Skip to content

Commit

Permalink
Simplify OIDC extraTest (#4909)
Browse files Browse the repository at this point in the history 
Today `TestAccCloudWatch` and `TestAccCloudWatchOidcManual` are each
executed twice. Once as part of the `test (nodejs, local)` (examples)
job, and again as part of the `test_oidc` job defined in `extraTests`.

The `test_oidc` job executes `TestAccCloudWatchOidcManual` without any
ambient AWS credentials, and then `TestAccCloudWatch` after assuming
`OIDC_ROLE_ARN`.

This PR removes the extra `test_oidc` job by incorporating these tests
into the usual examples job.
* `TestAccCloudWatch` and `TestAccCloudWatchOIDCAmbient` preserve the
existing behavior of running these using the ambient credentials from
the examples job.
* `TestAccCloudWatchOIDCManual` and `TestAccCloudWatchOIDC` preserving
the `test_oidc` behavior by running without ambient credentials and
after assuming `OIDC_ROLE_ARN`, respectively.
  • Loading branch information
@blampe
blampe authored Dec 12, 2024
2 parents 88369b2 + 2c34100 commit e1ae150
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 317 deletions.
63 changes: 0 additions & 63 deletions .ci-mgmt.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,69 +127,6 @@ extraTests:
cd upstream
make provider-lint
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
swap-storage: false
dotnet: ${{ matrix.language != 'dotnet' }}
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: 'PROVIDER_VERSION'
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
unset-current-credentials: true
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs

provider_test:
name: provider_test
needs: build_sdk
Expand Down
63 changes: 0 additions & 63 deletions .github/workflows/master.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,6 @@ jobs:
- license_check
- go_test_shim
- provider_test
- test_oidc
- upstream_lint
uses: ./.github/workflows/publish.yml
secrets: inherit
Expand Down Expand Up @@ -307,68 +306,6 @@ jobs:
- dotnet
- go
- java
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
dotnet: ${{ matrix.language != 'dotnet' }}
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
Expand Down
63 changes: 0 additions & 63 deletions .github/workflows/prerelease.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@ jobs:
- license_check
- go_test_shim
- provider_test
- test_oidc
- upstream_lint
uses: ./.github/workflows/publish.yml
secrets: inherit
Expand Down Expand Up @@ -247,68 +246,6 @@ jobs:
- dotnet
- go
- java
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
dotnet: ${{ matrix.language != 'dotnet' }}
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
Expand Down
63 changes: 0 additions & 63 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ jobs:
- license_check
- go_test_shim
- provider_test
- test_oidc
- upstream_lint
uses: ./.github/workflows/publish.yml
secrets: inherit
Expand Down Expand Up @@ -253,68 +252,6 @@ jobs:
- dotnet
- go
- java
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
dotnet: ${{ matrix.language != 'dotnet' }}
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
Expand Down
63 changes: 0 additions & 63 deletions .github/workflows/run-acceptance-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,6 @@ jobs:
- license_check
- go_test_shim
- provider_test
- test_oidc
- upstream_lint
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -308,68 +307,6 @@ jobs:
- dotnet
- go
- java
test_oidc:
name: test_oidc
needs: build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
dotnet: ${{ matrix.language != 'dotnet' }}
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- uses: pulumi/provider-version-action@v1
with:
set-env: PROVIDER_VERSION
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumi, go, node
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.4.0
- name: Run selected tests with manual web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatchOidcManual -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
- name: Configure AWS Credentials for OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 3600
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.OIDC_ROLE_ARN }}
unset-current-credentials: true
- name: Run selected tests with configure-aws-credentials web identity/OIDC auth
run: cd examples && go test -v -json -count=1 -run TestAccCloudWatch -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
strategy:
fail-fast: false
matrix:
language:
- nodejs
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
Expand Down
Loading

0 comments on commit e1ae150

Please sign in to comment.