Added tests (#17)

* Added tests

* Clean dns records on tear down

* Specify domains sufffix that managed by external dns

* Remove unnesasery methods

* Cleanup tests

* Fix defer order

* Replace informers with sleep timeout

* fix duplication

* Pin version

Author: goruha

src/main.tf

@@ -12,6 +12,11 @@ locals {
     values(module.dns_gbl_primary.outputs.zones)[*].zone_id,
     flatten([for k, v in module.additional_dns_components : [for i, j in v.outputs.zones : j.zone_id]])
   ))
+  zone_names = compact(concat(
+    values(module.dns_gbl_delegated.outputs.zones)[*].name,
+    values(module.dns_gbl_primary.outputs.zones)[*].name,
+    flatten([for k, v in module.additional_dns_components : [for i, j in v.outputs.zones : j.name]])
+  ))
 }
 
 data "aws_partition" "current" {
@@ -99,6 +104,7 @@ module "external_dns" {
       txtOwnerId              = local.txt_owner
       txtPrefix               = local.txt_prefix
       sources                 = local.sources
+      domainFilters           = local.zone_names
     }),
     # hardcoded values
     file("${path.module}/resources/values.yaml"),

src/provider-helm.tf

@@ -133,9 +133,8 @@ locals {
     "--profile", var.kube_exec_auth_aws_profile
   ] : []
 
-  kube_exec_auth_role_arn = coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   exec_role = local.kube_exec_auth_enabled && var.kube_exec_auth_role_arn_enabled ? [
-    "--role-arn", local.kube_exec_auth_role_arn
+    "--role-arn", coalesce(var.kube_exec_auth_role_arn, module.iam_roles.terraform_role_arn)
   ] : []
 
   # Provide dummy configuration for the case where the EKS cluster is not available.

src/remote-state.tf

@@ -1,6 +1,6 @@
 module "eks" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component = var.eks_component_name
 
@@ -9,7 +9,7 @@ module "eks" {
 
 module "dns_gbl_delegated" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component   = "dns-delegated"
   environment = var.dns_gbl_delegated_environment_name
@@ -23,7 +23,7 @@ module "dns_gbl_delegated" {
 
 module "dns_gbl_primary" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.5.0"
+  version = "1.8.0"
 
   component   = "dns-primary"
   environment = var.dns_gbl_primary_environment_name
@@ -40,7 +40,7 @@ module "dns_gbl_primary" {
 module "additional_dns_components" {
   for_each = { for obj in var.dns_components : obj.component => obj }
   source   = "cloudposse/stack-config/yaml//modules/remote-state"
-  version  = "1.5.0"
+  version  = "1.8.0"
 
   component   = each.value.component
   environment = coalesce(each.value.environment, "gbl")

test/.gitignore

@@ -0,0 +1,5 @@
+state/
+.cache
+test/test-suite.json
+.atmos
+test_suite.yaml

test/component_test.go

@@ -0,0 +1,198 @@
+package test
+
+import (
+	"context"
+	"testing"
+	"fmt"
+	"strings"
+	"time"
+	"github.com/cloudposse/test-helpers/pkg/atmos"
+	"github.com/cloudposse/test-helpers/pkg/helm"
+	awsHelper "github.com/cloudposse/test-helpers/pkg/aws"
+	helper "github.com/cloudposse/test-helpers/pkg/atmos/component-helper"
+	awsTerratest "github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/gruntwork-io/terratest/modules/random"
+
+	"github.com/stretchr/testify/assert"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
+	"k8s.io/client-go/dynamic"
+)
+
+type ComponentSuite struct {
+	helper.TestSuite
+}
+
+func (s *ComponentSuite) TestBasic() {
+	const component = "eks/external-dns/basic"
+	const stack = "default-test"
+	const awsRegion = "us-east-2"
+
+	clusterOptions := s.GetAtmosOptions("eks/cluster", stack, nil)
+	clusrerId := atmos.Output(s.T(), clusterOptions, "eks_cluster_id")
+	cluster := awsHelper.GetEksCluster(s.T(), context.Background(), awsRegion, clusrerId)
+
+	dnsDelegatedOptions := s.GetAtmosOptions("dns-delegated", stack, nil)
+	delegatedDomainName := atmos.Output(s.T(), dnsDelegatedOptions, "default_domain_name")
+	defaultDNSZoneId := atmos.Output(s.T(), dnsDelegatedOptions, "default_dns_zone_id")
+
+	defer func() {
+		if err := awsHelper.CleanDNSZoneID(s.T(), context.Background(), defaultDNSZoneId, awsRegion); err != nil {
+			fmt.Printf("Error cleaning DNS zone %s: %v\n", defaultDNSZoneId, err)
+		}
+	}()
+
+	randomID := strings.ToLower(random.UniqueId())
+
+	namespace := fmt.Sprintf("external-dns-%s", randomID)
+	dnsEndpointName := fmt.Sprintf("example-dns-record-%s", randomID)
+	dnsRecordHostName := fmt.Sprintf("%s.%s", randomID, delegatedDomainName)
+
+	inputs := map[string]interface{}{
+		"kubernetes_namespace": namespace,
+	}
+
+	defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs)
+	options, _ := s.DeployAtmosComponent(s.T(), component, stack, &inputs)
+	assert.NotNil(s.T(), options)
+
+	metadataArray := []helm.Metadata{}
+
+	atmos.OutputStruct(s.T(), options, "metadata", &metadataArray)
+
+	metadata := metadataArray[0]
+
+	assert.Equal(s.T(), metadata.AppVersion, "0.14.0")
+	assert.Equal(s.T(), metadata.Chart, "external-dns")
+	assert.NotNil(s.T(), metadata.FirstDeployed)
+	assert.NotNil(s.T(), metadata.LastDeployed)
+	assert.Equal(s.T(), metadata.Name, "external-dns")
+	assert.Equal(s.T(), metadata.Namespace, namespace)
+	assert.NotNil(s.T(), metadata.Values)
+	assert.Equal(s.T(), metadata.Version, "6.33.0")
+
+
+	config, err := awsHelper.NewK8SClientConfig(cluster)
+	assert.NoError(s.T(), err)
+	assert.NotNil(s.T(), config)
+
+	dynamicClient, err := dynamic.NewForConfig(config)
+	if err != nil {
+		panic(fmt.Errorf("failed to create dynamic client: %v", err))
+	}
+
+	// Define the GroupVersionResource for the DNSEndpoint CRD
+	dnsEndpointGVR := schema.GroupVersionResource{
+		Group:    "externaldns.k8s.io",
+		Version:  "v1alpha1",
+		Resource: "dnsendpoints",
+	}
+
+	// Create the DNSEndpoint object as an unstructured resource
+	dnsEndpoint := &unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"apiVersion": "externaldns.k8s.io/v1alpha1",
+			"kind":       "DNSEndpoint",
+			"metadata": map[string]interface{}{
+				"name":	dnsEndpointName,
+				"namespace": namespace,
+			},
+			"spec": map[string]interface{}{
+				"endpoints": []interface{}{
+					map[string]interface{}{
+						"dnsName": dnsRecordHostName,
+						"recordTTL":  300,
+						"recordType": "A",
+						"targets": []interface{}{
+							"127.0.0.1",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	// Create the DNSEndpoint resource in the "default" namespace
+	_, err = dynamicClient.Resource(dnsEndpointGVR).Namespace(namespace).Create(context.Background(), dnsEndpoint, metav1.CreateOptions{})
+	assert.NoError(s.T(), err)
+
+	defer func() {
+		if err := dynamicClient.Resource(dnsEndpointGVR).Namespace(namespace).Delete(context.Background(), dnsEndpointName, metav1.DeleteOptions{}); err != nil {
+			fmt.Printf("Error deleting external dns %s: %v\n", dnsEndpointName, err)
+		}
+	}()
+
+	// Wait for the DNS record to be created
+	// We can't use informers as DNS CRD status is not updated when the record is created
+	time.Sleep(2 * time.Minute)
+
+	delegatedNSRecord := awsTerratest.GetRoute53Record(s.T(), defaultDNSZoneId, dnsRecordHostName, "A", awsRegion)
+	assert.Equal(s.T(), fmt.Sprintf("%s.", dnsRecordHostName), *delegatedNSRecord.Name)
+
+	s.DriftTest(component, stack, &inputs)
+}
+
+func (s *ComponentSuite) TestEnabledFlag() {
+	const component = "eks/external-dns/disabled"
+	const stack = "default-test"
+	s.VerifyEnabledFlag(component, stack, nil)
+}
+
+func (s *ComponentSuite) SetupSuite() {
+	s.TestSuite.InitConfig()
+	s.TestSuite.Config.ComponentDestDir = "components/terraform/eks/external-dns"
+	s.TestSuite.SetupSuite()
+}
+
+func TestRunSuite(t *testing.T) {
+	suite := new(ComponentSuite)
+	suite.AddDependency(t, "vpc", "default-test", nil)
+	suite.AddDependency(t, "eks/cluster", "default-test", nil)
+
+	subdomain := strings.ToLower(random.UniqueId())
+	inputs := map[string]interface{}{
+		"zone_config": []map[string]interface{}{
+			{
+				"subdomain": subdomain,
+				"zone_name": "components.cptest.test-automation.app",
+			},
+		},
+	}
+	suite.AddDependency(t, "dns-delegated", "default-test", &inputs)
+
+	randomID := strings.ToLower(random.UniqueId())
+	domainName := fmt.Sprintf("example-%s.net", randomID)
+	inputsPrimaryDns := map[string]interface{}{
+		"domain_names": []string{domainName},
+		"record_config": []map[string]interface{}{
+			{
+				"root_zone": domainName,
+				"name":      "",
+				"type":      "A",
+				"ttl":       60,
+				"records":   []string{"127.0.0.1"},
+			},
+			{
+				"root_zone": domainName,
+				"name":      "www.",
+				"type":      "CNAME",
+				"ttl":       60,
+				"records":   []string{domainName},
+			},
+			{
+				"root_zone": domainName,
+				"name":      "123456.",
+				"type":      "CNAME",
+				"ttl":       120,
+				"records":   []string{domainName},
+			},
+		},
+	}
+	suite.AddDependency(t, "dns-primary", "default-test", &inputsPrimaryDns)
+
+	suite.AddDependency(t, "eks/alb-controller", "default-test", nil)
+	helper.Run(t, suite)
+}

test/fixtures/atmos.yaml

@@ -0,0 +1,77 @@
+# CLI config is loaded from the following locations (from lowest to highest priority):
+# system dir (`/usr/local/etc/atmos` on Linux, `%LOCALAPPDATA%/atmos` on Windows)
+# home dir (~/.atmos)
+# current directory
+# ENV vars
+# Command-line arguments
+#
+# It supports POSIX-style Globs for file names/paths (double-star `**` is supported)
+# https://en.wikipedia.org/wiki/Glob_(programming)
+
+# Base path for components, stacks and workflows configurations.
+# Can also be set using `ATMOS_BASE_PATH` ENV var, or `--base-path` command-line argument.
+# Supports both absolute and relative paths.
+# If not provided or is an empty string, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are independent settings (supporting both absolute and relative paths).
+# If `base_path` is provided, `components.terraform.base_path`, `components.helmfile.base_path`, `stacks.base_path` and `workflows.base_path`
+# are considered paths relative to `base_path`.
+base_path: ""
+
+components:
+  terraform:
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_BASE_PATH` ENV var, or `--terraform-dir` command-line argument
+    # Supports both absolute and relative paths
+    base_path: "components/terraform"
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE` ENV var
+    apply_auto_approve: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT` ENV var, or `--deploy-run-init` command-line argument
+    deploy_run_init: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE` ENV var, or `--init-run-reconfigure` command-line argument
+    init_run_reconfigure: true
+    # Can also be set using `ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE` ENV var, or `--auto-generate-backend-file` command-line argument
+    auto_generate_backend_file: true
+
+stacks:
+  # Can also be set using `ATMOS_STACKS_BASE_PATH` ENV var, or `--config-dir` and `--stacks-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks"
+  # Can also be set using `ATMOS_STACKS_INCLUDED_PATHS` ENV var (comma-separated values string)
+  # Since we are distinguishing stacks based on namespace, and namespace is not part
+  # of the stack name, we have to set `included_paths` via the ENV var in the Dockerfile
+  included_paths:
+    - "orgs/**/*"
+
+  # Can also be set using `ATMOS_STACKS_EXCLUDED_PATHS` ENV var (comma-separated values string)
+  excluded_paths:
+    - "**/_defaults.yaml"
+
+  # Can also be set using `ATMOS_STACKS_NAME_PATTERN` ENV var
+  name_pattern: "{tenant}-{stage}"
+
+workflows:
+  # Can also be set using `ATMOS_WORKFLOWS_BASE_PATH` ENV var, or `--workflows-dir` command-line arguments
+  # Supports both absolute and relative paths
+  base_path: "stacks/workflows"
+
+# https://github.com/cloudposse/atmos/releases/tag/v1.33.0
+logs:
+  file: "/dev/stdout"
+  # Supported log levels: Trace, Debug, Info, Warning, Off
+  level: Info
+
+settings:
+  # Can also be set using 'ATMOS_SETTINGS_LIST_MERGE_STRATEGY' environment variable, or '--settings-list-merge-strategy' command-line argument
+  list_merge_strategy: replace
+
+# `Go` templates in Atmos manifests
+# https://atmos.tools/core-concepts/stacks/templating
+# https://pkg.go.dev/text/template
+templates:
+  settings:
+    enabled: true
+    # https://masterminds.github.io/sprig
+    sprig:
+      enabled: true
+    # https://docs.gomplate.ca
+    gomplate:
+      enabled: true

test/fixtures/stacks/catalog/account-map.yaml

@@ -0,0 +1,46 @@
+components:
+  terraform:
+    account-map:
+      metadata:
+        terraform_workspace: core-gbl-root
+      vars:
+        tenant: core
+        environment: gbl
+        stage: root
+
+#      This remote state is only for Cloud Posse internal use.
+#      It references the Cloud Posse test organizations actual infrastructure.
+#      remote_state_backend:
+#        s3:
+#          bucket: cptest-core-ue2-root-tfstate-core
+#          dynamodb_table: cptest-core-ue2-root-tfstate-core-lock
+#          role_arn: arn:aws:iam::822777368227:role/cptest-core-gbl-root-tfstate-core-ro
+#          encrypt: true
+#          key: terraform.tfstate
+#          acl: bucket-owner-full-control
+#          region: us-east-2
+
+      remote_state_backend_type: static
+      remote_state_backend:
+        # This static backend is used for tests that only need to use the account map iam-roles module
+        # to find the role to assume for Terraform operations. It is configured to use whatever
+        # the current user's role is, but the environment variable `TEST_ACCOUNT_ID` must be set to
+        # the account ID of the account that the user is currently assuming a role in.
+        #
+        # For some components, this backend is missing important data, and those components
+        # will need that data added to the backend configuration in order to work properly.
+        static:
+          account_info_map: {}
+          all_accounts: []
+          aws_partition: aws
+          full_account_map: {}
+          iam_role_arn_templates: {}
+          non_eks_accounts: []
+          profiles_enabled: false
+          root_account_aws_name: root
+          terraform_access_map: {}
+          terraform_dynamic_role_enabled: false
+          terraform_role_name_map:
+            apply: terraform
+            plan: planner
+          terraform_roles: {}