Skip to content

Commit

Permalink
skip: update autotest for network, qldb, sagemaker
Browse files Browse the repository at this point in the history
  • Loading branch information
anna-shcherbak committed May 31, 2024
1 parent e419a0f commit c8283ec
Show file tree
Hide file tree
Showing 9 changed files with 41 additions and 48 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/tf_testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ env:
CORE_TESTING_FOLDER: ${{ github.workspace }}
OUTPUT_DIR: ${{ github.workspace }}/auto_policy_testing/output
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
resource_priority_list: 'kafka'
resource_priority_list: 'network,qldb,sagemaker'
RED: '\033[0;31m'

jobs:
Expand Down
13 changes: 11 additions & 2 deletions auto_policy_testing/green/network/network.tf
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@
resource "aws_network_acl" "this" {
vpc_id = data.terraform_remote_state.common.outputs.vpc_id
subnet_ids = [data.terraform_remote_state.common.outputs.vpc_subnet_1_id]
vpc_id = data.terraform_remote_state.common.outputs.vpc_id
subnet_ids = [data.terraform_remote_state.common.outputs.vpc_subnet_1_id]
tags = {
Name = "${module.naming.resource_prefix.nacl}"
}
}

resource "aws_eip" "this" {
instance = aws_instance.this.id
tags = {
Name = "${module.naming.resource_prefix.eip}"
}
}

resource "aws_instance" "this" {
ami = data.aws_ami.this.id
instance_type = "t2.micro"
tags = {
Name = "${module.naming.resource_prefix.ec2_instance}"
}
}
17 changes: 15 additions & 2 deletions auto_policy_testing/green/qldb/qldb.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
resource "aws_qldb_ledger" "this" {
name = "${module.naming.resource_prefix.qldb}"
name = module.naming.resource_prefix.qldb
permissions_mode = "STANDARD"
# deletion_protection = true
deletion_protection = true
}

resource "null_resource" "this" {
triggers = {
qldb = aws_qldb_ledger.this.id
}

provisioner "local-exec" {
when = destroy
command = "aws qldb update-ledger --name ${self.triggers.qldb} --no-deletion-protection"
}

depends_on = [aws_qldb_ledger.this]
}
20 changes: 1 addition & 19 deletions auto_policy_testing/green/sagemaker/sagemaker.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ resource "aws_sagemaker_model" "this" {
}

resource "aws_iam_role" "this" {
name = "${module.naming.resource_prefix.sagemaker_notebook}"
assume_role_policy = data.aws_iam_policy_document.this.json
}

Expand All @@ -35,25 +36,6 @@ resource "aws_sagemaker_notebook_instance" "this" {
root_access = "Disabled"
}

resource "aws_iam_role" "this2" {
name = "${module.naming.resource_prefix.sagemaker_notebook}"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}

resource "aws_security_group" "this" {
name = "${module.naming.resource_prefix.sagemaker_notebook}"
vpc_id = data.terraform_remote_state.common.outputs.vpc_id
Expand Down
8 changes: 6 additions & 2 deletions auto_policy_testing/red/network/network.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
resource "aws_network_acl" "this" {
vpc_id = data.terraform_remote_state.common.outputs.vpc_id
provider = aws.provider2
vpc_id = data.terraform_remote_state.common.outputs.vpc_id
}

resource "aws_eip" "this" { }
resource "aws_eip" "this" {
tags = {
Name = "${module.naming.resource_prefix.eip}"
}
}

2 changes: 1 addition & 1 deletion auto_policy_testing/red/qldb/qldb.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
resource "aws_qldb_ledger" "this" {
provider = aws.provider2
name = "${module.naming.resource_prefix.qldb}"
permissions_mode = "ALLOW_ALL"
deletion_protection = false
provider = aws.provider2
}
23 changes: 3 additions & 20 deletions auto_policy_testing/red/sagemaker/sagemaker.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,33 +20,16 @@ resource "aws_sagemaker_model" "this" {
}

resource "aws_iam_role" "this" {
name = "${module.naming.resource_prefix.sagemaker_notebook}"
assume_role_policy = data.aws_iam_policy_document.this.json
}

resource "aws_sagemaker_notebook_instance" "this" {
provider = aws.provider2
name = "${module.naming.resource_prefix.sagemaker_notebook}"
role_arn = aws_iam_role.this.arn
instance_type = "ml.t2.medium"
direct_internet_access = "Enabled"
root_access = "Enabled"
provider = aws.provider2
}

resource "aws_iam_role" "this2" {
name = "${module.naming.resource_prefix.sagemaker_notebook}"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF

}
2 changes: 1 addition & 1 deletion auto_policy_testing/scripts/aws_map_report_fields.json
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
"network-acl": ["NetworkAclId"],
"network-addr": ["AllocationId"],
"peering-connection": ["VpcPeeringConnectionId"],
"qldb": ["EnvironmentArn"],
"qldb": ["Arn"],
"r53domain": ["DomainName"],
"rds": ["DBInstanceArn"],
"rds-cluster": ["DBClusterArn"],
Expand Down
2 changes: 2 additions & 0 deletions auto_policy_testing/shared_tf_modules/naming/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ output "resource_prefix" {
ebs_snapshot = "${local.suffix}_${var.resource_type}_snap_${local.compliance_status}"
security_group = "${local.suffix}_${var.resource_type}_sg_${local.compliance_status}"
vpc = "${local.suffix}_${var.resource_type}_vpc_${local.compliance_status}"
nacl = "${local.suffix}_${var.resource_type}-nacl-${local.compliance_status}"
eip = "${local.suffix}_${var.resource_type}-eip-${local.compliance_status}"
ecr_repository = "${local.suffix}_${var.resource_type}_repo_${local.compliance_status}"
lambda_function = "${local.suffix}_${var.resource_type}_fun_${local.compliance_status}"
iam_role = "${local.suffix}_${var.resource_type}_role_${local.compliance_status}"
Expand Down

0 comments on commit c8283ec

Please sign in to comment.