Add tests for security module

[rudransh-shrivastava]

Resolves #3545

add tests for security module

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed
• I used AI for code, documentation, tests, or communication related to this PR

[coderabbitai]

Summary by CodeRabbit

• Tests

  • Added a comprehensive test suite validating security group names, ports, protocols, and ingress/egress rules across ALB, ECS, frontend, Lambda, RDS, Redis, proxy and VPC endpoint scenarios.

• Chores

  • Updated Terraform provider lock to ensure consistent provider versioning.
  • Reorganized module declarations for improved maintainability.
  • Added validations for DB and Redis ports and for default egress CIDR entries.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds a provider lockfile, reorders existing security group resource blocks in the security module (no logic changes), adds variable validations, and introduces a new comprehensive TFT test suite for security group names, ports, rules, and conditional scenarios.

Changes

Cohort / File(s)	Summary
Terraform Provider Lock infrastructure/modules/security/.terraform.lock.hcl	Adds auto-generated Terraform provider lock entry for registry.terraform.io/hashicorp/aws (v6.22.0) with provider constraint and hashes.
Security Group Resource Reordering infrastructure/modules/security/main.tf	Reorders security group resource blocks (ecs, frontend, lambda, rds, rds_proxy, redis) without changing their configurations or signatures.
Variable Validations infrastructure/modules/security/variables.tf	Adds validation blocks: db_port and redis_port constrained to 1–65535; default_egress_cidr_blocks validated for valid CIDR entries.
Test Suite (new) infrastructure/modules/security/tests/security.tftest.hcl	Adds comprehensive plan-based TFT tests validating SG naming, ports, protocols, ingress/egress rules, conditional RDS Proxy and VPC endpoint behaviors, with per-test variables and failure messages.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Improve networking Module #2770: Modifies the same security module lockfile; changes to .terraform.lock.hcl may conflict.
• Migrate OWASP Nest to Zappa for serverless deployment #2431: Touches the same security module files (.terraform.lock.hcl, main.tf, variables.tf) and is likely directly related.

Suggested labels

backend, backend-tests

Suggested reviewers

• kasya
• arkid15r

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	The PR contains a reordering of security group resources in main.tf and addition of .terraform.lock.hcl, which are tangential to the primary objective of adding tests but support infrastructure maintenance.	Clarify whether the reordering of security groups in main.tf and the .terraform.lock.hcl file are necessary for the test implementation or represent separate concerns that should be in a different PR.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'Add tests for security module' directly matches the main objective of adding tests for the security module, which is the primary change in this changeset.
Description check	✅ Passed	The PR description references issue #3545 ('add tests for security module') and relates to the changeset which adds test files and validations to the security module.
Linked Issues check	✅ Passed	The PR adds comprehensive test coverage for the security module via security.tftest.hcl and validation blocks in variables.tf, directly fulfilling issue #3545's requirement to add tests for the security module.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@infrastructure/modules/security/.terraform.lock.hcl`:
- Around line 4-24: The AWS provider entry in the lockfile is pinned to 6.22.0;
change the provider block for "registry.terraform.io/hashicorp/aws" to version
and constraints "6.22.1" and then regenerate the lockfile so the hashes match
(e.g., run terraform init / terraform providers lock or terraform init -upgrade)
to produce the correct 6.22.1 hashes; locate the provider block by the literal
provider string "registry.terraform.io/hashicorp/aws" to make the edit and
regeneration.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud