Merge pull request #275 from nimblehq/feature/gh-274-add-name-to-iam-…

…groups [#274] Add project name to the IAM group names
nimblehq · Feb 5, 2024 · 578b971 · 578b971
2 parents 9a60812 + 32b091e
commit 578b971
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 12 deletions.
diff --git a/src/commands/generate/index.test.ts b/src/commands/generate/index.test.ts
@@ -12,7 +12,8 @@ describe('Generator command', () => {
   describe('given valid options', () => {
     describe('given provider is AWS', () => {
       describe('given infrastructure type is blank', () => {
-        const projectDir = 'aws-blank-test';
+        const originalDirectoryName = 'AWS blank test';
+        const processedDirectoryName = 'aws-blank-test';
         const stdoutSpy = jest.spyOn(process.stdout, 'write');
 
         beforeAll(async () => {
@@ -23,18 +24,18 @@ describe('Generator command', () => {
             terraformCloudEnabled: false,
           });
 
-          await Generator.run([projectDir]);
+          await Generator.run([originalDirectoryName]);
         });
 
         afterAll(() => {
           jest.clearAllMocks();
-          remove('/', projectDir);
+          remove('/', processedDirectoryName);
         });
 
         it('creates expected directories', () => {
           const expectedDirectories = ['core/', 'shared/'];
 
-          expect(projectDir).toHaveDirectories(expectedDirectories);
+          expect(processedDirectoryName).toHaveDirectories(expectedDirectories);
         });
 
         it('creates expected files', () => {
@@ -51,7 +52,7 @@ describe('Generator command', () => {
             'shared/outputs.tf',
           ];
 
-          expect(projectDir).toHaveFiles(expectedFiles);
+          expect(processedDirectoryName).toHaveFiles(expectedFiles);
         });
 
         it('displays the success message', () => {
@@ -63,6 +64,17 @@ describe('Generator command', () => {
         it('calls postProcess hook', () => {
           expect(postProcess).toHaveBeenCalledTimes(1);
         });
+
+        it('contains processed project name in main files', () => {
+          const mainFiles = ['shared/main.tf', 'core/main.tf'];
+          mainFiles.forEach((fileName) => {
+            expect(processedDirectoryName).toHaveContentInFile(
+              fileName,
+              `project_name = "${processedDirectoryName}"`,
+              { ignoreSpaces: true }
+            );
+          });
+        });
       });
 
       describe('given infrastructure type is advanced', () => {

diff --git a/src/commands/generate/index.ts b/src/commands/generate/index.ts
@@ -46,9 +46,9 @@ export default class Generator extends Command {
     const { args } = await this.parse(Generator);
 
     const generalPrompt = await prompt<GeneralOptions>([...providerChoices]);
-
+    const projectName = args.projectName.toLowerCase().replace(/\s/g, '-');
     const generalOptions: GeneralOptions = {
-      projectName: args.projectName,
+      projectName: projectName,
       provider: generalPrompt.provider,
     };
 

diff --git a/src/generators/addons/aws/modules/core/iamUserAndGroup.ts b/src/generators/addons/aws/modules/core/iamUserAndGroup.ts
@@ -28,6 +28,8 @@ const iamVariablesContent = dedent`
 const iamGroupsModuleContent = dedent`
   module "iam_groups" {
     source = "../modules/iam_groups"
+
+    project_name = local.project_name
   }`;
 
 const iamUsersModuleContent = dedent`

diff --git a/src/generators/terraform/index.ts b/src/generators/terraform/index.ts
@@ -12,10 +12,10 @@ const applyTerraformCore = async (generalOptions: GeneralOptions) => {
 
   copy('terraform/', '.', projectName);
 
-  // Use projectName to append the Namespace local in the main.tf file
   const coreLocalsContent = dedent`
       locals {
-        env_namespace = "${projectName}-\${var.environment}"
+        project_name  = "${projectName}"
+        env_namespace = "\${local.project_name}-\${var.environment}"
       }`;
 
   appendToFile(INFRA_CORE_MAIN_PATH, coreLocalsContent, projectName);

diff --git a/templates/addons/aws/modules/iam_groups/main.tf b/templates/addons/aws/modules/iam_groups/main.tf
@@ -1,16 +1,16 @@
 #tfsec:ignore:aws-iam-enforce-group-mfa
 resource "aws_iam_group" "admin" {
-  name = "Admin-group"
+  name = "${var.project_name}-admin-group"
 }
 
 #tfsec:ignore:aws-iam-enforce-group-mfa
 resource "aws_iam_group" "infra-service-account" {
-  name = "Infra-service-account-group"
+  name = "${var.project_name}-infra-service-account-group"
 }
 
 #tfsec:ignore:aws-iam-enforce-group-mfa
 resource "aws_iam_group" "developer" {
-  name = "Developer-group"
+  name = "${var.project_name}-developer-group"
 }
 
 resource "aws_iam_group_policy_attachment" "admin_access" {

diff --git a/templates/addons/aws/modules/iam_groups/variables.tf b/templates/addons/aws/modules/iam_groups/variables.tf
@@ -0,0 +1,4 @@
+variable "project_name" {
+  description = "The name of the project"
+  type        = string
+}