[refactor] rm unneeded vars (#281)

We have had support in tftest for awhile to generate our standard vars. Make use of that everywhere.

Author: ryanking

.github/workflows/ci.yml

@@ -26,50 +26,8 @@ jobs:
     test:
         name: test ${{ matrix.module }}
         runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@v2
-            - id: filter
-              uses: dorny/paths-filter@v2
-              with:
-                filters: |
-                    module:
-                      - '${{ matrix.module }}/**'
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              uses: hashicorp/setup-terraform@v1
-              with:
-                terraform_version: 0.12.30
-                terraform_wrapper: "false"
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              uses: actions/setup-go@v2
-              with:
-                go-version: 1.14.3
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              name: Install bless provider
-              run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-bless/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              name: Check bless provider
-              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-bless*
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              name: Install Snowflake provider
-              run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-snowflake/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              name: Check Snowflake provider
-              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-snowflake*
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws configure set aws_access_key_id ${{ secrets.CI1_AWS_ACCESS_KEY_ID }} --profile cztack-ci-1
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws configure set aws_secret_access_key ${{ secrets.CI1_AWS_SECRET_ACCESS_KEY }} --profile cztack-ci-1
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws --profile cztack-ci-1 sts get-caller-identity
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws configure set aws_access_key_id ${{ secrets.CI2_AWS_ACCESS_KEY_ID }} --profile cztack-ci-2
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws configure set aws_secret_access_key ${{ secrets.CI2_AWS_SECRET_ACCESS_KEY }} --profile cztack-ci-2
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: aws --profile cztack-ci-2 sts get-caller-identity
-            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
-              run: make test-ci TEST=./${{ matrix.module }}
         strategy:
+            fail-fast: false
             matrix:
                 module:
                     - aws-acm-cert
@@ -118,7 +76,7 @@ jobs:
                     - aws-sns-lambda
                     - aws-ssm-params
                     - aws-ssm-params-writer
-                    - bless-ca/test
+                    # - bless-ca/test
                     - github-webhooks-to-s3
                     - module-template
                     - snowflake-account-grant-all
@@ -137,10 +95,54 @@ jobs:
                     - snowflake-table-grant-all
                     - snowflake-view-grant-all
                     - snowflake-warehouse-grant-all
+        steps:
+            - uses: actions/checkout@v2
+            - id: filter
+              uses: dorny/paths-filter@v2
+              with:
+                filters: |
+                    module:
+                      - '${{ matrix.module }}/**'
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              uses: hashicorp/setup-terraform@v1
+              with:
+                terraform_version: 0.12.30
+                terraform_wrapper: "false"
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              uses: actions/setup-go@v2
+              with:
+                go-version: 1.14.3
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Install bless provider
+              run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-bless/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Check bless provider
+              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-bless*
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Install Snowflake provider
+              run: curl -s https://raw.githubusercontent.com/chanzuckerberg/terraform-provider-snowflake/main/download.sh | bash -s -- -b $HOME/.terraform.d/plugins/ -d
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              name: Check Snowflake provider
+              run: ls -al $HOME/.terraform.d/plugins/terraform-provider-snowflake*
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws configure set aws_access_key_id ${{ secrets.CI1_AWS_ACCESS_KEY_ID }} --profile cztack-ci-1
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws configure set aws_secret_access_key ${{ secrets.CI1_AWS_SECRET_ACCESS_KEY }} --profile cztack-ci-1
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws --profile cztack-ci-1 sts get-caller-identity
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws configure set aws_access_key_id ${{ secrets.CI2_AWS_ACCESS_KEY_ID }} --profile cztack-ci-2
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws configure set aws_secret_access_key ${{ secrets.CI2_AWS_SECRET_ACCESS_KEY }} --profile cztack-ci-2
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: aws --profile cztack-ci-2 sts get-caller-identity
+            - if: github.event == 'push' || steps.filter.outputs.module == 'true'
+              run: make test-ci TEST=./${{ matrix.module }}
+
         timeout-minutes: 45
 name: CI
 "on":
-    pull_request: null
+    pull_request:
     push:
         branches:
             - main

aws-acm-cert/module_test.go

@@ -20,11 +20,6 @@ func TestAWSACMCertDefaults(t *testing.T) {
 
 	test := tftest.Test{
 		Setup: func(t *testing.T) *terraform.Options {
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			certDomainName := fmt.Sprintf(
 				"%s.%s",
 				tftest.UniqueID(),
@@ -44,11 +39,6 @@ func TestAWSACMCertDefaults(t *testing.T) {
 			return tftest.Options(
 				tftest.DefaultRegion,
 				map[string]interface{}{
-					"project": project,
-					"env":     env,
-					"service": service,
-					"owner":   owner,
-
 					"cert_domain_name":                     certDomainName,
 					"aws_route53_zone_id":                  route53ZoneID,
 					"validation_record_ttl":                5,

aws-aurora-mysql/module_test.go

@@ -13,11 +13,6 @@ func TestAWSAuroraMysqlDefaults(t *testing.T) {
 	test := tftest.Test{
 
 		Setup: func(t *testing.T) *terraform.Options {
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			vpc := tftest.EnvVar(tftest.EnvVPCID)
 			databaseSubnetGroup := tftest.EnvVar(tftest.EnvDatabaseSubnetGroup)
 			ingressCidrBlocks := tftest.EnvVar(tftest.EnvVPCCIDRBlock)
@@ -29,10 +24,6 @@ func TestAWSAuroraMysqlDefaults(t *testing.T) {
 			return tftest.Options(
 				tftest.DefaultRegion,
 				map[string]interface{}{
-					"project": project,
-					"env":     env,
-					"service": service,
-					"owner":   owner,
 
 					"vpc_id":                vpc,
 					"database_subnet_group": databaseSubnetGroup,

aws-cloudfront-domain-redirect/module_test.go

@@ -16,11 +16,6 @@ func TestModule(t *testing.T) {
 			route53Zone := tftest.EnvVar(tftest.EnvRoute53ZoneName)
 			targetSubdomain := tftest.UniqueID()
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			target_domain := fmt.Sprintf("%s.%s", targetSubdomain, route53Zone)
 			source_domain := fmt.Sprintf("%s.%s", tftest.UniqueID(), route53Zone)
 			source_domain_zone_id := tftest.EnvVar(tftest.EnvRoute53ZoneID)
@@ -31,11 +26,6 @@ func TestModule(t *testing.T) {
 					"target_domain":         target_domain,
 					"source_domain":         source_domain,
 					"source_domain_zone_id": source_domain_zone_id,
-
-					"project": project,
-					"env":     env,
-					"service": service,
-					"owner":   owner,
 				},
 			)
 		},

aws-cloudfront-logs-bucket/module_test.go

@@ -13,21 +13,11 @@ import (
 func TestPrivateBucketDefaults(t *testing.T) {
 	test := &tftest.Test{
 		Setup: func(t *testing.T) *terraform.Options {
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			bucketName := tftest.UniqueID()
 
 			return tftest.Options(
 				tftest.DefaultRegion,
 				map[string]interface{}{
-					"project": project,
-					"env":     env,
-					"service": service,
-					"owner":   owner,
-
 					"bucket_name": bucketName,
 				},
 			)

aws-efs-volume/module_test.go

@@ -10,21 +10,11 @@ import (
 func TestEfsVolume(t *testing.T) {
 	test := tftest.Test{
 		Setup: func(t *testing.T) *terraform.Options {
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			volumeName := tftest.UniqueID()
 
 			return tftest.Options(
 				tftest.DefaultRegion,
 				map[string]interface{}{
-					"project": project,
-					"env":     env,
-					"service": service,
-					"owner":   owner,
-
 					"volume_name": volumeName,
 					"vpc_id":      tftest.EnvVar(tftest.EnvVPCID),
 					"subnet_ids":  tftest.ListEnvVar("PRIVATE_SUBNETS"),

aws-iam-role-bless/module_test.go

@@ -11,30 +11,16 @@ import (
 func TestIAMRoleBless(t *testing.T) {
 	test := tftest.Test{
 		Setup: func(t *testing.T) *terraform.Options {
-			region := tftest.IAMRegion
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
-			return &terraform.Options{
-				TerraformDir: ".",
-
-				Vars: map[string]interface{}{
+			return tftest.Options(
+				tftest.IAMRegion,
+				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 					"bless_lambda_arns": []string{"arn:aws:lambda:us-west-2:111111111111:function:test"},
 				},
-				EnvVars: map[string]string{
-					"AWS_DEFAULT_REGION": region,
-				},
-			}
+			)
 		},
 		Validate: func(t *testing.T, options *terraform.Options) {},
 	}

aws-iam-role-cloudfront-poweruser/module_test.go

@@ -14,22 +14,13 @@ func TestAWSIAMRoleCloudfrontPoweruser(t *testing.T) {
 		Setup: func(t *testing.T) *terraform.Options {
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			return tftest.Options(
 				tftest.IAMRegion,
 
 				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"iam_path":          fmt.Sprintf("/%s/", random.UniqueId()),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 				},
 			)
 		},

aws-iam-role-crossacct/module_test.go

@@ -13,21 +13,12 @@ func TestAWSIAMRoleCrossAcct(t *testing.T) {
 		Setup: func(t *testing.T) *terraform.Options {
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			return tftest.Options(
 				tftest.IAMRegion,
 
 				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 				},
 			)
 		},

aws-iam-role-ec2-poweruser/module_test.go

@@ -13,20 +13,11 @@ func TestAWSIAMRoleEC2Poweruser(t *testing.T) {
 		Setup: func(t *testing.T) *terraform.Options {
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			return tftest.Options(
 				tftest.IAMRegion,
 				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 				},
 			)
 		},

aws-iam-role-ecs-poweruser/main.tf

@@ -58,7 +58,7 @@ resource "aws_iam_role" "ecs-poweruser" {
 
 resource "aws_iam_role_policy_attachment" "ecs-fullaccess" {
   role       = aws_iam_role.ecs-poweruser.name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonECS_FullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "ecr-poweruser" {

aws-iam-role-ecs-poweruser/module_test.go

@@ -13,21 +13,12 @@ func TestAWSIAMRoleEcsPoweruser(t *testing.T) {
 		Setup: func(t *testing.T) *terraform.Options {
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			return tftest.Options(
 				tftest.IAMRegion,
 
 				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 				},
 			)
 		},

aws-iam-role-infraci/module_test.go

@@ -14,20 +14,11 @@ func TestAWSIAMRoleInfraCI(t *testing.T) {
 		Setup: func(t *testing.T) *terraform.Options {
 			curAcct := tftest.AWSCurrentAccountID(t)
 
-			project := tftest.UniqueID()
-			env := tftest.UniqueID()
-			service := tftest.UniqueID()
-			owner := tftest.UniqueID()
-
 			return tftest.Options(
 				tftest.IAMRegion,
 				map[string]interface{}{
 					"role_name":         random.UniqueId(),
 					"source_account_id": curAcct,
-					"project":           project,
-					"env":               env,
-					"service":           service,
-					"owner":             owner,
 					"iam_path":          fmt.Sprintf("/%s/", random.UniqueId()),
 				},
 			)