Add component tests

src/main.tf

@@ -1,4 +1,6 @@
 resource "kubernetes_ingress_class_v1" "default" {
+  count = module.this.enabled ? 1 : 0
+
   metadata {
     name = var.class_name
     annotations = {
@@ -19,6 +21,7 @@ resource "kubernetes_ingress_class_v1" "default" {
 }
 
 resource "kubernetes_manifest" "alb_controller_class_params" {
+  count = module.this.enabled ? 1 : 0
   manifest = {
     apiVersion = "elbv2.k8s.aws/v1beta1"
     kind       = "IngressClassParams"

src/provider-helm.tf

@@ -133,9 +133,8 @@ locals {
     "--profile", var.kube_exec_auth_aws_profile
   ] : []
 
-  kube_exec_auth_role_arn = coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   exec_role = local.kube_exec_auth_enabled && var.kube_exec_auth_role_arn_enabled ? [
-    "--role-arn", local.kube_exec_auth_role_arn
+    "--role-arn", coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   ] : []
 
   # Provide dummy configuration for the case where the EKS cluster is not available.

src/remote-state.tf

@@ -1,6 +1,6 @@
 module "eks" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component = var.eks_component_name
 

test/.gitignore

@@ -0,0 +1,5 @@
+state/
+.cache
+test/test-suite.json
+.atmos
+test_suite.yaml

test/component_test.go

@@ -0,0 +1,74 @@
+package test
+
+import (
+	"context"
+	"testing"
+	"fmt"
+	"strings"
+	helper "github.com/cloudposse/test-helpers/pkg/atmos/component-helper"
+	awsHelper "github.com/cloudposse/test-helpers/pkg/aws"
+	"github.com/cloudposse/test-helpers/pkg/atmos"
+	// "github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"github.com/gruntwork-io/terratest/modules/random"
+)
+
+type ComponentSuite struct {
+	helper.TestSuite
+}
+
+func (s *ComponentSuite) TestBasic() {
+	const component = "eks/alb-controller-ingress-class/basic"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	randomID := strings.ToLower(random.UniqueId())
+	class_name := fmt.Sprintf("alb-%s", randomID)
+	group_name := fmt.Sprintf("group-%s", randomID)
+
+	inputs := map[string]interface{}{
+		"class_name": class_name,
+		"group": group_name,
+		"ip_address_type": "ipv4",
+		"scheme": "internet-facing",
+	}
+
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NotNil(s.T(), options)
+
+	clusterOptions := s.GetAtmosOptions("eks/cluster", stack, nil)
+	clusrerId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusrerId)
+	clientset, err := awsHelper.NewK8SClientset(cluster)
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), clientset)
+
+	ingressClass, err := clientset.NetworkingV1().IngressClasses().Get(context.Background(), class_name, metav1.GetOptions{})
+	assert.NoError(s.T(), err)
+	assert.Equal(s.T(), ingressClass.ObjectMeta.Name, class_name)
+	assert.Equal(s.T(), ingressClass.Spec.Controller, "ingress.k8s.aws/alb")
+
+	s.DriftTest(component, stack, &inputs)
+}
+
+func (s *ComponentSuite) TestEnabledFlag() {
+	const component = "eks/alb-controller-ingress-class/disabled"
+	const stack = "default-test"
+	s.VerifyEnabledFlag(component, stack, nil)
+}
+
+func (s *ComponentSuite) SetupSuite() {
+	s.TestSuite.InitConfig()
+	s.TestSuite.Config.ComponentDestDir = "components/terraform/eks/alb-controller-ingress-class"
+	s.TestSuite.SetupSuite()
+}
+
+func TestRunSuite(t *testing.T) {
+	suite := new(ComponentSuite)
+	suite.AddDependency(t, "vpc", "default-test", nil)
+	suite.AddDependency(t, "eks/cluster", "default-test", nil)
+	suite.AddDependency(t, "eks/alb-controller", "default-test", nil)
+	helper.Run(t, suite)
+}

test/fixtures/atmos.yaml

@@ -0,0 +1,77 @@
+# CLI config is loaded from the following locations (from lowest to highest priority):
+# system dir (`/usr/local/etc/atmos` on Linux, `%LOCALAPPDATA%/atmos` on Windows)
+# home dir (~/.atmos)
+# current directory
+# ENV vars
+# Command-line arguments
+#
+# It supports POSIX-style Globs for file names/paths (double-star `**` is supported)
+# https://en.wikipedia.org/wiki/Glob_(programming)
+
+# Base path for components, stacks and workflows configurations.
+# Can also be set using `ATMOS_BASE_PATH` ENV var, or `--base-path` command-line argument.
+# Supports both absolute and relative paths.
+# If not provided or is an empty string, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are independent settings (supporting both absolute and relative paths).
+# If `base_path` is provided, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are considered paths relative to `base_path`.
+base_path: ""
+
+components:
+  terraform:
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_BASE_PATH` ENV var, or `--terraform-dir` command-line argument
+    # Supports both absolute and relative paths
+    base_path: "components/terraform"
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE` ENV var
+    apply_auto_approve: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT` ENV var, or `--deploy-run-init` command-line argument
+    deploy_run_init: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE` ENV var, or `--init-run-reconfigure` command-line argument
+    init_run_reconfigure: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE` ENV var, or `--auto-generate-backend-file` command-line argument
+    auto_generate_backend_file: true
+
+stacks:
+  # Can also be set using `ATMOS_STACKS_BASE_PATH` ENV var, or `--config-dir` and `--stacks-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks"
+  # Can also be set using `ATMOS_STACKS_INCLUDED_PATHS` ENV var (comma-separated values string)
+  # Since we are distinguishing stacks based on namespace, and namespace is not part
+  # of the stack name, we have to set `included_paths` via the ENV var in the Dockerfile
+  included_paths:
+    - "orgs/**/*"
+
+  # Can also be set using `ATMOS_STACKS_EXCLUDED_PATHS` ENV var (comma-separated values string)
+  excluded_paths:
+    - "**/_defaults.yaml"
+
+  # Can also be set using `ATMOS_STACKS_NAME_PATTERN` ENV var
+  name_pattern: "{tenant}-{stage}"
+
+workflows:
+  # Can also be set using `ATMOS_WORKFLOWS_BASE_PATH` ENV var, or `--workflows-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks/workflows"
+
+# https://github.com/cloudposse/atmos/releases/tag/v1.33.0
+logs:
+  file: "/dev/stdout"
+  # Supported log levels: Trace, Debug, Info, Warning, Off
+  level: Info
+
+settings:
+  # Can also be set using 'ATMOS_SETTINGS_LIST_MERGE_STRATEGY' environment variable, or '--settings-list-merge-strategy' command-line argument
+  list_merge_strategy: replace
+
+# `Go` templates in Atmos manifests
+# https://atmos.tools/core-concepts/stacks/templating
+# https://pkg.go.dev/text/template
+templates:
+  settings:
+    enabled: true
+    # https://masterminds.github.io/sprig
+    sprig:
+      enabled: true
+    # https://docs.gomplate.ca
+    gomplate:
+      enabled: true

test/fixtures/stacks/catalog/account-map.yaml

@@ -0,0 +1,46 @@
+components:
+  terraform:
+    account-map:
+      metadata:
+        terraform_workspace: core-gbl-root
+      vars:
+        tenant: core
+        environment: gbl
+        stage: root
+
+#      This remote state is only for Cloud Posse internal use.
+#      It references the Cloud Posse test organizations actual infrastructure.
+#      remote_state_backend:
+#        s3:
+#          bucket: cptest-core-ue2-root-tfstate-core
+#          dynamodb_table: cptest-core-ue2-root-tfstate-core-lock
+#          role_arn: arn:aws:iam::822777368227:role/cptest-core-gbl-root-tfstate-core-ro
+#          encrypt: true
+#          key: terraform.tfstate
+#          acl: bucket-owner-full-control
+#          region: us-east-2
+
+      remote_state_backend_type: static
+      remote_state_backend:
+        # This static backend is used for tests that only need to use the account map iam-roles module
+        # to find the role to assume for Terraform operations. It is configured to use whatever
+        # the current user's role is, but the environment variable `TEST_ACCOUNT_ID` must be set to
+        # the account ID of the account that the user is currently assuming a role in.
+        #
+        # For some components, this backend is missing important data, and those components
+        # will need that data added to the backend configuration in order to work properly.
+        static:
+          account_info_map: {}
+          all_accounts: []
+          aws_partition: aws
+          full_account_map: {}
+          iam_role_arn_templates: {}
+          non_eks_accounts: []
+          profiles_enabled: false
+          root_account_aws_name: root
+          terraform_access_map: {}
+          terraform_dynamic_role_enabled: false
+          terraform_role_name_map:
+            apply: terraform
+            plan: planner
+          terraform_roles: {}

test/fixtures/stacks/catalog/eks-alb-controller.yaml

@@ -0,0 +1,36 @@
+components:
+  terraform:
+    eks/alb-controller:
+      metadata:
+        component: eks/alb-controller
+      vars:
+        enabled: true
+        kube_exec_auth_role_arn_enabled: false
+        chart: aws-load-balancer-controller
+        chart_repository: https://aws.github.io/eks-charts
+        # IMPORTANT: When updating the chart version, check to see if the IAM policy for the service account.
+        # needs to be updated, and if it does, update the policy in the `distributed-iam-policy.tf` file.
+        chart_version: "1.7.1"
+        create_namespace: true
+        kubernetes_namespace: alb-controller
+        # this feature causes inconsistent final plans
+        # see https://github.com/hashicorp/terraform-provider-helm/issues/711#issuecomment-836192991
+        helm_manifest_experiment_enabled: false
+        default_ingress_class_name: default
+        default_ingress_group: common
+        default_ingress_ip_address_type: ipv4
+        default_ingress_scheme: internet-facing
+        # You can use `chart_values` to set any other chart options. Treat `chart_values` as the root of the doc.
+        #
+        # # For example
+        # ---
+        # chart_values:
+        #   enableShield: false
+        chart_values: {}
+        resources:
+          limits:
+            cpu: 200m
+            memory: 256Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi

test/fixtures/stacks/catalog/eks-cluster.yaml

@@ -0,0 +1,94 @@
+components:
+  terraform:
+    eks/cluster:
+      metadata:
+        component: eks/cluster
+      vars:
+        enabled: true
+
+        # Cluster node configuration
+        aws_ssm_agent_enabled: true
+        managed_node_groups_enabled: true
+        node_groups: # will create node group for each item in map
+          main: # Karpenter is responsible for scaling nodes, but this default node group is required for deploying EKS Addons
+            # EKS AMI version to use, e.g. "1.16.13-20200821" (no "v").
+            ami_release_version: null
+            # Type of Amazon Machine Image (AMI) associated with the EKS Node Group
+            ami_type: AL2_x86_64
+            # Additional name attributes (e.g. `1`) for the node group
+            attributes: []
+            # will create 1 auto scaling group in each specified availability zone
+            # or all AZs with subnets if none are specified anywhere
+            availability_zones: null
+            # Whether to enable Node Group to scale its AutoScaling Group
+            cluster_autoscaler_enabled: false
+            # True (recommended) to create new node_groups before deleting old ones, avoiding a temporary outage
+            create_before_destroy: true
+            # Desired number of worker nodes when initially provisioned
+            desired_group_size: 2
+            # Enable disk encryption for the created launch template (if we aren't provided with an existing launch template)
+            disk_encryption_enabled: true
+            # Disk size in GiB for worker nodes. Terraform will only perform drift detection if a configuration value is provided.
+            disk_size: 20
+            # Set of instance types associated with the EKS Node Group. Terraform will only perform drift detection if a configuration value is provided.
+            instance_types:
+              - t3.small
+            kubernetes_labels: {}
+            kubernetes_taints: []
+            node_role_policy_arns: null
+            kubernetes_version: null
+            max_group_size: 3
+            min_group_size: 2
+            resources_to_tag:
+              - instance
+              - volume
+            tags: null
+
+        access_config:
+          authentication_mode: "API"
+          bootstrap_cluster_creator_admin_permissions: true
+
+        # Fargate profiles, required for Karpenter
+        # fargate_profiles:
+        #   karpenter:
+        #     kubernetes_namespace: karpenter
+        #     kubernetes_labels: null
+        # fargate_profile_iam_role_kubernetes_namespace_delimiter: "@"
+        # karpenter_iam_role_enabled: true
+
+        # Legacy settings
+        # The upstream component sets these to true by default to avoid breaking existing deployments,
+        # but new deployments should have these settings all disabled.
+        legacy_fargate_1_role_per_profile_enabled: false
+
+        addons_depends_on: true
+        deploy_addons_to_fargate: false
+
+        allow_ingress_from_vpc_accounts: []
+        public_access_cidrs: ["0.0.0.0/0"]
+        allowed_cidr_blocks: []
+        allowed_security_groups: []
+
+        enabled_cluster_log_types: []
+        apply_config_map_aws_auth: true
+        availability_zone_abbreviation_type: fixed
+        cluster_private_subnets_only: true
+        cluster_encryption_config_enabled: true
+        cluster_endpoint_private_access: true
+        cluster_endpoint_public_access: true
+        cluster_log_retention_period: 90
+        oidc_provider_enabled: true
+        cluster_kubernetes_version: "1.31"
+        addons:
+          vpc-cni:
+            addon_version: "v1.18.3-eksbuild.3"
+          kube-proxy:
+            addon_version: "v1.30.3-eksbuild.5"
+          coredns:
+            addon_version: "v1.11.3-eksbuild.1"
+            configuration_values: '{"autoScaling":{"enabled":true,"minReplicas":3}}'
+          aws-ebs-csi-driver:
+            addon_version: "v1.34.0-eksbuild.1"
+            configuration_values: '{"sidecars":{"snapshotter":{"forceEnable":false}}}'
+          aws-efs-csi-driver:
+            addon_version: "v2.0.8-eksbuild.1"

test/fixtures/stacks/catalog/usecase/basic.yaml

@@ -0,0 +1,12 @@
+components:
+  terraform:
+    eks/alb-controller-ingress-class/basic:
+      metadata:
+        component: eks/alb-controller-ingress-class
+      vars:
+        enabled: true
+        kube_exec_auth_role_arn_enabled: false
+        class_name: special
+        group: special
+        ip_address_type: ipv4
+        scheme: internet-facing

test/fixtures/stacks/catalog/usecase/disabled.yaml

@@ -0,0 +1,12 @@
+components:
+  terraform:
+    eks/alb-controller-ingress-class/disabled:
+      metadata:
+        component: eks/alb-controller-ingress-class
+      vars:
+        enabled: false
+        kube_exec_auth_role_arn_enabled: false
+        class_name: special
+        group: special
+        ip_address_type: ipv4
+        scheme: internet-facing