PaloAltoNetworks · sebastianczech · Jul 4, 2023 · Jun 26, 2023 · Jun 26, 2023 · Jun 26, 2023
diff --git a/.github/actions/plan_apply/action.yml b/.github/actions/plan_apply/action.yml
@@ -0,0 +1,87 @@
+name: 'TF plan/apply'
+description: 'Runs Terraform plan and/or apply for a specified path.'
+inputs:
+  tf_version:
+    description: 'TF version used.'
+    required: true
+  path:
+    description: 'Path to Terraform module.'
+    required: true
+  do_apply:
+    description: When set to true runs also apply
+    type: boolean
+    default: false
+  idempotence:
+    description: When set to true runs plan to on already applied configuration
+    type: boolean
+    default: true
+
+runs:
+  using: "composite"
+  steps:
+
+    - name: setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: ${{ inputs.tf_version }}
+         # below settings is required for Terratest (details are in https://github.com/gruntwork-io/terratest/issues/706)
+        terraform_wrapper: false
+
+    - name: set UUID and provider values value
+      id: uuid
+      shell: bash
+      env:
+        TPATH: ${{ inputs.path }}
+      run: |
+        echo "uuid=$(uuidgen | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+
+    - name: configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.ASSUME_ROLE }}
+        role-session-name: gh-action-role-session
+        aws-region: ${{ env.AWS_REGION }}
+      # TODO: it's temporary solution until in repository settings -> secrets and variables -> variables
+      # there will be defined new repository variable AWS_REGION
+      env:
+        AWS_REGION : "us-east-1"
+
+    - name: plan infrastructure
+      id: plan
+      if: inputs.do_apply == 'false'
+      env:
+        TPATH: ${{ inputs.path }}
+        UUID: ${{ steps.uuid.outputs.uuid }}
+      shell: bash
+      run: |
+        echo "::group::TERRAFORM PLAN"
+        cd "$GITHUB_WORKSPACE/$TPATH"
+        DO_APPLY=0 make test
+        echo "::endgroup::"
+
+    - name: create infrastructure
+      id: apply
+      if: inputs.do_apply == 'true'
+      env:
+        TPATH: ${{ inputs.path }}
+        UUID: ${{ steps.uuid.outputs.uuid }}
+      shell: bash
+      run: |
+        echo "::group::TERRAFORM APPLY"
+        cd "$GITHUB_WORKSPACE/$TPATH"
+        DO_APPLY=1 make test
+        echo "::endgroup::"
+
+    - name: run destroy
+      id: destroy
+      if: always() && inputs.do_apply == 'true'
+      env:
+        TPATH: ${{ inputs.path }}
+        UUID: ${{ steps.uuid.outputs.uuid }}
+        IDEMPOTENCE: ${{ inputs.idempotence }}
+      shell: bash
+      run: |
+        cd "$GITHUB_WORKSPACE/$TPATH"
+        echo "::group::TERRAFORM DESTROY"
+        make destroy
+        echo "::endgroup::"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/oidc.yml b/.github/workflows/oidc.yml
diff --git a/.github/workflows/pr_ci.yml b/.github/workflows/pr_ci.yml
@@ -0,0 +1,29 @@
+name: PR CI
+run-name: "CI pipeline for PR - (#${{ github.event.number }}) ${{ github.event.pull_request.title }}"
+
+permissions:
+  contents: read
+  actions: read
+  id-token: write
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches: ['main']
+
+jobs:
+  pr_ci_wrkflw:
+    name: Run CI
+    uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
+    if: github.actor != 'dependabot[bot]'
+    secrets: inherit
+    with:
+      cloud: aws
+      tf_version: 1.2 1.3 1.4
+      do_apply: false
+      fail_fast: false
+      apply_timeout: 120
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/release_ci.yml b/.github/workflows/release_ci.yml
@@ -0,0 +1,26 @@
+name: Release CI
+run-name: "Continous Release"
+
+permissions:
+  contents: write
+  issues: read
+  id-token: write
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 1 * * 4' # this means every Thursday @1am UTC
+
+jobs:
+  release_wrkflw:
+    name: Do release
+    uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
+    if: github.actor != 'dependabot[bot]'
+    secrets: inherit
+    with:
+      cloud: aws
+      max_parallel: 10
+      tf_version: 1.4 # Do we need on release deploy every example using Terraform in version 1.2 1.3 1.4 ?
+      do_apply: false # Temporary we don't deploy examples by setting this on `true`
+      fail_fast: false
+      apply_timeout: 120
diff --git a/examples/centralized_design/Makefile b/examples/centralized_design/Makefile
@@ -0,0 +1,25 @@
+init:
+	@../../makefile.sh init
+
+prep_vars: check_uuid
+	@if [ -d files ] && [ ! -f files/config/init-cfg.txt ]; then cp files/config/init-cfg.sample.txt files/config/init-cfg.txt; fi
+
+validate:
+	@../../makefile.sh validate
+
+test:
+	@../../makefile.sh test
+
+destroy:
+	@../../makefile.sh destroy
+
+check_uuid:
+ifndef UUID
+	$(info Missing UUID, generate one for yourself using command:)
+	$(info export UUID=$$(uuidgen | tr '[:upper:]' '[:lower:]'))
+	$(error )
+else
+RG := $(shell echo ${UUID} | cut -d '-' -f 1,5)
+PREFIX := ghci$(shell echo ${UUID} | cut -d '-' -f 2)-
+STORAGE := $(shell echo ${UUID} | cut -d '-' -f 2,3,4 | tr -d '-')
+endif
diff --git a/examples/centralized_design/main_test.go b/examples/centralized_design/main_test.go
@@ -0,0 +1,47 @@
+package centralized_design
+
+import (
+	"fmt"
+	"math/rand"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/PaloAltoNetworks/terraform-aws-vmseries-modules/go/testskeleton"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func TestExampleCentralizedDesign(t *testing.T) {
+	// prepare random prefix
+	source := rand.NewSource(time.Now().UnixNano())
+	random := rand.New(source)
+	number := random.Intn(1000)
+	namePrefix := fmt.Sprintf("terra%d-", number)
+
+	// define options for Terraform
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: ".",
+		VarFiles:     []string{"example.tfvars"},
+		Vars: map[string]interface{}{
+			"name_prefix":  namePrefix,
+			"ssh_key_name": "test-ssh-key",
+		},
+		Logger:               logger.Default,
+		Lock:                 true,
+		Upgrade:              true,
+		SetVarsAfterVarFiles: true,
+	})
+
+	// prepare list of items to check
+	assertList := []testskeleton.AssertExpression{}
+
+	// if DO_APPLY is not empty and equal 1, then Terraform apply is used, in other case only Terraform plan
+	if os.Getenv("DO_APPLY") == "1" {
+		// deploy test infrastructure and verify outputs and check if there are no planned changes after deployment
+		testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList)
+	} else {
+		// plan test infrastructure and verify outputs
+		testskeleton.PlanInfraCheckErrors(t, terraformOptions, assertList, "No errors are expected")
+	}
+}