Merge pull request #5 from sourcefuse/feature/arc-dms-terratest

test(terraform): add Terratest setup using Go

Author: nikhilk145

.github/workflows/terraform-test.yaml

@@ -0,0 +1,86 @@
+---
+name: Terratest
+on:        # yamllint disable-line rule:truthy
+  pull_request:
+    types: [opened]
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'Pull Request Number'
+        required: true
+
+permissions:
+  id-token: write
+  contents: read
+  statuses: write  # Required for setting commit status
+
+jobs:
+  terratest:
+    runs-on: ubuntu-latest
+    name: Terratest Checks
+
+    env:
+      PR_NUMBER: >-
+        ${{ github.event_name == 'workflow_dispatch' &&
+        github.event.inputs.pr_number || github.event.pull_request.number }}
+
+
+    steps:
+      - name: Checkout PR code
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ env.PR_NUMBER }}/head
+
+      - name: Configure AWS credentials via OIDC
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.ARC_IAC_TERRATEST_ROLE }}
+          aws-region: us-east-1
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24'
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.7.5
+          terraform_wrapper: false
+
+      - name: Create test directory and download go from S3
+        run: |
+          mkdir -p terra-test
+          aws s3 cp ${{ secrets.ARC_TERRATEST_GO_FILE }} terra-test/terra_test.go
+      - name: Initialize Go module and install dependencies
+        run: |
+          cd terra-test
+          ls
+          go mod init terraform-test || true
+          go get github.com/gruntwork-io/terratest/modules/terraform
+          go get github.com/stretchr/testify/assert
+          go mod tidy
+          go test -v -timeout 50m
+      - name: Report check status manually
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const pr_number = parseInt(process.env.PR_NUMBER);
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: pr_number,
+            });
+            const sha = pr.data.head.sha;
+            await github.rest.repos.createCommitStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              sha: sha,
+              state: 'success',
+              context: 'terratest',
+              description: 'Manual terratest completed successfully',
+              target_url:
+                `https://github.com/${context.repo.owner}/${context.repo.repo}` +
+                `/actions/runs/${process.env.GITHUB_RUN_ID}`,
+            });

examples/.terraform.lock.hcl renamed to example/.terraform.lock.hcl

@@ -6,15 +6,20 @@ data "aws_vpc" "vpc" {
   }
 }
 
-## Network
+## Network - Public Subnets
 data "aws_subnets" "this" {
   filter {
     name = "tag:Name"
     values = [
-      "${var.project_name}-${var.environment}-subnet-${var.region}a",
-      "${var.project_name}-${var.environment}-subnet-${var.region}b"
+      "${var.project_name}-${var.environment}-public-subnet-public-${var.region}a",
+      "${var.project_name}-${var.environment}-public-subnet-public-${var.region}b"
     ]
   }
+
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.vpc.id]
+  }
 }
 
 ## Security
@@ -32,9 +37,9 @@ data "aws_security_groups" "this" {
 
 ## Secrets Manager
 data "aws_secretsmanager_secret" "source-secret" {
-  name = "source-secret"
+  name = "arc-poc-rds-connection-details"
 }
 
 data "aws_secretsmanager_secret" "target-secret" {
-  name = "target-secret"
+  name = "arc-dev-target-database-connection"
 }

examples/data.tf renamed to example/data.tf

@@ -43,8 +43,8 @@ module "aws_dms" {
   instance_allocated_storage      = 5
   instance_apply_immediately      = true
   instance_network_type           = "IPV4"
-  instance_class                  = "dms.t2.micro"
-  instance_id                     = "DMS-POC"
+  instance_class                  = "dms.t3.micro"
+  instance_id                     = "dms-poc"
   instance_subnet_group_id        = "dms-poc-public-subnet-group"
   instance_publicly_accessible    = true
   instance_vpc_security_group_ids = data.aws_security_groups.this.ids #Security Group ID
@@ -54,7 +54,7 @@ module "aws_dms" {
       endpoint_id         = "dms-poc-endpoint-1"
       endpoint_type       = "source"
       engine_name         = "postgres"
-      database_name       = "poc"
+      database_name       = "poc_source"
       secrets_manager_arn = data.aws_secretsmanager_secret.source-secret.arn #Source endpoint secret arn
       ssl_mode            = "require"
 

examples/main.tf renamed to example/main.tf

@@ -0,0 +1,4 @@
+output "replication_instance_arn" {
+  description = "The Amazon Resource Name (ARN) of the replication instance"
+  value       = module.aws_dms.replication_instance_arn
+}

example/output.tf

@@ -24,5 +24,5 @@ variable "environment" {
 variable "project_name" {
   description = "Name of the project the vpn resource belongs to."
   type        = string
-  default     = "arc-example"
+  default     = "arc"
 }

examples/variables.tf renamed to example/variables.tf

@@ -40,6 +40,14 @@ resource "aws_iam_role_policy" "dms_secrets_manager_access_policy" {
         Effect   = "Allow",
         Action   = "iam:PassRole",
         Resource = aws_iam_role.dms_secrets_manager_access_role.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "kms:Decrypt",
+          "kms:DescribeKey"
+        ],
+        Resource = "*"
       }
     ]
   })