Migrate tests to Localstack (#112)

* Migrate tests to Localstack * Fix fmt + add non OSS version * Parallel tests
grem11n · Feb 13, 2024 · de195dc · de195dc
1 parent 8c9568d
commit de195dc
Show file tree

Hide file tree

Showing 37 changed files with 332 additions and 308 deletions.
diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml
@@ -21,7 +21,7 @@ jobs:
  runs-on: ubuntu-latest
  strategy:
  matrix:
- terraform: ['1.3.7']
+ terraform: ['1.5.7', '1.7.3']
  steps:
  - uses: actions/checkout@master
  - uses: hashicorp/setup-terraform@v1
@@ -36,15 +36,13 @@ jobs:
  name: terratest
  runs-on: ubuntu-latest
  strategy:
- max-parallel: 1
  matrix:
- terraform: ['1.3.7']
+ terraform: ['1.5.7', '1.7.3']
  steps:
  - name: Set up Go
  uses: actions/setup-go@v2
  with:
- go-version: '1.19'
-
+ go-version: '1.21'
  - name: Checkout
  uses: actions/checkout@v1
  with:
@@ -58,13 +56,12 @@ jobs:
  sudo unzip -d /tmp/ /tmp/terraform.zip &&
  sudo mv /tmp/terraform /usr/local/bin/
 
+ - name: Start Localstack
+ run: docker-compose up -d
+
  - name: Terratest
  env:
  GOPATH: /home/runner/work/terraform-aws-vpc-peering/go
- TF_VAR_aws_peer_access_key: ${{ secrets.TF_VAR_aws_peer_access_key }}
- TF_VAR_aws_peer_secret_key: ${{ secrets.TF_VAR_aws_peer_secret_key }}
- TF_VAR_aws_this_access_key: ${{ secrets.TF_VAR_aws_this_access_key }}
- TF_VAR_aws_this_secret_key: ${{ secrets.TF_VAR_aws_this_secret_key }}
  run: >
  go mod init github.com/grem11n/terraform-aws-vpc-peering &&
  go mod tidy &&

diff --git a/.gitignore b/.gitignore
@@ -21,3 +21,6 @@ go.sum
 
 # Environment variables
 .env
+
+# Localstack
+volume/
diff --git a/data.tf b/data.tf
@@ -39,17 +39,17 @@ data "aws_subnet" "peer" {
 
 # this vpc main route table
 data "aws_route_table" "this_main_route_table" {
- provider  = aws.this
+ provider = aws.this
  vpc_id = var.this_vpc_id
  filter {
  name = "association.main"
  values = ["true"]
- } 
+ }
 }
 
 # this subnets
 data "aws_subnets" "this" {
- provider  = aws.this
+ provider = aws.this
  filter {
  name = "vpc-id"
  values = [var.this_vpc_id]
@@ -58,7 +58,7 @@ data "aws_subnets" "this" {
 
 # get route tables associated with subnets
 data "aws_route_tables" "this_associated_route_tables" {
- for_each = { for subnet in data.aws_subnets.this.ids: subnet => subnet }
+ for_each = { for subnet in data.aws_subnets.this.ids : subnet => subnet }
  provider = aws.this
  vpc_id = var.this_vpc_id
  filter {
@@ -72,17 +72,17 @@ data "aws_route_tables" "this_associated_route_tables" {
 
 # peer vpc main route table
 data "aws_route_table" "peer_main_route_table" {
- provider  = aws.peer
+ provider = aws.peer
  vpc_id = var.peer_vpc_id
  filter {
  name = "association.main"
  values = ["true"]
- } 
+ }
 }
 
 # peer subnets
 data "aws_subnets" "peer" {
- provider  = aws.peer
+ provider = aws.peer
  filter {
  name = "vpc-id"
  values = [var.peer_vpc_id]
@@ -91,7 +91,7 @@ data "aws_subnets" "peer" {
 
 # get route tables associated with subnets
 data "aws_route_tables" "peer_associated_route_tables" {
- for_each = { for subnet in data.aws_subnets.peer.ids: subnet => subnet }
+ for_each = { for subnet in data.aws_subnets.peer.ids : subnet => subnet }
  provider = aws.peer
  vpc_id = var.peer_vpc_id
  filter {

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,14 @@
+---
+version: "3.8"
+services:
+ localstack:
+ container_name: "${LOCALSTACK_DOCKER_NAME:-localstack-main}"
+ image: localstack/localstack
+ ports:
+ - "127.0.0.1:4566:4566" # LocalStack Gateway
+ - "127.0.0.1:4510-4559:4510-4559" # external services port range
+ environment:
+ # LocalStack configuration: https://docs.localstack.cloud/references/configuration/
+ - DEBUG=${DEBUG:-0}
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock"
diff --git a/examples/associated-cidrs/provider.tf b/examples/associated-cidrs/provider.tf
@@ -1,5 +1,15 @@
+// This provider example is designed to work with Localstack.
+// You need to have a real AWS provider configuration for the production usage.
 provider "aws" {
- region = "eu-west-1"
- access_key = var.aws_this_access_key
- secret_key = var.aws_this_secret_key
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "eu-west-1"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
diff --git a/examples/associated-cidrs/variables.tf b/examples/associated-cidrs/variables.tf
@@ -1,13 +1,4 @@
 // Variables are required to pass them via Terratest
 // on fixtures creation
 variable "this_vpc_id" {}
-
 variable "peer_vpc_id" {}
-
-variable "aws_this_access_key" {
- description = "AWS Access Key for requester account"
-}
-
-variable "aws_this_secret_key" {
- description = "AWS Secret Key for requester account"
-}
diff --git a/examples/module-depends-on/README.md b/examples/module-depends-on/README.md
@@ -1,4 +1,6 @@
-# Using depends_on With This Module
+# Using `depends_on` With This Module
+
+**Warning**: There's a bug which prevents the creation of peering with the `depends_on` directove. Thus, Terraform should be executed twice to address that.
 
 If you're using Terraform `>=0.13`, you [can use `depends_on` meta-argument with modules as well](https://www.terraform.io/docs/language/meta-arguments/depends_on.html)
 

diff --git a/examples/module-depends-on/provider.tf b/examples/module-depends-on/provider.tf
@@ -1,5 +1,15 @@
+// This provider example is designed to work with Localstack.
+// You need to have a real AWS provider configuration for the production usage.
 provider "aws" {
- region = "eu-west-1"
- access_key = var.aws_this_access_key
- secret_key = var.aws_this_secret_key
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "eu-west-1"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
diff --git a/examples/module-depends-on/variables.tf b/examples/module-depends-on/variables.tf
@@ -1,11 +1,3 @@
-variable "aws_this_access_key" {
- description = "AWS Access Key for requester account"
-}
-
-variable "aws_this_secret_key" {
- description = "AWS Secret Key for requester account"
-}
-
 variable "this_subnets" {
  description = "Subnet list for _this_ VPC"
  type = list(string)

diff --git a/examples/multi-account-multi-region/provider.tf b/examples/multi-account-multi-region/provider.tf
@@ -1,13 +1,31 @@
+// This provider example is designed to work with Localstack.
+// You need to have a real AWS provider configuration for the production usage.
 provider "aws" {
- alias = "this"
- region = "eu-west-1"
- access_key = var.aws_this_access_key
- secret_key = var.aws_this_secret_key
+ alias = "this"
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "eu-west-1"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
 
 provider "aws" {
- alias = "peer"
- region = "eu-central-1"
- access_key = var.aws_peer_access_key
- secret_key = var.aws_peer_secret_key
+ alias = "peer"
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "eu-central-1"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
diff --git a/examples/multi-account-multi-region/variables.tf b/examples/multi-account-multi-region/variables.tf
@@ -1,21 +1,4 @@
 // Variables are required to pass them via Terratest
 // on fixtures creation
 variable "this_vpc_id" {}
-
 variable "peer_vpc_id" {}
-
-variable "aws_this_access_key" {
- description = "AWS Access Key for requester account"
-}
-
-variable "aws_this_secret_key" {
- description = "AWS Secret Key for requester account"
-}
-
-variable "aws_peer_access_key" {
- description = "AWS Access Key for accepter account"
-}
-
-variable "aws_peer_secret_key" {
- description = "AWS Secret Key for accepter account"
-}
diff --git a/examples/multi-account-single-region/provider.tf b/examples/multi-account-single-region/provider.tf
@@ -1,13 +1,31 @@
+// This provider example is designed to work with Localstack.
+// You need to have a real AWS provider configuration for the production usage.
 provider "aws" {
- alias = "this"
- region = "ap-southeast-2"
- access_key = var.aws_this_access_key
- secret_key = var.aws_this_secret_key
+ alias = "this"
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "ap-southeast-2"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
 
 provider "aws" {
- alias = "peer"
- region = "ap-southeast-2"
- access_key = var.aws_peer_access_key
- secret_key = var.aws_peer_secret_key
+ alias = "peer"
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
+ }
+ region = "ap-southeast-2"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
diff --git a/examples/multi-account-single-region/variables.tf b/examples/multi-account-single-region/variables.tf
@@ -1,21 +1,4 @@
 // Variables are required to pass them via Terratest
 // on fixtures creation
 variable "this_vpc_id" {}
-
 variable "peer_vpc_id" {}
-
-variable "aws_this_access_key" {
- description = "AWS Access Key for requester account"
-}
-
-variable "aws_this_secret_key" {
- description = "AWS Secret Key for requester account"
-}
-
-variable "aws_peer_access_key" {
- description = "AWS Access Key for accepter account"
-}
-
-variable "aws_peer_secret_key" {
- description = "AWS Secret Key for accepter account"
-}
diff --git a/examples/partial-subnets/provider.tf b/examples/partial-subnets/provider.tf
@@ -1,20 +1,32 @@
+// This provider example is designed to work with Localstack.
+// You need to have a real AWS provider configuration for the production usage.
 provider "aws" {
  alias = "this"
- region = var.this_region != "" ? var.this_region : "eu-west-2"
- assume_role {
- role_arn = var.this_assume_role_arn != "" ? var.this_assume_role_arn : null 
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
  }
- access_key = var.aws_this_access_key != "" ? var.aws_this_access_key : null
- secret_key = var.aws_this_secret_key != "" ? var.aws_this_secret_key : null
+ region = "eu-west-2"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }
 
 provider "aws" {
  alias = "peer"
- region = var.peer_region != "" ? var.peer_region : "eu-central-1"
- assume_role {
- role_arn = var.peer_assume_role_arn != "" ? var.peer_assume_role_arn : null
+ endpoints {
+ ec2 = "http://localhost:4566"
+ s3 = "http://localhost:4566"
+ sts = "http://localhost:4566"
  }
- access_key = var.aws_peer_access_key != "" ? var.aws_peer_access_key : null
- secret_key = var.aws_peer_secret_key != "" ? var.aws_peer_secret_key : null
+ region = "eu-central-1"
+ access_key = "null"
+ secret_key = "null"
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
 }