Merge pull request #49 from oozou/terraform-test

chore: add terraform test

Author: lycbrian

.github/workflows/code-scan.yml

@@ -0,0 +1,29 @@
+name: Test Module
+
+on:
+  pull_request:
+    paths:
+      - '*.tf'
+      - 'tests/**'
+      - 'examples/terraform-test/**'
+      - '.github/workflows/terraform-test.yaml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: write
+  id-token: write
+  
+jobs:
+  test:
+    name: Run Terraform Tests
+    uses: oozou/.github/.github/workflows/terraform-test.yml@main
+    secrets: inherit
+    with:
+      aws_region: 'ap-southeast-1'
+      tf_version: '1.9.8'
+      go_version: '1.21'
+      test_example_path: 'examples/terraform-test'
+      timeout_minutes: 60
+      module_name: 'AWS ECS Service'
+      iam_oidc_role: 'arn:aws:iam::562563527952:role/oozou-internal-devops-github-action-oidc-role' # oozou internal account

.github/workflows/terraform-test.yaml

@@ -18,6 +18,9 @@ example/
 crash.log
 crash.*.log
 
+# report
+tests/test-report*
+
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version
 # control as they are data points which are potentially sensitive and subject

.gitignore

@@ -0,0 +1,43 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0, < 5.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_api_service"></a> [api\_service](#module\_api\_service) | ../.. | n/a |
+| <a name="module_fargate_cluster"></a> [fargate\_cluster](#module\_fargate\_cluster) | oozou/ecs-fargate-cluster/aws | 1.0.7 |
+| <a name="module_payment_service"></a> [payment\_service](#module\_payment\_service) | ../.. | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | oozou/vpc/aws | 1.2.4 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys. | `map(string)` | `{}` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | [Required] Name prefix used for resource naming in this component | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | [Required] Name of Platfrom or application | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | [Required] Name prefix used for resource naming in this component | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/terraform-test/README.md

@@ -0,0 +1,181 @@
+/* -------------------------------------------------------------------------- */
+/*                                   Data                                     */
+/* -------------------------------------------------------------------------- */
+data "aws_caller_identity" "this" {}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+/* -------------------------------------------------------------------------- */
+/*                                     VPC                                    */
+/* -------------------------------------------------------------------------- */
+module "vpc" {
+  source       = "oozou/vpc/aws"
+  version      = "1.2.5"
+  prefix       = var.prefix
+  environment  = var.environment
+  account_mode = "spoke"
+
+  cidr              = "10.0.0.0/16"
+  public_subnets    = ["10.0.1.0/24", "10.0.2.0/24"]
+  private_subnets   = ["10.0.3.0/24", "10.0.4.0/24"]
+  availability_zone = slice(data.aws_availability_zones.available.names, 0, 2)
+
+  is_create_nat_gateway             = true
+  is_enable_single_nat_gateway      = true
+  is_enable_dns_hostnames           = true
+  is_enable_dns_support             = true
+  is_create_flow_log                = false
+  is_enable_flow_log_s3_integration = false
+
+  tags = var.custom_tags
+}
+
+/* -------------------------------------------------------------------------- */
+/*                                     ACM                                    */
+/* -------------------------------------------------------------------------- */
+module "acm" {
+  source  = "oozou/acm/aws"
+  version = "1.0.4"
+
+  acms_domain_name = {
+    cms = {
+      domain_name = "terraform-test.devops.team.oozou.com"
+    }
+  }
+  route53_zone_name        = "devops.team.oozou.com"
+  is_automatic_verify_acms = true
+}
+
+
+/* -------------------------------------------------------------------------- */
+/*                               Fargate Cluster                              */
+/* -------------------------------------------------------------------------- */
+module "fargate_cluster" {
+  source  = "oozou/ecs-fargate-cluster/aws"
+  version = "1.1.0"
+  # Generics
+  prefix      = var.prefix
+  environment = var.environment
+  name        = var.name
+
+  # IAM Role
+  ## If is_create_role is false, all of folowing argument is ignored
+  is_create_role                 = true
+  allow_access_from_principals   = ["arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"]
+  additional_managed_policy_arns = []
+
+  # VPC Information
+  vpc_id = module.vpc.vpc_id
+
+  # ALB
+  is_create_alb                  = true
+  is_public_alb                  = true
+  enable_deletion_protection     = false
+  alb_listener_port              = 443
+  is_ignore_unsecured_connection = true
+  public_subnet_ids              = module.vpc.public_subnet_ids
+  is_create_alb_dns_record       = true
+  alb_certificate_arn            = module.acm.certificate_arns["cms"]
+  route53_hosted_zone_name       = "devops.team.oozou.com"
+  fully_qualified_domain_name    = "terraform-test.devops.team.oozou.com"
+
+
+  tags = var.custom_tags
+}
+
+/* -------------------------------------------------------------------------- */
+/*                                   Service                                  */
+/* -------------------------------------------------------------------------- */
+module "api_service" {
+  source = "../.."
+
+  prefix      = var.prefix
+  environment = var.environment
+  name        = format("%s-api-service", var.name)
+
+  # ECS service
+  task_cpu                    = 1024
+  task_memory                 = 2048
+  ecs_cluster_name            = module.fargate_cluster.ecs_cluster_name
+  service_discovery_namespace = module.fargate_cluster.service_discovery_namespace
+  is_enable_execute_command   = true
+  application_subnet_ids      = module.vpc.private_subnet_ids
+  security_groups = [
+    module.fargate_cluster.ecs_task_security_group_id
+  ]
+  additional_ecs_task_role_policy_arns = [
+    "arn:aws:iam::aws:policy/AmazonSSMFullAccess"
+  ]
+
+  # ALB
+  alb_listener_arn = module.fargate_cluster.alb_listener_http_arn
+  alb_host_header  = null
+  alb_paths        = ["/*"]
+  alb_priority     = "100"
+  vpc_id           = module.vpc.vpc_id
+  health_check = {
+    interval            = 20,
+    path                = "/",
+    timeout             = 10,
+    healthy_threshold   = 3,
+    unhealthy_threshold = 3,
+    matcher             = "200,201,204"
+  }
+
+  is_create_cloudwatch_log_group = true
+
+  container = {
+    main_container = {
+      name            = format("%s-%s-%s-api-service", var.prefix, var.environment, var.name)
+      image           = "nginx"
+      cpu             = 128
+      memory          = 256
+      is_attach_to_lb = true
+      port_mappings = [
+        {
+          # If a container has multiple ports, index 0 will be used for target group
+          host_port      = 80
+          container_port = 80
+          protocol       = "tcp"
+        }
+      ]
+      entry_point = []
+      command     = []
+    }
+  }
+  environment_variables = {
+    main_container = {
+      THIS_IS_ENV  = "ENV1",
+      THIS_IS_ENVV = "ENVV",
+    }
+    side_container = {
+      XXXX  = "XXXX",
+      XXXXX = "XXXXX",
+    }
+  }
+  secret_variables = {
+    main_container = {
+      THIS_IS_SECRET  = "1xxxxx",
+      THIS_IS_SECRETT = "2xxxxx",
+    }
+  }
+
+  target_tracking_configuration = {
+    policy_type = "TargetTrackingScaling"
+    name        = "cpu-average"
+    capacity = {
+      min_capacity = 1
+      max_capacity = 10
+    }
+    scaling_behaviors = {
+      predefined_metric_type = "ECSServiceAverageCPUUtilization"
+      target_value           = 60
+      scale_in_cooldown      = 180
+      scale_out_cooldown     = 60
+    }
+  }
+
+  tags = var.custom_tags
+}

examples/terraform-test/main.tf

@@ -0,0 +1,72 @@
+# VPC outputs
+output "vpc_id" {
+  description = "VPC ID"
+  value       = module.vpc.vpc_id
+}
+
+# ECS Cluster outputs
+output "ecs_cluster_name" {
+  description = "ECS Cluster name"
+  value       = module.fargate_cluster.ecs_cluster_name
+}
+
+output "ecs_cluster_arn" {
+  description = "ECS Cluster ARN"
+  value       = module.fargate_cluster.ecs_cluster_arn
+}
+
+output "alb_dns_name" {
+  description = "ALB DNS name"
+  value       = module.fargate_cluster.alb_dns_name
+}
+
+output "alb_arn" {
+  description = "ALB ARN"
+  value       = module.fargate_cluster.alb_arn
+}
+
+output "alb_listener_http_arn" {
+  description = "ALB HTTP listener ARN"
+  value       = module.fargate_cluster.alb_listener_http_arn
+}
+
+# ECS Service outputs
+output "service_name" {
+  description = "ECS Service name"
+  value       = module.api_service.service_name
+}
+
+output "service_arn" {
+  description = "ECS Service ARN"
+  value       = module.api_service.service_arn
+}
+
+output "task_definition_arn" {
+  description = "ECS Task Definition ARN"
+  value       = module.api_service.task_definition_arn
+}
+
+output "target_group_arn" {
+  description = "Target Group ARN"
+  value       = module.api_service.target_group_arn
+}
+
+output "target_group_id" {
+  description = "Target Group ID"
+  value       = module.api_service.target_group_id
+}
+
+output "task_role_arn" {
+  description = "ECS Task role ARN"
+  value       = module.api_service.task_role_arn
+}
+
+output "task_execution_role_arn" {
+  description = "ECS Task execution role ARN"
+  value       = module.api_service.task_execution_role_arn
+}
+
+output "cloudwatch_log_group_name" {
+  description = "CloudWatch log group name"
+  value       = module.api_service.cloudwatch_log_group_name
+}

examples/terraform-test/outputs.tf

@@ -0,0 +1,6 @@
+prefix      = "oozou"
+environment = "devops"
+name        = "demo"
+custom_tags = {
+  "Remark" = "terraform-aws-ecs-service"
+}

examples/terraform-test/terraform.auto.tfvars

@@ -0,0 +1,20 @@
+variable "name" {
+  description = "[Required] Name of Platfrom or application"
+  type        = string
+}
+
+variable "prefix" {
+  description = "[Required] Name prefix used for resource naming in this component"
+  type        = string
+}
+
+variable "environment" {
+  description = "[Required] Name prefix used for resource naming in this component"
+  type        = string
+}
+
+variable "custom_tags" {
+  description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys."
+  type        = map(string)
+  default     = {}
+}