chore: added additional unit tests

Author: gambol99

README.md

@@ -340,10 +340,10 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_enable_default_route_table_association"></a> [enable\_default\_route\_table\_association](#input\_enable\_default\_route\_table\_association) | Indicates the transit gateway default route table should be associated with the subnets | `bool` | `true` | no |
 | <a name="input_enable_default_route_table_propagation"></a> [enable\_default\_route\_table\_propagation](#input\_enable\_default\_route\_table\_propagation) | Indicates the transit gateway default route table should be propagated to the subnets | `bool` | `true` | no |
 | <a name="input_enable_dns_request_logging"></a> [enable\_dns\_request\_logging](#input\_enable\_dns\_request\_logging) | Enable logging of DNS requests | `bool` | `false` | no |
-| <a name="input_enable_dynamodb_endpoint"></a> [enable\_dynamodb\_endpoint](#input\_enable\_dynamodb\_endpoint) | Enable DynamoDB VPC Gateway endpoint | `bool` | `false` | no |
+| <a name="input_enable_dynamodb_endpoint"></a> [enable\_dynamodb\_endpoint](#input\_enable\_dynamodb\_endpoint) | Enable DynamoDB VPC Gateway endpoint | `bool` | `true` | no |
 | <a name="input_enable_private_endpoints"></a> [enable\_private\_endpoints](#input\_enable\_private\_endpoints) | Indicates the network should provision private endpoints | `list(string)` | `[]` | no |
 | <a name="input_enable_route53_resolver_rules"></a> [enable\_route53\_resolver\_rules](#input\_enable\_route53\_resolver\_rules) | Automatically associates any shared route53 resolver rules with the VPC | `bool` | `true` | no |
-| <a name="input_enable_s3_endpoint"></a> [enable\_s3\_endpoint](#input\_enable\_s3\_endpoint) | Enable S3 VPC Gateway endpoint | `bool` | `false` | no |
+| <a name="input_enable_s3_endpoint"></a> [enable\_s3\_endpoint](#input\_enable\_s3\_endpoint) | Enable S3 VPC Gateway endpoint | `bool` | `true` | no |
 | <a name="input_enable_ssm"></a> [enable\_ssm](#input\_enable\_ssm) | Indicates we should provision SSM private endpoints | `bool` | `false` | no |
 | <a name="input_enable_transit_gateway_appliance_mode"></a> [enable\_transit\_gateway\_appliance\_mode](#input\_enable\_transit\_gateway\_appliance\_mode) | Indicates the network should be connected to a transit gateway in appliance mode | `bool` | `false` | no |
 | <a name="input_enable_transit_gateway_subnet_natgw"></a> [enable\_transit\_gateway\_subnet\_natgw](#input\_enable\_transit\_gateway\_subnet\_natgw) | Indicates if the transit gateway subnets should be connected to a nat gateway | `bool` | `false` | no |

examples/basic/main.tf

@@ -13,21 +13,16 @@ module "vpc" {
   source = "../.."
 
   availability_zones     = 3
-  enable_ssm             = true
-  ipam_pool_id           = "ipam-pool-id"
+  enable_ssm             = false # enable SSM for private subnets
+  ipam_pool_id           = null  # "ipam-pool-id" # optional
   name                   = "operations"
   private_subnet_netmask = 24
-  public_subnet_netmask  = 24
+  public_subnet_netmask  = 0
   tags                   = local.tags
   vpc_cidr               = "10.100.0.0/21"
 
   private_subnet_tags = {
     "kubernetes.io/cluster/operations" = "owned"
     "kubernetes.io/role/elb"           = "1"
   }
-
-  public_subnet_tags = {
-    "kubernetes.io/cluster/operations" = "owned"
-    "kubernetes.io/role/internal-elb"  = "1"
-  }
 }

tests/module.tftest.hcl

@@ -8,19 +8,72 @@ mock_provider "aws" {
       ]
     }
   }
+
+  mock_data "aws_region" {
+    defaults = {
+      name = "eu-west-1"
+    }
+  }
+
+  mock_data "aws_caller_identity" {
+    defaults = {
+      account_id = "1234567890"
+    }
+  }
 }
 
 run "basic" {
   command = plan
 
   variables {
     name                   = "test-vpc"
+    enable_ssm             = true
     private_subnet_netmask = 24
     tags = {
       "Environment" = "test"
       "GitRepo"     = "https://github.com/appvia/terraform-aws-network"
       "Terraform"   = "true"
     }
   }
+
+  assert {
+    condition     = module.vpc != null
+    error_message = "Module should not be null"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.vpe_endpoints["ec2messages"] != null && aws_vpc_endpoint.vpe_endpoints["ec2messages"].service_name == "com.amazonaws.eu-west-1.ec2messages"
+    error_message = "ec2messages endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.vpe_endpoints["ssm"] != null && aws_vpc_endpoint.vpe_endpoints["ssm"].service_name == "com.amazonaws.eu-west-1.ssm"
+    error_message = "ssm endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.vpe_endpoints["ssmmessages"] != null && aws_vpc_endpoint.vpe_endpoints["ssmmessages"].service_name == "com.amazonaws.eu-west-1.ssmmessages"
+    error_message = "ssmmessages endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.dynamodb[0] != null && aws_vpc_endpoint.dynamodb[0].service_name == "com.amazonaws.eu-west-1.dynamodb"
+    error_message = "dynamodb endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.s3[0] != null && aws_vpc_endpoint.s3[0].service_name == "com.amazonaws.eu-west-1.s3"
+    error_message = "s3 endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.dynamodb[0].vpc_endpoint_type == "Gateway"
+    error_message = "dynamodb endpoint should be created"
+  }
+
+  assert {
+    condition     = aws_vpc_endpoint.s3[0].vpc_endpoint_type == "Gateway"
+    error_message = "s3 endpoint should be created"
+  }
 }
 

variables.tf

@@ -191,11 +191,11 @@ variable "nacl_rules" {
 variable "enable_s3_endpoint" {
   description = "Enable S3 VPC Gateway endpoint"
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "enable_dynamodb_endpoint" {
   description = "Enable DynamoDB VPC Gateway endpoint"
   type        = bool
-  default     = false
+  default     = true
 }