From 3af75ea573b647fb1d7fe61b7ead2ee9afd3288a Mon Sep 17 00:00:00 2001 From: Jacob Fiola Date: Mon, 1 Jun 2026 14:17:46 -0600 Subject: [PATCH] chore: remove stubbed tests/ scaffold, keep real coverage The top-level tests/ tree was abandoned scaffolding (unit/integration/e2e/ fixtures stubs); real tests live alongside each module and example. - Relocate the only live test in the tree (shared config/sensor) to modules/_shared/config/sensor/tests/module.tftest.hcl so just test-unit actually discovers and runs it; fix its module source to ./. - Delete the remaining stub READMEs and the duplicate aws/sensor test (already covered by modules/aws/sensor/tests/). - Drop the dead CI step that zipped a dummy lambda_payload into the old tests/unit path; data.archive_file builds the real zip at test time. - Point CONTRIBUTING.md at just test / just test-unit. --- .github/workflows/terraform-test.yml | 6 - CONTRIBUTING.md | 10 +- .../config/sensor/tests/module.tftest.hcl | 8 +- tests/README.md | 3 - tests/e2e/README.md | 3 - tests/e2e/aws-deployment-lifecycle/README.md | 3 - tests/e2e/cross-cloud-fleet/README.md | 3 - tests/fixtures/README.md | 3 - tests/integration/README.md | 3 - .../aws-sensor-with-enrichment/README.md | 3 - tests/integration/azure-full-stack/README.md | 3 - tests/integration/gcp-full-stack/README.md | 3 - tests/unit/README.md | 3 - .../aws-sensor-config-generation/README.md | 3 - tests/unit/iam-policy-validation/README.md | 3 - .../unit/modules/aws/sensor/sensor.tftest.hcl | 243 ------------------ tests/unit/variable-validation/README.md | 3 - 17 files changed, 12 insertions(+), 294 deletions(-) rename tests/unit/modules/_shared/config/sensor/config.tftest.hcl => modules/_shared/config/sensor/tests/module.tftest.hcl (93%) delete mode 100644 tests/README.md delete mode 100644 tests/e2e/README.md delete mode 100644 tests/e2e/aws-deployment-lifecycle/README.md delete mode 100644 tests/e2e/cross-cloud-fleet/README.md delete mode 100644 tests/fixtures/README.md delete mode 100644 tests/integration/README.md delete mode 100644 tests/integration/aws-sensor-with-enrichment/README.md delete mode 100644 tests/integration/azure-full-stack/README.md delete mode 100644 tests/integration/gcp-full-stack/README.md delete mode 100644 tests/unit/README.md delete mode 100644 tests/unit/aws-sensor-config-generation/README.md delete mode 100644 tests/unit/iam-policy-validation/README.md delete mode 100644 tests/unit/modules/aws/sensor/sensor.tftest.hcl delete mode 100644 tests/unit/variable-validation/README.md diff --git a/.github/workflows/terraform-test.yml b/.github/workflows/terraform-test.yml index 9e3857e..f9f1a41 100644 --- a/.github/workflows/terraform-test.yml +++ b/.github/workflows/terraform-test.yml @@ -26,12 +26,6 @@ jobs: with: just-version: 1.51.0 - - name: Create dummy lambda payload for tests - run: | - mkdir -p tests/unit/modules/aws/sensor - echo "mock content" > /tmp/mock.txt - zip -q tests/unit/modules/aws/sensor/lambda_payload.zip /tmp/mock.txt - - name: Run unit tests run: just test-unit env: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e475718..71dfea3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -29,10 +29,16 @@ just lint ### Test ```bash -cd tests/unit -go test -v ./... +# Run everything (Terraform unit tests, AWS Lambda Python tests, release tests) +just test + +# Or run a single suite +just test-unit ``` +Terraform tests live in `tests/` directories alongside each module and example +(e.g. `modules/aws/sensor/tests/`); `just test-unit` discovers and runs them. + ## Module Standards - Use `lowercase-with-hyphens` for module names diff --git a/tests/unit/modules/_shared/config/sensor/config.tftest.hcl b/modules/_shared/config/sensor/tests/module.tftest.hcl similarity index 93% rename from tests/unit/modules/_shared/config/sensor/config.tftest.hcl rename to modules/_shared/config/sensor/tests/module.tftest.hcl index 9a9f7be..9423b42 100644 --- a/tests/unit/modules/_shared/config/sensor/config.tftest.hcl +++ b/modules/_shared/config/sensor/tests/module.tftest.hcl @@ -7,7 +7,7 @@ run "verify_basic_config_generation" { command = plan module { - source = "./modules/_shared/config/sensor" + source = "./." } variables { @@ -34,7 +34,7 @@ run "verify_fleet_config" { command = plan module { - source = "./modules/_shared/config/sensor" + source = "./." } variables { @@ -64,7 +64,7 @@ run "verify_gzip_option" { command = plan module { - source = "./modules/_shared/config/sensor" + source = "./." } variables { @@ -92,7 +92,7 @@ run "verify_output_exists" { command = plan module { - source = "./modules/_shared/config/sensor" + source = "./." } variables { diff --git a/tests/README.md b/tests/README.md deleted file mode 100644 index d6eac43..0000000 --- a/tests/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# tests - -Documentation coming soon. diff --git a/tests/e2e/README.md b/tests/e2e/README.md deleted file mode 100644 index 5f80df1..0000000 --- a/tests/e2e/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# e2e - -Documentation coming soon. diff --git a/tests/e2e/aws-deployment-lifecycle/README.md b/tests/e2e/aws-deployment-lifecycle/README.md deleted file mode 100644 index 6ce134e..0000000 --- a/tests/e2e/aws-deployment-lifecycle/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# aws-deployment-lifecycle - -Documentation coming soon. diff --git a/tests/e2e/cross-cloud-fleet/README.md b/tests/e2e/cross-cloud-fleet/README.md deleted file mode 100644 index 6795573..0000000 --- a/tests/e2e/cross-cloud-fleet/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# cross-cloud-fleet - -Documentation coming soon. diff --git a/tests/fixtures/README.md b/tests/fixtures/README.md deleted file mode 100644 index b606c68..0000000 --- a/tests/fixtures/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# fixtures - -Documentation coming soon. diff --git a/tests/integration/README.md b/tests/integration/README.md deleted file mode 100644 index 03fb167..0000000 --- a/tests/integration/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# integration - -Documentation coming soon. diff --git a/tests/integration/aws-sensor-with-enrichment/README.md b/tests/integration/aws-sensor-with-enrichment/README.md deleted file mode 100644 index e21e9ab..0000000 --- a/tests/integration/aws-sensor-with-enrichment/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# aws-sensor-with-enrichment - -Documentation coming soon. diff --git a/tests/integration/azure-full-stack/README.md b/tests/integration/azure-full-stack/README.md deleted file mode 100644 index d3051a7..0000000 --- a/tests/integration/azure-full-stack/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# azure-full-stack - -Documentation coming soon. diff --git a/tests/integration/gcp-full-stack/README.md b/tests/integration/gcp-full-stack/README.md deleted file mode 100644 index d3f2d8c..0000000 --- a/tests/integration/gcp-full-stack/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# gcp-full-stack - -Documentation coming soon. diff --git a/tests/unit/README.md b/tests/unit/README.md deleted file mode 100644 index 82c38e2..0000000 --- a/tests/unit/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# unit - -Documentation coming soon. diff --git a/tests/unit/aws-sensor-config-generation/README.md b/tests/unit/aws-sensor-config-generation/README.md deleted file mode 100644 index 18b0821..0000000 --- a/tests/unit/aws-sensor-config-generation/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# aws-sensor-config-generation - -Documentation coming soon. diff --git a/tests/unit/iam-policy-validation/README.md b/tests/unit/iam-policy-validation/README.md deleted file mode 100644 index aeb6cb0..0000000 --- a/tests/unit/iam-policy-validation/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# iam-policy-validation - -Documentation coming soon. diff --git a/tests/unit/modules/aws/sensor/sensor.tftest.hcl b/tests/unit/modules/aws/sensor/sensor.tftest.hcl deleted file mode 100644 index 16ddabf..0000000 --- a/tests/unit/modules/aws/sensor/sensor.tftest.hcl +++ /dev/null @@ -1,243 +0,0 @@ -# Unit tests for AWS Sensor Module -# These tests validate the module configuration without deploying real infrastructure - -mock_provider "aws" { - mock_data "aws_subnet" { - defaults = { - arn = "arn:aws:ec2:us-east-1:123456789012:subnet/subnet-mock" - availability_zone = "us-east-1a" - vpc_id = "vpc-test123456" - cidr_block = "10.0.1.0/24" - id = "subnet-mock" - } - } - - mock_data "aws_vpc" { - defaults = { - id = "vpc-test123456" - cidr_block = "10.0.0.0/16" - } - } - - mock_data "aws_iam_policy_document" { - defaults = { - json = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" - } - } -} - -mock_provider "archive" { - mock_data "archive_file" { - defaults = { - output_path = "mock_lambda.zip" - output_base64sha256 = "mock_hash" - output_size = 1024 - } - } -} -mock_provider "cloudinit" {} - -run "verify_required_variables" { - command = plan - - module { - source = "./modules/aws/sensor" - } - - variables { - vpc_id = "vpc-test123456" - monitoring_subnet_ids = ["subnet-mon123456"] - management_subnet_ids = ["subnet-mgmt123456"] - corelight_sensor_ami_id = "ami-test123456" - aws_key_pair_name = "test-keypair" - license_key = "test-license-key" - community_string = "test-community-string" - asg_lambda_iam_role_arn = "arn:aws:iam::123456789012:role/test-role" - fleet_token = "test-token" - fleet_url = "https://fleet.example.com" - fleet_server_sslname = "fleet.example.com" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.name == "corelight-sensor-asg" - error_message = "ASG name should default to 'corelight-sensor-asg'" - } - - assert { - condition = aws_launch_template.sensor_launch_template.name == "corelight-sensor-launch-template" - error_message = "Launch template name should default to 'corelight-sensor-launch-template'" - } - - assert { - condition = aws_lb.sensor_lb.name == "corelight-sensor-lb" - error_message = "Load balancer name should default to 'corelight-sensor-lb'" - } -} - -run "verify_custom_names" { - command = plan - - module { - source = "./modules/aws/sensor" - } - - variables { - vpc_id = "vpc-test123456" - monitoring_subnet_ids = ["subnet-mon123456"] - management_subnet_ids = ["subnet-mgmt123456"] - corelight_sensor_ami_id = "ami-test123456" - aws_key_pair_name = "test-keypair" - license_key = "test-license-key" - community_string = "test-community-string" - asg_lambda_iam_role_arn = "arn:aws:iam::123456789012:role/test-role" - fleet_token = "test-token" - fleet_url = "https://fleet.example.com" - fleet_server_sslname = "fleet.example.com" - sensor_asg_name = "custom-asg" - sensor_instance_name = "custom-sensor" - sensor_launch_template_name = "custom-template" - sensor_asg_load_balancer_name = "custom-lb" - lb_health_check_target_group_name = "custom-tg" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.name == "custom-asg" - error_message = "ASG name should be customizable" - } - - assert { - condition = aws_launch_template.sensor_launch_template.name == "custom-template" - error_message = "Launch template name should be customizable" - } - - assert { - condition = aws_lb.sensor_lb.name == "custom-lb" - error_message = "Load balancer name should be customizable" - } - - assert { - condition = aws_lb_target_group.health_check.name == "custom-tg" - error_message = "Target group name should be customizable" - } -} - -run "verify_asg_configuration" { - command = plan - - module { - source = "./modules/aws/sensor" - } - - variables { - vpc_id = "vpc-test123456" - monitoring_subnet_ids = ["subnet-mon123456"] - management_subnet_ids = ["subnet-mgmt123456"] - corelight_sensor_ami_id = "ami-test123456" - aws_key_pair_name = "test-keypair" - license_key = "test-license-key" - community_string = "test-community-string" - asg_lambda_iam_role_arn = "arn:aws:iam::123456789012:role/test-role" - fleet_token = "test-token" - fleet_url = "https://fleet.example.com" - fleet_server_sslname = "fleet.example.com" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.min_size == 1 - error_message = "ASG minimum size should be 1" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.max_size == 5 - error_message = "ASG maximum size should be 5" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.desired_capacity == 1 - error_message = "ASG desired capacity should be 1" - } - - assert { - condition = aws_autoscaling_group.sensor_asg.health_check_type == "EC2" - error_message = "ASG health check type should be EC2" - } -} - -run "verify_security_groups" { - command = plan - - module { - source = "./modules/aws/sensor" - } - - variables { - vpc_id = "vpc-test123456" - monitoring_subnet_ids = ["subnet-mon123456"] - management_subnet_ids = ["subnet-mgmt123456"] - corelight_sensor_ami_id = "ami-test123456" - aws_key_pair_name = "test-keypair" - license_key = "test-license-key" - community_string = "test-community-string" - asg_lambda_iam_role_arn = "arn:aws:iam::123456789012:role/test-role" - fleet_token = "test-token" - fleet_url = "https://fleet.example.com" - fleet_server_sslname = "fleet.example.com" - } - - assert { - condition = aws_security_group.monitoring.name == "corelight-sensor-monitoring" - error_message = "Monitoring security group should have correct default name" - } - - assert { - condition = aws_security_group.management.name == "corelight-sensor-management" - error_message = "Management security group should have correct default name" - } - - assert { - condition = aws_security_group.monitoring.vpc_id == "vpc-test123456" - error_message = "Security groups should be created in the specified VPC" - } -} - -run "verify_launch_template_configuration" { - command = plan - - module { - source = "./modules/aws/sensor" - } - - variables { - vpc_id = "vpc-test123456" - monitoring_subnet_ids = ["subnet-mon123456"] - management_subnet_ids = ["subnet-mgmt123456"] - corelight_sensor_ami_id = "ami-test123456" - aws_key_pair_name = "test-keypair" - license_key = "test-license-key" - community_string = "test-community-string" - asg_lambda_iam_role_arn = "arn:aws:iam::123456789012:role/test-role" - fleet_token = "test-token" - fleet_url = "https://fleet.example.com" - fleet_server_sslname = "fleet.example.com" - } - - assert { - condition = aws_launch_template.sensor_launch_template.instance_type == "c5.2xlarge" - error_message = "Default instance type should be c5.2xlarge" - } - - assert { - condition = aws_launch_template.sensor_launch_template.image_id == "ami-test123456" - error_message = "Launch template should use specified AMI ID" - } - - assert { - condition = aws_launch_template.sensor_launch_template.key_name == "test-keypair" - error_message = "Launch template should use specified key pair" - } - - assert { - condition = aws_launch_template.sensor_launch_template.metadata_options[0].http_tokens == "required" - error_message = "IMDSv2 should be enforced (http_tokens = required)" - } -} diff --git a/tests/unit/variable-validation/README.md b/tests/unit/variable-validation/README.md deleted file mode 100644 index 458e4c9..0000000 --- a/tests/unit/variable-validation/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# variable-validation - -Documentation coming soon.