Convert to TF 0.12. Add tests. Add Codefresh test pipeline (#29)

* Convert to TF 0.12. Add tests. Add Codefresh test pipeline * Convert to TF 0.12. Add tests. Add Codefresh test pipeline * Convert to TF 0.12. Add tests. Add Codefresh test pipeline * Convert to TF 0.12. Add tests. Add Codefresh test pipeline
cloudposse · Jul 1, 2019 · 0938bd2 · 0938bd2
1 parent e44e2b7
commit 0938bd2
Show file tree

Hide file tree

Showing 24 changed files with 488 additions and 190 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,9 +5,6 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
-*.tfvars
-
 **/.idea
 **/*.iml
 

diff --git a/.travis.yml b/.travis.yml
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017-2018 Cloud Posse, LLC
+   Copyright 2017-2019 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 
 [![Cloud Posse][logo]](https://cpco.io/homepage)
 
-# terraform-aws-ecr [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-ecr.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-ecr) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
+# terraform-aws-ecr [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecr?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d182cb1ac440444a6c0082b) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg)](https://github.com/cloudposse/terraform-aws-ecr/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
 
 
 Terraform module to provision an [`AWS ECR Docker Container registry`](https://aws.amazon.com/ecr/).
@@ -59,46 +59,17 @@ In addition, an `EC2 Instance Profile` will be created from the new IAM Role, wh
 Include this repository as a module in your existing terraform code:
 
 ```hcl
-# IAM Role is provided. It will be granted ECR permissions
+# IAM Role to be granted ECR permissions
 data "aws_iam_role" "ecr" {
   name = "ecr"
 }
 
 module "ecr" {
-  source              = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=master"
-  name                = "${var.name}"
-  namespace           = "${var.namespace}"
-  stage               = "${var.stage}"
-  roles               = ["${data.aws_iam_role.ecr.name}"]
-}
-```
-
-Example of attaching policies to a user for CI/CD
-
-```hcl
-module "cicd_user" {
-  source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.3.0"
-  namespace = "${var.namespace}"
-  stage     = "${var.stage}"
-  name      = "codefresh"
-}
-
-resource "aws_iam_policy_attachment" "login" {
-  name       = "${module.cicd_user.user_name}-login"
-  users      = ["${module.cicd_user.user_name}"]
-  policy_arn = "${module.ecr.policy_login_arn}"
-}
-
-resource "aws_iam_policy_attachment" "read" {
-  name       = "${module.cicd_user.user_name}-read"
-  users      = ["${module.cicd_user.user_name}"]
-  policy_arn = "${module.ecr.policy_read_arn}"
-}
-
-resource "aws_iam_policy_attachment" "write" {
-  name       = "${module.cicd_user.user_name}-write"
-  users      = ["${module.cicd_user.user_name}"]
-  policy_arn = "${module.ecr.policy_write_arn}"
+  source                 = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=master"
+  namespace              = "eg"
+  stage                  = "test"
+  name                   = "ecr"
+  principals_full_access = [data.aws_iam_role.ecr.arn]
 }
 ```
 
@@ -121,17 +92,17 @@ Available targets:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| attributes | Additional attributes (e.g. `policy` or `role`) | list | `<list>` | no |
+| attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
-| enabled | Set to false to prevent the module from creating any resources | string | `true` | no |
+| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no |
 | name | The Name of the application or solution  (e.g. `bastion` or `portal`) | string | - | yes |
-| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
-| principals_full_access | Principal ARN to provide with full access to the ECR | list | `<list>` | no |
-| principals_readonly_access | Principal ARN to provide with readonly access to the ECR | list | `<list>` | no |
-| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map | `<map>` | no |
-| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | string | `true` | no |
+| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| principals_full_access | Principal ARNs to provide with full access to the ECR | list(string) | `<list>` | no |
+| principals_readonly_access | Principal ARNs to provide with readonly access to the ECR | list(string) | `<list>` | no |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
+| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map(string) | `<map>` | no |
+| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | bool | `true` | no |
 
 ## Outputs
 
@@ -277,8 +248,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 
 ### Contributors
 
-|  [![Igor Rodionov][goruha_avatar]][goruha_homepage]<br/>[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]<br/>[Andriy Knysh][aknysh_homepage] | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]<br/>[Sergey Vasilyev][s2504s_homepage] | [![Ivan Pinatti][ivan-pinatti_avatar]][ivan-pinatti_homepage]<br/>[Ivan Pinatti][ivan-pinatti_homepage] |
-|---|---|---|---|
+|  [![Igor Rodionov][goruha_avatar]][goruha_homepage]<br/>[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]<br/>[Andriy Knysh][aknysh_homepage] | [![Sergey Vasilyev][s2504s_avatar]][s2504s_homepage]<br/>[Sergey Vasilyev][s2504s_homepage] | [![Ivan Pinatti][ivan-pinatti_avatar]][ivan-pinatti_homepage]<br/>[Ivan Pinatti][ivan-pinatti_homepage] | [![Erik Osterman][osterman_avatar]][osterman_homepage]<br/>[Erik Osterman][osterman_homepage] |
+|---|---|---|---|---|
 
   [goruha_homepage]: https://github.com/goruha
   [goruha_avatar]: https://github.com/goruha.png?size=150
@@ -288,6 +259,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [s2504s_avatar]: https://github.com/s2504s.png?size=150
   [ivan-pinatti_homepage]: https://github.com/ivan-pinatti
   [ivan-pinatti_avatar]: https://github.com/ivan-pinatti.png?size=150
+  [osterman_homepage]: https://github.com/osterman
+  [osterman_avatar]: https://github.com/osterman.png?size=150
 
 
 

diff --git a/README.yaml b/README.yaml
@@ -32,9 +32,9 @@ github_repo: cloudposse/terraform-aws-ecr
 
 # Badges to display
 badges:
-  - name: "Build Status"
-    image: "https://travis-ci.org/cloudposse/terraform-aws-ecr.svg?branch=master"
-    url: "https://travis-ci.org/cloudposse/terraform-aws-ecr"
+  - name: "Codefresh Build Status"
+    image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecr?type=cf-1"
+    url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d182cb1ac440444a6c0082b"
   - name: "Latest Release"
     image: "https://img.shields.io/github/release/cloudposse/terraform-aws-ecr.svg"
     url: "https://github.com/cloudposse/terraform-aws-ecr/releases/latest"
@@ -68,46 +68,17 @@ usage: |-
   Include this repository as a module in your existing terraform code:
 
   ```hcl
-  # IAM Role is provided. It will be granted ECR permissions
+  # IAM Role to be granted ECR permissions
   data "aws_iam_role" "ecr" {
     name = "ecr"
   }
 
   module "ecr" {
-    source              = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=master"
-    name                = "${var.name}"
-    namespace           = "${var.namespace}"
-    stage               = "${var.stage}"
-    roles               = ["${data.aws_iam_role.ecr.name}"]
-  }
-  ```
-
-  Example of attaching policies to a user for CI/CD
-
-  ```hcl
-  module "cicd_user" {
-    source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.3.0"
-    namespace = "${var.namespace}"
-    stage     = "${var.stage}"
-    name      = "codefresh"
-  }
-
-  resource "aws_iam_policy_attachment" "login" {
-    name       = "${module.cicd_user.user_name}-login"
-    users      = ["${module.cicd_user.user_name}"]
-    policy_arn = "${module.ecr.policy_login_arn}"
-  }
-
-  resource "aws_iam_policy_attachment" "read" {
-    name       = "${module.cicd_user.user_name}-read"
-    users      = ["${module.cicd_user.user_name}"]
-    policy_arn = "${module.ecr.policy_read_arn}"
-  }
-
-  resource "aws_iam_policy_attachment" "write" {
-    name       = "${module.cicd_user.user_name}-write"
-    users      = ["${module.cicd_user.user_name}"]
-    policy_arn = "${module.ecr.policy_write_arn}"
+    source                 = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=master"
+    namespace              = "eg"
+    stage                  = "test"
+    name                   = "ecr"
+    principals_full_access = [data.aws_iam_role.ecr.arn]
   }
   ```
 
@@ -125,3 +96,5 @@ contributors:
     github: "s2504s"
   - name: "Ivan Pinatti"
     github: "ivan-pinatti"
+  - name: "Erik Osterman"
+    github: "osterman"
diff --git a/codefresh/test.yml b/codefresh/test.yml
@@ -0,0 +1,74 @@
+version: '1.0'
+
+stages:
+  - Prepare
+  - Test
+
+steps:
+  wait:
+    title: Wait
+    stage: Prepare
+    image: codefresh/cli:latest
+    commands:
+      - codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id'
+    retry:
+      maxAttempts: 10
+      delay: 20
+      exponentialFactor: 1.1
+
+  main_clone:
+    title: "Clone repository"
+    type: git-clone
+    stage: Prepare
+    description: "Initialize"
+    repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}
+    git: CF-default
+    revision: ${{CF_REVISION}}
+
+  clean_init:
+    title: Prepare build-harness and test-harness
+    image: ${{TEST_IMAGE}}
+    stage: Prepare
+    commands:
+      - cf_export PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      - make init
+      - git -C build-harness checkout master
+      - make -C test/ clean init TEST_HARNESS_BRANCH=master
+      - make -C test/src clean init
+      - find . -type d -name '.terraform' | xargs rm -rf
+      - find . -type f -name 'terraform.tfstate*' -exec rm -f {} \;
+
+  test:
+    type: "parallel"
+    title: "Run tests"
+    description: "Run all tests in parallel"
+    stage: Test
+    steps:
+      test_readme_lint:
+        title: "Test README.md updated"
+        stage: "Test"
+        image: ${{TEST_IMAGE}}
+        description: Test "readme/lint"
+        commands:
+          - make readme/lint
+
+      test_module:
+        title: Test module with bats
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - make -C test/ module
+
+      test_examples_complete:
+        title: Test "examples/complete" with bats
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - make -C test/ examples/complete
+
+      test_examples_complete_terratest:
+        title: Test "examples/complete" with terratest
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - make -C test/src
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -2,17 +2,17 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| attributes | Additional attributes (e.g. `policy` or `role`) | list | `<list>` | no |
+| attributes | Additional attributes (e.g. `policy` or `role`) | list(string) | `<list>` | no |
 | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no |
-| enabled | Set to false to prevent the module from creating any resources | string | `true` | no |
+| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no |
 | max_image_count | How many Docker Image versions AWS ECR will store | string | `500` | no |
 | name | The Name of the application or solution  (e.g. `bastion` or `portal`) | string | - | yes |
-| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
-| principals_full_access | Principal ARN to provide with full access to the ECR | list | `<list>` | no |
-| principals_readonly_access | Principal ARN to provide with readonly access to the ECR | list | `<list>` | no |
-| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map | `<map>` | no |
-| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | string | `true` | no |
+| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no |
+| principals_full_access | Principal ARNs to provide with full access to the ECR | list(string) | `<list>` | no |
+| principals_readonly_access | Principal ARNs to provide with readonly access to the ECR | list(string) | `<list>` | no |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
+| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | map(string) | `<map>` | no |
+| use_fullname | Set 'true' to use `namespace-stage-name` for ecr repository name, else `name` | bool | `true` | no |
 
 ## Outputs
 

diff --git a/examples/complete/fixtures.us-west-1.tfvars b/examples/complete/fixtures.us-west-1.tfvars
@@ -0,0 +1,7 @@
+region = "us-west-1"
+
+namespace = "eg"
+
+stage = "test"
+
+name = "ecr-test"
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -0,0 +1,10 @@
+provider "aws" {
+  region = var.region
+}
+
+module "ecr" {
+  source    = "../../"
+  namespace = var.namespace
+  stage     = var.stage
+  name      = var.name
+}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -0,0 +1,14 @@
+output "registry_id" {
+  value       = module.ecr.registry_id
+  description = "Registry ID"
+}
+
+output "registry_url" {
+  value       = module.ecr.registry_url
+  description = "Registry URL"
+}
+
+output "repository_name" {
+  value       = module.ecr.repository_name
+  description = "Registry name"
+}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -0,0 +1,15 @@
+variable "region" {
+  type = string
+}
+
+variable "namespace" {
+  type = string
+}
+
+variable "name" {
+  type = string
+}
+
+variable "stage" {
+  type = string
+}