Added tests (#18)

# What
* [x] Add `basic` component test
* [x] Add `disabled` component test
* [x] Test component drifting


# Why
* Test basic component features
* Verify that the component does not create any resources when input `enabled: false` set
* Verify that the component does not drift on a second run with the same inputs
* Add test for any additional than basic use cases for the component

# References
* [Component test writing guide](https://docs.cloudposse.com/community/contribute/component-testing/)
* [List of component tests are done](https://github.com/orgs/cloudposse-terraform-components/projects/1/views/3)


<!-- This is an auto-generated comment: release notes by coderabbit.ai -->
## Summary by CodeRabbit

- **Bug Fixes**  
  - Improved Kubernetes provider authentication handling for accurate role determination.

- **Chores**  
  - Updated remote state modules and added ignore rules.  
  - Established a new Go testing module with updated dependencies.  
  - Removed an outdated test script.

- **New Features**  
  - Introduced comprehensive CLI and sample configuration files for multi-account setups, EKS clusters, VPCs, and AWS Load Balancer Controller (both enabled and disabled modes).  
  - Added vendor configuration for managing Terraform module dependencies.

- **Tests**  
  - Added a new test suite to validate AWS Load Balancer Controller deployment.  
  - Introduced additional test configurations for various components and environments.  
  - Added import section for dependencies in test configurations.  
  - Included new test cases for various configurations and components.  
  - Added new YAML configuration files for various components and organizational setups.  
  - Created a new test suite for validating deployment functionality in the EKS cluster.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: goruha

src/provider-helm.tf

@@ -133,9 +133,8 @@ locals {
     "--profile", var.kube_exec_auth_aws_profile
   ] : []
 
-  kube_exec_auth_role_arn = coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   exec_role = local.kube_exec_auth_enabled && var.kube_exec_auth_role_arn_enabled ? [
-    "--role-arn", local.kube_exec_auth_role_arn
+    "--role-arn", coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   ] : []
 
   # Provide dummy configuration for the case where the EKS cluster is not available.

src/remote-state.tf

@@ -1,6 +1,6 @@
 module "eks" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component = var.eks_component_name
 
@@ -9,7 +9,7 @@ module "eks" {
 
 module "vpc" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component = var.vpc_component_name
 

test/.gitignore

@@ -0,0 +1,5 @@
+state/
+.cache
+test/test-suite.json
+.atmos
+test_suite.yaml

test/component_test.go

@@ -0,0 +1,226 @@
+package test
+
+import (
+	"context"
+	"testing"
+	"strings"
+	"fmt"
+	"time"
+	helper "github.com/cloudposse/test-helpers/pkg/atmos/component-helper"
+	awsHelper "github.com/cloudposse/test-helpers/pkg/aws"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/cloudposse/test-helpers/pkg/atmos"
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	corev1 "k8s.io/api/core/v1"
+
+	"k8s.io/client-go/informers"
+	"k8s.io/client-go/tools/cache"
+)
+
+type ComponentSuite struct {
+	helper.TestSuite
+}
+
+func (s *ComponentSuite) TestBasic() {
+	const component = "eks/alb-controller/basic"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	randomID := strings.ToLower(random.UniqueId())
+
+	controllerNamespace := fmt.Sprintf("alb-controller-%s", randomID)
+
+	input := map[string]interface{}{
+		"kubernetes_namespace": controllerNamespace,
+	}
+
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &input)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, &input)
+	assert.NotNil(s.T(), options)
+
+	type Metadata struct {
+		AppVersion        string `json:"app_version"`
+		Chart             string `json:"chart"`
+		FirstDeployed     float64 `json:"first_deployed"`
+		LastDeployed      float64 `json:"last_deployed"`
+		Name              string `json:"name"`
+		Namespace         string `json:"namespace"`
+		Notes             string `json:"notes"`
+		Revision          int    `json:"revision"`
+		Values            string `json:"values"`
+		Version           string `json:"version"`
+	}
+
+	metadataArray := []Metadata{}
+
+	atmos.OutputStruct(s.T(), options, "metadata", &metadataArray)
+
+	metadata := metadataArray[0]
+
+	assert.Equal(s.T(), metadata.AppVersion, "v2.7.1")
+	assert.Equal(s.T(), metadata.Chart, "aws-load-balancer-controller")
+	assert.NotNil(s.T(), metadata.FirstDeployed)
+	assert.NotNil(s.T(), metadata.LastDeployed)
+	assert.Equal(s.T(), metadata.Name, "aws-load-balancer-controller")
+	assert.Equal(s.T(), metadata.Namespace, controllerNamespace)
+	assert.Equal(s.T(), metadata.Notes, "AWS Load Balancer controller installed!\n")
+	assert.Equal(s.T(), metadata.Revision, 1)
+	assert.NotNil(s.T(), metadata.Values)
+	assert.Equal(s.T(), metadata.Version, "1.7.1")
+
+	clusterOptions := s.GetAtmosOptions("eks/cluster", stack, nil)
+	clusrerId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusrerId)
+	clientset, err := awsHelper.NewK8SClientset(cluster)
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), clientset)
+
+	deployment, err := clientset.AppsV1().Deployments(controllerNamespace).Get(context.Background(), "aws-load-balancer-controller", metav1.GetOptions{})
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), deployment)
+	assert.Equal(s.T(), deployment.Name, "aws-load-balancer-controller")
+	assert.Equal(s.T(), deployment.Namespace, controllerNamespace)
+	assert.Equal(s.T(), *deployment.Spec.Replicas, int32(2))
+
+
+	ingressNamespace := fmt.Sprintf("example-%s", randomID)
+	ingressName := fmt.Sprintf("example-ingress-%s", randomID)
+
+	defer func() {
+		if err := clientset.CoreV1().Namespaces().Delete(context.Background(), ingressNamespace, metav1.DeleteOptions{}); err != nil {
+			fmt.Printf("Error deleting namespace %s: %v\n", ingressNamespace, err)
+		}
+	}()
+	_, err = clientset.CoreV1().Namespaces().Create(context.Background(), &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: ingressNamespace,
+		},
+	}, metav1.CreateOptions{})
+	assert.NoError(s.T(), err)
+
+
+	pathType := networkingv1.PathTypeImplementationSpecific
+
+	ingress := &networkingv1.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      ingressName,
+			Annotations: map[string]string{
+				"alb.ingress.kubernetes.io/load-balancer-name": ingressName,
+				"alb.ingress.kubernetes.io/group.name":         "example-group",
+				"external-dns.alpha.kubernetes.io/hostname":    "example.com",
+			},
+		},
+		Spec: networkingv1.IngressSpec{
+			DefaultBackend: &networkingv1.IngressBackend{
+				Service: &networkingv1.IngressServiceBackend{
+					Name: "default",
+					Port: networkingv1.ServiceBackendPort{
+						Name: "use-annotation",
+					},
+				},
+			},
+			TLS: []networkingv1.IngressTLS{
+				{
+					Hosts: []string{"example.com"},
+				},
+			},
+			Rules: []networkingv1.IngressRule{
+				{
+					Host: "example.com",
+					IngressRuleValue: networkingv1.IngressRuleValue{
+						HTTP: &networkingv1.HTTPIngressRuleValue{
+							Paths: []networkingv1.HTTPIngressPath{
+								{
+									Path: "/",
+									PathType: &pathType,
+									Backend: networkingv1.IngressBackend{
+										Service: &networkingv1.IngressServiceBackend{
+											Name: "default",
+											Port: networkingv1.ServiceBackendPort{
+												Number: 80,
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	defer func() {
+		if err := clientset.NetworkingV1().Ingresses(ingressNamespace).Delete(context.Background(), ingressName, metav1.DeleteOptions{}); err != nil {
+			fmt.Printf("Error deleting ingress %s: %v\n", ingressName, err)
+		}
+	}()
+	_, err = clientset.NetworkingV1().Ingresses(ingressNamespace).Create(context.Background(), ingress, metav1.CreateOptions{})
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), ingress)
+
+	// Wait for the Ingress to be updated with the LoadBalancer metadata
+	factory := informers.NewSharedInformerFactory(clientset, 0)
+	informer := factory.Networking().V1().Ingresses().Informer()
+
+	stopChannel := make(chan struct{})
+
+	informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			_, ok := oldObj.(*networkingv1.Ingress)
+			if !ok {
+				return
+			}
+			newIngress, ok := newObj.(*networkingv1.Ingress)
+			if !ok {
+				return
+			}
+
+			// Check if the Ingress's LoadBalancer status has been populated
+			if len(newIngress.Status.LoadBalancer.Ingress) > 0 && len(newIngress.Status.LoadBalancer.Ingress[0].Hostname) > 0 {
+				fmt.Printf("Ingress %s is ready\n", newIngress.Name)
+				close(stopChannel)
+			} else {
+				fmt.Printf("Ingress %s is not ready yet\n", newIngress.Name)
+			}
+		},
+	})
+	go informer.Run(stopChannel)
+
+	select {
+		case <-stopChannel:
+			msg := "All ingress have joined the EKS cluster"
+			fmt.Println(msg)
+		case <-time.After(1 * time.Minute):
+			msg := "Not all worker nodes have joined the EKS cluster"
+			fmt.Println(msg)
+	}
+
+	ingressStatus, err := clientset.NetworkingV1().Ingresses(ingressNamespace).Get(context.Background(), ingressName, metav1.GetOptions{})
+	assert.NoError(s.T(), err)
+	assert.Equal(s.T(), ingressStatus.Name, ingressName)
+	assert.NotEmpty(s.T(), ingressStatus.Status.LoadBalancer.Ingress[0].Hostname)
+
+	s.DriftTest(component, stack, &input)
+}
+
+func (s *ComponentSuite) TestEnabledFlag() {
+	const component = "eks/alb-controller/disabled"
+	const stack = "default-test"
+	s.VerifyEnabledFlag(component, stack, nil)
+}
+
+func (s *ComponentSuite) SetupSuite() {
+	s.TestSuite.InitConfig()
+	s.TestSuite.Config.ComponentDestDir = "components/terraform/eks/alb-controller"
+	s.TestSuite.SetupSuite()
+}
+
+func TestRunSuite(t *testing.T) {
+	suite := new(ComponentSuite)
+	suite.AddDependency(t, "vpc", "default-test", nil)
+	suite.AddDependency(t, "eks/cluster", "default-test", nil)
+	helper.Run(t, suite)
+}

test/fixtures/atmos.yaml

@@ -0,0 +1,77 @@
+# CLI config is loaded from the following locations (from lowest to highest priority):
+# system dir (`/usr/local/etc/atmos` on Linux, `%LOCALAPPDATA%/atmos` on Windows)
+# home dir (~/.atmos)
+# current directory
+# ENV vars
+# Command-line arguments
+#
+# It supports POSIX-style Globs for file names/paths (double-star `**` is supported)
+# https://en.wikipedia.org/wiki/Glob_(programming)
+
+# Base path for components, stacks and workflows configurations.
+# Can also be set using `ATMOS_BASE_PATH` ENV var, or `--base-path` command-line argument.
+# Supports both absolute and relative paths.
+# If not provided or is an empty string, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are independent settings (supporting both absolute and relative paths).
+# If `base_path` is provided, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are considered paths relative to `base_path`.
+base_path: ""
+
+components:
+  terraform:
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_BASE_PATH` ENV var, or `--terraform-dir` command-line argument
+    # Supports both absolute and relative paths
+    base_path: "components/terraform"
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE` ENV var
+    apply_auto_approve: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT` ENV var, or `--deploy-run-init` command-line argument
+    deploy_run_init: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE` ENV var, or `--init-run-reconfigure` command-line argument
+    init_run_reconfigure: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE` ENV var, or `--auto-generate-backend-file` command-line argument
+    auto_generate_backend_file: true
+
+stacks:
+  # Can also be set using `ATMOS_STACKS_BASE_PATH` ENV var, or `--config-dir` and `--stacks-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks"
+  # Can also be set using `ATMOS_STACKS_INCLUDED_PATHS` ENV var (comma-separated values string)
+  # Since we are distinguishing stacks based on namespace, and namespace is not part
+  # of the stack name, we have to set `included_paths` via the ENV var in the Dockerfile
+  included_paths:
+    - "orgs/**/*"
+
+  # Can also be set using `ATMOS_STACKS_EXCLUDED_PATHS` ENV var (comma-separated values string)
+  excluded_paths:
+    - "**/_defaults.yaml"
+
+  # Can also be set using `ATMOS_STACKS_NAME_PATTERN` ENV var
+  name_pattern: "{tenant}-{stage}"
+
+workflows:
+  # Can also be set using `ATMOS_WORKFLOWS_BASE_PATH` ENV var, or `--workflows-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks/workflows"
+
+# https://github.com/cloudposse/atmos/releases/tag/v1.33.0
+logs:
+  file: "/dev/stdout"
+  # Supported log levels: Trace, Debug, Info, Warning, Off
+  level: Info
+
+settings:
+  # Can also be set using 'ATMOS_SETTINGS_LIST_MERGE_STRATEGY' environment variable, or '--settings-list-merge-strategy' command-line argument
+  list_merge_strategy: replace
+
+# `Go` templates in Atmos manifests
+# https://atmos.tools/core-concepts/stacks/templating
+# https://pkg.go.dev/text/template
+templates:
+  settings:
+    enabled: true
+    # https://masterminds.github.io/sprig
+    sprig:
+      enabled: true
+    # https://docs.gomplate.ca
+    gomplate:
+      enabled: true

test/fixtures/stacks/catalog/account-map.yaml

@@ -0,0 +1,46 @@
+components:
+  terraform:
+    account-map:
+      metadata:
+        terraform_workspace: core-gbl-root
+      vars:
+        tenant: core
+        environment: gbl
+        stage: root
+
+#      This remote state is only for Cloud Posse internal use.
+#      It references the Cloud Posse test organizations actual infrastructure.
+#      remote_state_backend:
+#        s3:
+#          bucket: cptest-core-ue2-root-tfstate-core
+#          dynamodb_table: cptest-core-ue2-root-tfstate-core-lock
+#          role_arn: arn:aws:iam::822777368227:role/cptest-core-gbl-root-tfstate-core-ro
+#          encrypt: true
+#          key: terraform.tfstate
+#          acl: bucket-owner-full-control
+#          region: us-east-2
+
+      remote_state_backend_type: static
+      remote_state_backend:
+        # This static backend is used for tests that only need to use the account map iam-roles module
+        # to find the role to assume for Terraform operations. It is configured to use whatever
+        # the current user's role is, but the environment variable `TEST_ACCOUNT_ID` must be set to
+        # the account ID of the account that the user is currently assuming a role in.
+        #
+        # For some components, this backend is missing important data, and those components
+        # will need that data added to the backend configuration in order to work properly.
+        static:
+          account_info_map: {}
+          all_accounts: []
+          aws_partition: aws
+          full_account_map: {}
+          iam_role_arn_templates: {}
+          non_eks_accounts: []
+          profiles_enabled: false
+          root_account_aws_name: root
+          terraform_access_map: {}
+          terraform_dynamic_role_enabled: false
+          terraform_role_name_map:
+            apply: terraform
+            plan: planner
+          terraform_roles: {}