From 9be9388a663590540e6933ad50d6f0b76a7fb33f Mon Sep 17 00:00:00 2001
From: Ryan King <rking@chanzuckerberg.com>
Date: Mon, 1 Feb 2021 10:05:30 -0800
Subject: [PATCH] [fix] aws-single-page-static site to work outside us-east-1
 (#280)

Allow this module to work across regions by configuring providers specifically for us-east-1 where needed.

Also fix the tests to work.

### Test Plan
* tests work now
---
 .github/workflows/ci.yml                   |  6 +-
 Makefile                                   |  9 ++-
 aws-s3-public-bucket/module_test.go        |  1 -
 aws-single-page-static-site/main.tf        |  4 ++
 aws-single-page-static-site/module_test.go | 58 ++++++------------
 aws-single-page-static-site/providers.tf   |  6 ++
 aws-single-page-static-site/test/main.tf   | 70 ++++++++++++++++++++++
 7 files changed, 108 insertions(+), 46 deletions(-)
 create mode 100644 aws-single-page-static-site/providers.tf
 create mode 100644 aws-single-page-static-site/test/main.tf

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 35b89735..a88e0089 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ jobs:
             - uses: actions/checkout@v2
             - uses: actions/setup-go@v2
               with:
-                go-version: 1.14.3
+                go-version: 1.15.5
             - run: make check-mod
     lint:
         name: lint
@@ -15,7 +15,7 @@ jobs:
             - uses: actions/checkout@v2
             - uses: hashicorp/setup-terraform@v1
               with:
-                terraform_version: 0.12.24
+                terraform_version: 0.12.30
                 terraform_wrapper: "false"
             - name: setup
               run: make setup
@@ -37,7 +37,7 @@ jobs:
             - if: github.event == 'push' || steps.filter.outputs.module == 'true'
               uses: hashicorp/setup-terraform@v1
               with:
-                terraform_version: 0.12.28
+                terraform_version: 0.12.30
                 terraform_wrapper: "false"
             - if: github.event == 'push' || steps.filter.outputs.module == 'true'
               uses: actions/setup-go@v2
diff --git a/Makefile b/Makefile
index fbb06f85..503e0e4b 100644
--- a/Makefile
+++ b/Makefile
@@ -85,9 +85,12 @@ check-mod:
 .PHONY: check-mod
 
 clean:
-	rm **/*.tfstate*; true
-	rm -rf **/.terraform; true
-	rm -rf **/.test-data; true
+	rm -rf */*.tfstate*; true
+	rm -rf */.terraform; true
+	rm -rf */.test-data; true
+	rm -rf */*/*.tfstate*; true
+	rm -rf */*/.terraform; true
+	rm -rf */*/.test-data; true
 .PHONY: clean
 
 test:
diff --git a/aws-s3-public-bucket/module_test.go b/aws-s3-public-bucket/module_test.go
index c95b282f..4a4c84b8 100644
--- a/aws-s3-public-bucket/module_test.go
+++ b/aws-s3-public-bucket/module_test.go
@@ -124,7 +124,6 @@ func TestPublicBucketDefaults(t *testing.T) {
 				fmt.Println("Testing ", test.action, " with https enabled=", test.secureTransport)
 				r.Equal(test.result, *resp.EvalDecision)
 			}
-
 		},
 	}
 
diff --git a/aws-single-page-static-site/main.tf b/aws-single-page-static-site/main.tf
index c5209963..fd11d4bc 100644
--- a/aws-single-page-static-site/main.tf
+++ b/aws-single-page-static-site/main.tf
@@ -91,6 +91,10 @@ module "security_headers_lambda" {
   owner   = var.owner
   env     = var.env
   service = var.service
+
+  providers = {
+    aws = aws.us-east-1
+  }
 }
 
 resource "aws_cloudfront_distribution" "s3_distribution" {
diff --git a/aws-single-page-static-site/module_test.go b/aws-single-page-static-site/module_test.go
index 324bf88c..df3c90c1 100644
--- a/aws-single-page-static-site/module_test.go
+++ b/aws-single-page-static-site/module_test.go
@@ -1,53 +1,33 @@
 package test
 
 import (
-	"fmt"
 	"testing"
 
 	"github.com/chanzuckerberg/go-misc/tftest"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
-func TestAwsSinglePageStaticSiteInit(t *testing.T) {
-	options := &terraform.Options{
-		TerraformDir: ".",
-	}
-	terraform.Init(t, options)
-}
-
-func TestAwsSinglePageStaticSiteInitAndApply(t *testing.T) {
-	t.Skip("Skipping because destroy is painfully slow (>30m on average) - consider running destroy out of band")
-
+func TestAwsSinglePageStaticSite(t *testing.T) {
 	t.Parallel()
-	project := tftest.UniqueID()
-	env := tftest.UniqueID()
-	service := tftest.UniqueID()
-	owner := tftest.UniqueID()
 
-	subdomain := tftest.UniqueID()
-	awsACMCert := tftest.EnvVar(tftest.EnvWildcardCloudfrontCertARN)
-	route53ZoneID := tftest.EnvVar(tftest.EnvRoute53ZoneID)
-
-	aliases := []string{fmt.Sprintf(
-		"%s.%s",
-		tftest.UniqueID(),
-		tftest.EnvVar(tftest.EnvRoute53ZoneName))}
-
-	options := tftest.Options(
-		tftest.IAMRegion, // us-east-1
-		map[string]interface{}{
-			"project": project,
-			"env":     env,
-			"service": service,
-			"owner":   owner,
-
-			"subdomain":           subdomain,
-			"aws_acm_cert_arn":    awsACMCert,
-			"aws_route53_zone_id": route53ZoneID,
-			"aliases":             aliases,
+	test := tftest.Test{
+		SkipDestroy: true,
+		Setup: func(t *testing.T) *terraform.Options {
+			subdomain := tftest.UniqueID()
+			route53ZoneID := tftest.EnvVar(tftest.EnvRoute53ZoneID)
+
+			options := tftest.Options(
+				tftest.DefaultRegion, // us-east-1
+				map[string]interface{}{
+					"subdomain":           subdomain,
+					"aws_route53_zone_id": route53ZoneID,
+				},
+			)
+			options.TerraformDir = "./test"
+			return options
 		},
-	)
+		Validate: func(t *testing.T, options *terraform.Options) {},
+	}
 
-	defer tftest.Destroy(t, options, 5)
-	tftest.Run(t, options)
+	test.Run(t)
 }
diff --git a/aws-single-page-static-site/providers.tf b/aws-single-page-static-site/providers.tf
new file mode 100644
index 00000000..74a10d54
--- /dev/null
+++ b/aws-single-page-static-site/providers.tf
@@ -0,0 +1,6 @@
+provider aws {}
+
+provider aws {
+  alias  = "us-east-1"
+  region = "us-east-1"
+}
diff --git a/aws-single-page-static-site/test/main.tf b/aws-single-page-static-site/test/main.tf
new file mode 100644
index 00000000..545947e9
--- /dev/null
+++ b/aws-single-page-static-site/test/main.tf
@@ -0,0 +1,70 @@
+variable project {
+  type = string
+}
+variable env {
+  type = string
+}
+variable service {
+  type = string
+}
+variable owner {
+  type = string
+}
+variable subdomain {
+  type = string
+}
+variable aws_route53_zone_id {
+  type = string
+}
+
+data aws_route53_zone zone {
+  zone_id = var.aws_route53_zone_id
+}
+
+locals {
+  domain       = replace(data.aws_route53_zone.zone.name, "/\\.$/", "")
+  website_fqdn = "${var.subdomain}.${local.domain}"
+  aliases = [
+    "www.${local.website_fqdn}",
+  ]
+}
+
+# these will be inherited in the modules
+provider aws {
+}
+
+provider aws {
+  alias  = "us-east-1"
+  region = "us-east-1"
+}
+
+module cert {
+  source = "../../aws-acm-cert"
+
+  cert_domain_name                     = local.website_fqdn
+  aws_route53_zone_id                  = var.aws_route53_zone_id
+  cert_subject_alternative_names       = { for a in local.aliases : a => var.aws_route53_zone_id }
+  cert_subject_alternative_names_count = length(local.aliases)
+
+  project = var.project
+  env     = var.env
+  service = var.service
+  owner   = var.owner
+
+  providers = {
+    aws = aws.us-east-1
+  }
+}
+
+module site {
+  source = "../."
+
+  subdomain           = var.subdomain
+  aws_acm_cert_arn    = module.cert.arn
+  aws_route53_zone_id = var.aws_route53_zone_id
+
+  project = var.project
+  env     = var.env
+  service = var.service
+  owner   = var.owner
+}