Merge pull request #1662 from snyk/acctest-fixes

[CTX-601] chore: fix various AWS acceptance tests

.circleci/config.yml

@@ -13,6 +13,11 @@ orbs:
   go: circleci/[email protected]
   snyk: snyk/[email protected]
   gh: circleci/[email protected]
+parameters:
+  ACC_TESTS:
+    type: string
+    description: manually run acceptance tests
+    default: '0'
 jobs:
   test_acc:
     parameters:
@@ -216,28 +221,43 @@ jobs:
                 project: ${CIRCLE_PROJECT_REPONAME}
                 organization: cloud-cloud
 workflows:
-# Temporarily disabled
-#  nightly:
-#    jobs:
-#      - test_acc:
-#          name: "Acceptance tests: << matrix.pattern >>"
-#          matrix:
-#            parameters:
-#              pattern:
-#                - TestAcc_Aws
-#                - TestAcc_Github_
-#                - TestAcc_Google
-#                - TestAcc_Azure_
-#                - TestAcc_StateReader_
-#          context:
-#            - driftctl-acc
-#    triggers:
-#      - schedule:
-#          cron: "0 3 * * *"
-#          filters:
-#            branches:
-#              only:
-#                - main
+  nightly:
+    jobs:
+      - test_acc:
+          name: "Acceptance tests: << matrix.pattern >>"
+          matrix:
+            parameters:
+              pattern:
+                - TestAcc_Aws
+                - TestAcc_Github_
+                - TestAcc_Google
+                - TestAcc_Azure_
+                - TestAcc_StateReader_
+          context:
+            - driftctl-acc
+    triggers:
+      - schedule:
+          cron: "0 3 * * *"
+          filters:
+            branches:
+              only:
+                - main
+  manual-acc-tests:
+    when:
+      equal: ['1', << pipeline.parameters.ACC_TESTS >>]
+    jobs:
+      - test_acc:
+          name: "Acceptance tests: << matrix.pattern >>"
+          matrix:
+            parameters:
+              pattern:
+                - TestAcc_Aws
+                - TestAcc_Github_
+                - TestAcc_Google
+                - TestAcc_Azure_
+                - TestAcc_StateReader_
+          context:
+            - driftctl-acc
   pullrequest:
     jobs:
       - lint:

pkg/resource/aws/aws_api_gateway_authorizer_test.go

@@ -9,7 +9,7 @@ import (
 
 func TestAcc_Aws_ApiGatewayAuthorizer(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
-		TerraformVersion: "0.15.5",
+		TerraformVersion: "1.4.6",
 		Paths:            []string{"./testdata/acc/aws_api_gateway_authorizer"},
 		Args:             []string{"scan"},
 		Checks: []acceptance.AccCheck{

pkg/resource/aws/aws_lambda_event_source_mapping_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestAcc_Aws_LambdaEventSourceMapping(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
-		TerraformVersion: "0.15.5",
+		TerraformVersion: "1.4.6",
 		Paths:            []string{"./testdata/acc/aws_lambda_event_source_mapping"},
 		Args:             []string{"scan", "--deep"},
 		Checks: []acceptance.AccCheck{

pkg/resource/aws/aws_s3_bucket_test.go

@@ -9,7 +9,7 @@ import (
 
 func TestAcc_Aws_S3Bucket_BucketInUsEast1(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
-		TerraformVersion: "0.15.5",
+		TerraformVersion: "1.4.6",
 		Paths:            []string{"./testdata/acc/aws_s3_bucket"},
 		Args:             []string{"scan", "--deep"},
 		Checks: []acceptance.AccCheck{
@@ -21,7 +21,7 @@ func TestAcc_Aws_S3Bucket_BucketInUsEast1(t *testing.T) {
 					if err != nil {
 						t.Fatal(err)
 					}
-					result.AssertManagedCount(5)
+					result.AssertManagedCount(1)
 					result.AssertDriftCountTotal(0)
 				},
 			},

pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/terraform.tf

@@ -4,34 +4,34 @@ provider "aws" {
 
 terraform {
   required_providers {
-    aws = "3.19.0"
+    aws = "~> 5.0.0"
   }
 }
 
 resource "aws_api_gateway_rest_api" "foo" {
-    name        = "foo"
-    description = "This is foo API"
+  name        = "foo"
+  description = "This is foo API"
 }
 
 resource "aws_api_gateway_authorizer" "foo" {
-    name                   = "foo"
-    rest_api_id            = aws_api_gateway_rest_api.foo.id
-    authorizer_uri         = aws_lambda_function.authorizer.invoke_arn
-    authorizer_credentials = aws_iam_role.invocation_role.arn
+  name                   = "foo"
+  rest_api_id            = aws_api_gateway_rest_api.foo.id
+  authorizer_uri         = aws_lambda_function.authorizer.invoke_arn
+  authorizer_credentials = aws_iam_role.invocation_role.arn
 }
 
 resource "aws_api_gateway_authorizer" "bar" {
-    name                   = "bar"
-    rest_api_id            = aws_api_gateway_rest_api.foo.id
-    authorizer_uri         = aws_lambda_function.authorizer.invoke_arn
-    authorizer_credentials = aws_iam_role.invocation_role.arn
+  name                   = "bar"
+  rest_api_id            = aws_api_gateway_rest_api.foo.id
+  authorizer_uri         = aws_lambda_function.authorizer.invoke_arn
+  authorizer_credentials = aws_iam_role.invocation_role.arn
 }
 
 resource "aws_iam_role" "invocation_role" {
-    name = "api_gateway_auth_invocation"
-    path = "/"
+  name = "api_gateway_auth_invocation"
+  path = "/"
 
-    assume_role_policy = <<EOF
+  assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -49,10 +49,10 @@ EOF
 }
 
 resource "aws_iam_role_policy" "invocation_policy" {
-    name = "default"
-    role = aws_iam_role.invocation_role.id
+  name = "default"
+  role = aws_iam_role.invocation_role.id
 
-    policy = <<EOF
+  policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -67,9 +67,9 @@ EOF
 }
 
 resource "aws_iam_role" "lambda" {
-    name = "demo-lambda"
+  name = "demo-lambda"
 
-    assume_role_policy = <<EOF
+  assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -87,9 +87,9 @@ EOF
 }
 
 resource "aws_lambda_function" "authorizer" {
-    filename      = "lambda.zip"
-    function_name = "api_gateway_authorizer"
-    role          = aws_iam_role.lambda.arn
-    handler       = "lambda.handler"
-    runtime       = "nodejs12.x"
+  filename      = "lambda.zip"
+  function_name = "api_gateway_authorizer"
+  role          = aws_iam_role.lambda.arn
+  handler       = "lambda.handler"
+  runtime       = "nodejs18.x"
 }

pkg/resource/aws/testdata/acc/aws_apigatewayv2_authorizer/terraform.tf

@@ -4,7 +4,7 @@ provider "aws" {
 
 terraform {
   required_providers {
-    aws = "3.19.0"
+    aws = "~> 5.0.0"
   }
 }
 
@@ -15,18 +15,18 @@ resource "aws_apigatewayv2_api" "example" {
 }
 
 resource "aws_apigatewayv2_authorizer" "foo" {
-    api_id           = aws_apigatewayv2_api.example.id
-    authorizer_type  = "REQUEST"
-    authorizer_uri   = aws_lambda_function.authorizer.invoke_arn
-    identity_sources = ["route.request.header.Auth"]
-    name             = "foo"
+  api_id           = aws_apigatewayv2_api.example.id
+  authorizer_type  = "REQUEST"
+  authorizer_uri   = aws_lambda_function.authorizer.invoke_arn
+  identity_sources = ["route.request.header.Auth"]
+  name             = "foo"
 }
 
 resource "aws_iam_role" "invocation_role" {
-    name = "apigatewayv2_auth_invocation"
-    path = "/"
+  name = "apigatewayv2_auth_invocation"
+  path = "/"
 
-    assume_role_policy = <<EOF
+  assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -44,10 +44,10 @@ EOF
 }
 
 resource "aws_iam_role_policy" "invocation_policy" {
-    name = "apigatewayv2_authorizer_policy"
-    role = aws_iam_role.invocation_role.id
+  name = "apigatewayv2_authorizer_policy"
+  role = aws_iam_role.invocation_role.id
 
-    policy = <<EOF
+  policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -62,9 +62,9 @@ EOF
 }
 
 resource "aws_iam_role" "lambda" {
-    name = "apigatewayv2_authorizer_lambda_role"
+  name = "apigatewayv2_authorizer_lambda_role"
 
-    assume_role_policy = <<EOF
+  assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
   "Statement": [
@@ -82,9 +82,9 @@ EOF
 }
 
 resource "aws_lambda_function" "authorizer" {
-    filename      = "lambda.zip"
-    function_name = "apigatewayv2_authorizer"
-    role          = aws_iam_role.lambda.arn
-    handler       = "lambda.handler"
-    runtime       = "nodejs12.x"
+  filename      = "lambda.zip"
+  function_name = "apigatewayv2_authorizer"
+  role          = aws_iam_role.lambda.arn
+  handler       = "lambda.handler"
+  runtime       = "nodejs18.x"
 }

pkg/resource/aws/testdata/acc/aws_lambda_event_source_mapping/main.tf

@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 locals {
-    timestamp = formatdate("YYYYMMDDhhmmss", timestamp())
+  timestamp = formatdate("YYYYMMDDhhmmss", timestamp())
 }
 
 resource "aws_sqs_queue" "queue1" {
@@ -23,10 +23,10 @@ resource "aws_sqs_queue" "queue2" {
 }
 
 resource "aws_dynamodb_table" "dynamo-event-source-mapping-test" {
-  name = "event-source-mapping-test-${local.timestamp}"
-  hash_key = "TestTableHashKey"
-  billing_mode = "PAY_PER_REQUEST"
-  stream_enabled = true
+  name             = "event-source-mapping-test-${local.timestamp}"
+  hash_key         = "TestTableHashKey"
+  billing_mode     = "PAY_PER_REQUEST"
+  stream_enabled   = true
   stream_view_type = "NEW_AND_OLD_IMAGES"
 
   attribute {
@@ -88,11 +88,11 @@ resource "aws_iam_policy_attachment" "policy_attachment" {
 }
 
 resource "aws_lambda_function" "test_lambda" {
-  filename         = "function.zip"
-  function_name    = "event-source-mapping-test-lambda-${local.timestamp}"
-  role             = aws_iam_role.iam_for_lambda.arn
-  handler          = "exports.test"
-  runtime       = "nodejs12.x"
+  filename      = "function.zip"
+  function_name = "event-source-mapping-test-lambda-${local.timestamp}"
+  role          = aws_iam_role.iam_for_lambda.arn
+  handler       = "exports.test"
+  runtime       = "nodejs14.x"
 
   environment {
     variables = {