Merge pull request #10 from mineiros-io/soerenmartius/validation

Add validation
mineiros-io · Jan 10, 2022 · 5f6d1d6 · 5f6d1d6
2 parents 69afdd9 + 268dc85
commit 5f6d1d6
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 28 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@ out/
 
 # Local .terraform directories
 **/.terraform/*
+**/.terratest/*
 
 # .tfstate files
 *.tfstate

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,10 +1,13 @@
 repos:
   - repo: https://github.com/mineiros-io/pre-commit-hooks
-    rev: v0.3.0
+    rev: v0.3.1
     hooks:
       - id: terraform-fmt
       - id: terraform-validate
         exclude: ^examples|.terraform/
       - id: tflint
       - id: golangci-lint
       - id: phony-targets
+      - id: markdown-link-check
+        args: ['-p']   # When adding the -p flag, markdown-link-check will always with an exit code 0, even if dead links are found
+        verbose: true  # Forces the output of the hook to be printed even when the hook passes.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.0.3]
+
+### Added
+
+- Add validation to `var.members`
+
 ## [0.0.2]
 
 ### Added
@@ -19,10 +25,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Initial Implementation
 
-<!-- markdown-link-check-disable -->
-
-[unreleased]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/compare/v0.0.2...HEAD
+[unreleased]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/compare/v0.0.3...HEAD
+[0.0.2]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/compare/v0.0.2...v0.0.3
 [0.0.2]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/compare/v0.0.1...v0.0.2
 [0.0.1]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/releases/tag/v0.0.1
-
-<!-- markdown-link-check-disabled -->
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -77,13 +77,8 @@ If everything looks good, they will merge the code and release a new version whi
 
 <!-- References -->
 
-<!-- markdown-link-check-disable -->
-
 [pull requests]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/pulls
 [pre-commit-file]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/blob/main/.pre-commit-config.yaml
-
-<!-- markdown-link-check-enable -->
-
 [github flow]: https://guides.github.com/introduction/flow/
 [codeowners]: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 [fork]: https://help.github.com/en/github/getting-started-with-github/fork-a-repo

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 # Set default shell to bash
 SHELL := /bin/bash -o pipefail
 
-BUILD_TOOLS_VERSION      ?= v0.13.0
+BUILD_TOOLS_VERSION      ?= v0.14.3
 BUILD_TOOLS_DOCKER_REPO  ?= mineiros/build-tools
 BUILD_TOOLS_DOCKER_IMAGE ?= ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION}
 
@@ -59,6 +59,13 @@ ifdef AWS_ACCESS_KEY_ID
   DOCKER_AWS_FLAGS += -e AWS_SESSION_TOKEN
 endif
 
+# If GOOGLE_CREDENTIALS is defined, we are likely running inside a GCP provider
+# module. To enable GCP authentication inside the docker container, we inject
+# the relevant environment variables (service-account key file).
+ifdef GOOGLE_CREDENTIALS
+	DOCKER_GCP_FLAGS += -e GOOGLE_CREDENTIALS
+endif
+
 # If GITHUB_OWNER is defined, we are likely running inside a GitHub provider
 # module. To enable GitHub authentication inside the docker container,
 # we inject the relevant environment variables.
@@ -82,6 +89,24 @@ test/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
 test/pre-commit:
 	$(call docker-run,pre-commit run -a)
 
+## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'.
+.PHONY: test/unit-tests
+test/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
+test/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
+test/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS}
+test/unit-tests: DOCKER_FLAGS += ${DOCKER_GCP_FLAGS}
+test/unit-tests: DOCKER_FLAGS += $(shell env | grep ^TF_VAR_ | cut -d = -f 1 | xargs -i printf ' -e {}')
+test/unit-tests: DOCKER_FLAGS += -e TF_DATA_DIR=.terratest
+test/unit-tests: TEST ?= "TestUnit"
+test/unit-tests:
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
+	$(call go-test,./test -run $(TEST))
+
+## Generate README.md with Terradoc
+.PHONY: terradoc
+terradoc:
+	$(call quiet-command,terradoc -o README.md README.tfdoc.hcl)
+
 ## Clean up cache and temporary files
 .PHONY: clean
 clean:
@@ -105,15 +130,11 @@ help:
 	} \
 	{ lastLine = $$0 }' $(MAKEFILE_LIST)
 
-## Generate README.md with Terradoc
-.PHONY: terradoc
-terradoc:
-	$(call quiet-command,terradoc -o README.md README.tfdoc.hcl)
-
 # Define helper functions
 DOCKER_FLAGS   += ${DOCKER_RUN_FLAGS}
 DOCKER_RUN_CMD  = docker run ${DOCKER_FLAGS} ${BUILD_TOOLS_DOCKER_IMAGE}
 
 quiet-command = $(if ${V},${1},$(if ${2},@echo ${2} && ${1}, @${1}))
 docker-run    = $(call quiet-command,${DOCKER_RUN_CMD} ${1} | cat,"${YELLOW}[DOCKER RUN] ${GREEN}${1}${RESET}")
+go-test       = $(call quiet-command,${DOCKER_RUN_CMD} go test -v -count 1 -timeout 45m -parallel 128 ${1} | cat,"${YELLOW}[TEST] ${GREEN}${1}${RESET}")
 rm-command    = $(call quiet-command,rm -rf ${1},"${YELLOW}[CLEAN] ${GREEN}${1}${RESET}")
diff --git a/examples/README.md b/examples/README.md
@@ -13,24 +13,13 @@ We are sorry, but there are no examples available yet. This is work in progress.
 Feel free to contribute by providing a pull-request adding an example.
 
 <!-- References -->
-<!-- markdown-link-check-disable -->
-
 [example/]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/blob/main/examples/example
-
-<!-- markdown-link-check-enable -->
-
 [homepage]: https://mineiros.io/?ref=terraform-google-cloud-run-iam
 [badge-license]: https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg
 [badge-terraform]: https://img.shields.io/badge/terraform-1.x-623CE4.svg?logo=terraform
 [badge-slack]: https://img.shields.io/badge/slack-@mineiros--community-f32752.svg?logo=slack
 [badge-semver]: https://img.shields.io/github/v/tag/mineiros-io/terraform-google-cloud-run-iam.svg?label=latest&sort=semver
-
-<!-- markdown-link-check-disable -->
-
 [releases-github]: https://github.com/mineiros-io/terraform-google-cloud-run-iam/releases
-
-<!-- markdown-link-check-enable -->
-
 [releases-terraform]: https://github.com/hashicorp/terraform/releases
 [apache20]: https://opensource.org/licenses/Apache-2.0
 [slack]: https://join.slack.com/t/mineiros-community/shared_invite/zt-ehidestg-aLGoIENLVs6tvwJ11w9WGg
diff --git a/variables.tf b/variables.tf
@@ -22,6 +22,11 @@ variable "members" {
   type        = set(string)
   description = "(Optional) Identities that will be granted the privilege in role for. Each entry can have one of the following values: 'allUsers', 'allAuthenticatedUsers', 'serviceAccount:{emailid}', 'user:{emailid}', 'group:{emailid}', 'domain:{domain}', 'projectOwner:projectid', 'projectEditor:projectid', 'projectViewer:projectid'."
   default     = []
+
+  validation {
+    condition     = alltrue([for m in var.members : can(regex("^(allUsers|allAuthenticatedUsers|(user|serviceAccount|group|domain|projectOwner|projectEditor|projectViewer):)", m))])
+    error_message = "The value must be a non-empty list of strings where each entry is a valid principal type identified with `allUsers`, `allAuthenticatedUsers` or prefixed with `user:`, `serviceAccount:`, `group:`, `domain:`, `projectOwner:`, `projectEditor:` or `projectViewer:`."
+  }
 }
 
 variable "role" {