diff --git a/.github/workflows/security-keys.yml b/.github/workflows/security-keys.yml index c2b97f206..38647ecf9 100644 --- a/.github/workflows/security-keys.yml +++ b/.github/workflows/security-keys.yml @@ -1,205 +1,72 @@ name: "Security Keys Layer: Unit Tests" on: - pull_request: - branches: - - master - paths: - - apps-devstg/us-east-1/security-keys/** - - apps-devstg/us-east-2/security-keys/** - - apps-prd/us-east-1/security-keys/** - - data-science/us-east-1/security-keys/** - - management/us-east-1/security-keys/** - - network/us-east-1/security-keys/** - - network/us-eat-2/security-keys/** - - security/us-east-1/security-keys/** - - shared/us-east-1/security-keys/** - - shared/us-east-2/security-keys/** - + pull_request: + branches: + - master jobs: - apps-devstg: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'apps-devstg/us-east-1/security-keys/**' - us-east-2: - - 'apps-devstg/us-east-2/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: apps-devstg/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: apps-devstg/us-east-1/security-keys - run: | - terraform test - - name: Terraform Init on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: apps-devstg/us-east-2/security-keys - run: terraform init - - name: Run Unit Test on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: apps-devstg/us-east-2/security-keys - run: | - terraform test - apps-prd: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'apps-prd/us-east-1/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: apps-prd/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: apps-prd/us-east-1/security-keys - run: | - terraform test - data-science: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'data-science/us-east-1/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: data-science/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: data-science/us-east-1/security-keys - run: | - terraform test - management: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'management/us-east-1/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: management/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: management/us-east-1/security-keys - run: | - terraform test - network: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'network/us-east-1/security-keys/**' - us-east-2: - - 'network/us-east-2/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: network/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: network/us-east-1/security-keys - run: | - terraform test - - name: Terraform Init on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: network/us-east-2/security-keys - run: terraform init - - name: Run Unit Test on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: network/us-east-2/security-keys - run: | - terraform test - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'security/us-east-1/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: security/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: security/us-east-1/security-keys - run: | - terraform test - shared: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.0 - - uses: dorny/paths-filter@v3 - id: filter - with: - filters: | - us-east-1: - - 'shared/us-east-1/security-keys/**' - us-east-2: - - 'shared/us-east-2/security-keys/**' - - name: Terraform Init on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: shared/us-east-1/security-keys - run: terraform init - - name: Run Unit Test on us-east-1 - if: steps.filter.outputs.us-east-1 == 'true' - working-directory: shared/us-east-1/security-keys - run: | - terraform test - - name: Terraform Init on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: shared/us-east-2/security-keys - run: terraform init - - name: Run Unit Test on us-east-2 - if: steps.filter.outputs.us-east-2 == 'true' - working-directory: shared/us-east-2/security-keys - run: | - terraform test + testing-security-keys: + strategy: + fail-fast: false + matrix: + terraform_versions: + - 1.7 + - 1.8 + accounts: + - layer: apps-devstg/us-east-1/security-keys + aws_profile: bb-apps-devstg-devops + aws_region: us-east-1 + required_state_file: true + bucket: security + bucket_folder: identities + aws_profile_required_state_file: bb-security-devops + state_file_test_path: tests/terraform.tfstate.template + - layer: apps-devstg/us-east-2/security-keys + aws_profile: bb-apps-devstg-devops + aws_region: us-east-2 + required_state_file: false + - layer: apps-prd/us-east-1/security-keys + aws_profile: bb-apps-prd-devops + aws_region: us-east-1 + required_state_file: false + - layer: data-science/us-east-1/security-keys + aws_profile: bb-data-science-devops + aws_region: us-east-1 + required_state_file: false + - layer: management/us-east-1/security-keys + aws_profile: bb-root-oaar + aws_region: us-east-1 + required_state_file: false + - layer: network/us-east-1/security-keys + aws_profile: bb-network-devops + aws_region: us-east-1 + required_state_file: false + - layer: network/us-east-2/security-keys + aws_profile: bb-network-devops + aws_region: us-east-2 + required_state_file: false + - layer: security/us-east-1/security-keys + aws_profile: bb-security-devops + aws_region: us-east-1 + required_state_file: false + - layer: shared/us-east-1/security-keys + aws_profile: bb-shared-devops + aws_region: us-east-1 + required_state_file: false + - layer: shared/us-east-2/security-keys + aws_profile: bb-shared-devops + aws_region: us-east-2 + required_state_file: false + name: security-keys-layer + uses: ./.github/workflows/testing-workflow.yml + with: + localstack_version: '3.7.2' + terraform_version: ${{ matrix.terraform_versions }} + aws_profile: ${{ matrix.accounts.aws_profile }} + aws_region: ${{ matrix.accounts.aws_region }} + required_state_file: ${{ matrix.accounts.required_state_file }} + state_file_test_path: ${{ matrix.accounts.state_file_test_path }} + bucket_name: ${{ matrix.accounts.bucket }} + bucket_folder: ${{ matrix.accounts.bucket_folder }} + aws_profile_required_state_file: ${{ matrix.accounts.aws_profile_required_state_file }} + working_directory: ${{ matrix.accounts.layer }} + \ No newline at end of file diff --git a/.github/workflows/testing-workflow.yml b/.github/workflows/testing-workflow.yml new file mode 100644 index 000000000..c6ab028f1 --- /dev/null +++ b/.github/workflows/testing-workflow.yml @@ -0,0 +1,112 @@ +name: Testing Workflow + +on: + workflow_call: + inputs: + localstack_version: + description: 'Localstack version' + required: true + type: string + default: '3.7.2' + terraform_version: + description: 'Terraform version' + required: true + type: string + default: '1.7.0' + aws_profile: + description: 'AWS profile for localstack' + required: true + type: string + aws_region: + description: 'AWS region for localstack' + required: false + type: string + default: 'us-east-1' + required_state_file: + description: 'If a terraform state file is required for testing' + required: true + type: boolean + default: false + state_file_test_path: + description: 'Path to the terraform state file in the tests folder' + required: false + type: string + bucket_name: + description: 'Name of the S3 bucket to store the terraform state file' + required: false + type: string + bucket_folder: + description: 'Folder in the S3 bucket to store the terraform state file' + required: false + type: string + aws_profile_required_state_file: + description: 'AWS profile of data terraform state for getting value of another layer' + required: false + type: string + working_directory: + description: 'Working directory for the terraform code' + required: true + type: string +jobs: + testing: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Check tests folder + id: check-tests + working-directory: ${{ inputs.working_directory }} + run: | + if [ -d tests ]; then + echo "hasTests=true" >> $GITHUB_OUTPUT + else + echo "hasTests=false" >> $GITHUB_OUTPUT + fi + - uses: hashicorp/setup-terraform@v3 + if: steps.check-tests.outputs.hasTests == 'true' + with: + terraform_version: ${{ inputs.terraform_version }} + - name: Install tflocal + if: steps.check-tests.outputs.hasTests == 'true' + run: | + pip install terraform-local + - uses: LocalStack/setup-localstack@v0.2.3 + if: steps.check-tests.outputs.hasTests == 'true' + with: + image-tag: ${{ inputs.localstack_version }} + install-awslocal: true + - name: Configure AWS Credentials for Localstack + if: steps.check-tests.outputs.hasTests == 'true' + run: | + awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile }} + awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile }} + awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile }} + awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile }} + - name: Configure AWS Credentials for Required State File + if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} + run: | + awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile_required_state_file }} + awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile_required_state_file }} + awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile_required_state_file }} + awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile_required_state_file }} + - name: Create S3 Buckets + if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} + run: | + awslocal s3 mb s3://${{ inputs.bucket_name }} --region ${{ inputs.aws_region }} + - name: Copy Terraform State File for testing to S3 Bucket + if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }} + run: | + awslocal s3 cp ${{ inputs.working_directory }}/${{ inputs.state_file_test_path}} s3://${{ inputs.bucket_name }}/${{inputs.bucket_folder }}/terraform.tfstate + - name: Terraform Init + if: steps.check-tests.outputs.hasTests == 'true' + working-directory: ${{ inputs.working_directory }} + run: tflocal init -upgrade + - name: Run Test + if: steps.check-tests.outputs.hasTests == 'true' + working-directory: ${{ inputs.working_directory }} + env: + AWS_DEFAULT_REGION: ${{ inputs.aws_region }} + AWS_ACCESS_KEY_ID: fake + AWS_SECRET_ACCESS_KEY: fake + run: | + cp ../../../config/common.tfvars.example ../../../config/common.tfvars + tflocal test -var-file=../../../config/common.tfvars -var-file=../../config/account.tfvars -var-file=../../config/backend.tfvars diff --git a/apps-devstg/us-east-1/security-keys/config.tf b/apps-devstg/us-east-1/security-keys/config.tf index 247b28893..106d6e255 100644 --- a/apps-devstg/us-east-1/security-keys/config.tf +++ b/apps-devstg/us-east-1/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/apps-devstg/us-east-1/security-keys/tests/kms.tftest.hcl b/apps-devstg/us-east-1/security-keys/tests/kms.tftest.hcl index bb821fa95..3f7b972b3 100644 --- a/apps-devstg/us-east-1/security-keys/tests/kms.tftest.hcl +++ b/apps-devstg/us-east-1/security-keys/tests/kms.tftest.hcl @@ -1,16 +1,21 @@ -mock_provider "aws" {} +#mock_provider "aws" {} + +#override_data { +# target = data.aws_iam_policy_document.kms +# values = { +# json = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Enable IAM User Permissions\",\"Effect\":\"Allow\",\"Action\":[\"kms:*\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":[\"arn:aws:iam::123456789012:root\",\"arn:aws:iam::123456789012:user/s3_demo\"]}},{\"Sid\":\"Enable S3 Service\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt*\",\"kms:Decrypt*\",\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Describe*\"],\"Resource\":\"*\",\"Principal\":{\"Service\":\"s3.us-west-2.amazonaws.com\"}},{\"Sid\":\"Enable CloudWatch Logs Service\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt*\",\"kms:Decrypt*\",\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Describe*\"],\"Resource\":\"*\",\"Principal\":{\"Service\":\"logs.us-west-2.amazonaws.com\"}}]}" +# } +# } + variables { - kms_key_name = "test-kms" - project = "bb" - environment = "test" - region = "us-east-1" + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true } run "valid_key_alias_name" { - assert { - condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" - error_message = "The KMS key alias name is not correct" - } + assert { + condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } } - - diff --git a/apps-devstg/us-east-1/security-keys/tests/terraform.tfstate.template b/apps-devstg/us-east-1/security-keys/tests/terraform.tfstate.template new file mode 100644 index 000000000..3658fccf2 --- /dev/null +++ b/apps-devstg/us-east-1/security-keys/tests/terraform.tfstate.template @@ -0,0 +1,58 @@ +{ + "version": 3, + "serial": 1, + "lineage": "17b5bf7c-12d8-0bfa-cd51-e9801ae5f552", + "backend": { + "type": "local", + "config": { + "access_key": null, + "acl": null, + "assume_role_duration_seconds": null, + "assume_role_policy": null, + "assume_role_policy_arns": null, + "assume_role_tags": null, + "assume_role_transitive_tag_keys": null, + "bucket": "bb-apps-devstg-terraform-backend", + "dynamodb_endpoint": null, + "dynamodb_table": "bb-apps-devstg-terraform-backend", + "encrypt": true, + "endpoint": null, + "external_id": null, + "force_path_style": null, + "iam_endpoint": null, + "key": "apps-devstg/security-keys/terraform.tfstate", + "kms_key_id": null, + "max_retries": null, + "profile": "bb-apps-devstg-devops", + "region": "us-east-1", + "role_arn": null, + "secret_key": null, + "session_name": null, + "shared_credentials_file": null, + "skip_credentials_validation": null, + "skip_metadata_api_check": null, + "skip_region_validation": null, + "sse_customer_key": null, + "sts_endpoint": null, + "token": null, + "workspace_key_prefix": null + }, + "hash": 2686674876 + }, + "modules": [ + { + "path": [ + "root" + ], + "outputs": { + "user_s3_demo_name": { + "sensitive": false, + "type": "string", + "value": "user-s3-demo" + } + }, + "resources": {}, + "depends_on": [] + } + ] +} diff --git a/apps-devstg/us-east-2/security-keys/config.tf b/apps-devstg/us-east-2/security-keys/config.tf index 06d2b29e7..e674fba41 100644 --- a/apps-devstg/us-east-2/security-keys/config.tf +++ b/apps-devstg/us-east-2/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/apps-devstg/us-east-2/security-keys/tests/kms.tftest.hcl b/apps-devstg/us-east-2/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..a1f93f712 --- /dev/null +++ b/apps-devstg/us-east-2/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key_dr.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/apps-prd/us-east-1/security-keys/config.tf b/apps-prd/us-east-1/security-keys/config.tf index 362b8c0de..387b434a0 100644 --- a/apps-prd/us-east-1/security-keys/config.tf +++ b/apps-prd/us-east-1/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/apps-prd/us-east-1/security-keys/tests/kms.tftest.hcl b/apps-prd/us-east-1/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..50d1a6bb9 --- /dev/null +++ b/apps-prd/us-east-1/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/management/us-east-1/security-keys/config.tf b/management/us-east-1/security-keys/config.tf index df3fb0dfd..ba0a54331 100644 --- a/management/us-east-1/security-keys/config.tf +++ b/management/us-east-1/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/management/us-east-1/security-keys/tests/kms.tftest.hcl b/management/us-east-1/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..50d1a6bb9 --- /dev/null +++ b/management/us-east-1/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/network/us-east-1/security-keys/config.tf b/network/us-east-1/security-keys/config.tf index 6f8266555..1b323af1a 100644 --- a/network/us-east-1/security-keys/config.tf +++ b/network/us-east-1/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/network/us-east-1/security-keys/tests/kms.tftest.hcl b/network/us-east-1/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..a1f93f712 --- /dev/null +++ b/network/us-east-1/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key_dr.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/network/us-east-2/security-keys/config.tf b/network/us-east-2/security-keys/config.tf index f53900c07..831a67093 100644 --- a/network/us-east-2/security-keys/config.tf +++ b/network/us-east-2/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/security/us-east-1/security-keys/tests/kms.tftest.hcl b/security/us-east-1/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..50d1a6bb9 --- /dev/null +++ b/security/us-east-1/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/shared/us-east-1/security-keys/config.tf b/shared/us-east-1/security-keys/config.tf index ee8bc2138..15de1e9d3 100644 --- a/shared/us-east-1/security-keys/config.tf +++ b/shared/us-east-1/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2" + required_version = ">= 1.2" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/shared/us-east-1/security-keys/tests/kms.tftest.hcl b/shared/us-east-1/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..50d1a6bb9 --- /dev/null +++ b/shared/us-east-1/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +} diff --git a/shared/us-east-2/security-keys/config.tf b/shared/us-east-2/security-keys/config.tf index 5011c06ff..3bab5c67b 100644 --- a/shared/us-east-2/security-keys/config.tf +++ b/shared/us-east-2/security-keys/config.tf @@ -10,10 +10,10 @@ provider "aws" { # Backend Config (partial) # #=============================# terraform { - required_version = "~> 1.2.7" + required_version = ">= 1.2.7" required_providers { - aws = "~> 4.10" + aws = "~> 5.0" } backend "s3" { diff --git a/shared/us-east-2/security-keys/tests/kms.tftest.hcl b/shared/us-east-2/security-keys/tests/kms.tftest.hcl new file mode 100644 index 000000000..a1f93f712 --- /dev/null +++ b/shared/us-east-2/security-keys/tests/kms.tftest.hcl @@ -0,0 +1,12 @@ +variables { + kms_key_name = "test-kms" + environment = "test" + enable_remote_state = true +} + +run "valid_key_alias_name" { + assert { + condition = module.kms_key_dr.alias_name == "alias/bb_test_test-kms_key" + error_message = "The KMS key alias name is not correct" + } +}