Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update terraform github.com/binbashar/terraform-aws-kms-key to v0.12.2 #623

Merged
merged 4 commits into from
Feb 22, 2025
Merged

chore(deps): update terraform github.com/binbashar/terraform-aws-kms-key to v0.12.2 #623

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7b6fcf7
chore(deps): update terraform github.com/binbashar/terraform-aws-kms-…
renovate[bot] Sep 18, 2024
2ddb85d
feat(security-keys): Add unit test ci pipeline
renemontilva Sep 22, 2024
80216e0
feat(security-keys): Add unit test in apps-devstg/us-east-1/security-…
renemontilva Sep 22, 2024
2ee9bbf
feat(security-keys): Add localstack to github action for testing
renemontilva Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions .github/workflows/security-keys.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
name: "Security Keys Layer: Unit Tests"
on:
pull_request:
branches:
- master
paths:
- '**/us-east-1/security-keys/**'
- '**/us-east-2/security-keys/**'
jobs:
testing-security-keys-with-terraform:
strategy:
fail-fast: false
matrix:
iac_platform:
- name: terraform
version: '1.6'
- name: tofu
version: '1.6'
accounts:
- layer: apps-devstg/us-east-1/security-keys
aws_profile: bb-apps-devstg-devops
aws_region: us-east-1
required_state_file: true
bucket: security
bucket_folder: identities
aws_profile_required_state_file: bb-security-devops
state_file_test_path: tests/terraform.tfstate.template
- layer: apps-devstg/us-east-2/security-keys
aws_profile: bb-apps-devstg-devops
aws_region: us-east-2
required_state_file: false
- layer: apps-prd/us-east-1/security-keys
aws_profile: bb-apps-prd-devops
aws_region: us-east-1
required_state_file: false
- layer: data-science/us-east-1/security-keys
aws_profile: bb-data-science-devops
aws_region: us-east-1
required_state_file: false
- layer: management/us-east-1/security-keys
aws_profile: bb-root-oaar
aws_region: us-east-1
required_state_file: false
- layer: network/us-east-1/security-keys
aws_profile: bb-network-devops
aws_region: us-east-1
required_state_file: false
- layer: network/us-east-2/security-keys
aws_profile: bb-network-devops
aws_region: us-east-2
required_state_file: false
- layer: security/us-east-1/security-keys
aws_profile: bb-security-devops
aws_region: us-east-1
required_state_file: false
- layer: shared/us-east-1/security-keys
aws_profile: bb-shared-devops
aws_region: us-east-1
required_state_file: false
- layer: shared/us-east-2/security-keys
aws_profile: bb-shared-devops
aws_region: us-east-2
required_state_file: false
name: security-keys-layer
uses: ./.github/workflows/testing-workflow.yml
with:
localstack_version: '3.7.2'
iac_platform: ${{ matrix.iac_platform.name }}
iac_version: ${{ matrix.iac_platform.version }}
aws_profile: ${{ matrix.accounts.aws_profile }}
aws_region: ${{ matrix.accounts.aws_region }}
required_state_file: ${{ matrix.accounts.required_state_file }}
state_file_test_path: ${{ matrix.accounts.state_file_test_path }}
bucket_name: ${{ matrix.accounts.bucket }}
bucket_folder: ${{ matrix.accounts.bucket_folder }}
aws_profile_required_state_file: ${{ matrix.accounts.aws_profile_required_state_file }}
working_directory: ${{ matrix.accounts.layer }}
124 changes: 124 additions & 0 deletions .github/workflows/testing-workflow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
name: Testing Workflow

on:
workflow_call:
inputs:
localstack_version:
description: 'Localstack version'
required: true
type: string
default: '3.7.2'
iac_platform:
description: 'IaC platform name (terraform, tofu)'
required: true
type: string
default: 'terraform'
iac_version:
description: 'IaC version'
required: true
type: string
default: '1.6.0'
aws_profile:
description: 'AWS profile for localstack'
required: true
type: string
aws_region:
description: 'AWS region for localstack'
required: false
type: string
default: 'us-east-1'
required_state_file:
description: 'If a terraform state file is required for testing'
required: true
type: boolean
default: false
state_file_test_path:
description: 'Path to the terraform state file in the tests folder'
required: false
type: string
bucket_name:
description: 'Name of the S3 bucket to store the terraform state file'
required: false
type: string
bucket_folder:
description: 'Folder in the S3 bucket to store the terraform state file'
required: false
type: string
aws_profile_required_state_file:
description: 'AWS profile of data terraform state for getting value of another layer'
required: false
type: string
working_directory:
description: 'Working directory for the terraform code'
required: true
type: string
jobs:
testing:
runs-on: ubuntu-latest
env:
TF_CMD: ${{ inputs.iac_platform }}
steps:
- uses: actions/checkout@v4
- name: Check tests folder
id: check-tests
working-directory: ${{ inputs.working_directory }}
run: |
if [ -d tests ]; then
echo "hasTests=true" >> $GITHUB_OUTPUT
else
echo "hasTests=false" >> $GITHUB_OUTPUT
fi
- if: ${{ steps.check-tests.outputs.hasTests == 'true' && inputs.iac_platform == 'terraform' }}
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.iac_version }}
- if: ${{ steps.check-tests.outputs.hasTests == 'true' && inputs.iac_platform == 'tofu' }}
uses: opentofu/setup-opentofu@v1
with:
tofu_version: ${{ inputs.iac_version }}
- name: Install tflocal
if: steps.check-tests.outputs.hasTests == 'true'
run: |
pip install terraform-local
- uses: LocalStack/setup-localstack@v0.2.3
if: steps.check-tests.outputs.hasTests == 'true'
with:
image-tag: ${{ inputs.localstack_version }}
install-awslocal: true
- name: Configure AWS Credentials for Localstack
if: steps.check-tests.outputs.hasTests == 'true'
run: |
awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile }}
awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile }}
awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile }}
awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile }}
- name: Configure AWS Credentials for Required State File
if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }}
run: |
awslocal configure set aws_access_key_id fake --profile ${{ inputs.aws_profile_required_state_file }}
awslocal configure set aws_secret_access_key fake --profile ${{ inputs.aws_profile_required_state_file }}
awslocal configure set region ${{ inputs.aws_region }} --profile ${{ inputs.aws_profile_required_state_file }}
awslocal configure set endpoint_url http://localhost:4566 --profile ${{ inputs.aws_profile_required_state_file }}
- name: Create S3 Buckets
if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }}
run: |
awslocal s3 mb s3://${{ inputs.bucket_name }} --region ${{ inputs.aws_region }}
- name: Copy Terraform State File for testing to S3 Bucket
if: ${{ inputs.required_state_file && steps.check-tests.outputs.hasTests == 'true' }}
run: |
awslocal s3 cp ${{ inputs.working_directory }}/${{ inputs.state_file_test_path}} s3://${{ inputs.bucket_name }}/${{inputs.bucket_folder }}/terraform.tfstate
- name: Terraform Init
if: steps.check-tests.outputs.hasTests == 'true'
working-directory: ${{ inputs.working_directory }}
run: tflocal init -upgrade
- name: Run Test
if: steps.check-tests.outputs.hasTests == 'true'
working-directory: ${{ inputs.working_directory }}
env:
AWS_DEFAULT_REGION: ${{ inputs.aws_region }}
AWS_ACCESS_KEY_ID: fake
AWS_SECRET_ACCESS_KEY: fake
AWS_ENDPOINT_URL: http://localhost:4566
run: |
cp ../../../config/common.tfvars.example ../../../config/common.tfvars
tflocal test -var-file=../../../config/common.tfvars -var-file=../../config/account.tfvars -var-file=../../config/backend.tfvars
4 changes: 2 additions & 2 deletions apps-devstg/us-east-1/security-keys/config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ provider "aws" {
# Backend Config (partial) #
#=============================#
terraform {
required_version = "~> 1.2.7"
required_version = ">= 1.2.7"

required_providers {
aws = "~> 4.10"
aws = "~> 5.0"
}

backend "s3" {
Expand Down
2 changes: 1 addition & 1 deletion apps-devstg/us-east-1/security-keys/kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "kms_key" {
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.1"
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.2"

enabled = true
namespace = var.project
Expand Down
21 changes: 21 additions & 0 deletions apps-devstg/us-east-1/security-keys/tests/kms.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#mock_provider "aws" {}

#override_data {
# target = data.aws_iam_policy_document.kms
# values = {
# json = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Enable IAM User Permissions\",\"Effect\":\"Allow\",\"Action\":[\"kms:*\"],\"Resource\":\"*\",\"Principal\":{\"AWS\":[\"arn:aws:iam::123456789012:root\",\"arn:aws:iam::123456789012:user/s3_demo\"]}},{\"Sid\":\"Enable S3 Service\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt*\",\"kms:Decrypt*\",\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Describe*\"],\"Resource\":\"*\",\"Principal\":{\"Service\":\"s3.us-west-2.amazonaws.com\"}},{\"Sid\":\"Enable CloudWatch Logs Service\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt*\",\"kms:Decrypt*\",\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Describe*\"],\"Resource\":\"*\",\"Principal\":{\"Service\":\"logs.us-west-2.amazonaws.com\"}}]}"
# }
# }

variables {
kms_key_name = "test-kms"
environment = "test"
enable_remote_state = true
}

run "valid_key_alias_name" {
assert {
condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key"
error_message = "The KMS key alias name is not correct"
}
}
58 changes: 58 additions & 0 deletions apps-devstg/us-east-1/security-keys/tests/terraform.tfstate.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"version": 3,
"serial": 1,
"lineage": "17b5bf7c-12d8-0bfa-cd51-e9801ae5f552",
"backend": {
"type": "local",
"config": {
"access_key": null,
"acl": null,
"assume_role_duration_seconds": null,
"assume_role_policy": null,
"assume_role_policy_arns": null,
"assume_role_tags": null,
"assume_role_transitive_tag_keys": null,
"bucket": "bb-apps-devstg-terraform-backend",
"dynamodb_endpoint": null,
"dynamodb_table": "bb-apps-devstg-terraform-backend",
"encrypt": true,
"endpoint": null,
"external_id": null,
"force_path_style": null,
"iam_endpoint": null,
"key": "apps-devstg/security-keys/terraform.tfstate",
"kms_key_id": null,
"max_retries": null,
"profile": "bb-apps-devstg-devops",
"region": "us-east-1",
"role_arn": null,
"secret_key": null,
"session_name": null,
"shared_credentials_file": null,
"skip_credentials_validation": null,
"skip_metadata_api_check": null,
"skip_region_validation": null,
"sse_customer_key": null,
"sts_endpoint": null,
"token": null,
"workspace_key_prefix": null
},
"hash": 2686674876
},
"modules": [
{
"path": [
"root"
],
"outputs": {
"user_s3_demo_name": {
"sensitive": false,
"type": "string",
"value": "user-s3-demo"
}
},
"resources": {},
"depends_on": []
}
]
}
4 changes: 2 additions & 2 deletions apps-devstg/us-east-2/security-keys/config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ provider "aws" {
# Backend Config (partial) #
#=============================#
terraform {
required_version = "~> 1.2.7"
required_version = ">= 1.2.7"

required_providers {
aws = "~> 4.10"
aws = "~> 5.0"
}

backend "s3" {
Expand Down
2 changes: 1 addition & 1 deletion apps-devstg/us-east-2/security-keys/kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "kms_key_dr" {
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.1"
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.2"

enabled = true
namespace = var.project
Expand Down
12 changes: 12 additions & 0 deletions apps-devstg/us-east-2/security-keys/tests/kms.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
variables {
kms_key_name = "test-kms"
environment = "test"
enable_remote_state = true
}

run "valid_key_alias_name" {
assert {
condition = module.kms_key_dr.alias_name == "alias/bb_test_test-kms_key"
error_message = "The KMS key alias name is not correct"
}
}
4 changes: 2 additions & 2 deletions apps-prd/us-east-1/security-keys/config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ provider "aws" {
# Backend Config (partial) #
#=============================#
terraform {
required_version = "~> 1.2.7"
required_version = ">= 1.2.7"

required_providers {
aws = "~> 4.10"
aws = "~> 5.0"
}

backend "s3" {
Expand Down
2 changes: 1 addition & 1 deletion apps-prd/us-east-1/security-keys/kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "kms_key" {
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.1"
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.2"

enabled = true
namespace = var.project
Expand Down
12 changes: 12 additions & 0 deletions apps-prd/us-east-1/security-keys/tests/kms.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
variables {
kms_key_name = "test-kms"
environment = "test"
enable_remote_state = true
}

run "valid_key_alias_name" {
assert {
condition = module.kms_key.alias_name == "alias/bb_test_test-kms_key"
error_message = "The KMS key alias name is not correct"
}
}
2 changes: 1 addition & 1 deletion data-science/us-east-1/security-keys/kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "kms_key" {
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.1"
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.2"

enabled = true
namespace = var.project
Expand Down
4 changes: 2 additions & 2 deletions management/us-east-1/security-keys/config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ provider "aws" {
# Backend Config (partial) #
#=============================#
terraform {
required_version = "~> 1.2.7"
required_version = ">= 1.2.7"

required_providers {
aws = "~> 4.10"
aws = "~> 5.0"
}

backend "s3" {
Expand Down
2 changes: 1 addition & 1 deletion management/us-east-1/security-keys/kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "kms_key" {
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.1"
source = "github.com/binbashar/terraform-aws-kms-key.git?ref=0.12.2"

enabled = true
namespace = var.project
Expand Down
Loading
Loading