Add Sample: Integration Testing (#43)

add samples for integration testing

samples/README.md

@@ -0,0 +1,7 @@
+# Azure Terraform Samples
+
+This repository contains real-world examples that will walk you through different concepts and help you to implements all of them on your projects.
+
+## Testing Best Practices
+
+- [Integration Testing](integration-testing/README.md)

samples/integration-testing/README.md

@@ -0,0 +1,74 @@
+# Terraform Integration Testing
+
+This is an example about the minimum level of integration testing that we recommend to be implemented on every Terraform project.
+
+## What about integration testing
+
+Testing is an important part of a software development project, and this is also for infrastructure as code projects. When working with Terraform, there are a bunch of tools that can help you to set up continuous integration quickly. Making sure that every time you and your colleagues are pushing changes, this code is automatically validated and tested.
+
+This example shows how you can use Azure Pipeline to quickly set up a CI pipeline on a Terraform module. This pipeline is responsible for:
+
+- Running static code analysis using [checkov](https://github.com/bridgecrewio/checkov)
+- Running Terraform init
+- Running Terraform validate
+- Running Terraform plan
+
+By running these steps, you will ensure that on every commit, the code that is pushed integrates with the existing code base and is valid from a syntax perspective as it can be executed by Terraform.
+
+## Getting deep dive into this example
+
+This example basically creates a resource group with a random name (see [main.tf](src/main.tf)):
+
+```hcl
+resource "random_uuid" "uuid" {}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-hello-tf-${random_uuid.uuid.result}"
+  location = var.location
+}
+```
+
+It also defines a [bash script](src/checkov.sh) responsible for running the static code analysis using Checkov tool.
+
+Finally, it defines an [Azure YAML pipeline](src/azure-pipeline.yaml) responsible for executing the 4 steps described in the [above section](#what-about-basic-testing).
+
+## How-to run this example
+
+### Prerequisites
+
+To run this example, you need to:
+
+- Create a new Azure DevOps project. If you are not familiar with Azure DevOps, you can create an organization and your first project for free following [this documentation](https://docs.microsoft.com/en-us/azure/devops/organizations/projects/create-project?view=azure-devops&tabs=preview-page).
+- Install the [Terraform Build & Release Tasks extension](https://marketplace.visualstudio.com/items?itemName=charleszipp.azure-pipelines-tasks-terraform) into your Azure DevOps organization
+- Create an [Azure Service Connection](https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops) named `terraform-basic-testing-azure-connection` allowing Azure Pipelines to connect to your Azure subscriptions (required to execute the terraform plan step)
+- Fork this repository into your own GitHub organization
+
+### Import the pipeline into Azure DevOps
+
+Open your Azure DevOps project and go into the Azure Pipelines section. Click on the `Create Pipeline` button. On the `Where is your code?` select GitHub (YAML):
+
+![Where is your code?](assets/new-pipeline-where-github-yaml.png)
+
+> Note: At this step, you might have to authorize Azure DevOps to access your organization, if you've not done that already. If you are not familiar with building GitHub repositories using Azure Pipelines you can have a look to [this documenation page](https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml).
+
+In the repositories list, select the fork of this repository that you have created previously in your GitHub organization. In the `Configure your pipeline` step, choose to start from an existing YAML pipeline:
+
+![Existing YAML pipeline](assets/new-pipeline-existing-yaml.png)
+
+In the popup that opens, fill with the branch `master` and the path to the YAML pipeline `examples/basic-testing/src/azure-pipeline.yaml`:
+
+![Select existing YAML pipeline](assets/select-existing-yaml-pipeline.png)
+
+Click on the `Continue` button. This will load the Azure YAML pipeline from GitHub. On the next page, you can click the `Run` button to create and manually trigger the pipeline for the first time:
+
+![Run Azure Pipeline](assets/run-pipeline.png)
+
+### Run the pipeline
+
+You can run the pipeline manually from the Azure DevOps UI or just commit new code to `example/basic-testing/src` folder of the repository. It will automatically trigger a new pipeline on the branch you are pushing the code:
+
+![Pipeline running from GitHub](assets/pipeline-running-from-github.png)
+
+And of course, you can access the details to ensure that everything ends up green in Azure DevOps:
+
+![Azure DevOps Green Pipeline](assets/azure-devops-green-pipeline.png)

samples/integration-testing/src/azure-pipeline.yaml

@@ -0,0 +1,56 @@
+# Azure Pipeline that run basic continuous integration on a Terraform project
+
+# This makes sure the pipeline is triggered every time code is pushed in the validation-testing example source, on all branches.
+trigger:
+  branches:
+    include:
+    - '*'
+  paths:
+    include:
+    - 'examples/validation-testing/src/*'
+
+variables:
+  # There must be an Azure Service Connection with that name defined in your Azure DevOps settings. See https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops
+  serviceConnection: 'terraform-basic-testing-azure-connection'
+  azureLocation: 'westeurope'
+  # Terraform settings
+  terraformWorkingDirectory: '$(System.DefaultWorkingDirectory)/examples/basic-testing/src'
+  terraformVersion: '0.12.25'
+
+stages:
+  - stage: TerraformContinuousIntegration
+    displayName: Terraform Module - CI
+    jobs:
+    - job: TerraformContinuousIntegrationJob
+      displayName: TerraformContinuousIntegration - CI Job
+      pool:
+        vmImage: ubuntu-20.04
+      steps:
+      # Step 1: run the Checkov Static Code Analysis
+      - bash: $(terraformWorkingDirectory)/checkov.sh $(terraformWorkingDirectory)
+        displayName: Checkov Static Code Analysis
+      # Step 2: install Terraform on the Azure Pipelines agent
+      - task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-installer.TerraformInstaller@0
+        displayName: 'Install Terraform'
+        inputs:
+          terraformVersion: $(terraformVersion)
+      # Step 3: run Terraform init to initialize the workspace
+      - task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
+        displayName: 'Run terraform init'
+        inputs:
+          command: init
+          workingDirectory: $(terraformWorkingDirectory)
+      # Step 4: run Terraform validate to validate HCL syntax
+      - task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
+        displayName: 'Run terraform validate'
+        inputs:
+          command: validate
+          workingDirectory: $(terraformWorkingDirectory)
+      # Step 5: run Terraform plan to validate HCL syntax
+      - task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
+        displayName: 'Run terraform plan'
+        inputs:
+          command: plan
+          workingDirectory: $(terraformWorkingDirectory)
+          environmentServiceName: $(serviceConnection)
+          commandOptions: -var location=$(azureLocation)

samples/integration-testing/src/checkov.sh

@@ -0,0 +1,57 @@
+#!/bin/bash      
+#title           :run_checkov.sh
+#description     :Runs the Checkov static analysis tool on all subdirectories of the target.
+#author		       :andreas.heuamier@microsoft.com
+#date            :20200510
+#version         :0.1    
+#usage		       :./checkov.sh {WORKk_DIR}
+#bash_version    :5.0.16(1)-release 
+# 
+set -eo pipefail
+
+# The target directory for scanning.
+WORK_DIR=${1-$(pwd)}
+
+#######################################
+# run_checkov() docker command
+# Arguments:
+#   test_dir folder
+# Outputs:
+#   Writes test command outputs to stdout
+#   Exits on $? != 0
+#######################################
+run_checkov() {
+  local test_dir=$1
+  docker run -t -v "${test_dir}":/tf bridgecrew/checkov:release-1.0.235 -d /tf
+}
+
+#######################################
+# find_folders_by() file pattern
+# Globals:
+#   WORK_DIR -path
+# Arguments:
+#   pattern - regex
+# Outputs:
+#   Writes folders list to stdout
+#######################################
+find_folders_by() {
+  local pattern=${1:-"main.tf"}
+  find "${WORK_DIR}" -type f -name "${pattern}" -printf '%h\n' | sort -u
+}
+
+#######################################
+# Runs the Checkov static analysis tool on all subdirectories
+#######################################
+run_main() {
+  for folder in $(find_folders_by "main.tf"); do
+    run_checkov "${folder}" &
+  done
+  wait
+}
+
+#######################################
+#  Be able to run this one either as standalone or import as lib
+#######################################
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  run_main
+fi

samples/integration-testing/src/main.tf

@@ -0,0 +1,6 @@
+resource "random_uuid" "uuid" {}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-hello-tf-${random_uuid.uuid.result}"
+  location = var.location
+}

samples/integration-testing/src/output.tf

@@ -0,0 +1,3 @@
+output "resource_group_name" {
+    value = azurerm_resource_group.rg.name
+}

samples/integration-testing/src/provider.tf

@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}

samples/integration-testing/src/variables.tf

@@ -0,0 +1,5 @@
+variable location {
+  type        = string
+  description = "The Azure location where the resources will be created"
+  default     = "westeurope"
+}