From ccba87001b9b069777b1c677f625ab48973d7e97 Mon Sep 17 00:00:00 2001
From: Rohith Jayawardene <gambol99@gmail.com>
Date: Fri, 10 May 2024 18:24:12 +0100
Subject: [PATCH] chore: working on the terraform tests creations

---
 .../workflows/terraform-module-validation.yml | 36 +++++++++++++++++++
 .../terraform-plan-and-apply-aws.yml          | 31 ----------------
 2 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/terraform-module-validation.yml b/.github/workflows/terraform-module-validation.yml
index 354d3ef..ca0d19f 100644
--- a/.github/workflows/terraform-module-validation.yml
+++ b/.github/workflows/terraform-module-validation.yml
@@ -37,12 +37,29 @@ on:
         required: false
         type: boolean
 
+      enable-terraform-tests-credentials:
+        default: false
+        description: "Whether to run terraform test with AWS credentials"
+        required: false
+        type: boolean
+
       terraform-dir:
         default: "."
         description: "The directory to validate"
         required: false
         type: string
 
+      terraform-tests-aws-region:
+        default: "eu-west-1"
+        description: "The AWS region to use for the terraform tests"
+        required: false
+        type: string
+
+      terraform-tests-aws-role:
+        description: "The AWS role to assume for the terraform tests"
+        required: false
+        type: string
+
       terraform-version:
         default: "1.7.1"
         description: "The version of terraform to use"
@@ -55,6 +72,11 @@ on:
         required: false
         type: string
 
+env:
+  AWS_ROLE: ${{ inputs.aws-role }}
+  AWS_WEB_IDENTITY_TOKEN_FILE: /tmp/web_identity_token_file
+  TF_LOG: ${{ inputs.terraform-log-level }}
+
 permissions:
   contents: read
   pull-requests: write
@@ -145,8 +167,22 @@ jobs:
         uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ inputs.terraform-version }}
+      - name: Retrieve Web Identity Token for AWS Authentication
+        if: inputs.enable-terraform-tests-credentials
+        run: |
+          curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" | jq -r '.value' > $AWS_WEB_IDENTITY_TOKEN_FILE
+      - name: Authenticate with AWS
+        if: inputs.enable-terraform-tests-credentials
+        id: auth
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.terraform-tests-aws-region }}
+          role-session-name: ${{ github.event.repository.name }}
+          role-to-assume: ${{ inputs.terraform-tests-aws-role }}
+          mask-aws-account-id: "no"
       - name: Terraform Init
         run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
+      - name:
       - name: Run Tests
         id: tests
         run: terraform -chdir=${{ inputs.terraform-dir }} test
diff --git a/.github/workflows/terraform-plan-and-apply-aws.yml b/.github/workflows/terraform-plan-and-apply-aws.yml
index c2cd9c9..b4e5324 100644
--- a/.github/workflows/terraform-plan-and-apply-aws.yml
+++ b/.github/workflows/terraform-plan-and-apply-aws.yml
@@ -57,12 +57,6 @@ on:
         required: false
         type: string
 
-      enable-terraform-tests:
-        default: true
-        description: "Whether to run terraform test"
-        required: false
-        type: boolean
-
       enable-infracost:
         default: false
         description: "Whether to run infracost on the Terraform Plan (secrets.infracost-api-key must be set if enabled)"
@@ -199,28 +193,6 @@ jobs:
         id: lint
         run: tflint -f compact
 
-  terraform-tests:
-    name: "Terraform Unit Tests"
-    runs-on: ubuntu-latest
-    if: inputs.enable-terraform-tests
-    defaults:
-      run:
-        working-directory: ${{ inputs.working-directory }}
-    outputs:
-      result: ${{ steps.tests.outcome }}
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ inputs.terraform-version }}
-      - name: Terraform Init
-        run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
-      - name: Run Tests
-        id: tests
-        run: terraform -chdir=${{ inputs.terraform-dir }} test
-
   terraform-security:
     name: "Terraform Security"
     runs-on: ubuntu-latest
@@ -365,7 +337,6 @@ jobs:
       - terraform-format
       - terraform-lint
       - terraform-plan
-      - terraform-tests
       - terraform-security
       - commitlint
     steps:
@@ -402,7 +373,6 @@ jobs:
             * 🔍 <b>Terraform Linting:</b>          \`${{ needs.terraform-lint.outputs.result }}\`
             * 🔑 <b>AWS Authentication:</b>         \`${{ needs.terraform-plan.outputs.result-auth }}\`
             * 👮 <b>Terraform Security Check:</b>   \`${{ needs.terraform-security.outputs.result }}\`
-            * 🔘 <b>Terraform Tests:</b>            \`${{ needs.terraform-tests.outputs.result }}\`
             * 🔧 <b>Terraform Initialisation:</b>   \`${{ needs.terraform-plan.outputs.result-init }}\`
             * 🤖 <b>Terraform Validation:</b>       \`${{ needs.terraform-plan.outputs.result-validate }}\`
             * 📁 <b>Terraform S3 Backend:</b>       \`${{ needs.terraform-plan.outputs.result-s3-backend-check }}\`
@@ -447,7 +417,6 @@ jobs:
       - terraform-format
       - terraform-lint
       - terraform-plan
-      - terraform-tests
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4