Merge pull request #31238 from hashicorp/td-teamcity-assume-role-full…

…-build CI: Enables assuming role for full build
hashicorp · May 11, 2023 · 9cf1445 · 9cf1445
2 parents 62ebec3 + 37edfe2
commit 9cf1445
Show file tree

Hide file tree

Showing 14 changed files with 248 additions and 28 deletions.
diff --git a/.teamcity/components/generated/services_all.kt b/.teamcity/components/generated/services_all.kt
@@ -1,4 +1,4 @@
-// Code generated by internal/generate/teamcity/main.go; DO NOT EDIT.
+// Code generated by internal/generate/teamcity/services.go; DO NOT EDIT.
 
 val services = mapOf(
     "accessanalyzer" to ServiceSpec("IAM Access Analyzer"),
@@ -154,7 +154,7 @@ val services = mapOf(
     "resourcegroups" to ServiceSpec("Resource Groups"),
     "resourcegroupstaggingapi" to ServiceSpec("Resource Groups Tagging"),
     "rolesanywhere" to ServiceSpec("Roles Anywhere"),
-    "route53" to ServiceSpec("Route 53", vpcLock = true, regionOverride = "us-east-1"),
+    "route53" to ServiceSpec("Route 53", vpcLock = true),
     "route53domains" to ServiceSpec("Route 53 Domains"),
     "route53recoverycontrolconfig" to ServiceSpec("Route 53 Recovery Control Config"),
     "route53recoveryreadiness" to ServiceSpec("Route 53 Recovery Readiness"),

diff --git a/.teamcity/scripts/provider_tests/acceptance_tests.sh b/.teamcity/scripts/provider_tests/acceptance_tests.sh
@@ -1,18 +1,57 @@
 #!/usr/bin/env bash
 
+# Code generated by internal/generate/teamcity/provider_tests.go; DO NOT EDIT.
+
 set -euo pipefail
 
-# All of internal except for internal/service. This list should be generated.
+# shellcheck disable=2157 # This isn't a constant string, it's a TeamCity variable substitution
+if [[ -n "%ACCTEST_ROLE_ARN%" ]]; then
+    conf=$(pwd)/aws.conf
+
+    function cleanup {
+        rm "${conf}"
+    }
+    trap cleanup EXIT
+
+    touch "${conf}"
+    chmod 600 "${conf}"
+    cat <<EOF >"${conf}"
+[profile primary]
+role_arn       = %ACCTEST_ROLE_ARN%
+source_profile = primary_user
+
+[profile primary_user]
+aws_access_key_id     = %AWS_ACCESS_KEY_ID%
+aws_secret_access_key = %AWS_SECRET_ACCESS_KEY%
+EOF
+
+    unset AWS_ACCESS_KEY_ID
+    unset AWS_SECRET_ACCESS_KEY
+
+    export AWS_CONFIG_FILE="${conf}"
+    export AWS_PROFILE=primary
+fi
+
 TF_ACC=1 go test \
     ./internal/acctest/... \
+    ./internal/attrmap/... \
     ./internal/conns/... \
     ./internal/create/... \
+    ./internal/enum/... \
+    ./internal/envvar/... \
+    ./internal/errs/... \
     ./internal/experimental/... \
     ./internal/flex/... \
+    ./internal/framework/... \
     ./internal/generate/... \
+    ./internal/maps/... \
     ./internal/provider/... \
+    ./internal/sdktypes/... \
+    ./internal/slices/... \
+    ./internal/sweep/... \
     ./internal/tags/... \
     ./internal/tfresource/... \
+    ./internal/types/... \
     ./internal/vault/... \
     ./internal/verify/... \
     -json -v -count=1 -parallel "%ACCTEST_PARALLELISM%" -timeout=0 -run=TestAcc
diff --git a/.teamcity/scripts/provider_tests/unit_tests.sh b/.teamcity/scripts/provider_tests/unit_tests.sh
@@ -1,18 +1,29 @@
 #!/usr/bin/env bash
 
+# Code generated by internal/generate/teamcity/provider_tests.go; DO NOT EDIT.
+
 set -euo pipefail
 
-# All of internal except for internal/service. This list should be generated.
 go test \
     ./internal/acctest/... \
+    ./internal/attrmap/... \
     ./internal/conns/... \
     ./internal/create/... \
+    ./internal/enum/... \
+    ./internal/envvar/... \
+    ./internal/errs/... \
     ./internal/experimental/... \
     ./internal/flex/... \
+    ./internal/framework/... \
     ./internal/generate/... \
+    ./internal/maps/... \
     ./internal/provider/... \
+    ./internal/sdktypes/... \
+    ./internal/slices/... \
+    ./internal/sweep/... \
     ./internal/tags/... \
     ./internal/tfresource/... \
+    ./internal/types/... \
     ./internal/vault/... \
     ./internal/verify/... \
     -json
diff --git a/.teamcity/scripts/service_tests/acceptance_tests.sh b/.teamcity/scripts/service_tests/acceptance_tests.sh
@@ -22,4 +22,55 @@ fi
 echo "${TEST_LIST}"
 echo
 
+# shellcheck disable=2157 # These aren't constant strings, they're TeamCity variable substitution
+if [[ -n "%ACCTEST_ROLE_ARN%" || -n "%ACCTEST_ALTERNATE_ROLE_ARN%" ]]; then
+	conf=$(pwd)/aws.conf
+
+	function cleanup {
+		rm "${conf}"
+	}
+	trap cleanup EXIT
+
+	touch "${conf}"
+	chmod 600 "${conf}"
+
+	export AWS_CONFIG_FILE="${conf}"
+
+	# shellcheck disable=2157 # This isn't a constant string, it's a TeamCity variable substitution
+	if [[ -n "%ACCTEST_ROLE_ARN%" ]]; then
+		cat <<EOF >>"${conf}"
+[profile primary]
+role_arn       = %ACCTEST_ROLE_ARN%
+source_profile = primary_user
+
+[profile primary_user]
+aws_access_key_id     = %AWS_ACCESS_KEY_ID%
+aws_secret_access_key = %AWS_SECRET_ACCESS_KEY%
+EOF
+
+		unset AWS_ACCESS_KEY_ID
+		unset AWS_SECRET_ACCESS_KEY
+
+		export AWS_PROFILE=primary
+	fi
+
+	# shellcheck disable=2157 # This isn't a constant string, it's a TeamCity variable substitution
+	if [[ -n "%ACCTEST_ALTERNATE_ROLE_ARN%" ]]; then
+		cat <<EOF >>"${conf}"
+[profile alternate]
+role_arn       = %ACCTEST_ALTERNATE_ROLE_ARN%
+source_profile = alternate_user
+
+[profile alternate_user]
+aws_access_key_id     = %AWS_ALTERNATE_ACCESS_KEY_ID%
+aws_secret_access_key = %AWS_ALTERNATE_SECRET_ACCESS_KEY%
+EOF
+
+		unset AWS_ALTERNATE_ACCESS_KEY_ID
+		unset AWS_ALTERNATE_SECRET_ACCESS_KEY
+
+		export AWS_ALTERNATE_PROFILE=alternate
+	fi
+fi
+
 echo "${TEST_LIST}" | TF_ACC=1 teamcity-go-test -test ./test-binary -parallelism "%ACCTEST_PARALLELISM%"
diff --git a/.teamcity/settings.kts b/.teamcity/settings.kts
@@ -104,14 +104,8 @@ project {
         text("ACCTEST_ROLE_ARN", accTestRoleARN, display = ParameterDisplay.HIDDEN)
 
         // Alternate Assume Role credentials
-        if (awsAlternateAccountID != "") {
-            if (awsAccessKeyID != "") {
-                password("AWS_ALTERNATE_ACCESS_KEY_ID", alternateAWSAccessKeyID, display = ParameterDisplay.HIDDEN)
-            }
-            if (awsSecretAccessKey != "") {
-                password("AWS_ALTERNATE_SECRET_ACCESS_KEY", alternateAWSSecretAccessKey, display = ParameterDisplay.HIDDEN)
-            }
-        }
+        password("AWS_ALTERNATE_ACCESS_KEY_ID", alternateAWSAccessKeyID, display = ParameterDisplay.HIDDEN)
+        password("AWS_ALTERNATE_SECRET_ACCESS_KEY", alternateAWSSecretAccessKey, display = ParameterDisplay.HIDDEN)
         text("ACCTEST_ALTERNATE_ROLE_ARN", alternateAccTestRoleARN, display = ParameterDisplay.HIDDEN)
 
         // Define this parameter even when not set to allow individual builds to set the value

diff --git a/internal/generate/teamcity/acceptance_tests.tmpl b/internal/generate/teamcity/acceptance_tests.tmpl
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Code generated by internal/generate/teamcity/provider_tests.go; DO NOT EDIT.
+
+set -euo pipefail
+
+# shellcheck disable=2157 # This isn't a constant string, it's a TeamCity variable substitution
+if [[ -n "%ACCTEST_ROLE_ARN%" ]]; then
+    conf=$(pwd)/aws.conf
+
+    function cleanup {
+        rm "${conf}"
+    }
+    trap cleanup EXIT
+
+    touch "${conf}"
+    chmod 600 "${conf}"
+    cat <<EOF >"${conf}"
+[profile primary]
+role_arn       = %ACCTEST_ROLE_ARN%
+source_profile = primary_user
+
+[profile primary_user]
+aws_access_key_id     = %AWS_ACCESS_KEY_ID%
+aws_secret_access_key = %AWS_SECRET_ACCESS_KEY%
+EOF
+
+    unset AWS_ACCESS_KEY_ID
+    unset AWS_SECRET_ACCESS_KEY
+
+    export AWS_CONFIG_FILE="${conf}"
+    export AWS_PROFILE=primary
+fi
+
+TF_ACC=1 go test \
+{{- range . }}
+    ./internal/{{ . }}/... \
+{{- end }}
+    -json -v -count=1 -parallel "%ACCTEST_PARALLELISM%" -timeout=0 -run=TestAcc
diff --git a/internal/generate/teamcity/acctest_services.hcl b/internal/generate/teamcity/acctest_services.hcl
@@ -153,9 +153,6 @@ service "redshift" {
 
 service "route53" {
   vpc_lock = true
-
-  # Needed for Route 53 DNSSEC tests
-  region = "us-east-1"
 }
 
 service "route53resolver" {

diff --git a/internal/generate/teamcity/generate.go b/internal/generate/teamcity/generate.go
@@ -1,4 +1,5 @@
-//go:generate go run main.go
+//go:generate go run services.go
+//go:generate go run provider_tests.go
 // ONLY generate directives and package declaration! Do not add anything else to this file.
 
 package teamcity
diff --git a/internal/generate/teamcity/provider_tests.go b/internal/generate/teamcity/provider_tests.go
@@ -0,0 +1,87 @@
+//go:build generate
+// +build generate
+
+package main
+
+import (
+	_ "embed"
+	"os"
+	"path/filepath"
+
+	"github.com/hashicorp/terraform-provider-aws/internal/generate/common"
+)
+
+type ServiceDatum struct {
+	ProviderPackage string
+	HumanFriendly   string
+	VpcLock         bool
+	Parallelism     int
+	Region          string
+}
+
+type TemplateData struct {
+	Services []ServiceDatum
+}
+
+func main() {
+	const (
+		acceptanceTestsScriptFile = `.teamcity/scripts/provider_tests/acceptance_tests.sh`
+		unitTestsScriptFile       = `.teamcity/scripts/provider_tests/unit_tests.sh`
+	)
+	g := common.NewGenerator()
+
+	projectRoot, err := filepath.Abs(`../../../`)
+	if err != nil {
+		g.Fatalf(err.Error())
+	}
+
+	internalDir := filepath.Join(projectRoot, "internal")
+
+	dirs, err := os.ReadDir(internalDir)
+	if err != nil {
+		g.Fatalf(err.Error())
+	}
+
+	generator := generator{
+		g:    g,
+		root: projectRoot,
+	}
+
+	for _, dir := range dirs {
+		if dir.IsDir() && dir.Name() != "service" {
+			generator.dirNames = append(generator.dirNames, dir.Name())
+		}
+	}
+
+	generator.generate(acceptanceTestsScriptFile, acceptanceTestsTmpl)
+
+	generator.generate(unitTestsScriptFile, unitTestsTmpl)
+}
+
+type generator struct {
+	g        *common.Generator
+	root     string
+	dirNames []string
+}
+
+func (g generator) generate(filename, template string) {
+	g.g.Infof("Generating %s", filename)
+
+	destFile := filepath.Join(g.root, filename)
+
+	d := g.g.NewUnformattedFileDestination(destFile)
+
+	if err := d.WriteTemplate("teamcity", template, g.dirNames); err != nil {
+		g.g.Fatalf("generating file (%s): %s", filename, err)
+	}
+
+	if err := d.Write(); err != nil {
+		g.g.Fatalf("generating file (%s): %s", filename, err)
+	}
+}
+
+//go:embed acceptance_tests.tmpl
+var acceptanceTestsTmpl string
+
+//go:embed unit_tests.tmpl
+var unitTestsTmpl string
diff --git a/internal/generate/teamcity/main.go → internal/generate/teamcity/services.go b/internal/generate/teamcity/main.go → internal/generate/teamcity/services.go
@@ -111,7 +111,7 @@ func main() {
 	}
 }
 
-//go:embed file.tmpl
+//go:embed services.tmpl
 var tmpl string
 
 type acctestConfig struct {

diff --git a/internal/generate/teamcity/file.tmpl → internal/generate/teamcity/services.tmpl b/internal/generate/teamcity/file.tmpl → internal/generate/teamcity/services.tmpl
@@ -1,4 +1,4 @@
-// Code generated by internal/generate/teamcity/main.go; DO NOT EDIT.
+// Code generated by internal/generate/teamcity/services.go; DO NOT EDIT.
 
 val services = mapOf(
 {{- range .Services }}

diff --git a/internal/generate/teamcity/unit_tests.tmpl b/internal/generate/teamcity/unit_tests.tmpl
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# Code generated by internal/generate/teamcity/provider_tests.go; DO NOT EDIT.
+
+set -euo pipefail
+
+go test \
+{{- range . }}
+    ./internal/{{ . }}/... \
+{{- end }}
+    -json
diff --git a/internal/provider/provider_acc_test.go b/internal/provider/provider_acc_test.go
@@ -890,11 +890,6 @@ resource "aws_s3_bucket" "test" {
   bucket        = %[2]q
   force_destroy = true
 }
-
-resource "aws_s3_bucket_acl" "test" {
-  bucket = aws_s3_bucket.test.id
-  acl    = "private"
-}
 `, endpoint, rName))
 }
 

diff --git a/internal/service/route53/record_test.go b/internal/service/route53/record_test.go
@@ -2221,11 +2221,6 @@ resource "aws_s3_bucket" "website" {
   bucket = %[1]q
 }
 
-resource "aws_s3_bucket_acl" "test" {
-  bucket = aws_s3_bucket.website.id
-  acl    = "public-read"
-}
-
 resource "aws_s3_bucket_website_configuration" "test" {
   bucket = aws_s3_bucket.website.id
   index_document {