From 448ae1755735bcd50e218f4b4759aec4d734ed1e Mon Sep 17 00:00:00 2001
From: Dave Arnold <david.j.arnold.jr@census.gov>
Date: Mon, 24 Jun 2024 15:23:46 -0400
Subject: [PATCH] adding testing profiles

---
 .terraform.lock.hcl |  38 ++++----
 main.tf             | 213 ++++++++++++++++++++++++--------------------
 2 files changed, 136 insertions(+), 115 deletions(-)

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index b7529e7..39bf434 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,24 +2,28 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "5.53.0"
+  version     = "5.55.0"
   constraints = ">= 4.20.1"
   hashes = [
-    "h1:yIDopRNeRAXg1UZpPlO6GNofDyzqSPkl/+Eoc3pKW4Q=",
-    "zh:2adad39412111d19a5195474d6b95577fc25ccf06d88a90019bee0efba33a1e3",
-    "zh:51226453a14f95b0d1163cfecafc9cf1a92ce5f66e42e6b4065d83a813836a2c",
-    "zh:62450fadb56db9c18d50bb8b7728a3d009be608d7ee0d4fe95c85ccb521dff83",
-    "zh:6f3ad977a9cc4800847c136690b1c0a0fd8437705062163d29dc4e9429598950",
-    "zh:71ca0a16b735b8d34b7127dd7d1e1e5d1eaac9c9f792e08abde291b5beb947d5",
-    "zh:7ae9cf4838eea80288305be0a3e69b39ffff86ede7b4319be421f06d32d04fb6",
-    "zh:93abc2db5ad995cfee014eb7446abc7caedc427e141d375a11993e6e199076b5",
-    "zh:9560b3424d97da804e98ee86b474b7370afefa09baf350cae7f33afb3f1aa209",
-    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9eb57a9b649c217ac4eeb27af2a1935c18bd9bc8fb1be07434e7de74729eff46",
-    "zh:b5f32dcbe71ea22c2090eeeaec9af3e098d7b8c3e4491f34ffdfdc6f1c1abf81",
-    "zh:c9fbd5417f266c773055178e87bb4091df7f0542b72bf5ad0a4ae27045a2b7ca",
-    "zh:d518b3c52c8a9f79769dbe1b3683d25b4cdc8bfc77a3b3cd9c85f74e6c7383e1",
-    "zh:db741be21f32404bb87d73d25b1b7fd9b813b00aeb20a130ed8806d44dc26680",
-    "zh:ed1a8bb4d08653d87265ae534d6fc33bbdabae1608692a1ee364fce03548d36c",
+    "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.6.2"
+  hashes = [
+    "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
+    "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
+    "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
+    "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
+    "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
+    "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
+    "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
+    "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
+    "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
+    "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
+    "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
   ]
 }
diff --git a/main.tf b/main.tf
index 11791e6..2a37169 100644
--- a/main.tf
+++ b/main.tf
@@ -1,98 +1,115 @@
-locals {
- proxy_env_vars = {
-   HTTP_PROXY = "http://proxy.tco.census.gov:3128"
-   NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
-   HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
- }
-}
-
-data "aws_iam_policy_document" "s3_access" {
-  statement {
-    effect = "Allow"
-    actions   = ["s3:*"]
-    resources = ["*"]
-  }
-}
-
-
-resource "aws_security_group" "allow_amznlinux_cdn" {
-  name        = "allow_amznlinux_cdn"
-  description = "Allow TLS inbound traffic and all outbound traffic"
-  vpc_id      = local.vpc_id
-
-  tags = {
-    Name = "allow_amznlinux_cdn"
-  }
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
-  security_group_id = aws_security_group.allow_amznlinux_cdn.id
-  cidr_ipv4         = "0.0.0.0/0"
-  ip_protocol       = "-1" # semantically equivalent to all ports
-}
-
-
-locals {
-  vpc_id = "vpc-00576a396ec570b94"
-}
-
-data "aws_codecommit_repository" "ansible" {
-  repository_name = "image-pipeline-ansible-roles"
-}
-
-data "aws_codecommit_repository" "goss" {
-  repository_name = "image-pipeline-goss-testing"
-}
-
-
-data "aws_region" "current" {}
-
-
-module "main" {
-  source                      = "HappyPathway/image-pipeline/aws"
-  project_name                = "image-pipeline-demo2"
-  environment                 = "dev"
-  source_repo_name            = "image-pipeline-hello-world"
-  source_repo_branch          = "main"
-  builder_image               = "aws/codebuild/standard:7.0"
-  create_new_repo             = true
-  create_new_role             = true
-  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
-  build_environment_variables = [ 
-   for proxy_var in keys(local.proxy_env_vars) :
-   { 
-     name=proxy_var, 
-     value=lookup(local.proxy_env_vars, proxy_var),
-     type = "PLAINTEXT"
-   }
-  ]
-  ansible_repo                = data.aws_codecommit_repository.ansible
-  goss_repo                   = data.aws_codecommit_repository.goss
-
-  state = {
-    bucket         = "inf-tfstate-229685449397"
-    key            = "csvd-dev-gov/common/apps/aws-image-pipeline-demo"
-    region         = "us-gov-east-1"
-    dynamodb_table = "tf_remote_state"
-  } 
-
-  vpc_config = {
-    vpc_id = local.vpc_id
-    region = "us-gov-west-1"
-    security_group_ids = [
-      "sg-0d828d223df9834a6",
-      aws_security_group.allow_amznlinux_cdn.id
-    ]
-    subnets = [
-      "subnet-0b1992a84536c581b"
-    ]
-  }   
-}
-
-output iam_arn {
-  value = module.main.iam_arn
-}
-
-output codebuild_user {
-  value =  module.main.build_user.name
-}
+locals {
+    proxy_env_vars = {
+        HTTP_PROXY = "http://proxy.tco.census.gov:3128"
+        NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
+        HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
+    }
+    source_repo   = "image-pipeline-hello-world"
+    project_name  = "image-pipeline-demo2"
+    environment   = "dev"
+    _vpc_config = {
+        vpc_id = "vpc-00576a396ec570b94"
+        region = "us-gov-west-1"
+        security_group_ids = [
+          "sg-0d828d223df9834a6"
+        ]
+        subnets = [
+          # "subnet-0b1992a84536c581b"
+          "subnet-062189d742937204e"
+        ]
+    }
+    vpc_config = merge(
+        local._vpc_config,
+        {
+          security_group_ids = concat(
+            local._vpc_config.security_group_ids, 
+            [
+              aws_security_group.allow_amznlinux_cdn.id
+            ])
+        }
+    )
+    state_config = {
+        bucket         = aws_s3_bucket.state_bucket.bucket
+        key            = "csvd-dev-gov/common/apps/${local.environment}/${local.project_name}"
+        region         = local.vpc_config.region
+        dynamodb_table = "tf_remote_state"
+    }  
+}
+
+resource random_uuid random {}
+resource aws_s3_bucket state_bucket {
+  bucket = "inf-test-${random_uuid.random.result}"
+}
+
+data "aws_iam_policy_document" "s3_access" {
+  statement {
+    effect = "Allow"
+    actions   = ["s3:*"]
+    resources = ["*"]
+  }
+}
+
+resource "aws_security_group" "allow_amznlinux_cdn" {
+  name        = "allow_amznlinux_cdn"
+  description = "Allow TLS inbound traffic and all outbound traffic"
+  vpc_id      = local._vpc_config.vpc_id
+  tags = {
+    Name = "allow_amznlinux_cdn"
+  }
+}
+
+resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
+  security_group_id = aws_security_group.allow_amznlinux_cdn.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1" # semantically equivalent to all ports
+}
+
+# referenced_security_group_id
+resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" {
+  security_group_id = aws_security_group.allow_amznlinux_cdn.id
+  ip_protocol       = "-1" # semantically equivalent to all ports
+  referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id
+}
+
+data "aws_codecommit_repository" "ansible" {
+  repository_name = "image-pipeline-ansible-roles"
+}
+
+data "aws_codecommit_repository" "goss" {
+  repository_name = "image-pipeline-goss-testing"
+}
+
+
+module "main" {
+  source                      = "HappyPathway/image-pipeline/aws"
+  project_name                = local.project_name
+  environment                 = local.environment
+  source_repo_name            = local.source_repo
+  source_repo_branch          = "main"
+  builder_image               = "aws/codebuild/standard:7.0"
+  create_new_repo             = true
+  create_new_role             = true
+  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
+  build_environment_variables = [ 
+   for proxy_var in keys(local.proxy_env_vars) :
+   { 
+     name=proxy_var, 
+     value=lookup(local.proxy_env_vars, proxy_var),
+     type = "PLAINTEXT"
+   }
+  ]
+  ansible_repo                = data.aws_codecommit_repository.ansible
+  goss_repo                   = data.aws_codecommit_repository.goss
+  goss_profile                = "base-test"
+  state = local.state_config
+  vpc_config = local.vpc_config
+}
+
+output iam_arn {
+  value = module.main.iam_arn
+}
+
+output codebuild_user {
+  value =  module.main.build_user.name
+}
+