initial

.gitignore

@@ -27,3 +27,5 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+.github/instructions/*

tests/core_vpc.tftest.hcl

@@ -0,0 +1,69 @@
+// Core VPC + DHCP test
+mock_provider "aws" {
+    alias = "mocked"
+    source = "./tests/mock/core-vpc"
+}
+
+run "vpc" {
+    providers = {
+        aws = aws.mocked
+    }
+
+    assert {
+        condition     = aws_vpc.this[0].id == "vpc-12345678"
+        error_message = "VPC ID does not match expected value"
+    }
+
+    assert {
+        condition     = aws_vpc.this[0].cidr_block == var.vpc_cidr
+        error_message = "VPC CIDR block does not match expected value"
+    }
+
+    assert {
+        condition     = aws_vpc.this[0].instance_tenancy == var.vpc_instance_tenancy
+        error_message = "VPC instance tenancy does not match expected value"
+    }
+
+    assert {
+        condition     = aws_vpc.this[0].enable_dns_support == var.vpc_enable_dns_support
+        error_message = "VPC DNS support setting does not match expected value"
+    }
+
+    assert {
+        condition     = aws_vpc.this[0].enable_dns_hostnames == var.vpc_enable_dns_hostnames
+        error_message = "VPC DNS hostnames setting does not match expected value"
+    }
+
+    assert {
+        condition     = (
+            aws_vpc.this[0].assign_generated_ipv6_cidr_block == var.vpc_assign_generated_ipv6_cidr_block
+            || (
+            aws_vpc.this[0].assign_generated_ipv6_cidr_block == null
+            && var.vpc_assign_generated_ipv6_cidr_block == false
+            )
+        )
+        error_message = "VPC IPv6 assignment setting does not match expected value"
+    }
+}
+
+run "dhcp_options" {
+    providers = {
+        aws = aws.mocked
+    }
+
+    assert {
+        condition     = aws_vpc_dhcp_options.this[0].id == "dopt-12345678"
+        error_message = "DHCP Options ID does not match expected value"
+    }
+
+    assert {
+        condition     = tolist(aws_vpc_dhcp_options.this[0].domain_name_servers) == tolist(var.dhcp_options_domain_name_servers)
+        error_message = "DHCP Options domain-name-servers does not match expected value"
+    }
+
+    assert {
+        condition     = aws_vpc_dhcp_options_association.this[0].dhcp_options_id == aws_vpc_dhcp_options.this[0].id
+        error_message = "DHCP Options Association does not reference the DHCP Options resource"
+    }
+}
+

tests/gateways.tftest.hcl

@@ -0,0 +1,39 @@
+// Internet / Egress Gateways & NAT test
+mock_provider "aws" {
+    alias = "mocked"
+    source = "./tests/mock/gateways"
+}
+
+run "gateways" {
+    providers = { aws = aws.mocked }
+
+    assert {
+        condition     = aws_internet_gateway.this[0].id == "igw-12345678"
+        error_message = "Internet Gateway ID does not match expected value"
+    }
+
+    assert {
+        condition     = length(aws_egress_only_internet_gateway.this) == 0
+        error_message = "Egress Only Internet Gateway should not be created"
+    }
+
+    assert {
+        condition     = length(aws_eip.nat) >= 1
+        error_message = "At least one EIP for NAT should be created"
+    }
+
+    assert {
+        condition     = aws_eip.nat[0].public_ip == var.expected_nat_ip
+        error_message = "EIP public IP does not match expected value"
+    }
+
+    assert {
+        condition     = length(aws_nat_gateway.this) >= 1
+        error_message = "At least one NAT Gateway should be created"
+    }
+
+    assert {
+        condition     = aws_nat_gateway.this[0].allocation_id == aws_eip.nat[0].id
+        error_message = "NAT Gateway does not reference the expected EIP allocation"
+    }
+}

tests/mock/core-vpc/data.tfmock.hcl

@@ -0,0 +1,34 @@
+mock_resource "aws_vpc" {
+    defaults = {
+        id                          = "vpc-12345678"
+        arn                         = "arn:aws:ec2:ap-southeast-3:123456789012:vpc/vpc-12345678"
+        cidr_block                  = "10.0.0.0/16"
+        instance_tenancy            = "default"
+        enable_dns_support          = true
+        enable_dns_hostnames        = true
+        main_route_table_id         = "rtb-12345678"
+        default_network_acl_id      = "acl-12345678"
+        default_security_group_id   = "sg-12345678"
+        default_route_table_id      = "rtb-12345678"
+        ipv6_association_id         = null
+        ipv6_cidr_block             = null
+        assign_generated_ipv6_cidr_block = false
+    }
+}
+
+
+mock_resource "aws_vpc_dhcp_options" {
+    defaults = {
+        id                   = "dopt-12345678"
+        domain_name          = "service.consul"
+        domain_name_servers  = ["127.0.0.1", "10.10.0.2"]
+    }
+}
+
+mock_resource "aws_vpc_dhcp_options_association" {
+    defaults = {
+        id              = "doptassoc-123"
+        dhcp_options_id = "dopt-12345678"
+        vpc_id          = "vpc-12345678"
+    }
+}

tests/mock/gateways/data.tfmock.hcl

@@ -0,0 +1,28 @@
+mock_resource "aws_internet_gateway" {
+    defaults = {
+        id  = "igw-12345678"
+        arn = "arn:aws:ec2:ap-southeast-3:123456789012:internet-gateway/igw-12345678"
+    }
+}
+
+mock_resource "aws_egress_only_internet_gateway" {
+    defaults = {
+        id = "eigw-12345678"
+    }
+}
+
+mock_resource "aws_eip" {
+    defaults = {
+        id = "eipalloc-12345678"
+        public_ip = "203.0.113.10"
+    }
+}
+
+mock_resource "aws_nat_gateway" {
+    defaults = {
+        id = "nat-12345678"
+        allocation_id = "eipalloc-12345678"
+        subnet_id = "subnet-123"
+        state = "available"
+    }
+}

tests/mock/subnets/data.tfmock.hcl

@@ -0,0 +1,9 @@
+mock_resource "aws_subnet" {
+    defaults = {
+        id                = "subnet-123"
+        arn               = "arn:aws:ec2:ap-southeast-3:123456789012:subnet/subnet-123"
+        cidr_block        = "10.0.1.0/24"
+        availability_zone = "ap-southeast-3a"
+        vpc_id            = "vpc-12345678"
+    }
+}

tests/plan.tftest.hcl

@@ -0,0 +1,15 @@
+// Core VPC + DHCP test
+mock_provider "aws" {
+    alias = "mocked"
+    source = "./tests/mock/core-vpc"
+}
+
+run "run_module_plan" {
+    command = plan
+    providers = {
+        aws = aws.mocked
+    }
+    module {
+        source = "./tests/setup"
+    }
+}