initial commit

modules/util/terraform-aws-cli/tests/empty_result/expected_variables.json

@@ -0,0 +1,24 @@
+{
+  "assume_role_arn": {
+    "value": ""
+  },
+  "aws_cli_commands": {
+    "value": [
+      "guardduty",
+      "update-detector",
+      "--finding-publishing-frequency",
+      "ONE_HOUR",
+      "--detector-id",
+      "0123456789abcdef0123456789abcdef"
+    ]
+  },
+  "aws_cli_query": {
+    "value": ""
+  },
+  "debug_log_filename": {
+    "value": ""
+  },
+  "role_session_name": {
+    "value": "empty_result"
+  }
+}

modules/util/terraform-aws-cli/tests/empty_result/notes.txt

@@ -0,0 +1,26 @@
+This test requires Guard Duty. As this is a paid service, the test is disabled.
+
+The test can be enabled by running the following commands with a suitable profile or set of AWS credentials in play.
+
+1. Create the Guard Duty detector
+
+   aws guardduty create-detector --enable
+
+
+2. Get the detector ID
+
+   aws guardduty list-detectors --query='DetectorIds[0]'
+
+
+3. Copy the detector ID reported into terraform.tfvars and update the expected_variables.json file to match, replacing
+   0123456789abcdef0123456789abcdef (unless that's your detector ID of course! ... It COULD happen!)
+
+
+4. Change the RUN_TEST to true in ./test.sh
+
+
+Once you've finished the testing, revert the changes above, and disable the detector using
+
+   aws guardduty delete-detector --detector-id <detector_id>
+
+replacing <detector_id> with the detector ID you extracted in step 2 above.

modules/util/terraform-aws-cli/tests/empty_result/terraform.tfvars

@@ -0,0 +1,3 @@
+// An empty result from AWS
+aws_cli_commands  = ["guardduty", "update-detector", "--finding-publishing-frequency", "ONE_HOUR", "--detector-id", "0123456789abcdef0123456789abcdef"]
+role_session_name = "empty_result"

modules/util/terraform-aws-cli/tests/empty_result/test.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+function run_test() {
+if [[ ! -f $PLAN_FILE ]]; then
+  echo "Failed to generate a plan - $PLAN_FILE";
+  exit 1;
+fi
+
+if [[ ! "$(terraform show -json $PLAN_FILE | jq -MSr .variables)" == "$(cat $EXPECTED_VARIABLES)" ]]; then
+  echo 'Failed to incorporate expected variable values into plan.';
+  exit 2;
+fi
+
+terraform apply -auto-approve -backup=- -state-out $STATE_FILE -var-file $TERRAFORM_TFVARS > $APPLY_LOG_FILE 2> $APPLY_ERROR_FILE
+
+if [[ ! -f $STATE_FILE ]]; then
+  echo "Failed to generate state file - $STATE_FILE";
+  exit 3;
+fi
+
+# Validate the presence of the plan error file.
+if [[ ! -f $PLAN_ERROR_FILE ]]; then
+  echo "Failed to generate plan error file - $PLAN_ERROR_FILE";
+  exit 4;
+fi
+
+# Validate the plan error file is empty.
+if [[ -s $PLAN_ERROR_FILE ]]; then
+  echo "Plan error file is not empty - $PLAN_ERROR_FILE";
+  exit 5;
+fi
+}
+
+# Set to true to allow this test to run
+RUN_TEST=false
+if [[ "$RUN_TEST" == "false" ]]; then
+  echo "Start   : $(dirname $0)";
+  echo "Skipped : $(dirname $0) : See $(dirname $0)/notes.txt";
+else
+  . tests/common.sh $0
+fi