Module testing (#5)

* Introduce Terratest

1. Refactor KMS module to use `data` block for policy
2. Refactor VPC and subnets to use default vpc
3. Variablise naming of each resource
4. Add initial set of tests for Vault

* Use default KMS keys

* Documentation updates

* Test Vault creation only

* Update pre-commit-config

* Module fix

* Add new example and update test

* golint

* Adjustments to README

* Use 'Equal' instead of 'Contains'

Author: Abdul Wahid

.pre-commit-config.yaml

@@ -18,7 +18,7 @@ repos:
     args: ['--allow-missing-credentials']
   - id: trailing-whitespace
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.44.0
+  rev: v1.45.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs

CHANGELOG.md

@@ -2,11 +2,34 @@
 
 All notable changes to this project will be documented in this file.
 
+<a name="unreleased"></a>
+## [Unreleased]
+
+- Documentation updates
+- Use default KMS keys
+- Introduce Terratest
+
+
+<a name="1.1.0"></a>
+## [1.1.0] - 2020-11-18
+
+- Allow for multiple selection conditions for a backup plan ([#4](https://github.com/umotif-public/terraform-aws-backup/issues/4))
+- Update example in README ([#3](https://github.com/umotif-public/terraform-aws-backup/issues/3))
+
+
+<a name="1.0.1"></a>
+## [1.0.1] - 2020-11-13
+
+- target_vault_name reference a resource not a variable ([#2](https://github.com/umotif-public/terraform-aws-backup/issues/2))
+
+
 <a name="1.0.0"></a>
 ## 1.0.0 - 2020-11-09
 
 - Complete AWS Backup module ([#1](https://github.com/umotif-public/terraform-aws-backup/issues/1))
 - Initial commit
 
 
-[Unreleased]: https://github.com/umotif-public/terraform-aws-backup/compare/1.0.0...HEAD
+[Unreleased]: https://github.com/umotif-public/terraform-aws-backup/compare/1.1.0...HEAD
+[1.1.0]: https://github.com/umotif-public/terraform-aws-backup/compare/1.0.1...1.1.0
+[1.0.1]: https://github.com/umotif-public/terraform-aws-backup/compare/1.0.0...1.0.1

README.md

@@ -1,5 +1,6 @@
-# terraform-aws-backup
-Terraform module to provision AWS Backup resources
+# Terraform AWS Backup
+
+Terraform module to provision [AWS Backup](https://aws.amazon.com/backup/) resources.
 
 ## Terraform versions
 
@@ -10,7 +11,7 @@ Terraform 0.13. Pin module version to `~> v1.0`. Submit pull-requests to `master
 ```hcl
 module "backup" {
   source = "umotif-public/backup/aws"
-  version = "~> 1.0.0"
+  version = "~> 1.0"
 
   vault_name        = "test-rds-aurora"
   vault_kms_key_arn = "arn:aws:kms:eu-west-1:1111111111:key/07a8a813-fcc9-4d7f-a982648d9c25"
@@ -40,7 +41,7 @@ module "backup" {
   ]
 
   selection_name = "test-backup-selection"
-  selection_resources = ["arn:aws:rds:eu-west-1:1111111111:cluster:example-dataabase-1"]
+  selection_resources = ["arn:aws:rds:eu-west-1:1111111111:cluster:example-database-1"]
 
   selection_tags = [
     {
@@ -66,12 +67,14 @@ Module is to be used with Terraform > 0.13.
 * [Backup with Aurora MySQL](https://github.com/umotif-public/terraform-aws-backup/tree/master/examples/one-db)
 * [Backup with Aurora MySQL and Aurora PostgreSQL](https://github.com/umotif-public/terraform-aws-backup/tree/master/examples/multiple-dbs)
 * [Backup with an externally created Vault](https://github.com/umotif-public/terraform-aws-backup/tree/master/examples/external-vault)
+* [Backup with Vault only](https://github.com/umotif-public/terraform-aws-backup/tree/master/examples/vault)
 
 ## Authors
 
 Module managed by:
-* [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](https://www.linkedin.com/in/marcincuber/)
-* [Abdul Wahid](https://github.com/Ohid25) [LinkedIn](https://www.linkedin.com/in/abdul-wahid/)
+
+* [Marcin Cuber](https://github.com/marcincuber) ([LinkedIn](https://www.linkedin.com/in/marcincuber/))
+* [Abdul Wahid](https://github.com/Ohid25) ([LinkedIn](https://www.linkedin.com/in/abdul-wahid/))
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -96,7 +99,7 @@ Module managed by:
 | plan\_name | The display name of a backup plan | `string` | n/a | yes |
 | rule\_completion\_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | `null` | no |
 | rule\_copy\_action\_destination\_vault\_arn | An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. | `string` | `null` | no |
-| rule\_copy\_action\_lifecycle | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map` | `{}` | no |
+| rule\_copy\_action\_lifecycle | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map(any)` | `{}` | no |
 | rule\_lifecycle\_cold\_storage\_after | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | `null` | no |
 | rule\_lifecycle\_delete\_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | `null` | no |
 | rule\_name | An display name for a backup rule | `string` | `null` | no |
@@ -109,7 +112,7 @@ Module managed by:
 | selection\_tag\_key | The key in a key-value pair | `string` | `null` | no |
 | selection\_tag\_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | `string` | `null` | no |
 | selection\_tag\_value | The value in a key-value pair | `string` | `null` | no |
-| selection\_tags | A list of selection tags map | `list` | `[]` | no |
+| selection\_tags | A list of selection tags map | `list(any)` | `[]` | no |
 | tags | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
 | vault\_kms\_key\_arn | The server-side encryption key that is used to protect your backups | `string` | `null` | no |
 | vault\_name | Name of the backup vault to create. If not given, AWS use default | `string` | `null` | no |
@@ -132,13 +135,28 @@ Module managed by:
 
 See LICENSE for full details.
 
-## Pre-commit hooks
+## Pre-commit hooks & Golang for Terratest
 
 ### Install dependencies
 
 * [`pre-commit`](https://pre-commit.com/#install)
 * [`terraform-docs`](https://github.com/segmentio/terraform-docs) required for `terraform_docs` hooks.
 * [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
+* [`golang`](https://formulae.brew.sh/formula/go) required for running tests.
+
+#### Terratest
+
+We are using [Terratest](https://terratest.gruntwork.io/) to run tests on this module.
+
+```bash
+brew install go
+# Change to test directory
+cd test
+# Get dependencies
+go mod download
+# Run tests
+go test -v -timeout 30m
+```
 
 #### MacOS
 

examples/external-vault/main.tf

@@ -8,59 +8,16 @@ data "aws_region" "current" {}
 ######
 # KMS
 ######
-module "kms-backup" {
-  source  = "umotif-public/kms/aws"
-  version = "~> 1.0"
-
-  alias_name              = "backup-kms-test-key"
-  deletion_window_in_days = 7
-  enable_key_rotation     = true
-  policy = jsonencode(
-    {
-      "Version" : "2012-10-17",
-      "Statement" : [
-        {
-          "Sid" : "Enable IAM User Permissions",
-          "Effect" : "Allow",
-          "Principal" : {
-            "AWS" : [
-              "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
-              data.aws_caller_identity.current.arn
-            ]
-          },
-          "Action" : "kms:*",
-          "Resource" : "*"
-        },
-        {
-          "Sid" : "Allow use of the key",
-          "Effect" : "Allow",
-          "Principal" : {
-            "Service" : ["backup.amazonaws.com"]
-          },
-          "Action" : [
-            "kms:Encrypt",
-            "kms:Decrypt",
-            "kms:ReEncrypt*",
-            "kms:GenerateDataKey*",
-            "kms:DescribeKey"
-          ],
-          "Resource" : "*"
-        }
-      ]
-    }
-  )
-
-  tags = {
-    Environment = "test"
-  }
+data "aws_kms_key" "backup" {
+  key_id = "alias/aws/backup"
 }
 
 #########
 # Backup
 #########
 resource "aws_backup_vault" "external_vault" {
-  name        = "external-test"
-  kms_key_arn = module.kms-backup.key_arn
+  name        = "${var.name_prefix}-external"
+  kms_key_arn = data.aws_kms_key.backup.arn
   tags = {
     Enviroment = "test"
     Vault      = "external"
@@ -71,11 +28,11 @@ module "backup" {
   source = "../.."
 
   # Create a backup plan
-  plan_name = "test-backup-plan"
+  plan_name = "${var.name_prefix}-backup-plan"
 
   rules = [
     {
-      name              = "test-backup-rule"
+      name              = "${var.name_prefix}-backup-rule"
       target_vault_name = aws_backup_vault.external_vault.name
       schedule          = "cron(0 12 * * ? *)"
       start_window      = "65"
@@ -87,12 +44,12 @@ module "backup" {
 
       lifecycle = {
         cold_storage_after = 0
-        delete_after       = 90
+        delete_after       = 95
       }
     }
   ]
 
-  selection_name = "test-backup-selection"
+  selection_name = "${var.name_prefix}-backup-selection"
 
   selection_tags = [
     {

examples/external-vault/variables.tf

@@ -0,0 +1,5 @@
+variable "name_prefix" {
+  description = "A prefix used for naming resources."
+  type        = string
+  default     = "example"
+}