如何在 terratest 中扮演一个角色
[英]how to pass an assume role in terratest
问题描述
I'm working on writing test case for a terraform module.
我正在为 terraform 模块编写测试用例。 I have an assume role, and i would like to pass it to my go test.我有一个假设角色,我想将它传递给我的 go 测试。 I'm not sure how to pass it .我不知道如何通过它。 I defined it as a const and then how should i pass it such that it gets evoked during terraform init and terraform apply, destroy.我将它定义为一个常量,然后我应该如何传递它,以便在 terraform init 和 terraform apply, destroy 期间调用它。
package test
import (
"testing"
"github.com/gruntwork-io/terratest/modules/aws"
"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// An example of how to test the Terraform module in examples/terraform-aws-network-example using Terratest.
func TestTerraformAwsNetworkExample(t *testing.T) {
t.Parallel()
const authAssumeRoleEnvVar = "TERRATEST_IAM_ROLE"
// Give the VPC and the subnets correct CIDRs
vpcCidr := "1x.x.x.x/20"
Env := "staging"
privateSubnetCidr := []string{"1x.x.x.x/30"}
publicSubnetCidr := []string{"1x.x.x.x/30"}
Tag := map[string]string{"owner":"xxx"}
awsRegion := "us-east-1"
terraformOptions := &terraform.Options{
// The path to where our Terraform code is located
TerraformDir: "..",
// Variables to pass to our Terraform code using -var options
Vars: map[string]interface{}{
"vpc_cidr": vpcCidr,
"env": Env,
"private_subnet_cidrs": privateSubnetCidr,
"public_subnet_cidrs": publicSubnetCidr,
"tags" : Tag,
},
EnvVars: map[string]string{
"AWS_DEFAULT_REGION": awsRegion,
},
}
// At the end of the test, run `terraform destroy` to clean up any resources that were created
defer terraform.Destroy(t, terraformOptions)
// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
terraform.InitAndApply(t, terraformOptions)
// Run `terraform output` to get the value of an output variable
publicSubnetId := terraform.Output(t, terraformOptions, "public_subnet_ids")
privateSubnetId := terraform.Output(t, terraformOptions, "private_subnet_ids")
vpcId := terraform.Output(t, terraformOptions, "vpc_id")
subnets := aws.GetSubnetsForVpc(t, vpcId, awsRegion)
require.Equal(t, 2, len(subnets))
// Verify if the network that is supposed to be public is really public
assert.True(t, aws.IsPublicSubnet(t, publicSubnetId, awsRegion))
// Verify if the network that is supposed to be private is really private
assert.False(t, aws.IsPublicSubnet(t, privateSubnetId, awsRegion))
}
2 个解决方案
解决方案1
4 已采纳 2020-01-15 18:30:44
** **
This piece of code is not testable, so you can't test it.
** https://github.com/gruntwork-io/terratest/blob/f3916f7a5f58e3fedf603388d3e3e8052d6a47a3/modules/aws/auth.go#L18 ** https://github.com/gruntwork-io/terratest/blob/f3916f7a5f58e3fedf603388d3e3e8052d6a47a3/modules/aws/auth.go#L18
I wish they could have refactor it like this:我希望他们可以像这样重构它:
var AuthAssumeRoleEnvVar string
func SetAuthAssumeRoleEnvVar(role string){
AuthAssumeRoleEnvVar = role
}
func NewAuthenticatedSession(region string) (*session.Session, error) {
if assumeRoleArn, ok := os.LookupEnv(AuthAssumeRoleEnvVar); ok {
return NewAuthenticatedSessionFromRole(region, assumeRoleArn)
} else {
return NewAuthenticatedSessionFromDefaultCredentials(region)
}
}
So that we could call it something like this:这样我们就可以这样称呼它:
aws.SetAuthAssumeRoleEnvVar("testrole")
aws.NewAuthenticatedSession(region)
解决方案2
2 2020-01-16 21:46:51
The only way to pass this variable TERRATEST_IAM_ROLE as os environment variable as mentioned in the doc You can also define it your backend file, but that would not be picked up if you have assert test cases that reads values, since it uses aws cli如文档中所述,将此变量 TERRATEST_IAM_ROLE 作为 os 环境变量传递的唯一方法您也可以将其定义为后端文件,但如果您有读取值的断言测试用例,则不会被选中,因为它使用 aws cli
So I did something this , and it worked.所以我做了一些这样的事情,它奏效了。
import (
"os"
)
os.Setenv("TERRATEST_IAM_ROLE", "arn:aws:iam::xxxx/xxxx")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.