From c56629e33eb672803cdd12fe272cbcae26242bc7 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 19:30:18 +0000 Subject: [PATCH 01/22] feat(lab01): Add initial S3 bucket --- lab01/main.tf | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lab01/main.tf diff --git a/lab01/main.tf b/lab01/main.tf new file mode 100644 index 0000000..7417566 --- /dev/null +++ b/lab01/main.tf @@ -0,0 +1,32 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" // Use an appropriate AWS provider version + } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } + } + + # Backend is configured implicitly by HCP Terraform Workspace +} + +provider "aws" { + region = "us-west-2" // Ensure correct region +} + +resource "random_string" "suffix" { + length = 8 + special = false + upper = false +} + +resource "aws_s3_bucket" "learning_bucket" { + bucket = "tf-adv-lab01-${random_string.suffix.result}" # Construct unique name + + tags = { + Name = "TF Advanced Lab 1 Bucket" + } +} \ No newline at end of file From 63d2d99041e3f58561dce3b491fc21d35b53203e Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 19:47:18 +0000 Subject: [PATCH 02/22] one more time --- lab01/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lab01/main.tf b/lab01/main.tf index 7417566..a18f509 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -15,7 +15,7 @@ terraform { provider "aws" { region = "us-west-2" // Ensure correct region -} +} resource "random_string" "suffix" { length = 8 From 5285f20909ffdbe96d6514325eaaba9cf3a51701 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:23:36 +0000 Subject: [PATCH 03/22] feat(lab01): Add initial S3 bucket 3rd try --- lab01/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/lab01/main.tf b/lab01/main.tf index a18f509..a28302c 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,5 +28,6 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" + Dept = "Course" } } \ No newline at end of file From a7b042585769f421347170be7eaaa5e67718133a Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:27:58 +0000 Subject: [PATCH 04/22] feat(lab01): Add initial S3 bucket 4rd try --- lab01/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lab01/main.tf b/lab01/main.tf index a28302c..a1d67e8 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,6 +28,6 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" - Dept = "Course" + Dept = "Course 2" } } \ No newline at end of file From 38edaad76bb51bcc3e024608fec434220f28dfc5 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:32:52 +0000 Subject: [PATCH 05/22] feat(lab01): Add initial S3 bucket --- lab01/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/lab01/main.tf b/lab01/main.tf index a1d67e8..a18f509 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,6 +28,5 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" - Dept = "Course 2" } } \ No newline at end of file From 31fbc9d34fd8d9cde6a182d73d54a49243adce56 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:34:31 +0000 Subject: [PATCH 06/22] feat(lab01): Add initial S3 bucket a --- lab01/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/lab01/main.tf b/lab01/main.tf index a18f509..3824417 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,5 +28,6 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" + Dept = "Money" } } \ No newline at end of file From 94e51202d3a1c669cb78dfce9a354859bfee7b46 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:37:34 +0000 Subject: [PATCH 07/22] added s3 --- lab01/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lab01/main.tf b/lab01/main.tf index 3824417..23c2822 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,6 +28,6 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" - Dept = "Money" + Dept = "More Money" } } \ No newline at end of file From e331c28149ccfa9b9606af7030d4e709221233ff Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:39:50 +0000 Subject: [PATCH 08/22] added s3 mod1 --- lab01/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lab01/main.tf b/lab01/main.tf index 23c2822..55fb11f 100644 --- a/lab01/main.tf +++ b/lab01/main.tf @@ -28,6 +28,6 @@ resource "aws_s3_bucket" "learning_bucket" { tags = { Name = "TF Advanced Lab 1 Bucket" - Dept = "More Money" + Dept = "Even More Money" } } \ No newline at end of file From 5600526d8133acdb2cdb18d7afdc8451c7e37fa1 Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:49:22 +0000 Subject: [PATCH 09/22] reset to zero --- lab01/main.tf | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 lab01/main.tf diff --git a/lab01/main.tf b/lab01/main.tf deleted file mode 100644 index 55fb11f..0000000 --- a/lab01/main.tf +++ /dev/null @@ -1,33 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" // Use an appropriate AWS provider version - } - random = { - source = "hashicorp/random" - version = "~> 3.1" - } - } - - # Backend is configured implicitly by HCP Terraform Workspace -} - -provider "aws" { - region = "us-west-2" // Ensure correct region -} - -resource "random_string" "suffix" { - length = 8 - special = false - upper = false -} - -resource "aws_s3_bucket" "learning_bucket" { - bucket = "tf-adv-lab01-${random_string.suffix.result}" # Construct unique name - - tags = { - Name = "TF Advanced Lab 1 Bucket" - Dept = "Even More Money" - } -} \ No newline at end of file From 6a43e10ff678cd5d60a36cf4b8cd78a6102b456a Mon Sep 17 00:00:00 2001 From: dev3k Date: Tue, 8 Apr 2025 20:56:46 +0000 Subject: [PATCH 10/22] feat(lab01): Add initial S3 bucket --- lab01/main.tf | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lab01/main.tf diff --git a/lab01/main.tf b/lab01/main.tf new file mode 100644 index 0000000..7417566 --- /dev/null +++ b/lab01/main.tf @@ -0,0 +1,32 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" // Use an appropriate AWS provider version + } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } + } + + # Backend is configured implicitly by HCP Terraform Workspace +} + +provider "aws" { + region = "us-west-2" // Ensure correct region +} + +resource "random_string" "suffix" { + length = 8 + special = false + upper = false +} + +resource "aws_s3_bucket" "learning_bucket" { + bucket = "tf-adv-lab01-${random_string.suffix.result}" # Construct unique name + + tags = { + Name = "TF Advanced Lab 1 Bucket" + } +} \ No newline at end of file From 8a4fec216a919d65f7411fd2d5571d6888419437 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:01:38 +0000 Subject: [PATCH 11/22] feat(lab04/module): Add initial sqs-secure module code and tests --- .../tests/sqs_secure_test.tftest.hcl | 110 +++++++----------- 1 file changed, 44 insertions(+), 66 deletions(-) diff --git a/lab04/modules/sqs-secure/tests/sqs_secure_test.tftest.hcl b/lab04/modules/sqs-secure/tests/sqs_secure_test.tftest.hcl index 070fb97..ec38023 100644 --- a/lab04/modules/sqs-secure/tests/sqs_secure_test.tftest.hcl +++ b/lab04/modules/sqs-secure/tests/sqs_secure_test.tftest.hcl @@ -1,96 +1,74 @@ variables { - queue_name_prefix = "lab3-test-defaults" + queue_name_prefix = "lab03-test-defaults" # enable_dlq defaults to true in the module # tags defaults to {} in the module } +# Simple test to ensure plan works properly run "plan_default_settings" { - # command = plan is the default, so it's optional here - - check "plan_produces_changes" { - assert { - # Verify that the plan is not empty - condition = length(resource_changes) > 0 - error_message = "Plan should propose at least one resource change with default settings." - } - } + command = plan + # No assert needed; success means plan executes without errors } +# Test to ensure ARNs are being assigned correctly run "apply_and_check_outputs" { command = apply - check "outputs_are_valid" { - assert { - condition = output.main_queue_arn != null && substr(output.main_queue_arn, 0, 12) == "arn:aws:sqs:" - error_message = "Main queue ARN should be a valid SQS ARN." - } - assert { - condition = output.kms_key_arn != null && substr(output.kms_key_arn, 0, 12) == "arn:aws:kms:" - error_message = "KMS key ARN should be a valid KMS ARN." - } - assert { - # DLQ is enabled by default, so its ARN should be present - condition = output.dlq_arn != null && substr(output.dlq_arn, 0, 12) == "arn:aws:sqs:" - error_message = "DLQ ARN should be a valid SQS ARN when DLQ is enabled." - } - # Could also add checks for main_queue_url format if needed + assert { + condition = output.main_queue_arn != null && substr(output.main_queue_arn, 0, 12) == "arn:aws:sqs:" + error_message = "Main queue ARN should be a valid SQS ARN." + } + assert { + condition = output.kms_key_arn != null && substr(output.kms_key_arn, 0, 12) == "arn:aws:kms:" + error_message = "KMS key ARN should be a valid KMS ARN." + } + assert { + # DLQ is enabled by default, so its ARN should be present + condition = output.dlq_arn != null && substr(output.dlq_arn, 0, 12) == "arn:aws:sqs:" + error_message = "DLQ ARN should be a valid SQS ARN when DLQ is enabled." } + # Could also add checks for main_queue_url format if needed + } -run "plan_dlq_disabled" { +# Test to ensure DLQ is not created when enable_dlq is false +run "apply_dlq_disabled" { + command = apply # Override variables specifically for this run variables { - queue_name_prefix = "lab3-test-no-dlq" + queue_name_prefix = "lab03-test-no-dlq" enable_dlq = false # Disable the DLQ for this test case } - - check "plan_creates_correct_resources" { - assert { - # Check that the DLQ resource change is absent - condition = !anytrue([for rc in resource_changes : rc.address == "module.test.aws_sqs_queue.dlq"]) - # Note: The address includes 'module.test' because terraform test wraps the module under test. - error_message = "DLQ resource should not be present in the plan when enable_dlq is false." - } - assert { - # Check that the main queue and KMS key *are* present - condition = anytrue([for rc in resource_changes : rc.address == "module.test.aws_sqs_queue.main"]) && \ - anytrue([for rc in resource_changes : rc.address == "module.test.aws_kms_key.sqs_key"]) - error_message = "Main queue and KMS key should be present in the plan." - } + assert { + # Check that given count is zero, the list of dlq objects should be empty + condition = length(aws_sqs_queue.dlq) == 0 + error_message = "DLQ should be an empty list when enable_dlq is false" } -} - -run "apply_dlq_disabled_outputs" { - command = apply - - # We need to reference the variables defined in the preceding run block. - # Terraform test currently reuses the *last specified* variables block if a run block - # doesn't define its own. So, this run will correctly use enable_dlq = false. - # Be mindful of this behavior in complex tests. - - check "outputs_reflect_dlq_disabled" { - assert { - condition = output.dlq_arn == null - error_message = "DLQ ARN output should be null when enable_dlq is false." - } - assert { - condition = output.main_queue_arn != null # Main queue should still exist - error_message = "Main queue ARN should still be present." - } + assert { + # Check that the output.dlq_arn is not set + condition = output.dlq_arn == null + error_message = "DLQ ARN output should be null when enable_dlq is false." + } + assert { + # Check that the main queue is still present + condition = aws_sqs_queue.main.name == "lab03-test-no-dlq" + error_message = "Main queue should be created with correct name" + } + assert { + # Check that the KMS key is still present + condition = aws_kms_key.sqs_key.arn != null + error_message = "KMS key should be created" } } run "fail_on_empty_prefix" { variables { queue_name_prefix = "" # Invalid input - enable_dlq = false # Keep other variables consistent if needed } + command = plan - # command = plan is default - - # Expect the plan to fail with the specific validation error message + # Test succeeds if validation for queue_name_prefix errors out expect_failures = [ - var.queue_name_prefix.validation[0].error_message, - # Can reference module variable validation messages directly. + var.queue_name_prefix ] } \ No newline at end of file From 3658cb649361935e51461008a1d505f953793010 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:24:57 +0000 Subject: [PATCH 12/22] ci: Add GitHub Actions workflow for module checks --- .github/workflows/module-ci.yml | 56 +++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/module-ci.yml diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml new file mode 100644 index 0000000..cda792f --- /dev/null +++ b/.github/workflows/module-ci.yml @@ -0,0 +1,56 @@ +name: Module CI Checks (Lab 4) + +on: + # Run on pushes to main branch + push: + branches: + - main + # Run on pull requests targeting main branch + pull_request: + branches: + - main + # Allows manual triggering from GitHub UI + workflow_dispatch: + +jobs: + test: + name: Lint, Validate, Test, Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: "1.7.x" # Optional: Pin version + + - name: Terraform Format Check (Recursive) + working-directory: ./lab4 # Run from lab4 dir + run: terraform fmt -check -recursive + + - name: Terraform Init (for Root Validate) + working-directory: ./lab4 # Run from lab4 dir + run: terraform init # Needed for validate + + - name: Terraform Validate (Root Harness) + working-directory: ./lab4 # Run from lab4 dir + run: terraform validate # Checks if lab4/main.tf is valid + + - name: Init Module for Testing + working-directory: ./lab4/modules/sqs-secure # Go into module dir + run: terraform init # Initialize providers needed for tests + + - name: Terraform Test Module + working-directory: ./lab4/modules/sqs-secure # Run test from module dir + run: terraform test # Runs tests found in ./tests/ + + - name: Install Checkov + # Run pip install globally or in a virtual env + run: pip install checkov + + - name: Run Checkov Scan + working-directory: ./lab4 # Define where checkov runs FROM + # Point checkov specifically to the module directory + run: checkov -d ./modules/sqs-secure --quiet \ No newline at end of file From 1ab548ba963571785b75e8b835a9f0b5cf1895ac Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:29:15 +0000 Subject: [PATCH 13/22] ci: Add GitHub Actions workflow for module checks 2 --- .github/workflows/module-ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml index cda792f..cc50dc6 100644 --- a/.github/workflows/module-ci.yml +++ b/.github/workflows/module-ci.yml @@ -24,26 +24,26 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 # with: - # terraform_version: "1.7.x" # Optional: Pin version + # terraform_version: "1.11.x" # Optional: Pin version - name: Terraform Format Check (Recursive) - working-directory: ./lab4 # Run from lab4 dir + working-directory: ./lab04 # Run from lab04 dir run: terraform fmt -check -recursive - name: Terraform Init (for Root Validate) - working-directory: ./lab4 # Run from lab4 dir + working-directory: ./lab04 # Run from lab04 dir run: terraform init # Needed for validate - name: Terraform Validate (Root Harness) - working-directory: ./lab4 # Run from lab4 dir - run: terraform validate # Checks if lab4/main.tf is valid + working-directory: ./lab04 # Run from lab04 dir + run: terraform validate # Checks if lab04/main.tf is valid - name: Init Module for Testing - working-directory: ./lab4/modules/sqs-secure # Go into module dir + working-directory: ./lab04/modules/sqs-secure # Go into module dir run: terraform init # Initialize providers needed for tests - name: Terraform Test Module - working-directory: ./lab4/modules/sqs-secure # Run test from module dir + working-directory: ./lab04/modules/sqs-secure # Run test from module dir run: terraform test # Runs tests found in ./tests/ - name: Install Checkov @@ -51,6 +51,6 @@ jobs: run: pip install checkov - name: Run Checkov Scan - working-directory: ./lab4 # Define where checkov runs FROM + working-directory: ./lab04 # Define where checkov runs FROM # Point checkov specifically to the module directory run: checkov -d ./modules/sqs-secure --quiet \ No newline at end of file From 2bb5d001b56e28a115ed3bb049e2567bd3ed1d83 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:39:46 +0000 Subject: [PATCH 14/22] feat(lab04/module): Add initial sqs-secure module code and tests --- lab04/main.tf | 4 ++-- lab04/modules/sqs-secure/main.tf | 4 ++-- lab04/modules/sqs-secure/outputs.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lab04/main.tf b/lab04/main.tf index c14ef31..2be9ac3 100644 --- a/lab04/main.tf +++ b/lab04/main.tf @@ -4,9 +4,9 @@ terraform { source = "hashicorp/aws" version = "~> 5.0" } - # Random provider needed by module via S3 bucket name + # Random provider needed by module via S3 bucket name random = { - source = "hashicorp/random" + source = "hashicorp/random" version = "~> 3.1" } } diff --git a/lab04/modules/sqs-secure/main.tf b/lab04/modules/sqs-secure/main.tf index fdc6fb5..9e180fc 100644 --- a/lab04/modules/sqs-secure/main.tf +++ b/lab04/modules/sqs-secure/main.tf @@ -1,7 +1,7 @@ resource "aws_kms_key" "sqs_key" { - description = "KMS key for encrypting ${var.queue_name_prefix} SQS queues" + description = "KMS key for encrypting ${var.queue_name_prefix} SQS queues" enable_key_rotation = true - tags = var.tags + tags = var.tags } resource "aws_sqs_queue" "dlq" { diff --git a/lab04/modules/sqs-secure/outputs.tf b/lab04/modules/sqs-secure/outputs.tf index 701e11a..9bb70a1 100644 --- a/lab04/modules/sqs-secure/outputs.tf +++ b/lab04/modules/sqs-secure/outputs.tf @@ -11,7 +11,7 @@ output "main_queue_url" { output "dlq_arn" { description = "The ARN of the Dead Letter Queue (DLQ), if created." # Use try() to gracefully return null if the DLQ doesn't exist (count=0) - value = try(aws_sqs_queue.dlq[0].arn, null) + value = try(aws_sqs_queue.dlq[0].arn, null) } output "kms_key_arn" { From f6be6a460cea1d2c3dca609a5f0d7ce78eb0aad0 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:40:55 +0000 Subject: [PATCH 15/22] ci: Add GitHub Actions workflow for module checks --- .github/workflows/module-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml index cc50dc6..350732a 100644 --- a/.github/workflows/module-ci.yml +++ b/.github/workflows/module-ci.yml @@ -32,7 +32,7 @@ jobs: - name: Terraform Init (for Root Validate) working-directory: ./lab04 # Run from lab04 dir - run: terraform init # Needed for validate + run: terraform init # Needed for validate at lab04 level - name: Terraform Validate (Root Harness) working-directory: ./lab04 # Run from lab04 dir From 53d46747843bb586f4cae4e6b9abd96753f778e9 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 02:44:46 +0000 Subject: [PATCH 16/22] ci: try2 --- lab04/modules/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lab04/modules/main.tf b/lab04/modules/main.tf index c14ef31..2be9ac3 100644 --- a/lab04/modules/main.tf +++ b/lab04/modules/main.tf @@ -4,9 +4,9 @@ terraform { source = "hashicorp/aws" version = "~> 5.0" } - # Random provider needed by module via S3 bucket name + # Random provider needed by module via S3 bucket name random = { - source = "hashicorp/random" + source = "hashicorp/random" version = "~> 3.1" } } From 2bc78ba3af34fe14dbc906f4d7dccacafbc6f40b Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 03:10:25 +0000 Subject: [PATCH 17/22] ci: Add GitHub Actions workflow for module checks 33 --- .github/workflows/module-ci.yml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml index 350732a..61211cb 100644 --- a/.github/workflows/module-ci.yml +++ b/.github/workflows/module-ci.yml @@ -24,26 +24,34 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 # with: - # terraform_version: "1.11.x" # Optional: Pin version + # terraform_version: "1.7.x" # Optional: Pin version - name: Terraform Format Check (Recursive) - working-directory: ./lab04 # Run from lab04 dir + working-directory: ./lab4 # Run from lab4 dir run: terraform fmt -check -recursive - name: Terraform Init (for Root Validate) - working-directory: ./lab04 # Run from lab04 dir - run: terraform init # Needed for validate at lab04 level + working-directory: ./lab4 # Run from lab4 dir + run: terraform init # Needed for validate - name: Terraform Validate (Root Harness) - working-directory: ./lab04 # Run from lab04 dir - run: terraform validate # Checks if lab04/main.tf is valid + working-directory: ./lab4 # Run from lab4 dir + run: terraform validate # Checks if lab4/main.tf is valid - name: Init Module for Testing - working-directory: ./lab04/modules/sqs-secure # Go into module dir + working-directory: ./lab4/modules/sqs-secure # Go into module dir + env: # Add AWS credentials and region for test apply steps + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: "us-west-2" run: terraform init # Initialize providers needed for tests - name: Terraform Test Module - working-directory: ./lab04/modules/sqs-secure # Run test from module dir + working-directory: ./lab4/modules/sqs-secure # Run test from module dir + env: # Add AWS credentials and region for test apply steps + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: "us-west-2" run: terraform test # Runs tests found in ./tests/ - name: Install Checkov @@ -51,6 +59,6 @@ jobs: run: pip install checkov - name: Run Checkov Scan - working-directory: ./lab04 # Define where checkov runs FROM + working-directory: ./lab4 # Define where checkov runs FROM # Point checkov specifically to the module directory run: checkov -d ./modules/sqs-secure --quiet \ No newline at end of file From bed71f1a2707c149dce606b963ac005de18a736c Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 03:12:36 +0000 Subject: [PATCH 18/22] ci: Add GitHub Actions workflow for module checks 333 --- .github/workflows/module-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml index 61211cb..4bd6413 100644 --- a/.github/workflows/module-ci.yml +++ b/.github/workflows/module-ci.yml @@ -27,19 +27,19 @@ jobs: # terraform_version: "1.7.x" # Optional: Pin version - name: Terraform Format Check (Recursive) - working-directory: ./lab4 # Run from lab4 dir + working-directory: ./lab04 # Run from lab04 dir run: terraform fmt -check -recursive - name: Terraform Init (for Root Validate) - working-directory: ./lab4 # Run from lab4 dir + working-directory: ./lab04 # Run from lab04 dir run: terraform init # Needed for validate - name: Terraform Validate (Root Harness) - working-directory: ./lab4 # Run from lab4 dir - run: terraform validate # Checks if lab4/main.tf is valid + working-directory: ./lab04 # Run from lab04 dir + run: terraform validate # Checks if lab04/main.tf is valid - name: Init Module for Testing - working-directory: ./lab4/modules/sqs-secure # Go into module dir + working-directory: ./lab04/modules/sqs-secure # Go into module dir env: # Add AWS credentials and region for test apply steps AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -47,7 +47,7 @@ jobs: run: terraform init # Initialize providers needed for tests - name: Terraform Test Module - working-directory: ./lab4/modules/sqs-secure # Run test from module dir + working-directory: ./lab04/modules/sqs-secure # Run test from module dir env: # Add AWS credentials and region for test apply steps AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -59,6 +59,6 @@ jobs: run: pip install checkov - name: Run Checkov Scan - working-directory: ./lab4 # Define where checkov runs FROM + working-directory: ./lab04 # Define where checkov runs FROM # Point checkov specifically to the module directory run: checkov -d ./modules/sqs-secure --quiet \ No newline at end of file From ab0796fab29121285320e48277676c865b3dadff Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 03:26:22 +0000 Subject: [PATCH 19/22] ci: Skip CKV2_AWS_64 check for lab purposes --- .github/workflows/module-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/module-ci.yml b/.github/workflows/module-ci.yml index 4bd6413..b0c3ebf 100644 --- a/.github/workflows/module-ci.yml +++ b/.github/workflows/module-ci.yml @@ -61,4 +61,4 @@ jobs: - name: Run Checkov Scan working-directory: ./lab04 # Define where checkov runs FROM # Point checkov specifically to the module directory - run: checkov -d ./modules/sqs-secure --quiet \ No newline at end of file + run: checkov -d ./modules/sqs-secure --quiet --skip-check CKV2_AWS_64 \ No newline at end of file From 562e573828729ff5e1a4af3558857621067dcca6 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 05:55:33 +0000 Subject: [PATCH 20/22] feat(lab05): Configure dev and prod SQS environments --- lab05/dev/main.tf | 45 +++++++++++++++++++++++++++++++++++++++++++++ lab05/prod/main.tf | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 lab05/dev/main.tf create mode 100644 lab05/prod/main.tf diff --git a/lab05/dev/main.tf b/lab05/dev/main.tf new file mode 100644 index 0000000..5649ae8 --- /dev/null +++ b/lab05/dev/main.tf @@ -0,0 +1,45 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } + } + # Backend configured by HCP Workspace +} + +# Variables will be populated by HCP Workspace Variables +variable "queue_prefix" { + type = string + description = "Prefix for queue names, provided by workspace." +} + +variable "environment_tag" { + type = string + description = "Tag value for the Environment tag, provided by workspace." +} + +provider "aws" { + region = "us-west-2" +} + +module "dev_queue" { + # Replace with your HCP Org Name + source = "app.terraform.io/tf-advanced-labs/sqs-secure/aws" + version = "~> 1.0.0" # Use constraint matching published version + + queue_name_prefix = var.queue_prefix # From workspace variable + enable_dlq = true # Keep DLQ enabled for dev + + tags = { + Project = "Advanced TF Course" + Environment = var.environment_tag # From workspace variable + } +} + +# Optional: Define outputs if needed for cross-workspace dependencies later +# output "dev_queue_arn" { value = module.dev_queue.main_queue_arn } \ No newline at end of file diff --git a/lab05/prod/main.tf b/lab05/prod/main.tf new file mode 100644 index 0000000..876507a --- /dev/null +++ b/lab05/prod/main.tf @@ -0,0 +1,45 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.1" + } + } + # Backend configured by HCP Workspace +} + +# Variables will be populated by HCP Workspace Variables +variable "queue_prefix" { + type = string + description = "Prefix for queue names, provided by workspace." +} + +variable "environment_tag" { + type = string + description = "Tag value for the Environment tag, provided by workspace." +} + +provider "aws" { + region = "us-west-2" +} + +module "prod_queue" { + # Replace with your HCP Org Name + source = "app.terraform.io/tf-advanced-labs/sqs-secure/aws" + version = "~> 1.0.0" # Use constraint matching published version + + queue_name_prefix = var.queue_prefix # From workspace variable + enable_dlq = true # Keep DLQ enabled for prod + + tags = { + Project = "Advanced TF Course" + Environment = var.environment_tag # From workspace variable + } +} + +# Optional: Define outputs if needed +# output "prod_queue_arn" { value = module.prod_queue.main_queue_arn } \ No newline at end of file From 25291aa8e507f9b951dc972274fef6cd18c9b8d3 Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 06:55:18 +0000 Subject: [PATCH 21/22] feat: Add Purpose tag to dev SQS queue --- lab05/dev/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lab05/dev/main.tf b/lab05/dev/main.tf index 5649ae8..24b11cd 100644 --- a/lab05/dev/main.tf +++ b/lab05/dev/main.tf @@ -38,6 +38,8 @@ module "dev_queue" { tags = { Project = "Advanced TF Course" Environment = var.environment_tag # From workspace variable + GitOpsManaged = "true" # <<< Added Tag + Purpose = "GitOps Demo" # <<< Added Tag } } From b60514a9d66cfb036cc68f371f4d7f63b75ab1cc Mon Sep 17 00:00:00 2001 From: dev3k Date: Wed, 9 Apr 2025 07:25:41 +0000 Subject: [PATCH 22/22] feat: Add ONE MORE tag to dev SQS queue --- lab05/dev/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/lab05/dev/main.tf b/lab05/dev/main.tf index 24b11cd..1ee5eda 100644 --- a/lab05/dev/main.tf +++ b/lab05/dev/main.tf @@ -40,6 +40,7 @@ module "dev_queue" { Environment = var.environment_tag # From workspace variable GitOpsManaged = "true" # <<< Added Tag Purpose = "GitOps Demo" # <<< Added Tag + Dept = "Engineering" # One more added tag } }