From 9e087a8b649a36bd234110eb12f108d9ceb11c34 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com> Date: Wed, 3 Dec 2025 07:53:04 -0500 Subject: [PATCH 1/2] chore(aws): Update deprecations and block tests on warn Several deprecation warnings emerged that had not been fixed. All terraform warnings now also cause test failures. Signed-off-by: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com> --- Taskfile.yaml | 19 +++++++++++++++++-- terraform/cluster/aws-eks/additions/main.tf | 2 +- .../cluster/aws-eks/additions/test.tftest.hcl | 3 ++- terraform/cluster/aws-eks/main.tf | 4 ++-- terraform/cluster/aws-eks/test.tftest.hcl | 4 ++-- terraform/network/aws-vpc/main.tf | 4 ++-- 6 files changed, 26 insertions(+), 10 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 7c6df7d5d..d10baf78d 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -23,8 +23,16 @@ tasks: cd "$testdir" && \ echo "Running tests in $testdir..." && \ terraform init -input=false -reconfigure && \ - terraform test || \ - echo "FAILED: $testfile" >> "$TEMP_DIR/failures" + OUTPUT=$(terraform test -no-color 2>&1) + TEST_EXIT=$? + echo "$OUTPUT" + if [ $TEST_EXIT -ne 0 ]; then + echo "FAILED: $testfile" >> "$TEMP_DIR/failures" + fi + # Check for warnings (case-insensitive) + if echo "$OUTPUT" | grep -qi "Warning:"; then + echo "WARNINGS: $testfile" >> "$TEMP_DIR/warnings" + fi ) & done # Wait for all background jobs to complete @@ -36,6 +44,13 @@ tasks: rm -rf "$TEMP_DIR" exit 1 fi + # Check if any warnings were found + if [ -f "$TEMP_DIR/warnings" ]; then + echo "Tests completed with warnings:" + cat "$TEMP_DIR/warnings" + rm -rf "$TEMP_DIR" + exit 1 + fi rm -rf "$TEMP_DIR" else echo "Module path '$MODULE' does not exist." diff --git a/terraform/cluster/aws-eks/additions/main.tf b/terraform/cluster/aws-eks/additions/main.tf index 38598b58d..60b57af3a 100644 --- a/terraform/cluster/aws-eks/additions/main.tf +++ b/terraform/cluster/aws-eks/additions/main.tf @@ -65,7 +65,7 @@ resource "kubernetes_config_map" "external_dns" { } data = { - aws_region = var.route53_region != null ? var.route53_region : data.aws_region.current.name + aws_region = var.route53_region != null ? var.route53_region : data.aws_region.current.region txt_owner_id = local.cluster_name } } diff --git a/terraform/cluster/aws-eks/additions/test.tftest.hcl b/terraform/cluster/aws-eks/additions/test.tftest.hcl index fc1e8bcd7..74ff278da 100644 --- a/terraform/cluster/aws-eks/additions/test.tftest.hcl +++ b/terraform/cluster/aws-eks/additions/test.tftest.hcl @@ -6,7 +6,8 @@ mock_provider "aws" { } mock_data "aws_region" { defaults = { - name = "us-west-2" + name = "us-west-2" + region = "us-west-2" } } mock_data "aws_eks_cluster" { diff --git a/terraform/cluster/aws-eks/main.tf b/terraform/cluster/aws-eks/main.tf index ad324ec2a..f58776002 100644 --- a/terraform/cluster/aws-eks/main.tf +++ b/terraform/cluster/aws-eks/main.tf @@ -181,7 +181,7 @@ resource "aws_kms_key" "eks_encryption_key" { Sid = "Allow CloudWatch Logs to use the key", Effect = "Allow", Principal = { - Service = "logs.${data.aws_region.current.name}.amazonaws.com" + Service = "logs.${data.aws_region.current.region}.amazonaws.com" }, Action = [ "kms:Encrypt", @@ -746,7 +746,7 @@ resource "local_sensitive_file" "kubeconfig" { cluster_name = aws_eks_cluster.main.name cluster_endpoint = aws_eks_cluster.main.endpoint cluster_ca = aws_eks_cluster.main.certificate_authority[0].data - region = data.aws_region.current.name + region = data.aws_region.current.region }) filename = local.kubeconfig_path file_permission = "0600" diff --git a/terraform/cluster/aws-eks/test.tftest.hcl b/terraform/cluster/aws-eks/test.tftest.hcl index 4c9f2f7e8..f21d9d2f3 100644 --- a/terraform/cluster/aws-eks/test.tftest.hcl +++ b/terraform/cluster/aws-eks/test.tftest.hcl @@ -26,7 +26,7 @@ run "minimal_configuration" { variables { context_id = "test" - name = "windsor-eks" + cluster_name = "windsor-eks" kubernetes_version = "1.32" } @@ -81,7 +81,7 @@ run "minimal_configuration_cloudwatch_logs_disabled" { variables { context_id = "test" - name = "windsor-eks" + cluster_name = "windsor-eks" kubernetes_version = "1.32" enable_cloudwatch_logs = false } diff --git a/terraform/network/aws-vpc/main.tf b/terraform/network/aws-vpc/main.tf index 14fb10a72..9e8bdafe4 100644 --- a/terraform/network/aws-vpc/main.tf +++ b/terraform/network/aws-vpc/main.tf @@ -132,7 +132,7 @@ resource "aws_kms_key" "vpc_flow_logs" { Sid = "Allow CloudWatch Logs to use the key", Effect = "Allow", Principal = { - Service = "logs.${data.aws_region.current.name}.amazonaws.com" + Service = "logs.${data.aws_region.current.region}.amazonaws.com" }, Action = [ "kms:Encrypt", @@ -193,7 +193,7 @@ resource "aws_iam_role_policy" "vpc_flow_logs" { "logs:DescribeLogStreams" ] Resource = [ - "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/vpc/flow-logs/${local.name}-*" + "arn:aws:logs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/vpc/flow-logs/${local.name}-*" ] } ] From cf04032967e19d33f689079f497de684a50c6486 Mon Sep 17 00:00:00 2001 From: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com> Date: Fri, 5 Dec 2025 16:01:05 -0500 Subject: [PATCH 2/2] Fix test Signed-off-by: Ryan VanGundy <85766511+rmvangun@users.noreply.github.com> --- terraform/cluster/aws-eks/test.tftest.hcl | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/cluster/aws-eks/test.tftest.hcl b/terraform/cluster/aws-eks/test.tftest.hcl index f21d9d2f3..ed57f27fb 100644 --- a/terraform/cluster/aws-eks/test.tftest.hcl +++ b/terraform/cluster/aws-eks/test.tftest.hcl @@ -26,7 +26,6 @@ run "minimal_configuration" { variables { context_id = "test" - cluster_name = "windsor-eks" kubernetes_version = "1.32" }