Working and non-working tests of Terraform's credential use.
Each test (each is a subdirectory of the tests/ directory) has a README and a Makefile. Follow the steps in the individual test's README and run make:
$ make testAdding working and, especially, non-working tests by forking and opening a pull request.
Making a new test:
- Fork & clone this repo
- Find the most similar existing test
- Go to your local clone directory
git checkout -b my-awesome-testcd testscp -R existing_similar_test new_name_for_your_testcd new_name_for_your_test- Edit the
README.md,dotenvand*.tffiles innew_name_for_your_test - Run your test using the makefile (
makewhich is equivalent tomake test) - make will setup the environment and run Terraform for you- If your test is successful,
makewilldestroyand clean up in the same pass - If your test is not successful,
make cleanshould get rid of the resources and files (will also get rid of the logs which are helpful in debugging) (WARNING: some tests might leave resources that you'll have to manually delete in the AWS console/CLI)
- If your test is successful,
- Edit this
README.mdwith the test name and status git add .git commit -m "Add new test for (briefly describe the test)"git push -u my-awesome-test- Go to GitHub and open a pull request!
Variables affecting credentialling:
- static
- assume role
- S3 backend
- credential process
- profile
- config file
- credential file
- environment variables
- token
- workspaces (?)
Where tests can be compared to determine the source of the problem:
- Terraform
- AWS CLI
- AWS SDK Go
Specific cases not captured in tests yet:
- Terraform assumes Role T (Profile T) (#8052)
- Profile T = Profile R
- Profile R = Profile A
- Config + Credential
S3 Backend
terraform {
backend "s3" {
bucket = "mybucket"
key = "path/to/my/key"
region = "us-east-1"
}
}Assume role
provider "aws" {
assume_role = "${var.workspace_iam_roles[terraform.workspace]}"
}