From be96f29fb420762cbd833a0d3c9bcfd1d3d39b11 Mon Sep 17 00:00:00 2001
From: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>
Date: Wed, 1 May 2024 14:26:35 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=AA=20Add=20module=20testing=20(#25)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>
---
 .devcontainer/devcontainer.json     | 19 +++++++++++++
 .devcontainer/post-create.sh        |  7 +++++
 .editorconfig                       | 17 ++++++++++++
 .github/dependabot.yml              | 30 ++++++++++----------
 .github/workflows/test.yml          | 31 +++++++++++++++++++++
 .gitignore                          |  3 +-
 Makefile                            |  5 ++++
 README.md                           |  6 ++++
 requirements-dev.txt                |  2 ++
 tests/docker-compose-localstack.yml |  8 ++++++
 tests/main.tftest.hcl               | 43 +++++++++++++++++++++++++++++
 variables.tf                        | 10 ++++++-
 12 files changed, 164 insertions(+), 17 deletions(-)
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100755 .devcontainer/post-create.sh
 create mode 100644 .github/workflows/test.yml
 create mode 100644 Makefile
 create mode 100644 requirements-dev.txt
 create mode 100644 tests/docker-compose-localstack.yml
 create mode 100644 tests/main.tftest.hcl

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000..9de135b
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,19 @@
+{
+    "name": "terraform-aws-observability-platform-tenant",
+    "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
+    "features": {
+      "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+      "ghcr.io/ministryofjustice/devcontainer-feature/aws:0": {},
+      "ghcr.io/ministryofjustice/devcontainer-feature/terraform:0": {}
+    },
+    "postCreateCommand": "bash .devcontainer/post-create.sh",
+    "customizations": {
+      "vscode": {
+        "extensions": [
+          "EditorConfig.EditorConfig",
+          "GitHub.vscode-github-actions",
+          "GitHub.vscode-pull-request-github"
+        ]
+      }
+    }
+  }
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
new file mode 100755
index 0000000..e2a26e1
--- /dev/null
+++ b/.devcontainer/post-create.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Upgrade Pip
+pip install --upgrade pip
+
+# Install dependencies
+pip install --requirement requirements-dev.txt
diff --git a/.editorconfig b/.editorconfig
index 589f816..3ba6594 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -4,3 +4,20 @@ root = true
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+# This file is autogenerated
+[.devcontainer/devcontainer-lock.json]
+end_of_line = unset
+insert_final_newline = unset
+
+[*.json]
+indent_style = space
+indent_size = 2
+
+[*.sh]
+indent_style = space
+indent_size = 2
+
+[*.yml]
+indent_style = space
+indent_size = 2
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 65a4778..df0bb31 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,31 +2,31 @@
 version: 2
 
 updates:
-  - package-ecosystem: "bundler"
-    directory: "/"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "terraform"
-    directory: "/terraform"
-    schedule:
-      interval: "daily"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "pip"
+    commit-message:
+      prefix: ":dependabot: github-actions"
+      include: "scope"
+  - package-ecosystem: "devcontainers"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gomod"
+    commit-message:
+      prefix: ":dependabot: devcontainers"
+      include: "scope"
+  - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "docker"
+    commit-message:
+      prefix: ":dependabot: docker"
+      include: "scope"
+  - package-ecosystem: "terraform"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      prefix: ":dependabot: terraform"
+      include: "scope"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..dee698f
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,31 @@
+---
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+
+      - name: Install LocalStack Tools
+        id: install_localstack_tools
+        run: |
+          pip install --requirement requirements-dev.txt
+
+      - name: Test
+        id: test
+        shell: bash
+        run: |
+          make test
diff --git a/.gitignore b/.gitignore
index aa69ef3..80e908a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,5 @@ env/
 .vscode
 *.code-workspace
 *.sha256
-terraform.tfstate
+terraform.tfstate*
+.terraform.lock.hcl
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..0f7bac4
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,5 @@
+test:
+	docker-compose --file tests/docker-compose-localstack.yml --project-name localstack up --detach
+	tflocal init
+	tflocal test -compact-warnings
+	docker-compose --file tests/docker-compose-localstack.yml --project-name localstack down
diff --git a/README.md b/README.md
index d0aa91a..ac182f0 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,12 @@ module "observability_platform_tenant" {
 }
 ```
 
+## Testing
+
+```bash
+make test
+```
+
 ### Contributing
 
 The base branch requires _all_ commits to be signed. Learn more about signing commits [here](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification).
diff --git a/requirements-dev.txt b/requirements-dev.txt
new file mode 100644
index 0000000..7f14b86
--- /dev/null
+++ b/requirements-dev.txt
@@ -0,0 +1,2 @@
+awscli-local==0.22.0
+terraform-local==0.18.1
diff --git a/tests/docker-compose-localstack.yml b/tests/docker-compose-localstack.yml
new file mode 100644
index 0000000..a93a8f5
--- /dev/null
+++ b/tests/docker-compose-localstack.yml
@@ -0,0 +1,8 @@
+---
+services:
+  localstack:
+    container_name: "localstack"
+    image: docker.io/localstack/localstack@sha256:b5c082a6d78d49fc4a102841648a8adeab4895f7d9a4ad042d7d485aed2da10d # v3.3.0
+    ports:
+      - "127.0.0.1:4566:4566"            # LocalStack Gateway
+      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
diff --git a/tests/main.tftest.hcl b/tests/main.tftest.hcl
new file mode 100644
index 0000000..da904f4
--- /dev/null
+++ b/tests/main.tftest.hcl
@@ -0,0 +1,43 @@
+/* Based on https://docs.localstack.cloud/user-guide/integrations/terraform/#final-configuration */
+provider "aws" {
+  region     = "us-east-1"
+  access_key = "mock_access_key"
+  secret_key = "mock_secret_key"
+
+  s3_use_path_style           = true
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    iam = "http://127.0.0.1:4566"
+  }
+}
+
+variables {
+  observability_platform_account_id = "111111111111"
+}
+
+run "main" {
+  command = apply
+}
+
+run "invalid_account_id" {
+  command = plan
+
+  variables {
+    observability_platform_account_id = "1234567890"
+  }
+
+  expect_failures = [var.observability_platform_account_id]
+}
+
+run "invalid_role_name" {
+  command = plan
+
+  variables {
+    role_name = "bad-role-name"
+  }
+
+  expect_failures = [var.role_name]
+}
diff --git a/variables.tf b/variables.tf
index 8371642..42ad394 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2,11 +2,19 @@ variable "role_name" {
   type        = string
   description = "Name of the role to create, This is set as a variable but Observability Platform requires this to be set to 'observability-platform'"
   default     = "observability-platform"
+  validation {
+    condition     = var.role_name == "observability-platform"
+    error_message = "Role name must be set to 'observability-platform'"
+  }
 }
 
 variable "observability_platform_account_id" {
   type        = string
-  description = "Account ID of the Observability Platform environment. If you are running on Modernisation Platform you can use 'local.environment_management.account_ids[\"observability-platform-production\"]"
+  description = "Account ID of the Observability Platform environment. If you are running on Modernisation Platform you can use 'local.environment_management.account_ids[\"observability-platform-production\"]'"
+  validation {
+    condition     = length(var.observability_platform_account_id) == 12
+    error_message = "Account ID must be a 12-digit number (https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html)"
+  }
 }
 
 variable "enable_xray" {