search

YakDriver / terraform-cred-tests

Working and non-working tests of Terraform's credential use.
Mozilla Public License 2.0
1 stars 1 forks source link

readme

terraform-cred-tests

Working and non-working tests of Terraform's credential use.

quick and dirty

Each test (each is a subdirectory of the tests/ directory) has a README and a Makefile. Follow the steps in the individual test's README and run make:

$ make test

current tests

Test Status Issue
basic :+1: None
credproc :+1: None
credproc_assume_role :x: hashicorp/aws-sdk-go-base#4
credproc_nondefault_profile :+1: terraform-providers/terraform-provider-aws#6913
credproc_s3_backend :+1: terraform-providers/terraform-provider-aws#6913
role_assume_after_create :x: terraform-providers/terraform-provider-aws#6566
role_assume_after_create_workaround :+1: terraform-providers/terraform-provider-aws#6566

contributions

Adding working and, especially, non-working tests by forking and opening a pull request.

Making a new test:

  1. Fork & clone this repo
  2. Find the most similar existing test
  3. Go to your local clone directory
  4. git checkout -b my-awesome-test
  5. cd tests
  6. cp -R existing_similar_test new_name_for_your_test
  7. cd new_name_for_your_test
  8. Edit the README.md, dotenv and *.tf files in new_name_for_your_test
  9. Run your test using the makefile (make which is equivalent to make test) - make will setup the environment and run Terraform for you
    • If your test is successful, make will destroy and clean up in the same pass
    • If your test is not successful, make clean should get rid of the resources and files (will also get rid of the logs which are helpful in debugging) (WARNING: some tests might leave resources that you'll have to manually delete in the AWS console/CLI)
  10. Edit this README.md with the test name and status
  11. git add .
  12. git commit -m "Add new test for (briefly describe the test)"
  13. git push -u my-awesome-test
  14. Go to GitHub and open a pull request!

work in progress notes

Variables affecting credentialling:

Where tests can be compared to determine the source of the problem:

Specific cases not captured in tests yet:

S3 Backend

terraform {
  backend "s3" {
    bucket = "mybucket"
    key    = "path/to/my/key"
    region = "us-east-1"
  }
}

Assume role

provider "aws" {
  assume_role = "${var.workspace_iam_roles[terraform.workspace]}"
}