From 9a66dc239f523b71021ae65bef9ab19ce68a1724 Mon Sep 17 00:00:00 2001
From: Jason Witkowski <jwitko1@gmail.com>
Date: Tue, 22 Mar 2022 16:05:17 -0400
Subject: [PATCH 1/2] Add datasources for bootstrap bucket, Add sub-directory
 for creating test objects, add testing patterns

---
 README.md                      |  5 +++++
 datasources.aws.tf             | 36 ++++++++++++++++++++++++++++++++++
 main.tf => ssh-keypairs.aws.tf |  8 +++-----
 tests/README.md                |  6 ++++++
 tests/aws-testing.tfvars       |  2 ++
 tests/aws-tests.tf             | 18 +++++++++++++++++
 tests/variables.tf             |  2 ++
 tests/versions.tf              | 10 ++++++++++
 variables.tf                   | 22 ++++++++++++++++++---
 9 files changed, 101 insertions(+), 8 deletions(-)
 create mode 100644 datasources.aws.tf
 rename main.tf => ssh-keypairs.aws.tf (66%)
 create mode 100644 tests/README.md
 create mode 100644 tests/aws-testing.tfvars
 create mode 100644 tests/aws-tests.tf
 create mode 100644 tests/variables.tf
 create mode 100644 tests/versions.tf

diff --git a/README.md b/README.md
index 8cf1c2c..9fdb9de 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,11 @@ Report issues/questions/feature requests on in the [issues](https://github.com/c
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
 
+## Testing
+### AWS
+Inside this directory execute
+`terraform plan -var-file="tests/aws-testing.tfvars" -compact-warnings`
+
 ## Authors
 Module is maintained by [CloudStruct](https://github.com/cloudstruct) with help from [these awesome contributors](https://github.com/cloudstruct/terraform-cloud-cardano-staking-pool/graphs/contributors).
 
diff --git a/datasources.aws.tf b/datasources.aws.tf
new file mode 100644
index 0000000..fa6af1b
--- /dev/null
+++ b/datasources.aws.tf
@@ -0,0 +1,36 @@
+locals {
+  create_s3_bootstrap_policy = !var.code_package_public && var.cloud_provider == "aws" && length(var.bootstrap_objectstorage_bucket_name) != 0
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  count = var.cloud_provider == "aws" ? 1 : 0
+
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+# Policy allowing fetching code package from S3
+data "aws_iam_policy_document" "s3_bootstrap" {
+  count = local.create_s3_bootstrap_policy ? 1 : 0
+
+  statement {
+    actions = [
+      "s3:GetObject",
+    ]
+
+    resources = [
+      "${data.aws_s3_bucket.bootstrap[0].arn}/*",
+    ]
+  }
+}
+
+data "aws_s3_bucket" "bootstrap" {
+  count  = local.create_s3_bootstrap_policy ? 1 : 0
+  bucket = var.bootstrap_objectstorage_bucket_name
+}
diff --git a/main.tf b/ssh-keypairs.aws.tf
similarity index 66%
rename from main.tf
rename to ssh-keypairs.aws.tf
index 6fa168f..045ef9b 100644
--- a/main.tf
+++ b/ssh-keypairs.aws.tf
@@ -1,20 +1,18 @@
 locals {
-
   create_new_ssh_key = var.create_ssh_keypair && (length(var.ssh_public_key) > 0)
-
 }
 
 # Generate SSH keypair
 resource "tls_private_key" "generated_ssh_key_pair" {
-  count = local.create_new_ssh_key ? 1 : 0
+  count     = local.create_new_ssh_key ? 1 : 0
   algorithm = "RSA"
 }
 
 resource "aws_key_pair" "ssh" {
   count = var.create_ssh_keypair ? 1 : 0
 
-  key_name_prefix   = var.name
-  public_key = try(tls_private_key.generated_ssh_key_pair[0].public_key_openssh, var.ssh_public_key)
+  key_name_prefix = var.name
+  public_key      = try(tls_private_key.generated_ssh_key_pair[0].public_key_openssh, var.ssh_public_key)
 
   tags = merge(
     { "Name" = var.name },
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..dce06de
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,6 @@
+# Testing
+This directory will contain tfvars used for testing as well as simple terraform code to create any required objects for tests to pass.
+There may be exceptions to this where cost comes into play.
+
+## Build AWS Testing Objects
+In this directory execute `terraform plan -var-file="aws-testing.tfvars"`
diff --git a/tests/aws-testing.tfvars b/tests/aws-testing.tfvars
new file mode 100644
index 0000000..bf141f7
--- /dev/null
+++ b/tests/aws-testing.tfvars
@@ -0,0 +1,2 @@
+aws_tests                          = true
+bootstrap_objectstorage_bucket_name = "test-cs-tf-userdata-launcher-bootstrap"
diff --git a/tests/aws-tests.tf b/tests/aws-tests.tf
new file mode 100644
index 0000000..3958f6b
--- /dev/null
+++ b/tests/aws-tests.tf
@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "bootstrap" {
+  count = var.aws_tests ? 1 : 0
+
+  bucket = var.bootstrap_objectstorage_bucket_name
+
+  tags = {
+    Name        = var.bootstrap_objectstorage_bucket_name
+    Environment = "Testing"
+    Repo        = "terraform-cloud-userdata-launcher"
+  }
+}
+
+resource "aws_s3_bucket_acl" "bootstrap" {
+  count = var.aws_tests ? 1 : 0
+
+  bucket = aws_s3_bucket.bootstrap[0].id
+  acl    = "private"
+}
diff --git a/tests/variables.tf b/tests/variables.tf
new file mode 100644
index 0000000..78232c6
--- /dev/null
+++ b/tests/variables.tf
@@ -0,0 +1,2 @@
+variable "aws_tests" {}
+variable "bootstrap_objectstorage_bucket_name" {}
diff --git a/tests/versions.tf b/tests/versions.tf
new file mode 100644
index 0000000..5a9fd0f
--- /dev/null
+++ b/tests/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.13.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.63"
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
index fa58da8..aee803d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -9,7 +9,7 @@ variable "cloud_provider" {
   type        = string
   default     = "aws"
   validation {
-    condition = contains(["aws"], var.cloud_provider)
+    condition     = contains(["aws"], var.cloud_provider)
     error_message = "Allowed values for input_parameter are \"aws\"."
   }
 }
@@ -25,7 +25,7 @@ variable "ssh_public_key" {
   type        = string
   default     = ""
   validation {
-    condition = length(var.ssh_public_key) == 0 || can(regex("(AAAAB3NzaC1yc2EA|AAAAC3NzaC1lZDI1NTE5)", var.ssh_public_key))
+    condition     = length(var.ssh_public_key) == 0 || can(regex("(AAAAB3NzaC1yc2EA|AAAAC3NzaC1lZDI1NTE5)", var.ssh_public_key))
     error_message = "An invalid SSH key has been specified in \"var.ssh_public_key\".  Please check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for instructions."
   }
 }
@@ -51,7 +51,7 @@ variable "key_pair_tags" {
 variable "cloudinit_packages" {
   description = "A list of packages required by cloud-init to perform the software launch."
   type        = list(string)
-  default     = [
+  default = [
     "awscli",
     "jq",
     "unzip",
@@ -60,3 +60,19 @@ variable "cloudinit_packages" {
     "python3-docker",
   ]
 }
+
+variable "code_package_public" {
+  description = "A boolean value which determines if the downloaded code package is a public URL or a private object storage URI requiring IAM privileges."
+  type        = bool
+  default     = true
+}
+
+variable "bootstrap_objectstorage_bucket_name" {
+  description = "The name of the object storage bucket which contains the code package to execute on the node."
+  type        = string
+  default     = ""
+  validation {
+    condition     = length(var.bootstrap_objectstorage_bucket_name) == 0 || (length(var.bootstrap_objectstorage_bucket_name) > 2 && length(var.bootstrap_objectstorage_bucket_name) < 64 && lower(var.bootstrap_objectstorage_bucket_name) == var.bootstrap_objectstorage_bucket_name)
+    error_message = "Variable \"bootstrap_objectstorage_bucket_name\" does not meet AWS S3 Bucket naming rules.  Please check https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}

From 62dda8c4f3ee5077286dd455d0c6c17d3b280d6c Mon Sep 17 00:00:00 2001
From: Jason Witkowski <jwitko1@gmail.com>
Date: Wed, 23 Mar 2022 09:51:17 -0400
Subject: [PATCH 2/2] Add comments to clarify resource conditionals, reformat
 aws-testing.tfvars

---
 ssh-keypairs.aws.tf      | 8 +++++---
 tests/aws-testing.tfvars | 3 ++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ssh-keypairs.aws.tf b/ssh-keypairs.aws.tf
index 045ef9b..c699368 100644
--- a/ssh-keypairs.aws.tf
+++ b/ssh-keypairs.aws.tf
@@ -1,15 +1,17 @@
 locals {
-  create_new_ssh_key = var.create_ssh_keypair && (length(var.ssh_public_key) > 0)
+  create_new_ssh_key  = var.create_ssh_keypair && (length(var.ssh_public_key) == 0)
+  create_aws_key_pair = (var.create_ssh_keypair && (length(var.ssh_public_key) > 0)) || local.create_new_ssh_key
 }
 
-# Generate SSH keypair
+# Generate RSA Key if create_ssh_keypair=true and No public key specified
 resource "tls_private_key" "generated_ssh_key_pair" {
   count     = local.create_new_ssh_key ? 1 : 0
   algorithm = "RSA"
 }
 
+# Create AWS Key Pair if create_ssh_keypair=true and No public key specified or create_ssh_keypair=true and key specified.
 resource "aws_key_pair" "ssh" {
-  count = var.create_ssh_keypair ? 1 : 0
+  count = local.create_aws_key_pair ? 1 : 0
 
   key_name_prefix = var.name
   public_key      = try(tls_private_key.generated_ssh_key_pair[0].public_key_openssh, var.ssh_public_key)
diff --git a/tests/aws-testing.tfvars b/tests/aws-testing.tfvars
index bf141f7..3b50a1f 100644
--- a/tests/aws-testing.tfvars
+++ b/tests/aws-testing.tfvars
@@ -1,2 +1,3 @@
-aws_tests                          = true
+aws_tests = true
+
 bootstrap_objectstorage_bucket_name = "test-cs-tf-userdata-launcher-bootstrap"