Browse the Repo

file-type-icon.circleci
file-type-icon_ci
file-type-icon_docs
file-type-iconcodegen
file-type-iconexamples
file-type-iconmodules
file-type-icontest
file-type-iconcommon
file-type-iconlandingzone
file-type-iconsecurity
file-type-iconREADME.md
file-type-icongo.mod
file-type-icongo.sum
file-type-icon.editorconfig
file-type-icon.gitignore
file-type-icon.pre-commit-config.yaml
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.adoc

Browse the Repo

file-type-icon.circleci
file-type-icon_ci
file-type-icon_docs
file-type-iconcodegen
file-type-iconexamples
file-type-iconmodules
file-type-icontest
file-type-iconcommon
file-type-iconlandingzone
file-type-iconsecurity
file-type-iconREADME.md
file-type-icongo.mod
file-type-icongo.sum
file-type-icon.editorconfig
file-type-icon.gitignore
file-type-icon.pre-commit-config.yaml
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.adoc
ssh-grunt

ssh-grunt

Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).

Code Preview

Preview the Code

mobile file icon

README.md

down

Tests

This folder contains the tests for the modules in this repo.

Running the tests locally

Note #1: Many of these tests create real resources in an AWS account. That means they cost money to run, especially if you don't clean up after yourself. Please be considerate of the resources you create and take extra care to clean everything up when you're done!

Note #2: Never hit CTRL + C or cancel a build once tests are running or the cleanup tasks won't run!

Note #3: We set -timeout 45m on all tests not because they necessarily take 45 minutes, but because Go has a default test timeout of 10 minutes, after which it does a SIGQUIT, preventing the tests from properly cleaning up after themselves. Therefore, we set a timeout of 45 minutes to make sure all tests have enough time to finish and cleanup.

Prerequisites

  • Install the latest version of Go.
  • Install Terraform.
  • Add your AWS credentials as environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
  • For some of the tests, you also need to set the GITHUB_OAUTH_TOKEN environment variable to a valid GitHub auth token with "repo" access. You can generate one here: https://github.com/settings/tokens

Run all the tests

The tests in this repo are split into two types:

  • Tests related to account setup (landingzone folder)
  • Everything else (security folder)

You can run the tests for each package by going into the folder and calling go test. For example, to run the landingzone tests:

cd test/landingzone
go test -v -timeout 45m -parallel 128

Note: The automated tests for the kms-master-key and cloudtrail packages are disabled by default. That's because generating a KMS Master Key costs $1/month, even if we delete it right after, which can add up quickly if we run this test often. To enable the test, you need to set the RUN_KMS_TEST or RUN_CLOUDTRAIL_TEST environment variables:

Note: Some of the tests need to run against the Gruntwork LZ Test AWS Organization root account. Therefore you will also need to set the AWS_ORGTEST_ACCESS_KEY_ID and AWS_ORGTEST_SECRET_ACCESS_KEY environment variables. The logic that uses these variables is in landingzone/test_helpers.go.

cd test/security
RUN_KMS_TEST=true go test -v -timeout 45m -parallel 128

Run a specific test

To run a specific test called TestFoo:

cd test/landingzone
go test -v -timeout 45m -parallel 128 -run TestFoo

Questions? Ask away.

We're here to talk about our services, answer any questions, give advice, or just to chat.

Ready to hand off the Gruntwork?