Refactor tests and add shared helpers (#9)

osinfra-io · Nov 15, 2024 · 619e5ea · 619e5ea
1 parent 2bfe6ca
commit 619e5ea
Show file tree

Hide file tree

Showing 13 changed files with 29 additions and 138 deletions.
diff --git a/.github/release.yml b/.github/release.yml
@@ -10,8 +10,8 @@ changelog:
         labels:
           - dependencies
 
-    - title: 🔩 Dependencies 
+    - title: 🔩 Dependencies
       labels:
         - dependencies
 
-# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
+# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
diff --git a/.gitignore b/.gitignore
@@ -18,9 +18,6 @@ crash.log
 # be included in version control.
 local.tfvars
 
-# Provider.tf is used for local development of modules and shouldn't be added to repos.
-provider.tf
-
 # Ignore override files as they are usually used to override ressources locally
 override.tf
 override.tf.json

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
       - id: check-symlinks
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
 
@@ -29,9 +29,11 @@ repos:
       - id: terraform_docs
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.257
+    rev: 3.2.296
     hooks:
       - id: checkov
         verbose: true
         args:
+          - --skip-check
+          - "CKV_TF_1"
           - --quiet
diff --git a/regional/README.md b/regional/README.md
@@ -11,12 +11,14 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.1 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ## Resources
 

diff --git a/regional/helm/gatekeeper.yml b/regional/helm/gatekeeper.yml
@@ -1,20 +1,21 @@
-podLabels:
-  tags.datadoghq.com/service: gatekeeper
+audit:
+  disableCertRotation: true
+  podLabels:
+    tags.datadoghq.com/service: gatekeeper-audit
 
 controllerManager:
   disableCertRotation: true
   podLabels:
     tags.datadoghq.com/service: gatekeeper-controller-manager
 
-audit:
-  disableCertRotation: true
-  podLabels:
-    tags.datadoghq.com/service: gatekeeper-audit
+externalCertInjection:
+  enabled: true
+
+podLabels:
+  tags.datadoghq.com/service: gatekeeper
 
-validatingWebhookAnnotations:
-  cert-manager.io/inject-ca-from: gatekeeper-system/gatekeeper-webhook-server-cert
 mutatingWebhookAnnotations:
   cert-manager.io/inject-ca-from: gatekeeper-system/gatekeeper-webhook-server-cert
 
-externalCertInjection:
-  enabled: true
+validatingWebhookAnnotations:
+  cert-manager.io/inject-ca-from: gatekeeper-system/gatekeeper-webhook-server-cert
diff --git a/regional/helpers.tf b/regional/helpers.tf
@@ -0,0 +1 @@
+../shared/helpers.tf
diff --git a/regional/locals.tf b/regional/locals.tf
@@ -2,20 +2,6 @@
 # https://www.terraform.io/docs/language/values/locals.html
 
 locals {
-  env = lookup(local.env_map, local.environment, "none")
-
-  environment = (
-    terraform.workspace == "default" ?
-    "mock-environment" :
-    regex(".*-(?P<environment>[^-]+)$", terraform.workspace)["environment"]
-  )
-
-  env_map = {
-    "non-production" = "nonprod"
-    "production"     = "prod"
-    "sandbox"        = "sb"
-  }
-
   helm_values = {
     "audit.resources.limits.cpu"                  = var.audit_resources_limits_cpu
     "audit.resources.limits.memory"               = var.audit_resources_limits_memory
@@ -28,7 +14,7 @@ locals {
     "image.crdRepository"                         = "${var.artifact_registry}/openpolicyagent/gatekeeper-crds"
     "image.repository"                            = "${var.artifact_registry}/openpolicyagent/gatekeeper"
     "image.release"                               = var.gatekeeper_version
-    "podLabels.tags\\.datadoghq\\.com/env"        = local.environment
+    "podLabels.tags\\.datadoghq\\.com/env"        = module.helpers.environment
     "podLabels.tags\\.datadoghq\\.com/version"    = var.gatekeeper_version
     "postInstall.labelNamespace.image.repository" = "${var.artifact_registry}/openpolicyagent/gatekeeper-crds"
     "postInstall.labelNamespace.image.tag"        = var.gatekeeper_version

diff --git a/regional/outputs.tf b/regional/outputs.tf
diff --git a/shared/helpers.tf b/shared/helpers.tf
@@ -0,0 +1,6 @@
+# Terraform Core Child Module Helpers (osinfra.io)
+# https://github.com/osinfra-io/terraform-core-helpers
+
+module "helpers" {
+  source = "github.com/osinfra-io/terraform-core-helpers//child?ref=v0.1.2"
+}
diff --git a/tests/fixtures/default/regional/locals.tf b/tests/fixtures/default/regional/locals.tf
diff --git a/tests/fixtures/default/regional/main.tf b/tests/fixtures/default/regional/main.tf
@@ -15,51 +15,6 @@ terraform {
   }
 }
 
-# Helm Provider
-# https://registry.terraform.io/providers/hashicorp/helm/latest
-
-provider "helm" {
-  kubernetes {
-
-    cluster_ca_certificate = base64decode(
-      local.regional.cluster_ca_certificate
-    )
-
-    host  = local.regional.cluster_endpoint
-    token = data.google_client_config.current.access_token
-  }
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
-  cluster_ca_certificate = base64decode(
-    local.regional.cluster_ca_certificate
-  )
-
-  host  = "https://${local.regional.cluster_endpoint}"
-  token = data.google_client_config.current.access_token
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
-# Remote State Data Source
-# https://www.terraform.io/language/state/remote-state-data
-
-data "terraform_remote_state" "regional" {
-  backend   = "gcs"
-  workspace = "mock-workspace"
-
-  config = {
-    bucket = "mock-bucket"
-  }
-}
-
 module "test" {
   source = "../../../../regional"
 

diff --git a/tests/fixtures/default/regional/manifests/locals.tf b/tests/fixtures/default/regional/manifests/locals.tf
diff --git a/tests/fixtures/default/regional/manifests/main.tf b/tests/fixtures/default/regional/manifests/main.tf
@@ -15,51 +15,6 @@ terraform {
   }
 }
 
-# Helm Provider
-# https://registry.terraform.io/providers/hashicorp/helm/latest
-
-provider "helm" {
-  kubernetes {
-
-    cluster_ca_certificate = base64decode(
-      local.regional.cluster_ca_certificate
-    )
-
-    host  = local.regional.cluster_endpoint
-    token = data.google_client_config.current.access_token
-  }
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
-  cluster_ca_certificate = base64decode(
-    local.regional.cluster_ca_certificate
-  )
-
-  host  = "https://${local.regional.cluster_endpoint}"
-  token = data.google_client_config.current.access_token
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
-# Remote State Data Source
-# https://www.terraform.io/language/state/remote-state-data
-
-data "terraform_remote_state" "regional" {
-  backend   = "gcs"
-  workspace = "mock-workspace"
-
-  config = {
-    bucket = "mock-bucket"
-  }
-}
-
 module "test" {
   source = "../../../../../regional/manifests"
 }