fix(tests): adding tests

.github/CODEOWNERS

@@ -0,0 +1 @@
+*  @playgroundtech/owners

.github/workflows/pr.yaml

@@ -16,7 +16,7 @@ jobs:
       - name: Update Repo
         run: brew update
       - name: Install Deps
-        run: brew install pre-commit git-secrets tflint terraform-docs terraform || true
+        run: brew install pre-commit gitleaks tflint tfsec terraform-docs terraform || true
       - name: Terraform init
         run: terraform init
       - name: Check Pre Commit

.github/workflows/terratest.yaml

@@ -0,0 +1,52 @@
+jobs:
+  terratest:
+    name: terratest
+    runs-on: "ubuntu-latest"
+    defaults:
+      run:
+        working-directory: tests
+
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      # Install and set up LocalStack
+      - name: Start LocalStack
+        run: |
+          pip install localstack                    # install LocalStack cli
+          docker pull localstack/localstack         # Make sure to pull the latest version of the image
+          localstack start -d                       # Start LocalStack in the background
+
+          echo "Waiting for LocalStack startup..."  # Wait 30 seconds for the LocalStack container
+          localstack wait -t 30                     # to become ready before timing out 
+          echo "Startup complete"
+
+      # Install the latest version of Terraform CLI
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+
+      # Install and set up Golang
+      - name: Set Up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19.x
+
+      # Get all golang dependencies
+      - name: Get dependencies
+        run: go mod tidy
+
+      # Run terratest
+      - name: Run Terratest
+        run: go test -v -timeout 90m
+
+name: "terratest"
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths-ignore:
+      - "**.md"

.pre-commit-config.yaml

@@ -1,10 +1,11 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.77.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
       - id: terraform_docs
+      - id: terraform_tfsec
       - id: terraform_tflint
         args:
           - '--args=--only=terraform_deprecated_interpolation'
@@ -21,14 +22,11 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.3.0
     hooks:
+      - id: check-yaml
+      - id: check-json
       - id: check-merge-conflict
       - id: end-of-file-fixer
-  - repo: https://github.com/awslabs/git-secrets
-    rev: b9e96b3212fa06aea65964ff0d5cda84ce935f38 #SHA for v1.3.0
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.16.0
     hooks:
-      - id: git-secrets
-        entry: git-secrets --scan
-        files: .
-        args:
-          - '--register-aws'
-          - '--untracked'
+      - id: gitleaks

examples/module_test.go → tests/module_test.go

@@ -5,38 +5,53 @@ package test
 
 import (
 	"fmt"
+	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
 func TestSimple(t *testing.T) {
-	// Create a random unique ID for the VPC
+	// Create a random unique ID for the role name
 	randomId := random.UniqueId()
-	workingDir := "../examples/simple"
+	roleName := fmt.Sprintf("terratest-%v", randomId)
+	workingDir := "../tests/simple"
 
+	// Randomize the region
+	region := aws.GetRandomRegion(t, []string{"eu-north-1", "us-east-1"}, nil)
+
+	// Terraform destroy
 	defer test_structure.RunTestStage(t, "destroy", func() {
 		terraformOptions := test_structure.LoadTerraformOptions(t, workingDir)
 		terraform.Destroy(t, terraformOptions)
 		// clean up saved options
 		test_structure.CleanupTestDataFolder(t, workingDir)
 	})
 
+	// Terraform init and apply
 	test_structure.RunTestStage(t, "init", func() {
 		terraformOptions := &terraform.Options{
 			TerraformDir: workingDir,
+			EnvVars: map[string]string{
+				"AWS_DEFAULT_REGION": region,
+			},
 
 			Vars: map[string]interface{}{
-				"role_name": fmt.Sprintf("terratest-%v", randomId),
+				"role_name": roleName,
 			},
 		}
 		test_structure.SaveTerraformOptions(t, workingDir, terraformOptions)
 		terraform.InitAndApply(t, terraformOptions)
 	})
 
+	// Tun tests
 	test_structure.RunTestStage(t, "tests", func() {
 		terraformOptions := test_structure.LoadTerraformOptions(t, workingDir)
 		terraform.ApplyAndIdempotent(t, terraformOptions)
+
+		outputRoleName := terraform.Output(t, terraformOptions, "role_name")
+		assert.Equal(t, roleName, outputRoleName, "role_name should be equal")
 	})
 }

examples/simple/main.tf → tests/simple/main.tf

@@ -1,7 +1,3 @@
-provider "aws" {
-  region = "eu-north-1"
-}
-
 data "aws_iam_policy" "view_only" {
   name = "ViewOnlyAccess"
 }

tests/simple/outputs.tf

@@ -0,0 +1,9 @@
+output "openid_connect_provider" {
+  description = "AWS OpenID Connected identity provider."
+  value       = module.aws_github_actions_oidc.openid_connect_provider
+}
+
+output "role_name" {
+  description = "AWS Role created"
+  value       = module.aws_github_actions_oidc.role.name
+}

tests/simple/provider.tf

@@ -0,0 +1,11 @@
+provider "aws" {
+  access_key                  = "test"
+  secret_key                  = "test"
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    iam = "http://localhost:4566"
+  }
+}