Merge pull request #22 from oozou/terraform-test

add terraform-test

Author: lycbrian

.github/workflows/claude.yml

@@ -0,0 +1,37 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          timeout_minutes: "60"
+          model: "claude-opus-4-20250514"

.github/workflows/terraform-test.yaml

@@ -0,0 +1,29 @@
+name: Test Module
+
+on:
+  pull_request:
+    paths:
+      - '*.tf'
+      - 'tests/**'
+      - 'examples/terraform-test/**'
+      - '.github/workflows/terraform-test.yaml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: write
+  id-token: write
+  
+jobs:
+  test:
+    name: Run Terraform Tests
+    uses: oozou/.github/.github/workflows/terraform-test.yml@main
+    secrets: inherit
+    with:
+      aws_region: 'ap-southeast-1'
+      tf_version: '1.6.0'
+      go_version: '1.21'
+      test_example_path: 'examples/terraform-test'
+      timeout_minutes: 60
+      module_name: 'AWS Lambda'
+      iam_oidc_role: 'arn:aws:iam::562563527952:role/oozou-internal-devops-github-action-oidc-role' # oozou internal account

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 All notable changes to this module will be documented in this file.
 
+## [v1.2.3] - 2025-07-11
+
+### Added
+
+- var additional_lambda_log_group_kms_policy
+
 ## [v1.2.2] - 2023-11-20
 
 ### Changed

README.md

@@ -0,0 +1,32 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name                                                                      | Version           |
+|---------------------------------------------------------------------------|-------------------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0          |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws)                   | >= 4.0.0, < 5.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name                                                   | Source | Version |
+|--------------------------------------------------------|--------|---------|
+| <a name="module_lambda"></a> [lambda](#module\_lambda) | ../../ | n/a     |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name                                                                     | Description                                                                                                                                                                                                                                                                                                                                                       | Type                                                                                                                                          | Default | Required |
+|--------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|---------|:--------:|
+| <a name="input_generic_info"></a> [generic\_info](#input\_generic\_info) | `prefix`      >> The prefix name of customer to be displayed in AWS console and resource<br>  `environment` >> Environment Variable used as a prefix<br>  `name`        >> Name of the ECS cluster and s3 also redis to create<br>  `custom_tags` >> Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | <pre>object({<br>    prefix      = string<br>    environment = string<br>    name        = string<br>    custom_tags = map(any)<br>  })</pre> | n/a     |   yes    |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/terraform-test/README.md

@@ -0,0 +1,97 @@
+module "lambda" {
+  source = "../../"
+
+  prefix      = var.generic_info.prefix
+  environment = var.generic_info.environment
+  name        = var.generic_info.name
+
+  is_edge = false # Defautl is `false`, If you want to publish to the edge don't forget to override aws's provider to virgina
+
+  # If is_edge is `false`, ignore this config
+  is_create_lambda_bucket = true # Default is `false`; plz use false, if not 1 lambda: 1 bucket
+  bucket_name             = ""   # If `is_create_lambda_bucket` is `false`; specified this, default is `""`
+
+  # Source code
+  source_code_dir           = "./src"
+  compressed_local_file_dir = "./outputs"
+
+  # Lambda Env
+  runtime = "nodejs22.x"
+  handler = "index.handler"
+
+  # Lambda Specification
+  timeout                        = 3
+  memory_size                    = 128
+  reserved_concurrent_executions = -1
+
+  # Optional to connect Lambda to VPC
+  # vpc_config = {
+  #   security_group_ids      = ["sg-028f637312eea735e"]
+  #   subnet_ids_to_associate = ["subnet-0b853f8c85796d72d", "subnet-07c068b4b51262793", "subnet-0362f68c559ef7716"]
+  # }
+  # dead_letter_target_arn = "arn:aws:sns:ap-southeast-1:557291035693:demo" # To send failed processing to target, Default is `""`
+
+  # IAM
+  is_create_lambda_role = true # Default is `true`
+  lambda_role_arn       = ""   # If `is_create_lambda_role` is `false`
+  # The policies that you want to attach to IAM Role created by only this module                                                   # If `is_create_lambda_role` is `false`
+  additional_lambda_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+
+  # Resource policy
+  lambda_permission_configurations = {
+    lambda_on_my_account = {
+      principal  = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:lk36vflbha/*/*/"
+    }
+    lambda_on_my_another_account_wrong = {
+      principal      = "apigateway.amazonaws.com"
+      source_arn     = "arn:aws:execute-api:ap-southeast-1:224563527112:q6pwa6wgr6/*/*/"
+      source_account = "557291035112"
+    }
+    lambda_on_my_another_account_correct = {
+      principal  = "apigateway.amazonaws.com"
+      source_arn = "arn:aws:execute-api:ap-southeast-1:557291035112:wpj4t3scmb/*/*/"
+    }
+  }
+
+  # Logging
+  is_create_cloudwatch_log_group         = true # Default is `true`
+  cloudwatch_log_retention_in_days       = 90   # Default is `90`
+  additional_lambda_log_group_kms_policy = data.aws_iam_policy_document.allow_github_oidc.json
+  # Env
+  ssm_params = {}
+  environment_variables = {
+    region         = "ap-southeast-1"
+    cluster_name   = "oozou-dev-test-schedule-cluster"
+    nodegroup_name = "oozou-dev-test-schedule-custom-nodegroup"
+    min            = 1,
+    max            = 1,
+    desired        = 1
+  }
+
+  tags = var.generic_info.custom_tags
+}
+
+
+data "aws_iam_policy_document" "allow_github_oidc" {
+  statement {
+    sid    = "AllowGitHubActionsEncryptDecrypt"
+    effect = "Allow"
+
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::562563527952:role/oozou-internal-devops-github-action-oidc-role"
+      ]
+    }
+
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:GenerateDataKey*",
+      "kms:DescribeKey"
+    ]
+
+    resources = ["*"]
+  }
+}

examples/terraform-test/main.tf

@@ -0,0 +1,14 @@
+output "function_name" {
+  description = "Name of the Lambda function."
+  value       = module.lambda.function_name
+}
+
+output "function_arn" {
+  description = "ARN of the Lambda function."
+  value       = module.lambda.function_arn
+}
+
+output "execution_role_arn" {
+  description = "ARN of the Lambda function's execution role."
+  value       = module.lambda.execution_role_arn
+}

examples/terraform-test/outputs.tf

@@ -0,0 +1,18 @@
+var http = require('http')
+
+exports.handler = (event, context, callback) => {
+  const options = {
+    hostname: event.Host,
+    port: event.Port
+  }
+
+  const response = {};
+
+  http.get(options, (res) => {
+    response.httpStatus = res.statusCode
+    callback(null, response)
+  }).on('error', (err) => {
+    callback(null, err.message);
+  })
+
+};

examples/terraform-test/outputs/oozou-dev-demo.zip

@@ -0,0 +1,8 @@
+generic_info = {
+  prefix      = "oozou",
+  environment = "dev",
+  name        = "demo",
+  custom_tags = {
+    Workspace = "999-oozou-demo-dev-wp"
+  }
+}