Add component tests

[goruha]

What

• Add basic component test
• Add disabled component test
• Test component drifting
• Add any additional use case tests

Why

• Test basic component features
• Verify that the component does not create any resources when input enabled: false set
• Verify that the component does not drift on a second run with the same inputs
• Add test for any additional than basic use cases for the component

References

• Component test writing guide
• List of component tests are done

Summary by CodeRabbit

• New Features

  • Enhanced resource provisioning with conditional creation driven by configuration flags.
  • Upgraded a core cloud service module to leverage improved capabilities.
  • Added a suite of configuration examples for CLI settings, service deployments, and network management.
  • Introduced new YAML configurations for managing EKS and VPC components.

• Tests

  • Introduced an automated test suite to validate component deployment and integration.

• Chores

  • Removed an outdated test execution script and streamlined the authentication role configuration logic.

[coderabbitai]

Walkthrough

This change introduces conditional resource creation in Terraform by adding a count attribute based on an enabled flag to specific Kubernetes resources. It also refactors the inline evaluation of a role ARN in the Helm provider configuration and bumps the EKS module version. Additionally, a set of new YAML configuration files for various components, a new Go module for tests, enhanced test suites, and updates for test fixtures have been added. A deprecated test script has been removed.

Changes

File(s)	Change Summary
src/main.tf, src/provider-helm.tf, src/remote-state.tf	Added conditional count for resource creation, inlined role ARN resolution in the Helm provider, and updated the EKS module version from 1.5.0 to 1.8.0.
test/.gitignore, test/component_test.go, test/go.mod, test/run.sh	Introduced a new Git ignore file, added a structured test suite with component tests and Go module dependencies, and removed the obsolete run.sh script.
test/fixtures/atmos.yaml, test/fixtures/stacks/catalog/{account-map.yaml, eks-cluster.yaml, usecase/basic.yaml, usecase/disabled.yaml, vpc.yaml}, test/fixtures/stacks/orgs/default/test/{_defaults.yaml, tests.yaml}, test/fixtures/vendor.yaml	Added multiple new YAML configuration files for CLI settings, account mappings, EKS cluster definition, enabled/disabled use-case configurations for the ALB controller, VPC setup, organization defaults, test imports, and vendor config.

Sequence Diagram(s)

sequenceDiagram
    participant M as Module
    participant T as Terraform Engine
    participant K as Kubernetes API
    M->>T: Evaluate module.this.enabled flag
    alt enabled == true
        T->>K: Create kubernetes_ingress_class_v1 resource
        T->>K: Create kubernetes_manifest resource
    else enabled == false
        T-->>K: Skip resource creation
    end

Loading

sequenceDiagram
    participant TS as Test Suite
    participant DM as Deployment Manager
    participant EK as EKS Cluster API
    TS->>DM: Destroy any existing Atmos Component
    TS->>DM: Deploy Atmos Component
    TS->>EK: Retrieve EKS Cluster ID
    EK-->>TS: Return Cluster ID
    TS->>EK: Initialize Kubernetes Clientset
    EK-->>TS: Return Clientset
    TS->>EK: Fetch Ingress Class details
    EK-->>TS: Return Ingress Class data

Loading

Possibly related issues

• cloudposse-terraform-components/aws-access-analyzer#16: The conditional resource creation based on the enabled flag aligns with the issue’s focus on testing resources when disabled.
• cloudposse-terraform-components/aws-access-analyzer#15: The modifications for dynamic resource management via the enabled flag address similar concerns outlined in this issue.

Poem

Oh, what a hop, what a cheer,
My code now dances without fear.
Conditional logic, shining bright,
Terraform sings with pure delight.
Tests and YAML, all in line,
A bunny’s smile in every design.
🐰✨ Enjoy the hop of our new update!

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[goruha]

/terratest

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Require terratest

Wonderful, this rule succeeded.

This rule require terratest status

• check-success = test/terratest

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

test/fixtures/stacks/catalog/usecase/disabled.yaml (1)

1-12: Disabled Configuration File Review
The new disabled use-case configuration is well structured. The file correctly sets enabled: false along with other parameters (e.g., kube_exec_auth_role_arn_enabled, class_name, group, etc.), which should ensure that no resources are created when this configuration is applied. Please ensure that your component tests verify this behavior.

test/go.mod (1)

17-17: Go Module Replace Directive Review
It appears that the replace directive is currently commented out:

-// replace github.com/rebuy-de/aws-nuke/v2/mocks => github.com/ekristen/aws-nuke/v3/ v3.29.0
+replace github.com/rebuy-de/aws-nuke/v2/mocks => github.com/ekristen/aws-nuke/v3/ v3.29.0

If this module replacement is intended for production or testing builds, please remove the comment markers so that the directive is active.

test/fixtures/stacks/catalog/eks-cluster.yaml (1)

1-94: EKS Cluster Configuration File Review
This comprehensive configuration file for the EKS cluster component covers a wide spectrum of settings, including node group configuration, addon setups, and access controls. The detailed defaults are beneficial for robust deployment. One note: YAMLlint has flagged a missing newline at the end of the file—please add one to ensure compliance with YAML formatting guidelines.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 94-94: no new line character at the end of file

(new-line-at-end-of-file)

test/component_test.go (3)

11-11: Remove commented-out import

There's an imported but commented-out package. It's better to remove unused imports to keep the code clean.

-	// "github.com/gruntwork-io/terratest/modules/aws"

---

27-28: Consider using camelCase for variable names

The variables class_name and group_name use snake_case, while Go conventions typically use camelCase. Consider renaming for consistency with Go style conventions.

-	class_name := fmt.Sprintf("alb-%s", randomID)
-	group_name := fmt.Sprintf("group-%s", randomID)
+	className := fmt.Sprintf("alb-%s", randomID)
+	groupName := fmt.Sprintf("group-%s", randomID)

Remember to update the references to these variables in the inputs map as well.

---

56-60: Consider expanding the disabled component test

The TestEnabledFlag test is minimal compared to TestBasic and just calls VerifyEnabledFlag. Consider expanding this test to verify more explicitly that no Kubernetes resources are created when the component is disabled.

func (s *ComponentSuite) TestEnabledFlag() {
	const component = "eks/alb-controller-ingress-class/disabled"
	const stack = "default-test"
+	
+	// First verify the enabled flag
	s.VerifyEnabledFlag(component, stack, nil)
+	
+	// Deploy the component with enabled=false
+	inputs := map[string]interface{}{
+		"enabled": false,
+		"class_name": "alb-disabled-test",
+	}
+	
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
+	options, err := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NoError(s.T(), err)
+	
+	// Verify that the Kubernetes resource does not exist
+	clusterOptions := s.GetAtmosOptions("eks/cluster", stack, nil)
+	clusterId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), "us-east-2", clusterId)
+	clientset, err := awsHelper.NewK8SClientset(cluster)
+	assert.NoError(s.T(), err)
+	
+	// Attempt to get the ingress class - it should not exist
+	_, err = clientset.NetworkingV1().IngressClasses().Get(context.Background(), "alb-disabled-test", metav1.GetOptions{})
+	assert.Error(s.T(), err, "Ingress class should not exist when component is disabled")
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f710f8 and ec12118.

⛔ Files ignored due to path filters (1)

• test/go.sum is excluded by !**/*.sum

📒 Files selected for processing (16)

• src/main.tf (2 hunks)
• src/provider-helm.tf (1 hunks)
• src/remote-state.tf (1 hunks)
• test/.gitignore (1 hunks)
• test/component_test.go (1 hunks)
• test/fixtures/atmos.yaml (1 hunks)
• test/fixtures/stacks/catalog/account-map.yaml (1 hunks)
• test/fixtures/stacks/catalog/eks-cluster.yaml (1 hunks)
• test/fixtures/stacks/catalog/usecase/basic.yaml (1 hunks)
• test/fixtures/stacks/catalog/usecase/disabled.yaml (1 hunks)
• test/fixtures/stacks/catalog/vpc.yaml (1 hunks)
• test/fixtures/stacks/orgs/default/test/_defaults.yaml (1 hunks)
• test/fixtures/stacks/orgs/default/test/tests.yaml (1 hunks)
• test/fixtures/vendor.yaml (1 hunks)
• test/go.mod (1 hunks)
• test/run.sh (0 hunks)

💤 Files with no reviewable changes (1)

• test/run.sh

🧰 Additional context used

🪛 YAMLlint (1.35.1)

test/fixtures/stacks/catalog/eks-cluster.yaml

[error] 94-94: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Mergify Merge Protections
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🔇 Additional comments (17)

src/remote-state.tf (1)

1-4: Module Version Update: Verify Compatibility
The module version has been bumped to "1.8.0" which may include breaking changes or new features compared to the previous version. Please review the module's changelog and test the integration to ensure that the new version works as expected with the rest of the configuration.

test/.gitignore (1)

1-6: .gitignore Additions are Clear
The new .gitignore file in the test directory properly excludes test state, cache files, and temporary testing artifacts. This will help keep your repository clean.

test/fixtures/stacks/catalog/vpc.yaml (1)

1-20: New VPC Test Configuration File
This YAML file introduces the VPC component configuration with clear metadata and variable definitions. Verify that the provided values (like availability zones "b" and "c") match the intended test scenarios and expected Terraform inputs. Otherwise, the configuration looks well-structured and ready for component tests.

test/fixtures/stacks/catalog/usecase/basic.yaml (1)

1-13: Basic Component Test Configuration Added
This configuration file defines a basic test case for the EKS ALB controller ingress class. The parameters such as enabled: true, class_name: special, and scheme: internet-facing are clearly specified. Ensure that these settings accurately reflect the intended test conditions for verifying basic component functionality.

test/fixtures/stacks/orgs/default/test/tests.yaml (1)

1-7: Comprehensive Test Imports Defined
The new tests.yaml file correctly imports the required test configurations including defaults, VPC, EKS cluster, and both basic and disabled use cases. Please double-check that all referenced configurations (e.g., catalog/eks-cluster and catalog/usecase/disabled) exist and integrate properly with the overall test suite.

src/main.tf (2)

2-2: Conditional Resource Creation in Ingress Class
The addition of count = module.this.enabled ? 1 : 0 for the kubernetes_ingress_class_v1 resource is a sound approach to conditionally manage resource creation. Make sure that module.this.enabled is correctly defined and that both enabled and disabled scenarios are covered by your tests.

---

24-24: Conditional Manifest Creation
Similarly, adding count = module.this.enabled ? 1 : 0 to the kubernetes_manifest resource keeps the behavior consistent. Confirm through tests that when the module is disabled, this manifest is not applied.

test/fixtures/vendor.yaml (1)

1-43: Vendor Configuration File Review
The new AtmosVendorConfig file is structured well with clear metadata and comprehensive inclusion/exclusion rules. The templating syntax for the source reference (?ref={{.Version}}) should integrate properly with your CI/CD processes. Please double-check that the templated values are substituted as expected during vendor resolution.

test/fixtures/stacks/catalog/account-map.yaml (2)

23-46: Well-structured backend configuration for tests

The static backend configuration is well-designed for testing purposes, allowing tests to use the account map IAM roles module to find the role to assume for Terraform operations.

---

41-46:

✅ Verification successful

Important: TEST_ACCOUNT_ID environment variable must be set correctly

This configuration requires the environment variable TEST_ACCOUNT_ID to be set properly for tests to work. Without it, the tests won't be able to authenticate correctly.

Make sure this environment variable is set in your CI/CD pipeline or test environment:

---

🏁 Script executed:

#!/bin/bash
# Check if TEST_ACCOUNT_ID is set
if [[ -z "${TEST_ACCOUNT_ID}" ]]; then
  echo "Warning: TEST_ACCOUNT_ID environment variable is not set"
  echo "Tests will use the placeholder value: <TEST_ACCOUNT_ID>"
fi

Length of output: 257

---

Action Required: Ensure TEST_ACCOUNT_ID Is Properly Set in Your Test Environment

The configuration in test/fixtures/stacks/catalog/account-map.yaml (lines 41-46) relies on the TEST_ACCOUNT_ID environment variable for proper test authentication. The verification script confirmed that when this variable is unset, a warning is emitted and a placeholder value is used. Please ensure that your CI/CD pipeline or test environment sets a valid TEST_ACCOUNT_ID to avoid authentication issues during test runs.

• The provided shell snippet correctly warns if TEST_ACCOUNT_ID is not set.
• Update your CI/CD configuration accordingly to inject the valid environment variable.

src/provider-helm.tf (1)

136-138: Good refactoring: inline evaluation of role ARN

The code has been improved by directly using the coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn) expression in the exec_role local variable, rather than storing it in a separate local variable first. This simplifies the code without changing the functionality.

test/fixtures/stacks/orgs/default/test/_defaults.yaml (2)

4-35: Good configuration for Terraform backend and variables

The configuration for the Terraform backend and variables is well-structured, with clear definitions for namespace, tenant, environment, region, stage, and label order.

---

45-46:

❓ Verification inconclusive

Verify TEST_ACCOUNT_ID environment variable

This configuration requires the TEST_ACCOUNT_ID environment variable to be set correctly. If it's not set, it will default to the placeholder <TEST_ACCOUNT_ID> which would cause authentication failures.

Ensure this is properly set in test environments:

---

🏁 Script executed:

#!/bin/bash
# Check if TEST_ACCOUNT_ID is set properly
if [[ -z "${TEST_ACCOUNT_ID}" || "${TEST_ACCOUNT_ID}" == "<TEST_ACCOUNT_ID>" ]]; then
  echo "Error: TEST_ACCOUNT_ID environment variable is not set or has default value"
  echo "Please set it to a valid AWS account ID"
  exit 1
fi

Length of output: 272

---

Attention: Verify TEST_ACCOUNT_ID in your test environment

The configuration in
test/fixtures/stacks/orgs/default/test/_defaults.yaml
(at lines 45–46) is set to use the value of the environment variable TEST_ACCOUNT_ID. If it isn’t provided, it defaults to the placeholder <TEST_ACCOUNT_ID>, which will cause authentication failures. Our verification script confirmed that when TEST_ACCOUNT_ID is missing (or still set to <TEST_ACCOUNT_ID>), the check triggers an error message and exits.

• Please ensure that your test environments set TEST_ACCOUNT_ID to a valid AWS account ID.
• If using automated tests, double-check that the required environment variable is properly injected.

test/fixtures/atmos.yaml (1)

1-78: Well-documented Atmos CLI configuration

The Atmos CLI configuration file is comprehensive and well-documented with comments explaining each section, making it clear how the configuration is loaded and which settings can be overridden by environment variables or command-line arguments.

test/component_test.go (3)

21-54: Well-structured basic test for EKS ALB controller ingress class

The TestBasic method is comprehensive and thoroughly tests the component by:

1. Setting up input parameters with randomized values
2. Deploying and later destroying the component
3. Verifying the Kubernetes resources are created correctly
4. Performing a drift test

This is a well-designed test that covers the essential functionality.

---

62-66: Good setup for the test suite

The SetupSuite method properly initializes the test configuration and sets the component destination directory before calling the parent setup method.

---

68-73: Well-organized test runner with dependencies

The TestRunSuite function properly sets up the component suite with its dependencies (VPC and EKS cluster) before running the tests. This ensures that the necessary infrastructure is in place before testing the ALB controller ingress class.

[goruha]

/terratest

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

test/component_test.go (1)

37-39: ⚠️ Potential issue

Add error handling for DeployAtmosComponent

The error from DeployAtmosComponent is being ignored, which is not ideal for a test. You should assert that no error occurred.

-	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
-	options, _ := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
-	assert.NotNil(s.T(), options)
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
+	options, err := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), options)

🧹 Nitpick comments (2)

test/fixtures/vendor.yaml (1)

1-54: Vendor configuration follows best practices

The AtmosVendorConfig is well structured with clear component definitions, versioning, and path specifications. All necessary components for testing (account-map, eks/cluster, eks/alb-controller, vpc) are included with specific versions.

Consider setting up automated version checks to ensure these dependencies stay current over time.

test/component_test.go (1)

42-43: Fix typo in variable name

There's a typo in the variable name clusrerId (should be clusterId):

-	clusrerId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
-	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusrerId)
+	clusterId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusterId)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec12118 and 976922c.

📒 Files selected for processing (4)

• test/component_test.go (1 hunks)
• test/fixtures/stacks/catalog/eks-alb-controller.yaml (1 hunks)
• test/fixtures/stacks/orgs/default/test/tests.yaml (1 hunks)
• test/fixtures/vendor.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Mergify Merge Protections
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🔇 Additional comments (10)

test/fixtures/stacks/orgs/default/test/tests.yaml (1)

1-7: LGTM! Import configuration looks well structured.

The imports align perfectly with the PR objectives by including the necessary configurations for basic tests, disabled state tests, and component testing. The structure follows the standard pattern for organizing test fixture stacks.

test/fixtures/stacks/catalog/eks-alb-controller.yaml (4)

11-13: Great documentation on chart version dependency!

The comment about updating the IAM policy when changing the chart version is valuable information that helps prevent misconfigurations during future updates.

---

16-18: Properly documented experiment feature flag

Good job noting the issue with the experiment feature by including both the description of the problem and a reference to the GitHub issue for further investigation.

---

23-29: Well-documented configuration pattern for chart_values

The example of how to use chart_values helps future developers understand how to extend the configuration without modifying the component code.

---

30-36: Resource limits are appropriately set

The resource limits and requests are set to reasonable values for this component, which helps with cluster resource management. The CPU and memory settings follow best practices for Kubernetes deployments.

test/component_test.go (5)

48-52: Good validation of the created resources

The test correctly validates that the IngressClass was created with the expected name and controller. This confirms that the component is working as intended.

---

53-53: Excellent implementation of drift testing

Including a drift test is an important part of validating Terraform component stability. This ensures the component maintains its state without drifting during subsequent runs with identical inputs, which was one of the key objectives of this PR.

---

56-60: Good implementation of enabled flag testing

The TestEnabledFlag method checks that no resources are created when the component is disabled, which addresses one of the core objectives of this PR. Using the helper method VerifyEnabledFlag simplifies the implementation.

---

62-66: Well-structured test suite setup

The SetupSuite method properly initializes the configuration and sets the component destination directory, which ensures the tests are running against the correct component.

---

68-74: Dependencies are clearly defined

The test setup adds all required dependencies (vpc, eks/cluster, eks/alb-controller) before running the suite, which ensures the test environment is properly configured.

[github-actions]

These changes were released in v1.535.1.