
+    },
+    "postCreateCommand": "bash .devcontainer/post-create.sh",
+    "customizations": {
+      "vscode": {
+        "extensions": [
+          "EditorConfig.EditorConfig",
+          "GitHub.vscode-github-actions",
+          "GitHub.vscode-pull-request-github"
+        ]
+      }
+    }
+  }

.devcontainer/post-create.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Upgrade Pip
+pip install --upgrade pip
+
+# Install dependencies
+pip install --requirement requirements-dev.txt

.editorconfig

@@ -4,3 +4,20 @@ root = true
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+# This file is autogenerated
+[.devcontainer/devcontainer-lock.json]
+end_of_line = unset
+insert_final_newline = unset
+
+[*.json]
+indent_style = space
+indent_size = 2
+
+[*.sh]
+indent_style = space
+indent_size = 2
+
+[*.yml]
+indent_style = space
+indent_size = 2

.github/dependabot.yml

@@ -2,31 +2,31 @@
 version: 2
 
 updates:
-  - package-ecosystem: "bundler"
-    directory: "/"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "terraform"
-    directory: "/terraform"
-    schedule:
-      interval: "daily"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "pip"
+    commit-message:
+      prefix: ":dependabot: github-actions"
+      include: "scope"
+  - package-ecosystem: "devcontainers"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gomod"
+    commit-message:
+      prefix: ":dependabot: devcontainers"
+      include: "scope"
+  - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "docker"
+    commit-message:
+      prefix: ":dependabot: docker"
+      include: "scope"
+  - package-ecosystem: "terraform"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      prefix: ":dependabot: terraform"
+      include: "scope"

.github/workflows/test.yml

@@ -0,0 +1,31 @@
+---
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+
+      - name: Install LocalStack Tools
+        id: install_localstack_tools
+        run: |
+          pip install --requirement requirements-dev.txt
+
+      - name: Test
+        id: test
+        shell: bash
+        run: |
+          make test

.gitignore

@@ -7,4 +7,5 @@ env/
 .vscode
 *.code-workspace
 *.sha256
-terraform.tfstate
+terraform.tfstate*
+.terraform.lock.hcl

Makefile

@@ -0,0 +1,5 @@
+test:
+	docker-compose --file tests/docker-compose-localstack.yml --project-name localstack up --detach
+	tflocal init
+	tflocal test -compact-warnings
+	docker-compose --file tests/docker-compose-localstack.yml --project-name localstack down

README.md

@@ -20,6 +20,12 @@ module "observability_platform_tenant" {
 }
 ```
 
+## Testing
+
+```bash
+make test
+```
+
 ### Contributing
 
 The base branch requires _all_ commits to be signed. Learn more about signing commits [here](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification).

requirements-dev.txt

@@ -0,0 +1,2 @@
+awscli-local==0.22.0
+terraform-local==0.18.1

tests/docker-compose-localstack.yml

@@ -0,0 +1,8 @@
+---
+services:
+  localstack:
+    container_name: "localstack"
+    image: docker.io/localstack/localstack@sha256:b5c082a6d78d49fc4a102841648a8adeab4895f7d9a4ad042d7d485aed2da10d # v3.3.0
+    ports:
+      - "127.0.0.1:4566:4566"            # LocalStack Gateway
+      - "127.0.0.1:4510-4559:4510-4559"  # external services port range

tests/main.tftest.hcl

@@ -0,0 +1,43 @@
+/* Based on https://docs.localstack.cloud/user-guide/integrations/terraform/#final-configuration */
+provider "aws" {
+  region     = "us-east-1"
+  access_key = "mock_access_key"
+  secret_key = "mock_secret_key"
+
+  s3_use_path_style           = true
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    iam = "http://127.0.0.1:4566"
+  }
+}
+
+variables {
+  observability_platform_account_id = "111111111111"
+}
+
+run "main" {
+  command = apply
+}
+
+run "invalid_account_id" {
+  command = plan
+
+  variables {
+    observability_platform_account_id = "1234567890"
+  }
+
+  expect_failures = [var.observability_platform_account_id]
+}
+
+run "invalid_role_name" {
+  command = plan
+
+  variables {
+    role_name = "bad-role-name"
+  }
+
+  expect_failures = [var.role_name]
+}

variables.tf

@@ -2,11 +2,19 @@ variable "role_name" {
   type        = string
   description = "Name of the role to create, This is set as a variable but Observability Platform requires this to be set to 'observability-platform'"
   default     = "observability-platform"
+  validation {
+    condition     = var.role_name == "observability-platform"
+    error_message = "Role name must be set to 'observability-platform'"
+  }
 }
 
 variable "observability_platform_account_id" {
   type        = string
-  description = "Account ID of the Observability Platform environment. If you are running on Modernisation Platform you can use 'local.environment_management.account_ids[\"observability-platform-production\"]"
+  description = "Account ID of the Observability Platform environment. If you are running on Modernisation Platform you can use 'local.environment_management.account_ids[\"observability-platform-production\"]'"
+  validation {
+    condition     = length(var.observability_platform_account_id) == 12
+    error_message = "Account ID must be a 12-digit number (https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html)"
+  }
 }
 
 variable "enable_xray" {