add new chapter code

chapter10/complete-part1/app1.tf

@@ -0,0 +1,26 @@
+resource "aws_iam_user" "app1" {
+  name          = "app1-svc-account"
+  force_destroy = true
+}
+
+resource "aws_iam_user_policy" "app1" {
+  user   = aws_iam_user.app1.name
+  policy = <<-EOF
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ec2:Describe*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  EOF
+}
+
+resource "aws_iam_access_key" "app1" {
+  user = aws_iam_user.app1.name
+}

chapter10/complete-part1/app2.tf

@@ -0,0 +1,26 @@
+resource "aws_iam_user" "app2" {
+  name          = "app2-svc-account"
+  force_destroy = true
+}
+
+resource "aws_iam_user_policy" "app2" {
+  user   = aws_iam_user.app1.name
+  policy = <<-EOF
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "s3:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  EOF
+}
+
+resource "aws_iam_access_key" "app2" {
+  user = aws_iam_user.app2.name
+}

chapter10/complete-part1/main.tf

@@ -0,0 +1,27 @@
+terraform {
+  required_version = "~> 0.13"
+  required_providers {
+    aws   = "~> 3.6"
+    local = "~> 1.4"
+  }
+}
+
+provider "aws" {
+    profile = "<profile>"
+    region = "us-west-2"
+}
+
+
+resource "local_file" "credentials" { #A
+  filename           = "credentials"
+  file_permission    = "0644"
+  sensitive_content  = <<-EOF
+    [${aws_iam_user.app1.name}]
+    aws_access_key_id = ${aws_iam_access_key.app1.id}
+    aws_secret_access_key = ${aws_iam_access_key.app1.secret}
+    
+    [${aws_iam_user.app2.name}]
+    aws_access_key_id = ${aws_iam_access_key.app2.id}
+    aws_secret_access_key = ${aws_iam_access_key.app2.secret}
+  EOF
+}

chapter10/complete-part2/main.tf

@@ -0,0 +1,38 @@
+terraform {
+  required_version = "~> 0.13"
+  required_providers {
+    aws   = "~> 3.6"
+    local = "~> 1.4"
+  }
+}
+
+provider "aws" {
+    profile = "<profile>"
+    region = "us-west-2"
+}
+
+locals {
+  policies = {
+    for path in fileset(path.module, "policies/*.json") : basename(path) => file(path)
+  }
+  policy_mapping = {
+    "app1" = {
+      policies = [local.policies["app1.json"]],
+    },
+    "app2" = {
+      policies = [local.policies["app2.json"]],
+    },
+  }
+}
+
+module "iam" { #A
+  source   = "./modules/iam"
+  for_each = local.policy_mapping
+  name     = each.key
+  policies = each.value.policies
+}
+
+resource "local_file" "credentials" {
+  filename = "credentials"
+  content  = join("\n", [for m in module.iam : m.credentials])
+}

chapter10/complete-part2/modules/iam/main.tf

@@ -0,0 +1,36 @@
+variable "name" {
+  type = string
+}
+
+variable "policies" {
+  type = list(string)
+}
+
+resource "aws_iam_user" "user" {
+  name          = "${var.name}-svc-account"
+  force_destroy = true
+}
+
+resource "aws_iam_policy" "policy" { #A
+  count  = length(var.policies)
+  name        = "${var.name}-policy-${count.index}"
+  policy      = var.policies[count.index]
+}
+
+resource "aws_iam_user_policy_attachment" "attachment" {
+    count  = length(var.policies)
+  user       = aws_iam_user.user.name
+  policy_arn = aws_iam_policy.policy[count.index].arn
+}
+
+resource "aws_iam_access_key" "access_key" {
+  user = aws_iam_user.user.name
+}
+
+output "credentials" { #B
+  value = <<-EOF
+    [${aws_iam_user.user.name}]
+    aws_access_key_id = ${aws_iam_access_key.access_key.id}
+    aws_secret_access_key = ${aws_iam_access_key.access_key.secret}
+  EOF
+}

chapter10/complete-part2/policies/app1.json

@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Action": [
+          "ec2:Describe*"
+        ],
+        "Effect": "Allow",
+        "Resource": "*"
+      }
+    ]
+  }
+

chapter10/complete-part2/policies/app2.json

@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "s3:List*"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+        }
+    ]
+}

chapter10/complete-part3/main.go

@@ -0,0 +1,68 @@
+package test
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-exec/tfexec"
+	"github.com/hashicorp/terraform-exec/tfinstall"
+	"github.com/rs/xid"
+)
+
+func TestTerraformModule(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "tfinstall")
+	if err != nil {
+		t.Error(err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	latestVersion := tfinstall.LatestVersion(tmpDir, false)
+	execPath, err := tfinstall.Find(latestVersion)
+	if err != nil {
+		t.Error(err)
+	}
+
+	workingDir := "./testfixtures"
+	tf, err := tfexec.NewTerraform(workingDir, execPath)
+	if err != nil {
+		t.Error(err)
+	}
+
+	ctx := context.Background()
+	err = tf.Init(ctx, tfexec.Upgrade(true), tfexec.LockTimeout("60s"))
+	if err != nil {
+		t.Error(err)
+	}
+
+	defer tf.Destroy(ctx)
+	bucketName := fmt.Sprintf("bucket_name=%s", xid.New().String())
+	err = tf.Apply(ctx, tfexec.Var(bucketName))
+	if err != nil {
+		t.Error(err)
+	}
+
+	state, err := tf.Show(context.Background())
+	if err != nil {
+		t.Error(err)
+	}
+
+	endpoint := state.Values.Outputs["endpoint"].Value.(string)
+	url := fmt.Sprintf("http://%s", endpoint)
+	resp, err := http.Get(url)
+	if err != nil {
+		t.Error(err)
+	}
+
+	buf := new(bytes.Buffer)
+	buf.ReadFrom(resp.Body)
+	t.Logf("\n%s", buf.String())
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("status code did not return 200")
+	}
+}

chapter10/complete-part3/testfixtures/index.html

@@ -0,0 +1,9 @@
+<html>
+<head>
+    <title>Ye Olde Chocolate Shoppe</title>
+</head>
+<body>
+  <h1>Chocolates for Any Occasion!h1>
+  <p>Come see why our chocolates are the best.</p>
+</body>
+</html>

chapter10/complete-part3/testfixtures/main.tf

@@ -0,0 +1,44 @@
+provider "aws" {
+    region = "us-west-2"
+}
+
+variable "bucket_name" {
+    type = string
+}
+
+resource "aws_s3_bucket" "website" {
+  bucket = var.bucket_name
+  acl = "public-read"
+  policy = <<-EOF
+    {
+      "Version": "2008-10-17",
+      "Statement": [
+        {
+          "Sid": "PublicReadForGetBucketObjects",
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "*"
+          },
+          "Action": "s3:GetObject",
+          "Resource": "arn:aws:s3:::${var.bucket_name}/*"
+        }
+      ]
+    }
+  EOF
+
+  website {
+    index_document = "index.html"
+  }
+}
+
+resource "aws_s3_bucket_object" "object" {
+  bucket = aws_s3_bucket.website.bucket
+  key    = "index.html"
+  source = "index.html"
+  etag = filemd5("${path.module}/index.html")
+  content_type = "text/html"
+}
+
+output "endpoint" {
+  value = aws_s3_bucket.website.website_endpoint
+}

chapter10/listing10.1/app1.tf

@@ -0,0 +1,26 @@
+resource "aws_iam_user" "app1" {
+  name          = "app1-svc-account"
+  force_destroy = true
+}
+
+resource "aws_iam_user_policy" "app1" {
+  user   = aws_iam_user.app1.name
+  policy = <<-EOF
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ec2:Describe*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  EOF
+}
+
+resource "aws_iam_access_key" "app1" {
+  user = aws_iam_user.app1.name
+}