Add s3 datasources for bootstrap bucket. Add testing patterns.

README.md

@@ -19,6 +19,11 @@ Report issues/questions/feature requests on in the [issues](https://github.com/c
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
 
+## Testing
+### AWS
+Inside this directory execute
+`terraform plan -var-file="tests/aws-testing.tfvars" -compact-warnings`
+
 ## Authors
 Module is maintained by [CloudStruct](https://github.com/cloudstruct) with help from [these awesome contributors](https://github.com/cloudstruct/terraform-cloud-cardano-staking-pool/graphs/contributors).
 

datasources.aws.tf

@@ -0,0 +1,36 @@
+locals {
+  create_s3_bootstrap_policy = !var.code_package_public && var.cloud_provider == "aws" && length(var.bootstrap_objectstorage_bucket_name) != 0
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  count = var.cloud_provider == "aws" ? 1 : 0
+
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+# Policy allowing fetching code package from S3
+data "aws_iam_policy_document" "s3_bootstrap" {
+  count = local.create_s3_bootstrap_policy ? 1 : 0
+
+  statement {
+    actions = [
+      "s3:GetObject",
+    ]
+
+    resources = [
+      "${data.aws_s3_bucket.bootstrap[0].arn}/*",
+    ]
+  }
+}
+
+data "aws_s3_bucket" "bootstrap" {
+  count  = local.create_s3_bootstrap_policy ? 1 : 0
+  bucket = var.bootstrap_objectstorage_bucket_name
+}

ssh-keypairs.aws.tf

@@ -0,0 +1,24 @@
+locals {
+  create_new_ssh_key  = var.create_ssh_keypair && (length(var.ssh_public_key) == 0)
+  create_aws_key_pair = (var.create_ssh_keypair && (length(var.ssh_public_key) > 0)) || local.create_new_ssh_key
+}
+
+# Generate RSA Key if create_ssh_keypair=true and No public key specified
+resource "tls_private_key" "generated_ssh_key_pair" {
+  count     = local.create_new_ssh_key ? 1 : 0
+  algorithm = "RSA"
+}
+
+# Create AWS Key Pair if create_ssh_keypair=true and No public key specified or create_ssh_keypair=true and key specified.
+resource "aws_key_pair" "ssh" {
+  count = local.create_aws_key_pair ? 1 : 0
+
+  key_name_prefix = var.name
+  public_key      = try(tls_private_key.generated_ssh_key_pair[0].public_key_openssh, var.ssh_public_key)
+
+  tags = merge(
+    { "Name" = var.name },
+    var.tags,
+    var.key_pair_tags,
+  )
+}

tests/README.md

@@ -0,0 +1,6 @@
+# Testing
+This directory will contain tfvars used for testing as well as simple terraform code to create any required objects for tests to pass.
+There may be exceptions to this where cost comes into play.
+
+## Build AWS Testing Objects
+In this directory execute `terraform plan -var-file="aws-testing.tfvars"`

tests/aws-testing.tfvars

@@ -0,0 +1,3 @@
+aws_tests = true
+
+bootstrap_objectstorage_bucket_name = "test-cs-tf-userdata-launcher-bootstrap"

tests/aws-tests.tf

@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "bootstrap" {
+  count = var.aws_tests ? 1 : 0
+
+  bucket = var.bootstrap_objectstorage_bucket_name
+
+  tags = {
+    Name        = var.bootstrap_objectstorage_bucket_name
+    Environment = "Testing"
+    Repo        = "terraform-cloud-userdata-launcher"
+  }
+}
+
+resource "aws_s3_bucket_acl" "bootstrap" {
+  count = var.aws_tests ? 1 : 0
+
+  bucket = aws_s3_bucket.bootstrap[0].id
+  acl    = "private"
+}

tests/variables.tf

@@ -0,0 +1,2 @@
+variable "aws_tests" {}
+variable "bootstrap_objectstorage_bucket_name" {}

tests/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.13.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.63"
+    }
+  }
+}

variables.tf

@@ -9,7 +9,7 @@ variable "cloud_provider" {
   type        = string
   default     = "aws"
   validation {
-    condition = contains(["aws"], var.cloud_provider)
+    condition     = contains(["aws"], var.cloud_provider)
     error_message = "Allowed values for input_parameter are \"aws\"."
   }
 }
@@ -25,7 +25,7 @@ variable "ssh_public_key" {
   type        = string
   default     = ""
   validation {
-    condition = length(var.ssh_public_key) == 0 || can(regex("(AAAAB3NzaC1yc2EA|AAAAC3NzaC1lZDI1NTE5)", var.ssh_public_key))
+    condition     = length(var.ssh_public_key) == 0 || can(regex("(AAAAB3NzaC1yc2EA|AAAAC3NzaC1lZDI1NTE5)", var.ssh_public_key))
     error_message = "An invalid SSH key has been specified in \"var.ssh_public_key\".  Please check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for instructions."
   }
 }
@@ -51,7 +51,7 @@ variable "key_pair_tags" {
 variable "cloudinit_packages" {
   description = "A list of packages required by cloud-init to perform the software launch."
   type        = list(string)
-  default     = [
+  default = [
     "awscli",
     "jq",
     "unzip",
@@ -60,3 +60,19 @@ variable "cloudinit_packages" {
     "python3-docker",
   ]
 }
+
+variable "code_package_public" {
+  description = "A boolean value which determines if the downloaded code package is a public URL or a private object storage URI requiring IAM privileges."
+  type        = bool
+  default     = true
+}
+
+variable "bootstrap_objectstorage_bucket_name" {
+  description = "The name of the object storage bucket which contains the code package to execute on the node."
+  type        = string
+  default     = ""
+  validation {
+    condition     = length(var.bootstrap_objectstorage_bucket_name) == 0 || (length(var.bootstrap_objectstorage_bucket_name) > 2 && length(var.bootstrap_objectstorage_bucket_name) < 64 && lower(var.bootstrap_objectstorage_bucket_name) == var.bootstrap_objectstorage_bucket_name)
+    error_message = "Variable \"bootstrap_objectstorage_bucket_name\" does not meet AWS S3 Bucket naming rules.  Please check https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}