Add testing infrastructure for organizations/ folder configurations

[Copilot]

Implements comprehensive validation and testing for Terraform/Terragrunt configurations in the organizations layer. Developers can now validate configurations locally before commit.

Implementation

Test Framework

• 8 Terraform native test cases in main.tftest.hcl validating organization settings, repositories, teams, and input constraints
• Validation module with type checking and constraint rules (naming, emails, permissions)
• Mock providers for github, google, google-beta

Example Configurations

• Organization settings with security-focused defaults
• Project structure with repositories (public/private, branch protection examples)
• Team configurations (admin, developer, viewer, secret teams)
• GCP Secret Manager provider integration

Developer Workflow

• Makefile with make test, make format, make check, make validate
• TESTING.md covering prerequisites, workflows, troubleshooting
• .gitignore for Terraform/Terragrunt artifacts

Usage

# Run all validations
make check

# Or directly
cd organizations/
terraform init
terraform test -verbose

Test validates:

• Security settings compliance (secret scanning, dependabot, advanced security)
• Naming conventions (lowercase, hyphens, no invalid chars)
• Team structure (maintainers present, privacy levels)
• Email formats, repository permissions

Example test case:

run "invalid_organization_name" {
  variables {
    organization_settings = {
      name = "Test_Org_Invalid"  # Fails: uppercase/underscores not allowed
      ...
    }
  }
  expect_failures = [var.organization_settings]
}

All 8 tests passing. Compatible with existing pre-commit hooks.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkpoint-api.hashicorp.com
  • Triggering command: /usr/local/bin/terraform terraform --version (dns block)
  • Triggering command: /usr/local/bin/terraform terraform -version (dns block)
  • Triggering command: /usr/local/bin/terraform terraform init (dns block)
• metadata.google.internal
  • Triggering command: .terraform/providers/registry.terraform.io/hashicorp/google/7.20.0/linux_amd64/terraform-provider-google_v7.20.0_x5 .terraform/providers/registry.terraform.io/hashicorp/google/7.20.0/linux_amd64/terraform-provider-google_v7.20.0_x5 (dns block)
  • Triggering command: .terraform/providers/registry.terraform.io/hashicorp/google-beta/7.20.0/linux_amd64/terraform-provider-google-beta_v7.20.0_x5 .terraform/providers/registry.terraform.io/hashicorp/google-beta/7.20.0/linux_amd64/terraform-provider-google-beta_v7.20.0_x5 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Create testing for the organizations/ folder</issue_title>
<issue_description>The app and its dependencies are now very out of date. We need to create comprehensive tests for the terraform, and format checking for this repo that can be run by the developer before committing.
Invesitgate whether terratest can work here, or since we're using terragrunt, perhaps it has a test framework?</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Create testing for the organizations/ folder #129

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.