Add enabled check to data source (#45)

Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
cloudposse · Apr 22, 2022 · ea635c3 · ea635c3
1 parent d86dbaf
commit ea635c3
Show file tree

Hide file tree

Showing 10 changed files with 1,496 additions and 48 deletions.
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
@@ -1,5 +1,3 @@
-enabled = true
-
 region = "us-east-2"
 
 namespace = "eg"

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -1,10 +1,14 @@
+locals {
+  enabled = module.this.enabled
+}
+
 provider "aws" {
   region = var.region
 }
 
 module "kms_key" {
   source  = "cloudposse/kms-key/aws"
-  version = "0.7.0"
+  version = "0.12.1"
 
   description             = "Test KMS key"
   deletion_window_in_days = 7
@@ -14,8 +18,9 @@ module "kms_key" {
 }
 
 module "bucket" {
+  # any version greater than 0.47.0 will require the root module to have required_version >= 1.0 in its versions.tf
   source  = "cloudposse/s3-bucket/aws"
-  version = "0.22.0"
+  version = "0.47.0"
 
   user_enabled                 = false
   versioning_enabled           = false
@@ -28,6 +33,8 @@ module "bucket" {
 }
 
 data "aws_iam_policy_document" "resource_full_access" {
+  count = local.enabled ? 1 : 0
+
   statement {
     sid       = "FullAccess"
     effect    = "Allow"
@@ -47,6 +54,8 @@ data "aws_iam_policy_document" "resource_full_access" {
 }
 
 data "aws_iam_policy_document" "base" {
+  count = local.enabled ? 1 : 0
+
   statement {
     sid    = "BaseAccess"
     effect = "Allow"
@@ -69,8 +78,8 @@ module "role" {
   use_fullname = var.use_fullname
 
   policy_documents = [
-    data.aws_iam_policy_document.resource_full_access.json,
-    data.aws_iam_policy_document.base.json
+    join("", data.aws_iam_policy_document.resource_full_access.*.json),
+    join("", data.aws_iam_policy_document.base.*.json),
   ]
 
   policy_document_count = 2

diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -4,10 +4,6 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0, < 4.0"
-    }
-    null = {
-      source  = "hashicorp/null"
       version = ">= 2.0"
     }
   }

diff --git a/main.tf b/main.tf
@@ -1,5 +1,5 @@
 data "aws_iam_policy_document" "assume_role" {
-  count = length(keys(var.principals))
+  count = module.this.enabled ? length(keys(var.principals)) : 0
 
   statement {
     effect  = "Allow"

diff --git a/test/Makefile b/test/Makefile
@@ -33,11 +33,11 @@ clean:
 all: module examples/complete
 
 ## Run basic sanity checks against the module itself
-module: export TESTS ?= installed lint get-modules module-pinning get-plugins provider-pinning validate terraform-docs input-descriptions output-descriptions
+module: export TESTS ?= installed lint module-pinning provider-pinning validate terraform-docs input-descriptions output-descriptions
 module: deps
 	$(call RUN_TESTS, ../)
 
 ## Run tests against example
-examples/complete: export TESTS ?= installed lint get-modules get-plugins validate
+examples/complete: export TESTS ?= installed lint validate
 examples/complete: deps
 	$(call RUN_TESTS, ../$@)
diff --git a/test/src/Makefile b/test/src/Makefile
@@ -1,5 +1,4 @@
-export TF_CLI_ARGS_init ?= -get-plugins=true
-export TERRAFORM_VERSION ?= $(shell curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version' | cut -d. -f1-2)
+export TERRAFORM_VERSION ?= $(shell curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version' | cut -d. -f1)
 
 .DEFAULT_GOAL : all
 
@@ -16,7 +15,7 @@ init:
 ## Run tests
 test: init
 	go mod download
-	go test -v -timeout 60m -run TestExamplesComplete
+	go test -v -timeout 15m -run TestExamplesComplete
 
 ## Run tests in docker container
 docker/test:
@@ -27,4 +26,4 @@ docker/test:
 .PHONY : clean
 ## Clean up files
 clean:
-	rm -rf ../../examples/complete/*.tfstate*
+	rm -rf $(TF_DATA_DIR) ../../examples/complete/*.tfstate*
diff --git a/test/src/common.go b/test/src/common.go
@@ -0,0 +1,39 @@
+package test
+
+import (
+	"math/rand"
+	"strconv"
+	"testing"
+	"time"
+	"strings"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+func testNoChanges(t *testing.T, terraformDir string) {
+	rand.Seed(time.Now().UnixNano())
+	randID := strconv.Itoa(rand.Intn(100000))
+	attributes := []string{randID}
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		// The path to where our Terraform code is located
+		TerraformDir: terraformDir,
+		Upgrade:      true,
+		// Variables to pass to our Terraform code using -var-file options
+		VarFiles: []string{"fixtures.us-east-2.tfvars"},
+		// We always include a random attribute so that parallel tests
+		// and AWS resources do not interfere with each other
+		Vars: map[string]interface{}{
+			"enabled":    false,
+			"attributes": attributes,
+		},
+	})
+
+	terraform.Init(t, terraformOptions)
+	plan := terraform.Plan(t, terraformOptions)
+	planContainsNoChanges := strings.Contains(plan, "No changes.") || strings.Contains(plan, "0 to add, 0 to change, 0 to destroy.")
+
+	assert.True(t, planContainsNoChanges)
+}
+
diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go
@@ -59,3 +59,8 @@ func TestExamplesComplete(t *testing.T) {
 	// Verify we're getting back the outputs we expect
 	assert.Equal(t, expectedroleName, roleName)
 }
+
+// Test the Terraform module in examples/complete doesn't attempt to create resources with enabled=false.
+func TestExamplesCompleteDisabled(t *testing.T) {
+	testNoChanges(t, "../../examples/complete")
+}
diff --git a/test/src/go.mod b/test/src/go.mod
@@ -1,14 +1,25 @@
-module github.com/cloudposse/terraform-aws-elasticache-redis
+module github.com/cloudposse/terraform-aws-iam-role
 
-go 1.14
+go 1.16
 
 require (
-	github.com/aws/aws-sdk-go v1.34.6 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/uuid v1.1.1 // indirect
-	github.com/gruntwork-io/terratest v0.16.0
-	github.com/pquerna/otp v1.2.0 // indirect
-	github.com/stretchr/testify v1.5.1
-	golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f // indirect
-	golang.org/x/sys v0.0.0-20190527104216-9cd6430ef91e // indirect
+	cloud.google.com/go v0.101.0 // indirect
+	cloud.google.com/go/compute v1.6.1 // indirect
+	github.com/aws/aws-sdk-go v1.43.44 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/gruntwork-io/terratest v0.40.7
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-getter v1.5.11 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-version v1.4.0 // indirect
+	github.com/jinzhu/copier v0.3.5 // indirect
+	github.com/klauspost/compress v1.15.1 // indirect
+	github.com/mattn/go-zglob v0.0.3 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/stretchr/testify v1.7.1
+	github.com/tmccombs/hcl2json v0.3.4 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 // indirect
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
 )