Add component tests (#19)

* Added tests

* Update test/component_test.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Fix ssm parameter path collisition

* Fix verify test

* Fix verify test

* Added github provider

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: goruha

src/notifications.tf

@@ -219,22 +219,22 @@ locals {
       if key != "ssm_path_prefix" && key != "webhook"
     },
     {
-      for key, value in coalesce(local.notifications_notifiers.webhook, {}) :
+      for key, value in try(local.notifications_notifiers.webhook, {}) :
       format("webhook_%s", key) =>
       { for param_name, param_value in value : param_name => param_value if param_value != null }
     }
   )
 
   ## Get paths to read configs for each notifier service
-  notifications_notifiers_ssm_path = merge(
+  notifications_notifiers_ssm_path = local.enabled ? merge(
     {
       for key, value in local.notifications_notifiers_variables :
       key => format("%s/%s/", local.notifications_notifiers.ssm_path_prefix, key)
     },
     {
       common = format("%s/common/", local.notifications_notifiers.ssm_path_prefix)
     },
-  )
+  ) : {}
 
   ## Read SSM secrets into object for each notifier service
   notifications_notifiers_ssm_configs = {

src/provider-github.tf

@@ -43,14 +43,12 @@ variable "ssm_github_app_private_key" {
 }
 
 locals {
-  github_token = local.create_github_webhook ? (
-    var.github_app_enabled ? null : coalesce(var.github_token_override, try(data.aws_ssm_parameter.github_api_key[0].value, null))
-  ) : ""
+  github_token = var.github_app_enabled ? null : coalesce(var.github_token_override, try(data.aws_ssm_parameter.github_api_key[0].value, null))
 }
 
 # SSM Parameter for PAT Authentication
 data "aws_ssm_parameter" "github_api_key" {
-  count           = local.create_github_webhook && !var.github_app_enabled ? 1 : 0
+  count           = !var.github_app_enabled ? 1 : 0
   name            = var.ssm_github_api_key
   with_decryption = true
 }
@@ -64,9 +62,9 @@ data "aws_ssm_parameter" "github_app_private_key" {
 
 # We will only need the github provider if we are creating the GitHub webhook with github_repository_webhook.
 provider "github" {
-  base_url = local.create_github_webhook ? var.github_base_url : null
-  owner    = local.create_github_webhook ? var.github_organization : null
-  token    = local.create_github_webhook ? local.github_token : null
+  base_url = var.github_base_url
+  owner    = var.github_organization
+  token    = local.github_token
 
   dynamic "app_auth" {
     for_each = local.create_github_webhook && var.github_app_enabled ? [1] : []

src/provider-helm.tf

@@ -133,9 +133,8 @@ locals {
     "--profile", var.kube_exec_auth_aws_profile
   ] : []
 
-  kube_exec_auth_role_arn = coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   exec_role = local.kube_exec_auth_enabled && var.kube_exec_auth_role_arn_enabled ? [
-    "--role-arn", local.kube_exec_auth_role_arn
+    "--role-arn", coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   ] : []
 
   # Provide dummy configuration for the case where the EKS cluster is not available.

src/remote-state.tf

@@ -1,6 +1,6 @@
 module "eks" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component = var.eks_component_name
 
@@ -9,7 +9,7 @@ module "eks" {
 
 module "dns_gbl_delegated" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   environment = "gbl"
   component   = "dns-delegated"
@@ -20,7 +20,7 @@ module "dns_gbl_delegated" {
 module "saml_sso_providers" {
   for_each = local.enabled ? var.saml_sso_providers : {}
   source   = "cloudposse/stack-config/yaml//modules/remote-state"
-  version  = "1.5.0"
+  version  = "1.8.0"
 
   component   = each.value.component
   environment = each.value.environment
@@ -32,7 +32,7 @@ module "argocd_repo" {
   for_each = local.enabled ? var.argocd_repositories : {}
 
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component   = each.key
   environment = each.value.environment

test/.gitignore

@@ -0,0 +1,5 @@
+state/
+.cache
+test/test-suite.json
+.atmos
+test_suite.yaml

test/component_test.go

@@ -0,0 +1,130 @@
+package test
+
+import (
+	"testing"
+	"fmt"
+	"strings"
+	"os"
+	helper "github.com/cloudposse/test-helpers/pkg/atmos/component-helper"
+	// "github.com/cloudposse/test-helpers/pkg/atmos"
+	awsTerratest "github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/stretchr/testify/assert"
+	"github.com/gruntwork-io/terratest/modules/random"
+)
+
+type ComponentSuite struct {
+	helper.TestSuite
+
+	githubOrg string
+	githubToken string
+	randomID string
+	awsRegion string
+}
+
+func (s *ComponentSuite) TestEnabledFlag() {
+	const component = "eks/argocd/disabled"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	randomID := strings.ToLower(random.UniqueId())
+	namespace := fmt.Sprintf("argocd-%s", randomID)
+
+	secretPath := fmt.Sprintf("/argocd/%s/github/api_key", randomID)
+	defer func() {
+		awsTerratest.DeleteParameter(s.T(), awsRegion, secretPath)
+	}()
+	awsTerratest.PutParameter(s.T(), s.awsRegion, secretPath, "Github API Key", s.githubToken)
+
+	inputs := map[string]interface{}{
+		"kubernetes_namespace": namespace,
+		"ssm_github_api_key": secretPath,
+	}
+
+	s.VerifyEnabledFlag(component, stack, &inputs)
+}
+
+func (s *ComponentSuite) TestBasic() {
+	const component = "eks/argocd/basic"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	randomID := strings.ToLower(random.UniqueId())
+	namespace := fmt.Sprintf("argocd-%s", randomID)
+
+	secretPath := fmt.Sprintf("/argocd/%s/github/api_key", randomID)
+	defer func() {
+		awsTerratest.DeleteParameter(s.T(), awsRegion, secretPath)
+	}()
+	awsTerratest.PutParameter(s.T(), s.awsRegion, secretPath, "Github API Key", s.githubToken)
+
+	inputs := map[string]interface{}{
+		"kubernetes_namespace": namespace,
+		"ssm_github_api_key": secretPath,
+	}
+
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NotNil(s.T(), options)
+
+	options, _ = s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NotNil(s.T(), options)
+
+	s.DriftTest(component, stack, &inputs)
+}
+
+func (s *ComponentSuite) SetupSuite() {
+	s.TestSuite.InitConfig()
+	s.TestSuite.Config.ComponentDestDir = "components/terraform/eks/argocd"
+
+	s.githubOrg = "cloudposse-tests"
+    s.githubOrg = "cloudposse-tests"
+    s.githubToken = os.Getenv("GITHUB_TOKEN")
+    if s.githubToken == "" {
+        s.T().Fatal("GITHUB_TOKEN environment variable must be set")
+    }
+    s.randomID = strings.ToLower(random.UniqueId())
+    s.awsRegion = "us-east-2"
+
+	if !s.Config.SkipDeployDependencies {
+		deployKeyPath := fmt.Sprintf("/argocd/deploy_keys/%s/%s", s.randomID, "%s")
+		repoName := fmt.Sprintf("argocd-github-repo-%s", s.randomID)
+		secretPath := fmt.Sprintf("/argocd/%s/github/api_key", s.randomID)
+		awsTerratest.PutParameter(s.T(), s.awsRegion, secretPath, "Github API Key", s.githubToken)
+
+		inputs := map[string]interface{}{
+			"ssm_github_deploy_key_format": deployKeyPath,
+			"ssm_github_api_key": secretPath,
+			"name": repoName,
+			"github_organization": s.githubOrg,
+		}
+		s.AddDependency(s.T(), "argocd-github-repo", "default-test", &inputs)
+	}
+
+	s.TestSuite.SetupSuite()
+}
+
+func (s *ComponentSuite) TearDownSuite() {
+	s.TestSuite.TearDownSuite()
+	if !s.Config.SkipDestroyDependencies {
+		secretPath := fmt.Sprintf("/argocd/%s/github/api_key", s.randomID)
+		awsTerratest.DeleteParameter(s.T(), s.awsRegion, secretPath)
+	}
+}
+
+func TestRunSuite(t *testing.T) {
+	suite := new(ComponentSuite)
+	suite.AddDependency(t, "vpc", "default-test", nil)
+	suite.AddDependency(t, "eks/cluster", "default-test", nil)
+
+	subdomain := strings.ToLower(random.UniqueId())
+	inputs := map[string]interface{}{
+		"zone_config": []map[string]interface{}{
+			{
+				"subdomain": subdomain,
+				"zone_name": "components.cptest.test-automation.app",
+			},
+		},
+	}
+	suite.AddDependency(t, "dns-delegated", "default-test", &inputs)
+	helper.Run(t, suite)
+}

test/fixtures/atmos.yaml

@@ -0,0 +1,77 @@
+# CLI config is loaded from the following locations (from lowest to highest priority):
+# system dir (`/usr/local/etc/atmos` on Linux, `%LOCALAPPDATA%/atmos` on Windows)
+# home dir (~/.atmos)
+# current directory
+# ENV vars
+# Command-line arguments
+#
+# It supports POSIX-style Globs for file names/paths (double-star `**` is supported)
+# https://en.wikipedia.org/wiki/Glob_(programming)
+
+# Base path for components, stacks and workflows configurations.
+# Can also be set using `ATMOS_BASE_PATH` ENV var, or `--base-path` command-line argument.
+# Supports both absolute and relative paths.
+# If not provided or is an empty string, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are independent settings (supporting both absolute and relative paths).
+# If `base_path` is provided, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are considered paths relative to `base_path`.
+base_path: ""
+
+components:
+  terraform:
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_BASE_PATH` ENV var, or `--terraform-dir` command-line argument
+    # Supports both absolute and relative paths
+    base_path: "components/terraform"
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE` ENV var
+    apply_auto_approve: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT` ENV var, or `--deploy-run-init` command-line argument
+    deploy_run_init: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE` ENV var, or `--init-run-reconfigure` command-line argument
+    init_run_reconfigure: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE` ENV var, or `--auto-generate-backend-file` command-line argument
+    auto_generate_backend_file: true
+
+stacks:
+  # Can also be set using `ATMOS_STACKS_BASE_PATH` ENV var, or `--config-dir` and `--stacks-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks"
+  # Can also be set using `ATMOS_STACKS_INCLUDED_PATHS` ENV var (comma-separated values string)
+  # Since we are distinguishing stacks based on namespace, and namespace is not part
+  # of the stack name, we have to set `included_paths` via the ENV var in the Dockerfile
+  included_paths:
+    - "orgs/**/*"
+
+  # Can also be set using `ATMOS_STACKS_EXCLUDED_PATHS` ENV var (comma-separated values string)
+  excluded_paths:
+    - "**/_defaults.yaml"
+
+  # Can also be set using `ATMOS_STACKS_NAME_PATTERN` ENV var
+  name_pattern: "{tenant}-{stage}"
+
+workflows:
+  # Can also be set using `ATMOS_WORKFLOWS_BASE_PATH` ENV var, or `--workflows-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks/workflows"
+
+# https://github.com/cloudposse/atmos/releases/tag/v1.33.0
+logs:
+  file: "/dev/stdout"
+  # Supported log levels: Trace, Debug, Info, Warning, Off
+  level: Info
+
+settings:
+  # Can also be set using 'ATMOS_SETTINGS_LIST_MERGE_STRATEGY' environment variable, or '--settings-list-merge-strategy' command-line argument
+  list_merge_strategy: replace
+
+# `Go` templates in Atmos manifests
+# https://atmos.tools/core-concepts/stacks/templating
+# https://pkg.go.dev/text/template
+templates:
+  settings:
+    enabled: true
+    # https://masterminds.github.io/sprig
+    sprig:
+      enabled: true
+    # https://docs.gomplate.ca
+    gomplate:
+      enabled: true

test/fixtures/stacks/catalog/account-map.yaml

@@ -0,0 +1,46 @@
+components:
+  terraform:
+    account-map:
+      metadata:
+        terraform_workspace: core-gbl-root
+      vars:
+        tenant: core
+        environment: gbl
+        stage: root
+
+#      This remote state is only for Cloud Posse internal use.
+#      It references the Cloud Posse test organizations actual infrastructure.
+#      remote_state_backend:
+#        s3:
+#          bucket: cptest-core-ue2-root-tfstate-core
+#          dynamodb_table: cptest-core-ue2-root-tfstate-core-lock
+#          role_arn: arn:aws:iam::822777368227:role/cptest-core-gbl-root-tfstate-core-ro
+#          encrypt: true
+#          key: terraform.tfstate
+#          acl: bucket-owner-full-control
+#          region: us-east-2
+
+      remote_state_backend_type: static
+      remote_state_backend:
+        # This static backend is used for tests that only need to use the account map iam-roles module
+        # to find the role to assume for Terraform operations. It is configured to use whatever
+        # the current user's role is, but the environment variable `TEST_ACCOUNT_ID` must be set to
+        # the account ID of the account that the user is currently assuming a role in.
+        #
+        # For some components, this backend is missing important data, and those components
+        # will need that data added to the backend configuration in order to work properly.
+        static:
+          account_info_map: {}
+          all_accounts: []
+          aws_partition: aws
+          full_account_map: {}
+          iam_role_arn_templates: {}
+          non_eks_accounts: []
+          profiles_enabled: false
+          root_account_aws_name: root
+          terraform_access_map: {}
+          terraform_dynamic_role_enabled: false
+          terraform_role_name_map:
+            apply: terraform
+            plan: planner
+          terraform_roles: {}

test/fixtures/stacks/catalog/argocd-github-repo.yaml

@@ -0,0 +1,23 @@
+components:
+  terraform:
+    argocd-github-repo:
+      metadata:
+        component: argocd-github-repo
+      vars:
+        enabled: true
+        github_user: goruha
+        github_user_email: ci@acme.com
+        github_organization: cloudposse-tests
+        github_codeowner_teams:
+          - "@cloudposse-tests/admin"
+        permissions:
+          - team_slug: admin
+            permission: admin
+        name: argocd-deploy-non-prod
+        description: "ArgoCD desired state repository (Non-production) for ACME applications"
+        environments:
+          - tenant: mgmt
+            environment: uw2
+            stage: sandbox
+            auto-sync: false
+        gitignore_entries: []

test/fixtures/stacks/catalog/dns-delegated.yaml

@@ -0,0 +1,10 @@
+components:
+  terraform:
+    dns-delegated:
+      metadata:
+        component: dns-delegated
+      vars:
+        zone_config:
+          - subdomain: test
+            zone_name: example.net
+        request_acm_certificate: true