Tests and semaphoreci integration

.semaphore/semaphore.yml

@@ -8,18 +8,15 @@ agent:
 blocks:
   - name: "Tests"
     task:
-#      secrets:
-#        - name: TERRAFORM_GITHUB_CREDENTIALS
-#        - name: TERRAFORM_AWS_TESTACCOUNT_CREDENTIALS
+      secrets:
+        - name: TERRAFORM_AWS_TESTACCOUNT_CREDENTIALS
       prologue:
         commands:
           - checkout --use-cache
       jobs:
         - name: "Pre Commit Hooks"
           commands:
             - make docker/pre-commit-hooks
-
-# There are no unit tests inside this repository since it acts as a code convention example only
-#        - name: "Unit Tests"
-#          commands:
-#            - make docker/unit-tests
+        - name: "Unit Tests"
+          commands:
+            - make docker/unit-tests

Makefile

@@ -1,17 +1,22 @@
+# Set default shell to bash
 SHELL := /bin/bash
 
 MOUNT_TARGET_DIRECTORY  = /app/src
 BUILD_TOOLS_DOCKER_REPO = mineiros/build-tools
 
 # Set default value for environment variable if there aren't set already
 ifndef BUILD_TOOLS_VERSION
-	BUILD_TOOLS_VERSION := latest
+	BUILD_TOOLS_VERSION := e6b56c1
 endif
 
 ifndef BUILD_TOOLS_DOCKER_IMAGE
 	BUILD_TOOLS_DOCKER_IMAGE := ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION}
 endif
 
+ifndef DOCKER_SOCKET
+	DOCKER_SOCKET := /var/run/docker.sock
+endif
+
 GREEN  := $(shell tput -Txterm setaf 2)
 YELLOW := $(shell tput -Txterm setaf 3)
 WHITE  := $(shell tput -Txterm setaf 7)
@@ -42,13 +47,14 @@ docker/pre-commit-hooks:
 		sh -c "pre-commit run -a"
 
 ## Mounts the working directory inside a new container and runs the Go tests. Requires $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY to be set
-# docker/unit-tests:
-# 	@echo "${GREEN}Start running the unit tests with docker${RESET}"
-# 	@docker run --rm \
-# 		-e AWS_ACCESS_KEY_ID \
-# 		-e AWS_SECRET_ACCESS_KEY \
-# 		-v ${PWD}:${MOUNT_TARGET_DIRECTORY} \
-# 		${BUILD_TOOLS_DOCKER_IMAGE} \
-# 		go test -v -timeout 45m -parallel 128 test/terraform_aws_s3_bucket_test.go
-
-.PHONY: help docker/pre-commit-hooks docker/run-tests
+docker/unit-tests:
+	@echo "${GREEN}Start running the unit tests with docker${RESET}"
+	@docker run --rm \
+		-e AWS_ACCESS_KEY_ID \
+		-e AWS_SECRET_ACCESS_KEY \
+		-v ${DOCKER_SOCKET}:/var/run/docker.sock \
+		-v ${PWD}:${MOUNT_TARGET_DIRECTORY} \
+		${BUILD_TOOLS_DOCKER_IMAGE} \
+		go test -v -count 1 -timeout 45m -parallel 128 test/ecr_repository_test.go
+
+.PHONY: help docker/pre-commit-hooks docker/unit-tests

README.md

@@ -7,8 +7,8 @@
 [![License](https://img.shields.io/badge/License-Apache%202.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0)
 
 # terraform-aws-ecr
-A [Terraform](https://www.terraform.io) 0.12 base module for
-[creating a service](https://aws.amazon.com/service/) on
+A [Terraform](https://www.terraform.io) 0.12 base module for creating an
+[Amazon Elastic Container Registry Repository (ECR)](https://aws.amazon.com/ecr/) on
 [Amazon Web Services (AWS)](https://aws.amazon.com/).
 
 - [Module Features](#module-features)

examples/ecr/main.tf

@@ -1,20 +1,84 @@
 # ---------------------------------------------------------------------------------------------------------------------
-# Create an ECR repository and grant cross account pull and push to random accounts
+# CREATE AN ECR REPOSITORY
+# This example creates an ECR repository and grants a newly created IAM User pull and push permissions for the repo.
 # ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+# PROVIDER CONFIGURATION
+# ---------------------------------------------------------------------------------------------------------------------
+
 provider "aws" {
   version = "~> 2.45"
-  region  = "us-east-1"
+  region  = var.aws_region
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# IAM ACCESS MANAGEMENT
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "aws_iam_user" "docker" {
+  name = var.iam_user_name
+}
+
+resource "aws_iam_access_key" "docker" {
+  user = aws_iam_user.docker.name
+}
+
+resource "aws_iam_user_policy" "docker" {
+  user   = aws_iam_user.docker.name
+  policy = data.aws_iam_policy_document.ecr.json
+}
+
+data "aws_iam_policy_document" "ecr" {
+  statement {
+    sid     = "ECRGetAuthorizationToken"
+    effect  = "Allow"
+    actions = ["ecr:GetAuthorizationToken"]
+
+    resources = ["*"]
+  }
 }
 
-data "aws_caller_identity" "current" {}
+# ---------------------------------------------------------------------------------------------------------------------
+# ECR REPOSITORY
+# ---------------------------------------------------------------------------------------------------------------------
 
 module "repository" {
   source = "../.."
 
-  name = "repository"
+  name = var.name
+
+  immutable = var.immutable
+
+  push_identities = [aws_iam_user.docker.arn]
+  pull_identities = [aws_iam_user.docker.arn]
 
-  immutable = true
+  lifecycle_policy_rules = [
+    {
+      rulePriority : 1,
+      description : "Expire untagged images older than 90 days",
+      selection : {
+        tagStatus : "untagged",
+        countType : "sinceImagePushed",
+        countUnit : "days",
+        countNumber : 90
+      },
+      action : {
+        type : "expire"
+      }
+    },
+    {
+      rulePriority : 2,
+      description : "Only keep the most recent 20 images",
+      selection : {
+        tagStatus : "any",
+        countType : "imageCountMoreThan",
+        countNumber : 20
+      },
+      action : {
+        type : "expire"
+      }
+    }
+  ]
 
-  push_identities = [data.aws_caller_identity.current.arn]
-  pull_identities = [data.aws_caller_identity.current.arn]
 }

examples/ecr/outputs.tf

@@ -1,3 +1,31 @@
 output "repository" {
-  value = module.repository
+  description = "All outputs of the repository."
+  value       = module.repository
+}
+
+output "registry_id" {
+  description = "The registry ID where the repository was created."
+  value       = module.repository.repository.registry_id
+}
+
+output "repository_arn" {
+  description = "The ARN of the repository."
+  value       = module.repository.repository.arn
+}
+
+output "repository_url" {
+  description = "The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName)."
+  value       = module.repository.repository.repository_url
+}
+
+output "aws_iam_access_key_id" {
+  description = "The acccess key id."
+  value       = aws_iam_access_key.docker.id
+  sensitive   = true
+}
+
+output "aws_iam_access_key_secret" {
+  description = "The acccess key secret."
+  value       = aws_iam_access_key.docker.secret
+  sensitive   = true
 }

examples/ecr/variables.tf

@@ -0,0 +1,41 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ENVIRONMENT PARAMETERS
+# Define these secrets as environment variables
+# ---------------------------------------------------------------------------------------------------------------------
+
+# AWS_ACCESS_KEY_ID
+# AWS_SECRET_ACCESS_KEY
+
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED PARAMETERS
+# These variables must be set when using this module.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL PARAMTERS
+# These variables have defaults, but may be overridden.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "aws_region" {
+  description = "The AWS region to deploy the example in."
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "iam_user_name" {
+  description = "The name of the IAM User."
+  type        = string
+  default     = "docker"
+}
+
+variable "name" {
+  description = "The name of the ECR repository."
+  type        = string
+  default     = "example"
+}
+
+variable "immutable" {
+  description = "(Optional) You can configure a repository to be immutable to prevent image tags from being overwritten. Defaults to true"
+  type        = bool
+  default     = true
+}

go.mod

@@ -2,4 +2,8 @@ module github.com/mineiros-io/terraform-module-template/v2
 
 go 1.13
 
-require github.com/gruntwork-io/terratest v0.23.4
+require (
+	github.com/aws/aws-sdk-go v1.27.1
+	github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7
+	github.com/gruntwork-io/terratest v0.26.0
+)