test(module): really test the generated access key
All checks were successful
main / test (push) Successful in 1m21s
All checks were successful
main / test (push) Successful in 1m21s
This commit is contained in:
parent
00ee290f29
commit
c7927f49eb
GPG key ID:
F92E51B86E07177E
5 changed files with 63 additions and 6 deletions
|
|
@ -5,11 +5,10 @@ provider "aws" {
|
||||||
|
|
||||||
run "main" {
|
run "main" {
|
||||||
assert {
|
assert {
|
||||||
condition = output.access_key_id != null
|
condition = data.external.main.result.Arn == local.expected_arn
|
||||||
error_message = "invalid IAM access key ID"
|
error_message = "user ARN mismatch"
|
||||||
|
}
|
||||||
|
module {
|
||||||
|
source = "./test"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variables {
|
|
||||||
name = "tftest-user"
|
|
||||||
}
|
|
||||||
|
|
|
||||||
4
test/aws_config.tftpl
Normal file
4
test/aws_config.tftpl
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
[default]
|
||||||
|
aws_access_key_id = ${aws_access_key_id}
|
||||||
|
aws_secret_access_key = ${aws_access_key_secret}
|
||||||
|
region = eu-west-3
|
||||||
31
test/main.tf
Normal file
31
test/main.tf
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
module "main" {
|
||||||
|
source = "../"
|
||||||
|
|
||||||
|
name = "tftest-user"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_caller_identity" "current" {}
|
||||||
|
|
||||||
|
# tflint-ignore: terraform_unused_declarations
|
||||||
|
data "external" "main" {
|
||||||
|
program = ["${path.module}/test.sh"]
|
||||||
|
|
||||||
|
depends_on = [local_file.aws_config]
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
# tflint-ignore: terraform_unused_declarations
|
||||||
|
expected_arn = format(
|
||||||
|
"arn:aws:iam::%s:user/tftest-user",
|
||||||
|
data.aws_caller_identity.current.account_id,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "local_file" "aws_config" {
|
||||||
|
filename = "${path.module}/aws_config"
|
||||||
|
file_permission = "0600"
|
||||||
|
content = templatefile("${path.module}/aws_config.tftpl", {
|
||||||
|
aws_access_key_id = module.main.access_key_id
|
||||||
|
aws_access_key_secret = module.main.access_key_secret
|
||||||
|
})
|
||||||
|
}
|
||||||
15
test/providers.tf
Normal file
15
test/providers.tf
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
}
|
||||||
|
external = {
|
||||||
|
source = "hashicorp/external"
|
||||||
|
version = "2.3.4"
|
||||||
|
}
|
||||||
|
local = {
|
||||||
|
source = "hashicorp/local"
|
||||||
|
version = "2.5.2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
8
test/test.sh
Executable file
8
test/test.sh
Executable file
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Wait a bit for the ACCESS KEY to be usable on AWS
|
||||||
|
sleep 10
|
||||||
|
|
||||||
|
export AWS_CONFIG_FILE="${PWD}/test/aws_config"
|
||||||
|
aws sts get-caller-identity
|
||||||
Loading…
Add table
Add a link
Reference in a new issue