search

defenseunicorns / delivery-aws-iac

Apache License 2.0
14 stars 5 forks source link

lambda_password_function_arn output causing test failure with test-complete-plan-only? #373

Closed bunchmj closed 10 months ago

bunchmj commented 11 months ago

Persona

Delivery IAC

Description

Running the target test-complete-plan-only seems to fail due to missing values in references to lambda_password_function_arn in output(s): delivery-aws-iac/modules/lambda/output.tf and delivery-aws-iac/examples/complete/outputs.tf with enable_password_rotation_lambda=false.

Log of terraform plan being run:

TestExamplesCompletePlanOnly 2023-10-11T20:03:02Z retry.go:91: terraform [plan -input=false -lock=false -var-file fixtures.common.tfvars -var-file fixtures.insecure.tfvars -var keycloak_enabled=false -var enable_password_rotation_lambda=false -lock=false]
TestExamplesCompletePlanOnly 2023-10-11T20:03:02Z logger.go:66: Running command terraform with args [plan -input=false -lock=false -var-file fixtures.common.tfvars -var-file fixtures.insecure.tfvars -var keycloak_enabled=false -var enable_password_rotation_lambda=false -lock=false]

image

Test passes if output references are removed: image image

TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: Changes to Outputs:
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + bastion_instance_id   = (sensitive value)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + bastion_private_dns   = (sensitive value)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + bastion_region        = (sensitive value)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + efs_storageclass_name = (known after apply)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + eks_cluster_name      = (sensitive value)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66:   + vpc_cidr              = (sensitive value)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: ╷
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ Warning: Argument is deprecated
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │   with module.bastion.aws_ssm_parameter.cloudwatch_configuration_file,
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │   on .terraform/modules/bastion/logging.tf line 35, in resource "aws_ssm_parameter" "cloudwatch_configuration_file":
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │   35:   overwrite = true
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ this attribute has been deprecated
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: │ (and 5 more similar warnings elsewhere)
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: ╵
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: ─────────────────────────────────────────────────────────────────────────────
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: 
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: Note: You didn't use the -out option to save this plan, so Terraform can't
TestExamplesCompletePlanOnly 2023-10-11T20:36:44Z logger.go:66: guarantee to take exactly these actions if you run "terraform apply" now.
--- PASS: TestExamplesCompletePlanOnly (29.59s)
PASS
ok      github.com/defenseunicorns/delivery-aws-iac/test/e2e    29.609s

Running targets test-complete-insecure and test-complete-secure don't seem to have the same issue.